andreas/elasticsearch-cloudron
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for Cloudron read-only filesystem and network binding issues

Browse Source
This commit is contained in:
Andreas Düren 2025-03-16 13:02:29 +01:00
parent 1e47298dc0
commit 6fe1084eb9
2 changed files with 51 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
elasticsearch-cloudron/Dockerfile
View File

@ -1,13 +1,17 @@
FROM cloudron/base:4.0.0 FROM cloudron/base:4.0.0
# Install Docker # Install Docker and diagnostic tools
RUN apt-get update && apt-get install -y \ RUN apt-get update && apt-get install -y \
apt-transport-https \ apt-transport-https \
ca-certificates \ ca-certificates \
curl \ curl \
gnupg-agent \ gnupg-agent \
software-properties-common \ software-properties-common \
unzip unzip \
iproute2 \
net-tools \
iputils-ping \
dnsutils
RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
@ -24,4 +28,8 @@ RUN chmod +x /app/start.sh /app/stop.sh
# Set up data directory # Set up data directory
RUN mkdir -p /app/data RUN mkdir -p /app/data
# Add healthcheck
HEALTHCHECK --interval=10s --timeout=5s --start-period=30s --retries=3 \
CMD curl -f -u elastic:$(cat /app/data/secrets/elastic_password 2>/dev/null || echo "cloudron") http://localhost:9200 || exit 1
CMD ["/app/start.sh"] CMD ["/app/start.sh"]

59
elasticsearch-cloudron/start.sh
View File

@ -9,27 +9,45 @@ generate_password() {
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1 cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1
} }
# Generate a random password for Elasticsearch if not provided # Create a secrets directory in data (which is writable)
if [ -z "$ELASTIC_PASSWORD" ]; then mkdir -p /app/data/secrets
ELASTIC_PASSWORD=$(generate_password)
# Save the password to the .env file
sed -i "s/^ELASTIC_PASSWORD=.*/ELASTIC_PASSWORD=$ELASTIC_PASSWORD/" /app/.env
echo "Generated new secure password for Elasticsearch user 'elastic'"
fi
# Generate a random password for Kibana if not provided # Check for initialization status
if [ -z "$KIBANA_PASSWORD" ]; then if [[ ! -f /app/data/.initialized ]]; then
KIBANA_PASSWORD=$(generate_password) echo "Fresh installation, initializing..."
# Save the password to the .env file
sed -i "s/^KIBANA_PASSWORD=.*/KIBANA_PASSWORD=$KIBANA_PASSWORD/" /app/.env # Generate and store passwords
echo "Generated new secure password for Elasticsearch user 'kibana_system'" if [ -z "$ELASTIC_PASSWORD" ]; then
ELASTIC_PASSWORD=$(generate_password)
echo "Generated new secure password for Elasticsearch user 'elastic'"
fi
echo "$ELASTIC_PASSWORD" > /app/data/secrets/elastic_password
if [ -z "$KIBANA_PASSWORD" ]; then
KIBANA_PASSWORD=$(generate_password)
echo "Generated new secure password for Elasticsearch user 'kibana_system'"
fi
echo "$KIBANA_PASSWORD" > /app/data/secrets/kibana_password
# Mark as initialized
touch /app/data/.initialized
echo "Initialization complete."
else
echo "Loading existing configuration..."
# Load existing passwords
if [ -f "/app/data/secrets/elastic_password" ]; then
ELASTIC_PASSWORD=$(cat /app/data/secrets/elastic_password)
fi
if [ -f "/app/data/secrets/kibana_password" ]; then
KIBANA_PASSWORD=$(cat /app/data/secrets/kibana_password)
fi
fi fi
# Set default variables # Set default variables
STACK_VERSION=${STACK_VERSION:-8.17.3} STACK_VERSION=${STACK_VERSION:-8.17.3}
CLUSTER_NAME=${CLUSTER_NAME:-cloudron-cluster} CLUSTER_NAME=${CLUSTER_NAME:-cloudron-cluster}
LICENSE=${LICENSE:-basic} LICENSE=${LICENSE:-basic}
ES_PORT=${ES_PORT:-127.0.0.1:9200}
# Ensure data directories exist # Ensure data directories exist
mkdir -p /app/data/elasticsearch mkdir -p /app/data/elasticsearch
@ -55,6 +73,10 @@ if [ ! -f /app/data/certs/ca.crt ]; then
echo "Certificates created." echo "Certificates created."
fi fi
# Print the network interfaces for debugging
echo "Network interfaces:"
ip addr show
# Start Elasticsearch # Start Elasticsearch
echo "Starting Elasticsearch..." echo "Starting Elasticsearch..."
docker run \ docker run \
@ -73,14 +95,15 @@ docker run \
-e xpack.license.self_generated.type=${LICENSE} \ -e xpack.license.self_generated.type=${LICENSE} \
-e xpack.ml.use_auto_machine_memory_percent=true \ -e xpack.ml.use_auto_machine_memory_percent=true \
-e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \ -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
-e network.host=0.0.0.0 \
--ulimit memlock=-1:-1 \ --ulimit memlock=-1:-1 \
-p 127.0.0.1:9200:9200 \ -p 0.0.0.0:9200:9200 \
-p 127.0.0.1:9300:9300 \ -p 0.0.0.0:9300:9300 \
docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
# Wait for Elasticsearch to be up # Wait for Elasticsearch to be up - try both localhost and 0.0.0.0
echo "Waiting for Elasticsearch to start..." echo "Waiting for Elasticsearch to start..."
until $(curl --output /dev/null --silent --head --fail http://localhost:9200); do until $(curl --output /dev/null --silent --head --fail http://localhost:9200 || curl --output /dev/null --silent --head --fail http://0.0.0.0:9200); do
printf '.' printf '.'
sleep 5 sleep 5
done done