Merge pull request #232 from Automattic/refactor-elasticsearch

refactor(elasticsearch): support Debian and Ubuntu, support ES8

features/src/elasticsearch/.gitignore

@@ -0,0 +1 @@
+*.tar.gz

features/src/elasticsearch/devcontainer-feature.json

@@ -2,16 +2,22 @@
     "id": "elasticsearch",
     "name": "Elasticsearch",
     "description": "Sets up Elasticsearch into the Dev Environment",
-    "version": "1.0.4",
+    "version": "1.1.0",
     "containerEnv": {
-        "ES_TMPDIR": "/opt/elasticsearch/tmp"
+        "ES_TMPDIR": "/usr/share/elasticsearch/tmp"
     },
     "options": {
         "enabled": {
             "type": "boolean",
-            "default": false,
+            "default": true,
             "description": "Enable Elasticsearch"
         },
+        "version": {
+            "type": "string",
+            "default": "7.17.21",
+            "description": "Elasticsearch version to install",
+            "proposals": ["7.17.21", "8.13.4"]
+        },
         "installDataToWorkspaces": {
             "type": "boolean",
             "default": false,

features/src/elasticsearch/elasticsearch.yml.tpl

@@ -1,5 +1,4 @@
 network.host: 127.0.0.1
-discovery.zen.minimum_master_nodes: 1
 
 discovery.type: "single-node"
 xpack.ml.enabled: false

features/src/elasticsearch/es-update-certs

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth /usr/share/elasticsearch/jdk/lib/security/cacerts

features/src/elasticsearch/install.sh

@@ -3,71 +3,151 @@
 set -e
 
 PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin
-ES_VERSION="7.17.10"
-ES_TARBALL="https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-${ES_VERSION}-no-jdk-linux-x86_64.tar.gz"
 
 if [ "$(id -u || true)" -ne 0 ]; then
     echo 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
     exit 1
 fi
 
-: "${ENABLED:?}"
+: "${_REMOTE_USER:?"_REMOTE_USER is required"}"
+: "${ENABLED:=}"
 : "${INSTALLDATATOWORKSPACES:?}"
 
+ES_VERSION="${VERSION:-7.17.21}"
+
 if [ "${ENABLED}" = "true" ]; then
     echo '(*) Installing Elasticsearch...'
 
-    if [ -z "${_REMOTE_USER}" ] || [ "${_REMOTE_USER}" = "root" ]; then
+    # shellcheck source=/dev/null
+    . /etc/os-release
+    : "${ID:=}"
+    : "${ID_LIKE:=${ID}}"
+
+    if [ "${_REMOTE_USER}" = "root" ]; then
         ES_USER=elasticsearch
-        useradd -M -r -d /usr/share/elasticsearch -s /sbin/nologin "${ES_USER}"
     else
         ES_USER="${_REMOTE_USER}"
     fi
 
