diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..2729a6b --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,55 @@ +--- +name: Bug report +about: When creating a bug report, please use the following template to provide all the relevant information and help debugging efficiently. + +--- + +**How to post a meaningful bug report** +1. *Read this whole template first.* +2. *Determine if you are on the right place:* + - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!* + - *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.* + - *When in doubt, post here and we will figure it out together.* +3. *Delete the italic comments as you write over them below, and remove this guide.* +--- + +### Describe the bug + +*A clear and concise description of what the bug is.* + +### Context + +- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...* +- YunoHost version: x.x.x +- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...* +- Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes* + - If yes, please explain: +- Using, or trying to install package version/branch: +- If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`* + +### Steps to reproduce + +- *If you performed a command from the CLI, the command itself is enough. For example:* + ```sh + sudo yunohost app install the_app + ``` +- *If you used the webadmin, please perform the equivalent command from the CLI first.* +- *If the error occurs in your browser, explain what you did:* + 1. *Go to '...'* + 2. *Click on '...'* + 3. *Scroll down to '...'* + 4. *See error* + +### Expected behavior + +*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.* + +### Logs + +*When an operation fails, YunoHost provides a simple way to share the logs.* +- *In the webadmin, the error message contains a link to the relevant log page. On that page, you will be able to 'Share with Yunopaste'. If you missed it, the logs of previous operations are also available under Tools > Logs.* +- *In command line, the command to share the logs is displayed at the end of the operation and looks like `yunohost log display [log name] --share`. If you missed it, you can find the log ID of a previous operation using `yunohost log list`.* + +*After sharing the log, please copypaste directly the link provided by YunoHost (to help readability, no need to copypaste the entire content of the log here, just the link is enough...)* + +*If applicable and useful, add screenshots to help explain your problem.* diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..ef70e18 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,16 @@ +## Problem + +- *Description of why you made this PR* + +## Solution + +- *And how do you fix that problem* + +## PR Status + +- [ ] Code finished and ready to be reviewed/tested +- [ ] The fix/enhancement were manually tested (if applicable) + +## Automatic tests + +Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization) diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh new file mode 100755 index 0000000..2a2b8ad --- /dev/null +++ b/.github/workflows/updater.sh @@ -0,0 +1,114 @@ +#!/bin/bash + +#================================================= +# PACKAGE UPDATING HELPER +#================================================= + +# This script is meant to be run by GitHub Actions +# The YunoHost-Apps organisation offers a template Action to run this script periodically +# Since each app is different, maintainers can adapt its contents so as to perform +# automatic actions when a new upstream release is detected. + +#================================================= +# FETCHING LATEST RELEASE AND ITS ASSETS +#================================================= + +# Fetching information +current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') +repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') +# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) +version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true) | .tag_name | select( startswith("v7") )' | sort -V | tail -1) + +# Later down the script, we assume the version has only digits and dots +# Sometimes the release name starts with a "v", so let's filter it out. +# You may need more tweaks here if the upstream repository has different naming conventions. +if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then + version=${version:1} +fi + +# Setting up the environment variables +echo "Current version: $current_version" +echo "Latest release from upstream: $version" +echo "VERSION=$version" >> $GITHUB_ENV +echo "REPO=$repo" >> $GITHUB_ENV +# For the time being, let's assume the script will fail +echo "PROCEED=false" >> $GITHUB_ENV + +# Proceed only if the retrieved version is greater than the current one +if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then + echo "::warning ::No new version available" + exit 0 +# Proceed only if a PR for this new version does not