diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..7847853 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,2 @@ +# You can add one username per supported platform and one custom link +patreon: blacktop_ \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..a4a44d7 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,23 @@ + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + time: "08:00" + labels: + - "dependencies" + commit-message: + prefix: "feat" + include: "scope" + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "daily" + time: "08:00" + labels: + - "dependencies" + commit-message: + prefix: "feat" + include: "scope" \ No newline at end of file diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml new file mode 100644 index 0000000..2a0963c --- /dev/null +++ b/.github/workflows/docker-image.yml @@ -0,0 +1,138 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Publish Docker Image + +on: + push: + branches: + - '**' + +jobs: + push_to_registries: + name: Push Docker image to multiple registries + runs-on: ubuntu-latest + permissions: + packages: write + contents: read + steps: + - + name: Check out the repo + uses: actions/checkout@v3 + + - + name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v4 + with: + images: | + blacktop/elasticsearch + ghcr.io/${{ github.repository }} + + - + name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - + name: Docker Login + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - + name: Log in to the Container registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push Docker image (v1) + id: docker_build_1 + uses: docker/build-push-action@v3 + timeout-minutes: 20 + with: + context: ./1.7 + push: ${{ github.event_name != 'pull_request' }} + tags: | + blacktop/elasticsearch:1 + blacktop/elasticsearch:1.7 + blacktop/elasticsearch:1.7.6 + ghcr.io/blacktop/elasticsearch:1 + ghcr.io/blacktop/elasticsearch:1.7 + ghcr.io/blacktop/elasticsearch:1.7.6 + platforms: linux/amd64,linux/arm64 + labels: ${{ steps.meta.outputs.labels }} + + - name: Build and push Docker image (v6) + id: docker_build_6 + uses: docker/build-push-action@v3 + timeout-minutes: 20 + with: + context: ./6.8 + push: ${{ github.event_name != 'pull_request' }} + tags: | + blacktop/elasticsearch:6 + blacktop/elasticsearch:6.8 + blacktop/elasticsearch:6.8.23 + ghcr.io/blacktop/elasticsearch:6 + ghcr.io/blacktop/elasticsearch:6.8 + ghcr.io/blacktop/elasticsearch:6.8.23 + platforms: linux/amd64,linux/arm64 + labels: ${{ steps.meta.outputs.labels }} + + - name: Build and push Docker image (v7) + id: docker_build_7 + uses: docker/build-push-action@v3 + timeout-minutes: 20 + with: + context: ./7.17 + push: ${{ github.event_name != 'pull_request' }} + tags: | + blacktop/elasticsearch:7 + blacktop/elasticsearch:7.17 + blacktop/elasticsearch:7.17.2 + ghcr.io/blacktop/elasticsearch:7 + ghcr.io/blacktop/elasticsearch:7.17 + ghcr.io/blacktop/elasticsearch:7.17.2 + platforms: linux/amd64,linux/arm64 + labels: ${{ steps.meta.outputs.labels }} + + - name: Build and push Docker image (v8) + id: docker_build_8 + uses: docker/build-push-action@v3 + timeout-minutes: 20 + with: + context: ./8.1 + push: ${{ github.event_name != 'pull_request' }} + tags: | + blacktop/elasticsearch:latest + blacktop/elasticsearch:8 + blacktop/elasticsearch:8.1 + blacktop/elasticsearch:8.1.2 + ghcr.io/blacktop/elasticsearch:latest + ghcr.io/blacktop/elasticsearch:8 + ghcr.io/blacktop/elasticsearch:8.1 + ghcr.io/blacktop/elasticsearch:8.1.2 + platforms: linux/amd64,linux/arm64 + labels: ${{ steps.meta.outputs.labels }} + + # - name: Build and push Docker image (X-Pack) + # id: docker_build_x_pack + # uses: docker/build-push-action@v3 + # with: + # context: ./x-pack + # push: ${{ github.event_name != 'pull_request' }} + # tags: | + # blacktop/elasticsearch:x-pack + # blacktop/elasticsearch:x-pack-7 + # blacktop/elasticsearch:x-pack-7.15 + # blacktop/elasticsearch:x-pack-7.15.1 + # labels: ${{ steps.meta.outputs.labels }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..06d2b8c --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +build +*.tgz +*.bu + +.vagrant/ +.vscode/settings.json diff --git a/1.7/.dockerignore b/1.7/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/1.7/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/1.7/Dockerfile b/1.7/Dockerfile new file mode 100644 index 0000000..e83b54c --- /dev/null +++ b/1.7/Dockerfile @@ -0,0 +1,41 @@ +FROM alpine:3.14 + +MAINTAINER blacktop, https://github.com/blacktop + +RUN apk add --no-cache openjdk8-jre-base tini su-exec + +ENV ELASTIC 1.7.6 + +RUN apk add --no-cache -t build-deps wget ca-certificates \ + && cd /tmp \ + && wget -O elasticsearch-$ELASTIC.tar.gz https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-$ELASTIC.tar.gz \ + && tar -xzf elasticsearch-$ELASTIC.tar.gz \ + && mv elasticsearch-$ELASTIC /usr/share/elasticsearch \ + && adduser -DH -s /sbin/nologin elasticsearch \ + && echo "Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + done \ + && chown -R elasticsearch:elasticsearch /usr/share/elasticsearch \ + && rm -rf /tmp/* \ + && apk del --purge build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / + +ENV PATH /usr/share/elasticsearch/bin:$PATH + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 + +ENTRYPOINT ["/elastic-entrypoint.sh"] + +CMD ["elasticsearch"] diff --git a/1.7/VERSION b/1.7/VERSION new file mode 100644 index 0000000..d3bdbdf --- /dev/null +++ b/1.7/VERSION @@ -0,0 +1 @@ +1.7 diff --git a/1.7/config/elastic/elasticsearch.yml b/1.7/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..677c536 --- /dev/null +++ b/1.7/config/elastic/elasticsearch.yml @@ -0,0 +1,6 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +bootstrap.ignore_system_bootstrap_checks: true diff --git a/1.7/config/elastic/logging.yml b/1.7/config/elastic/logging.yml new file mode 100644 index 0000000..c2681ac --- /dev/null +++ b/1.7/config/elastic/logging.yml @@ -0,0 +1,15 @@ +# you can override this using by setting a system property, for example -Des.logger.level=DEBUG +es.logger.level: INFO +rootLogger: ${es.logger.level}, console +logger: + # log action execution errors for easier debugging + action: DEBUG + # reduce the logging for aws, too much is logged under the default INFO + com.amazonaws: WARN + +appender: + console: + type: console + layout: + type: consolePattern + conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" diff --git a/1.7/config/logrotate b/1.7/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/1.7/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/1.7/elastic-entrypoint.sh b/1.7/elastic-entrypoint.sh new file mode 100644 index 0000000..22e33b6 --- /dev/null +++ b/1.7/elastic-entrypoint.sh @@ -0,0 +1,78 @@ +#!/bin/sh + +set -e + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of /usr/share/elasticsearch/data to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + + set -- su-exec elasticsearch tini -- "$@" + #exec su-exec elasticsearch "$BASH_SOURCE" "$@" +fi + +if [ "$1" = 'kopf' -a "$(id -u)" = '0' ]; then + # Install kopf plugin + plugin install lmenezes/elasticsearch-kopf/v2.1.1 + + # Change the ownership of /usr/share/elasticsearch/data to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + + set -- su-exec elasticsearch tini -- elasticsearch + #exec su-exec elasticsearch "$BASH_SOURCE" "$@" +fi + +if [ "$1" = 'master' -a "$(id -u)" = '0' ]; then + # Change node into a master node + echo "node.master: true" >> /usr/share/elasticsearch/config/elasticsearch.yml + echo "node.client: false" >> /usr/share/elasticsearch/config/elasticsearch.yml + echo "node.data: false" >> /usr/share/elasticsearch/config/elasticsearch.yml + + # Change the ownership of /usr/share/elasticsearch/data to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + + set -- su-exec elasticsearch tini -- elasticsearch + #exec su-exec elasticsearch "$BASH_SOURCE" "$@" +fi + +if [ "$1" = 'client' -a "$(id -u)" = '0' ]; then + # Change node into a client node + echo "node.master: false" >> /usr/share/elasticsearch/config/elasticsearch.yml + echo "node.client: true" >> /usr/share/elasticsearch/config/elasticsearch.yml + echo "node.data: false" >> /usr/share/elasticsearch/config/elasticsearch.yml + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> /usr/share/elasticsearch/config/elasticsearch.yml + + # Install kopf plugin + plugin install lmenezes/elasticsearch-kopf/v2.1.1 + + # Change the ownership of /usr/share/elasticsearch/data to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + + set -- su-exec elasticsearch tini -- elasticsearch + #exec su-exec elasticsearch "$BASH_SOURCE" "$@" +fi + +if [ "$1" = 'data' -a "$(id -u)" = '0' ]; then + # Change node into a data node + echo "node.master: false" >> /usr/share/elasticsearch/config/elasticsearch.yml + echo "node.client: false" >> /usr/share/elasticsearch/config/elasticsearch.yml + echo "node.data: true" >> /usr/share/elasticsearch/config/elasticsearch.yml + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> /usr/share/elasticsearch/config/elasticsearch.yml + + # Change the ownership of /usr/share/elasticsearch/data to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + + set -- su-exec elasticsearch tini -- elasticsearch + #exec su-exec elasticsearch "$BASH_SOURCE" "$@" +fi + +# As argument is not related to elasticsearch, +# then assume that user wants to run his own process, +# for example a `bash` shell to explore this image +exec "$@" diff --git a/2.3/.dockerignore b/2.3/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/2.3/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/2.3/Dockerfile b/2.3/Dockerfile new file mode 100644 index 0000000..30934e1 --- /dev/null +++ b/2.3/Dockerfile @@ -0,0 +1,41 @@ +FROM gliderlabs/alpine:3.4 + +MAINTAINER blacktop, https://github.com/blacktop + +RUN apk-install openjdk8-jre tini su-exec + +ENV ELASTIC 2.3.5 + +RUN apk-install -t build-deps wget ca-certificates \ + && cd /tmp \ + && wget -O elasticsearch-$ELASTIC.tar.gz https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/$ELASTIC/elasticsearch-$ELASTIC.tar.gz \ + && tar -xzf elasticsearch-$ELASTIC.tar.gz \ + && mv elasticsearch-$ELASTIC /usr/share/elasticsearch \ + && adduser -DH -s /sbin/nologin elasticsearch \ + && echo "Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + done \ + && chown -R elasticsearch:elasticsearch /usr/share/elasticsearch \ + && rm -rf /tmp/* \ + && apk del --purge build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / + +ENV PATH /usr/share/elasticsearch/bin:$PATH + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 + +ENTRYPOINT ["/elastic-entrypoint.sh"] + +CMD ["elasticsearch"] diff --git a/2.3/VERSION b/2.3/VERSION new file mode 100644 index 0000000..bb576db --- /dev/null +++ b/2.3/VERSION @@ -0,0 +1 @@ +2.3 diff --git a/2.3/config/elastic/elasticsearch.yml b/2.3/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..9520d0c --- /dev/null +++ b/2.3/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +bootstrap.ignore_system_bootstrap_checks: true + +node.master: true +node.client: true +node.data: true diff --git a/2.3/config/elastic/logging.yml b/2.3/config/elastic/logging.yml new file mode 100644 index 0000000..c2681ac --- /dev/null +++ b/2.3/config/elastic/logging.yml @@ -0,0 +1,15 @@ +# you can override this using by setting a system property, for example -Des.logger.level=DEBUG +es.logger.level: INFO +rootLogger: ${es.logger.level}, console +logger: + # log action execution errors for easier debugging + action: DEBUG + # reduce the logging for aws, too much is logged under the default INFO + com.amazonaws: WARN + +appender: + console: + type: console + layout: + type: consolePattern + conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" diff --git a/2.3/config/logrotate b/2.3/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/2.3/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/2.3/elastic-entrypoint.sh b/2.3/elastic-entrypoint.sh new file mode 100644 index 0000000..62456ad --- /dev/null +++ b/2.3/elastic-entrypoint.sh @@ -0,0 +1,97 @@ +#!/bin/sh + +set -e + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +################################################ +# = MASTER NODE = # +################################################ +if [ "$1" = 'master' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + + # Drop root privileges if we are running elasticsearch + # allow the container to be started with `--user` + if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" + fi + + set -- su-exec elasticsearch /sbin/tini -- elasticsearch +fi + +################################################ +# = CLIENT NODE = # +################################################ +if [ "$1" = 'client' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.client:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Drop root privileges if we are running elasticsearch + # allow the container to be started with `--user` + if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" + fi + + set -- su-exec elasticsearch /sbin/tini -- elasticsearch +fi + +################################################ +# = DATA NODE = # +################################################ +if [ "$1" = 'data' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'true'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Drop root privileges if we are running elasticsearch + # allow the container to be started with `--user` + if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" + fi + + set -- su-exec elasticsearch /sbin/tini -- elasticsearch +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" +fi + +exec "$@" diff --git a/2.4/.dockerignore b/2.4/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/2.4/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/2.4/Dockerfile b/2.4/Dockerfile new file mode 100644 index 0000000..e9a0983 --- /dev/null +++ b/2.4/Dockerfile @@ -0,0 +1,66 @@ +FROM alpine:3.5 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre tini su-exec + +ENV ES_VERSION 2.4.4 + +ENV DOWNLOAD_URL "https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution" +ENV ES_TARBAL "${DOWNLOAD_URL}/tar/elasticsearch/${ES_VERSION}/elasticsearch-${ES_VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/tar/elasticsearch/${ES_VERSION}/elasticsearch-${ES_VERSION}.tar.gz.asc" +ENV SHA1_URL "${DOWNLOAD_URL}/tar/elasticsearch/${ES_VERSION}/elasticsearch-${ES_VERSION}.tar.gz.sha1" +ENV ES_TARBALL_SHA1 "cdb5068d1baa07388e522c3bc04cca38aa8f3048" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && EXPECTED_SHA=$(wget -O - ${SHA1_URL}) \ + && wget -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA1" ]; then \ + echo "$ES_TARBALL_SHA1 *elasticsearch.tar.gz" | sha1sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY"; \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -r "$GNUPGHOME" elasticsearch.tar.gz.asc; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$ES_VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK \ +# CMD ["docker-healthcheck"] diff --git a/2.4/VERSION b/2.4/VERSION new file mode 100644 index 0000000..6b4950e --- /dev/null +++ b/2.4/VERSION @@ -0,0 +1 @@ +2.4 diff --git a/2.4/config/elastic/elasticsearch.yml b/2.4/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..d301713 --- /dev/null +++ b/2.4/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +bootstrap.ignore_system_bootstrap_checks: true + +# node.master: true +# node.client: true +# node.data: true diff --git a/2.4/config/elastic/logging.yml b/2.4/config/elastic/logging.yml new file mode 100644 index 0000000..c2681ac --- /dev/null +++ b/2.4/config/elastic/logging.yml @@ -0,0 +1,15 @@ +# you can override this using by setting a system property, for example -Des.logger.level=DEBUG +es.logger.level: INFO +rootLogger: ${es.logger.level}, console +logger: + # log action execution errors for easier debugging + action: DEBUG + # reduce the logging for aws, too much is logged under the default INFO + com.amazonaws: WARN + +appender: + console: + type: console + layout: + type: consolePattern + conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" diff --git a/2.4/config/logrotate b/2.4/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/2.4/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/2.4/docker-healthcheck b/2.4/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/2.4/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/2.4/elastic-entrypoint.sh b/2.4/elastic-entrypoint.sh new file mode 100644 index 0000000..e34fc02 --- /dev/null +++ b/2.4/elastic-entrypoint.sh @@ -0,0 +1,97 @@ +#!/bin/sh + +set -e + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +################################################ +# = MASTER NODE = # +################################################ +if [ "$1" = 'master' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.client:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + + # Drop root privileges if we are running elasticsearch + # allow the container to be started with `--user` + if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" + fi + + set -- su-exec elasticsearch /sbin/tini -- elasticsearch +fi + +################################################ +# = CLIENT NODE = # +################################################ +if [ "$1" = 'client' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.client:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Drop root privileges if we are running elasticsearch + # allow the container to be started with `--user` + if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" + fi + + set -- su-exec elasticsearch /sbin/tini -- elasticsearch +fi + +################################################ +# = DATA NODE = # +################################################ +if [ "$1" = 'data' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.client:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'true'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Drop root privileges if we are running elasticsearch + # allow the container to be started with `--user` + if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" + fi + + set -- su-exec elasticsearch /sbin/tini -- elasticsearch +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" +fi + +exec "$@" diff --git a/5.0/.dockerignore b/5.0/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/5.0/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/5.0/Dockerfile b/5.0/Dockerfile new file mode 100644 index 0000000..3bf4567 --- /dev/null +++ b/5.0/Dockerfile @@ -0,0 +1,45 @@ +FROM gliderlabs/alpine:3.4 + +MAINTAINER blacktop, https://github.com/blacktop + +RUN apk-install openjdk8-jre tini su-exec + +ENV ELASTIC 5.0.2 + +RUN apk-install bash +RUN apk-install -t build-deps wget ca-certificates \ + && cd /tmp \ + && wget -O elasticsearch-$ELASTIC.tar.gz https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-$ELASTIC.tar.gz \ + && tar -xzf elasticsearch-$ELASTIC.tar.gz \ + && mv elasticsearch-$ELASTIC /usr/share/elasticsearch \ + && adduser -DH -s /sbin/nologin elasticsearch \ + && echo "Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + done \ + && chown -R elasticsearch:elasticsearch /usr/share/elasticsearch \ + && rm -rf /tmp/* \ + && apk del --purge build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/5.0/VERSION b/5.0/VERSION new file mode 100644 index 0000000..819e07a --- /dev/null +++ b/5.0/VERSION @@ -0,0 +1 @@ +5.0 diff --git a/5.0/config/elastic/elasticsearch.yml b/5.0/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..49d6d5d --- /dev/null +++ b/5.0/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true diff --git a/5.0/config/elastic/log4j2.properties b/5.0/config/elastic/log4j2.properties new file mode 100644 index 0000000..46877d0 --- /dev/null +++ b/5.0/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/5.0/config/logrotate b/5.0/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/5.0/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/5.0/docker-healthcheck b/5.0/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/5.0/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/5.0/elastic-entrypoint.sh b/5.0/elastic-entrypoint.sh new file mode 100644 index 0000000..fb98235 --- /dev/null +++ b/5.0/elastic-entrypoint.sh @@ -0,0 +1,97 @@ +#!