From 0e2a0a5e995ef3fec42c3b8e62c56a82f59755fe Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Wed, 16 Aug 2017 11:05:40 +0100 Subject: [PATCH] Updated init, systemd, jvm.options and tests --- handlers/main.yml | 3 +- tasks/main.yml | 7 +++-- templates/elasticsearch.j2 | 5 ++- templates/elasticsearch.repo | 2 ++ templates/init/debian/elasticsearch.j2 | 31 ++++++++++--------- templates/init/redhat/elasticsearch.j2 | 7 +++-- templates/jvm.options.j2 | 22 +++++++------ templates/systemd/elasticsearch.j2 | 6 ++++ .../config-5x/serverspec/default_spec.rb | 2 +- .../multi-5x/serverspec/default_spec.rb | 2 +- .../package-5x/serverspec/default_spec.rb | 2 +- .../standard-5x/serverspec/default_spec.rb | 2 +- .../xpack-5x/serverspec/default_spec.rb | 2 +- 13 files changed, 58 insertions(+), 35 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index e233aae..fbfcfa5 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -16,4 +16,5 @@ - name: load-templates include: ./handlers/elasticsearch-templates.yml - when: es_templates + #only do templates if we're starting + when: es_templates and es_start_service \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 19d9633..9beffa1 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -46,15 +46,16 @@ - name: Make sure elasticsearch is started service: name={{instance_init_script | basename}} state=started enabled=yes + when: es_start_service - name: Wait for elasticsearch to startup wait_for: host={{es_api_host}} port={{es_api_port}} delay=5 connect_timeout=1 - when: es_restarted is defined and es_restarted.changed + when: es_restarted is defined and es_restarted.changed and es_start_service - name: activate-license include: ./xpack/security/elasticsearch-xpack-activation.yml - when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != '' + when: es_start_service and es_enable_xpack and es_xpack_license is defined and es_xpack_license != '' #perform security actions here now elasticsearch is started - include: ./xpack/security/elasticsearch-security-native.yml - when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined)) + when: es_start_service and (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined)) diff --git a/templates/elasticsearch.j2 b/templates/elasticsearch.j2 index 0c7f4a6..cb2341a 100644 --- a/templates/elasticsearch.j2 +++ b/templates/elasticsearch.j2 @@ -5,6 +5,9 @@ # Elasticsearch home directory ES_HOME={{es_home}} +# Elasticsearch Java path +#JAVA_HOME= + # Elasticsearch configuration directory CONF_DIR={{conf_dir}} @@ -56,7 +59,7 @@ MAX_OPEN_FILES={{es_max_open_files}} # The maximum number of bytes of memory that may be locked into RAM # Set to "unlimited" if you use the 'bootstrap.memory_lock: true' option -# in elasticsearch.yml (ES_HEAP_SIZE must also be set). +# in elasticsearch.yml # When using Systemd, the LimitMEMLOCK property must be set # in /usr/lib/systemd/system/elasticsearch.service #MAX_LOCKED_MEMORY= diff --git a/templates/elasticsearch.repo b/templates/elasticsearch.repo index 562f74e..b629904 100644 --- a/templates/elasticsearch.repo +++ b/templates/elasticsearch.repo @@ -4,6 +4,8 @@ baseurl=https://artifacts.elastic.co/packages/{{ es_major_version }}/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 +autorefresh=1 +type=rpm-md {% if es_proxy_host is defined and es_proxy_host != '' and es_proxy_port is defined %} proxy=http://{{ es_proxy_host }}:{{es_proxy_port}} {% endif %} diff --git a/templates/init/debian/elasticsearch.j2 b/templates/init/debian/elasticsearch.j2 index 5a21e47..64c2f0a 100755 --- a/templates/init/debian/elasticsearch.j2 +++ b/templates/init/debian/elasticsearch.j2 @@ -84,16 +84,30 @@ if [ ! -z "$CONF_FILE" ]; then exit 1 fi +if [ "$ES_USER" != "elasticsearch" ] || [ "$ES_GROUP" != "elasticsearch" ]; then + echo "WARNING: ES_USER and ES_GROUP are deprecated and will be removed in the next major version of Elasticsearch, got: [$ES_USER:$ES_GROUP]" +fi + # Define other required variables