already exist +elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then + echo "::warning ::A branch already exists for this update" + exit 0 +fi + +# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) +echo "1 available asset(s)" + +#================================================= +# UPDATE SOURCE FILES +#================================================= + +for arch in "x86_64" "aarch64"; do +asset_url="https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-$version-linux-$arch.tar.gz" +echo "Handling asset at $asset_url" + +# Assign the asset to a source file in conf/ directory +# Here we base the source file name upon a unique keyword in the assets url (admin vs. update) +# Leave $src empty to ignore the asset +case $arch in + "x86_64") + src="amd64" + ;; + "aarch64") + src="arm64" + ;; +esac + +# Create the temporary directory +tempdir="$(mktemp -d)" + +# Download sources and calculate checksum +filename=${asset_url##*/} +curl --silent -4 -L $asset_url -o "$tempdir/$filename" +checksum=$(sha256sum "$tempdir/$filename" | head -c 64) + +# Delete temporary directory +rm -rf $tempdir + +extension=tar.gz + +# Rewrite source file +cat < conf/$src.src +SOURCE_URL=$asset_url +SOURCE_SUM=$checksum +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=$extension +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +EOT +echo "... conf/$src.src updated" + +done + +#================================================= +# SPECIFIC UPDATE STEPS +#================================================= + +# Any action on the app's source code can be done. +# The GitHub Action workflow takes care of committing all changes after this script ends. + +#================================================= +# GENERIC FINALIZATION +#================================================= + +# Replace new version in manifest +echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json + +# No need to update the README, yunohost-bot takes care of it + +# The Action will proceed only if the PROCEED environment variable is set to true +echo "PROCEED=true" >> $GITHUB_ENV +exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml new file mode 100644 index 0000000..fb72ba0 --- /dev/null +++ b/.github/workflows/updater.yml @@ -0,0 +1,49 @@ +# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. +# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. +# This file should be enough by itself, but feel free to tune it to your needs. +# It calls updater.sh, which is where you should put the app-specific update steps. +name: Check for new upstream releases +on: + # Allow to manually trigger the workflow + workflow_dispatch: + # Run it every day at 6:00 UTC + schedule: + - cron: '0 6 * * *' +jobs: + updater: + runs-on: ubuntu-latest + steps: + - name: Fetch the source code + uses: actions/checkout@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run the updater script + id: run_updater + run: | + # Setting up Git user + git config --global user.name 'yunohost-bot' + git config --global user.email 'yunohost-bot@users.noreply.github.com' + # Run the updater script + /bin/bash .github/workflows/updater.sh + - name: Commit changes + id: commit + if: ${{ env.PROCEED == 'true' }} + run: | + git commit -am "Upgrade to v$VERSION" + - name: Create Pull Request + id: cpr + if: ${{ env.PROCEED == 'true' }} + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Update to version ${{ env.VERSION }} + committer: 'yunohost-bot ' + author: 'yunohost-bot ' + signoff: false + base: testing + branch: ci-auto-update-v${{ env.VERSION }} + delete-branch: true + title: 'Upgrade to version ${{ env.VERSION }}' + body: | + Upgrade to v${{ env.VERSION }} + draft: false diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..783a4ae --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*~ +*.sw[op] diff --git a/LICENSE b/LICENSE index 0ad25db..ead5bbd 100644 --- a/LICENSE +++ b/LICENSE @@ -643,7 +643,11 @@ the "copyright" line and a pointer to where the full notice is found. GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License +<<<<<<< HEAD along with this program. If not, see . +======= + along with this program. If not, see . +>>>>>>> 6337cd6 (First commit (based on elasticsearch7_ynh)) Also add information on how to contact you by electronic and paper mail. @@ -658,4 +662,9 @@ specific requirements. You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU AGPL, see +<<<<<<< HEAD . +======= +. + +>>>>>>> 6337cd6 (First commit (based on elasticsearch7_ynh)) diff --git a/README.md b/README.md new file mode 100644 index 0000000..e131825 --- /dev/null +++ b/README.md @@ -0,0 +1,65 @@ + + +# ElasticSearch 7 for YunoHost + +[![Integration level](https://dash.yunohost.org/integration/elasticsearch7.svg)](https://dash.yunohost.org/appci/app/elasticsearch7) ![Working status](https://ci-apps.yunohost.org/ci/badges/elasticsearch7.