Loading .gitlab-ci.yml +71 −12 Original line number Diff line number Diff line image: docker:stable stages: - package - test-package - deploy docker-build-dev: docker-build-commit-non-master-branches: stage: package image: docker:stable variables: DOCKER_DRIVER: overlay2 PARENT_IMAGE_NAME: registry.gitlab.com/redmic-project/docker/elasticsearch-xpack PARENT_IMAGE_TAG: latest services: - docker:dind only: Loading @@ -17,23 +18,44 @@ docker-build-dev: - master script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest . - > docker build --build-arg PARENT_IMAGE_NAME=${PARENT_IMAGE_NAME} --build-arg PARENT_IMAGE_TAG=${PARENT_IMAGE_TAG} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest . - docker push ${CI_REGISTRY_IMAGE} docker-build-pro: docker-build-commit-master-branch: stage: package image: docker:stable variables: DOCKER_DRIVER: overlay2 PARENT_IMAGE_NAME: registry.gitlab.com/redmic-project/docker/elasticsearch-xpack PARENT_IMAGE_TAG: latest services: - docker:dind only: - master script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest . - > docker build --build-arg PARENT_IMAGE_NAME=${PARENT_IMAGE_NAME} --build-arg PARENT_IMAGE_TAG=${PARENT_IMAGE_TAG} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest . - docker push ${CI_REGISTRY_IMAGE} docker-tag-already-built-image: stage: package image: docker:stable variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - tags script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker tag ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} - docker push ${CI_REGISTRY_IMAGE} container_scanning: container-scanning: stage: test-package image: docker:stable variables: Loading @@ -43,8 +65,6 @@ container_scanning: - docker:stable-dind only: - branches except: - master script: - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 Loading @@ -55,7 +75,9 @@ container_scanning: - mv clair-scanner_linux_amd64 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true - > ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true artifacts: paths: [gl-sast-container-report.json] Loading @@ -69,21 +91,54 @@ deploy-dev: IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.dev.yml OLD_ELASTIC_ADMIN_PASS: ${DEV_OLD_ELASTIC_ADMIN_PASS} ELASTIC_ADMIN_PASS: ${DEV_ELASTIC_ADMIN_PASS} ELASTIC_USER: ${DEV_ELASTIC_USER} ELASTIC_USER_PASS: ${DEV_ELASTIC_USER_PASS} ELASTIC_USER_ROLE: ${DEV_ELASTIC_USER_ROLE} services: - docker:dind script: - create-nets.sh elastic-net - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} OLD_ELASTIC_ADMIN_PASS=${OLD_ELASTIC_ADMIN_PASS} ELASTIC_ADMIN_PASS=${ELASTIC_ADMIN_PASS} ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} ELASTIC_USER_ROLE=${ELASTIC_USER_ROLE} environment: name: dev only: - dev when: manual deploy-supporting-branch: stage: deploy image: registry.gitlab.com/redmic-project/docker/docker-deploy variables: DOCKER_DRIVER: overlay2 SSH_REMOTE: ${DEV_SSH_REMOTE} SERVICE: ${CI_PROJECT_NAME} IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.dev.yml OLD_ELASTIC_ADMIN_PASS: ${DEV_OLD_ELASTIC_ADMIN_PASS} ELASTIC_ADMIN_PASS: ${DEV_ELASTIC_ADMIN_PASS} ELASTIC_USER: ${DEV_ELASTIC_USER} ELASTIC_USER_PASS: ${DEV_ELASTIC_USER_PASS} ELASTIC_USER_ROLE: ${DEV_ELASTIC_USER_ROLE} services: - docker:dind script: - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} OLD_ELASTIC_ADMIN_PASS=${OLD_ELASTIC_ADMIN_PASS} ELASTIC_ADMIN_PASS=${ELASTIC_ADMIN_PASS} ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} ELASTIC_USER_ROLE=${ELASTIC_USER_ROLE} environment: name: dev only: - branches except: - master - dev when: manual deploy-pro: Loading @@ -96,15 +151,19 @@ deploy-pro: IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.prod.yml OLD_ELASTIC_ADMIN_PASS: ${PRO_OLD_ELASTIC_ADMIN_PASS} ELASTIC_ADMIN_PASS: ${PRO_ELASTIC_ADMIN_PASS} ELASTIC_USER: ${PRO_ELASTIC_USER} ELASTIC_USER_PASS: ${PRO_ELASTIC_USER_PASS} ELASTIC_USER_ROLE: ${PRO_ELASTIC_USER_ROLE} services: - docker:dind script: - create-nets.sh elastic-net - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} OLD_ELASTIC_ADMIN_PASS=${OLD_ELASTIC_ADMIN_PASS} ELASTIC_ADMIN_PASS=${ELASTIC_ADMIN_PASS} ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} ELASTIC_USER_ROLE=${ELASTIC_USER_ROLE} environment: name: pro only: Loading Dockerfile +8 −4 Original line number Diff line number Diff line FROM registry.gitlab.com/redmic-project/docker/elasticsearch-xpack:latest ARG PARENT_IMAGE_NAME ARG PARENT_IMAGE_TAG FROM ${PARENT_IMAGE_NAME}:${PARENT_IMAGE_TAG} ENV ES_CLUSTER_NAME="clustername" \ ES_NODE_NAME="nodename" \ Loading @@ -11,8 +14,9 @@ ENV ES_CLUSTER_NAME="clustername" \ ES_NETWORK_BIND_HOST="0.0.0.0" \ ES_NETWORK_PUBLISH_HOST="_eth0_" \ ES_DISCOVERY_ZEN_MINIMUM_MASTER_NODES=2 \ ES_PATH="/usr/share/elasticsearch" \ ES_DATA_PATH="/usr/share/elasticsearch/data" ES_PATH="/usr/share/elasticsearch" ENV ES_DATA_PATH="${ES_PATH}/data" RUN apt-get update && \ apt-get install -y --no-install-recommends \ Loading @@ -20,7 +24,7 @@ RUN apt-get update && \ dnsutils && \ ulimit -n 65536 COPY config/ /usr/share/elasticsearch/config/ COPY config/ ${ES_PATH}/config/ COPY scripts/ / VOLUME ["${ES_DATA_PATH}"] Loading docker-compose.tmpl.yml +6 −1 Original line number Diff line number Diff line Loading @@ -9,6 +9,11 @@ services: - ES_BOOTSTRAP_MEMORY_LOCK=true - ES_JAVA_OPTS=-Xms2g -Xmx2g -Djava.security.policy=file:///usr/share/elasticsearch/config/grovy-classes_whitelist.policy - ES_PLUGINS - OLD_ELASTIC_ADMIN_PASS - ELASTIC_ADMIN_PASS - ELASTIC_USER - ELASTIC_USER_PASS - ELASTIC_USER_ROLE ulimits: memlock: soft: -1 Loading @@ -18,7 +23,7 @@ services: interval: 30s timeout: 10s retries: 3 start_period: 2m start_period: 5m networks: elastic-net: Loading scripts/docker-entrypoint.sh +9 −7 Original line number Diff line number Diff line #!