Fix password handling and improve system limit detection

start.sh

@@ -20,11 +20,13 @@ chown -R elasticsearch:elasticsearch /app/data
 setup_password() {
     # Check if password already exists
     if [ -f /app/data/secrets/elastic_password ]; then
+        # Use -r flag to prevent backslash interpretation
         ELASTIC_PASSWORD=$(cat /app/data/secrets/elastic_password)
         echo "Using existing Elasticsearch password."
     else
-        # Generate a secure password - combination of letters, numbers, and special chars
-        ELASTIC_PASSWORD=$(tr -dc 'A-Za-z0-9_!@#$%^&*()' < /dev/urandom | head -c 20)
+        # Generate a more container-safe password (alphanumeric only)
+        # Avoid special characters that could cause issues with command interpretation
+        ELASTIC_PASSWORD=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 20)
         echo "Generated new secure password for Elasticsearch."
         
         # Store password
@@ -112,7 +114,7 @@ configure_elasticsearch() {
     
     # Add bootstrap password to keystore
     echo "Setting bootstrap password..."
-    if ! echo "$ELASTIC_PASSWORD" | su -c "ES_PATH_CONF=$ES_PATH_CONF ES_JAVA_HOME=/app/data/jdk $ES_HOME/bin/elasticsearch-keystore add -f -x 'bootstrap.password' --stdin" elasticsearch; then
+    if ! printf "%s" "$ELASTIC_PASSWORD" | su -c "ES_PATH_CONF=$ES_PATH_CONF ES_JAVA_HOME=/app/data/jdk $ES_HOME/bin/elasticsearch-keystore add -f -x 'bootstrap.password' --stdin" elasticsearch; then
         echo "ERROR: Failed to add bootstrap password to keystore."
         exit 1
     fi
@@ -182,13 +184,39 @@ configure_elasticsearch() {
     chmod 755 /app/data /app/data/config
 }
 
-# Set system limits
+# Set system limits - be more tolerant of container restrictions
 set_system_limits() {
     echo "Setting system limits for Elasticsearch..."
-    ulimit -n 65536 || echo "Warning: Could not set file descriptor limit"
-    ulimit -l unlimited || echo "Warning: Could not set memory lock limit"
-    echo never > /sys/kernel/mm/transparent_hugepage/enabled 2>/dev/null || true
-    sysctl -w vm.max_map_count=262144 2>/dev/null || echo "Warning: Could not set vm.max_map_count"
+    
+    # Try to set file descriptor limit, but don't fail if it doesn't work
+    ulimit -n 65536 2>/dev/null || echo "Warning: Could not set file descriptor limit (not critical)"
+    
+    # Try to set memory lock limit, but don't fail if it doesn't work
+    ulimit -l unlimited 2>/dev/null || echo "Warning: Could not set memory lock limit (not critical)"
+    
+    # Only try to update transparent huge pages if the file exists and is writable
+    if [ -w /sys/kernel/mm/transparent_hugepage/enabled ]; then
+        echo never > /sys/kernel/mm/transparent_hugepage/enabled 2>/dev/null || true
+    else
+        echo "Warning: Cannot modify transparent hugepage settings (read-only filesystem, not critical)"
+    fi
+    
+    # Only try to update vm.max_map_count if sysctl is available and we have permission
+    if command -v sysctl >/dev/null && [ $(id -u) -eq 0 ]; then
+        sysctl -w vm.max_map_count=262144 2>/dev/null || echo "Warning: Could not set vm.max_map_count (not critical)"
+    else
+        echo "Warning: Could not set vm.max_map_count (not running as root or sysctl not available)"
+    fi
+    
+    # Add a note about bootstrap.memory_lock if we couldn't set the memory lock
+    if ! ulimit -l unlimited 2>/dev/null; then
+        echo "Note: Memory locking unavailable. Setting bootstrap.memory_lock=false in elasticsearch.yml"
+        if grep -q "bootstrap.memory_lock:" $ES_PATH_CONF/elasticsearch.yml; then
+            sed -i 's/bootstrap.memory_lock:.*/bootstrap.memory_lock: false/' $ES_PATH_CONF/elasticsearch.yml
+        else
+            echo "bootstrap.memory_lock: false" >> $ES_PATH_CONF/elasticsearch.yml
+        fi
+    fi
 }
 
 # Configure JVM heap size