/bin/sh + +set -e + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +################################################ +# = MASTER NODE = # +################################################ +if [ "$1" = 'master' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + + # Drop root privileges if we are running elasticsearch + # allow the container to be started with `--user` + if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" + fi + + set -- su-exec elasticsearch /sbin/tini -- elasticsearch +fi + +################################################ +# = INGEST NODE = # +################################################ +if [ "$1" = 'ingest' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Drop root privileges if we are running elasticsearch + # allow the container to be started with `--user` + if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" + fi + + set -- su-exec elasticsearch /sbin/tini -- elasticsearch +fi + +################################################ +# = DATA NODE = # +################################################ +if [ "$1" = 'data' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'true'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Drop root privileges if we are running elasticsearch + # allow the container to be started with `--user` + if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" + fi + + set -- su-exec elasticsearch /sbin/tini -- elasticsearch +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" +fi + +exec "$@" diff --git a/5.2/.dockerignore b/5.2/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/5.2/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/5.2/Dockerfile b/5.2/Dockerfile new file mode 100644 index 0000000..88674d9 --- /dev/null +++ b/5.2/Dockerfile @@ -0,0 +1,63 @@ +FROM gliderlabs/alpine:3.4 + +MAINTAINER blacktop, https://github.com/blacktop + +RUN apk-install openjdk8-jre tini su-exec + +ENV ES_VERSION 5.2.2 + +ENV ELASTICSEARCH_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${ELASTICSEARCH_URL}/elasticsearch-${ES_VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${ELASTICSEARCH_URL}/elasticsearch-${ES_VERSION}.tar.gz.asc" +ENV ES_TARBALL_SHA1 "7351cd29ac9c20592d94bde950f513b5c5bb44d3" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk-install bash +RUN apk-install -t .build-deps wget ca-certificates gnupg openssl \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA1" ]; then \ + echo "$ES_TARBALL_SHA1 *elasticsearch.tar.gz" | sha1sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY"; \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -r "$GNUPGHOME" elasticsearch.tar.gz.asc; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$ES_VERSION /usr/share/elasticsearch \ + && adduser -DH -s /sbin/nologin elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + done \ + && chown -R elasticsearch:elasticsearch /usr/share/elasticsearch \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/5.2/VERSION b/5.2/VERSION new file mode 100644 index 0000000..ef425ca --- /dev/null +++ b/5.2/VERSION @@ -0,0 +1 @@ +5.2 diff --git a/5.2/config/elastic/elasticsearch.yml b/5.2/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..49d6d5d --- /dev/null +++ b/5.2/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true diff --git a/5.2/config/elastic/log4j2.properties b/5.2/config/elastic/log4j2.properties new file mode 100644 index 0000000..46877d0 --- /dev/null +++ b/5.2/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/5.2/config/logrotate b/5.2/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/5.2/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/5.2/docker-healthcheck b/5.2/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/5.2/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/5.2/elastic-entrypoint.sh b/5.2/elastic-entrypoint.sh new file mode 100644 index 0000000..fb98235 --- /dev/null +++ b/5.2/elastic-entrypoint.sh @@ -0,0 +1,97 @@ +#!/bin/sh + +set -e + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +################################################ +# = MASTER NODE = # +################################################ +if [ "$1" = 'master' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + + # Drop root privileges if we are running elasticsearch + # allow the container to be started with `--user` + if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" + fi + + set -- su-exec elasticsearch /sbin/tini -- elasticsearch +fi + +################################################ +# = INGEST NODE = # +################################################ +if [ "$1" = 'ingest' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Drop root privileges if we are running elasticsearch + # allow the container to be started with `--user` + if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" + fi + + set -- su-exec elasticsearch /sbin/tini -- elasticsearch +fi + +################################################ +# = DATA NODE = # +################################################ +if [ "$1" = 'data' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'true'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Drop root privileges if we are running elasticsearch + # allow the container to be started with `--user` + if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" + fi + + set -- su-exec elasticsearch /sbin/tini -- elasticsearch +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" +fi + +exec "$@" diff --git a/5.3/.dockerignore b/5.3/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/5.3/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/5.3/Dockerfile b/5.3/Dockerfile new file mode 100644 index 0000000..de8f665 --- /dev/null +++ b/5.3/Dockerfile @@ -0,0 +1,65 @@ +FROM alpine:3.5 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre tini su-exec + +ENV ES_VERSION 5.3.3 + +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-${ES_VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-${ES_VERSION}.tar.gz.asc" +ENV SHA1_URL "${DOWNLOAD_URL}/elasticsearch-${ES_VERSION}.tar.gz.sha1" +ENV ES_TARBALL_SHA1 "9273fdecb2251755887f1234d6cfcc91e44a384d" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && EXPECTED_SHA=$(wget -O - ${SHA1_URL}) \ + && wget -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA1" ]; then \ + echo "$ES_TARBALL_SHA1 *elasticsearch.tar.gz" | sha1sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY"; \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -r "$GNUPGHOME" elasticsearch.tar.gz.asc; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$ES_VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/5.3/VERSION b/5.3/VERSION new file mode 100644 index 0000000..d346e2a --- /dev/null +++ b/5.3/VERSION @@ -0,0 +1 @@ +5.3 diff --git a/5.3/config/elastic/elasticsearch.yml b/5.3/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..49d6d5d --- /dev/null +++ b/5.3/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true diff --git a/5.3/config/elastic/log4j2.properties b/5.3/config/elastic/log4j2.properties new file mode 100644 index 0000000..46877d0 --- /dev/null +++ b/5.3/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/5.3/config/logrotate b/5.3/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/5.3/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/5.3/docker-healthcheck b/5.3/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/5.3/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/5.3/elastic-entrypoint.sh b/5.3/elastic-entrypoint.sh new file mode 100644 index 0000000..316497f --- /dev/null +++ b/5.3/elastic-entrypoint.sh @@ -0,0 +1,96 @@ +#!/bin/bash + +set -e + +es_opts='' + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z]+\.[a-z]+ ]] + then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=" ${es_opt}" + fi + fi +done < <(env) + +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" ${es_opts} +fi + +################################################ +# = MASTER NODE = # +################################################ +if [ "$1" = 'master' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +################################################ +# = INGEST NODE = # +################################################ +if [ "$1" = 'ingest' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +################################################ +# = DATA NODE = # +################################################ +if [ "$1" = 'data' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'true'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} + +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +exec "$@" diff --git a/5.4/.dockerignore b/5.4/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/5.4/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/5.4/Dockerfile b/5.4/Dockerfile new file mode 100644 index 0000000..4d356b7 --- /dev/null +++ b/5.4/Dockerfile @@ -0,0 +1,65 @@ +FROM alpine:3.5 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre tini su-exec + +ENV ES_VERSION 5.4.3 + +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-${ES_VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-${ES_VERSION}.tar.gz.asc" +ENV SHA1_URL "${DOWNLOAD_URL}/elasticsearch-${ES_VERSION}.tar.gz.sha1" +ENV ES_TARBALL_SHA1 "9273fdecb2251755887f1234d6cfcc91e44a384d" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && EXPECTED_SHA=$(wget -O - ${SHA1_URL}) \ + && wget -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA1" ]; then \ + echo "$ES_TARBALL_SHA1 *elasticsearch.tar.gz" | sha1sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY"; \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -r "$GNUPGHOME" elasticsearch.tar.gz.asc; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$ES_VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/5.4/VERSION b/5.4/VERSION new file mode 100644 index 0000000..37c2d99 --- /dev/null +++ b/5.4/VERSION @@ -0,0 +1 @@ +5.4 diff --git a/5.4/config/elastic/elasticsearch.yml b/5.4/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..49d6d5d --- /dev/null +++ b/5.4/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true diff --git a/5.4/config/elastic/log4j2.properties b/5.4/config/elastic/log4j2.properties new file mode 100644 index 0000000..46877d0 --- /dev/null +++ b/5.4/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/5.4/config/logrotate b/5.4/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/5.4/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/5.4/docker-healthcheck b/5.4/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/5.4/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/5.4/elastic-entrypoint.sh b/5.4/elastic-entrypoint.sh new file mode 100644 index 0000000..316497f --- /dev/null +++ b/5.4/elastic-entrypoint.sh @@ -0,0 +1,96 @@ +#!/bin/bash + +set -e + +es_opts='' + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z]+\.[a-z]+ ]] + then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=" ${es_opt}" + fi + fi +done < <(env) + +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" ${es_opts} +fi + +################################################ +# = MASTER NODE = # +################################################ +if [ "$1" = 'master' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +################################################ +# = INGEST NODE = # +################################################ +if [ "$1" = 'ingest' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +################################################ +# = DATA NODE = # +################################################ +if [ "$1" = 'data' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'true'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} + +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +exec "$@" diff --git a/5.5/.dockerignore b/5.5/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/5.5/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/5.5/Dockerfile b/5.5/Dockerfile new file mode 100644 index 0000000..1bbbadd --- /dev/null +++ b/5.5/Dockerfile @@ -0,0 +1,65 @@ +FROM alpine:3.6 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre tini su-exec + +ENV ES_VERSION 5.5.3 + +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-${ES_VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-${ES_VERSION}.tar.gz.asc" +ENV SHA1_URL "${DOWNLOAD_URL}/elasticsearch-${ES_VERSION}.tar.gz.sha1" +ENV ES_TARBALL_SHA1 "81af33ec3ae08a5294133ade331de8e6aa0b146a" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && EXPECTED_SHA=$(wget -O - ${SHA1_URL}) \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA1" ]; then \ + echo "$ES_TARBALL_SHA1 *elasticsearch.tar.gz" | sha1sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY"; \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -r "$GNUPGHOME" elasticsearch.tar.gz.asc; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$ES_VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/5.5/VERSION b/5.5/VERSION new file mode 100644 index 0000000..9ad974f --- /dev/null +++ b/5.5/VERSION @@ -0,0 +1 @@ +5.5 diff --git a/5.5/config/elastic/elasticsearch.yml b/5.5/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..49d6d5d --- /dev/null +++ b/5.5/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true diff --git a/5.5/config/elastic/log4j2.properties b/5.5/config/elastic/log4j2.properties new file mode 100644 index 0000000..46877d0 --- /dev/null +++ b/5.5/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/5.5/config/logrotate b/5.5/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/5.5/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/5.5/docker-healthcheck b/5.5/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/5.5/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/5.5/elastic-entrypoint.sh b/5.5/elastic-entrypoint.sh new file mode 100644 index 0000000..316497f --- /dev/null +++ b/5.5/elastic-entrypoint.sh @@ -0,0 +1,96 @@ +#!/bin/bash + +set -e + +es_opts='' + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z]+\.[a-z]+ ]] + then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=" ${es_opt}" + fi + fi +done < <(env) + +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" ${es_opts} +fi + +################################################ +# = MASTER NODE = # +################################################ +if [ "$1" = 'master' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +################################################ +# = INGEST NODE = # +################################################ +if [ "$1" = 'ingest' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +################################################ +# = DATA NODE = # +################################################ +if [ "$1" = 'data' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'true'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} + +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +exec "$@" diff --git a/5.6/.dockerignore b/5.6/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/5.6/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/5.6/Dockerfile b/5.6/Dockerfile new file mode 100644 index 0000000..c4f585d --- /dev/null +++ b/5.6/Dockerfile @@ -0,0 +1,66 @@ +FROM alpine:3.8 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre su-exec + +ENV VERSION 5.6.16 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-${VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-${VERSION}.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-${VERSION}.tar.gz.sha512" +ENV ES_TARBALL_SHA "cc831e50ce311366484c47cf9fead9bd6562035132e6fd29508e78776dd71846c713d8d1e7a0a99338df46cad124149fb5d767e0ae0bbbed0b50153e234f2631" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/5.6/VERSION b/5.6/VERSION new file mode 100644 index 0000000..2df33d7 --- /dev/null +++ b/5.6/VERSION @@ -0,0 +1 @@ +5.6 diff --git a/5.6/config/elastic/elasticsearch.yml b/5.6/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..49d6d5d --- /dev/null +++ b/5.6/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true diff --git a/5.6/config/elastic/log4j2.properties b/5.6/config/elastic/log4j2.properties new file mode 100644 index 0000000..46877d0 --- /dev/null +++ b/5.6/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/5.6/config/logrotate b/5.6/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/5.6/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/5.6/docker-healthcheck b/5.6/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/5.6/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/5.6/elastic-entrypoint.sh b/5.6/elastic-entrypoint.sh new file mode 100644 index 0000000..a290a96 --- /dev/null +++ b/5.6/elastic-entrypoint.sh @@ -0,0 +1,99 @@ +#!/bin/bash + +set -e + +# Files created by Elasticsearch should always be group writable too +umask 0002 + +es_opts='' + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z]+\.[a-z]+ ]] + then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=" ${es_opt}" + fi + fi +done < <(env) + +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" ${es_opts} +fi + +################################################ +# = MASTER NODE = # +################################################ +if [ "$1" = 'master' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +################################################ +# = INGEST NODE = # +################################################ +if [ "$1" = 'ingest' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +################################################ +# = DATA NODE = # +################################################ +if [ "$1" = 'data' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'true'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} + +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +exec "$@" diff --git a/5.6/hooks/post_push b/5.6/hooks/post_push new file mode 100644 index 0000000..bdfc0a6 --- /dev/null +++ b/5.6/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION 5) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/6.0/.dockerignore b/6.0/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/6.0/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/6.0/Dockerfile b/6.0/Dockerfile new file mode 100644 index 0000000..68c07f8 --- /dev/null +++ b/6.0/Dockerfile @@ -0,0 +1,66 @@ +FROM alpine:3.7 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre su-exec + +ENV VERSION 6.0.1 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-${VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-${VERSION}.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-${VERSION}.tar.gz.sha512" +ENV ES_TARBALL_SHA "" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/6.0/VERSION b/6.0/VERSION new file mode 100644 index 0000000..37c2d99 --- /dev/null +++ b/6.0/VERSION @@ -0,0 +1 @@ +5.4 diff --git a/6.0/config/elastic/elasticsearch.yml b/6.0/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..49d6d5d --- /dev/null +++ b/6.0/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true diff --git a/6.0/config/elastic/log4j2.properties b/6.0/config/elastic/log4j2.properties new file mode 100644 index 0000000..46877d0 --- /dev/null +++ b/6.0/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/6.0/config/logrotate b/6.0/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/6.0/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/6.0/docker-healthcheck b/6.0/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/6.0/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/6.0/elastic-entrypoint.sh b/6.0/elastic-entrypoint.sh new file mode 100644 index 0000000..316497f --- /dev/null +++ b/6.0/elastic-entrypoint.sh @@ -0,0 +1,96 @@ +#!/bin/bash + +set -e + +es_opts='' + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z]+\.[a-z]+ ]] + then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=" ${es_opt}" + fi + fi +done < <(env) + +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" ${es_opts} +fi + +################################################ +# = MASTER NODE = # +################################################ +if [ "$1" = 'master' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +################################################ +# = INGEST NODE = # +################################################ +if [ "$1" = 'ingest' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +################################################ +# = DATA NODE = # +################################################ +if [ "$1" = 'data' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'true'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} + +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +exec "$@" diff --git a/6.0/hooks/post_push b/6.0/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/6.0/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/6.1/.dockerignore b/6.1/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/6.1/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/6.1/Dockerfile b/6.1/Dockerfile new file mode 100644 index 0000000..ea94cf8 --- /dev/null +++ b/6.1/Dockerfile @@ -0,0 +1,66 @@ +FROM alpine:3.7 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre su-exec + +ENV VERSION 6.1.4 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-${VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-${VERSION}.