##
## elasticsearch-xpack.spec -- OpenPKG RPM Package Specification
## Copyright (c) 2000-2021 OpenPKG Project
##
## Permission to use, copy, modify, and distribute this software for
## any purpose with or without fee is hereby granted, provided that
## the above copyright notice and this permission notice appear in all
## copies.
##
## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
## SUCH DAMAGE.
##
# package version
%define V_elasticsearch_xpack 6.2.4
%define V_elasticsearch 6.2
# package information
Name: elasticsearch-xpack
Summary: X-Pack Extension for ElasticSearch
URL: https://www.elastic.co/products/x-pack
Vendor: ElasticSearch Community
Packager: OpenPKG Project
Distribution: OpenPKG Community
Class: PLUS
Group: Database
License: Apache
Version: %{V_elasticsearch_xpack}
Release: 20180514
# list of sources
Source0: https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-%{V_elasticsearch_xpack}.zip
Source1: elasticsearch-tls.sh
# build information
BuildPreReq: OpenPKG, openpkg >= 20160101, infozip
PreReq: OpenPKG, openpkg >= 20160101, cfssl
BuildPreReq: elasticsearch
PreReq: elasticsearch
%description
This is the X-Pack extension for Elasticsearch, providing access
control and additional functionality.
%track
prog elasticsearch-xpack = {
version = %{V_elasticsearch_xpack}
url = https://www.elastic.co/guide/en/elasticsearch/reference/%{V_elasticsearch}/installing-xpack-es.html
regex = x-pack-(__VER__)\.zip
}
%prep
%setup -q -T -c
%build
%install
# create installation hierarchy
%{l_shtool} mkdir -f -p -m 755 \
$RPM_BUILD_ROOT%{l_prefix}/bin \
$RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch \
$RPM_BUILD_ROOT%{l_prefix}/etc/elasticsearch/x-pack \
$RPM_BUILD_ROOT%{l_prefix}/libexec/elasticsearch/plugins
# setup copy of ElasticSearch environment
ln -s %{l_prefix}/lib/elasticsearch/* \
$RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/
rm -f $RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/bin
mkdir $RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/bin
cp -p %{l_prefix}/lib/elasticsearch/bin/elasticsearch* \
$RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/bin/
rm -f $RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/config
mkdir $RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/config
rm -f $RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/plugins
ln -s $RPM_BUILD_ROOT%{l_prefix}/libexec/elasticsearch/plugins \
$RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/
# provide run-time environment
eval `JAVA_PLATFORM="sun-jdk" %{l_prefix}/bin/java-toolkit -e`
export ES_HOME="$RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch"
export ES_PATH_CONF="$RPM_BUILD_ROOT%{l_prefix}/etc/elasticsearch"
export ES_TMPDIR="$RPM_BUILD_ROOT%{l_prefix}/var/elasticsearch/tmp"
%{l_shtool} mkdir -f -p -m 755 $ES_TMPDIR
# install SQL plugin
$RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/bin/elasticsearch-plugin \
install --verbose --batch \
file:%{SOURCE0}
# post-adjust installation
rm -f $RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/bin/x-pack/*.bat
rm -f $RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/bin/x-pack/*.exe
%{l_shtool} subst \
-e 's;/bin/bash;%{l_bash};g' \
$RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/bin/x-pack/*
# install wrapper command
( echo "#!/bin/sh"
echo "cmd=\"\$1\""
echo "shift"
echo "eval \`JAVA_PLATFORM=\"sun-jdk\" %{l_prefix}/bin/java-toolkit -e\`"
echo "export ES_HOME=\"%{l_prefix}/lib/elasticsearch\""
echo "export ES_PATH_CONF=\"%{l_prefix}/etc/elasticsearch\""
echo "export ES_TMPDIR=\"%{l_prefix}/var/elasticsearch/tmp\""
echo "exec %{l_prefix}/lib/elasticsearch/bin/x-pack/\$cmd \${1+\"\$@\"}"
) >elasticsearch-xpack
%{l_shtool} install -c -m 755 \
elasticsearch-xpack $RPM_BUILD_ROOT%{l_prefix}/bin/
%{l_shtool} install -c -m 755 %{l_value -s -a} \
-e 's;@l_bash@;%{l_bash};g' \
%{SOURCE elasticsearch-tls.sh} \
$RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/bin/x-pack/tls
# cleanup environment
rm -f $RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/* >/dev/null 2>&1 || true
rm -f $RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/bin/elasticsearch* >/dev/null 2>&1 || true
rm -f $RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/bin/x-pack/*.bat >/dev/null 2>&1 || true
rm -f $RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/bin/x-pack/.in.bat >/dev/null 2>&1 || true
rm -rf $RPM_BUILD_ROOT%{l_prefix}/lib/elasticsearch/config >/dev/null 2>&1 || true
rm -rf $RPM_BUILD_ROOT%{l_prefix}/libexec/elasticsearch/plugins/x-pack/platform >/dev/null 2>&1 || true
rm -rf $RPM_BUILD_ROOT%{l_prefix}/var/elasticsearch/tmp >/dev/null 2>&1 || true
rm -rf $RPM_BUILD_ROOT%{l_prefix}/etc/elasticsearch/*.keystore >/dev/null 2>&1 || true
rm -f $RPM_BUILD_ROOT%{l_prefix}/etc/elasticsearch/x-pack/* >/dev/null 2>&1 || true
# determine installation files
%{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
%{l_files_std} \
'%not %dir %{l_prefix}/etc/elasticsearch' \
'%dir %attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/etc/elasticsearch/x-pack'
%files -f files
%clean
%post
if [ ".$1" = .1 ]; then
# create SSL/TLS files
echo "Generating SSL/TLS Certificates/Keys" | %{l_rpmtool} msg -b -t notice
$RPM_INSTALL_PREFIX/bin/elasticsearch-xpack tls localhost 127.0.0.1
( echo "ElasticSearch was configured with a standard TLS certificate/key pair."