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/elasticsearch7.maintain.svg) +[![Install ElasticSearch 7 with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=elasticsearch7) + +*[Lire ce readme en français.](./README_fr.md)* + +> *This package allows you to install ElasticSearch 7 quickly and simply on a YunoHost server. +If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* + +## Overview + +Elasticsearch is the distributed, RESTful search and analytics engine at the heart of the [Elastic Stack](https://www.elastic.co/products). You can use Elasticsearch to store, search, and manage data for: + - Logs + - Metrics + - A search backend + - Application monitoring + - Endpoint security + +... and more! + +To learn more about Elasticsearch’s features and capabilities, see the [product page](https://www.elastic.co/products/elasticsearch). + + +**Shipped version:** 7.17.8~ynh3 + +**Demo:** https://www.elastic.co/demos +## Disclaimers / important information + +### Limitations + - **Not totally free**: Licensed under SSPL, see for more information: + - Currently the security is disabled + - Therefore, the package is configured to remain not public for now (i.e. not accessible through the web, the apps depending on it should be installed on the same server) + - Not scalable for now + +## :red_circle: Antifeatures + +- **Not totally free upstream**: The packaged app is under an overall free licence, but with clauses that restrict its use. + +## Documentation and resources + +* Official app website: +* Official admin documentation: +* Upstream app code repository: +* YunoHost documentation for this app: +* Report a bug: + +## Developer info + +Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/elasticsearch7_ynh/tree/testing). + +To try the testing branch, please proceed like that. + +``` bash +sudo yunohost app install https://github.com/YunoHost-Apps/elasticsearch7_ynh/tree/testing --debug +or +sudo yunohost app upgrade elasticsearch7 -u https://github.com/YunoHost-Apps/elasticsearch7_ynh/tree/testing --debug +``` + +**More info regarding app packaging:** diff --git a/README_fr.md b/README_fr.md new file mode 100644 index 0000000..d220330 --- /dev/null +++ b/README_fr.md @@ -0,0 +1,65 @@ + + +# ElasticSearch 7 pour YunoHost + +[![Niveau d'intégration](https://dash.yunohost.org/integration/elasticsearch7.svg)](https://dash.yunohost.org/appci/app/elasticsearch7) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/elasticsearch7.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/elasticsearch7.maintain.svg) +[![Installer ElasticSearch 7 avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=elasticsearch7) + +*[Read this readme in english.](./README.md)* + +> *Ce package vous permet d'installer ElasticSearch 7 rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* + +## Vue d'ensemble + +Elasticsearch is the distributed, RESTful search and analytics engine at the heart of the [Elastic Stack](https://www.elastic.co/products). You can use Elasticsearch to store, search, and manage data for: + - Logs + - Metrics + - A search backend + - Application monitoring + - Endpoint security + +... and more! + +To learn more about Elasticsearch’s features and capabilities, see the [product page](https://www.elastic.co/products/elasticsearch). + + +**Version incluse :** 7.17.8~ynh3 + +**Démo :** https://www.elastic.co/demos +## Avertissements / informations importantes + +### Limitations + - **Not totally free**: Licensed under SSPL, see for more information: + - Currently the security is disabled + - Therefore, the package is configured to remain not public for now (i.e. not accessible through the web, the apps depending on it should be installed on the same server) + - Not scalable for now + +## :red_circle: Fonctions indésirables + +- **Not totally free upstream**: The packaged app is under an overall free licence, but with clauses that restrict its use. + +## Documentations et ressources + +* Site officiel de l'app : +* Documentation officielle de l'admin : +* Dépôt de code officiel de l'app : +* Documentation YunoHost pour cette app : +* Signaler un bug : + +## Informations pour les développeurs + +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/elasticsearch7_ynh/tree/testing). + +Pour essayer la branche testing, procédez comme suit. + +``` bash +sudo yunohost app install https://github.com/YunoHost-Apps/elasticsearch7_ynh/tree/testing --debug +ou +sudo yunohost app upgrade elasticsearch7 -u https://github.com/YunoHost-Apps/elasticsearch7_ynh/tree/testing --debug +``` + +**Plus d'infos sur le packaging d'applications :** diff --git a/check_process b/check_process new file mode 100644 index 0000000..b27ef58 --- /dev/null +++ b/check_process @@ -0,0 +1,22 @@ +# See here for more information +# https://github.com/YunoHost/package_check#syntax-check_process-file + +# Move this file from check_process.default to check_process when you have