diff options
| author | Bas van Dijk <v.dijk.bas@gmail.com> | 2018-06-24 13:22:12 +0200 |
|---|---|---|
| committer | Bas van Dijk <v.dijk.bas@gmail.com> | 2018-07-28 00:01:31 +0200 |
| commit | ebcdb822f8c34aa174e6f688f92699be8f9f57ff (patch) | |
| tree | f8ca603a99251b4ab4c45abddd4d6c72569f188b /nixos/modules/services/search | |
| parent | 28e11a0b6ba740aedcc8be27ff8ef334d187bd37 (diff) | |
elk: 6.2.4 -> 6.3.2
* The ELK stack is upgraded to 6.3.2.
* `elasticsearch6`, `logstash6` and `kibana6` now come with X-Pack which is
a suite of additional features. These are however licensed under the unfree
"Elastic License".
* Fortunately they also provide OSS versions which are now packaged
under: `elasticsearch6-oss`, `logstash6-oss` and `kibana6-oss`.
Note that the naming of the attributes is consistent with upstream.
* The test `nix-build nixos/tests/elk.nix -A ELK-6` will test the OSS
version by default. You can also run the test on the unfree ELK using:
`NIXPKGS_ALLOW_UNFREE=1 nix-build nixos/tests/elk.nix -A ELK-6 --arg enableUnfree true`
Diffstat (limited to 'nixos/modules/services/search')
| -rw-r--r-- | nixos/modules/services/search/elasticsearch.nix | 42 |
1 files changed, 29 insertions, 13 deletions
diff --git a/nixos/modules/services/search/elasticsearch.nix b/nixos/modules/services/search/elasticsearch.nix index d61f588205af..b0831dcd1ca8 100644 --- a/nixos/modules/services/search/elasticsearch.nix +++ b/nixos/modules/services/search/elasticsearch.nix @@ -25,18 +25,17 @@ let ${cfg.extraConf} ''; - configDir = pkgs.buildEnv { - name = "elasticsearch-config"; - paths = [ - (pkgs.writeTextDir "elasticsearch.yml" esConfig) - (if es5 then (pkgs.writeTextDir "log4j2.properties" cfg.logging) - else (pkgs.writeTextDir "logging.yml" cfg.logging)) - ]; - postBuild = concatStringsSep "\n" (concatLists [ - # Elasticsearch 5.x won't start when the scripts directory does not exist - (optional es5 "${pkgs.coreutils}/bin/mkdir -p $out/scripts") - (optional es6 "ln -s ${cfg.package}/config/jvm.options $out/jvm.options") - ]); + configDir = cfg.dataDir + "/config"; + + elasticsearchYml = pkgs.writeTextFile { + name = "elasticsearch.yml"; + text = esConfig; + }; + + loggingConfigFilename = if es5 then "log4j2.properties" else "logging.yml"; + loggingConfigFile = pkgs.writeTextFile { + name = loggingConfigFilename; + text = cfg.logging; }; esPlugins = pkgs.buildEnv { @@ -193,7 +192,24 @@ in { ln -sfT ${esPlugins}/plugins ${cfg.dataDir}/plugins ln -sfT ${cfg.package}/lib ${cfg.dataDir}/lib ln -sfT ${cfg.package}/modules ${cfg.dataDir}/modules - if [ "$(id -u)" = 0 ]; then chown -R elasticsearch ${cfg.dataDir}; fi + + # elasticsearch needs to create the elasticsearch.keystore in the config directory + # so this directory needs to be writable. + mkdir -m 0700 -p ${configDir} + + # Note that we copy config files from the nix store instead of symbolically linking them + # because otherwise X-Pack Security will raise the following exception: + # java.security.AccessControlException: + # access denied ("java.io.FilePermission" "/var/lib/elasticsearch/config/elasticsearch.yml" "read") + + cp ${elasticsearchYml} ${configDir}/elasticsearch.yml + # Make sure the logging configuration for old elasticsearch versions is removed: + rm -f ${if es5 then "${configDir}/logging.yml" else "${configDir}/log4j2.properties"} + cp ${loggingConfigFile} ${configDir}/${loggingConfigFilename} + ${optionalString es5 "mkdir -p ${configDir}/scripts"} + ${optionalString es6 "cp ${cfg.package}/config/jvm.options ${configDir}/jvm.options"} + + if [ "$(id -u)" = 0 ]; then chown -R elasticsearch:elasticsearch ${cfg.dataDir}; fi ''; }; |