Skip to content
This repository was archived by the owner on Nov 7, 2018. It is now read-only.

Use ENV to add elasticsearch-keystore entries #50

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Use ENV to add elasticsearch-keystore entries #50

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,7 @@ This image can be configured by means of environment variables, that one can set
* [MEMORY_LOCK](https://www.elastic.co/guide/en/elasticsearch/reference/current/important-settings.html#bootstrap.memory_lock) - memory locking control - enable to prevent swap (default = `true`) .
* [REPO_LOCATIONS](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-snapshots.html#_shared_file_system_repository) - list of registered repository locations. For example `["/backup"]` (default = `[]`).
* [PROCESSORS](https://github.com/elastic/elasticsearch-definitive-guide/pull/679/files) - allow elasticsearch to optimize for the actual number of available cpus (must be an integer - default = 1)
* [ES_KEYSTORE_*](https://www.elastic.co/guide/en/elasticsearch/reference/current/secure-settings.html) - add any ES Keystore items by adding a new environment variable. Double underscore will be replaced with dots, e.g. ES_KEYSTORE_S3__CLIENT__DEFAULT__ACCESS_KEY ends up as s3.client.default.access_key

### Backup
Mount a shared folder (for example via NFS) to `/backup` and make sure the `elasticsearch` user
Expand Down
17 changes: 15 additions & 2 deletions run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash

BASE=/elasticsearch

Expand Down Expand Up @@ -47,13 +47,26 @@ if [ ! -z "${SHARD_ALLOCATION_AWARENESS_ATTR}" ]; then
fi
fi

# add keystore entries
for item in ${!ES_KEYSTORE_*}; do
value=${!item}
item=${item##ES_KEYSTORE_} # Strip away prefix
item=${item,,} # Lowercase
item=${item//__/.} # Replace double underscore with dot

if [ ! -f $BASE/config/elasticsearch.keystore ]; then
su-exec elasticsearch $BASE/bin/elasticsearch-keystore create
fi
su-exec elasticsearch $BASE/bin/elasticsearch-keystore add -x $item <<< ${value}
done

# run
if [[ $(whoami) == "root" ]]; then
chown -R elasticsearch:elasticsearch $BASE
chown -R elasticsearch:elasticsearch /data
exec su-exec elasticsearch $BASE/bin/elasticsearch $ES_EXTRA_ARGS
else
# the container's first process is not running as 'root',
# the container's first process is not running as 'root',
# it does not have the rights to chown. however, we may
# assume that it is being ran as 'elasticsearch', and that
# the volumes already have the right permissions. this is
Expand Down