filled it. + +;; Test complet + ; Manifest + ; Checks + pkg_linter=1 + setup_sub_dir=0 + setup_root=0 + setup_nourl=1 + setup_private=0 + setup_public=0 + upgrade=1 + backup_restore=1 + multi_instance=1 + port_already_use=1 + change_url=0 +;;; Options +Email= +Notification=none diff --git a/conf/90-max_map_count-elasticsearch.conf b/conf/90-max_map_count-elasticsearch.conf new file mode 100644 index 0000000..9605c78 --- /dev/null +++ b/conf/90-max_map_count-elasticsearch.conf @@ -0,0 +1,3 @@ +# Increase the number of allowed map count +# See: https://www.elastic.co/guide/en/elasticsearch/reference/7.17/vm-max-map-count.html +vm.max_map_count=262144 diff --git a/conf/amd64.src b/conf/amd64.src new file mode 100644 index 0000000..5789f94 --- /dev/null +++ b/conf/amd64.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.8-linux-x86_64.tar.gz +SOURCE_SUM=1c40ba4e0912da1432cb85c0d246f68e14a7da249feea91752c8eaeb28adf0ac +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/conf/arm64.src b/conf/arm64.src new file mode 100644 index 0000000..0f6a89d --- /dev/null +++ b/conf/arm64.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.8-linux-aarch64.tar.gz +SOURCE_SUM=47d6532a16e02b92208a0d71289a6fb021542c925ed868e49237032bc3ab5c6a +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/conf/elasticsearch.yml b/conf/elasticsearch.yml new file mode 100644 index 0000000..3b12e62 --- /dev/null +++ b/conf/elasticsearch.yml @@ -0,0 +1,23 @@ +# Bind ElasticSearch to the correct network interface. Use 0.0.0.0 +# to include all available interfaces or specify an IP address +# assigned to a specific interface. +network.host: 127.0.0.1 + +# +# Set a custom port for HTTP: +# +http.port: __PORT__ + +# +# Path to directory where to store the data (separate multiple locations by comma): +# +path.data: __DATADIR__ + +# +# Unless you have already configured a cluster, you should set +# discovery.type to single-node, or the bootstrap checks will +# fail when you try to start the service. +discovery.type: single-node + +xpack.security.enabled: false + diff --git a/conf/jvm.options b/conf/jvm.options new file mode 100644 index 0000000..e805594 --- /dev/null +++ b/conf/jvm.options @@ -0,0 +1,23 @@ +## JVM configuration + +################################################################ +## IMPORTANT: JVM heap size +################################################################ +## +## You should always set the min and max JVM heap +## size to the same value. For example, to set +## the heap to 4 GB, set: +## +## -Xms4g +## -Xmx4g +## +## See https://www.elastic.co/guide/en/elasticsearch/reference/7.17/advanced-configuration.html +## for more information +## +################################################################ + +# Xms represents the initial size of total heap space +# Xmx represents the maximum size of total heap space + +-Xms__XMS__ +-Xmx__XMX__ diff --git a/conf/systemd.service b/conf/systemd.service new file mode 100644 index 0000000..67f4497 --- /dev/null +++ b/conf/systemd.service @@ -0,0 +1,85 @@ +[Unit] +Description=ElasticSearch - Distributed and RESTful search engine +Documentation=https://elastic.co +After=network.target + +[Service] +Type=simple +User=__APP__ +Group=__APP__ +Environment="ES_JAVA_HOME=__FINALPATH__/jdk" +Environment="ES_PATH_CONF=__FINALPATH__/config" +Environment="PID_DIR=/run/__APP__" +Environment="ES_SD_NOTIFY=true" +EnvironmentFile=-@path.env@ +WorkingDirectory=__FINALPATH__/ +ExecStart=__FINALPATH__/bin/elasticsearch -p ${PID_DIR}/__APP__.pid --quiet +StandardOutput=append:/var/log/__APP__/__APP__.log +StandardError=inherit + +# Specifies the maximum file descriptor number that can be opened by this process +LimitNOFILE=65535 + +# Specifies the maximum number of processes +LimitNPROC=4096 + +# Specifies the maximum size of virtual memory +LimitAS=infinity + +# Specifies the maximum file size +LimitFSIZE=infinity + +# Disable timeout logic and wait until process is stopped +TimeoutStopSec=0 + +# SIGTERM signal is used to stop the Java process +KillSignal=SIGTERM + +# Send the signal only to the JVM rather than its control group +KillMode=process + +# Java process is never killed +SendSIGKILL=no + +# When a JVM receives a SIGTERM signal it exits with code 143 +SuccessExitStatus=143 + +# Allow a slow startup before the systemd notifier module kicks in to extend the timeout +TimeoutStartSec=900 + +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + +[Install] +WantedBy=multi-user.target diff --git a/config_panel.toml b/config_panel.toml new file mode 100644 index 0000000..842106e --- /dev/null +++ b/config_panel.toml @@ -0,0 +1,37 @@ +version = "1.0" + +[main] + +name.en = "ElasticSearch configuration" +name.fr = "Configuration d'ElasticSearch" + +services = ["__APP__"] + + [main.jvm] + name.en = "JVM (Java Virtual Machine) configuration" + name.fr = "Configuration de la JVM (machine virtuelle