public_git
/
bitnami-containers
mirror of https://github.com/bitnami/containers.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[bitnami/elk] Deprecate branches 8.x and 9.x in favor of new branch organization (#86131) 

Signed-off-by: Miguel Ruiz <miguel.ruiz@broadcom.com>
This commit is contained in:
Miguel Ruiz 2025-09-11 12:16:51 +02:00 committed by GitHub
parent 44952a1359
commit c1a63cc2a3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
88 changed files with 90 additions and 11538 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
bitnami/elasticsearch/8/README.md → bitnami/elasticsearch/8.17/README.md
View File

0
bitnami/kibana/8/README.md → bitnami/elasticsearch/8.18/README.md
View File

0
bitnami/logstash/8/README.md → bitnami/elasticsearch/8.19/README.md
View File

10
bitnami/elasticsearch/9.0/README.md Normal file
View File

@ -0,0 +1,10 @@
# ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog
Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:
- Granting community users access for the first time to security-optimized versions of popular container images.
- Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
- Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
- For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.
These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).

66
bitnami/elasticsearch/9/debian-12/Dockerfile
View File

@ -1,66 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
FROM docker.io/bitnami/minideb:bookworm
ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith"
ARG ELASTICSEARCH_PLUGINS
ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
ARG TARGETARCH
LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
org.opencontainers.image.created="2025-09-07T00:30:58Z" \
org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/elasticsearch/README.md" \
org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/elasticsearch" \
org.opencontainers.image.title="elasticsearch" \
org.opencontainers.image.vendor="Broadcom, Inc." \
org.opencontainers.image.version="9.1.3"
ENV HOME="/" \
OS_ARCH="${TARGETARCH:-amd64}" \
OS_FLAVOUR="debian-12" \
OS_NAME="linux" \
PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/elasticsearch/bin:$PATH"
COPY prebuildfs /
SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
# Install required system packages and dependencies
RUN install_packages ca-certificates curl libasound2-dev libc6 libfreetype6 libfreetype6-dev libgcc1 procps zlib1g
RUN --mount=type=secret,id=downloads_url,env=SECRET_DOWNLOADS_URL \
DOWNLOADS_URL=${SECRET_DOWNLOADS_URL:-${DOWNLOADS_URL}} ; \
mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \
COMPONENTS=( \
"yq-4.47.1-3-linux-${OS_ARCH}-debian-12" \
"java-21.0.8-12-0-linux-${OS_ARCH}-debian-12" \
"elasticsearch-9.1.3-0-linux-${OS_ARCH}-debian-12" \
) ; \
for COMPONENT in "${COMPONENTS[@]}"; do \
if [ ! -f "${COMPONENT}.tar.gz" ]; then \
curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \
curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \
fi ; \
sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \
tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner ; \
rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
done
RUN apt-get update && apt-get upgrade -y && \
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
RUN chmod g+rwX /opt/bitnami
RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
COPY rootfs /
RUN /opt/bitnami/scripts/elasticsearch/postunpack.sh
RUN /opt/bitnami/scripts/java/postunpack.sh
ENV APP_VERSION="9.1.3" \
BITNAMI_APP_NAME="elasticsearch" \
ES_JAVA_HOME="/opt/bitnami/java" \
IMAGE_REVISION="1" \
JAVA_HOME="/opt/bitnami/java" \
LD_LIBRARY_PATH="/opt/bitnami/elasticsearch/jdk/lib:/opt/bitnami/elasticsearch/jdk/lib/server:$LD_LIBRARY_PATH"
EXPOSE 9200 9300
USER 1001
ENTRYPOINT [ "/opt/bitnami/scripts/elasticsearch/entrypoint.sh" ]
CMD [ "/opt/bitnami/scripts/elasticsearch/run.sh" ]

14
bitnami/elasticsearch/9/debian-12/docker-compose.yml
View File

@ -1,14 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
services:
elasticsearch:
image: docker.io/bitnami/elasticsearch:9
ports:
- '9200:9200'
- '9300:9300'
volumes:
- 'elasticsearch_data:/bitnami/elasticsearch/data'
volumes:
elasticsearch_data:
driver: local

2
bitnami/elasticsearch/9/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
View File

@ -1,2 +0,0 @@
Bitnami containers ship with software bundles. You can find the licenses under:
/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt

53
bitnami/elasticsearch/9/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh
View File

