From e40df383df7505d7bd872f6a24cc875001438802 Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Mon, 3 May 2021 17:38:16 -0400 Subject: [PATCH 1/3] Move docker compose file to its corresponding folders here Signed-off-by: Peter Zhu --- opensearch/linux/opensearch-tar-install.sh | 73 ------- release/docker/build-image.sh | 104 ++++++++++ ...opensearch-dashboards-docker-entrypoint.sh | 196 ++++++++++++++++++ .../opensearch.example.org.cert | 19 ++ .../opensearch.example.org.key | 27 +++ .../opensearch_dashboards.yml | 28 +++ .../config/opensearch/log4j2.properties | 9 + .../opensearch-docker-entrypoint.sh | 112 ++++++++++ .../opensearch/opensearch-onetime-setup.sh | 50 +++++ .../docker/config/opensearch/opensearch.yml | 11 + .../performance-analyzer.properties | 47 +++++ .../dockercomposefiles/docker-compose.yml | 66 ++++++ .../opensearch-dashboards.al2.dockerfile | 100 +++++++++ .../dockerfiles/opensearch.al2.dockerfile | 106 ++++++++++ 14 files changed, 875 insertions(+), 73 deletions(-) delete mode 100755 opensearch/linux/opensearch-tar-install.sh create mode 100755 release/docker/build-image.sh create mode 100755 release/docker/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh create mode 100644 release/docker/config/opensearch-dashboards/opensearch.example.org.cert create mode 100644 release/docker/config/opensearch-dashboards/opensearch.example.org.key create mode 100644 release/docker/config/opensearch-dashboards/opensearch_dashboards.yml create mode 100644 release/docker/config/opensearch/log4j2.properties create mode 100755 release/docker/config/opensearch/opensearch-docker-entrypoint.sh create mode 100755 release/docker/config/opensearch/opensearch-onetime-setup.sh create mode 100644 release/docker/config/opensearch/opensearch.yml create mode 100644 release/docker/config/opensearch/performance-analyzer.properties create mode 100644 release/docker/dockercomposefiles/docker-compose.yml create mode 100644 release/docker/dockerfiles/opensearch-dashboards.al2.dockerfile create mode 100644 release/docker/dockerfiles/opensearch.al2.dockerfile diff --git a/opensearch/linux/opensearch-tar-install.sh b/opensearch/linux/opensearch-tar-install.sh deleted file mode 100755 index d51781facf..0000000000 --- a/opensearch/linux/opensearch-tar-install.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/bash - -# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"). -# You may not use this file except in compliance with the License. -# A copy of the License is located at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# or in the "license" file accompanying this file. This file is distributed -# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either -# express or implied. See the License for the specific language governing -# permissions and limitations under the License. - -OPENSEARCH_HOME=`dirname $(realpath $0)`; cd $OPENSEARCH_HOME -KNN_LIB_DIR=$OPENSEARCH_HOME/plugins/opensearch-knn/knnlib -##Security Plugin -bash $OPENSEARCH_HOME/plugins/opensearch-security/tools/install_demo_configuration.sh -y -i -s - -##Perf Plugin -chmod 755 $OPENSEARCH_HOME/plugins/opensearch-performance-analyzer/pa_bin/performance-analyzer-agent -chmod -R 755 /dev/shm -chmod 755 $OPENSEARCH_HOME/bin/performance-analyzer-agent-cli -echo "done security" -PA_AGENT_JAVA_OPTS="-Dlog4j.configurationFile=$OPENSEARCH_HOME/plugins/opensearch-performance-analyzer/pa_config/log4j2.xml \ - -Xms64M -Xmx64M -XX:+UseSerialGC -XX:CICompilerCount=1 -XX:-TieredCompilation -XX:InitialCodeCacheSize=4096 \ - -XX:InitialBootClassLoaderMetaspaceSize=30720 -XX:MaxRAM=400m" - -OPENSEARCH_MAIN_CLASS="com.amazon.opendistro.opensearch.performanceanalyzer.PerformanceAnalyzerApp" \ -OPENSEARCH_ADDITIONAL_CLASSPATH_DIRECTORIES=plugins/opensearch-performance-analyzer \ -OPENSEARCH_JAVA_OPTS=$PA_AGENT_JAVA_OPTS - -if ! grep -q '## OpenSearch Performance Analyzer' $OPENSEARCH_HOME/config/jvm.options; then - CLK_TCK=`/usr/bin/getconf CLK_TCK` - echo >> $OPENSEARCH_HOME/config/jvm.options - echo '## OpenSearch Performance Analyzer' >> $OPENSEARCH_HOME/config/jvm.options - echo "-Dclk.tck=$CLK_TCK" >> $OPENSEARCH_HOME/config/jvm.options - echo "-Djdk.attach.allowAttachSelf=true" >> $OPENSEARCH_HOME/config/jvm.options - echo "-Djava.security.policy=$OPENSEARCH_HOME/plugins/opensearch-performance-analyzer/pa_config/opensearch_security.policy" >> $OPENSEARCH_HOME/config/jvm.options -fi -echo "done plugins" - -##Check KNN lib existence in OpenSearch TAR distribution -echo "Checking kNN library" -FILE=`ls $KNN_LIB_DIR/libKNNIndex*.so` -if test -f "$FILE"; then - echo "FILE EXISTS $FILE" -else - echo "TEST FAILED OR FILE NOT EXIST $FILE" -fi - -##Set KNN Dylib Path for macOS and *nix systems -if echo "$OSTYPE" | grep -qi "darwin"; then - if echo "$JAVA_LIBRARY_PATH" | grep -q "$KNN_LIB_DIR"; then - echo "KNN lib path has been set" - else - export JAVA_LIBRARY_PATH=$JAVA_LIBRARY_PATH:$KNN_LIB_DIR - echo "KNN lib path not found, set new path" - echo $JAVA_LIBRARY_PATH - fi -else - if echo "$LD_LIBRARY_PATH" | grep -q "$KNN_LIB_DIR"; then - echo "KNN lib path has been set" - else - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$KNN_LIB_DIR - echo "KNN lib path not found, set new path" - echo $LD_LIBRARY_PATH - fi -fi - -##Start OpenSearch -bash $OPENSEARCH_HOME/bin/opensearch "$@" diff --git a/release/docker/build-image.sh b/release/docker/build-image.sh new file mode 100755 index 0000000000..561debbe31 --- /dev/null +++ b/release/docker/build-image.sh @@ -0,0 +1,104 @@ +#!