honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove customization of ES_USER and ES_GROUP 

This removes the ability to configure Elasticsearch to use custom username
and/or group when it is run.

Resolves #23848
This commit is contained in:
Lee Hinman 2017-04-07 14:21:35 -06:00
parent 09efdc3151
commit 162ce85ff2
9 changed files with 54 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
distribution/deb/src/main/packaging/init.d/elasticsearch
View File

@ -32,10 +32,6 @@ fi
# The following variables can be overwritten in $DEFAULT
# Run Elasticsearch as this user ID and group ID
ES_USER=elasticsearch
ES_GROUP=elasticsearch
# Directory where the Elasticsearch binary distribution resides
ES_HOME=/usr/share/$NAME
@ -76,6 +72,12 @@ if [ ! -z "$CONF_FILE" ]; then
exit 1
fi
# ES_USER and ES_GROUP settings were removed
if [ ! -z "$ES_USER" ] || [ ! -z "$ES_GROUP" ]; then
echo "ES_USER and ES_GROUP settings are no longer supported. To run as a custom user/group use the archive distribution of Elasticsearch."
exit 1
fi
# Define other required variables
PID_FILE="$PID_DIR/$NAME.pid"
DAEMON=$ES_HOME/bin/elasticsearch
@ -119,10 +121,10 @@ case "$1" in
# Ensure that the PID_DIR exists (it is cleaned at OS startup time)
if [ -n "$PID_DIR" ] && [ ! -e "$PID_DIR" ]; then
mkdir -p "$PID_DIR" && chown "$ES_USER":"$ES_GROUP" "$PID_DIR"
mkdir -p "$PID_DIR" && chown elasticsearch:elasticsearch "$PID_DIR"
fi
if [ -n "$PID_FILE" ] && [ ! -e "$PID_FILE" ]; then
touch "$PID_FILE" && chown "$ES_USER":"$ES_GROUP" "$PID_FILE"
touch "$PID_FILE" && chown elasticsearch:elasticsearch "$PID_FILE"
fi
if [ -n "$MAX_OPEN_FILES" ]; then
@ -138,7 +140,7 @@ case "$1" in
fi
# Start Daemon
start-stop-daemon -d $ES_HOME --start --user "$ES_USER" -c "$ES_USER" --pidfile "$PID_FILE" --exec $DAEMON -- $DAEMON_OPTS
start-stop-daemon -d $ES_HOME --start --user elasticsearch -c elasticsearch --pidfile "$PID_FILE" --exec $DAEMON -- $DAEMON_OPTS
return=$?
if [ $return -eq 0 ]; then
i=0
@ -162,7 +164,7 @@ case "$1" in
if [ -f "$PID_FILE" ]; then
start-stop-daemon --stop --pidfile "$PID_FILE" \
--user "$ES_USER" \
--user elasticsearch \
--quiet \
--retry forever/TERM/20 > /dev/null
if [ $? -eq 1 ]; then