/bin/bash FILENAME="elasticsearch" TEMPLATE_FILENAME="elasticsearch" OTHER_NODES="" chown -R elasticsearch:elasticsearch ${ES_DATA_PATH} Loading Loading @@ -39,7 +39,7 @@ if [ -n "${SWARM_MODE}" ]; then fi fi envsubst < /${FILENAME}.template > ${ES_PATH}/config/${FILENAME}.yml envsubst < /${TEMPLATE_FILENAME}.template > ${ES_PATH}/config/${TEMPLATE_FILENAME}.yml # Search nodes if [ -n "${OTHER_NODES}" ];then Loading @@ -47,7 +47,7 @@ if [ -n "${OTHER_NODES}" ];then export ES_DISCOVERY_ZEN_PING_UNICAST_HOSTS=${OTHER_NODES%,} ES_DISCOVERY_ZEN_PING_UNICAST_HOSTS=",${ES_DISCOVERY_ZEN_PING_UNICAST_HOSTS}" echo "discovery.zen.ping.unicast.hosts: ${ES_DISCOVERY_ZEN_PING_UNICAST_HOSTS}" \ | sed -e 's/,/\n - /g' >> ${ES_PATH}/config/${FILENAME}.yml | sed -e 's/,/\n - /g' >> ${ES_PATH}/config/${TEMPLATE_FILENAME}.yml else echo "There is no another nodes in cluster. I am alone!" fi Loading @@ -68,8 +68,8 @@ function check_credentials_s3() { exit 1 fi echo "cloud.aws.s3.access_key: ${AWS_ACCESS_KEY_ID}" >> ${ES_PATH}/config/${FILENAME}.yml echo "cloud.aws.s3.secret_key: ${AWS_SECRET_ACCESS_KEY}" >> ${ES_PATH}/config/${FILENAME}.yml echo "cloud.aws.s3.access_key: ${AWS_ACCESS_KEY_ID}" >> ${ES_PATH}/config/${TEMPLATE_FILENAME}.yml echo "cloud.aws.s3.secret_key: ${AWS_SECRET_ACCESS_KEY}" >> ${ES_PATH}/config/${TEMPLATE_FILENAME}.yml } Loading @@ -91,6 +91,8 @@ for PLUGIN in "${PLUGINS[@]}"; do fi done cat ${ES_PATH}/config/${FILENAME}.yml cat ${ES_PATH}/config/${TEMPLATE_FILENAME}.yml ./manage-users.sh & disown gosu elasticsearch "$@" scripts/manage-users.sh 0 → 100755 +78 −0 Original line number Diff line number Diff line #!/bin/sh ELASTIC_ADMIN=elastic retryManageUsers=true while [ ${retryManageUsers} ] do responseStatus=$(curl --write-out %{http_code} --silent --output /dev/null \ -u "${ELASTIC_ADMIN}:${ELASTIC_ADMIN_PASS}" \ localhost:9200/_cluster/health) echo "Trying to manage users, got ${responseStatus} response" if [ "${responseStatus}" -eq "401" ] || [ "${responseStatus}" -eq "200" ] then retryManageUsers=false else sleep 1 continue fi echo "Trying to update admin password" if [ "${responseStatus}" -eq "401" ] then curl -XPUT -u "${ELASTIC_ADMIN}:${OLD_ELASTIC_ADMIN_PASS}" \ "localhost:9200/_xpack/security/user/${ELASTIC_ADMIN}/_password" \ -H "Content-Type: application/json" -d "{ \"password\": \"${ELASTIC_ADMIN_PASS}\" }" if [ "${?}" -eq "0" ] then echo "Admin password updated" fi else echo "Admin password already updated" fi echo "Trying to create default role and user" responseStatus=$(curl --write-out %{http_code} --silent --output /dev/null \ -u "${ELASTIC_ADMIN}:${ELASTIC_ADMIN_PASS}" \ "localhost:9200/_xpack/security/role/${ELASTIC_USER_ROLE}") if [ "${responseStatus}" -eq "404" ] then curl -XPOST -u "${ELASTIC_ADMIN}:${ELASTIC_ADMIN_PASS}" \ "localhost:9200/_xpack/security/role/${ELASTIC_USER_ROLE}" \ -H "Content-Type: application/json" -d '{ "run_as": [], "cluster": [ "monitor" ], "indices": [{ "names": [ "*" ], "privileges": [ "all" ] }] }' if [ "${?}" -eq "0" ] then echo "Role created" fi curl -XPOST -u "${ELASTIC_ADMIN}:${ELASTIC_ADMIN_PASS}" \ "localhost:9200/_xpack/security/user/${ELASTIC_USER}" \ -H "Content-Type: application/json" -d "{ \"password\": \"${ELASTIC_USER_PASS}\", \"roles\": [ \"${ELASTIC_USER_ROLE}\" ] }" if [ "${?}" -eq "0" ] then echo "User created" fi else echo "Default role already created, default user should has been created too" fi done Loading
