github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-24 23:27:25 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/distribution/packages/src/common/scripts/postinst
Rory Hunter d2dbef5063
Convert repository plugins to modules (#81870) 
Closes #81652.

Convert the `repository-azure`, `repository-gcs` and `repository-s3`
plugins into modules, so that they are always included in the
Elasticsearch distribution. Also change plugin installation, removal
and syncing so that attempting to add or remove these plugins still
succeeds but is now a no-op.
2022-01-10 10:45:42 +00:00

152 lines
6.3 KiB
Text
Raw Blame History

#
# This script is executed in the post-installation phase
#
# On Debian,
# $1=configure : is set to 'configure' and if $2 is set, it is an upgrade
#
# On RedHat,
# $1=0 : indicates a removal
# $1=1 : indicates an upgrade
set -e
# source the default env file
if [ -f "@path.env@" ]; then
. "@path.env@"
fi
export ES_PATH_CONF=${ES_PATH_CONF:-@path.conf@}
IS_UPGRADE=false
case "$1" in
# Debian ####################################################
configure)
# If $1=configure and $2 is set, this is an upgrade
if [ -n "$2" ]; then
IS_UPGRADE=true
fi
PACKAGE=deb
;;
abort-upgrade|abort-remove|abort-deconfigure)
PACKAGE=deb
;;
# RedHat ####################################################
1)
# If $1=1 this is an install
IS_UPGRADE=false
PACKAGE=rpm
;;
2)
# If $1=1 this is an upgrade
IS_UPGRADE=true
PACKAGE=rpm
;;
*)
echo "post install script called with unknown argument \`$1'" >&2
exit 1
;;
esac
# to pick up /usr/lib/sysctl.d/elasticsearch.conf
if command -v systemctl > /dev/null; then
systemctl restart systemd-sysctl.service || true
fi
if [ "x$IS_UPGRADE" != "xtrue" ]; then
# Don't exit immediately on error, we want to hopefully print some helpful banners
set +e
# Attempt to auto-configure security, this seems to be an installation
if ES_MAIN_CLASS=org.elasticsearch.xpack.security.cli.AutoConfigureNode \
ES_ADDITIONAL_SOURCES="x-pack-env;x-pack-security-env" \
ES_ADDITIONAL_CLASSPATH_DIRECTORIES=lib/tools/security-cli \
/usr/share/elasticsearch/bin/elasticsearch-cli <<< ""; then
# Above command runs as root and TLS keystores are created group-owned by root. It's simple to correct the ownership here
chown root:elasticsearch "${ES_PATH_CONF}"/certs/http.p12
chown root:elasticsearch "${ES_PATH_CONF}"/certs/http_ca.crt
chown root:elasticsearch "${ES_PATH_CONF}"/certs/transport.p12
if INITIAL_PASSWORD=$(ES_MAIN_CLASS=org.elasticsearch.xpack.security.enrollment.tool.AutoConfigGenerateElasticPasswordHash \
ES_ADDITIONAL_SOURCES="x-pack-env;x-pack-security-env" \
ES_ADDITIONAL_CLASSPATH_DIRECTORIES=lib/tools/security-cli \
/usr/share/elasticsearch/bin/elasticsearch-cli); then
echo "--------------------------- Security autoconfiguration information ------------------------------"
echo
echo "Authentication and authorization are enabled."
echo "TLS for the transport and HTTP layers is enabled and configured."
echo
echo "The generated password for the elastic built-in superuser is : ${INITIAL_PASSWORD}"
echo
echo "If this node should join an existing cluster, you can reconfigure this with"
echo "'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'"
echo "after creating an enrollment token on your existing cluster."
echo
echo "You can complete the following actions at any time:"
echo
echo "Reset the password of the elastic built-in superuser with "
echo "'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'."
echo
echo "Generate an enrollment token for Kibana instances with "
echo " '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'."
echo
echo "Generate an enrollment token for Elasticsearch nodes with "
echo "'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'."
echo
echo "-------------------------------------------------------------------------------------------------"
fi
else
if [ $? -eq 80 ]; then
# ExitCodes.NOOP
echo "--------------------------- Security autoconfiguration information ------------------------------"
echo
echo "Skipping auto-configuration because security features appear to be already configured."
echo
echo "-------------------------------------------------------------------------------------------------"
else
echo "--------------------------- Security autoconfiguration information ------------------------------"
echo
echo "Failed to auto-configure security features."
echo "However, authentication and authorization are still enabled."
echo
echo "You can reset the password of the elastic built-in superuser with "
echo "'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic' at any time."
echo "-------------------------------------------------------------------------------------------------"
fi
fi
if command -v systemctl >/dev/null; then
echo "### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd"
echo " sudo systemctl daemon-reload"
echo " sudo systemctl enable elasticsearch.service"
echo "### You can start elasticsearch service by executing"
echo " sudo systemctl start elasticsearch.service"
fi
set -e
elif [ "$RESTART_ON_UPGRADE" = "true" ]; then
echo -n "Restarting elasticsearch service..."
if command -v systemctl >/dev/null; then
systemctl daemon-reload
systemctl restart elasticsearch.service || true
fi
echo " OK"
fi
# the equivalent code for rpm is in posttrans
if [ "$PACKAGE" = "deb" ]; then
if [ ! -f "${ES_PATH_CONF}"/elasticsearch.keystore ]; then
/usr/share/elasticsearch/bin/elasticsearch-keystore create
chown root:elasticsearch "${ES_PATH_CONF}"/elasticsearch.keystore
chmod 660 "${ES_PATH_CONF}"/elasticsearch.keystore
else
if /usr/share/elasticsearch/bin/elasticsearch-keystore has-passwd --silent ; then
echo "### Warning: unable to upgrade encrypted keystore" 1>&2
echo " Please run elasticsearch-keystore upgrade and enter password" 1>&2
else
/usr/share/elasticsearch/bin/elasticsearch-keystore upgrade
fi
fi
fi
@scripts.footer@
Reference in a new issue View git blame Copy permalink