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-${VERSION}.tar.gz.sha512" +ENV ES_TARBALL_SHA "" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/6.1/config/elastic/elasticsearch.yml b/6.1/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..49d6d5d --- /dev/null +++ b/6.1/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true diff --git a/6.1/config/elastic/log4j2.properties b/6.1/config/elastic/log4j2.properties new file mode 100644 index 0000000..46877d0 --- /dev/null +++ b/6.1/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/6.1/config/logrotate b/6.1/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/6.1/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/6.1/docker-healthcheck b/6.1/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/6.1/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/6.1/elastic-entrypoint.sh b/6.1/elastic-entrypoint.sh new file mode 100644 index 0000000..316497f --- /dev/null +++ b/6.1/elastic-entrypoint.sh @@ -0,0 +1,96 @@ +#!/bin/bash + +set -e + +es_opts='' + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z]+\.[a-z]+ ]] + then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=" ${es_opt}" + fi + fi +done < <(env) + +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" ${es_opts} +fi + +################################################ +# = MASTER NODE = # +################################################ +if [ "$1" = 'master' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +################################################ +# = INGEST NODE = # +################################################ +if [ "$1" = 'ingest' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +################################################ +# = DATA NODE = # +################################################ +if [ "$1" = 'data' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.ingest:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'true'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} + +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" ${es_opts} +fi + +exec "$@" diff --git a/6.1/hooks/post_push b/6.1/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/6.1/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/6.2/.dockerignore b/6.2/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/6.2/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/6.2/Dockerfile b/6.2/Dockerfile new file mode 100644 index 0000000..5a7dda0 --- /dev/null +++ b/6.2/Dockerfile @@ -0,0 +1,68 @@ +FROM alpine:3.7 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre su-exec + +ENV VERSION 6.2.4 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-${VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-${VERSION}.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-${VERSION}.tar.gz.sha512" +ENV ES_TARBALL_SHA "" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/6.2/config/elastic/elasticsearch.yml b/6.2/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..49d6d5d --- /dev/null +++ b/6.2/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true diff --git a/6.2/config/elastic/log4j2.properties b/6.2/config/elastic/log4j2.properties new file mode 100644 index 0000000..46877d0 --- /dev/null +++ b/6.2/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/6.2/config/logrotate b/6.2/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/6.2/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/6.2/docker-healthcheck b/6.2/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/6.2/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/6.2/elastic-entrypoint.sh b/6.2/elastic-entrypoint.sh new file mode 100644 index 0000000..da48c19 --- /dev/null +++ b/6.2/elastic-entrypoint.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/6.2/hooks/post_push b/6.2/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/6.2/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/6.3/.dockerignore b/6.3/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/6.3/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/6.3/Dockerfile b/6.3/Dockerfile new file mode 100644 index 0000000..636d8b3 --- /dev/null +++ b/6.3/Dockerfile @@ -0,0 +1,68 @@ +FROM alpine:3.7 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre su-exec + +ENV VERSION 6.3.2 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz.sha512" +ENV ES_TARBALL_SHA "3c51a860414f7e55900b1d9a350bdbc3e673c8445e316454c2480315b4b9fc08df58090c6281cecc3ae63d12d78d6bd58e228b3371aa325db799ce18758a21f4" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" +# https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.3.0.zip +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/6.3/config/elastic/elasticsearch.yml b/6.3/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..49d6d5d --- /dev/null +++ b/6.3/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true diff --git a/6.3/config/elastic/log4j2.properties b/6.3/config/elastic/log4j2.properties new file mode 100644 index 0000000..46877d0 --- /dev/null +++ b/6.3/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/6.3/config/logrotate b/6.3/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/6.3/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/6.3/docker-healthcheck b/6.3/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/6.3/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/6.3/elastic-entrypoint.sh b/6.3/elastic-entrypoint.sh new file mode 100644 index 0000000..da48c19 --- /dev/null +++ b/6.3/elastic-entrypoint.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/6.3/hooks/post_push b/6.3/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/6.3/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/6.4/.dockerignore b/6.4/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/6.4/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/6.4/Dockerfile b/6.4/Dockerfile new file mode 100644 index 0000000..377df3e --- /dev/null +++ b/6.4/Dockerfile @@ -0,0 +1,68 @@ +FROM alpine:3.8 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre su-exec + +ENV VERSION 6.4.3 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz.sha512" +ENV ES_TARBALL_SHA "b1147baa95119a8a96779125351358b4c62f2a546b65a9750c11d1d1b9270f06db6da8ff1d9ad11efade1eaea8487087e2d8839b0edfc5da6d9b54da6c6df4e7" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" +# https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.3.0.zip +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/6.4/config/elastic/elasticsearch.yml b/6.4/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..49d6d5d --- /dev/null +++ b/6.4/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true diff --git a/6.4/config/elastic/log4j2.properties b/6.4/config/elastic/log4j2.properties new file mode 100644 index 0000000..46877d0 --- /dev/null +++ b/6.4/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/6.4/config/logrotate b/6.4/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/6.4/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/6.4/docker-healthcheck b/6.4/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/6.4/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/6.4/elastic-entrypoint.sh b/6.4/elastic-entrypoint.sh new file mode 100644 index 0000000..da48c19 --- /dev/null +++ b/6.4/elastic-entrypoint.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/6.4/hooks/post_push b/6.4/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/6.4/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/6.5/.dockerignore b/6.5/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/6.5/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/6.5/Dockerfile b/6.5/Dockerfile new file mode 100644 index 0000000..4689d7f --- /dev/null +++ b/6.5/Dockerfile @@ -0,0 +1,68 @@ +FROM alpine:3.8 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre su-exec + +ENV VERSION 6.5.4 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz.sha512" +ENV ES_TARBALL_SHA "1835aa2862104d328deb5bfcdbbab5d121cd8dff883b7f56f14cc4dadb88c7560b688ac21fb51e0d086b6ed07e0345f26de91c2887253b40abf23c4d5e37e197" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" +# https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.3.0.zip +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/6.5/config/elastic/elasticsearch.yml b/6.5/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..49d6d5d --- /dev/null +++ b/6.5/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true diff --git a/6.5/config/elastic/log4j2.properties b/6.5/config/elastic/log4j2.properties new file mode 100644 index 0000000..46877d0 --- /dev/null +++ b/6.5/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/6.5/config/logrotate b/6.5/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/6.5/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/6.5/docker-healthcheck b/6.5/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/6.5/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/6.5/elastic-entrypoint.sh b/6.5/elastic-entrypoint.sh new file mode 100644 index 0000000..da48c19 --- /dev/null +++ b/6.5/elastic-entrypoint.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/6.5/hooks/post_push b/6.5/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/6.5/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/6.6/.dockerignore b/6.6/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/6.6/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/6.6/Dockerfile b/6.6/Dockerfile new file mode 100644 index 0000000..faa77a4 --- /dev/null +++ b/6.6/Dockerfile @@ -0,0 +1,69 @@ +FROM alpine:3.9 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre su-exec + +ENV VERSION 6.6.2 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz.sha512" +ENV ES_TARBALL_SHA "1977a0bd2a822968271f0430e72a17ab3a3f50855b59009d571170cf6ddd31a9811c7857851c596fde28124c803e0a2dedfa1db8257e6802912b0bf23c2cd21c" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" +# https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.3.0.zip +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/6.6/config/elastic/elasticsearch.yml b/6.6/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..49d6d5d --- /dev/null +++ b/6.6/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true diff --git a/6.6/config/elastic/log4j2.properties b/6.6/config/elastic/log4j2.properties new file mode 100644 index 0000000..46877d0 --- /dev/null +++ b/6.6/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/6.6/config/logrotate b/6.6/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/6.6/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/6.6/docker-healthcheck b/6.6/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/6.6/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/6.6/elastic-entrypoint.sh b/6.6/elastic-entrypoint.sh new file mode 100644 index 0000000..da48c19 --- /dev/null +++ b/6.6/elastic-entrypoint.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/6.6/hooks/post_push b/6.6/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/6.6/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/6.7/.dockerignore b/6.7/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/6.7/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/6.7/Dockerfile b/6.7/Dockerfile new file mode 100644 index 0000000..c718177 --- /dev/null +++ b/6.7/Dockerfile @@ -0,0 +1,69 @@ +FROM alpine:3.9 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre su-exec + +ENV VERSION 6.7.2 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz.sha512" +ENV ES_TARBALL_SHA "2c81159ff2639d77d028114ef09c6cb9a4f0d1880268255812eb033cfddd9eb97afe8f468df8b1fb1f2910fb7b3d87a02eb6a248453fc2aa11e2c964f3f2cbcb" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" +# https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.3.0.zip +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/6.7/config/elastic/elasticsearch.yml b/6.7/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..49d6d5d --- /dev/null +++ b/6.7/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true diff --git a/6.7/config/elastic/log4j2.properties b/6.7/config/elastic/log4j2.properties new file mode 100644 index 0000000..46877d0 --- /dev/null +++ b/6.7/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/6.7/config/logrotate b/6.7/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/6.7/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/6.7/docker-healthcheck b/6.7/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/6.7/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/6.7/elastic-entrypoint.sh b/6.7/elastic-entrypoint.sh new file mode 100644 index 0000000..da48c19 --- /dev/null +++ b/6.7/elastic-entrypoint.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/6.7/hooks/post_push b/6.7/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/6.7/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/6.8/.dockerignore b/6.8/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/6.8/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/6.8/Dockerfile b/6.8/Dockerfile new file mode 100644 index 0000000..06ead3f --- /dev/null +++ b/6.8/Dockerfile @@ -0,0 +1,70 @@ +FROM alpine:3.14 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk11-jre-headless bash su-exec + +ENV VERSION 6.8.23 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}.tar.gz.sha512" +ENV ES_TARBALL_SHA "14dbb2809b06499373c3ec5035d829d62255c2c93103618fbfe3d7d03cecf8847f654e83c78f765f23224126ff18ed713b959857e8ecf435c475b11bcd143d3f" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" +ENV JAVA_HOME=/usr/lib/jvm/default-jvm \ + PATH=/usr/lib/jvm/default-jvm/bin:$PATH +# https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.3.0.zip +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$GPG_KEY" \ + || gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys "$GPG_KEY" \ + || gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/6.8/config/elastic/elasticsearch.yml b/6.8/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..49d6d5d --- /dev/null +++ b/6.8/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true diff --git a/6.8/config/elastic/jvm.options b/6.8/config/elastic/jvm.options new file mode 100644 index 0000000..9a9325a --- /dev/null +++ b/6.8/config/elastic/jvm.options @@ -0,0 +1,128 @@ +## JVM configuration + +################################################################ +## IMPORTANT: JVM heap size +################################################################ +## +## You should always set the min and max JVM heap +## size to the same value. For example, to set +## the heap to 4 GB, set: +## +## -Xms4g +## -Xmx4g +## +## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html +## for more information +## +################################################################ + +# Xms represents the initial size of total heap space +# Xmx represents the maximum size of total heap space + +-Xms1g +-Xmx1g + +################################################################ +## Expert settings +################################################################ +## +## All settings below this section are considered +## expert settings. Don't tamper with them unless +## you understand what you are doing +## +################################################################ + +## GC configuration +# 8-13:-XX:+UseConcMarkSweepGC +8-13:-XX:CMSInitiatingOccupancyFraction=75 +8-13:-XX:+UseCMSInitiatingOccupancyOnly + +## G1GC Configuration +# NOTE: G1 GC is only supported on JDK version 10 or later +# to use G1GC, uncomment the next two lines and update the version on the +# following three lines to your version of the JDK +# 10-13:-XX:-UseConcMarkSweepGC +# 10-13:-XX:-UseCMSInitiatingOccupancyOnly +14-:-XX:+UseG1GC +14-:-XX:G1ReservePercent=25 +14-:-XX:InitiatingHeapOccupancyPercent=30 + +## DNS cache policy +# cache ttl in seconds for positive DNS lookups noting that this overrides the +# JDK security property networkaddress.cache.ttl; set to -1 to cache forever +-Des.networkaddress.cache.ttl=60 +# cache ttl in seconds for negative DNS lookups noting that this overrides the +# JDK security property networkaddress.cache.negative ttl; set to -1 to cache +# forever +-Des.networkaddress.cache.negative.ttl=10 + +## optimizations + +# pre-touch memory pages used by the JVM during initialization +-XX:+AlwaysPreTouch + +## basic + +# explicitly set the stack size +-Xss1m + +# set to headless, just in case +-Djava.awt.headless=true + +# ensure UTF-8 encoding by default (e.g. filenames) +-Dfile.encoding=UTF-8 + +# use our provided JNA always versus the system one +-Djna.nosys=true + +# turn off a JDK optimization that throws away stack traces for common +# exceptions because stack traces are important for debugging +-XX:-OmitStackTraceInFastThrow + +# enable helpful NullPointerExceptions (https://openjdk.java.net/jeps/358), if +# they are supported +14-:-XX:+ShowCodeDetailsInExceptionMessages + +# flags to configure Netty +-Dio.netty.noUnsafe=true +-Dio.netty.noKeySetOptimization=true +-Dio.netty.recycler.maxCapacityPerThread=0 + +# log4j 2 +-Dlog4j.shutdownHookEnabled=false +-Dlog4j2.disable.jmx=true + +-Djava.io.tmpdir=${ES_TMPDIR} + +## heap dumps + +# generate a heap dump when an allocation from the Java heap fails +# heap dumps are created in the working directory of the JVM +-XX:+HeapDumpOnOutOfMemoryError + +# specify an alternative path for heap dumps; ensure the directory exists and +# has sufficient space +-XX:HeapDumpPath=data + +# specify an alternative path for JVM fatal error logs +-XX:ErrorFile=logs/hs_err_pid%p.log + +## JDK 8 GC logging + +8:-XX:+PrintGCDetails +8:-XX:+PrintGCDateStamps +8:-XX:+PrintTenuringDistribution +8:-XX:+PrintGCApplicationStoppedTime +8:-Xloggc:logs/gc.log +8:-XX:+UseGCLogFileRotation +8:-XX:NumberOfGCLogFiles=32 +8:-XX:GCLogFileSize=64m + +# JDK 9+ GC logging +9-:-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m +# due to internationalization enhancements in JDK 9 Elasticsearch need to set the provider to COMPAT otherwise +# time/date parsing will break in an incompatible way for some date patterns and locals +9-:-Djava.locale.providers=COMPAT + +# temporary workaround for C2 bug with JDK 10 on hardware with AVX-512 +#10-:-XX:UseAVX=2 diff --git a/6.8/config/elastic/log4j2.properties b/6.8/config/elastic/log4j2.properties new file mode 100644 index 0000000..9ad290a --- /dev/null +++ b/6.8/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/6.8/config/logrotate b/6.8/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/6.8/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/6.8/docker-healthcheck b/6.8/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/6.8/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/6.8/elastic-entrypoint.sh b/6.8/elastic-entrypoint.sh new file mode 100644 index 0000000..da48c19 --- /dev/null +++ b/6.8/elastic-entrypoint.