-    apk add --no-cache openjdk11-jre-headless
+    PACKAGES=""
+    if ! hash curl >/dev/null 2>&1; then
+        PACKAGES="${PACKAGES} curl"
+    fi
+
+    if ! hash update-ca-certificates >/dev/null 2>&1; then
+        PACKAGES="${PACKAGES} ca-certificates"
+    fi
+
+    if ! hash zip >/dev/null 2>&1; then
+        PACKAGES="${PACKAGES} zip"
+    fi
+
+    if ! hash unzip >/dev/null 2>&1; then
+        PACKAGES="${PACKAGES} unzip"
+    fi
+
+    if ! hash envsubst >/dev/null 2>&1; then
+        PACKAGES="${PACKAGES} gettext"
+    fi
+
+    case "${ID_LIKE}" in
+        "debian")
+            export DEBIAN_FRONTEND=noninteractive
+            if ! hash trust >/dev/null 2>&1; then
+                PACKAGES="${PACKAGES} p11-kit"
+            fi
+
+            # Elastcsearch's Dockerfile says ES need netcat
+            # https://github.com/elastic/dockerfiles/blob/15cf539642c8466777c84a3dd969e9678f31605c/elasticsearch/Dockerfile#L90
+            if ! hash nc >/dev/null 2>&1; then
+                PACKAGES="${PACKAGES} netcat"
+            fi
+
+            if [ -n "${PACKAGES}" ]; then
+                apt-get update
+                # shellcheck disable=SC2086
+                apt-get install -y --no-install-recommends ${PACKAGES}
+                apt-get clean
+                rm -rf /var/lib/apt/lists/*
+            fi
+
+            if [ "${_REMOTE_USER}" = "root" ]; then
+                adduser --disabled-login --home /usr/share/elasticsearch --no-create-home --gecos '' "${ES_USER}"
+            fi
+        ;;
+
+        "alpine")
+            PACKAGES="${PACKAGES} openjdk17-jre-headless"
+            if ! hash trust >/dev/null 2>&1; then
+                PACKAGES="${PACKAGES} p11-kit-trust"
+            fi
+
+            if ! hash bash >/dev/null 2>&1; then
+                PACKAGES="${PACKAGES} bash"
+            fi
+
+            # shellcheck disable=SC2086
+            apk add --no-cache ${PACKAGES}
+
+            if [ "${_REMOTE_USER}" = "root" ]; then
+                adduser -h /usr/share/elasticsearch -s /sbin/nologin -H -D "${ES_USER}"
+            fi
+        ;;
+
+        *)
+            echo "(!) Unsupported distribution: ${ID}"
+            exit 1
+        ;;
+    esac
+
+    ARCH="$(arch)"
+    install -d -m 0755 -o "${ES_USER}" -g "${ES_USER}" /usr/share/elasticsearch
+    if [ -f "elasticsearch-${ES_VERSION}-linux-${ARCH}.tar.gz" ]; then
+        cp "elasticsearch-${ES_VERSION}-linux-${ARCH}.tar.gz" /tmp/elasticsearch.tar.gz
+    else
+        curl -SLf -o /tmp/elasticsearch.tar.gz "https://artifacts-no-kpi.elastic.co/downloads/elasticsearch/elasticsearch-${ES_VERSION}-linux-${ARCH}.tar.gz"
+    fi
+
+    tar -C /usr/share/elasticsearch -zxf /tmp/elasticsearch.tar.gz --strip-components=1
+    rm -f /tmp/elasticsearch.tar.gz
+    if [ "${ID_LIKE}" = "alpine" ]; then
+        rm -rf "/usr/share/elasticsearch/modules/x-pack-ml/platform/linux-${ARCH}"
+    fi
 
     if [ "${INSTALLDATATOWORKSPACES}" != 'true' ]; then
-        ES_DATADIR=/opt/elasticsearch
+        ES_DATADIR=/usr/share/elasticsearch/data
     else
         ES_DATADIR=/workspaces/es-data
-        install -D -d -m 0755 -o "${ES_USER}" -g "${ES_USER}" "${ES_DATADIR}"
     fi
 
-    (
-        set -e
-        cd /tmp
-        wget -q -O elasticsearch.tar.gz "${ES_TARBALL}"
-        tar -xf elasticsearch.tar.gz
-        mv "elasticsearch-${ES_VERSION}" /opt/elasticsearch
-        rm -rf /tmp/elasticsearch.tar.gz /opt/elasticsearch/modules/x-pack-ml/platform/linux-x86_64
-    )
-
-    install -D -d -o "${ES_USER}" -g "${ES_USER}" "${ES_DATADIR}/data"
+    install -D -d -m 0755 -o "${ES_USER}" -g "${ES_USER}" "${ES_DATADIR}"
     for path in config logs tmp plugins; do \
-        install -D -d -o "${ES_USER}" -g "${ES_USER}" "/opt/elasticsearch/${path}"
-        chown -R "${ES_USER}:${ES_USER}" "/opt/elasticsearch/${path}"
+        install -D -d -o "${ES_USER}" -g "${ES_USER}" "/usr/share/elasticsearch/${path}"
+        chown -R "${ES_USER}:${ES_USER}" "/usr/share/elasticsearch/${path}"
     done
 
-    for file in /opt/elasticsearch/bin/*; do
+    chmod -R a+rX /usr/share/elasticsearch
+    for file in /usr/share/elasticsearch/bin/*; do
         ln -s "${file}" "/usr/bin/$(basename "${file}")"
     done
 