/bin/bash + +# SPDX-License-Identifier: Apache-2.0 +# +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. +# +# Modifications Copyright OpenSearch Contributors. See +# GitHub history for details. + + +# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. + + +set -e + +function usage() { + echo "" + echo "This script is used to build the OpenSearch Docker image. It prepares the files required by the Dockerfile in a temporary directory, then builds and tags the Docker image." + echo "--------------------------------------------------------------------------" + echo "Usage: $0 [args]" + echo "" + echo "Required arguments:" + echo -e "-v VERSION\tSpecify the OpenSearch version number that you are building, e.g. '1.0.0' or '1.0.0-beta1'. This will be used to label the Docker image. If you do not use the '-o' option then this tool will download a public OPENSEARCH release matching this version." + echo -e "-f DOCKERFILE\tSpecify the dockerfile full path, e.g. dockerfile/opensearch.al2.dockerfile." + echo -e "-p PRODUCT\tSpecify the product, e.g. opensearch or opensearch-dashboards, make sure this is the name of your config folder and the name of your .tgz defined in dockerfile." + echo "" + echo "Optional arguments:" + echo -e "-o FILENAME\tSpecify a local OPENSEARCH tarball. You still need to specify the version - this tool does not attempt to parse the filename." + echo -e "-h\t\tPrint this message." + echo "--------------------------------------------------------------------------" +} + +while getopts ":ho:v:f:p:" arg; do + case $arg in + h) + usage + exit 1 + ;; + o) + TARBALL=`realpath $OPTARG` + ;; + v) + VERSION=$OPTARG + ;; + f) + DOCKERFILE=$OPTARG + ;; + p) + PRODUCT=$OPTARG + ;; + :) + echo "-${OPTARG} requires an argument" + usage + exit 1 + ;; + ?) + echo "Invalid option: -${arg}" + exit 1 + ;; + esac +done + +if [ -z "$VERSION" ] || [ -z "$DOCKERFILE" ] || [ -z "$PRODUCT" ]; then + echo "You must specify '-v VERSION', '-f DOCKERFILE', '-p PRODUCT'" + usage + exit 1 +fi + +echo $DOCKERFILE + +DIR=`mktemp -d` + +echo "Creating Docker workspace in $DIR" +trap '{ echo Removing Docker workspace in "$DIR"; rm -rf -- "$DIR"; }' TERM INT EXIT + +if [ -z "$TARBALL" ]; then + # No tarball file specified so download one + URL="https://artifacts.opensearch.org/releases/bundle/${PRODUCT}/${VERSION}/${PRODUCT}-${VERSION}-linux-x64.tar.gz" + echo "Downloading ${PRODUCT} version ${VERSION} from ${URL}" + curl -f $URL -o $DIR/$PRODUCT.tgz || exit 1 + ls -l $DIR +else + cp -v $TARBALL $DIR/$PRODUCT.tgz +fi + +cp -v config/${PRODUCT}/* $DIR/ + +docker build --build-arg VERSION=$VERSION --build-arg BUILD_DATE=`date -u +%Y-%m-%dT%H:%M:%SZ` -f $DOCKERFILE $DIR -t opensearchproject/$PRODUCT:$VERSION +docker tag opensearchproject/$PRODUCT:$VERSION opensearchproject/$PRODUCT:latest + +rm -rf $DIR diff --git a/release/docker/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh b/release/docker/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh new file mode 100755 index 0000000000..9ca83f531d --- /dev/null +++ b/release/docker/config/opensearch-dashboards/opensearch-dashboards-docker-entrypoint.sh @@ -0,0 +1,196 @@ +#!/bin/bash + +# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. + +# +# Run OpenSearch-Dashboards, using environment variables to +# set longopts defining OpenSearch-Dashboards's configuration. +# +# eg. Setting the environment variable: +# +# OPENSEARCH_STARTUPTIMEOUT=60 +# +# will cause OpenSearch-Dashboards to be invoked with: +# +# --opensearch.startupTimeout=60 + +opensearch_dashboards_vars=( + console.enabled + console.proxyConfig + console.proxyFilter + ops.cGroupOverrides.cpuPath + ops.cGroupOverrides.cpuAcctPath + cpu.cgroup.path.override + cpuacct.cgroup.path.override + csp.rules + csp.strict + csp.warnLegacyBrowsers + opensearch.customHeaders + opensearch.hosts + opensearch.logQueries + opensearch.password + opensearch.pingTimeout + opensearch.requestHeadersWhitelist + opensearch.requestTimeout + opensearch.shardTimeout + opensearch.sniffInterval + opensearch.sniffOnConnectionFault + opensearch.sniffOnStart + opensearch.ssl.alwaysPresentCertificate + opensearch.ssl.certificate + opensearch.ssl.certificateAuthorities + opensearch.ssl.key + opensearch.ssl.keyPassphrase + opensearch.ssl.keystore.path + opensearch.ssl.keystore.password + opensearch.ssl.truststore.path + opensearch.ssl.truststore.password + opensearch.ssl.verificationMode + opensearch.username + i18n.locale + interpreter.enableInVisualize + opensearchDashboards.autocompleteTerminateAfter + opensearchDashboards.autocompleteTimeout + opensearchDashboards.defaultAppId + opensearchDashboards.index + logging.dest + logging.json + logging.quiet + logging.rotate.enabled + logging.rotate.everyBytes + logging.rotate.keepFiles + logging.rotate.pollingInterval + logging.rotate.usePolling + logging.silent + logging.useUTC + logging.verbose + map.includeOpenSearchMapsService + map.proxyOpenSearchMapsServiceInMaps + map.regionmap + map.tilemap.options.attribution + map.tilemap.options.maxZoom + map.tilemap.options.minZoom + map.tilemap.options.subdomains + map.tilemap.url + monitoring.cluster_alerts.email_notifications.email_address + monitoring.enabled + monitoring.opensearchDashboards.collection.enabled + monitoring.opensearchDashboards.collection.interval + monitoring.ui.container.opensearch.enabled + monitoring.ui.container.logstash.enabled + monitoring.ui.opensearch.password + monitoring.ui.opensearch.pingTimeout + monitoring.ui.opensearch.hosts + monitoring.ui.opensearch.username + monitoring.ui.opensearch.logFetchCount + monitoring.ui.opensearch.ssl.certificateAuthorities + monitoring.ui.opensearch.ssl.verificationMode + monitoring.ui.enabled + monitoring.ui.max_bucket_size + monitoring.ui.min_interval_seconds + newsfeed.enabled + ops.interval + path.data + pid.file + regionmap + security.showInsecureClusterWarning + server.basePath + server.customResponseHeaders + server.compression.enabled + server.compression.referrerWhitelist + server.cors + server.cors.origin + server.defaultRoute + server.host + server.keepAliveTimeout + server.maxPayloadBytes + server.name + server.port + server.rewriteBasePath + server.socketTimeout + server.ssl.cert + server.ssl.certificate + server.ssl.certificateAuthorities + server.ssl.cipherSuites + server.ssl.clientAuthentication + server.customResponseHeaders + server.ssl.enabled + server.ssl.key + server.ssl.keyPassphrase + server.ssl.keystore.path + server.ssl.keystore.password + server.ssl.truststore.path + server.ssl.truststore.password + server.ssl.redirectHttpFromPort + server.ssl.supportedProtocols + server.xsrf.disableProtection + server.xsrf.whitelist + status.allowAnonymous + status.v6ApiFormat + tilemap.options.attribution + tilemap.options.maxZoom + tilemap.options.minZoom + tilemap.options.subdomains + tilemap.url + timeline.enabled + vega.enableExternalUrls + apm_oss.apmAgentConfigurationIndex + apm_oss.indexPattern + apm_oss.errorIndices + apm_oss.onboardingIndices + apm_oss.spanIndices + apm_oss.sourcemapIndices + apm_oss.transactionIndices + apm_oss.metricsIndices + telemetry.allowChangingOptInStatus + telemetry.enabled + telemetry.optIn + telemetry.optInStatusUrl + telemetry.sendUsageFrom +) + +longopts='' +for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do + # 'opensearch.hosts' -> 'OPENSEARCH_URL' + env_var=$(echo ${opensearch_dashboards_var^^} | tr . _) + + # Indirectly lookup env var values via the name of the var. + # REF: http://tldp.org/LDP/abs/html/bashver2.html#EX78 + value=${!env_var} + if [[ -n $value ]]; then + longopt="--${opensearch_dashboards_var}=${value}" + longopts+=" ${longopt}" + fi +done + +# Files created at run-time should be group-writable, for Openshift's sake. +umask 0002 + +# TO DO: +# Confirm with Mihir if this is necessary + +# The virtual file /proc/self/cgroup should list the current cgroup +# membership. For each hierarchy, you can follow the cgroup path from +# this file to the cgroup filesystem (usually /sys/fs/cgroup/) and +# introspect the statistics for the cgroup for the given +# hierarchy. Alas, Docker breaks this by mounting the container +# statistics at the root while leaving the cgroup paths as the actual +# paths. Therefore, OpenSearch-Dashboards provides a mechanism to override +# reading the cgroup path from /proc/self/cgroup and instead uses the +# cgroup path defined the configuration properties +# cpu.cgroup.path.override and cpuacct.cgroup.path.override. +# Therefore, we set this value here so that cgroup statistics are +# available for the container this process will run in. + +exec /usr/share/opensearch-dashboards/bin/opensearch-dashboards --cpu.cgroup.path.override=/ --cpuacct.cgroup.path.override=/ ${longopts} "$@" diff --git a/release/docker/config/opensearch-dashboards/opensearch.example.org.cert b/release/docker/config/opensearch-dashboards/opensearch.example.org.cert new file mode 100644 index 0000000000..9540047b98 --- /dev/null +++ b/release/docker/config/opensearch-dashboards/opensearch.example.org.cert @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIJAKO3AgiyHbReMA0GCSqGSIb3DQEBBQUAMCkxJzAlBgNV +BAMMHm9wZW5kaXN0cm9mb3JlbGFzdGljc2VhcmNoLm9yZzAeFw0xOTAyMTUwNzI5 +MjNaFw0yOTAyMTIwNzI5MjNaMCkxJzAlBgNVBAMMHm9wZW5kaXN0cm9mb3JlbGFz +dGljc2VhcmNoLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPO +w4iMMWj7wODNeAR+t9fFoFkhWmo7NiV9qteUtOTnOLBFG6VWVh2kQev1Ph2dF0uw +Dg632Pk3Tl1er+eKCoG+YzwkJqVZ0CJlxZdpN5jCpliCYxIaGUHO0I+Kdhzg1IUk +1Q2+8aeVN7ddiYZC13T/b5Kut8lr13O8OTqeBX2zRxuzX+jUNAZjAsCAdsv2jRrO +94883OyDzF6UXvETJcW5uF4j7NK9N2nfAplMy6Z7v/0kA89/ecuAb8wmf7MOul1h +sHyNd4aJwIGhKW/qBLJG+GHB5BiO6OaMJMzr5kzSV9we5r/plas5viAl/jWsYECS +rvGjUqBEOKOFy6RS2ZECAwEAAaNQME4wHQYDVR0OBBYEFI05BOGEHtUhrZmkIL3W +6KpJLE71MB8GA1UdIwQYMBaAFI05BOGEHtUhrZmkIL3W6KpJLE71MAwGA1UdEwQF +MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBACvAn1fRvkJamVKdmsou+YTmxu5YhDva +MepBVT6yeqctcgQgUfaneuBrl/+9zmxkjykZ1uimSS2IM1FxIXuB8rX+iAcgFyIs +XXquOhJlaXs/kN0KBGUSRkTMQSGIaTh26U7GnCQrdaIZDtKp7CRWjNebeDucNOc+ +aXOqiNFbVePNe8+EZIDb0FmV4IiHuLcqCwzZvgesl3EUPuMsnrxeNKIw83ecpjqK +YRwWWhvY57asVbOZjn+M57bJSpzO9bO70uib0ItWs19aWqYP1vEOuNHEDbr2EVel +dejL2fYF06uiw179PSYnvDQohWdiqm8dM0Nx+QtJcbOR6BiBh8aQTjw= +-----END CERTIFICATE----- diff --git a/release/docker/config/opensearch-dashboards/opensearch.example.org.key b/release/docker/config/opensearch-dashboards/opensearch.example.org.key new file mode 100644 index 0000000000..e549011659 --- /dev/null +++ b/release/docker/config/opensearch-dashboards/opensearch.example.org.