From 5cc690ed661aa3ef0eaff1fdee76e1c6f9319d01 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 5 Apr 2022 04:10:25 +0000 Subject: [PATCH] 7.17.2-debian-10-r2 release --- bitnami/elasticsearch/7/debian-10/Dockerfile | 7 +- .../opt/bitnami/.bitnami_components.json | 8 +- .../opt/bitnami/scripts/elasticsearch-env.sh | 88 ++++-- .../opt/bitnami/scripts/libelasticsearch.sh | 276 ++++++++++++------ bitnami/elasticsearch/README.md | 5 +- 5 files changed, 253 insertions(+), 131 deletions(-) diff --git a/bitnami/elasticsearch/7/debian-10/Dockerfile b/bitnami/elasticsearch/7/debian-10/Dockerfile index 6a5e455d9090..fc2d81076877 100644 --- a/bitnami/elasticsearch/7/debian-10/Dockerfile +++ b/bitnami/elasticsearch/7/debian-10/Dockerfile @@ -14,9 +14,9 @@ COPY prebuildfs / # Install required system packages and dependencies RUN install_packages acl ca-certificates curl gzip hostname libasound2-dev libc6 libfreetype6 libfreetype6-dev libgcc1 procps tar zlib1g RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "yq" "4.24.2-0" --checksum 6671445790516400883182abf5e957645260585b8a9f9432a8a6b63b045b6559 -RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "java" "11.0.14-7" --checksum 900545c4f346a0ece8abf2caf64fd9d4ab7514967d4614d716bf7362b24f828b +RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "java" "17.0.2-10" --checksum 70dbc5d64a8ae02f4898685ccaf993e0469ad804c87961e1e3b1a41046292a39 RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "gosu" "1.14.0-7" --checksum d6280b6f647a62bf6edc74dc8e526bfff63ddd8067dcb8540843f47203d9ccf1 -RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "elasticsearch" "7.17.2-0" --checksum 9277be8b2019075896a9deef1ce0e26d6e12eea5a7e97fbc66438ede29ae8744 +RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "elasticsearch" "7.17.2-1" --checksum fddd9946770c7fa6893ee6c57f9c1f17763998ddcc20a5b95dd29cb96e735bb3 RUN apt-get update && apt-get upgrade -y && \ rm -r /var/lib/apt/lists /var/cache/apt/archives RUN chmod g+rwX /opt/bitnami @@ -26,7 +26,8 @@ RUN /opt/bitnami/scripts/elasticsearch/postunpack.sh RUN /opt/bitnami/scripts/java/postunpack.sh ENV APP_VERSION="7.17.2" \ BITNAMI_APP_NAME="elasticsearch" \ - BITNAMI_IMAGE_VERSION="7.17.2-debian-10-r1" \ + BITNAMI_IMAGE_VERSION="7.17.2-debian-10-r2" \ + ES_JAVA_HOME="/opt/bitnami/java" \ JAVA_HOME="/opt/bitnami/java" \ LD_LIBRARY_PATH="/opt/bitnami/elasticsearch/jdk/lib:/opt/bitnami/elasticsearch/jdk/lib/server:$LD_LIBRARY_PATH" diff --git a/bitnami/elasticsearch/7/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/elasticsearch/7/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json index 3893e408c48c..25fd1e4739bc 100644 --- a/bitnami/elasticsearch/7/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/bitnami/elasticsearch/7/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json @@ -1,10 +1,10 @@ { "elasticsearch": { "arch": "amd64", - "digest": "9277be8b2019075896a9deef1ce0e26d6e12eea5a7e97fbc66438ede29ae8744", + "digest": "fddd9946770c7fa6893ee6c57f9c1f17763998ddcc20a5b95dd29cb96e735bb3", "distro": "debian-10", "type": "NAMI", - "version": "7.17.2-0" + "version": "7.17.2-1" }, "gosu": { "arch": "amd64", @@ -15,10 +15,10 @@ }, "java": { "arch": "amd64", - "digest": "900545c4f346a0ece8abf2caf64fd9d4ab7514967d4614d716bf7362b24f828b", + "digest": "70dbc5d64a8ae02f4898685ccaf993e0469ad804c87961e1e3b1a41046292a39", "distro": "debian-10", "type": "NAMI", - "version": "11.0.14-7" + "version": "17.0.2-10" }, "yq": { "arch": "amd64", diff --git a/bitnami/elasticsearch/7/debian-10/rootfs/opt/bitnami/scripts/elasticsearch-env.sh b/bitnami/elasticsearch/7/debian-10/rootfs/opt/bitnami/scripts/elasticsearch-env.sh index 94905e914f34..103aebbfc9b7 100644 --- a/bitnami/elasticsearch/7/debian-10/rootfs/opt/bitnami/scripts/elasticsearch-env.sh +++ b/bitnami/elasticsearch/7/debian-10/rootfs/opt/bitnami/scripts/elasticsearch-env.sh @@ -24,11 +24,6 @@ export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" elasticsearch_env_vars=( ELASTICSEARCH_CERTS_DIR ELASTICSEARCH_DATA_DIR_LIST - ELASTICSEARCH_KEYSTORE_LOCATION - ELASTICSEARCH_TRUSTSTORE_LOCATION - ELASTICSEARCH_NODE_CERT_LOCATION - ELASTICSEARCH_NODE_KEY_LOCATION - ELASTICSEARCH_CA_CERT_LOCATION ELASTICSEARCH_BIND_ADDRESS ELASTICSEARCH_ADVERTISED_HOSTNAME ELASTICSEARCH_CLUSTER_HOSTS @@ -47,22 +42,45 @@ elasticsearch_env_vars=( ELASTICSEARCH_MINIMUM_MASTER_NODES ELASTICSEARCH_NODE_NAME ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH - ELASTICSEARCH_NODE_PORT_NUMBER + ELASTICSEARCH_NODE_ROLES ELASTICSEARCH_NODE_TYPE ELASTICSEARCH_PLUGINS ELASTICSEARCH_KEYS - ELASTICSEARCH_PORT_NUMBER - ELASTICSEARCH_USE_NODE_ROLES - ELASTICSEARCH_NODE_ROLES + ELASTICSEARCH_TRANSPORT_PORT_NUMBER + ELASTICSEARCH_HTTP_PORT_NUMBER ELASTICSEARCH_PASSWORD ELASTICSEARCH_ENABLE_SECURITY - ELASTICSEARCH_ENABLE_REST_TLS - ELASTICSEARCH_TLS_USE_PEM + ELASTICSEARCH_ENABLE_FIPS_MODE ELASTICSEARCH_TLS_VERIFICATION_MODE + ELASTICSEARCH_TLS_USE_PEM ELASTICSEARCH_KEYSTORE_PASSWORD ELASTICSEARCH_TRUSTSTORE_PASSWORD ELASTICSEARCH_KEY_PASSWORD - ELASTICSEARCH_ENABLE_FIPS_MODE + ELASTICSEARCH_KEYSTORE_LOCATION + ELASTICSEARCH_TRUSTSTORE_LOCATION + ELASTICSEARCH_NODE_CERT_LOCATION + ELASTICSEARCH_NODE_KEY_LOCATION + ELASTICSEARCH_CA_CERT_LOCATION + ELASTICSEARCH_SKIP_TRANSPORT_TLS + ELASTICSEARCH_TRANSPORT_TLS_USE_PEM + ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_PASSWORD + ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_PASSWORD + ELASTICSEARCH_TRANSPORT_TLS_KEY_PASSWORD + ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_LOCATION + ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_LOCATION + ELASTICSEARCH_TRANSPORT_TLS_NODE_CERT_LOCATION + ELASTICSEARCH_TRANSPORT_TLS_NODE_KEY_LOCATION + ELASTICSEARCH_TRANSPORT_TLS_CA_CERT_LOCATION + ELASTICSEARCH_ENABLE_REST_TLS + ELASTICSEARCH_HTTP_TLS_USE_PEM + ELASTICSEARCH_HTTP_TLS_KEYSTORE_PASSWORD + ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_PASSWORD + ELASTICSEARCH_HTTP_TLS_KEY_PASSWORD + ELASTICSEARCH_HTTP_TLS_KEYSTORE_LOCATION + ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_LOCATION + ELASTICSEARCH_HTTP_TLS_NODE_CERT_LOCATION + ELASTICSEARCH_HTTP_TLS_NODE_KEY_LOCATION + ELASTICSEARCH_HTTP_TLS_CA_CERT_LOCATION ) for env_var in "${elasticsearch_env_vars[@]}"; do file_env_var="${env_var}_FILE" @@ -92,11 +110,6 @@ export ELASTICSEARCH_MOUNTED_PLUGINS_DIR="${ELASTICSEARCH_VOLUME_DIR}/plugins" export ELASTICSEARCH_CONF_FILE="${ELASTICSEARCH_CONF_DIR}/elasticsearch.yml" export ELASTICSEARCH_LOG_FILE="${ELASTICSEARCH_LOGS_DIR}/elasticsearch.log" export ELASTICSEARCH_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" -export ELASTICSEARCH_KEYSTORE_LOCATION="${ELASTICSEARCH_KEYSTORE_LOCATION:-${ELASTICSEARCH_CERTS_DIR}/elasticsearch.keystore.jks}" -export ELASTICSEARCH_TRUSTSTORE_LOCATION="${ELASTICSEARCH_TRUSTSTORE_LOCATION:-${ELASTICSEARCH_CERTS_DIR}/elasticsearch.trustore.jks}" -export ELASTICSEARCH_NODE_CERT_LOCATION="${ELASTICSEARCH_NODE_CERT_LOCATION:-${ELASTICSEARCH_CERTS_DIR}/tls.crt}" -export ELASTICSEARCH_NODE_KEY_LOCATION="${ELASTICSEARCH_NODE_KEY_LOCATION:-${ELASTICSEARCH_CERTS_DIR}/tls.key}" -export ELASTICSEARCH_CA_CERT_LOCATION="${ELASTICSEARCH_CA_CERT_LOCATION:-${ELASTICSEARCH_CERTS_DIR}/ca.crt}" export PATH="${ELASTICSEARCH_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:$PATH" # System users (when running with a privileged user) @@ -116,29 +129,52 @@ export ELASTICSEARCH_MAX_ALLOWED_MEMORY="${ELASTICSEARCH_MAX_ALLOWED_MEMORY:-}" export ELASTICSEARCH_MAX_TIMEOUT="${ELASTICSEARCH_MAX_TIMEOUT:-60}" export ELASTICSEARCH_LOCK_ALL_MEMORY="${ELASTICSEARCH_LOCK_ALL_MEMORY:-no}" export ELASTICSEARCH_DISABLE_JVM_HEAP_DUMP="${ELASTICSEARCH_DISABLE_JVM_HEAP_DUMP:-no}" -export ELASTICSEARCH_ACTION_DESTRUCTIVE_REQUIRES_NAME="${ELASTICSEARCH_ACTION_DESTRUCTIVE_REQUIRES_NAME:-no}" +export ELASTICSEARCH_ACTION_DESTRUCTIVE_REQUIRES_NAME="${ELASTICSEARCH_ACTION_DESTRUCTIVE_REQUIRES_NAME:-}" export ELASTICSEARCH_DISABLE_GC_LOGS="${ELASTICSEARCH_DISABLE_GC_LOGS:-no}" export ELASTICSEARCH_IS_DEDICATED_NODE="${ELASTICSEARCH_IS_DEDICATED_NODE:-no}" export ELASTICSEARCH_MINIMUM_MASTER_NODES="${ELASTICSEARCH_MINIMUM_MASTER_NODES:-}" export ELASTICSEARCH_NODE_NAME="${ELASTICSEARCH_NODE_NAME:-}" export ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH="${ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH:-}" -export ELASTICSEARCH_NODE_PORT_NUMBER="${ELASTICSEARCH_NODE_PORT_NUMBER:-9300}" -export ELASTICSEARCH_NODE_TYPE="${ELASTICSEARCH_NODE_TYPE:-master}" +export ELASTICSEARCH_NODE_ROLES="${ELASTICSEARCH_NODE_ROLES:-}" +export ELASTICSEARCH_NODE_TYPE="${ELASTICSEARCH_NODE_TYPE:-}" export ELASTICSEARCH_PLUGINS="${ELASTICSEARCH_PLUGINS:-}" export ELASTICSEARCH_KEYS="${ELASTICSEARCH_KEYS:-}" -export ELASTICSEARCH_PORT_NUMBER="${ELASTICSEARCH_PORT_NUMBER:-9200}" -export ELASTICSEARCH_USE_NODE_ROLES="${ELASTICSEARCH_USE_NODE_ROLES:-no}" -export ELASTICSEARCH_NODE_ROLES="${ELASTICSEARCH_NODE_ROLES:-}" +export ELASTICSEARCH_TRANSPORT_PORT_NUMBER="${ELASTICSEARCH_TRANSPORT_PORT_NUMBER:-9300}" +export ELASTICSEARCH_HTTP_PORT_NUMBER="${ELASTICSEARCH_HTTP_PORT_NUMBER:-9200}" # Elasticsearch Security configuration export ELASTICSEARCH_PASSWORD="${ELASTICSEARCH_PASSWORD:-bitnami}" export ELASTICSEARCH_ENABLE_SECURITY="${ELASTICSEARCH_ENABLE_SECURITY:-false}" -export ELASTICSEARCH_ENABLE_REST_TLS="${ELASTICSEARCH_ENABLE_REST_TLS:-false}" -export ELASTICSEARCH_TLS_USE_PEM="${ELASTICSEARCH_TLS_USE_PEM:-false}" +export ELASTICSEARCH_ENABLE_FIPS_MODE="${ELASTICSEARCH_ENABLE_FIPS_MODE:-false}" export ELASTICSEARCH_TLS_VERIFICATION_MODE="${ELASTICSEARCH_TLS_VERIFICATION_MODE:-full}" +export ELASTICSEARCH_TLS_USE_PEM="${ELASTICSEARCH_TLS_USE_PEM:-false}" export ELASTICSEARCH_KEYSTORE_PASSWORD="${ELASTICSEARCH_KEYSTORE_PASSWORD:-}" export ELASTICSEARCH_TRUSTSTORE_PASSWORD="${ELASTICSEARCH_TRUSTSTORE_PASSWORD:-}" export ELASTICSEARCH_KEY_PASSWORD="${ELASTICSEARCH_KEY_PASSWORD:-}" -export ELASTICSEARCH_ENABLE_FIPS_MODE="${ELASTICSEARCH_ENABLE_FIPS_MODE:-false}" +export ELASTICSEARCH_KEYSTORE_LOCATION="${ELASTICSEARCH_KEYSTORE_LOCATION:-${ELASTICSEARCH_CERTS_DIR}/elasticsearch.keystore.jks}" +export ELASTICSEARCH_TRUSTSTORE_LOCATION="${ELASTICSEARCH_TRUSTSTORE_LOCATION:-${ELASTICSEARCH_CERTS_DIR}/elasticsearch.truststore.jks}" +export ELASTICSEARCH_NODE_CERT_LOCATION="${ELASTICSEARCH_NODE_CERT_LOCATION:-${ELASTICSEARCH_CERTS_DIR}/tls.crt}" +export ELASTICSEARCH_NODE_KEY_LOCATION="${ELASTICSEARCH_NODE_KEY_LOCATION:-${ELASTICSEARCH_CERTS_DIR}/tls.key}" +export ELASTICSEARCH_CA_CERT_LOCATION="${ELASTICSEARCH_CA_CERT_LOCATION:-${ELASTICSEARCH_CERTS_DIR}/ca.crt}" +export ELASTICSEARCH_SKIP_TRANSPORT_TLS="${ELASTICSEARCH_SKIP_TRANSPORT_TLS:-false}" +export ELASTICSEARCH_TRANSPORT_TLS_USE_PEM="${ELASTICSEARCH_TRANSPORT_TLS_USE_PEM:-$ELASTICSEARCH_TLS_USE_PEM}" +export ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_PASSWORD="${ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_PASSWORD:-$ELASTICSEARCH_KEYSTORE_PASSWORD}" +export ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_PASSWORD="${ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_PASSWORD:-$ELASTICSEARCH_TRUSTSTORE_PASSWORD}" +export ELASTICSEARCH_TRANSPORT_TLS_KEY_PASSWORD="${ELASTICSEARCH_TRANSPORT_TLS_KEY_PASSWORD:-$ELASTICSEARCH_KEY_PASSWORD}" +export ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_LOCATION="${ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_LOCATION:-$ELASTICSEARCH_KEYSTORE_LOCATION}" +export ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_LOCATION="${ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_LOCATION:-$ELASTICSEARCH_TRUSTSTORE_LOCATION}" +export ELASTICSEARCH_TRANSPORT_TLS_NODE_CERT_LOCATION="${ELASTICSEARCH_TRANSPORT_TLS_NODE_CERT_LOCATION:-$ELASTICSEARCH_NODE_CERT_LOCATION}" +export ELASTICSEARCH_TRANSPORT_TLS_NODE_KEY_LOCATION="${ELASTICSEARCH_TRANSPORT_TLS_NODE_KEY_LOCATION:-$ELASTICSEARCH_NODE_KEY_LOCATION}" +export ELASTICSEARCH_TRANSPORT_TLS_CA_CERT_LOCATION="${ELASTICSEARCH_TRANSPORT_TLS_CA_CERT_LOCATION:-$ELASTICSEARCH_CA_CERT_LOCATION}" +export ELASTICSEARCH_ENABLE_REST_TLS="${ELASTICSEARCH_ENABLE_REST_TLS:-false}" +export ELASTICSEARCH_HTTP_TLS_USE_PEM="${ELASTICSEARCH_HTTP_TLS_USE_PEM:-$ELASTICSEARCH_TLS_USE_PEM}" +export