Add Elasticsearch cluster configuration

CHANGELOG.md

@@ -12,6 +12,7 @@ All notable changes to this project will be documented in this file.
 - Adding env variables for alerts data flow. ([#118](https://github.com/wazuh/wazuh-docker/pull/118))
 - New Logstash entrypoint added. ([#135](https://github.com/wazuh/wazuh-docker/pull/135/files))
 - Welcome screen management. ([#133](https://github.com/wazuh/wazuh-docker/pull/133))
+- Add Elasticsearch cluster configuration. ([#146](https://github.com/wazuh/wazuh-docker/pull/146))
 
 ### Changed
 

README.md

@@ -14,6 +14,8 @@ In this repository you will find the containers to run:
 
 In addition, a docker-compose file is provided to launch the containers mentioned above. It also launches an Elasticsearch container (working as a single-node cluster) using Elastic Stack Docker images.
 
+* Elasticsearch cluster. In the Elasticsearch Dockerfile we can visualize variables to configure an Elasticsearch Cluster. These variables are used in the file *config_cluster.sh* to set them in the *elasticsearch.yml* configuration file. You can see the meaning of the node variables [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html) and other cluster settings [here](https://github.com/elastic/elasticsearch/blob/master/distribution/src/config/elasticsearch.yml).
+
 ## Documentation
 
 * [Wazuh full documentation](http://documentation.wazuh.com)

elasticsearch/Dockerfile

@@ -1,6 +1,8 @@
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 FROM docker.elastic.co/elasticsearch/elasticsearch:6.5.4
 
+ENV ELASTICSEARCH_URL="http://elasticsearch:9200"
+
 ENV ALERTS_SHARDS="1" \
     ALERTS_REPLICAS="0"
 
@@ -13,6 +15,20 @@ ENV ENABLE_CONFIGURE_S3="false"
 
 ENV TEMPLATE_VERSION=v3.8.2
 
+# Elasticearch cluster configuration environment variables
+# If ELASTIC_CLUSTER is set to "true" the following variables will be added to the Elasticsearch configuration
+ENV ELASTIC_CLUSTER="false" \
+    CLUSTER_NAME="wazuh" \
+    CLUSTER_NODE_MASTER="true" \
+    CLUSTER_NODE_DATA="true" \
+    CLUSTER_NODE_INGEST="true" \
+    CLUSTER_NODE_NAME="wazuh-elasticsearch" \
+    CLUSTER_MEMORY_LOCK="true" \
+    CLUSTER_DISCOVERY_SERVICE="wazuh-elasticsearch" \
+    CLUSTER_NUMBER_OF_MASTERS="2" \
+    CLUSTER_MAX_NODES="1" \
+    CLUSTER_DELAYED_TIMEOUT="1m"
+
 ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/wazuh-elastic6-template-alerts.json /usr/share/elasticsearch/config
 
 COPY config/entrypoint.sh /entrypoint.sh
@@ -28,5 +44,8 @@ RUN elasticsearch-plugin install --batch repository-s3
 COPY config/configure_s3.sh ./config/configure_s3.sh
 RUN chmod 755 ./config/configure_s3.sh
 
+COPY --chown=elasticsearch:elasticsearch ./config/config_cluster.sh ./
+RUN chmod +x ./config_cluster.sh
+
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["elasticsearch"]

elasticsearch/config/config_cluster.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+elastic_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
+
+
+# If Elasticsearch cluster is enable
+if [[ $ELASTIC_CLUSTER == "true" ]]
+then
+
+  # Set the cluster.name and discovery.zen.minimun_master_nodes variables
+  sed -i 's:cluster.name\: "docker-cluster":cluster.name\: "'$CLUSTER_NAME'":g' $elastic_config_file
+  sed -i 's:discovery.zen.minimum_master_nodes\: 1:discovery.zen.minimum_master_nodes\: '$CLUSTER_NUMBER_OF_MASTERS':g' $elastic_config_file
+
+  # Add the cluster configuration
+  echo "
+#cluster node
+node:
+  master: ${CLUSTER_NODE_MASTER}
+  data: ${CLUSTER_NODE_DATA}
+  ingest: ${CLUSTER_NODE_INGEST}
+  name: ${CLUSTER_NODE_NAME}
+  max_local_storage_nodes: ${CLUSTER_MAX_NODES}
+
+bootstrap:
+  memory_lock: ${CLUSTER_MEMORY_LOCK}
+
+discovery:
+  zen:
+    ping.unicast.hosts: ${CLUSTER_DISCOVERY_SERVICE}
+
+" >> $elastic_config_file
+fi

elasticsearch/config/entrypoint.sh

@@ -43,6 +43,8 @@ fi
 
 # Run load settings script.
 
+./config_cluster.sh
+
 ./load_settings.sh &
 
 # Execute elasticsearch

elasticsearch/config/load_settings.sh

@@ -3,11 +3,7 @@
 
 set -e
 
-if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
-  el_url="http://elasticsearch:9200"
-else
-  el_url="${ELASTICSEARCH_URL}"
-fi
+el_url=${ELASTICSEARCH_URL}
 
 if [ "x${WAZUH_API_URL}" = "x" ]; then
   wazuh_url="https://wazuh"
@@ -94,5 +90,14 @@ curl -XPUT "$el_url/_cluster/settings" -H 'Content-Type: application/json' -d'
 }
 '
 
+# Set cluster delayed timeout when node falls
+curl -X PUT "$el_url/_all/_settings" -H 'Content-Type: application/json' -d'
+{
+  "settings": {
+    "index.unassigned.node_left.delayed_timeout": "'"$CLUSTER_DELAYED_TIMEOUT"'"
+  }
+}
+'
+
 
 echo "Elasticsearch is ready."