Java)" + optional = false + + [main.jvm.xms] + ask.en = "Initial heap space" + ask.fr = "Espace initial réservé pour le tas (ou « Heap »)" + help = """\ + Indicate a size followed by a unit (either m for megabytes or g for gigabytes) with no space. Examples: \ + "512m"\ + "2g"\ + """ + type = "string" + pattern.regexp = '^(\d+)[mMgG]$' + pattern.error = "Please respect the format describe in help text" + + [main.jvm.xmx] + ask.en = "Maximum heap space" + ask.fr = "Espace maximal pour le tas (ou « Heap »)" + help = """\ + Indicate a size followed by a unit (either m for megabytes or g for gigabytes) with no space. Examples: \ + "512m"\ + "2g"\ + """ + type = "string" + pattern.regexp = '^(\d+)[mMgG]$' + pattern.error = "Please respect the format describe in help text" diff --git a/doc/.gitkeep b/doc/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..f780789 --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1,10 @@ +Elasticsearch is the distributed, RESTful search and analytics engine at the heart of the [Elastic Stack](https://www.elastic.co/products). You can use Elasticsearch to store, search, and manage data for: + - Logs + - Metrics + - A search backend + - Application monitoring + - Endpoint security + +... and more! + +To learn more about Elasticsearch’s features and capabilities, see the [product page](https://www.elastic.co/products/elasticsearch). diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..5e62241 --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,5 @@ +### Limitations + - **Not totally free**: Licensed under SSPL, see for more information: + - Currently the security is disabled + - Therefore, the package is configured to remain not public for now (i.e. not accessible through the web, the apps depending on it should be installed on the same server) + - Not scalable for now diff --git a/doc/screenshots/.gitkeep b/doc/screenshots/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/manifest.json b/manifest.json new file mode 100644 index 0000000..aed65b1 --- /dev/null +++ b/manifest.json @@ -0,0 +1,31 @@ +{ + "name": "ElasticSearch 7", + "id": "elasticsearch7", + "packaging_format": 1, + "description": { + "en": "Distributed and RESTful search engine.", + "fr": "Moteur de recherche RESTful." + }, + "version": "7.17.8~ynh3", + "url": "https://github.com/elastic/elasticsearch", + "upstream": { + "license": "SSPL-1.0", + "website": "https://elastic.co", + "demo": "https://www.elastic.co/demos", + "admindoc": "https://www.elastic.co/guide/en/elasticsearch/reference/7.17/elasticsearch-intro.html", + "code": "https://github.com/elastic/elasticsearch" + }, + "license": "AGPL-3.0-or-later", + "maintainer": { + "name": "fflorent", + "email": "florent.git@zeteo.me" + }, + "requirements": { + "yunohost": ">= 11.0.0" + }, + "services": [], + "multi_instance": true, + "arguments": { + "install": [] + } +} diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..944a65e --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +#================================================= +# COMMON VARIABLES +#================================================= + +#================================================= +# PERSONAL HELPERS +#================================================= + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= + +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= diff --git a/scripts/backup b/scripts/backup new file mode 100755 index 0000000..99ef323 --- /dev/null +++ b/scripts/backup @@ -0,0 +1,75 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_print_info --message="Loading installation settings..." + +app=$YNH_APP_INSTANCE_NAME + +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) + +#================================================= +# DECLARE DATA AND CONF FILES TO BACKUP +#================================================= +ynh_print_info --message="Declaring files to be backed up..." + +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= + +ynh_backup --src_path="$final_path" + +#================================================= +# BACKUP THE DATA DIR +#================================================= + +ynh_backup --src_path="$datadir" --is_big + +#================================================= +# SPECIFIC BACKUP +#================================================= +# BACKUP LOGROTATE +#================================================= + +ynh_backup --src_path="/etc/logrotate.d/$app" + +#================================================= +# BACKUP VARIOUS FILES +#================================================= + +ynh_backup --src_path="/etc/sysctl.d/90-max_map_count-elasticsearch.conf" + +#================================================= +# BACKUP SYSTEMD +#================================================= + +ynh_backup --src_path="/etc/systemd/system/$app.service" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/config b/scripts/config new file mode 100644 index 0000000..6dbaf67 --- /dev/null +++ b/scripts/config @@ -0,0 +1,66 @@ +#!