-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathinstallelasticsearch.txt
More file actions
303 lines (235 loc) · 9.49 KB
/
installelasticsearch.txt
File metadata and controls
303 lines (235 loc) · 9.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
#!/bin/sh
set -e
#
# This script is meant for quick & easy install via:
# 'curl -sSL https://healthcatalyst.github.io/InstallScripts/installelasticsearch.txt | sh -s <ip1> <ip2> <ip3>'
# 'curl -sSL https://healthcatalyst.github.io/InstallScripts/installelasticsearch.txt | sh -s 10.4.0.5 10.4.0.6 10.4.0.7 ssl'
# or:
# 'wget -qO- https://healthcatalyst.github.io/InstallScripts/installelasticsearch.txt | sh -s <ip1> <ip2> <ip3>'
#
echo "starting version 2.15"
clustername=""
defaultpassword=""
echo "Please enter name for cluster:"
read -e clustername < /dev/tty
echo "Please type in password to use for ElasticSearch built-in accounts:"
read -e defaultpassword < /dev/tty
echo "Starting setup..."
u="$(whoami)"
echo "User name: $u"
declare -i freememInBytes=10
freememInBytes=$(free|awk '/^Mem:/{print $2}')
freememInGB=$(($freememInBytes/1000000))
memToUseForES=$(($freememInGB-8))
# Remember: no spaces allowed in variable set commands in bash
ip1="$1"
ip2="$2"
ip3="$3"
ssl="$4"
paramsToES=""
externalip=$(curl ipecho.net/plain)
# http://stackoverflow.com/questions/8529181/which-terminal-command-to-get-just-ip-address-and-nothing-else
myip=$(ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
#myip=$(hostname -i)
echo "MyIP:"$myip
# create /opt/install folder
installfolder="/opt/install/"
installscriptfile="updatedocker"
installscript="$installfolder$installscriptfile"
mkdir -p $HOME/bin
if [[ ! -d "$installfolder" ]]; then
sudo mkdir -p $installfolder
sudo setfacl -m u:$u:rwx $installfolder
fi
# if no IP passed then use this node's IP for ElasticSearch
if [ -z "$ip1" ]; then
echo "No IP passed in command line so setting ip1 to $myip"
ip1="$myip"
ip2="$myip"
ip3="$myip"
fi
hosts="$ip1"
hostname="$(hostname -s)"
if [ ! -z "$ip2" ]; then
hosts="$hosts"",""$ip2"
fi
if [ ! -z "$ip3" ]; then
hosts="$hosts"",""$ip3"
fi
# ask if user wants to use SSL
if [ -z "$ssl" ]; then
while true; do
read -e -p "Do you wish to turn on SSL?" yn < /dev/tty
case $yn in
[Yy]* ) ssl="yes"; break;;
[Nn]* ) break;;
* ) echo "Please answer yes or no.";;
esac
done
fi
if [ ! -z "$ssl" ]; then
echo "Setting up SSL"
if [[ ! -f "$installfolder/node.key" ]]; then
echo "$installfolder/node.key does not exist"
exit 1
fi
if [[ ! -f "$installfolder/node.crt" ]]; then
echo "$installfolder/node.crt does not exist"
exit 1
fi
if [[ ! -f "$installfolder/ca.crt" ]]; then
echo "$installfolder/ca.crt does not exist"
exit 1
fi
paramsToES="-e xpack.security.http.ssl.enabled=true -e xpack.ssl.key=node.key -e xpack.ssl.certificate=node.crt -e xpack.ssl.certificate_authorities=ca.crt -e xpack.security.transport.ssl.enabled=true -e xpack.security.transport.ssl.verification_mode=certificate"
fi
if [ $freememInGB -lt 8 ]; then
echo "WARNING: Less than 8GB of memory is free so setting ES to run in 2GB but this is not recommended for good performance"
javaOpts="-Xms2g -Xmx2g"
else
echo "Using $memToUseForES GB of memory for ElasticSearch"
javaOpts="-Xms"$memToUseForES"g -Xmx"$memToUseForES"g"
fi
echo "==== Parameters ======"
echo "node name: [$hostname]"
echo "ip1: $ip1"
echo "ip2: $ip2"
echo "ip3: $ip3"
echo "myip: $myip"
echo "hosts: $hosts"
echo "freememInBytes: $freememInBytes"
echo "javaOpts: $javaOpts"
echo "==== End Parameters ===="
echo "==== Creating update script ===="
echo "#!/bin/sh" > $installscript
echo "curl -sSL https://healthcatalyst.github.io/InstallScripts/installelasticsearch.txt | sh -s $@" >> $installscript
chmod +x $installscript
if [[ ! -e "$HOME/bin/$installscriptfile" ]]; then
echo "creating a symbolic link for install file"
echo "ln -f -s $installscript $HOME/bin/$installscriptfile"
ln -f -s $installscript $HOME/bin/$installscriptfile
fi
echo "==== Update script ===="
cat $installscript
echo "==== End Update Script ===="
echo "==== Downloading and installing ElasticSearch Docker container ===="
echo "==== existing containers on this host ===="
docker ps -a
echo "==== existing images on this host ===="
docker images
echo "==== existing volumes on this host ===="
docker volume ls
data1File="/mnt/data1"
data2File="/mnt/data2"
if [[ ! -d "$data1File" ]]; then
echo "$data1File does not exist so creating docker volumes"
data1File="$installfolder"data1
data2File="$installfolder"data2
if [[ ! -d "$data1File" ]]; then
sudo mkdir -p $data1File
sudo setfacl -m u:$u:rwx $data1File
fi
if [[ ! -d "$data2File" ]]; then
sudo mkdir -p $data2File
sudo setfacl -m u:$u:rwx $data2File
fi
else
# give permissions
sudo setfacl -m u:$u:rwx $data1File
sudo setfacl -m u:$u:rwx $data2File
fi
