andreas/elasticsearch-cloudron
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Complete rewrite to run Elasticsearch directly without Docker

Browse Source
This commit is contained in:
Andreas Düren 2025-03-16 13:07:14 +01:00
parent 6fe1084eb9
commit 231855b94b
4 changed files with 111 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
elasticsearch-cloudron/Dockerfile
View File

@ -1,23 +1,42 @@
FROM cloudron/base:4.0.0
# Install Docker and diagnostic tools
# Install dependencies
RUN apt-get update && apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common \
unzip \
wget \
default-jre \
iproute2 \
net-tools \
iputils-ping \
dnsutils
RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
RUN apt-get update && apt-get install -y docker-ce docker-ce-cli containerd.io
# Set environment variables
ENV ELASTIC_VERSION=8.17.3
# Copy app files
# Create elasticsearch user and group
RUN groupadd -g 1000 elasticsearch && \
useradd -u 1000 -g elasticsearch -s /bin/bash elasticsearch
# Download and install Elasticsearch
RUN mkdir -p /usr/share/elasticsearch && \
curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-${ELASTIC_VERSION}-linux-x86_64.tar.gz && \
tar -xzf elasticsearch-${ELASTIC_VERSION}-linux-x86_64.tar.gz -C /usr/share/ && \
mv /usr/share/elasticsearch-${ELASTIC_VERSION}/* /usr/share/elasticsearch/ && \
rm -rf /usr/share/elasticsearch-${ELASTIC_VERSION} && \
rm elasticsearch-${ELASTIC_VERSION}-linux-x86_64.tar.gz
# Set up directories
RUN mkdir -p /app/data/elasticsearch && \
mkdir -p /app/data/logs && \
mkdir -p /app/data/config && \
mkdir -p /app/data/secrets
# Copy configuration files
COPY elasticsearch.yml /app/data/config/elasticsearch.yml
COPY .env /app/.env
COPY start.sh /app/start.sh
COPY stop.sh /app/stop.sh
@ -25,11 +44,8 @@ COPY stop.sh /app/stop.sh
# Make scripts executable
RUN chmod +x /app/start.sh /app/stop.sh
# Set up data directory
RUN mkdir -p /app/data
# Add healthcheck
HEALTHCHECK --interval=10s --timeout=5s --start-period=30s --retries=3 \
HEALTHCHECK --interval=10s --timeout=5s --start-period=60s --retries=3 \
CMD curl -f -u elastic:$(cat /app/data/secrets/elastic_password 2>/dev/null || echo "cloudron") http://localhost:9200 || exit 1
CMD ["/app/start.sh"]

37
elasticsearch-cloudron/elasticsearch.yml Normal file
View File

@ -0,0 +1,37 @@
# ======================== Elasticsearch Configuration =========================
# ---------------------------------- Cluster -----------------------------------
cluster.name: cloudron-cluster
# ------------------------------------ Node ------------------------------------
node.name: ${HOSTNAME}
node.master: true
node.data: true
# ----------------------------------- Paths ------------------------------------
path.data: /app/data/elasticsearch
path.logs: /app/data/logs
# ---------------------------------- Network -----------------------------------
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300
# --------------------------------- Discovery ----------------------------------
discovery.type: single-node
# --------------------------------- Security ----------------------------------
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: false
xpack.security.http.ssl.enabled: false
# ----------------------------------- Memory ----------------------------------
bootstrap.memory_lock: false
# ---------------------------------- Various ----------------------------------
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: "X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization"
action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*

