summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorBas van Dijk <v.dijk.bas@gmail.com>2018-07-28 00:33:18 +0200
committerGitHub <noreply@github.com>2018-07-28 00:33:18 +0200
commit72f3a5cf5ce77ac8c4d431f104e06fe94cdf7366 (patch)
tree704961f389d03778a3a57690bb7705ada83cc9b6 /nixos
parente7d57853b036239ef32b8b2c634d63719ca5a35e (diff)
parentebcdb822f8c34aa174e6f688f92699be8f9f57ff (diff)
downloadnixpkgs-72f3a5cf5ce77ac8c4d431f104e06fe94cdf7366.tar
nixpkgs-72f3a5cf5ce77ac8c4d431f104e06fe94cdf7366.tar.gz
nixpkgs-72f3a5cf5ce77ac8c4d431f104e06fe94cdf7366.tar.bz2
nixpkgs-72f3a5cf5ce77ac8c4d431f104e06fe94cdf7366.tar.lz
nixpkgs-72f3a5cf5ce77ac8c4d431f104e06fe94cdf7366.tar.xz
nixpkgs-72f3a5cf5ce77ac8c4d431f104e06fe94cdf7366.tar.zst
nixpkgs-72f3a5cf5ce77ac8c4d431f104e06fe94cdf7366.zip
Merge pull request #44038 from LumiGuide/elk-6.3.0
elk: 6.2.4 -> 6.3.2
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/services/search/elasticsearch.nix42
-rw-r--r--nixos/tests/elk.nix19
2 files changed, 42 insertions, 19 deletions
diff --git a/nixos/modules/services/search/elasticsearch.nix b/nixos/modules/services/search/elasticsearch.nix
index d61f588205a..b0831dcd1ca 100644
--- a/nixos/modules/services/search/elasticsearch.nix
+++ b/nixos/modules/services/search/elasticsearch.nix
@@ -25,18 +25,17 @@ let
     ${cfg.extraConf}
   '';
 
-  configDir = pkgs.buildEnv {
-    name = "elasticsearch-config";
-    paths = [
-      (pkgs.writeTextDir "elasticsearch.yml" esConfig)
-      (if es5 then (pkgs.writeTextDir "log4j2.properties" cfg.logging)
-              else (pkgs.writeTextDir "logging.yml" cfg.logging))
-    ];
-    postBuild = concatStringsSep "\n" (concatLists [
-      # Elasticsearch 5.x won't start when the scripts directory does not exist
-      (optional es5 "${pkgs.coreutils}/bin/mkdir -p $out/scripts")
-      (optional es6 "ln -s ${cfg.package}/config/jvm.options $out/jvm.options")
-    ]);
+  configDir = cfg.dataDir + "/config";
+
+  elasticsearchYml = pkgs.writeTextFile {
+    name = "elasticsearch.yml";
+    text = esConfig;
+  };
+
+  loggingConfigFilename = if es5 then "log4j2.properties" else "logging.yml";
+  loggingConfigFile = pkgs.writeTextFile {
+    name = loggingConfigFilename;
+    text = cfg.logging;
   };
 
   esPlugins = pkgs.buildEnv {
@@ -193,7 +192,24 @@ in {
         ln -sfT ${esPlugins}/plugins ${cfg.dataDir}/plugins
         ln -sfT ${cfg.package}/lib ${cfg.dataDir}/lib
         ln -sfT ${cfg.package}/modules ${cfg.dataDir}/modules
-        if [ "$(id -u)" = 0 ]; then chown -R elasticsearch ${cfg.dataDir}; fi
+
+        # elasticsearch needs to create the elasticsearch.keystore in the config directory
+        # so this directory needs to be writable.
+        mkdir -m 0700 -p ${configDir}
+
+        # Note that we copy config files from the nix store instead of symbolically linking them
+        # because otherwise X-Pack Security will raise the following exception:
+        # java.security.AccessControlException:
+        # access denied ("java.io.FilePermission" "/var/lib/elasticsearch/config/elasticsearch.yml" "read")
+
+        cp ${elasticsearchYml} ${configDir}/elasticsearch.yml
+        # Make sure the logging configuration for old elasticsearch versions is removed:
+        rm -f ${if es5 then "${configDir}/logging.yml" else "${configDir}/log4j2.properties"}
+        cp ${loggingConfigFile} ${configDir}/${loggingConfigFilename}
+        ${optionalString es5 "mkdir -p ${configDir}/scripts"}
+        ${optionalString es6 "cp ${cfg.package}/config/jvm.options ${configDir}/jvm.options"}
+
+        if [ "$(id -u)" = 0 ]; then chown -R elasticsearch:elasticsearch ${cfg.dataDir}; fi
       '';
     };
 
diff --git a/nixos/tests/elk.nix b/nixos/tests/elk.nix
index 8dba7a905fa..4c5c441ca26 100644
--- a/nixos/tests/elk.nix
+++ b/nixos/tests/elk.nix
@@ -1,4 +1,4 @@
-{ system ? builtins.currentSystem }:
+{ system ? builtins.currentSystem, enableUnfree ? false }:
 with import ../lib/testing.nix { inherit system; };
 with pkgs.lib;
 let
@@ -99,9 +99,16 @@ in mapAttrs mkElkTest {
     logstash      = pkgs.logstash5;
     kibana        = pkgs.kibana5;
   };
-  "ELK-6" = {
-    elasticsearch = pkgs.elasticsearch6;
-    logstash      = pkgs.logstash6;
-    kibana        = pkgs.kibana6;
-  };
+  "ELK-6" =
+    if enableUnfree
+    then {
+      elasticsearch = pkgs.elasticsearch6;
+      logstash      = pkgs.logstash6;
+      kibana        = pkgs.kibana6;
+    }
+    else {
+      elasticsearch = pkgs.elasticsearch6-oss;
+      logstash      = pkgs.logstash6-oss;
+      kibana        = pkgs.kibana6-oss;
+    };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-04 04:03:19 +0000