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/6.8/hooks/post_push b/6.8/hooks/post_push new file mode 100644 index 0000000..459ee11 --- /dev/null +++ b/6.8/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION 6) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/7.0/.dockerignore b/7.0/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/7.0/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/7.0/Dockerfile b/7.0/Dockerfile new file mode 100644 index 0000000..a64e8c8 --- /dev/null +++ b/7.0/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:3.9 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre su-exec + +ENV VERSION 7.0.1 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "301e552b221369cca8365ee64d8b52b5e8abea0e26159f7a6e77a1722fb1107641fe2472138869f5156bbbf43c74e62ffb22d0c35062190505f7504e3f571e16" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/7.0/config/elastic/elasticsearch.yml b/7.0/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..4e1544a --- /dev/null +++ b/7.0/config/elastic/elasticsearch.yml @@ -0,0 +1,12 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true + +discovery.type: "single-node" diff --git a/7.0/config/elastic/log4j2.properties b/7.0/config/elastic/log4j2.properties new file mode 100644 index 0000000..1fcce23 --- /dev/null +++ b/7.0/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console \ No newline at end of file diff --git a/7.0/config/logrotate b/7.0/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/7.0/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/7.0/docker-healthcheck b/7.0/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/7.0/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/7.0/elastic-entrypoint.sh b/7.0/elastic-entrypoint.sh new file mode 100644 index 0000000..63fdb5f --- /dev/null +++ b/7.0/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/7.0/hooks/post_push b/7.0/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/7.0/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/7.1/.dockerignore b/7.1/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/7.1/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/7.1/Dockerfile b/7.1/Dockerfile new file mode 100644 index 0000000..57db2da --- /dev/null +++ b/7.1/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:3.9 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre su-exec + +ENV VERSION 7.1.1 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "717cf4780cd5a36963fa550ffa42177911a3e408f45b688a86b61c69f8cdd5fe4d8988e4e8230cfdf8d833c46dfd07fafdbf67d86710a77fb90cf15f014b2f5a" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/7.1/config/elastic/elasticsearch.yml b/7.1/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..4e1544a --- /dev/null +++ b/7.1/config/elastic/elasticsearch.yml @@ -0,0 +1,12 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true + +discovery.type: "single-node" diff --git a/7.1/config/elastic/log4j2.properties b/7.1/config/elastic/log4j2.properties new file mode 100644 index 0000000..1fcce23 --- /dev/null +++ b/7.1/config/elastic/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console \ No newline at end of file diff --git a/7.1/config/logrotate b/7.1/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/7.1/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/7.1/docker-healthcheck b/7.1/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/7.1/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/7.1/elastic-entrypoint.sh b/7.1/elastic-entrypoint.sh new file mode 100644 index 0000000..63fdb5f --- /dev/null +++ b/7.1/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/7.1/hooks/post_push b/7.1/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/7.1/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/7.10/Dockerfile b/7.10/Dockerfile new file mode 100644 index 0000000..e2327c3 --- /dev/null +++ b/7.10/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:3.13 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk11-jre-headless su-exec + +ENV VERSION 7.10.2 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "7b63237996569ccdc7c9d9e7cc097fcb23865396eddac30e5f02543484220d2fc70a7285b430877e5e76a5d8716d9682de9fc40d5e57a08f331e82011fc59756" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/7.10/config/elastic/elasticsearch.yml b/7.10/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..4e1544a --- /dev/null +++ b/7.10/config/elastic/elasticsearch.yml @@ -0,0 +1,12 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true + +discovery.type: "single-node" diff --git a/7.10/config/elastic/log4j2.properties b/7.10/config/elastic/log4j2.properties new file mode 100644 index 0000000..1098dd3 --- /dev/null +++ b/7.10/config/elastic/log4j2.properties @@ -0,0 +1,43 @@ +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = debug + +appender.rolling.type = Console +appender.rolling.name = rolling +appender.rolling.layout.type = ESJsonLayout +appender.rolling.layout.type_name = server + +rootLogger.level = info +rootLogger.appenderRef.rolling.ref = rolling + +appender.deprecation_rolling.type = Console +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.layout.type = ESJsonLayout +appender.deprecation_rolling.layout.type_name = deprecation + +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = warn +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.additivity = false + +appender.index_search_slowlog_rolling.type = Console +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.layout.type = ESJsonLayout +appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog + +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +appender.index_indexing_slowlog_rolling.type = Console +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout +appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false \ No newline at end of file diff --git a/7.10/config/logrotate b/7.10/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/7.10/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/7.10/docker-healthcheck b/7.10/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/7.10/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/7.10/elastic-entrypoint.sh b/7.10/elastic-entrypoint.sh new file mode 100644 index 0000000..63fdb5f --- /dev/null +++ b/7.10/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/7.10/hooks/post_push b/7.10/hooks/post_push new file mode 100644 index 0000000..31d4433 --- /dev/null +++ b/7.10/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION 7) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/7.15/Dockerfile b/7.15/Dockerfile new file mode 100644 index 0000000..0f085f3 --- /dev/null +++ b/7.15/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:3.14 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk11-jre-headless su-exec + +ENV VERSION 7.15.2 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-${VERSION}-no-jdk-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-${VERSION}-no-jdk-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-${VERSION}-no-jdk-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "9b10986e5aa09fcfb971869ae2e16e28b0aa2934af1dcdf980d52b654c138ace62edf1f0d889352d4814867d2bc837a0ea6a5153c8f3ebfcb33db7268ccf50fe" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/7.15/config/elastic/elasticsearch.yml b/7.15/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..e87ed32 --- /dev/null +++ b/7.15/config/elastic/elasticsearch.yml @@ -0,0 +1,13 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true + +discovery.type: "single-node" +xpack.ml.enabled: false \ No newline at end of file diff --git a/7.15/config/elastic/log4j2.properties b/7.15/config/elastic/log4j2.properties new file mode 100644 index 0000000..1098dd3 --- /dev/null +++ b/7.15/config/elastic/log4j2.properties @@ -0,0 +1,43 @@ +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = debug + +appender.rolling.type = Console +appender.rolling.name = rolling +appender.rolling.layout.type = ESJsonLayout +appender.rolling.layout.type_name = server + +rootLogger.level = info +rootLogger.appenderRef.rolling.ref = rolling + +appender.deprecation_rolling.type = Console +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.layout.type = ESJsonLayout +appender.deprecation_rolling.layout.type_name = deprecation + +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = warn +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.additivity = false + +appender.index_search_slowlog_rolling.type = Console +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.layout.type = ESJsonLayout +appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog + +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +appender.index_indexing_slowlog_rolling.type = Console +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout +appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false \ No newline at end of file diff --git a/7.15/config/logrotate b/7.15/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/7.15/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/7.15/docker-healthcheck b/7.15/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/7.15/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/7.15/elastic-entrypoint.sh b/7.15/elastic-entrypoint.sh new file mode 100644 index 0000000..63fdb5f --- /dev/null +++ b/7.15/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/7.16/Dockerfile b/7.16/Dockerfile new file mode 100644 index 0000000..6f9835b --- /dev/null +++ b/7.16/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:3.15 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk11-jre-headless su-exec + +ENV VERSION 7.16.3 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-${VERSION}-no-jdk-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-${VERSION}-no-jdk-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-${VERSION}-no-jdk-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "ec9747694ba9f8b76b1620e42addd106afa3d3c207dd3836afe2482556f8a982fa03f3536ebb762f12a6093c9a5eac63cdbf2f1941dde9e3ce69c41652749d4f" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/7.16/config/elastic/elasticsearch.yml b/7.16/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..e87ed32 --- /dev/null +++ b/7.16/config/elastic/elasticsearch.yml @@ -0,0 +1,13 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true + +discovery.type: "single-node" +xpack.ml.enabled: false \ No newline at end of file diff --git a/7.16/config/elastic/log4j2.properties b/7.16/config/elastic/log4j2.properties new file mode 100644 index 0000000..1098dd3 --- /dev/null +++ b/7.16/config/elastic/log4j2.properties @@ -0,0 +1,43 @@ +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = debug + +appender.rolling.type = Console +appender.rolling.name = rolling +appender.rolling.layout.type = ESJsonLayout +appender.rolling.layout.type_name = server + +rootLogger.level = info +rootLogger.appenderRef.rolling.ref = rolling + +appender.deprecation_rolling.type = Console +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.layout.type = ESJsonLayout +appender.deprecation_rolling.layout.type_name = deprecation + +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = warn +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.additivity = false + +appender.index_search_slowlog_rolling.type = Console +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.layout.type = ESJsonLayout +appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog + +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +appender.index_indexing_slowlog_rolling.type = Console +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout +appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false \ No newline at end of file diff --git a/7.16/config/logrotate b/7.16/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/7.16/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/7.16/docker-healthcheck b/7.16/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/7.16/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/7.16/elastic-entrypoint.sh b/7.16/elastic-entrypoint.sh new file mode 100644 index 0000000..2e039dc --- /dev/null +++ b/7.16/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export ES_JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/7.17/Dockerfile b/7.17/Dockerfile new file mode 100644 index 0000000..ace951c --- /dev/null +++ b/7.17/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:latest + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk11-jre-headless su-exec + +ENV VERSION 7.17.2 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-${VERSION}-no-jdk-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-${VERSION}-no-jdk-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-${VERSION}-no-jdk-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "dfc7f400f2a5a72c8ff4da2af6d53121c5a31f7e5e604b520e3ee9cd9fa17ba289cd9713c24dd1141959baf9b5f794318d2744aa199bf2e5847abdb996eecd67" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$GPG_KEY" \ + || gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys "$GPG_KEY" \ + || gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/7.17/config/elastic/elasticsearch.yml b/7.17/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..e87ed32 --- /dev/null +++ b/7.17/config/elastic/elasticsearch.yml @@ -0,0 +1,13 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true + +discovery.type: "single-node" +xpack.ml.enabled: false \ No newline at end of file diff --git a/7.17/config/elastic/log4j2.properties b/7.17/config/elastic/log4j2.properties new file mode 100644 index 0000000..1098dd3 --- /dev/null +++ b/7.17/config/elastic/log4j2.properties @@ -0,0 +1,43 @@ +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = debug + +appender.rolling.type = Console +appender.rolling.name = rolling +appender.rolling.layout.type = ESJsonLayout +appender.rolling.layout.type_name = server + +rootLogger.level = info +rootLogger.appenderRef.rolling.ref = rolling + +appender.deprecation_rolling.type = Console +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.layout.type = ESJsonLayout +appender.deprecation_rolling.layout.type_name = deprecation + +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = warn +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.additivity = false + +appender.index_search_slowlog_rolling.type = Console +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.layout.type = ESJsonLayout +appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog + +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +appender.index_indexing_slowlog_rolling.type = Console +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout +appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false \ No newline at end of file diff --git a/7.17/config/logrotate b/7.17/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/7.17/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/7.17/docker-healthcheck b/7.17/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/7.17/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/7.17/elastic-entrypoint.sh b/7.17/elastic-entrypoint.sh new file mode 100644 index 0000000..2e039dc --- /dev/null +++ b/7.17/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export ES_JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/7.2/Dockerfile b/7.2/Dockerfile new file mode 100644 index 0000000..39f97f9 --- /dev/null +++ b/7.2/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:3.10 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk11-jre-headless su-exec + +ENV VERSION 7.2.1 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "694aca59cc3e23bfcf41142d7bf3d3c75f6fcdb6d0a1b35157157cb2f4ac8152db1e424951e62ba1a2bd4a2d32a77bb9499085558b7e1580680c0de90fbc0902" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/7.2/config/elastic/elasticsearch.yml b/7.2/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..4e1544a --- /dev/null +++ b/7.2/config/elastic/elasticsearch.yml @@ -0,0 +1,12 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true + +discovery.type: "single-node" diff --git a/7.2/config/elastic/log4j2.properties b/7.2/config/elastic/log4j2.properties new file mode 100644 index 0000000..1098dd3 --- /dev/null +++ b/7.2/config/elastic/log4j2.properties @@ -0,0 +1,43 @@ +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = debug + +appender.rolling.type = Console +appender.rolling.name = rolling +appender.rolling.layout.type = ESJsonLayout +appender.rolling.layout.type_name = server + +rootLogger.level = info +rootLogger.appenderRef.rolling.ref = rolling + +appender.deprecation_rolling.type = Console +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.layout.type = ESJsonLayout +appender.deprecation_rolling.layout.type_name = deprecation + +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = warn +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.additivity = false + +appender.index_search_slowlog_rolling.type = Console +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.layout.type = ESJsonLayout +appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog + +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +appender.index_indexing_slowlog_rolling.type = Console +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout +appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false \ No newline at end of file diff --git a/7.2/config/logrotate b/7.2/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/7.2/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/7.2/docker-healthcheck b/7.2/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/7.2/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/7.2/elastic-entrypoint.sh b/7.2/elastic-entrypoint.sh new file mode 100644 index 0000000..63fdb5f --- /dev/null +++ b/7.2/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/7.2/hooks/post_push b/7.2/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/7.2/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/7.3/Dockerfile b/7.3/Dockerfile new file mode 100644 index 0000000..ea18842 --- /dev/null +++ b/7.3/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:3.10 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk11-jre-headless su-exec + +ENV VERSION 7.3.2 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "abb183a05db25a877d4e5a8f8b75fba517444008f34e35e82806a6239c3ccec1c32dc787313b899be55caefdab8343a62db31f9491bffbabefaecccaba1210d0" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/7.3/config/elastic/elasticsearch.yml b/7.3/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..4e1544a --- /dev/null +++ b/7.3/config/elastic/elasticsearch.yml @@ -0,0 +1,12 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true + +discovery.type: "single-node" diff --git a/7.3/config/elastic/log4j2.properties b/7.3/config/elastic/log4j2.properties new file mode 100644 index 0000000..1098dd3 --- /dev/null +++ b/7.3/config/elastic/log4j2.properties @@ -0,0 +1,43 @@ +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = debug + +appender.rolling.type = Console +appender.rolling.name = rolling +appender.rolling.layout.type = ESJsonLayout +appender.rolling.layout.type_name = server + +rootLogger.level = info +rootLogger.appenderRef.rolling.ref = rolling + +appender.deprecation_rolling.type = Console +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.layout.type = ESJsonLayout +appender.deprecation_rolling.layout.type_name = deprecation + +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = warn +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.additivity = false + +appender.index_search_slowlog_rolling.type = Console +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.layout.type = ESJsonLayout +appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog + +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +appender.index_indexing_slowlog_rolling.type = Console +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout +appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false \ No newline at end of file diff --git a/7.3/config/logrotate b/7.3/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/7.3/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/7.3/docker-healthcheck b/7.3/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/7.3/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/7.3/elastic-entrypoint.sh b/7.3/elastic-entrypoint.sh new file mode 100644 index 0000000..63fdb5f --- /dev/null +++ b/7.3/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/7.3/hooks/post_push b/7.3/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/7.3/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/7.4/Dockerfile b/7.4/Dockerfile new file mode 100644 index 0000000..a2cf52e --- /dev/null +++ b/7.4/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:3.10 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk11-jre-headless su-exec + +ENV VERSION 7.4.2 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "a9c484ad5820a54a6d58c1153a65e9eacecc45c83d9efd0bed19ae16cec25fa0a5e3d640fcffd9cbd8a5360e3e970b6e2ed2a9b6029393fd73426ed5aa2bba44" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/7.4/config/elastic/elasticsearch.yml b/7.4/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..4e1544a --- /dev/null +++ b/7.4/config/elastic/elasticsearch.yml @@ -0,0 +1,12 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true + +discovery.type: "single-node" diff --git a/7.4/config/elastic/log4j2.properties b/7.4/config/elastic/log4j2.properties new file mode 100644 index 0000000..1098dd3 --- /dev/null +++ b/7.4/config/elastic/log4j2.properties @@ -0,0 +1,43 @@ +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = debug + +appender.rolling.type = Console +appender.rolling.name = rolling +appender.rolling.layout.type = ESJsonLayout +appender.rolling.layout.type_name = server + +rootLogger.level = info +rootLogger.appenderRef.rolling.ref = rolling + +appender.deprecation_rolling.type = Console +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.layout.type = ESJsonLayout +appender.deprecation_rolling.layout.type_name = deprecation + +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = warn +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.additivity = false + +appender.index_search_slowlog_rolling.type = Console +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.layout.type = ESJsonLayout +appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog + +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +appender.index_indexing_slowlog_rolling.type = Console +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout +appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false \ No newline at end of file diff --git a/7.4/config/logrotate b/7.4/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/7.4/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/7.4/docker-healthcheck b/7.4/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/7.4/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/7.4/elastic-entrypoint.sh b/7.4/elastic-entrypoint.sh new file mode 100644 index 0000000..63fdb5f --- /dev/null +++ b/7.4/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/7.4/hooks/post_push b/7.4/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/7.4/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/7.5/Dockerfile b/7.5/Dockerfile new file mode 100644 index 0000000..6b9aee5 --- /dev/null +++ b/7.5/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:3.10 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk11-jre-headless su-exec + +ENV VERSION 7.5.2 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "ea494dfb743e5ea12dbbc269d8103fa08644c580291eb88b25000743d272aa87c8709ac9fb2939ad387d5d335f0795c943114b8471074bba7d583494bbc6d100" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/7.5/config/elastic/elasticsearch.yml b/7.5/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..4e1544a --- /dev/null +++ b/7.5/config/elastic/elasticsearch.yml @@ -0,0 +1,12 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true + +discovery.type: "single-node" diff --git a/7.5/config/elastic/log4j2.properties b/7.5/config/elastic/log4j2.properties new file mode 100644 index 0000000..1098dd3 --- /dev/null +++ b/7.5/config/elastic/log4j2.properties @@ -0,0 +1,43 @@ +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = debug + +appender.rolling.type = Console +appender.rolling.name = rolling +appender.rolling.layout.type = ESJsonLayout +appender.rolling.layout.type_name = server + +rootLogger.level = info +rootLogger.appenderRef.rolling.ref = rolling + +appender.deprecation_rolling.type = Console +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.layout.type = ESJsonLayout +appender.deprecation_rolling.layout.type_name = deprecation + +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = warn +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.additivity = false + +appender.index_search_slowlog_rolling.type = Console +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.layout.type = ESJsonLayout +appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog + +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +appender.index_indexing_slowlog_rolling.type = Console +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout +appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false \ No newline at end of file diff --git a/7.5/config/logrotate b/7.5/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/7.5/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/7.5/docker-healthcheck b/7.5/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/7.5/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/7.5/elastic-entrypoint.sh b/7.5/elastic-entrypoint.sh new file mode 100644 index 0000000..63fdb5f --- /dev/null +++ b/7.5/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/7.5/hooks/post_push b/7.5/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/7.5/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/7.6/Dockerfile b/7.6/Dockerfile new file mode 100644 index 0000000..4e09566 --- /dev/null +++ b/7.6/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:3.10 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk11-jre-headless su-exec + +ENV VERSION 7.6.2 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "6197a0b62f577cd0692c1fb97a473a9971f8fef383dc6ef618035785dbc662947d2adbc425ce130ef531cbfaf9add9ed5da5a698387e770c49af820644d67e72" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/7.6/config/elastic/elasticsearch.yml b/7.6/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..4e1544a --- /dev/null +++ b/7.6/config/elastic/elasticsearch.yml @@ -0,0 +1,12 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true + +discovery.type: "single-node" diff --git a/7.6/config/elastic/log4j2.properties b/7.6/config/elastic/log4j2.properties new file mode 100644 index 0000000..1098dd3 --- /dev/null +++ b/7.6/config/elastic/log4j2.properties @@ -0,0 +1,43 @@ +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = debug + +appender.rolling.type = Console +appender.rolling.name = rolling +appender.rolling.layout.type = ESJsonLayout +appender.rolling.layout.type_name = server + +rootLogger.level = info +rootLogger.appenderRef.rolling.ref = rolling + +appender.deprecation_rolling.type = Console +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.layout.type = ESJsonLayout +appender.deprecation_rolling.layout.type_name = deprecation + +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = warn +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.additivity = false + +appender.index_search_slowlog_rolling.type = Console +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.layout.type = ESJsonLayout +appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog + +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +appender.index_indexing_slowlog_rolling.type = Console +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout +appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false \ No newline at end of file diff --git a/7.6/config/logrotate b/7.6/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/7.6/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/7.6/docker-healthcheck b/7.6/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/7.6/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/7.6/elastic-entrypoint.sh b/7.6/elastic-entrypoint.sh new file mode 100644 index 0000000..63fdb5f --- /dev/null +++ b/7.6/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/7.6/hooks/post_push b/7.6/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/7.6/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/7.7/Dockerfile b/7.7/Dockerfile new file mode 100644 index 0000000..529d4d5 --- /dev/null +++ b/7.7/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:3.11 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk11-jre-headless su-exec + +ENV VERSION 7.7.1 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "22afb445a3bdca4cfdcc32c9bbd2599bc3c294415985b1863247a5caf98dbcae58362b8c809820ef55f98a51a1d91b8db922578a5146447c0228f01da9985bba" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/7.7/config/elastic/elasticsearch.yml b/7.7/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..4e1544a --- /dev/null +++ b/7.7/config/elastic/elasticsearch.yml @@ -0,0 +1,12 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true + +discovery.type: "single-node" diff --git a/7.7/config/elastic/log4j2.properties b/7.7/config/elastic/log4j2.properties new file mode 100644 index 0000000..1098dd3 --- /dev/null +++ b/7.7/config/elastic/log4j2.properties @@ -0,0 +1,43 @@ +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = debug + +appender.rolling.type = Console +appender.rolling.name = rolling +appender.rolling.layout.type = ESJsonLayout +appender.rolling.layout.type_name = server + +rootLogger.level = info +rootLogger.appenderRef.rolling.ref = rolling + +appender.deprecation_rolling.type = Console +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.layout.type = ESJsonLayout +appender.deprecation_rolling.layout.type_name = deprecation + +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = warn +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.additivity = false + +appender.index_search_slowlog_rolling.type = Console +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.layout.type = ESJsonLayout +appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog + +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +appender.index_indexing_slowlog_rolling.type = Console +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout +appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false \ No newline at end of file diff --git a/7.7/config/logrotate b/7.7/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/7.7/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/7.7/docker-healthcheck b/7.7/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/7.7/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/7.7/elastic-entrypoint.sh b/7.7/elastic-entrypoint.sh new file mode 100644 index 0000000..63fdb5f --- /dev/null +++ b/7.7/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/7.7/hooks/post_push b/7.7/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/7.7/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/7.8/Dockerfile b/7.8/Dockerfile new file mode 100644 index 0000000..e382d90 --- /dev/null +++ b/7.8/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:3.11 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk11-jre-headless su-exec + +ENV VERSION 7.8.1 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "f0caa06c1172b25d8f9cb9ddced72185aaaabb1b6d7f31fe1ba67172346236651ca3bc560e7ef206b4bf9521f228d46ee98df2e41b129253215135b583086ccc" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/7.8/config/elastic/elasticsearch.yml b/7.8/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..4e1544a --- /dev/null +++ b/7.8/config/elastic/elasticsearch.yml @@ -0,0 +1,12 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true + +discovery.type: "single-node" diff --git a/7.8/config/elastic/log4j2.properties b/7.8/config/elastic/log4j2.properties new file mode 100644 index 0000000..1098dd3 --- /dev/null +++ b/7.8/config/elastic/log4j2.properties @@ -0,0 +1,43 @@ +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = debug + +appender.rolling.type = Console +appender.rolling.name = rolling +appender.rolling.layout.type = ESJsonLayout +appender.rolling.layout.type_name = server + +rootLogger.level = info +rootLogger.appenderRef.rolling.ref = rolling + +appender.deprecation_rolling.type = Console +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.layout.type = ESJsonLayout +appender.deprecation_rolling.layout.type_name = deprecation + +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = warn +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.additivity = false + +appender.index_search_slowlog_rolling.type = Console +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.layout.type = ESJsonLayout +appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog + +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +appender.index_indexing_slowlog_rolling.type = Console +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout +appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false \ No newline at end of file diff --git a/7.8/config/logrotate b/7.8/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/7.8/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/7.8/docker-healthcheck b/7.8/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/7.8/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/7.8/elastic-entrypoint.sh b/7.8/elastic-entrypoint.sh new file mode 100644 index 0000000..63fdb5f --- /dev/null +++ b/7.8/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/7.8/hooks/post_push b/7.8/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/7.8/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/7.9/Dockerfile b/7.9/Dockerfile new file mode 100644 index 0000000..b0a64b5 --- /dev/null +++ b/7.9/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:3.11 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk11-jre-headless su-exec + +ENV VERSION 7.9.3 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-oss-${VERSION}-no-jdk-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "679d02f2576aa04aefee6ab1b8922d20d9fc1606c2454b32b52e7377187435da50566c9000565df8496ae69d0882724fbf2877b8253bd6036c06367e854c55f6" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/7.9/config/elastic/elasticsearch.yml b/7.9/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..4e1544a --- /dev/null +++ b/7.9/config/elastic/elasticsearch.yml @@ -0,0 +1,12 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +# bootstrap.memory_lock: true + +node.master: true +node.ingest: true +node.data: true + +discovery.type: "single-node" diff --git a/7.9/config/elastic/log4j2.properties b/7.9/config/elastic/log4j2.properties new file mode 100644 index 0000000..1098dd3 --- /dev/null +++ b/7.9/config/elastic/log4j2.properties @@ -0,0 +1,43 @@ +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = debug + +appender.rolling.type = Console +appender.rolling.name = rolling +appender.rolling.layout.type = ESJsonLayout +appender.rolling.layout.type_name = server + +rootLogger.level = info +rootLogger.appenderRef.rolling.ref = rolling + +appender.deprecation_rolling.type = Console +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.layout.type = ESJsonLayout +appender.deprecation_rolling.layout.type_name = deprecation + +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = warn +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.additivity = false + +appender.index_search_slowlog_rolling.type = Console +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.layout.type = ESJsonLayout +appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog + +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +appender.index_indexing_slowlog_rolling.type = Console +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout +appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false \ No newline at end of file diff --git a/7.9/config/logrotate b/7.9/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/7.9/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/7.9/docker-healthcheck b/7.9/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/7.9/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/7.9/elastic-entrypoint.sh b/7.9/elastic-entrypoint.sh new file mode 100644 index 0000000..63fdb5f --- /dev/null +++ b/7.9/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/7.9/hooks/post_push b/7.9/hooks/post_push new file mode 100644 index 0000000..41be42f --- /dev/null +++ b/7.9/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV VERSION' | cut -d" " -f3) +TAGS=($VERSION) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$TAG + echo "===> Pushing $DOCKER_REPO:$TAG" + docker push $DOCKER_REPO:$TAG +done diff --git a/8.0/Dockerfile b/8.0/Dockerfile new file mode 100644 index 0000000..3c5437c --- /dev/null +++ b/8.0/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:3.15 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk17-jre-headless su-exec + +ENV VERSION 8.0.1 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-${VERSION}-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-${VERSION}-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-${VERSION}-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "e064b139a2981bba3b47c2f7ff6423cdf5230510fbb577b34b993c8ce8abcfcb15d1df2f0df6f4a5b3d386e51a3cdf7af74f09d1fa9b1fa24113bb966428836c" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" \ + || gpg --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" \ + || gpg --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/8.0/config/elastic/elasticsearch.yml b/8.0/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..3ba9a78 --- /dev/null +++ b/8.0/config/elastic/elasticsearch.yml @@ -0,0 +1,6 @@ +cluster.name: "docker-cluster" +network.host: 0.0.0.0 + +discovery.type: "single-node" +xpack.ml.enabled: false +xpack.security.enabled: false \ No newline at end of file diff --git a/8.0/config/elastic/log4j2.properties b/8.0/config/elastic/log4j2.properties new file mode 100644 index 0000000..cf34e4c --- /dev/null +++ b/8.0/config/elastic/log4j2.properties @@ -0,0 +1,254 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +######## Server JSON ############################ +appender.rolling.type = RollingFile +appender.rolling.name = rolling +appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json +appender.rolling.layout.type = ECSJsonLayout +appender.rolling.layout.dataset = elasticsearch.server + +appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz +appender.rolling.policies.type = Policies +appender.rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.rolling.policies.time.interval = 1 +appender.rolling.policies.time.modulate = true +appender.rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.rolling.policies.size.size = 128MB +appender.rolling.strategy.type = DefaultRolloverStrategy +appender.rolling.strategy.fileIndex = nomax +appender.rolling.strategy.action.type = Delete +appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path} +appender.rolling.strategy.action.condition.type = IfFileName +appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-* +appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize +appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB +################################################ +######## Server - old style pattern ########### +appender.rolling_old.type = RollingFile +appender.rolling_old.name = rolling_old +appender.rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log +appender.rolling_old.layout.type = PatternLayout +appender.rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +appender.rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz +appender.rolling_old.policies.type = Policies +appender.rolling_old.policies.time.type = TimeBasedTriggeringPolicy +appender.rolling_old.policies.time.interval = 1 +appender.rolling_old.policies.time.modulate = true +appender.rolling_old.policies.size.type = SizeBasedTriggeringPolicy +appender.rolling_old.policies.size.size = 128MB +appender.rolling_old.strategy.type = DefaultRolloverStrategy +appender.rolling_old.strategy.fileIndex = nomax +appender.rolling_old.strategy.action.type = Delete +appender.rolling_old.strategy.action.basepath = ${sys:es.logs.base_path} +appender.rolling_old.strategy.action.condition.type = IfFileName +appender.rolling_old.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-* +appender.rolling_old.