/bin/bash +# In simple cases, you don't need a config script. + +# With a simple config_panel.toml, you can write in the app settings, in the +# upstream config file or replace complete files (logo ...) and restart services. + +# The config scripts allows you to go further, to handle specific cases +# (validation of several interdependent fields, specific getter/setter for a value, +# display dynamic informations or choices, pre-loading of config type .cube... ). + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source /usr/share/yunohost/helpers + +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +final_path=$(ynh_app_setting_get $app final_path) + +#================================================= +# SPECIFIC GETTERS FOR TOML SHORT KEY +#================================================= + +get__xms() { + ynh_app_setting_get --app=$app --key=xms +} + +get__xmx() { + ynh_app_setting_get --app=$app --key=xmx +} + +#================================================= +# SPECIFIC VALIDATORS FOR TOML SHORT KEYS +#================================================= + +#================================================= +# SPECIFIC SETTERS FOR TOML SHORT KEYS +#================================================= + +regenerate_jvm_options() { + ynh_add_config --template="jvm.options" --destination="$final_path/config/jvm.options.d/yunohost.options" + chown $app:$app "$final_path/config/jvm.options.d/yunohost.options" + chmod 400 "$final_path/config/jvm.options.d/yunohost.options" +} + +set__xms() { + ynh_app_setting_set --app=$app --key=xms --value=$xms + regenerate_jvm_options +} + +set__xmx() { + ynh_app_setting_set --app=$app --key=xmx --value=$xmx + regenerate_jvm_options +} + +#================================================= +# GENERIC FINALIZATION +#================================================= +ynh_app_config_run $1 diff --git a/scripts/install b/scripts/install new file mode 100755 index 0000000..dfb0fca --- /dev/null +++ b/scripts/install @@ -0,0 +1,163 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= + +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= +ynh_script_progression --message="Validating installation parameters..." --weight=1 + +final_path=/opt/yunohost/$app +test ! -e "$final_path" || ynh_die --message="This path already contains a folder" + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# FIND AND OPEN A PORT +#================================================= +ynh_script_progression --message="Finding an available port..." --weight=1 + +# Find an available port +port=$(ynh_find_port --port=9200) +ynh_app_setting_set --app=$app --key=port --value=$port + +#================================================= +# DEFAULT VALUES FOR CONFIGURATION +#================================================= + +xms=256m +ynh_app_setting_set --app=$app --key=xms --value=$xms + +xmx=1g +ynh_app_setting_set --app=$app --key=xmx --value=$xmx + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=1 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= +ynh_script_progression --message="Setting up source files..." --weight=15 + +ynh_app_setting_set --app=$app --key=final_path --value=$final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source --dest_dir="$final_path" --source_id="$YNH_ARCH" + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" + +#================================================= +# CREATE DATA DIRECTORY +#================================================= +ynh_script_progression --message="Creating a data directory..." --weight=1 + +datadir=/home/yunohost.app/$app +ynh_app_setting_set --app=$app --key=datadir --value=$datadir + +mkdir -p $datadir + +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $app:www-data "$datadir" + + +#================================================= +# CREATE PID DIRECTORY +#================================================= + +mkdir -p "/run/$app" + +chmod 700 "/run/$app" +chown $app:$app "/run/$app" + +#================================================= +# ADD CONFIGURATIONS +#================================================= +ynh_script_progression --message="Adding the configuration files..." --weight=1 + +ynh_add_config --template="elasticsearch.yml" --destination="$final_path/config/elasticsearch.yml" +ynh_add_config --template="jvm.options" --destination="$final_path/config/jvm.options.d/yunohost.options" + +chmod 400 "$final_path/config/elasticsearch.yml" "$final_path/config/jvm.options.d/yunohost.options" +chown $app:$app "$final_path/config/elasticsearch.yml" "$final_path/config/jvm.options.d/yunohost.options" + + +#================================================= +# INCREASE MAX_MAP_COUNT +#================================================= +ynh_script_progression --message="Increasing maximum map count (sysctl)..." + +# Increase the