@ -1,53 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami custom library
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Constants
BOLD='\033[1m'
# Functions
########################
# Print the welcome page
# Globals:
# DISABLE_WELCOME_MESSAGE
# BITNAMI_APP_NAME
# Arguments:
# None
# Returns:
# None
#########################
print_welcome_page() {
if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then
if [[ -n "$BITNAMI_APP_NAME" ]]; then
print_image_welcome_page
fi
fi
}
########################
# Print the welcome page for a Bitnami Docker image
# Globals:
# BITNAMI_APP_NAME
# Arguments:
# None
# Returns:
# None
#########################
print_image_welcome_page() {
local github_url="https://github.com/bitnami/containers"
info ""
info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}"
info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}"
info "${YELLOW}NOTICE: Starting August 28th, 2025, only a limited subset of images/charts will remain available for free. Backup will be available for some time at the 'Bitnami Legacy' repository. More info at https://github.com/bitnami/containers/issues/83267${RESET}"
info ""
}

141
bitnami/elasticsearch/9/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh
View File

@ -1,141 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for managing files
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libos.sh
# Functions
########################
# Replace a regex-matching string in a file
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - substitute regex
# $4 - use POSIX regex. Default: true
# Returns:
# None
#########################
replace_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local substitute_regex="${3:?substitute regex is required}"
local posix_regex=${4:-true}
local result
# We should avoid using 'sed in-place' substitutions
# 1) They are not compatible with files mounted from ConfigMap(s)
# 2) We found incompatibility issues with Debian10 and "in-place" substitutions
local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
if [[ $posix_regex = true ]]; then
result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
else
result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
fi
echo "$result" > "$filename"
}
########################
# Replace a regex-matching multiline string in a file
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - substitute regex
# Returns:
# None
#########################
replace_in_file_multiline() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local substitute_regex="${3:?substitute regex is required}"
local result
local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")"
echo "$result" > "$filename"
}
########################
# Remove a line in a file based on a regex
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - use POSIX regex. Default: true
# Returns:
# None
#########################
remove_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local posix_regex=${3:-true}
local result
# We should avoid using 'sed in-place' substitutions
# 1) They are not compatible with files mounted from ConfigMap(s)
# 2) We found incompatibility issues with Debian10 and "in-place" substitutions
if [[ $posix_regex = true ]]; then
result="$(sed -E "/$match_regex/d" "$filename")"
else
result="$(sed "/$match_regex/d" "$filename")"
fi
echo "$result" > "$filename"
}
########################
# Appends text after the last line matching a pattern
# Arguments:
# $1 - file
# $2 - match regex
# $3 - contents to add
# Returns:
# None
#########################
append_file_after_last_match() {
local file="${1:?missing file}"
local match_regex="${2:?missing pattern}"
local value="${3:?missing value}"
# We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again
result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)"
echo "$result" > "$file"
}
########################
# Wait until certain entry is present in a log file
# Arguments:
# $1 - entry to look for
# $2 - log file
# $3 - max retries. Default: 12
# $4 - sleep between retries (in seconds). Default: 5
# Returns:
# Boolean
#########################
wait_for_log_entry() {
local -r entry="${1:-missing entry}"
local -r log_file="${2:-missing log file}"
local -r retries="${3:-12}"
local -r interval_time="${4:-5}"
local attempt=0
check_log_file_for_entry() {
if ! grep -qE "$entry" "$log_file"; then
debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})"
return 1
fi
}
debug "Checking that ${log_file} log file contains entry \"${entry}\""
if retry_while check_log_file_for_entry "$retries" "$interval_time"; then
debug "Found entry \"${entry}\" in ${log_file}"
true
else
error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries"
debug_execute cat "$log_file"
return 1
fi
}

193
bitnami/elasticsearch/9/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh
View File