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAs87DiIwxaPvA4M14BH6318WgWSFaajs2JX2q15S05Oc4sEUb +pVZWHaRB6/U+HZ0XS7AODrfY+TdOXV6v54oKgb5jPCQmpVnQImXFl2k3mMKmWIJj +EhoZQc7Qj4p2HODUhSTVDb7xp5U3t12JhkLXdP9vkq63yWvXc7w5Op4FfbNHG7Nf +6NQ0BmMCwIB2y/aNGs73jzzc7IPMXpRe8RMlxbm4XiPs0r03ad8CmUzLpnu//SQD +z395y4BvzCZ/sw66XWGwfI13honAgaEpb+oEskb4YcHkGI7o5owkzOvmTNJX3B7m +v+mVqzm+ICX+NaxgQJKu8aNSoEQ4o4XLpFLZkQIDAQABAoIBAEtPKXRyi2tWLlW5 +mTAAxw1Xl65dGtptjGMtfDWo8g8BjSu+9jJMs+rcVkP2xppupkgsJ+cgN39CG89d +jj1jAr2OuU+CMLGGqXcOuzCMgB26QSPHEKmPRs7aSV4ldwznWfueDqIgPGSdSeXC +Boy2SDmXluqPxShWw7mUtz+G2fPoQ+TMcH3puL3ooeV2iy25ZciLG3SFFQ7jTiJP +l6bNvnszVa7fRdapF25znC/XsfaW7XsXZwbV+NeWtO7CEIec/RExSy9N/abbmhWY +BPidBT9AQG4MoN10YunS7iwbfpXCNW0HKlFf77Mr5FrCZ0RE/Mg5JJrFF3Bt+sNT +v6/2+wUCgYEA3mEtewQCn40aIWYTTeXqtRCnpbt4y602B2PbY7OI/9N6xafATVnK ++bwcj9rKQRmUBbrvNGCY/GQJPqHRFjIRqK0y2QCavuR/980z96ojUXwsHG4eSmHY +wX0Rs+JtHVJDDH13hRWj/5Zxa+0ln2olBpHkp+o/VwiyYNXeqmw4Lq8CgYEAzv3p +kmOqNQpQ2y2jEdKYanIibsB27slb4UxBpCzEYSj3LF3CysaGF17GJRRCASH9Dm3Y +dZSgJzuBVZSgYl9HNSB1wY1gpHYeLm0F0yaE1D4tSoXGD+8pbLbl6LjwHOUtH4Yx +NCDwOv+pe6+tyO6v04xcAOSWWkcsHkesrcehi78CgYEAztNA8o3LRst8Rx3hzGyP +O7HuyoSvF3fUrVDhZjw/qfft0tFvWEGwN08OnXjW7W81rZKsEWHaR7teocLsbSFK +LUBQ72TRh8OLhVR0Bd9Wk93SROrh/zo719FT2qM36rJsq7wxojR7YCZy/PcGK9sT +7qVYLhf+qxrqlIe1XXnjUv8CgYBhglm63Xp8HAz1A22zYqrsUjIITGB6op7G5p5x +kak9QAgYfV7bGWRns/zR0NY7JGDKoFJ9KXO8p5qIz0gyr0GjNFRkxo4FS6NyKWe6 +DYY7WcMKPTSNoxO3o/1wgVaTth5ooFWjgfTJRlD39E2Av3hSxuc8gHKXurl81jTx +dH6UjwKBgEA5JLPaICkkY4ppcwdnf7zFFi22Rq5e2AJQSJcHOgE0K8/jJqbv+VOy +ugVjXRpq6VdNjGD3aLToe/SnRLUDmq+ZJqV+BoZSv3DJCsUkc4O9tS/E6Tn4A1di +loi+vT/GFEVVE3MaB42XGaaC82VEgwdqE3hDqNM/F2i3DfyoKD6V +-----END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/release/docker/config/opensearch-dashboards/opensearch_dashboards.yml b/release/docker/config/opensearch-dashboards/opensearch_dashboards.yml new file mode 100644 index 0000000000..186b7ac145 --- /dev/null +++ b/release/docker/config/opensearch-dashboards/opensearch_dashboards.yml @@ -0,0 +1,28 @@ +# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. + +# Description: +# Default configuration for OpenSearch Dashboards + +server.host: "0" +opensearch.hosts: ["https://localhost:9200"] +opensearch.ssl.verificationMode: none +opensearch.username: "kibanaserver" +opensearch.password: "kibanaserver" +opensearch.requestHeadersWhitelist: [ authorization ] + +opensearch_security.multitenancy.enabled: true +opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] +opensearch_security.readonly_mode.roles: ["kibana_read_only"] +# Use this setting if you are running opensearch-dashboards without https +opensearch_security.cookie.secure: false diff --git a/release/docker/config/opensearch/log4j2.properties b/release/docker/config/opensearch/log4j2.properties new file mode 100644 index 0000000000..9ad290ad82 --- /dev/null +++ b/release/docker/config/opensearch/log4j2.properties @@ -0,0 +1,9 @@ +status = error + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console diff --git a/release/docker/config/opensearch/opensearch-docker-entrypoint.sh b/release/docker/config/opensearch/opensearch-docker-entrypoint.sh new file mode 100755 index 0000000000..9a4ba17279 --- /dev/null +++ b/release/docker/config/opensearch/opensearch-docker-entrypoint.sh @@ -0,0 +1,112 @@ +#!/bin/bash + +# SPDX-License-Identifier: Apache-2.0 +# +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. +# +# Modifications Copyright OpenSearch Contributors. See +# GitHub history for details. + + +# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. + +# This script specify the entrypoint startup actions for opensearch +# It will start both opensearch and performance analyzer plugin cli +# If either process failed, the entire docker container will be removed +# in favor of a newly started container + +# Files created by OpenSearch should always be group writable too +umask 0002 + +if [[ "$(id -u)" == "0" ]]; then + echo "OpenSearch cannot run as root. Please start your container as another user." + exit 1 +fi + +# Parse Docker env vars to customize OpenSearch +# +# e.g. Setting the env var cluster.name=testcluster +# +# will cause OpenSearch to be invoked with -Ecluster.name=testcluster + +declare -a opensearch_opts + +while IFS='=' read -r envvar_key envvar_value +do + # OpenSearch settings need to have at least two dot separated lowercase + # words, e.g. `cluster.name`, except for `processors` which we handle + # specially + if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ || "$envvar_key" == "processors" ]]; then + if [[ ! -z $envvar_value ]]; then + opensearch_opt="-E${envvar_key}=${envvar_value}" + opensearch_opts+=("${opensearch_opt}") + fi + fi +done < <(env) + +# The virtual file /proc/self/cgroup should list the current cgroup +# membership. For each hierarchy, you can follow the cgroup path from +# this file to the cgroup filesystem (usually /sys/fs/cgroup/) and +# introspect the statistics for the cgroup for the given +# hierarchy. Alas, Docker breaks this by mounting the container +# statistics at the root while leaving the cgroup paths as the actual +# paths. Therefore, OpenSearch provides a mechanism to override +# reading the cgroup path from /proc/self/cgroup and instead uses the +# cgroup path defined the JVM system property +# es.cgroups.hierarchy.override. Therefore, we set this value here so +# that cgroup statistics are available for the container this process +# will run in. +export OPENSEARCH_JAVA_OPTS="-Dopensearch.cgroups.hierarchy.override=/ $OPENSEARCH_JAVA_OPTS" + + +# Start up the opensearch and performance analyzer agent processes. +# When either of them halts, this script exits, or we receive a SIGTERM or SIGINT signal then we want to kill both these processes. + +function terminateProcesses { + if kill -0 $OPENSEARCH_PID >& /dev/null; then + echo "Killing opensearch process $OPENSEARCH_PID" + kill -TERM $OPENSEARCH_PID + wait $OPENSEARCH_PID + fi + if kill -0 $PA_PID >& /dev/null; then + echo "Killing performance analyzer process $PA_PID" + kill -TERM $PA_PID + wait $PA_PID + fi +} + +# Enable job control so we receive SIGCHLD when a child process terminates +set -m + +# Make sure we terminate the child processes in the event of us received TERM (e.g. "docker container stop"), INT (e.g. ctrl-C), EXIT (this script terminates for an unexpected reason), or CHLD (one of the processes terminated unexpectedly) +trap terminateProcesses TERM INT EXIT CHLD + +# Export OpenSearch Home +export OPENSEARCH_HOME=/usr/share/opensearch + +# Start opensearch +$OPENSEARCH_HOME/bin/opensearch "${opensearch_opts[@]}" & +OPENSEARCH_PID=$! + +# Start performance analyzer agent +$OPENSEARCH_HOME/bin/performance-analyzer-agent-cli > $OPENSEARCH_HOME/logs/performance-analyzer.log 2>&1 & +PA_PID=$! + +# Wait for the child processes to terminate +wait $OPENSEARCH_PID +echo "OpenSearch exited with code $?" +wait $PA_PID +echo "Performance analyzer exited with code $?" diff --git a/release/docker/config/opensearch/opensearch-onetime-setup.sh b/release/docker/config/opensearch/opensearch-onetime-setup.sh new file mode 100755 index 0000000000..3f07ede5ea --- /dev/null +++ b/release/docker/config/opensearch/opensearch-onetime-setup.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +# SPDX-License-Identifier: Apache-2.0 +# +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. +# +# Modifications Copyright OpenSearch Contributors. See +# GitHub history for details. + + +# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. + + +# This script performs one-time setup for the OpenSearch tarball distribution. +# It installs a demo security config and sets up the performance analyzer + +OPENSEARCH_HOME=`dirname $(realpath $0)`; cd $OPENSEARCH_HOME + +##Security Plugin +SECURITY_PLUGIN="opensearch-security" +bash $OPENSEARCH_HOME/plugins/$SECURITY_PLUGIN/tools/install_demo_configuration.sh -y -i -s + +##Perf Plugin +PA_PLUGIN="opensearch-performance-analyzer" +chmod 755 $OPENSEARCH_HOME/plugins/$PA_PLUGIN/pa_bin/performance-analyzer-agent +chmod -R 755 /dev/shm +chmod 755 $OPENSEARCH_HOME/bin/performance-analyzer-agent-cli + +if ! grep -q '## OpenDistro Performance Analyzer' $OPENSEARCH_HOME/config/jvm.options; then + CLK_TCK=`/usr/bin/getconf CLK_TCK` + echo >> $OPENSEARCH_HOME/config/jvm.options + echo '## OpenDistro Performance Analyzer' >> $OPENSEARCH_HOME/config/jvm.options + echo "-Dclk.tck=$CLK_TCK" >> $OPENSEARCH_HOME/config/jvm.options + echo "-Djdk.attach.allowAttachSelf=true" >> $OPENSEARCH_HOME/config/jvm.options + echo "-Djava.security.policy=$OPENSEARCH_HOME/plugins/$PA_PLUGIN/pa_config/opensearch_security.policy" >> $OPENSEARCH_HOME/config/jvm.options +fi + diff --git a/release/docker/config/opensearch/opensearch.yml b/release/docker/config/opensearch/opensearch.yml new file mode 100644 index 0000000000..a1d68eb559 --- /dev/null +++ b/release/docker/config/opensearch/opensearch.yml @@ -0,0 +1,11 @@ +cluster.name: docker-cluster + +# Bind to all interfaces because we don't know what IP address Docker will assign to us. +network.host: 0.0.0.0 + +# # minimum_master_nodes need to be explicitly set when bound on a public IP +# # set to 1 to allow single node clusters +# discovery.zen.minimum_master_nodes: 1 + +# Setting network.host to a non-loopback address enables the annoying bootstrap checks. "Single-node" mode disables them again. +#discovery.type: single-node diff --git a/release/docker/config/opensearch/performance-analyzer.properties b/release/docker/config/opensearch/performance-analyzer.properties new file mode 100644 index 0000000000..72235cc9a8 --- /dev/null +++ b/release/docker/config/opensearch/performance-analyzer.properties @@ -0,0 +1,47 @@ +# ======================== OpenSearch performance analyzer plugin config ========================= + +# NOTE: this is an example for Linux. Please modify the config accordingly if you are using it under other OS. + +# Metrics data location +metrics-location = /dev/shm/performanceanalyzer/ + +# Metrics deletion interval (minutes) for metrics data. +# Interval should be between 1 to 60. +metrics-deletion-interval = 1 + +# If set to true, the system cleans up the files behind it. So at any point, we should expect only 2 +# metrics-db-file-prefix-path