.gitlab-ci.yml +71 −12 Original line number Diff line number Diff line image: docker:stable stages: - package - test-package - deploy docker-build-dev: docker-build-commit-non-master-branches: stage: package image: docker:stable variables: DOCKER_DRIVER: overlay2 PARENT_IMAGE_NAME: registry.gitlab.com/redmic-project/docker/elasticsearch-xpack PARENT_IMAGE_TAG: latest services: - docker:dind only: Loading @@ -17,23 +18,44 @@ docker-build-dev: - master script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest . - > docker build --build-arg PARENT_IMAGE_NAME=${PARENT_IMAGE_NAME} --build-arg PARENT_IMAGE_TAG=${PARENT_IMAGE_TAG} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest . - docker push ${CI_REGISTRY_IMAGE} docker-build-pro: docker-build-commit-master-branch: stage: package image: docker:stable variables: DOCKER_DRIVER: overlay2 PARENT_IMAGE_NAME: registry.gitlab.com/redmic-project/docker/elasticsearch-xpack PARENT_IMAGE_TAG: latest services: - docker:dind only: - master script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest . - > docker build --build-arg PARENT_IMAGE_NAME=${PARENT_IMAGE_NAME} --build-arg PARENT_IMAGE_TAG=${PARENT_IMAGE_TAG} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:latest . - docker push ${CI_REGISTRY_IMAGE} docker-tag-already-built-image: stage: package image: docker:stable variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - tags script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker tag ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} - docker push ${CI_REGISTRY_IMAGE} container_scanning: container-scanning: stage: test-package image: docker:stable variables: Loading @@ -43,8 +65,6 @@ container_scanning: - docker:stable-dind only: - branches except: - master script: - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 Loading @@ -55,7 +75,9 @@ container_scanning: - mv clair-scanner_linux_amd64 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true - > ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true artifacts: paths: [gl-sast-container-report.json] Loading @@ -69,21 +91,54 @@ deploy-dev: IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.dev.yml OLD_ELASTIC_ADMIN_PASS: ${DEV_OLD_ELASTIC_ADMIN_PASS} ELASTIC_ADMIN_PASS: ${DEV_ELASTIC_ADMIN_PASS} ELASTIC_USER: ${DEV_ELASTIC_USER} ELASTIC_USER_PASS: ${DEV_ELASTIC_USER_PASS} ELASTIC_USER_ROLE: ${DEV_ELASTIC_USER_ROLE} services: - docker:dind script: - create-nets.sh elastic-net - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} OLD_ELASTIC_ADMIN_PASS=${OLD_ELASTIC_ADMIN_PASS} ELASTIC_ADMIN_PASS=${ELASTIC_ADMIN_PASS} ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} ELASTIC_USER_ROLE=${ELASTIC_USER_ROLE} environment: name: dev only: - dev when: manual deploy-supporting-branch: stage: deploy image: registry.gitlab.com/redmic-project/docker/docker-deploy variables: DOCKER_DRIVER: overlay2 SSH_REMOTE: ${DEV_SSH_REMOTE} SERVICE: ${CI_PROJECT_NAME} IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.dev.yml OLD_ELASTIC_ADMIN_PASS: ${DEV_OLD_ELASTIC_ADMIN_PASS} ELASTIC_ADMIN_PASS: ${DEV_ELASTIC_ADMIN_PASS} ELASTIC_USER: ${DEV_ELASTIC_USER} ELASTIC_USER_PASS: ${DEV_ELASTIC_USER_PASS} ELASTIC_USER_ROLE: ${DEV_ELASTIC_USER_ROLE} services: - docker:dind script: - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} OLD_ELASTIC_ADMIN_PASS=${OLD_ELASTIC_ADMIN_PASS} ELASTIC_ADMIN_PASS=${ELASTIC_ADMIN_PASS} ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} ELASTIC_USER_ROLE=${ELASTIC_USER_ROLE} environment: name: dev only: - branches except: - master - dev when: manual deploy-pro: Loading @@ -96,15 +151,19 @@ deploy-pro: IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.tmpl.yml:docker-compose.prod.yml OLD_ELASTIC_ADMIN_PASS: ${PRO_OLD_ELASTIC_ADMIN_PASS} ELASTIC_ADMIN_PASS: ${PRO_ELASTIC_ADMIN_PASS} ELASTIC_USER: ${PRO_ELASTIC_USER} ELASTIC_USER_PASS: ${PRO_ELASTIC_USER_PASS} ELASTIC_USER_ROLE: ${PRO_ELASTIC_USER_ROLE} services: - docker:dind script: - create-nets.sh elastic-net - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} OLD_ELASTIC_ADMIN_PASS=${OLD_ELASTIC_ADMIN_PASS} ELASTIC_ADMIN_PASS=${ELASTIC_ADMIN_PASS} ELASTIC_USER=${ELASTIC_USER} ELASTIC_USER_PASS=${ELASTIC_USER_PASS} ELASTIC_USER_ROLE=${ELASTIC_USER_ROLE} environment: name: pro only: Loading
Dockerfile +8 −4 Original line number Diff line number Diff line FROM registry.gitlab.com/redmic-project/docker/elasticsearch-xpack:latest ARG PARENT_IMAGE_NAME ARG PARENT_IMAGE_TAG FROM ${PARENT_IMAGE_NAME}:${PARENT_IMAGE_TAG} ENV ES_CLUSTER_NAME="clustername" \ ES_NODE_NAME="nodename" \ Loading @@ -11,8 +14,9 @@ ENV ES_CLUSTER_NAME="clustername" \ ES_NETWORK_BIND_HOST="0.0.0.0" \ ES_NETWORK_PUBLISH_HOST="_eth0_" \ ES_DISCOVERY_ZEN_MINIMUM_MASTER_NODES=2 \ ES_PATH="/usr/share/elasticsearch" \ ES_DATA_PATH="/usr/share/elasticsearch/data" ES_PATH="/usr/share/elasticsearch" ENV ES_DATA_PATH="${ES_PATH}/data" RUN apt-get update && \ apt-get install -y --no-install-recommends \ Loading @@ -20,7 +24,7 @@ RUN apt-get update && \ dnsutils && \ ulimit -n 65536 COPY config/ /usr/share/elasticsearch/config/ COPY config/ ${ES_PATH}/config/ COPY scripts/ / VOLUME ["${ES_DATA_PATH}"] Loading
docker-compose.tmpl.yml +6 −1 Original line number Diff line number Diff line Loading @@ -9,6 +9,11 @@ services: - ES_BOOTSTRAP_MEMORY_LOCK=true - ES_JAVA_OPTS=-Xms2g -Xmx2g -Djava.security.policy=file:///usr/share/elasticsearch/config/grovy-classes_whitelist.policy - ES_PLUGINS - OLD_ELASTIC_ADMIN_PASS - ELASTIC_ADMIN_PASS - ELASTIC_USER - ELASTIC_USER_PASS - ELASTIC_USER_ROLE ulimits: memlock: soft: -1 Loading @@ -18,7 +23,7 @@ services: interval: 30s timeout: 10s retries: 3 start_period: 2m start_period: 5m networks: elastic-net: Loading