echo "for \"localhost\" and \"127.0.0.1\". For production use, you usually let"
echo "ElasticSearch listen on an external IP address. For this the TLS"
echo "certificate/key pair has to be regenerated with for instance:"
echo " \$ $RPM_INSTALL_PREFIX/bin/elasticsearch-xpack tls \\%{l_nil}"
echo " www.example.com 192.168.0.1"
) | %{l_rpmtool} msg -b -t notice
# add default config to ElasticSearch configuration
conf="$RPM_INSTALL_PREFIX/etc/elasticsearch/elasticsearch.yml"
if [ -f $conf ]; then
( echo "xpack.security.enabled: true"
echo ""
echo "xpack.security.http.ssl.enabled: true"
echo "xpack.security.http.ssl.verification_mode: none"
echo "xpack.security.http.ssl.certificate_authorities: [ $RPM_INSTALL_PREFIX/etc/elasticsearch/ca.crt ]"
echo "xpack.security.http.ssl.certificate: $RPM_INSTALL_PREFIX/etc/elasticsearch/server.crt"
echo "xpack.security.http.ssl.key: $RPM_INSTALL_PREFIX/etc/elasticsearch/server.key"
echo ""
echo "xpack.security.transport.ssl.enabled: true"
echo "xpack.security.transport.ssl.verification_mode: none"
echo "xpack.security.transport.ssl.certificate_authorities: [ $RPM_INSTALL_PREFIX/etc/elasticsearch/ca.crt ]"
echo "xpack.security.transport.ssl.certificate: $RPM_INSTALL_PREFIX/etc/elasticsearch/server.crt"
echo "xpack.security.transport.ssl.key: $RPM_INSTALL_PREFIX/etc/elasticsearch/server.key"
echo ""
echo "xpack.security.authc.realms:"
echo " file:"
echo " type: file"
echo " order: 0"
echo " native:"
echo " type: native"
echo " order: 1"
echo ""
echo "xpack.watcher.enabled: false"
echo "xpack.graph.enabled: false"
echo "xpack.ml.enabled: false"
echo ""
) | $RPM_INSTALL_PREFIX/lib/openpkg/rpmtool config \
-a -i "$RPM_INSTALL_PREFIX:elasticsearch-xpack" -p "#" $conf
fi
# display final hints on initial installation
( echo "You have to initially set ElasticSearch X-Pack authentication for the"
echo "three standard users \"elastic\", \"kibana\" and \"logstash_system\":"
echo " \$ $RPM_INSTALL_PREFIX/bin/elasticsearch-xpack setup-passwords interactive"
echo "You later can change the password of (those or other) native-real users with:"
echo " \$ curl -XPUT -u : \\%{l_nil}"
echo " http://localhost:9200/_xpack/security/user//_password \\%{l_nil}"
echo " -H 'Content-type: application/json' \\%{l_nil}"
echo " -d '{ \"password\": \"\" }'"
echo "You can setup custom file-realm users with:"
echo " \$ $RPM_INSTALL_PREFIX/bin/elasticsearch-xpack users useradd [-p ] "
echo "You can setup custom native-realm users with:"
echo " \$ curl -XPUT -u elastic: \\%{l_nil}"
echo " http://localhost:9200/_xpack/security/user/ \\%{l_nil}"
echo " -H 'Content-type: application/json' \\%{l_nil}"
echo " -d '{ \"password\": \"\", \"roles\": [] }'"
) | %{l_rpmtool} msg -b -t notice
fi
%postun
if [ ".$1" = .0 ]; then
# before erase, remove runtime files
rm -f $RPM_INSTALL_PREFIX/etc/elasticsearch/x-pack/* >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/etc/elasticsearch/ca.* >/dev/null 2>&1 || true
rm -f $RPM_INSTALL_PREFIX/etc/elasticsearch/server.* >/dev/null 2>&1 || true
# remove default config from ElasticSearch configuration
conf="$RPM_INSTALL_PREFIX/etc/elasticsearch/elasticsearch.yml"
if [ -f $conf ]; then
$RPM_INSTALL_PREFIX/lib/openpkg/rpmtool config \
-r -i "$RPM_INSTALL_PREFIX:elasticsearch-xpack" -p "#" $conf
fi
fi
exit 0