From 78715d8fab1cfa6f6e68f7eeef631090810f5d8d Mon Sep 17 00:00:00 2001 From: "Dimitri B." Date: Sun, 1 Dec 2024 14:48:59 +0100 Subject: [PATCH] Add a setup script and according makefile target to upgrade ES keystore from older versions of java --- Makefile | 7 +++++++ docker-compose.setup.yml | 6 +++++- setup/upgrade-keystore.sh | 25 +++++++++++++++++++++++++ 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 setup/upgrade-keystore.sh diff --git a/Makefile b/Makefile index d2e73dd..8d562f8 100644 --- a/Makefile +++ b/Makefile @@ -24,6 +24,13 @@ endif keystore: ## Setup Elasticsearch Keystore, by initializing passwords, and add credentials defined in `keystore.sh`. $(DOCKER_COMPOSE_COMMAND) -f docker-compose.setup.yml run --rm keystore +upgrade-keystore: ## Upgrade Elasticsearch Keystore, which is necessary when upgrading to an Elasticsearch version that uses a newer Java version. + @if [ -n "$$($(DOCKER_COMPOSE_COMMAND) ps -q)" ]; then \ + echo "Please stop all running containers before upgrading the keystore."; \ + exit 1; \ + fi + $(DOCKER_COMPOSE_COMMAND) -f docker-compose.setup.yml run --rm upgrade-keystore + certs: ## Generate Elasticsearch SSL Certs. $(DOCKER_COMPOSE_COMMAND) -f docker-compose.setup.yml run --rm certs diff --git a/docker-compose.setup.yml b/docker-compose.setup.yml index 716fb99..620f08c 100644 --- a/docker-compose.setup.yml +++ b/docker-compose.setup.yml @@ -1,7 +1,7 @@ version: '3.5' services: - keystore: + keystore: &keystore-service image: elastdocker/elasticsearch:${ELK_VERSION} build: context: elasticsearch/ @@ -15,6 +15,10 @@ services: environment: ELASTIC_PASSWORD: ${ELASTIC_PASSWORD} + upgrade-keystore: + <<: *keystore-service + command: bash /setup/upgrade-keystore.sh + certs: image: elastdocker/elasticsearch:${ELK_VERSION} build: diff --git a/setup/upgrade-keystore.sh b/setup/upgrade-keystore.sh new file mode 100644 index 0000000..9188c92 --- /dev/null +++ b/setup/upgrade-keystore.sh @@ -0,0 +1,25 @@ +# Exit on Error +set -e + +KEYSTORE_TO_UPGRADE=/secrets/keystore/elasticsearch.keystore +KEYSTORE_TO_UPGRADE_BACKUP=$KEYSTORE_TO_UPGRADE.pre-upgrade +KEYSTORE_LOCATION_FOR_TOOL=/usr/share/elasticsearch/config/elasticsearch.keystore + +if [ -f $KEYSTORE_TO_UPGRADE_BACKUP ]; then + echo "A backup of a previous run of this script was found at $KEYSTORE_TO_UPGRADE_BACKUP. Aborting execution!" + echo "Please remove the backup file and run the script again if you're sure that you want to run the upgrade script again." + exit 1 +fi + +echo "=========== Upgrading Elasticsearch Keystore ==========" + +cp $KEYSTORE_TO_UPGRADE $KEYSTORE_LOCATION_FOR_TOOL + +echo "Running elasticsearch-keystore upgrade" +elasticsearch-keystore upgrade + +mv $KEYSTORE_TO_UPGRADE $KEYSTORE_TO_UPGRADE_BACKUP +mv $KEYSTORE_LOCATION_FOR_TOOL $KEYSTORE_TO_UPGRADE + +echo "======= Keystore upgrade completed successfully =======" +echo "Old keystore was backed up to $KEYSTORE_TO_UPGRADE_BACKUP"