andreas/elasticsearch-cloudron
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Store bootstrap password only in keystore

Browse Source
This commit is contained in:
Your Name
2025-11-07 05:19:25 -06:00
parent 82825fd4c4
commit 825d522d5c
1 changed files with 1 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
start.sh
View File

@@ -111,24 +111,6 @@ configure_elasticsearch() {
chmod 755 $ES_PATH_CONF
chown -R elasticsearch:elasticsearch $ES_PATH_CONF
# Add bootstrap password to keystore
echo "Setting bootstrap password..."
# Verify keystore exists before trying to add password
if [ ! -f $ES_PATH_CONF/elasticsearch.keystore ]; then
echo "ERROR: Keystore not found, cannot add bootstrap password. Creating keystore first..."
setup_keystore || {
echo "CRITICAL ERROR: Failed to create keystore, cannot proceed."
exit 1
}
fi
# Now add the bootstrap password
if ! printf "%s" "$ELASTIC_PASSWORD" | su -c "ES_PATH_CONF=$ES_PATH_CONF ES_JAVA_HOME=/app/data/jdk $ES_HOME/bin/elasticsearch-keystore add -f -x 'bootstrap.password' --stdin" elasticsearch; then
echo "ERROR: Failed to add bootstrap password to keystore."
exit 1
fi
# Copy configuration files if needed
if [ ! -f $ES_PATH_CONF/elasticsearch.yml ]; then
echo "Setting up configuration files..."
@@ -422,7 +404,7 @@ start_elasticsearch() {
# Command to start Elasticsearch
ES_START_CMD="ES_PATH_CONF=$ES_PATH_CONF ES_JAVA_HOME=/app/data/jdk $ES_HOME/bin/elasticsearch"
ES_START_CMD="$ES_START_CMD -E xpack.security.enabled=true -E bootstrap.password=$ELASTIC_PASSWORD"
ES_START_CMD="$ES_START_CMD -E xpack.security.enabled=true"
# Add explicit settings for transport SSL
ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.enabled=true"
ES_START_CMD="$ES_START_CMD -E xpack.security.transport.ssl.verification_mode=certificate"