files. If set to false, no files are cleaned up. This can be useful, if you are archiving +# the files and wouldn't like for them to be cleaned up. +cleanup-metrics-db-files = true + +# WebService exposed by App's port +webservice-listener-port = 9600 + +# Port for RPC Communication +rpc-port = 9650 + +# Metric DB File Prefix Path location +metrics-db-file-prefix-path = /tmp/metricsdb_ + +https-enabled = false + +# Setup the correct path for server certificates +certificate-file-path = none +private-key-file-path = none +#trusted-cas-file-path = none + +# Setup the correct path for client certificates (by default, the client will just use the server certificates) +#client-certificate-file-path = specify_path +#client-private-key-file-path = specify_path +#client-trusted-cas-file-path = specify_path + +# WebService bind host; default only to local interface +webservice-bind-host = 0.0.0.0 + +# Plugin Stats Metadata file name, expected to be in the same location +plugin-stats-metadata = plugin-stats-metadata + +# Agent Stats Metadata file name, expected to be in the same location +agent-stats-metadata = agent-stats-metadata + + diff --git a/release/docker/dockercomposefiles/docker-compose.yml b/release/docker/dockercomposefiles/docker-compose.yml new file mode 100644 index 0000000000..58d8d2af89 --- /dev/null +++ b/release/docker/dockercomposefiles/docker-compose.yml @@ -0,0 +1,66 @@ +version: '3' +services: + opensearch-node1: + image: opensearchproject/opensearch:latest + container_name: opensearch-node1 + environment: + - cluster.name=opensearch-cluster + - node.name=opensearch-node1 + - discovery.seed_hosts=opensearch-node1,opensearch-node2 + - cluster.initial_master_nodes=opensearch-node1,opensearch-node2 + - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping + - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems + hard: 65536 + volumes: + - opensearch-data1:/usr/share/opensearch/data + ports: + - 9200:9200 + - 9600:9600 # required for Performance Analyzer + networks: + - opensearch-net + opensearch-node2: + image: opensearchproject/opensearch:latest + container_name: opensearch-node2 + environment: + - cluster.name=opensearch-cluster + - node.name=opensearch-node2 + - discovery.seed_hosts=opensearch-node1,opensearch-node2 + - cluster.initial_master_nodes=opensearch-node1,opensearch-node2 + - bootstrap.memory_lock=true + - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + volumes: + - opensearch-data2:/usr/share/opensearch/data + networks: + - opensearch-net + opensearch-dashboards: + image: opensearchproject/opensearch-dashboards:latest + container_name: opensearch-dashboards + ports: + - 5601:5601 + expose: + - "5601" + environment: + OPENSEARCH_HOSTS: https://opensearch-node1:9200 + networks: + - opensearch-net + +volumes: + opensearch-data1: + opensearch-data2: + +networks: + opensearch-net: + diff --git a/release/docker/dockerfiles/opensearch-dashboards.al2.dockerfile b/release/docker/dockerfiles/opensearch-dashboards.al2.dockerfile new file mode 100644 index 0000000000..719bf08c1c --- /dev/null +++ b/release/docker/dockerfiles/opensearch-dashboards.al2.dockerfile @@ -0,0 +1,100 @@ +# SPDX-License-Identifier: Apache-2.0 +# +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. +# +# Modifications Copyright OpenSearch Contributors. See +# GitHub history for details. + + +# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. + + +# This dockerfile generates an AmazonLinux-based image containing an OpenSearch-Dashboards installation. +# It assumes that the working directory contains four files: an OpenSearch-Dashboards tarball (opensearch-dashboards.tgz), opensearch_dashboards.yml, opensearch-dashboards-docker-entrypoint.sh, and example certs. +# Build arguments: +# VERSION: Required. Used to label the image. +# BUILD_DATE: Required. Used to label the image. Should be in the form 'yyyy-mm-ddThh:mm:ssZ', i.e. a date-time from https://tools.ietf.org/html/rfc3339. The timestamp must be in UTC. +# UID: Optional. Specify the opensearch-dashboards userid. Defaults to 1000. +# GID: Optional. Specify the opensearch-dashboards groupid. Defaults to 1000. +# OPENSEARCH_DASHBOARDS_HOME: Optional. Specify the opensearch-dashboards root directory. Defaults to /usr/share/opensearch-dashboards. + +########################### Stage 0 ######################## +FROM amazonlinux:2 AS linux_x64_stage_0 + +ARG UID=1000 +ARG GID=1000 +ARG OPENSEARCH_DASHBOARDS_HOME=/usr/share/opensearch-dashboards + +# Update packages +# Install the tools we need: tar and gzip to unpack the OpenSearch tarball, and shadow-utils to give us `groupadd` and `useradd`. +RUN yum update -y && yum install -y tar gzip shadow-utils && yum clean all + +# Create an opensearch-dashboards user, group, and directory +RUN groupadd -g $GID opensearch-dashboards && \ + adduser -u $UID -g $GID -d $OPENSEARCH_DASHBOARDS_HOME opensearch-dashboards && \ + mkdir /tmp/opensearch-dashboards + +# Prepare working directory +COPY opensearch-dashboards.tgz /tmp/opensearch-dashboards/opensearch-dashboards.tgz +RUN tar -xzf /tmp/opensearch-dashboards/opensearch-dashboards.tgz -C $OPENSEARCH_DASHBOARDS_HOME --strip-components=1 && rm -rf /temp/opensearch-dashboards +COPY opensearch-dashboards-docker-entrypoint.sh $OPENSEARCH_DASHBOARDS_HOME/ +COPY opensearch_dashboards.yml opensearch.example.org.