@ -1,193 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for file system actions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Ensure a file/directory is owned (user and group) but the given user
# Arguments:
# $1 - filepath
# $2 - owner
# Returns:
# None
#########################
owned_by() {
local path="${1:?path is missing}"
local owner="${2:?owner is missing}"
local group="${3:-}"
if [[ -n $group ]]; then
chown "$owner":"$group" "$path"
else
chown "$owner":"$owner" "$path"
fi
}
########################
# Ensure a directory exists and, optionally, is owned by the given user
# Arguments:
# $1 - directory
# $2 - owner
# Returns:
# None
#########################
ensure_dir_exists() {
local dir="${1:?directory is missing}"
local owner_user="${2:-}"
local owner_group="${3:-}"
[ -d "${dir}" ] || mkdir -p "${dir}"
if [[ -n $owner_user ]]; then
owned_by "$dir" "$owner_user" "$owner_group"
fi
}
########################
# Checks whether a directory is empty or not
# arguments:
# $1 - directory
# returns:
# boolean
#########################
is_dir_empty() {
local -r path="${1:?missing directory}"
# Calculate real path in order to avoid issues with symlinks
local -r dir="$(realpath "$path")"
if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then
true
else
false
fi
}
########################
# Checks whether a mounted directory is empty or not
# arguments:
# $1 - directory
# returns:
# boolean
#########################
is_mounted_dir_empty() {
local dir="${1:?missing directory}"
if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then
true
else
false
fi
}
########################
# Checks whether a file can be written to or not
# arguments:
# $1 - file
# returns:
# boolean
#########################
is_file_writable() {
local file="${1:?missing file}"
local dir
dir="$(dirname "$file")"
if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then
true
else
false
fi
}
########################
# Relativize a path
# arguments:
# $1 - path
# $2 - base
# returns:
# None
#########################
relativize() {
local -r path="${1:?missing path}"
local -r base="${2:?missing base}"
pushd "$base" >/dev/null || exit
realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||'
popd >/dev/null || exit
}
########################
# Configure permissions and ownership recursively
# Globals:
# None
# Arguments:
# $1 - paths (as a string).
# Flags:
# -f|--file-mode - mode for directories.
# -d|--dir-mode - mode for files.
# -u|--user - user
# -g|--group - group
# Returns:
# None
#########################
configure_permissions_ownership() {
local -r paths="${1:?paths is missing}"
local dir_mode=""
local file_mode=""
local user=""
local group=""
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-f | --file-mode)
shift
file_mode="${1:?missing mode for files}"
;;
-d | --dir-mode)
shift
dir_mode="${1:?missing mode for directories}"
;;
-u | --user)
shift
user="${1:?missing user}"
;;
-g | --group)
shift
group="${1:?missing group}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a filepaths <<<"$paths"
for p in "${filepaths[@]}"; do
if [[ -e "$p" ]]; then
find -L "$p" -printf ""
if [[ -n $dir_mode ]]; then
find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode"
fi
if [[ -n $file_mode ]]; then
find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode"
fi
if [[ -n $user ]] && [[ -n $group ]]; then
find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}"
elif [[ -n $user ]] && [[ -z $group ]]; then
find -L "$p" -print0 | xargs -r -0 chown "${user}"
elif [[ -z $user ]] && [[ -n $group ]]; then
find -L "$p" -print0 | xargs -r -0 chgrp "${group}"
fi
else
stderr_print "$p does not exist"
fi
done
}

18
bitnami/elasticsearch/9/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh
View File

@ -1,18 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library to use for scripts expected to be used as Kubernetes lifecycle hooks
# shellcheck disable=SC1091
# Load generic libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libos.sh
# Override functions that log to stdout/stderr of the current process, so they print to process 1
for function_to_override in stderr_print debug_execute; do
# Output is sent to output of process 1 and thus end up in the container log
# The hook output in general isn't saved
eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2"
done

146
bitnami/elasticsearch/9/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh
View File

