dotCMS/core#16781 bring open-distro changes from branch issue-15942 o…

…n docker repo
dotCMS · Oct 23, 2019 · ef90108 · ef90108
1 parent c536b33
commit ef90108
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 3 deletions.
diff --git a/images/es-open-distro-1.2.0/Dockerfile b/images/es-open-distro-1.2.0/Dockerfile
@@ -15,8 +15,20 @@ COPY ./certs/elasticsearch.key /usr/share/elasticsearch/config/elasticsearch.key
 COPY ./yml/custom-elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml
 COPY ./yml/custom-config.yml /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/config.yml
 COPY ./yml/internal_users.yml /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
+
+#Setting ES admin password as an environment variable
+ENV ES_ADMIN_PASSWORD=${ES_ADMIN_PASSWORD:-admin}
+
+#Copying scripts to set ES admin password (init.sh) and initialize open distro security plugin with our custom certificates (init_security_plugin.sh and securityadmin.sh) 
 COPY ./init.sh /usr/share/elasticsearch/init.sh
+COPY ./init_security_plugin.sh /usr/share/elasticsearch/init_security_plugin.sh
+RUN chmod +x /usr/share/elasticsearch/init_security_plugin.sh
+RUN chmod +x /usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh
+RUN chmod +x /usr/share/elasticsearch/init.sh
+
+#Adding scripts at the beginning of the image entrypoint
+RUN sed -i '3 i\sh /usr/share/elasticsearch/init.sh \& sh /usr/share/elasticsearch/init_security_plugin.sh \&' /usr/local/bin/docker-entrypoint.sh
 
-RUN chmod 500 /usr/share/elasticsearch/init.sh
-ENV ES_ADMIN_PASSWORD=$ES_ADMIN_PASSWORD
-RUN /bin/bash -c "/usr/share/elasticsearch/init.sh"
+#Installing net-tools to enable netstat command, which is used by init.sh script
+#Provide support to run netstat
+RUN yum -y install net-tools
diff --git a/images/es-open-distro-1.2.0/init.sh b/images/es-open-distro-1.2.0/init.sh
@@ -2,6 +2,7 @@
 set -e
 
 if [[ ! -z "${ES_ADMIN_PASSWORD}" ]]; then
+	echo "Setting password for admin user..." 
     cd /usr/share/elasticsearch/plugins/opendistro_security/tools
     chmod 500 /usr/share/elasticsearch/plugins/opendistro_security/tools/hash.sh
     es_hash_password=`(/usr/share/elasticsearch/plugins/opendistro_security/tools/hash.sh -p $ES_ADMIN_PASSWORD)`

diff --git a/images/es-open-distro-1.2.0/init_security_plugin.sh b/images/es-open-distro-1.2.0/init_security_plugin.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+echo "Executing init_security_plugin.sh"
+
+# use while loop to check if elasticsearch is running 
+while true
+do
+    netstat -uplnt | grep :9300 | grep LISTEN > /dev/null
+    verifier=$?
+    if [ 0 = $verifier ]
+        then
+            echo "Running security plugin initialization"
+            cd /usr/share/elasticsearch/plugins/opendistro_security/tools
+
+            ./securityadmin.sh -cd ../securityconfig/ -icl -nhnv -cacert ../../../config/root-ca.pem -cert ../../../config/kirk.pem -key ../../../config/kirk.key
+            break
+        else
+            echo "ES is not running yet"
+            sleep 5
+    fi
+done