ELASTICSEARCH_HTTP_TLS_KEYSTORE_PASSWORD="${ELASTICSEARCH_HTTP_TLS_KEYSTORE_PASSWORD:-$ELASTICSEARCH_KEYSTORE_PASSWORD}" +export ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_PASSWORD="${ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_PASSWORD:-$ELASTICSEARCH_TRUSTSTORE_PASSWORD}" +export ELASTICSEARCH_HTTP_TLS_KEY_PASSWORD="${ELASTICSEARCH_HTTP_TLS_KEY_PASSWORD:-$ELASTICSEARCH_KEY_PASSWORD}" +export ELASTICSEARCH_HTTP_TLS_KEYSTORE_LOCATION="${ELASTICSEARCH_HTTP_TLS_KEYSTORE_LOCATION:-$ELASTICSEARCH_KEYSTORE_LOCATION}" +export ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_LOCATION="${ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_LOCATION:-$ELASTICSEARCH_TRUSTSTORE_LOCATION}" +export ELASTICSEARCH_HTTP_TLS_NODE_CERT_LOCATION="${ELASTICSEARCH_HTTP_TLS_NODE_CERT_LOCATION:-$ELASTICSEARCH_NODE_CERT_LOCATION}" +export ELASTICSEARCH_HTTP_TLS_NODE_KEY_LOCATION="${ELASTICSEARCH_HTTP_TLS_NODE_KEY_LOCATION:-$ELASTICSEARCH_NODE_KEY_LOCATION}" +export ELASTICSEARCH_HTTP_TLS_CA_CERT_LOCATION="${ELASTICSEARCH_HTTP_TLS_CA_CERT_LOCATION:-$ELASTICSEARCH_CA_CERT_LOCATION}" # Custom environment variables may be defined below diff --git a/bitnami/elasticsearch/7/debian-10/rootfs/opt/bitnami/scripts/libelasticsearch.sh b/bitnami/elasticsearch/7/debian-10/rootfs/opt/bitnami/scripts/libelasticsearch.sh index b3e5e6d7ef98..64f7c9224fa8 100644 --- a/bitnami/elasticsearch/7/debian-10/rootfs/opt/bitnami/scripts/libelasticsearch.sh +++ b/bitnami/elasticsearch/7/debian-10/rootfs/opt/bitnami/scripts/libelasticsearch.sh @@ -210,6 +210,7 @@ elasticsearch_validate_kernel() { ######################### elasticsearch_validate() { local error_code=0 + local es_version es_major_version # Auxiliary functions print_validation_error() { @@ -234,13 +235,9 @@ elasticsearch_validate() { } validate_node_roles() { - if [[ "$ELASTICSEARCH_MAJOR_VERSION" -le 6 ]]; then - print_validation_error "Node roles are only available in Elasticsearch 7+" && return - fi - read -r -a roles_list <<<"$(tr ',;' ' ' <<<"$ELASTICSEARCH_NODE_ROLES")" if [[ "${#roles_list[@]}" -le 0 ]]; then - print_validation_error "The \$ELASTICSEARCH_NODE_ROLES variables can't be empty and it must be a comma separated list. Supported roles are 'master,data,data_content,data_hot,data_warm,data_cold,data_frozen,ingest,ml,remote_cluster_client,transform'" && return + warn "Setting ELASTICSEARCH_NODE_ROLES is empty and ELASTICSEARCH_IS_DEDICATED_NODE is set to true, Elasticsearch will be configured as coordinating-only node." fi for role in "${roles_list[@]}"; do case "$role" in @@ -253,26 +250,67 @@ elasticsearch_validate() { done } + es_version="$(elasticsearch_get_version)" + es_major_version="$(get_sematic_version "$es_version" 1)" + debug "Validating settings in ELASTICSEARCH_* env vars..." - for var in "ELASTICSEARCH_PORT_NUMBER" "ELASTICSEARCH_NODE_PORT_NUMBER"; do + for var in "ELASTICSEARCH_HTTP_PORT_NUMBER" "ELASTICSEARCH_TRANSPORT_PORT_NUMBER"; do if ! err=$(validate_port "${!var}"); then print_validation_error "An invalid port was specified in the environment variable $var: $err" fi done - is_boolean_yes "$ELASTICSEARCH_USE_NODE_ROLES" && validate_node_roles - is_boolean_yes "$ELASTICSEARCH_IS_DEDICATED_NODE" && validate_node_type + + if ! is_boolean_yes "$ELASTICSEARCH_IS_DEDICATED_NODE"; then + warn "Setting ELASTICSEARCH_IS_DEDICATED_NODE is disabled." + warn "ELASTICSEARCH_NODE_ROLES and ELASTICSEARCH_NODE_TYPE will be ignored and Elasticsearch will asume all different roles." + else + # Node types deprecated in Elasticsearch 8 + if [[ -n "$ELASTICSEARCH_NODE_TYPE" ]] && [[ "$es_major_version" -ge 8 ]] ; then + print_validation_error "Setting ELASTICSEARCH_NODE_TYPE is not available when using Elasticsearch 8, use ELASTICSEARCH_NODE_ROLES instead." + fi + # Node roles introduced in Elasticsearch 7 + if [[ -n "$ELASTICSEARCH_NODE_ROLES" ]] && [[ "$es_major_version" -lt 7 ]] ; then + print_validation_error "Setting ELASTICSEARCH_NODE_ROLES is not available when using Elasticsearch 6, use ELASTICSEARCH_NODE_TYPE instead." + fi + + if [[ "$es_major_version" -le 6 ]]; then + validate_node_type + elif [[ "$es_major_version" -ge 8 ]]; then + validate_node_roles + elif [[ "$es_major_version" -eq 7 ]]; then + if [[ -n "$ELASTICSEARCH_NODE_TYPE" ]]; then + warn "Setting ELASTICSEARCH_NODE_TYPE will be deprecated soon. We recommend using ELASTICSEARCH_NODE_ROLES instead." + validate_node_type + else + validate_node_roles + fi + fi + fi + if [[ -n "$ELASTICSEARCH_BIND_ADDRESS" ]] && ! validate_ipv4 "$ELASTICSEARCH_BIND_ADDRESS"; then print_validation_error "The Bind Address specified in the environment variable ELASTICSEARCH_BIND_ADDRESS is not a valid IPv4" fi if is_boolean_yes "$ELASTICSEARCH_ENABLE_SECURITY"; then - check_multi_value "ELASTICSEARCH_TLS_VERIFICATION_MODE" "full certificate none" - if is_boolean_yes "$ELASTICSEARCH_TLS_USE_PEM"; then - if [[ ! -f "$ELASTICSEARCH_NODE_CERT_LOCATION" ]] || [[ ! -f "$ELASTICSEARCH_NODE_KEY_LOCATION" ]] || [[ ! -f "$ELASTICSEARCH_CA_CERT_LOCATION" ]]; then - print_validation_error "In order to configure the TLS encryption for Elasticsearch you must provide your node key, certificate and a valid certification_authority certificate." + if ! is_boolean_yes "$ELASTICSEARCH_SKIP_TRANSPORT_TLS"; then + check_multi_value "ELASTICSEARCH_TLS_VERIFICATION_MODE" "full certificate none" + if is_boolean_yes "$ELASTICSEARCH_TRANSPORT_TLS_USE_PEM"; then + if [[ ! -f "$ELASTICSEARCH_TRANSPORT_TLS_NODE_CERT_LOCATION" ]] || [[ ! -f "$ELASTICSEARCH_TRANSPORT_TLS_NODE_KEY_LOCATION" ]] || [[ ! -f "$ELASTICSEARCH_TRANSPORT_TLS_CA_CERT_LOCATION" ]]; then + print_validation_error "In order to configure the TLS encryption for Elasticsearch Transport you must provide your node key, certificate and a valid certification_authority certificate." + fi + elif [[ ! -f "$ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_LOCATION" ]] || [[ ! -f "$ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_LOCATION" ]]; then + print_validation_error "In order to configure the TLS encryption for Elasticsearch Transport with JKS/PKCS12 certs you must mount a valid keystore and truststore." + fi + fi + + if is_boolean_yes "$ELASTICSEARCH_ENABLE_REST_TLS"; then + if is_boolean_yes "$ELASTICSEARCH_HTTP_TLS_USE_PEM"; then + if [[ ! -f "$ELASTICSEARCH_HTTP_TLS_NODE_CERT_LOCATION" ]] || [[ ! -f "$ELASTICSEARCH_HTTP_TLS_NODE_KEY_LOCATION" ]] || [[ ! -f "$ELASTICSEARCH_HTTP_TLS_CA_CERT_LOCATION" ]]; then + print_validation_error "In order to configure the TLS encryption for Elasticsearch you must provide your node key, certificate and a valid certification_authority certificate." + fi + elif [[ ! -f "$ELASTICSEARCH_HTTP_TLS_KEYSTORE_LOCATION" ]] || [[ ! -f "$ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_LOCATION" ]]; then + print_validation_error "In order to configure the TLS encryption for Elasticsearch with JKS/PKCS12 certs you must mount a valid keystore and truststore." fi - elif [[ ! -f "$ELASTICSEARCH_KEYSTORE_LOCATION" ]] || [[ ! -f "$ELASTICSEARCH_TRUSTSTORE_LOCATION" ]]; then - print_validation_error "In order to configure the TLS encryption for Elasticsearch with JKS/PKCS12 certs you must mount a valid keystore and truststore." fi fi @@ -312,19 +350,23 @@ elasticsearch_cluster_configuration() { } is_node_type_master() { - if is_boolean_yes "$ELASTICSEARCH_USE_NODE_ROLES"; then - read -r -a roles_list <<<"$(tr ',;' ' ' <<<"$ELASTICSEARCH_NODE_ROLES")" - if [[ " ${roles_list[*]} " = *" master "* ]]; then - true + if is_boolean_yes "$ELASTICSEARCH_IS_DEDICATED_NODE"; then + if [[ -n "$ELASTICSEARCH_NODE_TYPE" ]]; then + if [[ "$ELASTICSEARCH_NODE_TYPE" = "master" ]]; then + true + else + false + fi else - false + read -r -a roles_list <<<"$(tr ',;' ' ' <<<"$ELASTICSEARCH_NODE_ROLES")" + if [[ " ${roles_list[*]} " = *" master "* ]]; then + true + else + false + fi fi else - if [[ "$ELASTICSEARCH_NODE_TYPE" = "master" ]]; then - true - else - false - fi + true fi } @@ -345,28 +387,31 @@ elasticsearch_cluster_configuration() { if [[ -n "$ELASTICSEARCH_TOTAL_NODES" ]]; then total_nodes=$ELASTICSEARCH_TOTAL_NODES fi - ELASTICSEARCH_VERSION="$(elasticsearch_get_version)" - ELASTICSEARCH_MAJOR_VERSION="$(get_sematic_version "$ELASTICSEARCH_VERSION" 1)" - if [[ "$ELASTICSEARCH_MAJOR_VERSION" -le 6 ]]; then + es_version="$(elasticsearch_get_version)" + es_major_version="$(get_sematic_version "$es_version" 1)" + if [[ "$es_major_version" -le 6 ]]; then + # discovery.zen.minimum_master_nodes deprecated and ignored in Elasticsearch 7, removed in Elasticsearch 8 + if [[ -n "$ELASTICSEARCH_MINIMUM_MASTER_NODES" ]]; then + debug "Setting minimum master nodes for quorum to $ELASTICSEARCH_MINIMUM_MASTER_NODES..." + elasticsearch_conf_set discovery.zen.minimum_master_nodes "$ELASTICSEARCH_MINIMUM_MASTER_NODES" + elif [[ "${#host_list[@]}" -gt 2 ]]; then + local min_masters="" + min_masters=$(((${#host_list[@]} / 2) + 1)) + debug "Calculating minimum master nodes for quorum: $min_masters..." + elasticsearch_conf_set discovery.zen.minimum_master_nodes "$min_masters" + fi + # Replaced by discovery.seed_hosts in Elasticsearch 7, removed in Elasticsearch 8 elasticsearch_conf_set discovery.zen.ping.unicast.hosts "${host_list[@]}" + # Below settings were removed in Elasticsearch 7.8 + elasticsearch_conf_set gateway.recover_after_nodes "$(((total_nodes + 1 + 1) / 2))" + elasticsearch_conf_set gateway.expected_nodes "$total_nodes" else elasticsearch_conf_set discovery.seed_hosts "${host_list[@]}" + if is_node_type_master; then + elasticsearch_conf_set cluster.initial_master_nodes "${master_list[@]}" + fi fi elasticsearch_conf_set discovery.initial_state_timeout "5m" - elasticsearch_conf_set gateway.recover_after_nodes "$(((total_nodes + 1 + 1) / 2))" - elasticsearch_conf_set gateway.expected_nodes "$total_nodes" - if is_node_type_master && [[ "$ELASTICSEARCH_MAJOR_VERSION" -gt 6 ]]; then - elasticsearch_conf_set cluster.initial_master_nodes "${master_list[@]}" - fi - if [[ -n "$ELASTICSEARCH_MINIMUM_MASTER_NODES" ]]; then - debug "Setting minimum master nodes for quorum to $ELASTICSEARCH_MINIMUM_MASTER_NODES..." - elasticsearch_conf_set discovery.zen.minimum_master_nodes "$ELASTICSEARCH_MINIMUM_MASTER_NODES" - elif [[ "${#host_list[@]}" -gt 2 ]]; then - local min_masters="" - min_masters=$(((${#host_list[@]} / 2) + 1)) - debug "Calculating minimum master nodes for quorum: $min_masters..." - elasticsearch_conf_set discovery.zen.minimum_master_nodes "$min_masters" - fi else elasticsearch_conf_set "discovery.type" "single-node" fi @@ -381,39 +426,50 @@ elasticsearch_cluster_configuration() { # Returns: # None ######################### -elasticsearch_tls_configuration(){ - info "Configuring Elasticsearch TLS settings..." - elasticsearch_conf_set xpack.security.enabled "true" - elasticsearch_conf_set xpack.security.http.ssl.enabled "$ELASTICSEARCH_ENABLE_REST_TLS" +elasticsearch_transport_tls_configuration(){ + info "Configuring Elasticsearch Transport TLS settings..." elasticsearch_conf_set xpack.security.transport.ssl.enabled "true" elasticsearch_conf_set xpack.security.transport.ssl.verification_mode "$ELASTICSEARCH_TLS_VERIFICATION_MODE" - if is_boolean_yes "$ELASTICSEARCH_TLS_USE_PEM"; then + if is_boolean_yes "$ELASTICSEARCH_TRANSPORT_TLS_USE_PEM"; then debug "Configuring Transport Layer TLS settings using PEM certificates..." - ! is_empty_value "$ELASTICSEARCH_KEY_PASSWORD" && elasticsearch_set_key_value "xpack.security.transport.ssl.secure_key_passphrase" "$ELASTICSEARCH_KEY_PASSWORD" - elasticsearch_conf_set xpack.security.transport.ssl.key "$ELASTICSEARCH_NODE_KEY_LOCATION" - elasticsearch_conf_set xpack.security.transport.ssl.certificate "$ELASTICSEARCH_NODE_CERT_LOCATION" - elasticsearch_conf_set xpack.security.transport.ssl.certificate_authorities "$ELASTICSEARCH_CA_CERT_LOCATION" - if is_boolean_yes "$ELASTICSEARCH_ENABLE_REST_TLS"; then - debug "Configuring REST API TLS settings using PEM certificates..." - ! is_empty_value "$ELASTICSEARCH_KEY_PASSWORD" && elasticsearch_set_key_value "xpack.security.http.ssl.secure_key_passphrase" "$ELASTICSEARCH_KEY_PASSWORD" - elasticsearch_conf_set xpack.security.http.ssl.key "$ELASTICSEARCH_NODE_KEY_LOCATION" - elasticsearch_conf_set xpack.security.http.ssl.certificate "$ELASTICSEARCH_NODE_CERT_LOCATION" - elasticsearch_conf_set xpack.security.http.ssl.certificate_authorities "$ELASTICSEARCH_CA_CERT_LOCATION" - fi + ! is_empty_value "$ELASTICSEARCH_TRANSPORT_TLS_KEY_PASSWORD" && elasticsearch_set_key_value "xpack.security.transport.ssl.secure_key_passphrase" "$ELASTICSEARCH_TRANSPORT_TLS_KEY_PASSWORD" + elasticsearch_conf_set xpack.security.transport.ssl.key "$ELASTICSEARCH_TRANSPORT_TLS_NODE_KEY_LOCATION" + elasticsearch_conf_set xpack.security.transport.ssl.certificate "$ELASTICSEARCH_TRANSPORT_TLS_NODE_CERT_LOCATION" + elasticsearch_conf_set xpack.security.transport.ssl.certificate_authorities "$ELASTICSEARCH_TRANSPORT_TLS_CA_CERT_LOCATION" else debug "Configuring Transport Layer TLS settings using JKS/PKCS certificates..." - ! is_empty_value "$ELASTICSEARCH_KEYSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.transport.ssl.keystore.secure_password" "$ELASTICSEARCH_KEYSTORE_PASSWORD" - ! is_empty_value "$ELASTICSEARCH_TRUSTSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.transport.ssl.truststore.secure_password" "$ELASTICSEARCH_TRUSTSTORE_PASSWORD" - elasticsearch_conf_set xpack.security.transport.ssl.keystore.path "$ELASTICSEARCH_KEYSTORE_LOCATION" - elasticsearch_conf_set xpack.security.transport.ssl.truststore.path "$ELASTICSEARCH_TRUSTSTORE_LOCATION" - if is_boolean_yes "$ELASTICSEARCH_ENABLE_REST_TLS"; then - debug "Configuring REST API TLS settings using JKS/PKCS certificates..." - ! is_empty_value "$ELASTICSEARCH_KEYSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.http.ssl.keystore.secure_password" "$ELASTICSEARCH_KEYSTORE_PASSWORD" - ! is_empty_value "$ELASTICSEARCH_TRUSTSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.http.ssl.truststore.secure_password" "$ELASTICSEARCH_TRUSTSTORE_PASSWORD" - elasticsearch_conf_set xpack.security.http.ssl.keystore.path "$ELASTICSEARCH_KEYSTORE_LOCATION" - elasticsearch_conf_set xpack.security.http.ssl.truststore.path "$ELASTICSEARCH_TRUSTSTORE_LOCATION" - fi + ! is_empty_value "$ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.transport.ssl.keystore.secure_password" "$ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_PASSWORD" + ! is_empty_value "$ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.transport.ssl.truststore.secure_password" "$ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_PASSWORD" + elasticsearch_conf_set xpack.security.transport.ssl.keystore.path "$ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_LOCATION" + elasticsearch_conf_set xpack.security.transport.ssl.truststore.path "$ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_LOCATION" + fi +} + +######################## +# Configure Elasticsearch TLS settings +# Globals: +# ELASTICSEARCH_* +# Arguments: +# None +# Returns: +# None +######################### +elasticsearch_http_tls_configuration(){ + info "Configuring Elasticsearch HTTP TLS settings..." + elasticsearch_conf_set xpack.security.http.ssl.enabled "true" + if is_boolean_yes "$ELASTICSEARCH_HTTP_TLS_USE_PEM"; then + debug "Configuring REST API TLS settings using PEM certificates..." + ! is_empty_value "$ELASTICSEARCH_HTTP_TLS_KEY_PASSWORD" && elasticsearch_set_key_value "xpack.security.http.ssl.secure_key_passphrase" "$ELASTICSEARCH_HTTP_TLS_KEY_PASSWORD" + elasticsearch_conf_set xpack.security.http.ssl.key "$ELASTICSEARCH_HTTP_TLS_NODE_KEY_LOCATION" + elasticsearch_conf_set xpack.security.http.ssl.certificate "$ELASTICSEARCH_HTTP_TLS_NODE_CERT_LOCATION" + elasticsearch_conf_set xpack.security.http.ssl.certificate_authorities "$ELASTICSEARCH_HTTP_TLS_CA_CERT_LOCATION" + else + debug "Configuring REST API TLS settings using JKS/PKCS certificates..." + ! is_empty_value "$ELASTICSEARCH_HTTP_TLS_KEYSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.http.ssl.keystore.secure_password" "$ELASTICSEARCH_HTTP_TLS_KEYSTORE_PASSWORD" + ! is_empty_value "$ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.http.ssl.truststore.secure_password" "$ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_PASSWORD" + elasticsearch_conf_set xpack.security.http.ssl.keystore.path "$ELASTICSEARCH_HTTP_TLS_KEYSTORE_LOCATION" + elasticsearch_conf_set xpack.security.http.ssl.truststore.path "$ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_LOCATION" fi } @@ -469,6 +525,7 @@ elasticsearch_configure_node_type() { else is_master="true" is_data="true" + is_ingest="true" fi debug "Configure Elasticsearch Node type..." elasticsearch_conf_set node.master "$is_master" @@ -483,7 +540,14 @@ elasticsearch_configure_node_type() { } ######################## -# Configure Elasticsearch node roles +# Configure Elasticsearch node roles. +# There are 3 scenarios: +# * If ELASTICSEARCH_IS_DEDICATED_NODE is disabled, 'node.roles' is omitted and Elasticsearch assumes all the roles (check docs). +# * Otherwise, 'node.roles' with a list of roles provided with ELASTICSEARCH_NODE_ROLES. +# * In addition, if ELASTICSEARCH_NODE_ROLES is empty, node.roles will be configured empty, meaning that the role is 'coordinating-only'. +# +# Docs ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html +# # Globals: # ELASTICSEARCH_* # Arguments: @@ -496,16 +560,21 @@ elasticsearch_configure_node_roles() { local set_repo_path="no" read -r -a roles_list <<<"$(tr ',;' ' ' <<<"$ELASTICSEARCH_NODE_ROLES")" - elasticsearch_conf_set node.roles "${roles_list[@]}" - - for role in "${roles_list[@]}"; do - case "$role" in - master | data | data_content | data_hot | data_warm | data_cold | data_frozen) - set_repo_path="yes" - ;; - *) ;; - esac - done + if is_boolean_yes "$ELASTICSEARCH_IS_DEDICATED_NODE"; then + elasticsearch_conf_set node.roles "${roles_list[@]}" + for role in "${roles_list[@]}"; do + case "$role" in + master | data | data_content | data_hot | data_warm | data_cold | data_frozen) + set_repo_path="yes" + ;; + *) ;; + esac + done + else + set_repo_path="yes" + fi + + if is_boolean_yes "$set_repo_path" && [[ -n "$ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH" ]]; then # Configure path.repo to restore snapshots from system repository @@ -563,12 +632,16 @@ elasticsearch_set_heap_size() { debug "Setting '-Xmx${heap_size} -Xms${heap_size}' heap options..." # Elasticsearch > 7.10 encourages to customize the heap settings through a file in 'jvm.options.d' # Previous versions need to update the 'jvm.options' file - if [[ "$es_major_version" -ge 7 && "$es_minor_version" -gt 10 ]]; then + if [[ "$es_major_version" -ge 8 ]] || [[ "$es_major_version" -ge 7 && "$es_minor_version" -gt 10 ]]; then debug "Setting Xmx and Xms options in heap.options file" cat >"${ELASTICSEARCH_CONF_DIR}/jvm.options.d/heap.options" </dev/null; then return 1 diff --git a/bitnami/elasticsearch/README.md b/bitnami/elasticsearch/README.md index fc338dfca431..bdf1cb9c8df3 100644 --- a/bitnami/elasticsearch/README.md +++ b/bitnami/elasticsearch/README.md @@ -48,7 +48,8 @@ Non-root container images add an extra layer of security and are generally recom Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/). -* [`7`, `7-debian-10`, `7.17.2`, `7.17.2-debian-10-r1`, `latest` (7/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-elasticsearch/blob/7.17.2-debian-10-r1/7/debian-10/Dockerfile) +* [`8`, `8-debian-10`, `8.1.2`, `8.1.2-debian-10-r-1`, `latest` (8/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-elasticsearch/blob/8.1.2-debian-10-r-1/8/debian-10/Dockerfile) +* [`7`, `7-debian-10`, `7.17.2`, `7.17.2-debian-10-r2` (7/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-elasticsearch/blob/7.17.2-debian-10-r2/7/debian-10/Dockerfile) * [`6`, `6-debian-10`, `6.8.23`, `6.8.23-debian-10-r76` (6/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-elasticsearch/blob/6.8.23-debian-10-r76/6/debian-10/Dockerfile) Subscribe to project updates by watching the [bitnami/elasticsearch GitHub repo](https://github.com/bitnami/bitnami-docker-elasticsearch). @@ -69,7 +70,7 @@ $ docker pull bitnami/elasticsearch:[TAG] If you wish, you can also build the image yourself. ```console -$ docker build -t bitnami/elasticsearch:latest 'https://github.com/bitnami/bitnami-docker-elasticsearch.git#master:7/debian-10' +$ docker build -t bitnami/elasticsearch:latest 'https://github.com/bitnami/bitnami-docker-elasticsearch.git#master:8/debian-10' ``` ## Persisting your application