@ -1,146 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for logging functions
# Constants
RESET='\033[0m'
RED='\033[38;5;1m'
GREEN='\033[38;5;2m'
YELLOW='\033[38;5;3m'
MAGENTA='\033[38;5;5m'
CYAN='\033[38;5;6m'
# Functions
########################
# Print to STDERR
# Arguments:
# Message to print
# Returns:
# None
#########################
stderr_print() {
# 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it
local bool="${BITNAMI_QUIET:-false}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
printf "%b\\n" "${*}" >&2
fi
}
########################
# Log message
# Arguments:
# Message to log
# Returns:
# None
#########################
log() {
local color_bool="${BITNAMI_COLOR:-true}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$color_bool" = 1 || "$color_bool" =~ ^(yes|true)$ ]]; then
stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}"
else
stderr_print "${MODULE:-} $(date "+%T.%2N ")${*}"
fi
}
########################
# Log an 'info' message
# Arguments:
# Message to log
# Returns:
# None
#########################
info() {
local msg_color=""
local color_bool="${BITNAMI_COLOR:-true}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$color_bool" = 1 || "$color_bool" =~ ^(yes|true)$ ]];then
msg_color="$GREEN"
fi
log "${msg_color}INFO ${RESET} ==> ${*}"
}
########################
# Log message
# Arguments:
# Message to log
# Returns:
# None
#########################
warn() {
local msg_color=""
local color_bool="${BITNAMI_COLOR:-true}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$color_bool" = 1 || "$color_bool" =~ ^(yes|true)$ ]];then
msg_color="$YELLOW"
fi
log "${msg_color}WARN ${RESET} ==> ${*}"
}
########################
# Log an 'error' message
# Arguments:
# Message to log
# Returns:
# None
#########################
error() {
local msg_color=""
local color_bool="${BITNAMI_COLOR:-true}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$color_bool" = 1 || "$color_bool" =~ ^(yes|true)$ ]];then
msg_color="$RED"
fi
log "${msg_color}ERROR${RESET} ==> ${*}"
}
########################
# Log a 'debug' message
# Globals:
# BITNAMI_DEBUG
# Arguments:
# None
# Returns:
# None
#########################
debug() {
local msg_color=""
local color_bool="${BITNAMI_COLOR:-true}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$color_bool" = 1 || "$color_bool" =~ ^(yes|true)$ ]] ;then
msg_color="$MAGENTA"
fi
local debug_bool="${BITNAMI_DEBUG:-false}"
if [[ "$debug_bool" = 1 || "$debug_bool" =~ ^(yes|true)$ ]]; then
log "${msg_color}DEBUG${RESET} ==> ${*}"
fi
}
########################
# Indent a string
# Arguments:
# $1 - string
# $2 - number of indentation characters (default: 4)
# $3 - indentation character (default: " ")
# Returns:
# None
#########################
indent() {
local string="${1:-}"
local num="${2:?missing num}"
local char="${3:-" "}"
# Build the indentation unit string
local indent_unit=""
for ((i = 0; i < num; i++)); do
indent_unit="${indent_unit}${char}"
done
# shellcheck disable=SC2001
# Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions
echo "$string" | sed "s/^/${indent_unit}/"
}

171
bitnami/elasticsearch/9/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh
View File

@ -1,171 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for network functions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Resolve IP address for a host/domain (i.e. DNS lookup)
# Arguments:
# $1 - Hostname to resolve
# $2 - IP address version (v4, v6), leave empty for resolving to any version
# Returns:
# IP
#########################
dns_lookup() {
local host="${1:?host is missing}"
local ip_version="${2:-}"
getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1
}
#########################
# Wait for a hostname and return the IP
# Arguments:
# $1 - hostname
# $2 - number of retries
# $3 - seconds to wait between retries
# Returns:
# - IP address that corresponds to the hostname
#########################
wait_for_dns_lookup() {
local hostname="${1:?hostname is missing}"
local retries="${2:-5}"
local seconds="${3:-1}"
check_host() {
if [[ $(dns_lookup "$hostname") == "" ]]; then
false
else
true
fi
}
# Wait for the host to be ready
retry_while "check_host ${hostname}" "$retries" "$seconds"
dns_lookup "$hostname"
}
########################
# Get machine's IP
# Arguments:
# None
# Returns:
# Machine IP
#########################
get_machine_ip() {
local -a ip_addresses
local hostname
hostname="$(hostname)"
read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)"
if [[ "${#ip_addresses[@]}" -gt 1 ]]; then
warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}"
elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then
error "Could not find any IP address associated to hostname ${hostname}"
exit 1
fi
# Check if the first IP address is IPv6 to add brackets
if validate_ipv6 "${ip_addresses[0]}" ; then
echo "[${ip_addresses[0]}]"
else
echo "${ip_addresses[0]}"
fi
}
########################
# Check if the provided argument is a resolved hostname
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_hostname_resolved() {
local -r host="${1:?missing value}"
if [[ -n "$(dns_lookup "$host")" ]]; then
true
else
false
fi
}
########################
# Parse URL
# Globals:
# None
# Arguments:
# $1 - uri - String
# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String
# Returns:
# String
parse_uri() {
local uri="${1:?uri is missing}"
local component="${2:?component is missing}"
# Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with
# additional sub-expressions to split authority into userinfo, host and port
# Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969)
local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?'
# || | ||| | | | | | | | | |
# |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment
# 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #...
# | 4 authority
# 3 //...
local index=0
case "$component" in
scheme)
index=2
;;
authority)
index=4
;;
userinfo)
index=6
;;
host)
index=7
;;
port)
index=9
;;
path)
index=10
;;
query)
index=13
;;
fragment)
index=14
;;
*)
stderr_print "unrecognized component $component"
return 1
;;
esac
[[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}"
}
########################
# Wait for a HTTP connection to succeed
# Globals:
# *
# Arguments:
# $1 - URL to wait for
# $2 - Maximum amount of retries (optional)
# $3 - Time between retries (optional)
# Returns:
# true if the HTTP connection succeeded, false otherwise
#########################
wait_for_http_connection() {
local url="${1:?missing url}"
local retries="${2:-}"
local sleep_time="${3:-}"
if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then
error "Could not connect to ${url}"
return 1
fi
}

