feat: Support Password Access for ElasticSearch (#1072)
Browse files### What problem does this PR solve?
Using password authentication to access ElasticSearch is essential,
especially in a production environment.
This PR will enable password access support.
### Type of change
- [x] New Feature (non-breaking change which adds functionality)
- conf/service_conf.yaml +2 -0
- docker/.env +3 -2
- docker/docker-compose-base.yml +4 -4
- docker/service_conf.yaml +2 -0
- rag/utils/es_conn.py +2 -0
conf/service_conf.yaml
CHANGED
|
@@ -15,6 +15,8 @@ minio:
|
|
| 15 |
host: 'minio:9000'
|
| 16 |
es:
|
| 17 |
hosts: 'http://es01:9200'
|
|
|
|
|
|
|
| 18 |
redis:
|
| 19 |
db: 1
|
| 20 |
password: 'infini_rag_flow'
|
|
|
|
| 15 |
host: 'minio:9000'
|
| 16 |
es:
|
| 17 |
hosts: 'http://es01:9200'
|
| 18 |
+
username: 'elastic'
|
| 19 |
+
password: 'infini_rag_flow'
|
| 20 |
redis:
|
| 21 |
db: 1
|
| 22 |
password: 'infini_rag_flow'
|
docker/.env
CHANGED
|
@@ -1,12 +1,13 @@
|
|
| 1 |
# Version of Elastic products
|
| 2 |
STACK_VERSION=8.11.3
|
| 3 |
|
| 4 |
-
# Set the cluster name
|
| 5 |
-
CLUSTER_NAME=rag_flow
|
| 6 |
|
| 7 |
# Port to expose Elasticsearch HTTP API to the host
|
| 8 |
ES_PORT=1200
|
| 9 |
|
|
|
|
|
|
|
|
|
|
| 10 |
# Port to expose Kibana to the host
|
| 11 |
KIBANA_PORT=6601
|
| 12 |
|
|
|
|
| 1 |
# Version of Elastic products
|
| 2 |
STACK_VERSION=8.11.3
|
| 3 |
|
|
|
|
|
|
|
| 4 |
|
| 5 |
# Port to expose Elasticsearch HTTP API to the host
|
| 6 |
ES_PORT=1200
|
| 7 |
|
| 8 |
+
# Set the Elasticsearch password
|
| 9 |
+
ELASTIC_PASSWORD=infini_rag_flow
|
| 10 |
+
|
| 11 |
# Port to expose Kibana to the host
|
| 12 |
KIBANA_PORT=6601
|
| 13 |
|
docker/docker-compose-base.yml
CHANGED
|
@@ -8,12 +8,12 @@ services:
|
|
| 8 |
- ${ES_PORT}:9200
|
| 9 |
environment:
|
| 10 |
- node.name=es01
|
| 11 |
-
- cluster.name=${CLUSTER_NAME}
|
| 12 |
-
- cluster.initial_master_nodes=es01
|
| 13 |
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
|
| 14 |
- bootstrap.memory_lock=false
|
| 15 |
-
-
|
| 16 |
-
-
|
|
|
|
|
|
|
| 17 |
- TZ=${TIMEZONE}
|
| 18 |
mem_limit: ${MEM_LIMIT}
|
| 19 |
ulimits:
|
|
|
|
| 8 |
- ${ES_PORT}:9200
|
| 9 |
environment:
|
| 10 |
- node.name=es01
|
|
|
|
|
|
|
| 11 |
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
|
| 12 |
- bootstrap.memory_lock=false
|
| 13 |
+
- discovery.type=single-node
|
| 14 |
+
- xpack.security.enabled=true
|
| 15 |
+
- xpack.security.http.ssl.enabled=false
|
| 16 |
+
- xpack.security.transport.ssl.enabled=false
|
| 17 |
- TZ=${TIMEZONE}
|
| 18 |
mem_limit: ${MEM_LIMIT}
|
| 19 |
ulimits:
|
docker/service_conf.yaml
CHANGED
|
@@ -15,6 +15,8 @@ minio:
|
|
| 15 |
host: 'minio:9000'
|
| 16 |
es:
|
| 17 |
hosts: 'http://es01:9200'
|
|
|
|
|
|
|
| 18 |
redis:
|
| 19 |
db: 1
|
| 20 |
password: 'infini_rag_flow'
|
|
|
|
| 15 |
host: 'minio:9000'
|
| 16 |
es:
|
| 17 |
hosts: 'http://es01:9200'
|
| 18 |
+
username: 'elastic'
|
| 19 |
+
password: 'infini_rag_flow'
|
| 20 |
redis:
|
| 21 |
db: 1
|
| 22 |
password: 'infini_rag_flow'
|
rag/utils/es_conn.py
CHANGED
|
@@ -28,6 +28,8 @@ class ESConnection:
|
|
| 28 |
try:
|
| 29 |
self.es = Elasticsearch(
|
| 30 |
settings.ES["hosts"].split(","),
|
|
|
|
|
|
|
| 31 |
timeout=600
|
| 32 |
)
|
| 33 |
if self.es:
|
|
|
|
| 28 |
try:
|
| 29 |
self.es = Elasticsearch(
|
| 30 |
settings.ES["hosts"].split(","),
|
| 31 |
+
basic_auth=(settings.ES["username"], settings.ES["password"]) if "username" in settings.ES and "password" in settings.ES else None,
|
| 32 |
+
verify_certs=False,
|
| 33 |
timeout=600
|
| 34 |
)
|
| 35 |
if self.es:
|