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize +appender.rolling_old.strategy.action.condition.nested_condition.exceeds = 2GB +################################################ + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console +rootLogger.appenderRef.rolling.ref = rolling +rootLogger.appenderRef.rolling_old.ref = rolling_old + +######## Deprecation JSON ####################### +appender.deprecation_rolling.type = RollingFile +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.json +appender.deprecation_rolling.layout.type = ECSJsonLayout +# Intentionally follows a different pattern to above +appender.deprecation_rolling.layout.dataset = deprecation.elasticsearch +appender.deprecation_rolling.filter.rate_limit.type = RateLimitingFilter + +appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation-%i.json.gz +appender.deprecation_rolling.policies.type = Policies +appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.deprecation_rolling.policies.size.size = 1GB +appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy +appender.deprecation_rolling.strategy.max = 4 + +appender.header_warning.type = HeaderWarningAppender +appender.header_warning.name = header_warning +################################################# + +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = WARN +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.appenderRef.header_warning.ref = header_warning +logger.deprecation.additivity = false + +######## Search slowlog JSON #################### +appender.index_search_slowlog_rolling.type = RollingFile +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\ + .cluster_name}_index_search_slowlog.json +appender.index_search_slowlog_rolling.layout.type = ECSJsonLayout +appender.index_search_slowlog_rolling.layout.dataset = elasticsearch.index_search_slowlog + +appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\ + .cluster_name}_index_search_slowlog-%i.json.gz +appender.index_search_slowlog_rolling.policies.type = Policies +appender.index_search_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.index_search_slowlog_rolling.policies.size.size = 1GB +appender.index_search_slowlog_rolling.strategy.type = DefaultRolloverStrategy +appender.index_search_slowlog_rolling.strategy.max = 4 +################################################# + +################################################# +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +######## Indexing slowlog JSON ################## +appender.index_indexing_slowlog_rolling.type = RollingFile +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ + _index_indexing_slowlog.json +appender.index_indexing_slowlog_rolling.layout.type = ECSJsonLayout +appender.index_indexing_slowlog_rolling.layout.dataset = elasticsearch.index_indexing_slowlog + + +appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ + _index_indexing_slowlog-%i.json.gz +appender.index_indexing_slowlog_rolling.policies.type = Policies +appender.index_indexing_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.index_indexing_slowlog_rolling.policies.size.size = 1GB +appender.index_indexing_slowlog_rolling.strategy.type = DefaultRolloverStrategy +appender.index_indexing_slowlog_rolling.strategy.max = 4 +################################################# + + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false + + +logger.com_amazonaws.name = com.amazonaws +logger.com_amazonaws.level = warn + +logger.com_amazonaws_jmx_SdkMBeanRegistrySupport.name = com.amazonaws.jmx.SdkMBeanRegistrySupport +logger.com_amazonaws_jmx_SdkMBeanRegistrySupport.level = error + +logger.com_amazonaws_metrics_AwsSdkMetrics.name = com.amazonaws.metrics.AwsSdkMetrics +logger.com_amazonaws_metrics_AwsSdkMetrics.level = error + +logger.com_amazonaws_auth_profile_internal_BasicProfileConfigFileLoader.name = com.amazonaws.auth.profile.internal.BasicProfileConfigFileLoader +logger.com_amazonaws_auth_profile_internal_BasicProfileConfigFileLoader.level = error + +logger.com_amazonaws_services_s3_internal_UseArnRegionResolver.name = com.amazonaws.services.s3.internal.UseArnRegionResolver +logger.com_amazonaws_services_s3_internal_UseArnRegionResolver.level = error + + +appender.audit_rolling.type = RollingFile +appender.audit_rolling.name = audit_rolling +appender.audit_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_audit.json +appender.audit_rolling.layout.type = PatternLayout +appender.audit_rolling.layout.pattern = {\ + "type":"audit", \ + "timestamp":"%d{yyyy-MM-dd'T'HH:mm:ss,SSSZ}"\ + %varsNotEmpty{, "node.name":"%enc{%map{node.name}}{JSON}"}\ + %varsNotEmpty{, "node.id":"%enc{%map{node.id}}{JSON}"}\ + %varsNotEmpty{, "host.name":"%enc{%map{host.name}}{JSON}"}\ + %varsNotEmpty{, "host.ip":"%enc{%map{host.ip}}{JSON}"}\ + %varsNotEmpty{, "event.type":"%enc{%map{event.type}}{JSON}"}\ + %varsNotEmpty{, "event.action":"%enc{%map{event.action}}{JSON}"}\ + %varsNotEmpty{, "authentication.type":"%enc{%map{authentication.type}}{JSON}"}\ + %varsNotEmpty{, "user.name":"%enc{%map{user.name}}{JSON}"}\ + %varsNotEmpty{, "user.run_by.name":"%enc{%map{user.run_by.name}}{JSON}"}\ + %varsNotEmpty{, "user.run_as.name":"%enc{%map{user.run_as.name}}{JSON}"}\ + %varsNotEmpty{, "user.realm":"%enc{%map{user.realm}}{JSON}"}\ + %varsNotEmpty{, "user.run_by.realm":"%enc{%map{user.run_by.realm}}{JSON}"}\ + %varsNotEmpty{, "user.run_as.realm":"%enc{%map{user.run_as.realm}}{JSON}"}\ + %varsNotEmpty{, "user.roles":%map{user.roles}}\ + %varsNotEmpty{, "apikey.id":"%enc{%map{apikey.id}}{JSON}"}\ + %varsNotEmpty{, "apikey.name":"%enc{%map{apikey.name}}{JSON}"}\ + %varsNotEmpty{, "authentication.token.name":"%enc{%map{authentication.token.name}}{JSON}"}\ + %varsNotEmpty{, "authentication.token.type":"%enc{%map{authentication.token.type}}{JSON}"}\ + %varsNotEmpty{, "origin.type":"%enc{%map{origin.type}}{JSON}"}\ + %varsNotEmpty{, "origin.address":"%enc{%map{origin.address}}{JSON}"}\ + %varsNotEmpty{, "realm":"%enc{%map{realm}}{JSON}"}\ + %varsNotEmpty{, "url.path":"%enc{%map{url.path}}{JSON}"}\ + %varsNotEmpty{, "url.query":"%enc{%map{url.query}}{JSON}"}\ + %varsNotEmpty{, "request.method":"%enc{%map{request.method}}{JSON}"}\ + %varsNotEmpty{, "request.body":"%enc{%map{request.body}}{JSON}"}\ + %varsNotEmpty{, "request.id":"%enc{%map{request.id}}{JSON}"}\ + %varsNotEmpty{, "action":"%enc{%map{action}}{JSON}"}\ + %varsNotEmpty{, "request.name":"%enc{%map{request.name}}{JSON}"}\ + %varsNotEmpty{, "indices":%map{indices}}\ + %varsNotEmpty{, "opaque_id":"%enc{%map{opaque_id}}{JSON}"}\ + %varsNotEmpty{, "trace.id":"%enc{%map{trace.id}}{JSON}"}\ + %varsNotEmpty{, "x_forwarded_for":"%enc{%map{x_forwarded_for}}{JSON}"}\ + %varsNotEmpty{, "transport.profile":"%enc{%map{transport.profile}}{JSON}"}\ + %varsNotEmpty{, "rule":"%enc{%map{rule}}{JSON}"}\ + %varsNotEmpty{, "put":%map{put}}\ + %varsNotEmpty{, "delete":%map{delete}}\ + %varsNotEmpty{, "change":%map{change}}\ + %varsNotEmpty{, "create":%map{create}}\ + %varsNotEmpty{, "invalidate":%map{invalidate}}\ + }%n +# "node.name" node name from the `elasticsearch.yml` settings +# "node.id" node id which should not change between cluster restarts +# "host.name" unresolved hostname of the local node +# "host.ip" the local bound ip (i.e. the ip listening for connections) +# "origin.type" a received REST request is translated into one or more transport requests. This indicates which processing layer generated the event "rest" or "transport" (internal) +# "event.action" the name of the audited event, eg. "authentication_failed", "access_granted", "run_as_granted", etc. +# "authentication.type" one of "realm", "api_key", "token", "anonymous" or "internal" +# "user.name" the subject name as authenticated by a realm +# "user.run_by.name" the original authenticated subject name that is impersonating another one. +# "user.run_as.name" if this "event.action" is of a run_as type, this is the subject name to be impersonated as. +# "user.realm" the name of the realm that authenticated "user.name" +# "user.run_by.realm" the realm name of the impersonating subject ("user.run_by.name") +# "user.run_as.realm" if this "event.action" is of a run_as type, this is the realm name the impersonated user is looked up from +# "user.roles" the roles array of the user; these are the roles that are granting privileges +# "apikey.id" this field is present if and only if the "authentication.type" is "api_key" +# "apikey.name" this field is present if and only if the "authentication.type" is "api_key" +# "authentication.token.name" this field is present if and only if the authenticating credential is a service account token +# "authentication.token.type" this field is present if and only if the authenticating credential is a service account token +# "event.type" informs about what internal system generated the event; possible values are "rest", "transport", "ip_filter" and "security_config_change" +# "origin.address" the remote address and port of the first network hop, i.e. a REST proxy or another cluster node +# "realm" name of a realm that has generated an "authentication_failed" or an "authentication_successful"; the subject is not yet authenticated +# "url.path" the URI component between the port and the query string; it is percent (URL) encoded +# "url.query" the URI component after the path and before the fragment; it is percent (URL) encoded +# "request.method" the method of the HTTP request, i.e. one of GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH, TRACE, CONNECT +# "request.body" the content of the request body entity, JSON escaped +# "request.id" a synthetic identifier for the incoming request, this is unique per incoming request, and consistent across all audit events generated by that request +# "action" an action is the most granular operation that is authorized and this identifies it in a namespaced way (internal) +# "request.name" if the event is in connection to a transport message this is the name of the request class, similar to how rest requests are identified by the url path (internal) +# "indices" the array of indices that the "action" is acting upon +# "opaque_id" opaque value conveyed by the "X-Opaque-Id" request header +# "trace_id" an identifier conveyed by the part of "traceparent" request header +# "x_forwarded_for" the addresses from the "X-Forwarded-For" request header, as a verbatim string value (not an array) +# "transport.profile" name of the transport profile in case this is a "connection_granted" or "connection_denied" event +# "rule" name of the applied rule if the "origin.type" is "ip_filter" +# the "put", "delete", "change", "create", "invalidate" fields are only present +# when the "event.type" is "security_config_change" and contain the security config change (as an object) taking effect + +appender.audit_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_audit-%d{yyyy-MM-dd}-%i.json.gz +appender.audit_rolling.policies.type = Policies +appender.audit_rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.audit_rolling.policies.time.interval = 1 +appender.audit_rolling.policies.time.modulate = true +appender.audit_rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.audit_rolling.policies.size.size = 1GB +appender.audit_rolling.strategy.type = DefaultRolloverStrategy +appender.audit_rolling.strategy.fileIndex = nomax + +logger.xpack_security_audit_logfile.name = org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail +logger.xpack_security_audit_logfile.level = info +logger.xpack_security_audit_logfile.appenderRef.audit_rolling.ref = audit_rolling +logger.xpack_security_audit_logfile.additivity = false + +logger.xmlsig.name = org.apache.xml.security.signature.XMLSignature +logger.xmlsig.level = error +logger.samlxml_decrypt.name = org.opensaml.xmlsec.encryption.support.Decrypter +logger.samlxml_decrypt.level = fatal +logger.saml2_decrypt.name = org.opensaml.saml.saml2.encryption.Decrypter +logger.saml2_decrypt.level = fatal diff --git a/8.0/config/logrotate b/8.0/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/8.0/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/8.0/docker-healthcheck b/8.0/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/8.0/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/8.0/elastic-entrypoint.sh b/8.0/elastic-entrypoint.sh new file mode 100644 index 0000000..2e039dc --- /dev/null +++ b/8.0/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export ES_JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/8.1/Dockerfile b/8.1/Dockerfile new file mode 100644 index 0000000..1404fdf --- /dev/null +++ b/8.1/Dockerfile @@ -0,0 +1,72 @@ +FROM alpine:3.15 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk17-jre-headless su-exec + +ENV VERSION 8.1.2 +ENV DOWNLOAD_URL "https://artifacts.elastic.co/downloads/elasticsearch" +ENV ES_TARBAL "${DOWNLOAD_URL}/elasticsearch-${VERSION}-linux-x86_64.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/elasticsearch-${VERSION}-linux-x86_64.tar.gz.asc" +ENV EXPECTED_SHA_URL "${DOWNLOAD_URL}/elasticsearch-${VERSION}-linux-x86_64.tar.gz.sha512" +ENV ES_TARBALL_SHA "710ec2b7f99de0232d7d99fbb79cbe1d829b33dc5be5a01a8d8831e1f486819615bffb02c4f080399082c0316cd27d9deb09a6233457a25c7d80ddbc80e2d352" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && set -ex \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && wget --progress=bar:force -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA" ]; then \ + echo "$ES_TARBALL_SHA *elasticsearch.tar.gz" | sha512sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget --progress=bar:force -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + ( gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$GPG_KEY" \ + || gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys "$GPG_KEY" \ + || gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys "$GPG_KEY" ); \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -rf "$GNUPGHOME" elasticsearch.tar.gz.asc || true; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/tmp \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* /usr/share/elasticsearch/jdk \ + && apk del --purge .build-deps + +# TODO: remove this (it removes X-Pack ML so it works on Alpine) +RUN rm -rf /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64 + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +RUN chmod +x /elastic-entrypoint.sh +COPY docker-healthcheck /usr/local/bin/ + +WORKDIR /usr/share/elasticsearch + +ENV PATH /usr/share/elasticsearch/bin:$PATH +ENV ES_TMPDIR /usr/share/elasticsearch/tmp + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/8.1/config/elastic/elasticsearch.yml b/8.1/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..3ba9a78 --- /dev/null +++ b/8.1/config/elastic/elasticsearch.yml @@ -0,0 +1,6 @@ +cluster.name: "docker-cluster" +network.host: 0.0.0.0 + +discovery.type: "single-node" +xpack.ml.enabled: false +xpack.security.enabled: false \ No newline at end of file diff --git a/8.1/config/elastic/log4j2.properties b/8.1/config/elastic/log4j2.properties new file mode 100644 index 0000000..cf34e4c --- /dev/null +++ b/8.1/config/elastic/log4j2.properties @@ -0,0 +1,254 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +######## Server JSON ############################ +appender.rolling.type = RollingFile +appender.rolling.name = rolling +appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json +appender.rolling.layout.type = ECSJsonLayout +appender.rolling.layout.dataset = elasticsearch.server + +appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz +appender.rolling.policies.type = Policies +appender.rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.rolling.policies.time.interval = 1 +appender.rolling.policies.time.modulate = true +appender.rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.rolling.policies.size.size = 128MB +appender.rolling.strategy.type = DefaultRolloverStrategy +appender.rolling.strategy.fileIndex = nomax +appender.rolling.strategy.action.type = Delete +appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path} +appender.rolling.strategy.action.condition.type = IfFileName +appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-* +appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize +appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB +################################################ +######## Server - old style pattern ########### +appender.rolling_old.type = RollingFile +appender.rolling_old.name = rolling_old +appender.rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log +appender.rolling_old.layout.type = PatternLayout +appender.rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +appender.rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz +appender.rolling_old.policies.type = Policies +appender.rolling_old.policies.time.type = TimeBasedTriggeringPolicy +appender.rolling_old.policies.time.interval = 1 +appender.rolling_old.policies.time.modulate = true +appender.rolling_old.policies.size.type = SizeBasedTriggeringPolicy +appender.rolling_old.policies.size.size = 128MB +appender.rolling_old.strategy.type = DefaultRolloverStrategy +appender.rolling_old.strategy.fileIndex = nomax +appender.rolling_old.strategy.action.type = Delete +appender.rolling_old.strategy.action.basepath = ${sys:es.logs.base_path} +appender.rolling_old.strategy.action.condition.type = IfFileName +appender.rolling_old.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-* +appender.rolling_old.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize +appender.rolling_old.strategy.action.condition.nested_condition.exceeds = 2GB +################################################ + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console +rootLogger.appenderRef.rolling.ref = rolling +rootLogger.appenderRef.rolling_old.ref = rolling_old + +######## Deprecation JSON ####################### +appender.deprecation_rolling.type = RollingFile +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.json +appender.deprecation_rolling.layout.type = ECSJsonLayout +# Intentionally follows a different pattern to above +appender.deprecation_rolling.layout.dataset = deprecation.elasticsearch +appender.deprecation_rolling.filter.rate_limit.type = RateLimitingFilter + +appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation-%i.json.gz +appender.deprecation_rolling.policies.type = Policies +appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.deprecation_rolling.policies.size.size = 1GB +appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy +appender.deprecation_rolling.strategy.max = 4 + +appender.header_warning.type = HeaderWarningAppender +appender.header_warning.name = header_warning +################################################# + +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = WARN +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.appenderRef.header_warning.ref = header_warning +logger.deprecation.additivity = false + +######## Search slowlog JSON #################### +appender.index_search_slowlog_rolling.type = RollingFile +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\ + .cluster_name}_index_search_slowlog.json +appender.index_search_slowlog_rolling.layout.type = ECSJsonLayout +appender.index_search_slowlog_rolling.layout.dataset = elasticsearch.index_search_slowlog + +appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\ + .cluster_name}_index_search_slowlog-%i.json.gz +appender.index_search_slowlog_rolling.policies.type = Policies +appender.index_search_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.index_search_slowlog_rolling.policies.size.size = 1GB +appender.index_search_slowlog_rolling.strategy.type = DefaultRolloverStrategy +appender.index_search_slowlog_rolling.strategy.max = 4 +################################################# + +################################################# +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +######## Indexing slowlog JSON ################## +appender.index_indexing_slowlog_rolling.type = RollingFile +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ + _index_indexing_slowlog.json +appender.index_indexing_slowlog_rolling.layout.type = ECSJsonLayout +appender.index_indexing_slowlog_rolling.layout.dataset = elasticsearch.index_indexing_slowlog + + +appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ + _index_indexing_slowlog-%i.json.gz +appender.index_indexing_slowlog_rolling.policies.type = Policies +appender.index_indexing_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.index_indexing_slowlog_rolling.policies.size.size = 1GB +appender.index_indexing_slowlog_rolling.strategy.type = DefaultRolloverStrategy +appender.index_indexing_slowlog_rolling.strategy.max = 4 +################################################# + + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false + + +logger.com_amazonaws.name = com.amazonaws +logger.com_amazonaws.level = warn + +logger.com_amazonaws_jmx_SdkMBeanRegistrySupport.name = com.amazonaws.jmx.SdkMBeanRegistrySupport +logger.com_amazonaws_jmx_SdkMBeanRegistrySupport.level = error + +logger.com_amazonaws_metrics_AwsSdkMetrics.name = com.amazonaws.metrics.AwsSdkMetrics +logger.com_amazonaws_metrics_AwsSdkMetrics.level = error + +logger.com_amazonaws_auth_profile_internal_BasicProfileConfigFileLoader.name = com.amazonaws.auth.profile.internal.BasicProfileConfigFileLoader +logger.com_amazonaws_auth_profile_internal_BasicProfileConfigFileLoader.level = error + +logger.com_amazonaws_services_s3_internal_UseArnRegionResolver.name = com.amazonaws.services.s3.internal.UseArnRegionResolver +logger.com_amazonaws_services_s3_internal_UseArnRegionResolver.level = error + + +appender.audit_rolling.type = RollingFile +appender.audit_rolling.name = audit_rolling +appender.audit_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_audit.json +appender.audit_rolling.layout.type = PatternLayout +appender.audit_rolling.layout.pattern = {\ + "type":"audit", \ + "timestamp":"%d{yyyy-MM-dd'T'HH:mm:ss,SSSZ}"\ + %varsNotEmpty{, "node.name":"%enc{%map{node.name}}{JSON}"}\ + %varsNotEmpty{, "node.id":"%enc{%map{node.id}}{JSON}"}\ + %varsNotEmpty{, "host.name":"%enc{%map{host.name}}{JSON}"}\ + %varsNotEmpty{, "host.ip":"%enc{%map{host.ip}}{JSON}"}\ + %varsNotEmpty{, "event.type":"%enc{%map{event.type}}{JSON}"}\ + %varsNotEmpty{, "event.action":"%enc{%map{event.action}}{JSON}"}\ + %varsNotEmpty{, "authentication.type":"%enc{%map{authentication.type}}{JSON}"}\ + %varsNotEmpty{, "user.name":"%enc{%map{user.name}}{JSON}"}\ + %varsNotEmpty{, "user.run_by.name":"%enc{%map{user.run_by.name}}{JSON}"}\ + %varsNotEmpty{, "user.run_as.name":"%enc{%map{user.run_as.name}}{JSON}"}\ + %varsNotEmpty{, "user.realm":"%enc{%map{user.realm}}{JSON}"}\ + %varsNotEmpty{, "user.run_by.realm":"%enc{%map{user.run_by.realm}}{JSON}"}\ + %varsNotEmpty{, "user.run_as.realm":"%enc{%map{user.run_as.realm}}{JSON}"}\ + %varsNotEmpty{, "user.roles":%map{user.roles}}\ + %varsNotEmpty{, "apikey.id":"%enc{%map{apikey.id}}{JSON}"}\ + %varsNotEmpty{, "apikey.name":"%enc{%map{apikey.name}}{JSON}"}\ + %varsNotEmpty{, "authentication.token.name":"%enc{%map{authentication.token.name}}{JSON}"}\ + %varsNotEmpty{, "authentication.token.type":"%enc{%map{authentication.token.type}}{JSON}"}\ + %varsNotEmpty{, "origin.type":"%enc{%map{origin.type}}{JSON}"}\ + %varsNotEmpty{, "origin.address":"%enc{%map{origin.address}}{JSON}"}\ + %varsNotEmpty{, "realm":"%enc{%map{realm}}{JSON}"}\ + %varsNotEmpty{, "url.path":"%enc{%map{url.path}}{JSON}"}\ + %varsNotEmpty{, "url.query":"%enc{%map{url.query}}{JSON}"}\ + %varsNotEmpty{, "request.method":"%enc{%map{request.method}}{JSON}"}\ + %varsNotEmpty{, "request.body":"%enc{%map{request.body}}{JSON}"}\ + %varsNotEmpty{, "request.id":"%enc{%map{request.id}}{JSON}"}\ + %varsNotEmpty{, "action":"%enc{%map{action}}{JSON}"}\ + %varsNotEmpty{, "request.name":"%enc{%map{request.name}}{JSON}"}\ + %varsNotEmpty{, "indices":%map{indices}}\ + %varsNotEmpty{, "opaque_id":"%enc{%map{opaque_id}}{JSON}"}\ + %varsNotEmpty{, "trace.id":"%enc{%map{trace.id}}{JSON}"}\ + %varsNotEmpty{, "x_forwarded_for":"%enc{%map{x_forwarded_for}}{JSON}"}\ + %varsNotEmpty{, "transport.profile":"%enc{%map{transport.profile}}{JSON}"}\ + %varsNotEmpty{, "rule":"%enc{%map{rule}}{JSON}"}\ + %varsNotEmpty{, "put":%map{put}}\ + %varsNotEmpty{, "delete":%map{delete}}\ + %varsNotEmpty{, "change":%map{change}}\ + %varsNotEmpty{, "create":%map{create}}\ + %varsNotEmpty{, "invalidate":%map{invalidate}}\ + }%n +# "node.name" node name from the `elasticsearch.yml` settings +# "node.id" node id which should not change between cluster restarts +# "host.name" unresolved hostname of the local node +# "host.ip" the local bound ip (i.e. the ip listening for connections) +# "origin.type" a received REST request is translated into one or more transport requests. This indicates which processing layer generated the event "rest" or "transport" (internal) +# "event.action" the name of the audited event, eg. "authentication_failed", "access_granted", "run_as_granted", etc. +# "authentication.type" one of "realm", "api_key", "token", "anonymous" or "internal" +# "user.name" the subject name as authenticated by a realm +# "user.run_by.name" the original authenticated subject name that is impersonating another one. +# "user.run_as.name" if this "event.action" is of a run_as type, this is the subject name to be impersonated as. +# "user.realm" the name of the realm that authenticated "user.name" +# "user.run_by.realm" the realm name of the impersonating subject ("user.run_by.name") +# "user.run_as.realm" if this "event.action" is of a run_as type, this is the realm name the impersonated user is looked up from +# "user.roles" the roles array of the user; these are the roles that are granting privileges +# "apikey.id" this field is present if and only if the "authentication.type" is "api_key" +# "apikey.name" this field is present if and only if the "authentication.type" is "api_key" +# "authentication.token.name" this field is present if and only if the authenticating credential is a service account token +# "authentication.token.type" this field is present if and only if the authenticating credential is a service account token +# "event.type" informs about what internal system generated the event; possible values are "rest", "transport", "ip_filter" and "security_config_change" +# "origin.address" the remote address and port of the first network hop, i.e. a REST proxy or another cluster node +# "realm" name of a realm that has generated an "authentication_failed" or an "authentication_successful"; the subject is not yet authenticated +# "url.path" the URI component between the port and the query string; it is percent (URL) encoded +# "url.query" the URI component after the path and before the fragment; it is percent (URL) encoded +# "request.method" the method of the HTTP request, i.e. one of GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH, TRACE, CONNECT +# "request.body" the content of the request body entity, JSON escaped +# "request.id" a synthetic identifier for the incoming request, this is unique per incoming request, and consistent across all audit events generated by that request +# "action" an action is the most granular operation that is authorized and this identifies it in a namespaced way (internal) +# "request.name" if the event is in connection to a transport message this is the name of the request class, similar to how rest requests are identified by the url path (internal) +# "indices" the array of indices that the "action" is acting upon +# "opaque_id" opaque value conveyed by the "X-Opaque-Id" request header +# "trace_id" an identifier conveyed by the part of "traceparent" request header +# "x_forwarded_for" the addresses from the "X-Forwarded-For" request header, as a verbatim string value (not an array) +# "transport.profile" name of the transport profile in case this is a "connection_granted" or "connection_denied" event +# "rule" name of the applied rule if the "origin.type" is "ip_filter" +# the "put", "delete", "change", "create", "invalidate" fields are only present +# when the "event.type" is "security_config_change" and contain the security config change (as an object) taking effect + +appender.audit_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_audit-%d{yyyy-MM-dd}-%i.json.gz +appender.audit_rolling.policies.type = Policies +appender.audit_rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.audit_rolling.policies.time.interval = 1 +appender.audit_rolling.policies.time.modulate = true +appender.audit_rolling.policies.size.type = SizeBasedTriggeringPolicy +appender.audit_rolling.policies.size.size = 1GB +appender.audit_rolling.strategy.type = DefaultRolloverStrategy +appender.audit_rolling.strategy.fileIndex = nomax + +logger.xpack_security_audit_logfile.name = org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail +logger.xpack_security_audit_logfile.level = info +logger.xpack_security_audit_logfile.appenderRef.audit_rolling.ref = audit_rolling +logger.xpack_security_audit_logfile.additivity = false + +logger.xmlsig.name = org.apache.xml.security.signature.XMLSignature +logger.xmlsig.level = error +logger.samlxml_decrypt.name = org.opensaml.xmlsec.encryption.support.Decrypter +logger.samlxml_decrypt.level = fatal +logger.saml2_decrypt.name = org.opensaml.saml.saml2.encryption.Decrypter +logger.saml2_decrypt.level = fatal diff --git a/8.1/config/logrotate b/8.1/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/8.1/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/8.1/docker-healthcheck b/8.1/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/8.1/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/8.1/elastic-entrypoint.sh b/8.1/elastic-entrypoint.sh new file mode 100644 index 0000000..2e039dc --- /dev/null +++ b/8.1/elastic-entrypoint.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export ES_JAVA_HOME=$(dirname "$(dirname "$(readlink -f "$(which javac || which java)")")") +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + +# Determine if x-pack is enabled +if bin/elasticsearch-plugin list -s | grep -q x-pack; then + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f config/elasticsearch.keystore ]] || bin/elasticsearch-keystore create + echo "$ELASTIC_PASSWORD" | bin/elasticsearch-keystore add -x 'bootstrap.password' + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs} + + set -- su-exec elasticsearch "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/LATEST b/LATEST new file mode 100644 index 0000000..8d1eec6 --- /dev/null +++ b/LATEST @@ -0,0 +1 @@ +8.1 \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..9872a37 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016-2022 blacktop + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..4b22ddd --- /dev/null +++ b/Makefile @@ -0,0 +1,93 @@ +REPO=blacktop/elasticsearch +ORG=blacktop +NAME=elasticsearch +# build info +BUILD ?=$(shell cat LATEST) +LATEST ?=$(shell cat LATEST) + + +all: update build size test + +BUILDS=$(LATEST) 7.17 7.16 6.8 5.6 +.PHONY: update +update: + $(foreach build,$(BUILDS),NAME=$(NAME) BUILD=$(build) $(MAKE) dockerfile;) + +.PHONY: dockerfile +dockerfile: ## Update Dockerfiles +ifneq "$(BUILD)" "x-pack" + hack/make/dockerfile +endif + +.PHONY: build +build: ## Build docker image + cd $(BUILD); docker build --pull -t $(ORG)/$(NAME):$(BUILD) . + +.PHONY: size +size: build ## Get built image size +ifeq "$(BUILD)" "$(LATEST)" + sed -i.bu 's/docker%20image-.*-blue/docker%20image-$(shell docker images --format "{{.Size}}" $(ORG)/$(NAME):$(BUILD)| cut -d' ' -f1)-blue/' README.md + sed -i.bu '/latest/ s/[0-9.]\{3,5\}MB/$(shell docker images --format "{{.Size}}" $(ORG)/$(NAME):$(BUILD))/' README.md +endif + sed -i.bu '/$(BUILD)/ s/[0-9.]\{3,5\}MB/$(shell docker images --format "{{.Size}}" $(ORG)/$(NAME):$(BUILD))/' README.md + +.PHONY: tag +tag: + ORG=$(ORG) NAME=$(NAME) BUILD=$(BUILD) hack/make/tag + +.PHONY: tags +tags: + docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}" $(ORG)/$(NAME) + +.PHONY: test +test: stop ## Test docker image + docker run -d --name $(NAME) -p 9200:9200 -e cluster.name=testcluster $(ORG)/$(NAME):$(BUILD) + @wait-for-es + @docker logs $(NAME) + http localhost:9200 | jq .cluster_name + docker rm -f $(NAME) + +.PHONY: tar +tar: ## Export tar of docker image + docker save $(ORG)/$(NAME):$(BUILD) -o $(NAME).tar + +.PHONY: push +push: build ## Push docker image to docker registry + @echo "===> Pushing $(ORG)/$(NAME):$(BUILD) to docker hub..." + @docker push $(ORG)/$(NAME):$(BUILD) + +.PHONY: run +run: stop ## Run docker container + docker run --init -it --rm --name $(NAME) -p 9200:9200 -e ELASTIC_PASSWORD=password -e "discovery.type=single-node" $(ORG)/$(NAME):$(BUILD) + +.PHONY: ssh +ssh: ## SSH into docker image + @docker run --init -it --rm -p 9200:9200 --entrypoint=bash $(ORG)/$(NAME):$(BUILD) + +.PHONY: stop +stop: ## Kill running docker containers + @docker rm -f $(NAME) || true + +.PHONY: circle +circle: ci-size ## Get docker image size from CircleCI + @sed -i.bu 's/docker%20image-.*-blue/docker%20image-$(shell cat .circleci/SIZE)-blue/' README.md + @echo "===> Image size is: $(shell cat .circleci/SIZE)" + +ci-build: + @echo "===> Getting CircleCI build number" + @http https://circleci.com/api/v1.1/project/github/${REPO} | jq '.[0].build_num' > .circleci/build_num + +ci-size: ci-build + @echo "===> Getting image build size from CircleCI" + @http "$(shell http https://circleci.com/api/v1.1/project/github/${REPO}/$(shell cat .circleci/build_num)/artifacts circle-token==${CIRCLE_TOKEN} | jq '.[].url')" > .circleci/SIZE + +.PHONY: clean +clean: ## Clean docker image and stop all running containers + docker-clean stop + docker rmi $(ORG)/$(NAME):$(BUILD) || true + +# Absolutely awesome: http://marmelab.com/blog/2016/02/29/auto-documented-makefile.html +help: + @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' + +.DEFAULT_GOAL := help diff --git a/README.md b/README.md new file mode 100644 index 0000000..d275ff6 --- /dev/null +++ b/README.md @@ -0,0 +1,110 @@ +![es-logo](https://raw.githubusercontent.com/blacktop/docker-elasticsearch-alpine/master/es-logo.png) + +# docker-elasticsearch-alpine + +[![Publish Docker Image](https://github.com/blacktop/docker-elasticsearch-alpine/actions/workflows/docker-image.yml/badge.svg)](https://github.com/blacktop/docker-elasticsearch-alpine/actions/workflows/docker-image.yml) [![License](http://img.shields.io/:license-mit-blue.svg)](http://doge.mit-license.org) [![Docker Stars](https://img.shields.io/docker/stars/blacktop/elasticsearch.svg)](https://hub.docker.com/r/blacktop/elasticsearch/) [![Docker Pulls](https://img.shields.io/docker/pulls/blacktop/elasticsearch.svg)](https://hub.docker.com/r/blacktop/elasticsearch/) [![Docker Image](https://img.shields.io/badge/docker%20image-1.02GB-blue.svg)](https://hub.docker.com/r/blacktop/elasticsearch/) + +Alpine Linux based [Elasticsearch](https://www.elastic.co/products/elasticsearch) Docker Image + +**Table of Contents** + +- [docker-elasticsearch-alpine](#docker-elasticsearch-alpine) + - [Why?](#why) + - [Dependencies](#dependencies) + - [Image Tags](#image-tags) + - [Getting Started](#getting-started) + - [Documentation](#documentation) + - [Known Issues :warning:](#known-issues-warning) + - [Issues](#issues) + - [Credits](#credits) + - [License](#license) + +## Why? + +Compare Image Sizes: + +* official elasticsearch = 791.6 MB +* blacktop/elasticsearch = 447.28 MB + +**blacktop version is 518 MB smaller !** + +## Dependencies + +* [alpine:3.15](https://hub.docker.com/_/alpine/) + +## Image Tags + +``` bash +REPOSITORY TAG SIZE +blacktop/elasticsearch latest 1.02GB +blacktop/elasticsearch 8.1 1.02GB +blacktop/elasticsearch 8.0 1.02GB +blacktop/elasticsearch 7.17 411MB +blacktop/elasticsearch 7.16 446MB +blacktop/elasticsearch 7.15 447MB +blacktop/elasticsearch 7.10 294MB +blacktop/elasticsearch 7.9 297MB +blacktop/elasticsearch 7.8 296MB +blacktop/elasticsearch 7.7 294MB +blacktop/elasticsearch 7.6 293MB +blacktop/elasticsearch 7.5 288MB +blacktop/elasticsearch 7.4 288MB +blacktop/elasticsearch 7.3 289MB +blacktop/elasticsearch 7.2 358MB +blacktop/elasticsearch 7.1 304MB +blacktop/elasticsearch 7.0 304MB +blacktop/elasticsearch 6.8 281MB +blacktop/elasticsearch 6.7 192MB +blacktop/elasticsearch 6.6 128MB +blacktop/elasticsearch 6.5 127MB +blacktop/elasticsearch 6.4 127MB +blacktop/elasticsearch 6.3 120MB +blacktop/elasticsearch 6.2 119MB +blacktop/elasticsearch 6.1 119MB +blacktop/elasticsearch 6.0 117MB +blacktop/elasticsearch 5.6 124MB +blacktop/elasticsearch 5.5 123MB +blacktop/elasticsearch 5.4 123MB +blacktop/elasticsearch 5.3 123MB +blacktop/elasticsearch x-pack 1.05GB +blacktop/elasticsearch 5.2 150MB +blacktop/elasticsearch 5.1 149MB +blacktop/elasticsearch 5.0 148.4MB +blacktop/elasticsearch 2.4 116MB +blacktop/elasticsearch kopf 122MB +blacktop/elasticsearch 2.3 139.1MB +blacktop/elasticsearch 1.7 114MB +``` + +## Getting Started + +``` bash +$ docker run -d --name elastic -p 9200:9200 blacktop/elasticsearch +``` + +## Documentation + +* [To create an elasticsearch cluster](docs/create.md) +* [To increase the HEAP_SIZE to 2GB](docs/options.md) +* [To monitor the clusters metrics using dockerbeat](docs/dockerbeat.md) +* [To run in production](docs/production.md) + +## Known Issues :warning: + +I have noticed when running the new **5.0+** version on a linux host you need to increase the memory map areas with the following command + +``` bash +sudo sysctl -w vm.max_map_count=262144 +``` + +## Issues + +Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to [file an issue](https://github.com/blacktop/docker-elasticsearch-alpine/issues/new) + +## Credits + +Heavily (if not entirely) influenced by https://github.com/docker-library/elasticsearch
Production docs from https://stefanprodan.com/2016/elasticsearch-cluster-with-docker/ + +## License + +MIT Copyright (c) 2016-2022 **blacktop** \ No newline at end of file diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..d4e7091 --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,81 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure("2") do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://atlas.hashicorp.com/search. + config.vm.box = "ubuntu/trusty64" + + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + config.vm.network "forwarded_port", guest: 9200, host: 9200 + config.vm.network "forwarded_port", guest: 5601, host: 5601 + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + + config.vm.provider "virtualbox" do |vb| + # Display the VirtualBox GUI when booting the machine + vb.gui = false + + # Customize the amount of memory on the VM: + vb.memory = "4096" + end + + # View the documentation for the provider you are using for more + # information on available options. + + # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies + # such as FTP and Heroku are also available. See the documentation at + # https://docs.vagrantup.com/v2/push/atlas.html for more information. + # config.push.define "atlas" do |push| + # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" + # end + + # Enable provisioning with a shell script. Additional provisioners such as + # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the + # documentation for more information about their specific syntax and use. + config.vm.provision "shell", inline: <<-SHELL + sudo apt-get update + sudo apt-get install -y apt-transport-https ca-certificates + sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D + echo "deb https://apt.dockerproject.org/repo ubuntu-trusty main" | sudo tee /etc/apt/sources.list.d/docker.list + sudo apt-get update + sudo apt-get install -y linux-image-extra-$(uname -r) linux-image-extra-virtual + sudo apt-get install -y docker-engine + sudo service docker start + sudo docker pull blacktop/elasticsearch + curl -s https://raw.githubusercontent.com/ZZROTDesign/docker-clean/v2.0.4/docker-clean | sudo tee /usr/local/bin/docker-clean > /dev/null + sudo chmod +x /usr/local/bin/docker-clean + SHELL +end diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml new file mode 100644 index 0000000..a733be4 --- /dev/null +++ b/docker-compose.prod.yml @@ -0,0 +1,94 @@ +version: "2" + +services: + ############################# + # ELASTICSEARCH MASTER NODE # + ############################# + master: + restart: unless-stopped + image: blacktop/elasticsearch + command: master + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + cap_add: + - IPC_LOCK + volumes: + - data:/usr/share/elasticsearch/data + networks: + - elastic + #################################### + # ELASTICSEARCH CLIENT/INGEST NODE # + #################################### + client: + restart: unless-stopped + image: blacktop/elasticsearch:kopf + command: client + ports: + - "9200:9200" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + cap_add: + - IPC_LOCK + links: + - master:elastic-master + networks: + - elastic + ########################### + # ELASTICSEARCH DATA NODE # + ########################### + data: + restart: unless-stopped + image: blacktop/elasticsearch + environment: + - ES_JAVA_OPTS=-Xms2g -Xmx2g + mem_limit: 4g + memswap_limit: 4g + # mem_swappiness: 0 + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + cap_add: + - IPC_LOCK + command: data + links: + - master:elastic-master + volumes: + - data:/usr/share/elasticsearch/data + networks: + - elastic + ############### + # KIBANA NODE # + ############### + kibana: + image: kibana + ports: + - "5601:5601" + links: + - client:elasticsearch + networks: + - elastic +############################# +# ELASTICSEARCH DATA VOLUME # +############################# +volumes: + data: +################################ +# ELASTICSEARCH BRIDGE NETWORK # +################################ +networks: + elastic: + driver: bridge diff --git a/docker-compose.x-pack.yml b/docker-compose.x-pack.yml new file mode 100644 index 0000000..e84a197 --- /dev/null +++ b/docker-compose.x-pack.yml @@ -0,0 +1,91 @@ +version: "3" + +services: + ############################# + # ELASTICSEARCH MASTER NODE # + ############################# + master: + restart: unless-stopped + image: blacktop/elasticsearch:x-pack + environment: + - cluster.name=docker-cluster + - network.host=0 + - ELASTIC_PASSWORD=pleasechangeme + - xpack.security.audit.enabled=true + - node.master=true + - node.ingest=false + - node.data=false + volumes: + - data:/usr/share/elasticsearch/data + networks: + - elastic + #################################### + # ELASTICSEARCH CLIENT/INGEST NODE # + #################################### + ingest: + restart: unless-stopped + image: blacktop/elasticsearch:x-pack + environment: + - cluster.name=docker-cluster + - network.host=0 + - ELASTIC_PASSWORD=pleasechangeme + - xpack.security.audit.enabled=true + - node.master=true + - node.ingest=true + - node.data=false + - discovery.zen.ping.unicast.hosts=master + ports: + - "9200:9200" + links: + - master:elastic-master + networks: + - elastic + ########################### + # ELASTICSEARCH DATA NODE # + ########################### + data: + restart: unless-stopped + image: blacktop/elasticsearch:x-pack + environment: + - cluster.name=docker-cluster + - network.host=0 + - ELASTIC_PASSWORD=pleasechangeme + - xpack.security.audit.enabled=true + - ES_JAVA_OPTS=-Xms2g -Xmx2g + - node.master=false + - node.ingest=false + - node.data=true + - discovery.zen.ping.unicast.hosts=master + links: + - master:elastic-master + # volumes: + # - data:/usr/share/elasticsearch/data + networks: + - elastic + ############### + # KIBANA NODE # + ############### + kibana: + image: blacktop/kibana:x-pack + ports: + - "80:5601" + links: + - ingest:elasticsearch + environment: + - elasticsearch.url=http://elasticsearch:9200 + - elasticsearch.username=elastic + - elasticsearch.password=pleasechangeme + - xpack.monitoring.ui.container.elasticsearch.enabled=true + networks: + - elastic +############################# +# ELASTICSEARCH DATA VOLUME # +############################# +volumes: + data: +################################ +# ELASTICSEARCH BRIDGE NETWORK # +################################ +networks: + elastic: + driver: bridge diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..00d05d5 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,29 @@ +version: "3.7" +services: + elasticsearch: + image: blacktop/elasticsearch:7.10 + container_name: elasticsearch + hostname: elasticsearch + environment: + - discovery.type=single-node + ulimits: + memlock: + soft: -1 + hard: -1 + ports: + - "9200:9200" + - "9300:9300" + networks: + - default + + kibana: + image: blacktop/kibana:7.6 + container_name: kibana + hostname: kibana + ports: + - "5601:5601" + networks: + - default + +networks: + default: diff --git a/docs/NOTES.md b/docs/NOTES.md new file mode 100644 index 0000000..796f2fc --- /dev/null +++ b/docs/NOTES.md @@ -0,0 +1,4 @@ +NOTES +===== + + - http://ozzimpact.github.io/development/elasticsearch-configuration-tuning diff --git a/docs/create.md b/docs/create.md new file mode 100644 index 0000000..02f8e13 --- /dev/null +++ b/docs/create.md @@ -0,0 +1,28 @@ +To create an elasticsearch cluster +---------------------------------- + +```bash +$ docker run -d --name elastic-master blacktop/elasticsearch:2.4 master +$ docker run -d --name elastic-client -p 9200:9200 --link elastic-master blacktop/elasticsearch:kopf client +$ docker run -d --name elastic-data-1 --link elastic-master blacktop/elasticsearch:2.4 data +$ docker run -d --name elastic-data-2 --link elastic-master blacktop/elasticsearch:2.4 data +$ docker run -d --name elastic-data-3 --link elastic-master blacktop/elasticsearch:2.4 data +$ docker run -d --name kibana -p 5601:5601 --link elastic-client:elasticsearch:4.6 kibana +``` + +Or you can use [docker-compose](https://docs.docker.com/compose/): + +```bash +$ curl -sL https://raw.githubusercontent.com/blacktop/docker-elasticsearch-alpine/master/docker-compose.yml \ + > docker-compose.yml +$ docker-compose up -d +$ docker-compose scale data=3 +``` + +> **NOTE:** `docker-compose.yml` assumes you have more than 4GB of RAM available. + +Now you can: + - Navigate to: [http://localhost:5601](http://localhost:5601) for [Kibana](https://www.elastic.co/products/kibana) + - Navigate to: [http://localhost:9200/_plugin/kopf](http://localhost:9200/_plugin/kopf) for [kopf](https://github.com/lmenezes/elasticsearch-kopf) + +> **NOTE:** Example usage assumes you are using [Docker for Mac](https://docs.docker.com/docker-for-mac/) diff --git a/docs/dockerbeat.md b/docs/dockerbeat.md new file mode 100644 index 0000000..56658ae --- /dev/null +++ b/docs/dockerbeat.md @@ -0,0 +1,7 @@ +## To monitor the clusters metrics using [dockerbeat](https://github.com/Ingensi/dockerbeat) + +```bash +$ curl https://raw.githubusercontent.com/Ingensi/dockerbeat/develop/etc/dockerbeat.template.json \ + | curl -H "Content-Type: application/json" -XPUT -d @- 'http://localhost:9200/_template/dockerbeat' +$ docker run -d -v /var/run/docker.sock:/var/run/docker.sock --link elastic:elasticsearch ingensi/dockerbeat +``` diff --git a/docs/options.md b/docs/options.md new file mode 100644 index 0000000..fb517cc --- /dev/null +++ b/docs/options.md @@ -0,0 +1,19 @@ +## To increase the HEAP_SIZE to 2GB + +```bash +$ docker run -d --name elastic -p 9200:9200 -e ES_JAVA_OPTS="-Xms2g -Xmx2g" blacktop/elasticsearch +``` + +## Runtime config changes + +### Change Cluster Name (to `prod-cluster`) + +```bash +$ docker run -d --name elastic -p 9200:9200 -e cluster.name=prod-cluster blacktop/elasticsearch +``` + +### Change Transport Address to bind to `0.0.0.0` (to use JAVA ES API to interact with ES nodes) + +```bash +$ docker run -d --name elastic -p 9300:9300 -e transport.host=0.0.0.0 blacktop/elasticsearch +``` diff --git a/docs/production.md b/docs/production.md new file mode 100644 index 0000000..e11fe0e --- /dev/null +++ b/docs/production.md @@ -0,0 +1,25 @@ +## To run in production + +On Ubuntu: + +```bash +echo "vm.max_map_count=262144" | sudo tee -a /etc/sysctl.conf +sudo sysctl -w vm.max_map_count=262144 +echo 'GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"' | sudo tee -a /etc/default/grub +sudo update-grub +sudo reboot +``` + +> **NOTE:** This increases the virtual memory maps as well as allows docker to disable memory swappiness. + +```bash +$ docker run -d -p 9200:9200 \ + --name elastic \ + --cap-add=IPC_LOCK --ulimit nofile=65536:65536 --ulimit memlock=-1:-1 \ + --memory="4g" --memory-swap="4g" --memory-swappiness=0 \ + -e ES_JAVA_OPTS="-Xms2g -Xmx2g" \ + blacktop/elasticsearch \ + -Ebootstrap.memory_lock=true +``` + +> **NOTE:** This will limit the container memory to 4GB and the ES heap size to 2GB as well as allow ES to lock the memory. diff --git a/es-logo.png b/es-logo.png new file mode 100644 index 0000000..0e88a2c Binary files /dev/null and b/es-logo.png differ diff --git a/hack/make/dockerfile b/hack/make/dockerfile new file mode 100644 index 0000000..bad29ed --- /dev/null +++ b/hack/make/dockerfile @@ -0,0 +1,13 @@ +#!/bin/bash + +VERSION=$(cat "$BUILD/Dockerfile" | grep '^ENV VERSION' | cut -d" " -f3) +DOWNLOAD_URL="https://artifacts.elastic.co/downloads/elasticsearch" +EXPECTED_SHA_URL=$(cat "$BUILD/Dockerfile" | grep '^ENV EXPECTED_SHA_URL' | cut -d" " -f3) + +echo "===> Getting $BUILD tarball sha1 for version: $VERSION" +SHA_URL=$(eval echo $EXPECTED_SHA_URL) +TARBALL_SHA=$(curl -s "$SHA_URL" | cut -d" " -f1) + +echo " * TARBALL_SHA=$TARBALL_SHA" +sed -i.bu 's/TARBALL_SHA "[0-9a-f.]\{128\}"/TARBALL_SHA "'$TARBALL_SHA'"/' $BUILD/Dockerfile +echo diff --git a/hack/make/tag b/hack/make/tag new file mode 100644 index 0000000..3b6e267 --- /dev/null +++ b/hack/make/tag @@ -0,0 +1,10 @@ +#!/bin/bash + +set -e + +TAG=$(cat "$BUILD/Dockerfile" | grep '^ENV VERSION' | cut -d" " -f3) + +echo "===> Tagging $ORG/$NAME:$BUILD as $ORG/$NAME:$TAG" +docker tag $ORG/$NAME:$BUILD $ORG/$NAME:$TAG +echo "===> Pushing $ORG/$NAME:$TAG" +docker push $ORG/$NAME:$TAG diff --git a/kopf/.dockerignore b/kopf/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/kopf/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/kopf/Dockerfile b/kopf/Dockerfile new file mode 100644 index 0000000..b84d170 --- /dev/null +++ b/kopf/Dockerfile @@ -0,0 +1,63 @@ +FROM alpine:3.5 + +LABEL maintainer "https://github.com/blacktop" + +RUN apk add --no-cache openjdk8-jre tini su-exec + +ENV ES_VERSION 2.4.4 + +ENV DOWNLOAD_URL "https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution" +ENV ES_TARBAL "${DOWNLOAD_URL}/tar/elasticsearch/${ES_VERSION}/elasticsearch-${ES_VERSION}.tar.gz" +ENV ES_TARBALL_ASC "${DOWNLOAD_URL}/tar/elasticsearch/${ES_VERSION}/elasticsearch-${ES_VERSION}.tar.gz.asc" +ENV SHA1_URL "${DOWNLOAD_URL}/tar/elasticsearch/${ES_VERSION}/elasticsearch-${ES_VERSION}.tar.gz.sha1" +ENV ES_TARBALL_SHA1 "cdb5068d1baa07388e522c3bc04cca38aa8f3048" +ENV GPG_KEY "46095ACC8548582C1A2699A9D27D666CD88E42B4" + +RUN apk add --no-cache bash +RUN apk add --no-cache -t .build-deps wget ca-certificates gnupg openssl \ + && cd /tmp \ + && echo "===> Install Elasticsearch..." \ + && EXPECTED_SHA=$(wget -O - ${SHA1_URL}) \ + && wget -O elasticsearch.tar.gz "$ES_TARBAL"; \ + if [ "$ES_TARBALL_SHA1" ]; then \ + echo "$ES_TARBALL_SHA1 *elasticsearch.tar.gz" | sha1sum -c -; \ + fi; \ + if [ "$ES_TARBALL_ASC" ]; then \ + wget -O elasticsearch.tar.gz.asc "$ES_TARBALL_ASC"; \ + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY"; \ + gpg --batch --verify elasticsearch.tar.gz.asc elasticsearch.tar.gz; \ + rm -r "$GNUPGHOME" elasticsearch.tar.gz.asc; \ + fi; \ + tar -xf elasticsearch.tar.gz \ + && ls -lah \ + && mv elasticsearch-$ES_VERSION /usr/share/elasticsearch \ + && adduser -D -h /usr/share/elasticsearch elasticsearch \ + && echo "===> Creating Elasticsearch Paths..." \ + && for path in \ + /usr/share/elasticsearch/data \ + /usr/share/elasticsearch/logs \ + /usr/share/elasticsearch/config \ + /usr/share/elasticsearch/config/scripts \ + /usr/share/elasticsearch/plugins \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done \ + && rm -rf /tmp/* \ + && apk del --purge .build-deps + +COPY config/elastic /usr/share/elasticsearch/config +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / + +ENV PATH /usr/share/elasticsearch/bin:$PATH + +# Install kopf plugin +RUN plugin install lmenezes/elasticsearch-kopf/v2.1.2 + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] diff --git a/kopf/VERSION b/kopf/VERSION new file mode 100644 index 0000000..a6a2a8d --- /dev/null +++ b/kopf/VERSION @@ -0,0 +1 @@ +kopf diff --git a/kopf/config/elastic/elasticsearch.yml b/kopf/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..d301713 --- /dev/null +++ b/kopf/config/elastic/elasticsearch.yml @@ -0,0 +1,10 @@ +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.zen.minimum_master_nodes: 1 +bootstrap.ignore_system_bootstrap_checks: true + +# node.master: true +# node.client: true +# node.data: true diff --git a/kopf/config/elastic/logging.yml b/kopf/config/elastic/logging.yml new file mode 100644 index 0000000..c2681ac --- /dev/null +++ b/kopf/config/elastic/logging.yml @@ -0,0 +1,15 @@ +# you can override this using by setting a system property, for example -Des.logger.level=DEBUG +es.logger.level: INFO +rootLogger: ${es.logger.level}, console +logger: + # log action execution errors for easier debugging + action: DEBUG + # reduce the logging for aws, too much is logged under the default INFO + com.amazonaws: WARN + +appender: + console: + type: console + layout: + type: consolePattern + conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" diff --git a/kopf/config/logrotate b/kopf/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/kopf/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/kopf/docker-healthcheck b/kopf/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/kopf/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/kopf/elastic-entrypoint.sh b/kopf/elastic-entrypoint.sh new file mode 100644 index 0000000..e34fc02 --- /dev/null +++ b/kopf/elastic-entrypoint.sh @@ -0,0 +1,97 @@ +#!/bin/sh + +set -e + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +################################################ +# = MASTER NODE = # +################################################ +if [ "$1" = 'master' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.client:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + + # Drop root privileges if we are running elasticsearch + # allow the container to be started with `--user` + if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" + fi + + set -- su-exec elasticsearch /sbin/tini -- elasticsearch +fi + +################################################ +# = CLIENT NODE = # +################################################ +if [ "$1" = 'client' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.client:).*!\2 'true'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'false'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Drop root privileges if we are running elasticsearch + # allow the container to be started with `--user` + if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" + fi + + set -- su-exec elasticsearch /sbin/tini -- elasticsearch +fi + +################################################ +# = DATA NODE = # +################################################ +if [ "$1" = 'data' -a "$(id -u)" = '0' ]; then + # Change node into a data node + CONFIG=/usr/share/elasticsearch/config/elasticsearch.yml + sed -ri "s!^(\#\s*)?(node\.master:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.client:).*!\2 'false'!" $CONFIG + sed -ri "s!^(\#\s*)?(node\.data:).*!\2 'true'!" $CONFIG + # Set master.node's name + if ! grep -q "discovery.zen.ping.unicast.hosts" $CONFIG; then + echo "discovery.zen.ping.unicast.hosts: [\"elastic-master\"]" >> $CONFIG + fi + + # Drop root privileges if we are running elasticsearch + # allow the container to be started with `--user` + if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" + fi + + set -- su-exec elasticsearch /sbin/tini -- elasticsearch +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/logs + + set -- su-exec elasticsearch "$@" +fi + +exec "$@" diff --git a/x-pack/.dockerignore b/x-pack/.dockerignore new file mode 100644 index 0000000..69e5630 --- /dev/null +++ b/x-pack/.dockerignore @@ -0,0 +1,12 @@ +# Ignore .git folder +.git* +.gitignore + +es-logo.png +LICENSE +README.md +docker-compose.yml +.DS_Store +build +release +Makefile diff --git a/x-pack/Dockerfile b/x-pack/Dockerfile new file mode 100644 index 0000000..1678297 --- /dev/null +++ b/x-pack/Dockerfile @@ -0,0 +1,63 @@ +FROM openjdk:11-jre + +LABEL maintainer "https://github.com/blacktop" + +RUN set -ex; \ + # https://artifacts.elastic.co/GPG-KEY-elasticsearch + wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - +# key='46095ACC8548582C1A2699A9D27D666CD88E42B4'; \ +# export GNUPGHOME="$(mktemp -d)"; \ +# gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \ +# gpg --export "$key" > /etc/apt/trusted.gpg.d/elastic.gpg; \ +# rm -rf "$GNUPGHOME"; \ +# apt-key list + +# https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-repositories.html +# https://www.elastic.co/guide/en/elasticsearch/reference/5.0/deb.html +RUN set -x \ + && apt-get update && apt-get install -y --no-install-recommends apt-transport-https && rm -rf /var/lib/apt/lists/* \ + && echo 'deb https://artifacts.elastic.co/packages/7.x/apt stable main' > /etc/apt/sources.list.d/elasticsearch.list + +ENV ELASTICSEARCH_VERSION 7.10.2 +ENV ELASTICSEARCH_DEB_VERSION 7.10.2 +ENV ELASTIC_CONTAINER=true + +RUN set -x \ + \ + # don't allow the package to install its sysctl file (causes the install to fail) + # Failed to write '262144' to '/proc/sys/vm/max_map_count': Read-only file system + && dpkg-divert --rename /usr/lib/sysctl.d/elasticsearch.conf \ + \ + && apt-get update \ + && apt-get install -y --no-install-recommends "elasticsearch=$ELASTICSEARCH_DEB_VERSION" \ + && rm -rf /var/lib/apt/lists/* + +ENV PATH /usr/share/elasticsearch/bin:$PATH + +WORKDIR /usr/share/elasticsearch + +RUN set -ex \ + && for path in \ + ./data \ + ./logs \ + ./config \ + ./config/scripts \ + ./config/ingest-geoip \ + ; do \ + mkdir -p "$path"; \ + chown -R elasticsearch:elasticsearch "$path"; \ + done + +COPY config/elastic/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml +COPY config/x-pack/log4j2.properties /usr/share/elasticsearch/config/x-pack/ +COPY config/logrotate /etc/logrotate.d/elasticsearch +COPY elastic-entrypoint.sh / +COPY docker-healthcheck /usr/local/bin/ + +VOLUME ["/usr/share/elasticsearch/data"] + +EXPOSE 9200 9300 +ENTRYPOINT ["/elastic-entrypoint.sh"] +CMD ["elasticsearch"] + +# HEALTHCHECK CMD ["docker-healthcheck"] diff --git a/x-pack/VERSION b/x-pack/VERSION new file mode 100644 index 0000000..e792bdb --- /dev/null +++ b/x-pack/VERSION @@ -0,0 +1 @@ +x-pack diff --git a/x-pack/config/elastic/elasticsearch.yml b/x-pack/config/elastic/elasticsearch.yml new file mode 100644 index 0000000..2fdd6d4 --- /dev/null +++ b/x-pack/config/elastic/elasticsearch.yml @@ -0,0 +1,27 @@ +cluster.name: "docker-cluster" +network.host: 0.0.0.0 + +# this value is required because we set "network.host" +# be sure to modify it appropriately for a production cluster deployment +discovery.seed_hosts: ["127.0.0.1", "[::1]"] +# node.master: true +# node.ingest: true +# node.data: true + +action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml* +# discovery.type: "single-node" + +# bin/elasticsearch-keystore create +# echo "changeme" | bin/elasticsearch-keystore add -x 'bootstrap.password' + +# xpack.security.authc.accept_default_password: true +# xpack.security.transport.ssl.enabled: false +# http -a elastic:changeme localhost:9200 +# curl -u elastic:changeme http://127.0.0.1:9200 + +# bin/x-pack/setup-passwords \ +# auto --batch \ +# -Expack.ssl.certificate=x-pack/certificates/es01/es01.crt \ +# -Expack.ssl.certificate_authorities=x-pack/certificates/ca/ca.crt \ +# -Expack.ssl.key=x-pack/certificates/es01/es01.key \ +# --url https://localhost:9200 diff --git a/x-pack/config/elastic/log4j2.properties b/x-pack/config/elastic/log4j2.properties new file mode 100644 index 0000000..3e375ef --- /dev/null +++ b/x-pack/config/elastic/log4j2.properties @@ -0,0 +1,13 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console + +logger.xpack_security_audit_logfile.name = org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail +logger.xpack_security_audit_logfile.appenderRef.console.ref = console +logger.xpack_security_audit_logfile.level = info \ No newline at end of file diff --git a/x-pack/config/logrotate b/x-pack/config/logrotate new file mode 100644 index 0000000..97f95a2 --- /dev/null +++ b/x-pack/config/logrotate @@ -0,0 +1,11 @@ +/var/log/elasticsearch/*.log { + daily + rotate 50 + size 50M + copytruncate + compress + delaycompress + missingok + notifempty + create 644 elasticsearch elasticsearch +} diff --git a/x-pack/config/x-pack/log4j2.properties b/x-pack/config/x-pack/log4j2.properties new file mode 100644 index 0000000..46877d0 --- /dev/null +++ b/x-pack/config/x-pack/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/x-pack/docker-healthcheck b/x-pack/docker-healthcheck new file mode 100644 index 0000000..bf41529 --- /dev/null +++ b/x-pack/docker-healthcheck @@ -0,0 +1,16 @@ +#!/bin/bash +set -eo pipefail + +host="$(hostname --ip-address || echo '127.0.0.1')" + +if health="$(curl -fsSL "http://$host:9200/_cat/health?h=status")"; then + health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green ") + if [ "$health" = 'green' ]; then + exit 0 + fi + echo >&2 "unexpected health status: $health" +fi + +# If the probe returns 2 ("starting") when the container has already moved out of the "starting" state then it is treated as "unhealthy" instead. +# https://github.com/docker/docker/blob/dcc65376bac8e73bb5930fce4cddc2350bb7baa2/docs/reference/builder.md#healthcheck +exit 2 diff --git a/x-pack/elastic-entrypoint.sh b/x-pack/elastic-entrypoint.sh new file mode 100644 index 0000000..9832c89 --- /dev/null +++ b/x-pack/elastic-entrypoint.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +set -e + +umask 0002 + +declare -a es_opts + +while IFS='=' read -r envvar_key envvar_value +do + # Elasticsearch env vars need to have at least two dot separated lowercase words, e.g. `cluster.name` + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ ]]; then + if [[ ! -z $envvar_value ]]; then + es_opt="-E${envvar_key}=${envvar_value}" + es_opts+=("${es_opt}") + fi + fi +done < <(env) + +export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS" + + +if [[ -d bin/x-pack ]]; then + # Check for the ELASTIC_PASSWORD environment variable to set the + # bootstrap password for Security. + # + # This is only required for the first node in a cluster with Security + # enabled, but we have no way of knowing which node we are yet. We'll just + # honor the variable if it's present. + if [[ -n "$ELASTIC_PASSWORD" ]]; then + [[ -f /usr/share/elasticsearch/config/elasticsearch.keystore ]] || (echo "y" | elasticsearch-keystore create) + if ! (elasticsearch-keystore list | grep -q '^bootstrap.password$'); then + (echo "$ELASTIC_PASSWORD" | elasticsearch-keystore add -x 'bootstrap.password') + fi + fi +fi + +# Add elasticsearch as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- elasticsearch "$@" +fi + +# Drop root privileges if we are running elasticsearch +# allow the container to be started with `--user` +if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then + # Change the ownership of user-mutable directories to elasticsearch + chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/{data,logs,config} + + set -- chroot --userspec=elasticsearch / "$@" "${es_opts[@]}" +fi + +exec "$@" diff --git a/x-pack/hooks/post_push b/x-pack/hooks/post_push new file mode 100644 index 0000000..94ccbd6 --- /dev/null +++ b/x-pack/hooks/post_push @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +VERSION=$(cat Dockerfile | grep '^ENV ELASTICSEARCH_VERSION' | cut -d" " -f3) +TAGS=($VERSION 7) + +for TAG in "${TAGS[@]}"; do + echo "===> Tagging $IMAGE_NAME as $DOCKER_REPO:$CACHE_TAG-$TAG" + docker tag $IMAGE_NAME $DOCKER_REPO:$CACHE_TAG-$TAG + echo "===> Pushing $DOCKER_REPO:$CACHE_TAG-$TAG" + docker push $DOCKER_REPO:$CACHE_TAG-$TAG +done