657
bitnami/elasticsearch/9/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh
View File

@ -1,657 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for operating system actions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Check if an user exists in the system
# Arguments:
# $1 - user
# Returns:
# Boolean
#########################
user_exists() {
local user="${1:?user is missing}"
id "$user" >/dev/null 2>&1
}
########################
# Check if a group exists in the system
# Arguments:
# $1 - group
# Returns:
# Boolean
#########################
group_exists() {
local group="${1:?group is missing}"
getent group "$group" >/dev/null 2>&1
}
########################
# Create a group in the system if it does not exist already
# Arguments:
# $1 - group
# Flags:
# -i|--gid - the ID for the new group
# -s|--system - Whether to create new user as system user (uid <= 999)
# Returns:
# None
#########################
ensure_group_exists() {
local group="${1:?group is missing}"
local gid=""
local is_system_user=false
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-i | --gid)
shift
gid="${1:?missing gid}"
;;
-s | --system)
is_system_user=true
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if ! group_exists "$group"; then
local -a args=("$group")
if [[ -n "$gid" ]]; then
if group_exists "$gid"; then
error "The GID $gid is already in use." >&2
return 1
fi
args+=("--gid" "$gid")
fi
$is_system_user && args+=("--system")
groupadd "${args[@]}" >/dev/null 2>&1
fi
}
########################
# Create an user in the system if it does not exist already
# Arguments:
# $1 - user
# Flags:
# -i|--uid - the ID for the new user
# -g|--group - the group the new user should belong to
# -a|--append-groups - comma-separated list of supplemental groups to append to the new user
# -h|--home - the home directory for the new user
# -s|--system - whether to create new user as system user (uid <= 999)
# Returns:
# None
#########################
ensure_user_exists() {
local user="${1:?user is missing}"
local uid=""
local group=""
local append_groups=""
local home=""
local is_system_user=false
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-i | --uid)
shift
uid="${1:?missing uid}"
;;
-g | --group)
shift
group="${1:?missing group}"
;;
-a | --append-groups)
shift
append_groups="${1:?missing append_groups}"
;;
-h | --home)
shift
home="${1:?missing home directory}"
;;
-s | --system)
is_system_user=true
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if ! user_exists "$user"; then
local -a user_args=("-N" "$user")
if [[ -n "$uid" ]]; then
if user_exists "$uid"; then
error "The UID $uid is already in use."
return 1
fi
user_args+=("--uid" "$uid")
else
$is_system_user && user_args+=("--system")
fi
useradd "${user_args[@]}" >/dev/null 2>&1
fi
if [[ -n "$group" ]]; then
local -a group_args=("$group")
$is_system_user && group_args+=("--system")
ensure_group_exists "${group_args[@]}"
usermod -g "$group" "$user" >/dev/null 2>&1
fi
if [[ -n "$append_groups" ]]; then
local -a groups
read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")"
for group in "${groups[@]}"; do
ensure_group_exists "$group"
usermod -aG "$group" "$user" >/dev/null 2>&1
done
fi
if [[ -n "$home" ]]; then
mkdir -p "$home"
usermod -d "$home" "$user" >/dev/null 2>&1
configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group"
fi
}
########################
# Check if the script is currently running as root
# Arguments:
# $1 - user
# $2 - group
# Returns:
# Boolean
#########################
am_i_root() {
if [[ "$(id -u)" = "0" ]]; then
true
else
false
fi
}
########################
# Print OS metadata
# Arguments:
# $1 - Flag name
# Flags:
# --id - Distro ID
# --version - Distro version
# --branch - Distro branch
# --codename - Distro codename
# --name - Distro name
# --pretty-name - Distro pretty name
# Returns:
# String
#########################
get_os_metadata() {
local -r flag_name="${1:?missing flag}"
# Helper function
get_os_release_metadata() {
local -r env_name="${1:?missing environment variable name}"
(
. /etc/os-release
echo "${!env_name}"
)
}
case "$flag_name" in
--id)
get_os_release_metadata ID
;;
--version)
get_os_release_metadata VERSION_ID
;;
--branch)
get_os_release_metadata VERSION_ID | sed 's/\..*//'
;;
