-
Notifications
You must be signed in to change notification settings - Fork 229
/
Copy pathrun.sh
executable file
·167 lines (148 loc) · 5.57 KB
/
run.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
#!/bin/bash
set -euo pipefail
if [ ${DEBUG:-""} = "true" ]; then
set -x
fi
export KUBERNETES_AUTH_TRYKUBECONFIG="false"
ES_REST_BASEURL=https://localhost:9200
LOG_FILE=elasticsearch_connect_log.txt
RETRY_COUNT=300 # how many times
RETRY_INTERVAL=1 # how often (in sec)
retry=$RETRY_COUNT
max_time=$(( RETRY_COUNT * RETRY_INTERVAL )) # should be integer
timeouted=false
mkdir -p /elasticsearch/$CLUSTER_NAME
secret_dir=/etc/elasticsearch/secret
BYTES_PER_MEG=$((1024*1024))
BYTES_PER_GIG=$((1024*${BYTES_PER_MEG}))
MAX_ES_MEMORY_BYTES=$((64*${BYTES_PER_GIG}))
MIN_ES_MEMORY_BYTES=$((256*${BYTES_PER_MEG}))
# the amount of RAM allocated should be half of available instance RAM.
# ref. https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html#_give_half_your_memory_to_lucene
# parts inspired by https://github.com/fabric8io-images/run-java-sh/blob/master/fish-pepper/run-java-sh/fp-files/java-container-options
regex='^([[:digit:]]+)([GgMm])i?$'
if [[ "${INSTANCE_RAM:-}" =~ $regex ]]; then
num=${BASH_REMATCH[1]}
unit=${BASH_REMATCH[2]}
if [[ $unit =~ [Gg] ]]; then
((num = num * ${BYTES_PER_GIG})) # enables math to work out for odd Gi
elif [[ $unit =~ [Mm] ]]; then
((num = num * ${BYTES_PER_MEG})) # enables math to work out for odd Gi
fi
#determine if req is less then max recommended by ES
echo "Comparing the specificed RAM to the maximum recommended for ElasticSearch..."
if [ ${MAX_ES_MEMORY_BYTES} -lt ${num} ]; then
((num = ${MAX_ES_MEMORY_BYTES}))
echo "Downgrading the INSTANCE_RAM to $(($num / BYTES_PER_MEG))m because ${INSTANCE_RAM} will result in a larger heap then recommended."
fi
#determine max allowable memory
echo "Inspecting the maximum RAM available..."
mem_file="/sys/fs/cgroup/memory/memory.limit_in_bytes"
if [ -r "${mem_file}" ]; then
max_mem="$(cat ${mem_file})"
if [ ${max_mem} -lt ${num} ]; then
((num = ${max_mem}))
echo "Setting the maximum allowable RAM to $(($num / BYTES_PER_MEG))m which is the largest amount available"
fi
else
echo "Unable to determine the maximum allowable RAM for this host in order to configure ElasticSearch"
exit 1
fi
if [[ $num -lt $MIN_ES_MEMORY_BYTES ]]; then
echo "A minimum of $(($MIN_ES_MEMORY_BYTES/$BYTES_PER_MEG))m is required but only $(($num/$BYTES_PER_MEG))m is available or was specified"
exit 1
fi
export ES_JAVA_OPTS="${ES_JAVA_OPTS:-} -Xms128M -Xmx$(($num/2/BYTES_PER_MEG))m"
echo "ES_JAVA_OPTS: '${ES_JAVA_OPTS}'"
else
echo "INSTANCE_RAM env var is invalid: ${INSTANCE_RAM:-}"
exit 1
fi
# Wait for Elasticsearch port to be opened. Fail on timeout or if response from Elasticsearch is unexpected.
wait_for_port_open() {
rm -f $LOG_FILE
# test for ES to be up first and that our SG index has been created
echo -n "Checking if Elasticsearch is ready on $ES_REST_BASEURL "
while ! response_code=$(curl -s -X HEAD \
--cacert $secret_dir/admin-ca \
--cert $secret_dir/admin-cert \
--key $secret_dir/admin-key \
--max-time $max_time \
-o $LOG_FILE -w '%{response_code}' \
$ES_REST_BASEURL) || test $response_code != "200"
do
echo -n "."
sleep $RETRY_INTERVAL
(( retry -= 1 ))
if (( retry == 0 )) ; then
timeouted=true
break
fi
done
if [ $timeouted = true ] ; then
echo -n "[timeout] "
else
rm -f $LOG_FILE
return 0
fi
echo "failed"
cat $LOG_FILE
rm -f $LOG_FILE
exit 1
}
seed_searchguard(){
/usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh \
-cd ${HOME}/sgconfig \
-i .searchguard.${HOSTNAME} \
-ks /etc/elasticsearch/secret/searchguard.key \
-kst JKS \
-kspass kspass \
-ts /etc/elasticsearch/secret/searchguard.truststore \
-tst JKS \
-tspass tspass \
-nhnv \
-icl
if [ $? -eq 0 ]; then
echo "Seeded the searchguard ACL index"
else
echo "Error seeding the searchguard ACL index"
exit 1
fi
}
verify_or_add_index_templates() {
wait_for_port_open
seed_searchguard
# Uncomment this if you want to wait for cluster becoming more stable before index template being pushed in.
# Give up on timeout and continue...
# curl -v -s -X GET \
# --cacert $secret_dir/admin-ca \
# --cert $secret_dir/admin-cert \
# --key $secret_dir/admin-key \
# "$ES_REST_BASEURL/_cluster/health?wait_for_status=yellow&timeout=${max_time}s"
shopt -s failglob
for template_file in /usr/share/elasticsearch/index_templates/*.json
do
template=`basename $template_file`
# Check if index template already exists
response_code=$(curl -s -X HEAD \
--cacert $secret_dir/admin-ca \
--cert $secret_dir/admin-cert \
--key $secret_dir/admin-key \
-w '%{response_code}' \
$ES_REST_BASEURL/_template/$template)
if [ $response_code == "200" ]; then
echo "Index template '$template' already present in ES cluster"
else
echo "Create index template '$template'"
curl -v -s -X PUT \
--cacert $secret_dir/admin-ca \
--cert $secret_dir/admin-cert \
--key $secret_dir/admin-key \
-d@$template_file \
$ES_REST_BASEURL/_template/$template
fi
done
shopt -u failglob
}
verify_or_add_index_templates &
exec /usr/share/elasticsearch/bin/elasticsearch --path.conf=$ES_CONF --security.manager.enabled false