OpenSearch/plugin/bin/x-pack/certgen

80 lines
2.1 KiB
Plaintext
Raw Normal View History

#!/bin/bash
# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
# or more contributor license agreements. Licensed under the Elastic License;
# you may not use this file except in compliance with the Elastic License.
SCRIPT="$0"
# SCRIPT may be an arbitrarily deep series of symlinks. Loop until we have the concrete path.
while [ -h "$SCRIPT" ] ; do
ls=`ls -ld "$SCRIPT"`
# Drop everything prior to ->
link=`expr "$ls" : '.*-> \(.*\)$'`
if expr "$link" : '/.*' > /dev/null; then
SCRIPT="$link"
else
SCRIPT=`dirname "$SCRIPT"`/"$link"
fi
done
# determine elasticsearch home
ES_HOME=`dirname "$SCRIPT"`/../..
# make ELASTICSEARCH_HOME absolute
ES_HOME=`cd "$ES_HOME"; pwd`
source "$ES_HOME/bin/elasticsearch.in.sh"
if [ -x "$JAVA_HOME/bin/java" ]; then
JAVA="$JAVA_HOME/bin/java"
else
JAVA=`which java`
fi
if [ ! -x "$JAVA" ]; then
echo "Could not find any executable java binary. Please install java in your PATH or set JAVA_HOME"
exit 1
fi
if [ -z "$ES_CLASSPATH" ]; then
echo "You must set the ES_CLASSPATH var" >&2
exit 1
fi
if [ -z "$CONF_DIR" ]; then
# Try to read package config files
if [ -f "/etc/sysconfig/elasticsearch" ]; then
CONF_DIR=/etc/elasticsearch
. "/etc/sysconfig/elasticsearch"
elif [ -f "/etc/default/elasticsearch" ]; then
CONF_DIR=/etc/elasticsearch
. "/etc/default/elasticsearch"
fi
fi
# include x-pack jars in classpath
ES_CLASSPATH="$ES_CLASSPATH:$ES_HOME/plugins/x-pack/*"
# don't let JAVA_TOOL_OPTIONS slip in (e.g. crazy agents in ubuntu)
# works around https://bugs.launchpad.net/ubuntu/+source/jayatana/+bug/1441487
if [ "x$JAVA_TOOL_OPTIONS" != "x" ]; then
echo "Warning: Ignoring JAVA_TOOL_OPTIONS=$JAVA_TOOL_OPTIONS"
echo "Please pass JVM parameters via ES_JAVA_OPTS instead"
unset JAVA_TOOL_OPTIONS
fi
declare -a args=("$@")
if [ -e "$CONF_DIR" ]; then
args=("${args[@]}" --path.conf "$CONF_DIR")
fi
cd "$ES_HOME" > /dev/null
Migrate xpack to use the common ssl configuration This change migrates xpack (security, watcher, and monitoring) to use the common ssl configuration for the elastic stack. As part of this work, several aspects of how we deal with SSL has been modified. From a functionality perspective, an xpack wide configuration for SSL was added and all of the code that needs SSL uses the SSLService now. The following is a list of all of the aspects of xpack that can have their own SSL configuration, which are separate from the xpack wide configuration: * Transport * Transport profiles * HTTP Transport * Realms * Monitoring Exporters * HTTP Client In terms of the code, some cleanups were made with these changes. SSLConfiguration is now a concrete class and SSLConfiguration.Custom and SSLConfiguration.Global have been removed. The validate method on key and trust configurations has been removed and these classes will now throw exceptions when they are constructed with bad values. The OptionalSettings helper class has been removed as it was just a file with one line functions that made the code harder to understand. The SSL configuration and service classes have been moved from the security source directories to the main xpack source set. The SSLService now handles more of the configuration of the SSLEngine it returns to prevent callers from having to handle those aspects. The settings that get registered for SSL have been moved to XPackSettings. Also included in this PR is a update to the docs around SSL. This includes a large simplification to the documentation in that the certificate authority configuration section has been removed and the process that is documented for generating certificates only includes the CLI tool that we bundle. Closes elastic/elasticsearch#3104 Closes elastic/elasticsearch#2971 Closes elastic/elasticsearch#3164 Original commit: elastic/x-pack-elasticsearch@5bd9e5ef38b423dd1e1d9ea6d4d4179637b2df8b
2016-09-01 10:51:41 -04:00
"$JAVA" $ES_JAVA_OPTS -cp "$ES_CLASSPATH" -Des.path.home="$ES_HOME" org.elasticsearch.xpack.ssl.CertificateTool "${args[@]}"
status=$?
cd - > /dev/null
exit $status