scripts/docker-entrypoint.sh +9 −7 Original line number Diff line number Diff line #!/bin/bash FILENAME="elasticsearch" TEMPLATE_FILENAME="elasticsearch" OTHER_NODES="" chown -R elasticsearch:elasticsearch ${ES_DATA_PATH} Loading Loading @@ -39,7 +39,7 @@ if [ -n "${SWARM_MODE}" ]; then fi fi envsubst < /${FILENAME}.template > ${ES_PATH}/config/${FILENAME}.yml envsubst < /${TEMPLATE_FILENAME}.template > ${ES_PATH}/config/${TEMPLATE_FILENAME}.yml # Search nodes if [ -n "${OTHER_NODES}" ];then Loading @@ -47,7 +47,7 @@ if [ -n "${OTHER_NODES}" ];then export ES_DISCOVERY_ZEN_PING_UNICAST_HOSTS=${OTHER_NODES%,} ES_DISCOVERY_ZEN_PING_UNICAST_HOSTS=",${ES_DISCOVERY_ZEN_PING_UNICAST_HOSTS}" echo "discovery.zen.ping.unicast.hosts: ${ES_DISCOVERY_ZEN_PING_UNICAST_HOSTS}" \ | sed -e 's/,/\n - /g' >> ${ES_PATH}/config/${FILENAME}.yml | sed -e 's/,/\n - /g' >> ${ES_PATH}/config/${TEMPLATE_FILENAME}.yml else echo "There is no another nodes in cluster. I am alone!" fi Loading @@ -68,8 +68,8 @@ function check_credentials_s3() { exit 1 fi echo "cloud.aws.s3.access_key: ${AWS_ACCESS_KEY_ID}" >> ${ES_PATH}/config/${FILENAME}.yml echo "cloud.aws.s3.secret_key: ${AWS_SECRET_ACCESS_KEY}" >> ${ES_PATH}/config/${FILENAME}.yml echo "cloud.aws.s3.access_key: ${AWS_ACCESS_KEY_ID}" >> ${ES_PATH}/config/${TEMPLATE_FILENAME}.yml echo "cloud.aws.s3.secret_key: ${AWS_SECRET_ACCESS_KEY}" >> ${ES_PATH}/config/${TEMPLATE_FILENAME}.yml } Loading @@ -91,6 +91,8 @@ for PLUGIN in "${PLUGINS[@]}"; do fi done cat ${ES_PATH}/config/${FILENAME}.yml cat ${ES_PATH}/config/${TEMPLATE_FILENAME}.yml ./manage-users.sh & disown gosu elasticsearch "$@"
scripts/manage-users.sh 0 → 100755 +78 −0 Original line number Diff line number Diff line #!/bin/sh ELASTIC_ADMIN=elastic retryManageUsers=true while [ ${retryManageUsers} ] do responseStatus=$(curl --write-out %{http_code} --silent --output /dev/null \ -u "${ELASTIC_ADMIN}:${ELASTIC_ADMIN_PASS}" \ localhost:9200/_cluster/health) echo "Trying to manage users, got ${responseStatus} response" if [ "${responseStatus}" -eq "401" ] || [ "${responseStatus}" -eq "200" ] then retryManageUsers=false else sleep 1 continue fi echo "Trying to update admin password" if [ "${responseStatus}" -eq "401" ] then curl -XPUT -u "${ELASTIC_ADMIN}:${OLD_ELASTIC_ADMIN_PASS}" \ "localhost:9200/_xpack/security/user/${ELASTIC_ADMIN}/_password" \ -H "Content-Type: application/json" -d "{ \"password\": \"${ELASTIC_ADMIN_PASS}\" }" if [ "${?}" -eq "0" ] then echo "Admin password updated" fi else echo "Admin password already updated" fi echo "Trying to create default role and user" responseStatus=$(curl --write-out %{http_code} --silent --output /dev/null \ -u "${ELASTIC_ADMIN}:${ELASTIC_ADMIN_PASS}" \ "localhost:9200/_xpack/security/role/${ELASTIC_USER_ROLE}") if [ "${responseStatus}" -eq "404" ] then curl -XPOST -u "${ELASTIC_ADMIN}:${ELASTIC_ADMIN_PASS}" \ "localhost:9200/_xpack/security/role/${ELASTIC_USER_ROLE}" \ -H "Content-Type: application/json" -d '{ "run_as": [], "cluster": [ "monitor" ], "indices": [{ "names": [ "*" ], "privileges": [ "all" ] }] }' if [ "${?}" -eq "0" ] then echo "Role created" fi curl -XPOST -u "${ELASTIC_ADMIN}:${ELASTIC_ADMIN_PASS}" \ "localhost:9200/_xpack/security/user/${ELASTIC_USER}" \ -H "Content-Type: application/json" -d "{ \"password\": \"${ELASTIC_USER_PASS}\", \"roles\": [ \"${ELASTIC_USER_ROLE}\" ] }" if [ "${?}" -eq "0" ] then echo "User created" fi else echo "Default role already created, default user should has been created too" fi done