volumeParam="-v $data1File:/usr/share/elasticsearch/data1 -v $data2File:/usr/share/elasticsearch/data2"
# delete old versions
echo "stopping existing docker container"
docker stop dockerelasticsearch || echo 'no container to stop'
echo "removing docker container"
docker rm dockerelasticsearch || echo 'no container to remove'
echo "removing docker image"
docker rmi imranq2/dockerelasticsearch || echo 'no image to remove'
echo "stopping existing docker container"
docker stop fabric.docker.elasticsearch || echo 'no container to stop'
echo "removing docker container"
docker rm fabric.docker.elasticsearch || echo 'no container to remove'
echo "removing docker image"
docker rmi healthcatalyst/fabric.docker.elasticsearch || echo 'no image to remove'
echo "pulling latest docker image from repo"
docker pull healthcatalyst/fabric.docker.elasticsearch
echo "starting docker container with new image"
set -x
# https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html
docker run -d -p 9200:9200 -p 9300:9300 $volumeParam --restart=unless-stopped --cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=262144:262144 --security-opt seccomp=unconfined -e ES_JAVA_OPTS="$javaOpts" -e network.host=_eth0_ -e network.publish_host=$myip -e node.name=$hostname -e discovery.zen.ping.unicast.hosts="$hosts" -e cluster.name=$clustername -e xpack.security.enabled=true -e bootstrap.memory_lock=true -e path.data="/usr/share/elasticsearch/data1,/usr/share/elasticsearch/data2" -e path.logs="/usr/share/elasticsearch/data1,/usr/share/elasticsearch/data2" -e http.compression=true $paramsToES --name fabric.docker.elasticsearch healthcatalyst/fabric.docker.elasticsearch
set +x
echo "sleeping until docker container is up"
until [ "`/usr/bin/docker inspect -f {{.State.Running}} fabric.docker.elasticsearch`"=="true" ]; do
sleep 1s;
done;
nodekeyfile="node.key"
nodekeypath="$installfolder$nodekeyfile"
protocol="http"
if [ ! -z "$ssl" ]; then
echo "Checking if [$nodekeypath] exists"
if [[ -f "$nodekeypath" ]]; then
echo "copying ssl keys from $installfolder"
docker cp $installfolder/node.key fabric.docker.elasticsearch:/usr/share/elasticsearch/config
docker cp $installfolder/node.crt fabric.docker.elasticsearch:/usr/share/elasticsearch/config
docker cp $installfolder/ca.crt fabric.docker.elasticsearch:/usr/share/elasticsearch/config
protocol="https"
else
echo "ERROR: No key files found in [$nodekeypath] so cannot set up SSL"
fi
docker restart fabric.docker.elasticsearch
echo "sleeping until docker container is up"
until [ "`/usr/bin/docker inspect -f {{.State.Running}} fabric.docker.elasticsearch`"=="true" ]; do
sleep 1s;
done;
fi
echo "==== Listing running docker containers ===="
docker ps
echo "sleeping for 30 secs"
sleep 30s;
echo "==== calling ElasticSearch from localhost ===="
declare -i c=10
c=0
# disable set -e so the script does not break when there is an error with curl
set +e
while [ $c -lt 60 ]; do
echo "curl -X GET $protocol://localhost:9200"
curl -X GET -u elastic:changeme $protocol://localhost:9200 -k
RETVAL=$?
echo "RETVAL:[$RETVAL]"
if [ $RETVAL -eq 0 ]; then
break
fi
c=$c+1
echo "Trying again [$c]"
sleep 1s
done
set -e
# https://www.elastic.co/guide/en/x-pack/current/setting-up-authentication.html
echo "Resetting default passwords"
set -x
responseStatus=$(curl -X GET -u elastic:changeme $protocol://localhost:9200 -k | jq -s .[0].status)
if [ "$responseStatus" == "401" ]; then
echo "default password was already changed"
else
echo "changing default password"
curl -XPUT -u elastic:changeme "$protocol://localhost:9200/_xpack/security/user/elastic/_password" -d"{ \"password\": \"$defaultpassword\"}" -k
fi
curl -XPUT -u elastic:$defaultpassword "$protocol://localhost:9200/_xpack/security/user/kibana/_password" -d"{ \"password\": \"$defaultpassword\"}" -k
curl -XPUT -u elastic:$defaultpassword "$protocol://localhost:9200/_xpack/security/user/logstash_system/_password" -d"{ \"password\": \"$defaultpassword\"}" -k
echo "curl -X GET $protocol://localhost:9200/_cluster/health?pretty"
curl -X GET -u elastic:$defaultpassword $protocol://localhost:9200/_cluster/health?pretty -k
set +x
echo "listing all nodes"
curl -XGET -u elastic:$defaultpassword $protocol://localhost:9200/_nodes/_all/host,ip,name?pretty -k
echo "creating a test index"
curl -XPOST -u elastic:$defaultpassword "$protocol://localhost:9200/testindex/testdoc/1" -d'{"name": "foo","age":10}' -k
echo "querying test document"
curl -XPOST -u elastic:$defaultpassword "$protocol://localhost:9200/testindex/_search?pretty" -d'{"query": {"match_all": {}}}' -k
# echo "checking from externalip"
# curl -X GET http://$externalip:9200
externalip=$(curl ipecho.net/plain)
echo "External IP:" $externalip
echo "==== All Done ===="
echo "NOTE To update the docker image on this host in the future, just run"
echo "$installscriptfile"