PID_FILE="$PID_DIR/$NAME.pid" -DAEMON={{es_home}}/bin/elasticsearch -DAEMON_OPTS="-d -p $PID_FILE -Edefault.path.home=$ES_HOME -Edefault.path.logs=$LOG_DIR -Edefault.path.data=$DATA_DIR -Edefault.path.conf=$CONF_DIR" +DAEMON=$ES_HOME/bin/elasticsearch +DAEMON_OPTS="-d -p $PID_FILE -Edefault.path.logs=$LOG_DIR -Edefault.path.data=$DATA_DIR -Edefault.path.conf=$CONF_DIR" export ES_JAVA_OPTS export JAVA_HOME export ES_INCLUDE export ES_JVM_OPTIONS +# export unsupported variables so bin/elasticsearch can reject them and inform the user these are unsupported +if test -n "$ES_MIN_MEM"; then export ES_MIN_MEM; fi +if test -n "$ES_MAX_MEM"; then export ES_MAX_MEM; fi +if test -n "$ES_HEAP_SIZE"; then export ES_HEAP_SIZE; fi +if test -n "$ES_HEAP_NEWSIZE"; then export ES_HEAP_NEWSIZE; fi +if test -n "$ES_DIRECT_SIZE"; then export ES_DIRECT_SIZE; fi +if test -n "$ES_USE_IPV4"; then export ES_USE_IPV4; fi +if test -n "$ES_GC_OPTS"; then export ES_GC_OPTS; fi +if test -n "$ES_GC_LOG_FILE"; then export ES_GC_LOG_FILE; fi + # Check DAEMON exists if [ ! -x "$DAEMON" ]; then echo "The elasticsearch startup script does not exists or it is not executable, tried: $DAEMON" @@ -117,13 +131,6 @@ case "$1" in start) checkJava -{% if es_version | version_compare('5.0', '<') %} - if [ -n "$MAX_LOCKED_MEMORY" -a -z "$ES_HEAP_SIZE" ]; then - log_failure_msg "MAX_LOCKED_MEMORY is set - ES_HEAP_SIZE must also be set" - exit 1 - fi -{% endif %} - log_daemon_msg "Starting $DESC" pid=`pidofproc -p $PID_FILE elasticsearch` @@ -133,9 +140,6 @@ case "$1" in exit 0 fi - # Prepare environment - mkdir -p "$LOG_DIR" "$DATA_DIR" && chown "$ES_USER":"$ES_GROUP" "$LOG_DIR" "$DATA_DIR" - # Ensure that the PID_DIR exists (it is cleaned at OS startup time) if [ -n "$PID_DIR" ] && [ ! -e "$PID_DIR" ]; then mkdir -p "$PID_DIR" && chown "$ES_USER":"$ES_GROUP" "$PID_DIR" @@ -157,7 +161,7 @@ case "$1" in fi # Start Daemon - start-stop-daemon -d $ES_HOME --start -b --user "$ES_USER" -c "$ES_USER" --pidfile "$PID_FILE" --exec $DAEMON -- $DAEMON_OPTS + start-stop-daemon -d $ES_HOME --start --user "$ES_USER" -c "$ES_USER" --pidfile "$PID_FILE" --exec $DAEMON -- $DAEMON_OPTS return=$? if [ $return -eq 0 ]; then i=0 @@ -203,7 +207,6 @@ case "$1" in restart|force-reload) if [ -f "$PID_FILE" ]; then $0 stop - sleep 1 fi $0 start ;; diff --git a/templates/init/redhat/elasticsearch.j2 b/templates/init/redhat/elasticsearch.j2 index f906074..e093a85 100755 --- a/templates/init/redhat/elasticsearch.j2 +++ b/templates/init/redhat/elasticsearch.j2 @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # # elasticsearch # @@ -48,7 +48,6 @@ DATA_DIR={{ data_dirs | array_to_str }} CONF_DIR="{{conf_dir}}" PID_DIR="{{pid_dir}}" -ES_JVM_OPTIONS="{{conf_dir}}/jvm.options" # Source the default env file ES_ENV_FILE="{{instance_default_file}}" @@ -56,6 +55,10 @@ if [ -f "$ES_ENV_FILE" ]; then . "$ES_ENV_FILE" fi +if [ "$ES_USER" != "elasticsearch" ] || [ "$ES_GROUP" != "elasticsearch" ]; then + echo "WARNING: ES_USER and ES_GROUP are deprecated and will be removed in the next major version of Elasticsearch, got: [$ES_USER:$ES_GROUP]" +fi + # CONF_FILE setting was removed if [ ! -z "$CONF_FILE" ]; then echo "CONF_FILE setting is no longer supported. elasticsearch.yml must be placed in the config directory and cannot be renamed." diff --git a/templates/jvm.options.j2 b/templates/jvm.options.j2 index 0cf7394..ad30851 100644 --- a/templates/jvm.options.j2 +++ b/templates/jvm.options.j2 @@ -20,13 +20,9 @@ # Xmx represents the maximum size of total heap space {% if es_heap_size is defined %} -Xms{{ es_heap_size }} -{% else %} --Xms2g -{% endif %} - -{% if es_heap_size is defined %} -Xmx{{ es_heap_size }} {% else %} +-Xms2g -Xmx2g {% endif %} @@ -47,9 +43,6 @@ ## optimizations -# disable calls to System#gc --XX:+DisableExplicitGC - # pre-touch memory pages used by the JVM during initialization -XX:+AlwaysPreTouch @@ -67,7 +60,10 @@ # use our provided JNA always versus the system one -Djna.nosys=true -# flags to keep Netty from being