* $OPENSEARCH_DASHBOARDS_HOME/config/ + +########################### Stage 1 ######################## +# Copy working directory to the actual release docker images +FROM amazonlinux:2 + +ARG UID=1000 +ARG GID=1000 +ARG OPENSEARCH_DASHBOARDS_HOME=/usr/share/opensearch-dashboards + +COPY --from=linux_x64_stage_0 $OPENSEARCH_DASHBOARDS_HOME $OPENSEARCH_DASHBOARDS_HOME + +# Setup OpenSearch-dashboards +WORKDIR $OPENSEARCH_DASHBOARDS_HOME + +# Update packages +# Install the tools we need: tar and gzip to unpack the OpenSearch tarball, and shadow-utils to give us `groupadd` and `useradd`. +RUN yum update -y && yum install -y tar gzip shadow-utils && yum clean all + +# Create an opensearch-dashboards user, group +RUN groupadd -g $GID opensearch-dashboards && \ + adduser -u $UID -g $GID -d $OPENSEARCH_DASHBOARDS_HOME opensearch-dashboards + +# Setup permissions +RUN chown -R $UID:$GID $OPENSEARCH_DASHBOARDS_HOME + +# Change user +USER $UID + +# Expose port +EXPOSE 5601 + +ARG VERSION +ARG BUILD_DATE + +# Label +LABEL org.label-schema.schema-version="1.0" \ + org.label-schema.name="opensearch-dashboards" \ + org.label-schema.version="$VERSION" \ + org.label-schema.url="https://opensearch.org" \ + org.label-schema.vcs-url="https://github.com/opensearch-project/OpenSearch-Dashboards" \ + org.label-schema.license="Apache-2.0" \ + org.label-schema.vendor="Amazon" \ + org.label-schema.build-date="$BUILD_DATE" + +# CMD to run +CMD ["./opensearch-dashboards-docker-entrypoint.sh"] diff --git a/release/docker/dockerfiles/opensearch.al2.dockerfile b/release/docker/dockerfiles/opensearch.al2.dockerfile new file mode 100644 index 0000000000..1ca71ab175 --- /dev/null +++ b/release/docker/dockerfiles/opensearch.al2.dockerfile @@ -0,0 +1,106 @@ +# SPDX-License-Identifier: Apache-2.0 +# +# The OpenSearch Contributors require contributions made to +# this file be licensed under the Apache-2.0 license or a +# compatible open source license. +# +# Modifications Copyright OpenSearch Contributors. See +# GitHub history for details. + + +# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. + + +# This dockerfile generates an AmazonLinux-based image containing an OpenSearch installation. +# It assumes that the working directory contains four files: an OpenSearch tarball (opensearch.tgz), log4j2.properties, opensearch.yml, opensearch-docker-entrypoint.sh, opensearch-onetime-setup.sh. +# Build arguments: +# VERSION: Required. Used to label the image. +# BUILD_DATE: Required. Used to label the image. Should be in the form 'yyyy-mm-ddThh:mm:ssZ', i.e. a date-time from https://tools.ietf.org/html/rfc3339. The timestamp must be in UTC. +# UID: Optional. Specify the opensearch userid. Defaults to 1000. +# GID: Optional. Specify the opensearch groupid. Defaults to 1000. +# OPENSEARCH_HOME: Optional. Specify the opensearch root directory. Defaults to /usr/share/opensearch. + + +########################### Stage 0 ######################## +FROM amazonlinux:2 AS linux_x64_stage_0 + +ARG UID=1000 +ARG GID=1000 +ARG OPENSEARCH_HOME=/usr/share/opensearch + +# Update packages +# Install the tools we need: tar and gzip to unpack the OpenSearch tarball, and shadow-utils to give us `groupadd` and `useradd`. +RUN yum update -y && yum install -y tar gzip shadow-utils && yum clean all + +# Create an opensearch user, group, and directory +RUN groupadd -g $GID opensearch && \ + adduser -u $UID -g $GID -d $OPENSEARCH_HOME opensearch && \ + mkdir /tmp/opensearch + +# Prepare working directory +COPY opensearch.tgz /tmp/opensearch/opensearch.tgz +RUN tar -xzf /tmp/opensearch/opensearch.tgz -C $OPENSEARCH_HOME --strip-components=1 && rm -rf /temp/opensearch +COPY opensearch-docker-entrypoint.sh opensearch-onetime-setup.sh $OPENSEARCH_HOME/ +COPY log4j2.properties opensearch.yml $OPENSEARCH_HOME/config/ +COPY performance-analyzer.properties $OPENSEARCH_HOME/plugins/opensearch-performance-analyzer/pa_config/ + + +########################### Stage 1 ######################## +# Copy working directory to the actual release docker images +FROM amazonlinux:2 + +ARG UID=1000 +ARG GID=1000 +ARG OPENSEARCH_HOME=/usr/share/opensearch + +# Copy from Stage0 +COPY --from=linux_x64_stage_0 $OPENSEARCH_HOME $OPENSEARCH_HOME +WORKDIR $OPENSEARCH_HOME + +# Update packages +# Install the tools we need: tar and gzip to unpack the OpenSearch tarball, and shadow-utils to give us `groupadd` and `useradd`. +RUN yum update -y && yum install -y tar gzip shadow-utils && yum clean all + +# Create an opensearch user, group +RUN groupadd -g $GID opensearch && \ + adduser -u $UID -g $GID -d $OPENSEARCH_HOME opensearch + +# Setup OpenSearch +RUN ./opensearch-onetime-setup.sh && \ + chown -R $UID:$GID $OPENSEARCH_HOME + +# Copy KNN Lib +RUN cp -v $OPENSEARCH_HOME/plugins/opensearch-knn/knnlib/libKNNIndex*.so /usr/lib + +# Change user +USER $UID + +# Expose ports for the opensearch service (9200 for HTTP and 9300 for internal transport) and performance analyzer (9600 for the agent and 9650 for the root cause analysis component) +EXPOSE 9200 9300 9600 9650 + +ARG VERSION +ARG BUILD_DATE + +# Label +LABEL org.label-schema.schema-version="1.0" \ + org.label-schema.name="opensearch" \ + org.label-schema.version="$VERSION" \ + org.label-schema.url="https://opensearch.org" \ + org.label-schema.vcs-url="https://github.com/OpenSearch" \ + org.label-schema.license="Apache-2.0" \ + org.label-schema.vendor="Amazon" \ + org.label-schema.build-date="$BUILD_DATE" + +# CMD to run +CMD ["./opensearch-docker-entrypoint.sh"] From 9f2e7ce97d2a672ed94e7538501dfb917e8b2ce2 Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Tue, 4 May 2021 18:47:26 -0400 Subject: [PATCH 2/3] Remove typos on the build script and the dockerfiles Signed-off-by: Peter Zhu --- release/docker/build-image.sh | 22 +++++++++++-------- .../opensearch-dashboards.al2.dockerfile | 2 +- .../dockerfiles/opensearch.al2.dockerfile | 2 +- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/release/docker/build-image.sh b/release/docker/build-image.sh index 561debbe31..b055eba05a 100755 --- a/release/docker/build-image.sh +++ b/release/docker/build-image.sh @@ -23,6 +23,7 @@ # express or implied. See the License for the specific language governing # permissions and limitations under the License. +# This script is to automate the docker image creation process of OpenSearch and OpenSearch-Dashboards set -e @@ -73,19 +74,24 @@ while getopts ":ho:v:f:p:" arg; do esac done +# Validate the required parameters to present if [ -z "$VERSION" ] || [ -z "$DOCKERFILE" ] || [ -z "$PRODUCT" ]; then - echo "You must specify '-v VERSION', '-f DOCKERFILE', '-p PRODUCT'" - usage - exit 1 + echo "You must specify '-v VERSION', '-f DOCKERFILE', '-p PRODUCT'" + usage + exit 1 +else + echo $VERSION $DOCKERFILE $PRODUCT fi -echo $DOCKERFILE - +# Create temp workdirectory DIR=`mktemp -d` - echo "Creating Docker workspace in $DIR" trap '{ echo Removing Docker workspace in "$DIR"; rm -rf -- "$DIR"; }' TERM INT EXIT +# Copy configs +cp -v config/${PRODUCT}/* $DIR/ + +# Copy TGZ if [ -z "$TARBALL" ]; then # No tarball file specified so download one URL="https://artifacts.opensearch.org/releases/bundle/${PRODUCT}/${VERSION}/${PRODUCT}-${VERSION}-linux-x64.tar.gz" @@ -96,9 +102,7 @@ else cp -v $TARBALL $DIR/$PRODUCT.tgz fi -cp -v config/${PRODUCT}/* $DIR/ - +# Docker build docker build --build-arg VERSION=$VERSION --build-arg BUILD_DATE=`date -u +%Y-%m-%dT%H:%M:%SZ` -f $DOCKERFILE $DIR -t opensearchproject/$PRODUCT:$VERSION docker tag opensearchproject/$PRODUCT:$VERSION opensearchproject/$PRODUCT:latest -rm -rf $DIR diff --git a/release/docker/dockerfiles/opensearch-dashboards.al2.dockerfile b/release/docker/dockerfiles/opensearch-dashboards.al2.dockerfile index 719bf08c1c..336be7d6a0 100644 --- a/release/docker/dockerfiles/opensearch-dashboards.al2.dockerfile +++ b/release/docker/dockerfiles/opensearch-dashboards.al2.dockerfile @@ -49,7 +49,7 @@ RUN groupadd -g $GID opensearch-dashboards && \ # Prepare working directory COPY opensearch-dashboards.tgz /tmp/opensearch-dashboards/opensearch-dashboards.tgz -RUN tar -xzf /tmp/opensearch-dashboards/opensearch-dashboards.tgz -C $OPENSEARCH_DASHBOARDS_HOME --strip-components=1 && rm -rf /temp/opensearch-dashboards +RUN tar -xzf /tmp/opensearch-dashboards/opensearch-dashboards.tgz -C $OPENSEARCH_DASHBOARDS_HOME --strip-components=1 && rm -rf /tmp/opensearch-dashboards COPY opensearch-dashboards-docker-entrypoint.sh $OPENSEARCH_DASHBOARDS_HOME/ COPY opensearch_dashboards.yml opensearch.example.org.* $OPENSEARCH_DASHBOARDS_HOME/config/ diff --git a/release/docker/dockerfiles/opensearch.al2.dockerfile b/release/docker/dockerfiles/opensearch.al2.dockerfile index 1ca71ab175..c37837fd24 100644 --- a/release/docker/dockerfiles/opensearch.al2.dockerfile +++ b/release/docker/dockerfiles/opensearch.al2.dockerfile @@ -50,7 +50,7 @@ RUN groupadd -g $GID opensearch && \ # Prepare working directory COPY opensearch.tgz /tmp/opensearch/opensearch.tgz -RUN tar -xzf /tmp/opensearch/opensearch.tgz -C $OPENSEARCH_HOME --strip-components=1 && rm -rf /temp/opensearch +RUN tar -xzf /tmp/opensearch/opensearch.tgz -C $OPENSEARCH_HOME --strip-components=1 && rm -rf /tmp/opensearch COPY opensearch-docker-entrypoint.sh opensearch-onetime-setup.sh $OPENSEARCH_HOME/ COPY log4j2.properties opensearch.yml $OPENSEARCH_HOME/config/ COPY performance-analyzer.properties $OPENSEARCH_HOME/plugins/opensearch-performance-analyzer/pa_config/ From 3f906730ab1b6331f65a46cd3b31f4227745b02f Mon Sep 17 00:00:00 2001 From: Peter Zhu Date: Tue, 4 May 2021 19:14:52 -0400 Subject: [PATCH 3/3] Add eol to the key file to follow POSIX Signed-off-by: Peter Zhu --- .../config/opensearch-dashboards/opensearch.example.org.key | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release/docker/config/opensearch-dashboards/opensearch.example.org.key b/release/docker/config/opensearch-dashboards/opensearch.example.org.key index e549011659..e75b939dd3 100644 --- a/release/docker/config/opensearch-dashboards/opensearch.example.org.key +++ b/release/docker/config/opensearch-dashboards/opensearch.example.org.key @@ -24,4 +24,4 @@ DYY7WcMKPTSNoxO3o/1wgVaTth5ooFWjgfTJRlD39E2Av3hSxuc8gHKXurl81jTx dH6UjwKBgEA5JLPaICkkY4ppcwdnf7zFFi22Rq5e2AJQSJcHOgE0K8/jJqbv+VOy ugVjXRpq6VdNjGD3aLToe/SnRLUDmq+ZJqV+BoZSv3DJCsUkc4O9tS/E6Tn4A1di loi+vT/GFEVVE3MaB42XGaaC82VEgwdqE3hDqNM/F2i3DfyoKD6V ------END RSA PRIVATE KEY----- \ No newline at end of file +-----END RSA PRIVATE KEY-----