3

I'm using this docker repository to install elasticsearch and searchguard

The searchguard requires running a script bin/init_sg.sh after the elasticsearch is fully loaded.

I don't like running docker exec -it elasticsearch bin/init_sg.sh manually everytime the container is recreated. I'm looking for a way of doing it programmatically in the Dockerfile or docker-compose.yml.

My main problem right now is finding the primary process pid in the dockerfile and making sure the elasticsearch service is fully loaded. Can anyone give me suggestions on how to do that?

Unsuccessful Dockerfile

FROM docker.elastic.co/elasticsearch/elasticsearch:5.6.3

COPY config/ config/
COPY bin/ bin/

# Search Guard plugin
# https://github.com/floragunncom/search-guard/wiki
RUN elasticsearch-plugin install --batch com.floragunn:search-guard-5:5.6.3-16 \
    && chmod +x \
        plugins/search-guard-5/tools/hash.sh \
        plugins/search-guard-5/tools/sgadmin.sh

# Add your elasticsearch plugins setup here
# Example: RUN elasticsearch-plugin install analysis-icu

CMD bin/elasticsearch && while [ -d /proc/1 ] ; do sleep 1; done && bin/init_sg.sh
srgbnd
  • 5,404
  • 9
  • 44
  • 80
RedGiant
  • 4,444
  • 11
  • 59
  • 146

1 Answers1

2

Checking the process doesn't seem a good approach for checking if elastic-search is ready.

I suggest a better alternative using the REST api of elastic-search.

The api is exposed on port 9200. There is an official healthcheck script for elastic search. The health check uses the command curl -fsSL "http://$host:9200/_cat/health?h=status which will return green if elastic-search is healthy.

You can use the same api and wait for a green status and then execute your init_sg.sh script.

yamenk
  • 46,736
  • 10
  • 93
  • 87
  • 2
    would be better to check if 9200 port is open (with nc for example) cause the REST api is restricted and as long as searchguard is not initialized you cannot login. – salyh Nov 27 '17 at 14:34