unsafe +# use old-style file permissions on JDK9 +-Djdk.io.permissionsUseCanonicalPath=true + +# flags to configure Netty -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 @@ -100,6 +96,14 @@ # ensure the directory exists #-Xloggc:${loggc} + +# By default, the GC log file will not rotate. +# By uncommenting the lines below, the GC log file +# will be rotated every 128MB at most 32 times. +#-XX:+UseGCLogFileRotation +#-XX:NumberOfGCLogFiles=32 +#-XX:GCLogFileSize=128M + # Elasticsearch 5.0.0 will throw an exception on unquoted field names in JSON. # If documents were already indexed with unquoted fields in a previous version # of Elasticsearch, some operations may throw errors. diff --git a/templates/systemd/elasticsearch.j2 b/templates/systemd/elasticsearch.j2 index dafae58..6473fa3 100644 --- a/templates/systemd/elasticsearch.j2 +++ b/templates/systemd/elasticsearch.j2 @@ -41,6 +41,9 @@ StandardError=inherit LimitNOFILE={{es_max_open_files}} {% endif %} +# Specifies the maximum number of processes +LimitNPROC=2048 + # Specifies the maximum number of bytes of memory that may be locked into RAM # Set to "infinity" if you use the 'bootstrap.memory_lock: true' option # in elasticsearch.yml and 'MAX_LOCKED_MEMORY=unlimited' in {{instance_default_file}} @@ -54,6 +57,9 @@ TimeoutStopSec=0 # SIGTERM signal is used to stop the Java process KillSignal=SIGTERM +# Send the signal only to the JVM rather than its control group +KillMode=process + # Java process is never killed SendSIGKILL=no diff --git a/test/integration/config-5x/serverspec/default_spec.rb b/test/integration/config-5x/serverspec/default_spec.rb index 785614b..ade4b54 100644 --- a/test/integration/config-5x/serverspec/default_spec.rb +++ b/test/integration/config-5x/serverspec/default_spec.rb @@ -1,6 +1,6 @@ require 'config_spec' describe 'Config Tests v 5.x' do - include_examples 'config::init', "5.2.2", ["ingest-attachment","ingest-user-agent"] + include_examples 'config::init', "5.5.1", ["ingest-attachment","ingest-user-agent"] end diff --git a/test/integration/multi-5x/serverspec/default_spec.rb b/test/integration/multi-5x/serverspec/default_spec.rb index 7020270..fcf6ee5 100644 --- a/test/integration/multi-5x/serverspec/default_spec.rb +++ b/test/integration/multi-5x/serverspec/default_spec.rb @@ -2,7 +2,7 @@ require 'multi_spec' describe 'Multi Tests v 5.x' do - include_examples 'multi::init', "5.2.2", ["ingest-geoip"] + include_examples 'multi::init', "5.5.1", ["ingest-geoip"] end diff --git a/test/integration/package-5x/serverspec/default_spec.rb b/test/integration/package-5x/serverspec/default_spec.rb index 6c553ae..225541a 100644 --- a/test/integration/package-5x/serverspec/default_spec.rb +++ b/test/integration/package-5x/serverspec/default_spec.rb @@ -2,5 +2,5 @@ require 'package_spec' describe 'Package Tests v 5.x' do - include_examples 'package::init', "5.2.2", ["ingest-attachment","ingest-geoip"] + include_examples 'package::init', "5.5.1", ["ingest-attachment","ingest-geoip"] end \ No newline at end of file diff --git a/test/integration/standard-5x/serverspec/default_spec.rb b/test/integration/standard-5x/serverspec/default_spec.rb index f219dfc..729b306 100644 --- a/test/integration/standard-5x/serverspec/default_spec.rb +++ b/test/integration/standard-5x/serverspec/default_spec.rb @@ -2,7 +2,7 @@ require 'standard_spec' describe 'Standard Tests v 5.x' do - include_examples 'standard::init', "5.2.2", ["ingest-geoip"] + include_examples 'standard::init', "5.5.1", ["ingest-geoip"] end diff --git a/test/integration/xpack-5x/serverspec/default_spec.rb b/test/integration/xpack-5x/serverspec/default_spec.rb index aa7e697..ab0946b 100644 --- a/test/integration/xpack-5x/serverspec/default_spec.rb +++ b/test/integration/xpack-5x/serverspec/default_spec.rb @@ -1,5 +1,5 @@ require 'xpack_spec' describe 'Xpack Tests v 5.x' do - include_examples 'xpack::init', "5.2.2", ["ingest-attachment"] + include_examples 'xpack::init', "5.5.1", ["ingest-attachment"] end