|
|
|
|
@ -113,6 +113,7 @@ PreReq: elasticsearch
|
|
|
|
|
# determine installation files |
|
|
|
|
%{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ |
|
|
|
|
%{l_files_std} \ |
|
|
|
|
'%not %dir %{l_prefix}/etc/elasticsearch' \ |
|
|
|
|
'%dir %attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/etc/elasticsearch/x-pack' |
|
|
|
|
|
|
|
|
|
%files -f files |
|
|
|
|
@ -121,15 +122,49 @@ PreReq: elasticsearch
|
|
|
|
|
|
|
|
|
|
%post |
|
|
|
|
if [ ".$1" = .1 ]; then |
|
|
|
|
# create SSL/TLS files |
|
|
|
|
echo "Create SSL/TLS CA/node certificates/keys" | \ |
|
|
|
|
%{l_rpmtool} msg -b -t notice |
|
|
|
|
su - %{l_rusr} -c \ |
|
|
|
|
"LC_CTYPE=C; export LC_CTYPE; umask 077; \ |
|
|
|
|
cd $RPM_INSTALL_PREFIX/etc/elasticsearch/x-pack; \ |
|
|
|
|
$RPM_INSTALL_PREFIX/bin/elasticsearch-xpack certutil ca \ |
|
|
|
|
--out ca.p12 --pass elasticsearch >/dev/null 2>&1; \ |
|
|
|
|
$RPM_INSTALL_PREFIX/bin/elasticsearch-xpack certutil cert \ |
|
|
|
|
--ca ca.p12 --ca-pass elasticsearch \ |
|
|
|
|
--out node.p12 --pass elasticsearch >/dev/null 2>&1" |
|
|
|
|
|
|
|
|
|
# add default config to ElasticSearch configuration |
|
|
|
|
conf="$RPM_INSTALL_PREFIX/etc/elasticsearch/elasticsearch.yml" |
|
|
|
|
if [ -f $conf ]; then |
|
|
|
|
( echo "xpack.security.enabled: true" |
|
|
|
|
echo "xpack.watcher.enabled: false" |
|
|
|
|
echo "xpack.graph.enabled: false" |
|
|
|
|
echo "xpack.ml.enabled: false" |
|
|
|
|
( echo "xpack.security.enabled: true" |
|
|
|
|
echo "xpack.security.http.ssl.enabled: true" |
|
|
|
|
echo "xpack.security.http.ssl.verification_mode: certificate" |
|
|
|
|
echo "xpack.security.http.ssl.keystore.path: x-pack/node.p12" |
|
|
|
|
echo "xpack.security.http.ssl.keystore.type: PKCS12" |
|
|
|
|
echo "xpack.security.http.ssl.truststore.path: x-pack/node.p12" |
|
|
|
|
echo "xpack.security.http.ssl.truststore.type: PKCS12" |
|
|
|
|
echo "xpack.security.transport.ssl.enabled: true" |
|
|
|
|
echo "xpack.security.transport.ssl.verification_mode: certificate" |
|
|
|
|
echo "xpack.security.transport.ssl.keystore.path: x-pack/node.p12" |
|
|
|
|
echo "xpack.security.transport.ssl.keystore.type: PKCS12" |
|
|
|
|
echo "xpack.security.transport.ssl.truststore.path: x-pack/node.p12" |
|
|
|
|
echo "xpack.security.transport.ssl.truststore.type: PKCS12" |
|
|
|
|
echo "xpack.watcher.enabled: false" |
|
|
|
|
echo "xpack.graph.enabled: false" |
|
|
|
|
echo "xpack.ml.enabled: false" |
|
|
|
|
) | $RPM_INSTALL_PREFIX/lib/openpkg/rpmtool config \ |
|
|
|
|
-a -i "$RPM_INSTALL_PREFIX:elasticsearch-xpack" -p "#" $conf |
|
|
|
|
su - %{l_rusr} -c \ |
|
|
|
|
"LC_CTYPE=C; export LC_CTYPE; umask 077; \ |
|
|
|
|
echo elasticsearch | $RPM_INSTALL_PREFIX/bin/elasticsearch-keystore add \ |
|
|
|
|
-s -x xpack.security.http.ssl.keystore.secure_password; \ |
|
|
|
|
echo elasticsearch | $RPM_INSTALL_PREFIX/bin/elasticsearch-keystore add \ |
|
|
|
|
-s -x xpack.security.http.ssl.truststore.secure_password; \ |
|
|
|
|
echo elasticsearch | $RPM_INSTALL_PREFIX/bin/elasticsearch-keystore add \ |
|
|
|
|
-s -x xpack.security.transport.ssl.keystore.secure_password; \ |
|
|
|
|
echo elasticsearch | $RPM_INSTALL_PREFIX/bin/elasticsearch-keystore add \ |
|
|
|
|
-s -x xpack.security.transport.ssl.truststore.secure_password" |
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
# display final hints on initial installation |
|
|
|
|
@ -146,7 +181,7 @@ PreReq: elasticsearch
|
|
|
|
|
%postun |
|
|
|
|
if [ ".$1" = .0 ]; then |
|
|
|
|
# before erase, remove runtime files |
|
|
|
|
rm -f $RPM_INSTALL_PREFIX/etc/elasticsearch/x-pack/* >/dev/null 2>&1 || true |
|
|
|
|
rm -f $RPM_INSTALL_PREFIX/etc/elasticsearch/x-pack/* >/dev/null 2>&1 || true |
|
|
|
|
|
|
|
|
|
# remove default config from ElasticSearch configuration |
|
|
|
|
conf="$RPM_INSTALL_PREFIX/etc/elasticsearch/elasticsearch.yml" |
|
|
|
|
|