112
elasticsearch-cloudron/start.sh
View File

@ -23,12 +23,6 @@ if [[ ! -f /app/data/.initialized ]]; then
fi
echo "$ELASTIC_PASSWORD" > /app/data/secrets/elastic_password
if [ -z "$KIBANA_PASSWORD" ]; then
KIBANA_PASSWORD=$(generate_password)
echo "Generated new secure password for Elasticsearch user 'kibana_system'"
fi
echo "$KIBANA_PASSWORD" > /app/data/secrets/kibana_password
# Mark as initialized
touch /app/data/.initialized
echo "Initialization complete."
@ -38,87 +32,51 @@ else
if [ -f "/app/data/secrets/elastic_password" ]; then
ELASTIC_PASSWORD=$(cat /app/data/secrets/elastic_password)
fi
if [ -f "/app/data/secrets/kibana_password" ]; then
KIBANA_PASSWORD=$(cat /app/data/secrets/kibana_password)
fi
fi
# Set default variables
STACK_VERSION=${STACK_VERSION:-8.17.3}
CLUSTER_NAME=${CLUSTER_NAME:-cloudron-cluster}
LICENSE=${LICENSE:-basic}
# Ensure data directories exist
# Set up the correct directories
mkdir -p /app/data/elasticsearch
mkdir -p /app/data/certs
mkdir -p /app/data/logs
mkdir -p /app/data/config
# Set permissions
chmod -R 777 /app/data
# Check if certificates exist, if not create them
if [ ! -f /app/data/certs/ca.crt ]; then
echo "Creating certificates..."
# Create temporary container to generate certificates
docker run --rm \
-v /app/data/certs:/usr/share/elasticsearch/config/certs \
--name es_certs \
docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} \
/bin/bash -c "
elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip &&
unzip config/certs/ca.zip -d config/certs &&
elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key --name es01 --dns es01,localhost --ip 127.0.0.1 &&
unzip config/certs/certs.zip -d config/certs
"
echo "Certificates created."
# Copy config if it doesn't exist
if [ ! -f /app/data/config/elasticsearch.yml ]; then
cp /app/data/config/elasticsearch.yml.orig /app/data/config/elasticsearch.yml || true
fi
# Ensure permissions are correct
chown -R elasticsearch:elasticsearch /app/data/elasticsearch /app/data/logs /app/data/config
# Print the network interfaces for debugging
echo "Network interfaces:"
ip addr show
# Start Elasticsearch
echo "Starting Elasticsearch..."
docker run \
-d \
--restart=always \
--name elasticsearch \
-v /app/data/elasticsearch:/usr/share/elasticsearch/data \
-v /app/data/certs:/usr/share/elasticsearch/config/certs \
-e node.name=es01 \
-e cluster.name=${CLUSTER_NAME} \
-e discovery.type=single-node \
-e ELASTIC_PASSWORD=${ELASTIC_PASSWORD} \
-e bootstrap.memory_lock=true \
-e xpack.security.enabled=true \
-e xpack.security.http.ssl.enabled=false \
-e xpack.license.self_generated.type=${LICENSE} \
-e xpack.ml.use_auto_machine_memory_percent=true \
-e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
-e network.host=0.0.0.0 \
--ulimit memlock=-1:-1 \
-p 0.0.0.0:9200:9200 \
-p 0.0.0.0:9300:9300 \
docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
# Set the bootstrap password
echo "Setting elastic user password..."
/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -b -p "$ELASTIC_PASSWORD" --url "http://localhost:9200" || true
# Wait for Elasticsearch to be up - try both localhost and 0.0.0.0
# Start Elasticsearch in the background
echo "Starting Elasticsearch..."
cd /usr/share/elasticsearch
su -c "ES_PATH_CONF=/app/data/config /usr/share/elasticsearch/bin/elasticsearch -d -p /app/data/elasticsearch.pid" elasticsearch
# Wait for Elasticsearch to be up
echo "Waiting for Elasticsearch to start..."
until $(curl --output /dev/null --silent --head --fail http://localhost:9200 || curl --output /dev/null --silent --head --fail http://0.0.0.0:9200); do
attempts=0
max_attempts=60
until $(curl --output /dev/null --silent --head --fail -u "elastic:$ELASTIC_PASSWORD" http://localhost:9200); do
printf '.'
sleep 5
attempts=$((attempts+1))
if [ $attempts -ge $max_attempts ]; then
echo "Elasticsearch failed to start after 5 minutes. Check logs at /app/data/logs/"
exit 1
fi
done
echo "Elasticsearch is up and running!"
# If kibana password is set, configure the kibana_system user
if [ ! -z "$KIBANA_PASSWORD" ]; then
echo "Setting kibana_system user password..."
until curl -s -X POST -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" http://localhost:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do
echo "Waiting for Elasticsearch to be ready to set kibana_system password..."
sleep 5
done
echo "kibana_system password set."
fi
# Display the credentials
echo "-----------------------------"
echo "Elasticsearch is ready to use!"
@ -127,12 +85,6 @@ echo ""
echo "Authentication credentials:"
echo " User: elastic"
echo " Password: $ELASTIC_PASSWORD"
if [ ! -z "$KIBANA_PASSWORD" ]; then
echo ""
echo "Kibana system credentials:"
echo " User: kibana_system"
echo " Password: $KIBANA_PASSWORD"
fi
echo "-----------------------------"
# Create a credentials file for reference
@ -141,13 +93,9 @@ Elasticsearch credentials:
URL: http://localhost:9200
User: elastic
Password: $ELASTIC_PASSWORD
Kibana system credentials:
User: kibana_system
Password: $KIBANA_PASSWORD
EOL
echo "Credentials saved to /app/data/credentials.txt"
# Keep script running
exec tail -f /dev/null
# Keep the script running to prevent the container from exiting
tail -f /app/data/logs/*.log

22
elasticsearch-cloudron/stop.sh
View File

@ -1,9 +1,23 @@
#!/bin/bash
set -e
# Stop Elasticsearch container
echo "Stopping Elasticsearch..."
docker stop elasticsearch || true
docker rm elasticsearch || true
# Check if Elasticsearch is running
if [ -f /app/data/elasticsearch.pid ]; then
echo "Stopping Elasticsearch..."
PID=$(cat /app/data/elasticsearch.pid)
if kill -0 "$PID" 2>/dev/null; then
kill "$PID"
echo "Waiting for Elasticsearch to stop..."
# Wait for process to end
while kill -0 "$PID" 2>/dev/null; do
sleep 1
done
else
echo "Elasticsearch process not found, cleaning up PID file."
fi
rm -f /app/data/elasticsearch.pid
else
echo "Elasticsearch PID file not found, nothing to stop."
fi
echo "Elasticsearch stopped."