--codename)
get_os_release_metadata VERSION_CODENAME
;;
--name)
get_os_release_metadata NAME
;;
--pretty-name)
get_os_release_metadata PRETTY_NAME
;;
*)
error "Unknown flag ${flag_name}"
return 1
;;
esac
}
########################
# Get total memory available
# Arguments:
# None
# Returns:
# Memory in bytes
#########################
get_total_memory() {
echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024))
}
########################
# Get machine size depending on specified memory
# Globals:
# None
# Arguments:
# None
# Flags:
# --memory - memory size (optional)
# Returns:
# Detected instance size
#########################
get_machine_size() {
local memory=""
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
--memory)
shift
memory="${1:?missing memory}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if [[ -z "$memory" ]]; then
debug "Memory was not specified, detecting available memory automatically"
memory="$(get_total_memory)"
fi
sanitized_memory=$(convert_to_mb "$memory")
if [[ "$sanitized_memory" -gt 26000 ]]; then
echo 2xlarge
elif [[ "$sanitized_memory" -gt 13000 ]]; then
echo xlarge
elif [[ "$sanitized_memory" -gt 6000 ]]; then
echo large
elif [[ "$sanitized_memory" -gt 3000 ]]; then
echo medium
elif [[ "$sanitized_memory" -gt 1500 ]]; then
echo small
else
echo micro
fi
}
########################
# Get machine size depending on specified memory
# Globals:
# None
# Arguments:
# $1 - memory size (optional)
# Returns:
# Detected instance size
#########################
get_supported_machine_sizes() {
echo micro small medium large xlarge 2xlarge
}
########################
# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048)
# Globals:
# None
# Arguments:
# $1 - memory size
# Returns:
# Result of the conversion
#########################
convert_to_mb() {
local amount="${1:-}"
if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then
size="${BASH_REMATCH[1]}"
unit="${BASH_REMATCH[2]}"
if [[ "$unit" = "g" || "$unit" = "G" ]]; then
amount="$((size * 1024))"
else
amount="$size"
fi
fi
echo "$amount"
}
#########################
# Redirects output to /dev/null if debug mode is disabled
# Globals:
# BITNAMI_DEBUG
# Arguments:
# $@ - Command to execute
# Returns:
# None
#########################
debug_execute() {
if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then
"$@"
else
"$@" >/dev/null 2>&1
fi
}
########################
# Retries a command a given number of times
# Arguments:
# $1 - cmd (as a string)
# $2 - max retries. Default: 12
# $3 - sleep between retries (in seconds). Default: 5
# Returns:
# Boolean
#########################
retry_while() {
local cmd="${1:?cmd is missing}"
local retries="${2:-12}"
local sleep_time="${3:-5}"
local return_value=1
read -r -a command <<<"$cmd"
for ((i = 1; i <= retries; i += 1)); do
"${command[@]}" && return_value=0 && break
sleep "$sleep_time"
done
return $return_value
}
########################
# Generate a random string
# Arguments:
# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii
# -c|--count - Number of characters, defaults to 32
# Arguments:
# None
# Returns:
# None
# Returns:
# String
#########################
generate_random_string() {
local type="ascii"
local count="32"
local filter
local result
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
-t | --type)
shift
type="$1"
;;
-c | --count)
shift
count="$1"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
# Validate type
case "$type" in
ascii)
filter="[:print:]"
;;
numeric)
filter="0-9"
;;
alphanumeric)
filter="a-zA-Z0-9"
;;
alphanumeric+special|special+alphanumeric)
# Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters
# Special characters are harder to write, and it could impact the overall UX if most passwords are too complex
filter='a-zA-Z0-9:@.,/+!='
;;
*)
echo "Invalid type ${type}" >&2
return 1
;;
esac
# Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size
# Note there is a very small chance of strings starting with EOL character
# Therefore, the higher amount of lines read, this will happen less frequently
result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")"
echo "$result"
}
########################
# Create md5 hash from a string
# Arguments:
# $1 - string
# Returns:
# md5 hash - string
#########################