19
distribution/rpm/src/main/packaging/init.d/elasticsearch
View File

@ -32,8 +32,6 @@ if [ -f /etc/rc.d/init.d/functions ]; then
fi
# Sets the default values for elasticsearch variables used in this script
ES_USER="elasticsearch"
ES_GROUP="elasticsearch"
ES_HOME="/usr/share/elasticsearch"
MAX_OPEN_FILES=65536
MAX_MAP_COUNT=262144
@ -55,6 +53,12 @@ if [ ! -z "$CONF_FILE" ]; then
exit 1
fi
# ES_USER and ES_GROUP settings were removed
if [ ! -z "$ES_USER" ] || [ ! -z "$ES_GROUP" ]; then
echo "ES_USER and ES_GROUP settings are no longer supported. To run as a custom user/group use the archive distribution of Elasticsearch."
exit 1
fi
exec="$ES_HOME/bin/elasticsearch"
prog="elasticsearch"
pidfile="$PID_DIR/${prog}.pid"
@ -67,11 +71,6 @@ export ES_STARTUP_SLEEP_TIME
lockfile=/var/lock/subsys/$prog
# backwards compatibility for old config sysconfig files, pre 0.90.1
if [ -n $USER ] && [ -z $ES_USER ] ; then
ES_USER=$USER
fi
if [ ! -x "$exec" ]; then
echo "The elasticsearch startup script does not exists or it is not executable, tried: $exec"
exit 1
@ -106,16 +105,16 @@ start() {
# Ensure that the PID_DIR exists (it is cleaned at OS startup time)
if [ -n "$PID_DIR" ] && [ ! -e "$PID_DIR" ]; then
mkdir -p "$PID_DIR" && chown "$ES_USER":"$ES_GROUP" "$PID_DIR"
mkdir -p "$PID_DIR" && chown elasticsearch:elasticsearch "$PID_DIR"
fi
if [ -n "$pidfile" ] && [ ! -e "$pidfile" ]; then
touch "$pidfile" && chown "$ES_USER":"$ES_GROUP" "$pidfile"
touch "$pidfile" && chown elasticsearch:elasticsearch "$pidfile"
fi
cd $ES_HOME
echo -n $"Starting $prog: "
# if not running, start it up here, usually something like "daemon $exec"
daemon --user $ES_USER --pidfile $pidfile $exec -p $pidfile -d -Edefault.path.logs=$LOG_DIR -Edefault.path.data=$DATA_DIR -Edefault.path.conf=$CONF_DIR
daemon --user elasticsearch --pidfile $pidfile $exec -p $pidfile -d -Edefault.path.logs=$LOG_DIR -Edefault.path.data=$DATA_DIR -Edefault.path.conf=$CONF_DIR
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile

8
distribution/src/main/packaging/env/elasticsearch vendored
View File

@ -32,14 +32,6 @@
# SysV init.d
#
# When executing the init script, this user will be used to run the elasticsearch service.
# The default value is 'elasticsearch' and is declared in the init.d file.
# Note that this setting is only used by the init script. If changed, make sure that
# the configured user can read and write into the data, work, plugins and log directories.
# For systemd service, the user is usually configured in file /usr/lib/systemd/system/elasticsearch.service
#ES_USER=elasticsearch
#ES_GROUP=elasticsearch
# The number of seconds to wait before checking if Elasticsearch started successfully as a daemon process
ES_STARTUP_SLEEP_TIME=5

10
distribution/src/main/packaging/scripts/postinst
View File

@ -10,10 +10,6 @@
# Sets the default values for elasticsearch variables used in this script
ES_USER="elasticsearch"
ES_GROUP="elasticsearch"
# Source the default env file
ES_ENV_FILE="${path.env}"
if [ -f "$ES_ENV_FILE" ]; then
@ -110,9 +106,9 @@ elif [ "$RESTART_ON_UPGRADE" = "true" ]; then
echo " OK"
fi
chown -R $ES_USER:$ES_GROUP /var/lib/elasticsearch
chown -R $ES_USER:$ES_GROUP /var/log/elasticsearch
chown -R root:$ES_GROUP /etc/elasticsearch
chown -R elasticsearch:elasticsearch /var/lib/elasticsearch
chown -R elasticsearch:elasticsearch /var/log/elasticsearch
chown -R root:elasticsearch /etc/elasticsearch
chmod 0750 /etc/elasticsearch
chmod 0750 /etc/elasticsearch/scripts

10
distribution/src/main/packaging/scripts/postrm
View File

@ -46,8 +46,6 @@ case "$1" in
esac
# Sets the default values for elasticsearch variables used in this script
ES_USER="elasticsearch"
ES_GROUP="elasticsearch"
LOG_DIR="/var/log/elasticsearch"
PLUGINS_DIR="/usr/share/elasticsearch/plugins"
PID_DIR="/var/run/elasticsearch"
@ -95,12 +93,12 @@ if [ "$REMOVE_DIRS" = "true" ]; then
fi
if [ "$REMOVE_USER_AND_GROUP" = "true" ]; then
if id "$ES_USER" > /dev/null 2>&1 ; then
userdel "$ES_USER"
if id elasticsearch > /dev/null 2>&1 ; then
userdel elasticsearch
fi
if getent group "$ES_GROUP" > /dev/null 2>&1 ; then
groupdel "$ES_GROUP"
if getent group elasticsearch > /dev/null 2>&1 ; then
groupdel elasticsearch
fi
fi