-    export ES_DATADIR
+    export ES_DATADIR ES_USER
     # shellcheck disable=SC2016
-    envsubst '$ES_DATADIR' < elasticsearch.yml.tpl > /opt/elasticsearch/config/elasticsearch.yml
-    chown "${ES_USER}:${ES_USER}" /opt/elasticsearch/config/elasticsearch.yml
-
-    install -D -d -m 0755 -o root -g root /etc/sv/elasticsearch
+    envsubst '$ES_DATADIR' < elasticsearch.yml.tpl > /usr/share/elasticsearch/config/elasticsearch.yml
+    chown "${ES_USER}:${ES_USER}" /usr/share/elasticsearch/config/elasticsearch.yml
+    chmod 0644 /usr/share/elasticsearch/config/elasticsearch.yml
 
-    export ES_USER
+    install -D -d -m 0755 -o root -g root /etc/service /etc/sv/elasticsearch
     # shellcheck disable=SC2016
-    envsubst '$ES_DATADIR $ES_USER' < service-run.tpl > /etc/sv/elasticsearch/run
-    chmod 0755 /etc/sv/elasticsearch/run
-
-    install -d -m 0755 -o root -g root /etc/service
+    envsubst '$ES_DATADIR $ES_USER' < service-run.tpl > /etc/sv/elasticsearch/run && chmod 0755 /etc/sv/elasticsearch/run
     ln -sf /etc/sv/elasticsearch /etc/service/elasticsearch
 
-    install -D -m 0755 -o root -g root post-wp-install.sh /var/lib/wordpress/postinstall.d/50-elasticsearch.sh
+    if [ -d /var/lib/wordpress/postinstall.d ]; then
+        install -m 0755 -o root -g root post-wp-install.sh /var/lib/wordpress/postinstall.d/50-elasticsearch.sh
+    fi
+
+    install -m 0755 -o root -g root es-update-certs /etc/ca-certificates/update.d/es-update-certs
+    /etc/ca-certificates/update.d/es-update-certs
 
     echo 'Done!'
 fi

features/src/elasticsearch/post-wp-install.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-if [ -e /etc/service/elasticsearch ] && wp cli has-command vip-search; then
+if [ -e /etc/service/elasticsearch ] && hash wp > /dev/null 2>&1 && wp cli has-command vip-search; then
     echo "Waiting for Elasticsearch to come online..."
     second=0
     while ! curl -s 'http://127.0.0.1:9200/_cluster/health' > /dev/null && [ "${second}" -lt 60 ]; do

features/src/elasticsearch/service-run.tpl

@@ -3,14 +3,14 @@
 set -e
 exec 2>&1
 
-umask 0002
-
-# shellcheck disable=SC2312
-ES_JAVA_HOME="$(dirname "$(dirname "$(readlink -f /usr/bin/java)")")"
-ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ ${ES_JAVA_OPTS:-}"
-export ES_JAVA_HOME ES_JAVA_OPTS
+if [ -f /etc/alpine-release ]; then
+    # shellcheck disable=SC2312
+    ES_JAVA_HOME="$(dirname "$(dirname "$(readlink -f /usr/bin/java)")")"
+    ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ ${ES_JAVA_OPTS:-}"
+    export ES_JAVA_HOME ES_JAVA_OPTS
+fi
 
 # shellcheck disable=SC2154 # ES_USER and ES_DATADIR are substituted by `install.sh`.
-chown -R "${ES_USER}:${ES_USER}" "${ES_DATADIR}/data" /opt/elasticsearch/config /opt/elasticsearch/logs /opt/elasticsearch/tmp /opt/elasticsearch/plugins
+chown -R "${ES_USER}:${ES_USER}" "${ES_DATADIR}" /usr/share/elasticsearch/config /usr/share/elasticsearch/logs /usr/share/elasticsearch/tmp /usr/share/elasticsearch/plugins
 # shellcheck disable=SC2154
-exec chpst -u "${ES_USER}:${ES_USER}" /usr/bin/elasticsearch
+exec chpst -u "${ES_USER}:root" /usr/bin/elasticsearch > /dev/null