From efd6c2b05d9e91d2b17f80c74b9ac3599251cd8d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20D=C3=BCren?=
<andreasdueren@Andreass-Mac-mini.local>
Date: Sun, 16 Mar 2025 17:54:24 +0100
Subject: [PATCH] Fix password handling and improve system limit detection
---
start.sh | 44 ++++++++++++++++++++++++++++++++++++--------
1 file changed, 36 insertions(+), 8 deletions(-)
diff --git a/start.sh b/start.sh
index 72e33c5..1651cc3 100644
--- a/start.sh
+++ b/start.sh
@@ -20,11 +20,13 @@ chown -R elasticsearch:elasticsearch /app/data
setup_password() {
# Check if password already exists
if [ -f /app/data/secrets/elastic_password ]; then
+ # Use -r flag to prevent backslash interpretation
ELASTIC_PASSWORD=$(cat /app/data/secrets/elastic_password)
echo "Using existing Elasticsearch password."
else
- # Generate a secure password - combination of letters, numbers, and special chars
- ELASTIC_PASSWORD=$(tr -dc 'A-Za-z0-9_!@#$%^&*()' < /dev/urandom | head -c 20)
+ # Generate a more container-safe password (alphanumeric only)
+ # Avoid special characters that could cause issues with command interpretation
+ ELASTIC_PASSWORD=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 20)
echo "Generated new secure password for Elasticsearch."
# Store password
@@ -112,7 +114,7 @@ configure_elasticsearch() {
# Add bootstrap password to keystore
echo "Setting bootstrap password..."
- if ! echo "$ELASTIC_PASSWORD" | su -c "ES_PATH_CONF=$ES_PATH_CONF ES_JAVA_HOME=/app/data/jdk $ES_HOME/bin/elasticsearch-keystore add -f -x 'bootstrap.password' --stdin" elasticsearch; then
+ if ! printf "%s" "$ELASTIC_PASSWORD" | su -c "ES_PATH_CONF=$ES_PATH_CONF ES_JAVA_HOME=/app/data/jdk $ES_HOME/bin/elasticsearch-keystore add -f -x 'bootstrap.password' --stdin" elasticsearch; then
echo "ERROR: Failed to add bootstrap password to keystore."
exit 1
fi
@@ -182,13 +184,39 @@ configure_elasticsearch() {
chmod 755 /app/data /app/data/config
}
-# Set system limits
+# Set system limits - be more tolerant of container restrictions
set_system_limits() {
echo "Setting system limits for Elasticsearch..."
- ulimit -n 65536 || echo "Warning: Could not set file descriptor limit"
- ulimit -l unlimited || echo "Warning: Could not set memory lock limit"
- echo never > /sys/kernel/mm/transparent_hugepage/enabled 2>/dev/null || true
- sysctl -w vm.max_map_count=262144 2>/dev/null || echo "Warning: Could not set vm.max_map_count"
+
+ # Try to set file descriptor limit, but don't fail if it doesn't work
+ ulimit -n 65536 2>/dev/null || echo "Warning: Could not set file descriptor limit (not critical)"
+
+ # Try to set memory lock limit, but don't fail if it doesn't work
+ ulimit -l unlimited 2>/dev/null || echo "Warning: Could not set memory lock limit (not critical)"
+
+ # Only try to update transparent huge pages if the file exists and is writable
+ if [ -w /sys/kernel/mm/transparent_hugepage/enabled ]; then
+ echo never > /sys/kernel/mm/transparent_hugepage/enabled 2>/dev/null || true
+ else
+ echo "Warning: Cannot modify transparent hugepage settings (read-only filesystem, not critical)"
+ fi
+
+ # Only try to update vm.max_map_count if sysctl is available and we have permission
+ if command -v sysctl >/dev/null && [ $(id -u) -eq 0 ]; then
+ sysctl -w vm.max_map_count=262144 2>/dev/null || echo "Warning: Could not set vm.max_map_count (not critical)"
+ else
+ echo "Warning: Could not set vm.max_map_count (not running as root or sysctl not available)"
+ fi
+
+ # Add a note about bootstrap.memory_lock if we couldn't set the memory lock
+ if ! ulimit -l unlimited 2>/dev/null; then
+ echo "Note: Memory locking unavailable. Setting bootstrap.memory_lock=false in elasticsearch.yml"
+ if grep -q "bootstrap.memory_lock:" $ES_PATH_CONF/elasticsearch.yml; then
+ sed -i 's/bootstrap.memory_lock:.*/bootstrap.memory_lock: false/' $ES_PATH_CONF/elasticsearch.yml
+ else
+ echo "bootstrap.memory_lock: false" >> $ES_PATH_CONF/elasticsearch.yml
+ fi
+ fi
}
# Configure JVM heap size