32
distribution/src/main/packaging/scripts/preinst
View File

@ -11,10 +11,6 @@
# Sets the default values for elasticsearch variables used in this script
ES_USER="elasticsearch"
ES_GROUP="elasticsearch"
# Source the default env file
ES_ENV_FILE="${path.env}"
if [ -f "$ES_ENV_FILE" ]; then
@ -27,22 +23,22 @@ case "$1" in
install|upgrade)
# Create elasticsearch group if not existing
if ! getent group "$ES_GROUP" > /dev/null 2>&1 ; then
echo -n "Creating $ES_GROUP group..."
addgroup --quiet --system "$ES_GROUP"
if ! getent group elasticsearch > /dev/null 2>&1 ; then
echo -n "Creating elasticsearch group..."
addgroup --quiet --system elasticsearch
echo " OK"
fi
# Create elasticsearch user if not existing
if ! id $ES_USER > /dev/null 2>&1 ; then
echo -n "Creating $ES_USER user..."
if ! id elasticsearch > /dev/null 2>&1 ; then
echo -n "Creating elasticsearch user..."
adduser --quiet \
--system \
--no-create-home \
--ingroup "$ES_GROUP" \
--ingroup elasticsearch \
--disabled-password \
--shell /bin/false \
"$ES_USER"
elasticsearch
echo " OK"
fi
;;
@ -53,21 +49,21 @@ case "$1" in
1|2)
# Create elasticsearch group if not existing
if ! getent group "$ES_GROUP" > /dev/null 2>&1 ; then
echo -n "Creating $ES_GROUP group..."
groupadd -r "$ES_GROUP"
if ! getent group elasticsearch > /dev/null 2>&1 ; then
echo -n "Creating elasticsearch group..."
groupadd -r elasticsearch
echo " OK"
fi
# Create elasticsearch user if not existing
if ! id $ES_USER > /dev/null 2>&1 ; then
echo -n "Creating $ES_USER user..."
if ! id elasticsearch > /dev/null 2>&1 ; then
echo -n "Creating elasticsearch user..."
useradd -r \
-M \
--gid "$ES_GROUP" \
--gid elasticsearch \
--shell /sbin/nologin \
--comment "elasticsearch user" \
"$ES_USER"
elasticsearch
echo " OK"
fi
;;

3
docs/reference/migration/migrate_6_0.asciidoc
View File

@ -39,6 +39,7 @@ way to reindex old indices is to use the `reindex` API.
* <<breaking_60_ingest_changes>>
* <<breaking_60_percolator_changes>>
* <<breaking_60_java_changes>>
* <<breaking_60_packaging_changes>>
include::migrate_6_0/cat.asciidoc[]
@ -69,3 +70,5 @@ include::migrate_6_0/ingest.asciidoc[]
include::migrate_6_0/percolator.asciidoc[]
include::migrate_6_0/java.asciidoc[]
include::migrate_6_0/packaging.asciidoc[]

11
docs/reference/migration/migrate_6_0/packaging.asciidoc Normal file
View File

@ -0,0 +1,11 @@
[[breaking_60_packaging_changes]]
=== Packaging changes
==== Configuring custom user and group for package is no longer allowed
Previously someone could configure the `$ES_USER` and `$ES_GROUP` variables to
change which user and group Elasticsearch was run as. This is no longer
possible, the DEB and RPM packages now exclusively use the user and group
`elasticsearch`. If a custom user or group is needed then a provisioning system
should use the tarball distribution instead of the provided RPM and DEB
packages.

8
docs/reference/setup/install/sysconfig-file.asciidoc
View File

@ -1,12 +1,4 @@
[horizontal]
`ES_USER`::
The user to run as, defaults to `elasticsearch`.
`ES_GROUP`::
The group to run as, defaults to `elasticsearch`.
`JAVA_HOME`::
Set a custom Java path to be used.