Skip to content

Bug 1884812: Addressing permissions warning in ES start up logs #1991

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 2, 2020
Merged

Bug 1884812: Addressing permissions warning in ES start up logs #1991

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion elasticsearch/install-es.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,4 +43,4 @@ chmod u+rwx,g+rwx ${ES_HOME}/logs
mkdir -p /var/run/elasticsearch
chmod u+rwx,g+rwx /var/run/elasticsearch
mkdir /elasticsearch && chmod og+w /elasticsearch
rm -rf elasticsearch-${ES_VER} es.zip extra-jvm.options
rm -rf elasticsearch-${ES_VER} es.zip extra-jvm.options
2 changes: 2 additions & 0 deletions elasticsearch/run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,8 @@ build_jks_truststores
# this is because the deployment mounts the configmap at /usr/share/java/elasticsearch/config
cp /usr/share/java/elasticsearch/config/* $ES_PATH_CONF

chmod 600 ${ES_PATH_CONF}/index_settings

HEAP_DUMP_LOCATION="${HEAP_DUMP_LOCATION:-/elasticsearch/persistent/hdump.prof}"
info Setting heap dump location "$HEAP_DUMP_LOCATION"

Expand Down
13 changes: 9 additions & 4 deletions elasticsearch/utils/logging
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,9 @@ build_jks_truststores() {
-noprompt \
-alias sig-ca
fi

# set all files to 600 and dir to 700
chmod -R go-rwx,u+X $secret_dir
}

# Wait for Elasticsearch port to be opened. Fail on timeout or if response from Elasticsearch is unexpected.
Expand Down Expand Up @@ -181,22 +184,25 @@ build_jks_from_pem() {
-destkeystore $secret_dir/$jks_name.jks \
-deststoretype JKS \
-deststorepass kspass \
-noprompt
-noprompt \
2>/dev/null

keytool \
-changealias \
-keystore $secret_dir/$jks_name.jks \
-storepass kspass \
-alias 1 \
-destalias $jks_name
-destalias $jks_name \
2>/dev/null

keytool \
-import \
-file $secret_dir/$ca_name \
-keystore $secret_dir/$jks_name.jks \
-storepass kspass \
-noprompt \
-alias sig-ca
-alias sig-ca \
2>/dev/null
}

copy_keys_to_secretdir() {
Expand All @@ -209,6 +215,5 @@ copy_keys_to_secretdir() {
fi

cp $provided_secret_dir/* $secret_dir/
chmod 0600 $secret_dir/*
fi
}