You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whirr.apache.org by as...@apache.org on 2011/08/30 06:43:59 UTC

svn commit: r1163086 - in /whirr/trunk: ./ services/elasticsearch/src/main/resources/functions/

Author: asavu
Date: Tue Aug 30 04:43:59 2011
New Revision: 1163086

URL: http://svn.apache.org/viewvc?rev=1163086&view=rev
Log:
WHIRR-357. Run elasticsearch as a non-root-user (asavu)

Modified:
    whirr/trunk/CHANGES.txt
    whirr/trunk/services/elasticsearch/src/main/resources/functions/configure_elasticsearch.sh
    whirr/trunk/services/elasticsearch/src/main/resources/functions/install_elasticsearch.sh
    whirr/trunk/services/elasticsearch/src/main/resources/functions/start_elasticsearch.sh
    whirr/trunk/services/elasticsearch/src/main/resources/functions/stop_elasticsearch.sh

Modified: whirr/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/whirr/trunk/CHANGES.txt?rev=1163086&r1=1163085&r2=1163086&view=diff
==============================================================================
--- whirr/trunk/CHANGES.txt (original)
+++ whirr/trunk/CHANGES.txt Tue Aug 30 04:43:59 2011
@@ -12,6 +12,8 @@ Trunk (unreleased changes)
 
     WHIRR-356. Upgrade elasticsearch to 0.17.4 (asavu)
 
+    WHIRR-357. Run elasticsearch as a non-root-user (asavu)
+
   BUG FIXES
 
     WHIRR-377. Fix broken CLI logging config. (asavu via tomwhite)

Modified: whirr/trunk/services/elasticsearch/src/main/resources/functions/configure_elasticsearch.sh
URL: http://svn.apache.org/viewvc/whirr/trunk/services/elasticsearch/src/main/resources/functions/configure_elasticsearch.sh?rev=1163086&r1=1163085&r2=1163086&view=diff
==============================================================================
--- whirr/trunk/services/elasticsearch/src/main/resources/functions/configure_elasticsearch.sh (original)
+++ whirr/trunk/services/elasticsearch/src/main/resources/functions/configure_elasticsearch.sh Tue Aug 30 04:43:59 2011
@@ -15,16 +15,25 @@
 # limitations under the License.
 #
 function configure_elasticsearch() {
-    cd /usr/local/elasticsearch-*
+    . /etc/profile
 
+    cd $ES_HOME
     for plugin in $@
     do
         ./bin/plugin install $plugin
     done
 
-    # TODO allow user to set the amount of memory to use
-    # local MAXMEM=$(($(free|awk '/^Mem:/{print $2}') * 8 / 10 / 1024))m
+    # Use no more than 70% of the available RAM for heap
+    local ES_MIN_MEM=256
+    local ES_MAX_MEM=$(($(free|awk '/^Mem:/{print $2}') * 7 / 10 / 1024))
+
+    cat >> /etc/profile <<EOF
+export ES_MIN_MEM=256
+export ES_MAX_MEM=$ES_MAX_MEM
+EOF
 
     cp /tmp/elasticsearch.yml config/elasticsearch.yml
+
+    chown -R elasticsearch $ES_HOME
 }
 

Modified: whirr/trunk/services/elasticsearch/src/main/resources/functions/install_elasticsearch.sh
URL: http://svn.apache.org/viewvc/whirr/trunk/services/elasticsearch/src/main/resources/functions/install_elasticsearch.sh?rev=1163086&r1=1163085&r2=1163086&view=diff
==============================================================================
--- whirr/trunk/services/elasticsearch/src/main/resources/functions/install_elasticsearch.sh (original)
+++ whirr/trunk/services/elasticsearch/src/main/resources/functions/install_elasticsearch.sh Tue Aug 30 04:43:59 2011
@@ -16,20 +16,40 @@
 #
 function install_elasticsearch() {
 
-    # TODO Run ElasticSearch as non-root-user
-    # http://www.elasticsearch.org/tutorials/2011/02/22/running-elasticsearch-as-a-non-root-user.html
-
     local ES_URL=${1:-https://github.com/downloads/elasticsearch/elasticsearch/elasticsearch-0.17.6.tar.gz}
     install_tarball $ES_URL
 
+    # get the name of the home folder
+    local ES_HOME=$(cd /usr/local/elasticsearch-*; pwd)
+
     # install the latest service wrapper for elasticsearch
     local ES_WRAPPER=https://github.com/elasticsearch/elasticsearch-servicewrapper/tarball/master
     install_tarball $ES_WRAPPER /tmp/
 
     # move the service wrapper in place
-    mv /tmp/elasticsearch-elasticsearch-servicewrapper-*/service /usr/local/elasticsearch-*/bin/
-    cd /usr/local/elasticsearch-*
+    mv /tmp/elasticsearch-elasticsearch-servicewrapper-*/service $ES_HOME/bin/
+
+    # create a user for running the service
+    cat >> /etc/profile <<EOF
+export ES_HOME=$ES_HOME
+EOF
+    useradd -d $ES_HOME elasticsearch
+
+    # update the wrapper configuration files 
+    sed -i "s@#RUN_AS_USER=@RUN_AS_USER=elasticsearch@g" $ES_HOME/bin/service/elasticsearch
+    sed -i "s@LOCKDIR=.*@LOCKDIR=\"$ES_HOME/lock\"@" $ES_HOME/bin/service/elasticsearch
+
+    # create required folders and update permisions
+    mkdir $ES_HOME/lock
+    chown -R elasticsearch $ES_HOME
+
+    # increase the max number of open files for this user
+    cat >> /etc/security/limits.conf <<EOF
+elasticsearch soft nofile 32000
+elasticsearch hard nofile 32000
+EOF
 
     # ensure that elasticsearch will start after reboot
+    cd $ES_HOME
     ./bin/service/elasticsearch install
 }

Modified: whirr/trunk/services/elasticsearch/src/main/resources/functions/start_elasticsearch.sh
URL: http://svn.apache.org/viewvc/whirr/trunk/services/elasticsearch/src/main/resources/functions/start_elasticsearch.sh?rev=1163086&r1=1163085&r2=1163086&view=diff
==============================================================================
--- whirr/trunk/services/elasticsearch/src/main/resources/functions/start_elasticsearch.sh (original)
+++ whirr/trunk/services/elasticsearch/src/main/resources/functions/start_elasticsearch.sh Tue Aug 30 04:43:59 2011
@@ -15,6 +15,7 @@
 # limitations under the License.
 #
 function start_elasticsearch() {
-    cd /usr/local/elasticsearch-*
+    . /etc/profile
+    cd $ES_HOME
     ./bin/service/elasticsearch start
 }

Modified: whirr/trunk/services/elasticsearch/src/main/resources/functions/stop_elasticsearch.sh
URL: http://svn.apache.org/viewvc/whirr/trunk/services/elasticsearch/src/main/resources/functions/stop_elasticsearch.sh?rev=1163086&r1=1163085&r2=1163086&view=diff
==============================================================================
--- whirr/trunk/services/elasticsearch/src/main/resources/functions/stop_elasticsearch.sh (original)
+++ whirr/trunk/services/elasticsearch/src/main/resources/functions/stop_elasticsearch.sh Tue Aug 30 04:43:59 2011
@@ -15,6 +15,7 @@
 # limitations under the License.
 #
 function stop_elasticsearch() {
-    cd /usr/local/elasticsearch-*
+    . /etc/profile
+    cd $ES_HOME
     ./bin/service/elasticsearch stop
 }