maximum number of files inotify can monitor. +cp -a ../conf/90-max_map_count-elasticsearch.conf /etc/sysctl.d/ +# Then, reload the kernel configuration. +if ! [ "$container" = "lxc" ] # lxc doesn't allow sysctl to play with kernel options. +then + sysctl -p /etc/sysctl.d/90-max_map_count-elasticsearch.conf +fi + + +#================================================= +# SETUP SYSTEMD +#================================================= +ynh_script_progression --message="Configuring a systemd service..." --weight=1 + +# Create a dedicated systemd config +ynh_add_systemd_config + + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_script_progression --message="Configuring log rotation..." --weight=1 + +# Use logrotate to manage application logfile(s) +ynh_use_logrotate + +#================================================= +# INTEGRATE SERVICE IN YUNOHOST +#================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 + +yunohost service add $app --description="ElasticSearch - Distributed and RESTful search engine" --log="/var/log/$app/$app.log" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 + +# Start a systemd service +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove new file mode 100755 index 0000000..d38411c --- /dev/null +++ b/scripts/remove @@ -0,0 +1,118 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 + +app=$YNH_APP_INSTANCE_NAME + +port=$(ynh_app_setting_get --app=$app --key=port) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +#================================================= +# STANDARD REMOVE +#================================================= +# REMOVE SERVICE INTEGRATION IN YUNOHOST +#================================================= + +# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) +if ynh_exec_warn_less yunohost service status $app >/dev/null +then + ynh_script_progression --message="Removing $app service integration..." --weight=1 + yunohost service remove $app +fi + +#================================================= +# STOP AND REMOVE SERVICE +#================================================= +ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 + +# Remove the dedicated systemd config +ynh_remove_systemd_config + +#================================================= +# REMOVE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Removing logrotate configuration..." --weight=1 + +# Remove the app-specific logrotate config +ynh_remove_logrotate + +#================================================= +# REMOVE APP MAIN DIR +#================================================= +ynh_script_progression --message="Removing app main directory..." --weight=1 + +# Remove the app directory securely +ynh_secure_remove --file="$final_path" + +#================================================= +# REMOVE DATA DIR +#================================================= + +# Remove the data directory if --purge option is used +if [ "${YNH_APP_PURGE:-0}" -eq 1 ] +then + ynh_script_progression --message="Removing app data directory..." --weight=1 + ynh_secure_remove --file="$datadir" +fi + +#================================================= +# REMOVE PID DIR +#================================================= + +ynh_script_progression --message="Removing pid directory..." --weight=1 +ynh_secure_remove --file="/run/$app" + +#================================================= +# CLOSE A PORT +#================================================= + +if yunohost firewall list | grep -q "\- $port$" +then + ynh_script_progression --message="Closing port $port..." --weight=1 + ynh_exec_warn_less yunohost firewall disallow TCP $port +fi + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= +ynh_script_progression --message="Removing the dedicated system user..." --weight=1 + +# Delete a system user +ynh_system_user_delete --username=$app + +#================================================= +# SPECIFIC REMOVE +#================================================= +# REMOVE VARIOUS FILES +#================================================= +ynh_script_progression --message="Removing various files..." + +if [ -e "/etc/sysctl.d/90-max_map_count-elasticsearch.conf" ]; then + ynh_secure_remove --file="/etc/sysctl.d/90-max_map_count-elasticsearch.conf" + # Reload the kernel configuration. + if ! [ "$container" = "lxc" ] # lxc doesn't allow sysctl to play with kernel options. + then + sysctl --system + fi +fi + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore new file mode 100755 index 0000000..e9359ab --- /dev/null +++ b/scripts/restore @@ -0,0 +1,132 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + #### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 + +app=$YNH_APP_INSTANCE_NAME + +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) +port=$(ynh_find_port --port=9200) + +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= +ynh_script_progression --message="Validating restoration parameters..." --weight=1 + +test ! -d $final_path \ + || ynh_die --message="There is already a directory: $final_path " + +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= +ynh_script_progression --message="Restoring the app main directory..." --weight=1 + +ynh_restore_file --origin_path="$final_path" + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + +#================================================= +# RESTORE THE DATA DIRECTORY +#================================================= +ynh_script_progression --message="Restoring the data directory..." --weight=1 + +ynh_restore_file --origin_path="$datadir" --not_mandatory + +mkdir -p $datadir + +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $app:www-data "$datadir" + +#================================================= +# CREATE PID DIRECTORY +#================================================= + +mkdir -p "/run/$app" + +chmod 700 "/run/$app" +chown $app:$app "/run/$app" + +#================================================= +# SPECIFIC RESTORATION +#================================================= +# RESTORE VARIOUS FILES +#================================================= +ynh_script_progression --message="Restoring various files..." + +ynh_restore_file --origin_path="/etc/sysctl.d/90-max_map_count-elasticsearch.conf" +if ! [ "$container" = "lxc" ] # lxc doesn't allow sysctl to play with kernel options. +then + sysctl -p /etc/sysctl.d/90-max_map_count-elasticsearch.conf +fi + +#================================================= +# RESTORE SYSTEMD +#================================================= +ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/systemd/system/$app.service" +systemctl enable $app.service --quiet + +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/logrotate.d/$app" + +#================================================= +# INTEGRATE SERVICE IN YUNOHOST +#================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 + +yunohost service add $app --description="ElasticSearch - Distributed and RESTful search engine" --log="/var/log/$app/$app.log" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade new file mode 100644 index 0000000..5c8e10f --- /dev/null +++ b/scripts/upgrade @@ -0,0 +1,143 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 + +app=$YNH_APP_INSTANCE_NAME + +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) +port=$(ynh_app_setting_get --app=$app --key=port) +xms=$(ynh_app_setting_get --app=$app --key=xms) +xmx=$(ynh_app_setting_get --app=$app --key=xmx) + +#================================================= +# CHECK VERSION +#================================================= + +upgrade_type=$(ynh_check_app_version_changed) + +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --weight=20 + + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path" --source_id="$YNH_ARCH" --keep="config/elasticsearch.yml config/jvm.options.d/yunohost.conf" +fi + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" + +#================================================= +# UPDATE A CONFIG FILE +#================================================= +ynh_script_progression --message="Updating a configuration file..." --weight=1 + +ynh_add_config --template="elasticsearch.yml" --destination="$final_path/config/elasticsearch.yml" +ynh_add_config --template="jvm.options" --destination="$final_path/config/jvm.options.d/yunohost.options" + +chmod 400 "$final_path/config/elasticsearch.yml" "$final_path/config/jvm.options.d/yunohost.options" +chown $app:$app "$final_path/config/elasticsearch.yml" "$final_path/config/jvm.options.d/yunohost.options" + +#================================================= +# INCREASE MAX_MAP_COUNT +#================================================= +ynh_script_progression --message="Increasing maximum map count (sysctl)..." + +# Increase the maximum number of files inotify can monitor. +cp -a ../conf/90-max_map_count-elasticsearch.conf /etc/sysctl.d/ +# Then, reload the kernel configuration. +if ! [ "$container" = "lxc" ] # lxc doesn't allow sysctl to play with kernel options. +then + sysctl -p /etc/sysctl.d/90-max_map_count-elasticsearch.conf +fi + +#================================================= +# SETUP SYSTEMD +#================================================= +ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 + +# Create a dedicated systemd config +ynh_add_systemd_config + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1 + +# Use logrotate to manage app-specific logfile(s) +ynh_use_logrotate --non-append + +#================================================= +# INTEGRATE SERVICE IN YUNOHOST +#================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 + +yunohost service add $app --description="ElasticSearch - Distributed and RESTful search engine" --log="/var/log/$app/$app.log" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Upgrade of $app completed" --last