generate_md5_hash() {
local -r str="${1:?missing input string}"
echo -n "$str" | md5sum | awk '{print $1}'
}
########################
# Create sha1 hash from a string
# Arguments:
# $1 - string
# $2 - algorithm - 1 (default), 224, 256, 384, 512
# Returns:
# sha1 hash - string
#########################
generate_sha_hash() {
local -r str="${1:?missing input string}"
local -r algorithm="${2:-1}"
echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}'
}
########################
# Converts a string to its hexadecimal representation
# Arguments:
# $1 - string
# Returns:
# hexadecimal representation of the string
#########################
convert_to_hex() {
local -r str=${1:?missing input string}
local -i iterator
local char
for ((iterator = 0; iterator < ${#str}; iterator++)); do
char=${str:iterator:1}
printf '%x' "'${char}"
done
}
########################
# Get boot time
# Globals:
# None
# Arguments:
# None
# Returns:
# Boot time metadata
#########################
get_boot_time() {
stat /proc --format=%Y
}
########################
# Get machine ID
# Globals:
# None
# Arguments:
# None
# Returns:
# Machine ID
#########################
get_machine_id() {
local machine_id
if [[ -f /etc/machine-id ]]; then
machine_id="$(cat /etc/machine-id)"
fi
if [[ -z "$machine_id" ]]; then
# Fallback to the boot-time, which will at least ensure a unique ID in the current session
machine_id="$(get_boot_time)"
fi
echo "$machine_id"
}
########################
# Get the root partition's disk device ID (e.g. /dev/sda1)
# Globals:
# None
# Arguments:
# None
# Returns:
# Root partition disk ID
#########################
get_disk_device_id() {
local device_id=""
if grep -q ^/dev /proc/mounts; then
device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)"
fi
# If it could not be autodetected, fallback to /dev/sda1 as a default
if [[ -z "$device_id" || ! -b "$device_id" ]]; then
device_id="/dev/sda1"
fi
echo "$device_id"
}
########################
# Get the root disk device ID (e.g. /dev/sda)
# Globals:
# None
# Arguments:
# None
# Returns:
# Root disk ID
#########################
get_root_disk_device_id() {
get_disk_device_id | sed -E 's/p?[0-9]+$//'
}
########################
# Get the root disk size in bytes
# Globals:
# None
# Arguments:
# None
# Returns:
# Root disk size in bytes
#########################
get_root_disk_size() {
fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true
}
########################
# Run command as a specific user and group (optional)
# Arguments:
# $1 - USER(:GROUP) to switch to
# $2..$n - command to execute
# Returns:
# Exit code of the specified command
#########################
run_as_user() {
run_chroot "$@"
}
########################
# Execute command as a specific user and group (optional),
# replacing the current process image
# Arguments:
# $1 - USER(:GROUP) to switch to
# $2..$n - command to execute
# Returns:
# Exit code of the specified command
#########################
exec_as_user() {
run_chroot --replace-process "$@"
}
########################
# Run a command using chroot
# Arguments:
# $1 - USER(:GROUP) to switch to
# $2..$n - command to execute
# Flags:
# -r | --replace-process - Replace the current process image (optional)
# Returns:
# Exit code of the specified command
#########################
run_chroot() {
local userspec
local user
local homedir
local replace=false
local -r cwd="$(pwd)"
# Parse and validate flags
while [[ "$#" -gt 0 ]]; do
case "$1" in
-r | --replace-process)
replace=true
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
# Parse and validate arguments
if [[ "$#" -lt 2 ]]; then
echo "expected at least 2 arguments"
return 1
else
userspec=$1
shift
# userspec can optionally include the group, so we parse the user
user=$(echo "$userspec" | cut -d':' -f1)
fi
if ! am_i_root; then
error "Could not switch to '${userspec}': Operation not permitted"
return 1
fi
# Get the HOME directory for the user to switch, as chroot does
# not properly update this env and some scripts rely on it
homedir=$(eval echo "~${user}")
if [[ ! -d $homedir ]]; then
homedir="${HOME:-/}"
fi
# Obtaining value for "$@" indirectly in order to properly support shell parameter expansion
if [[ "$replace" = true ]]; then
exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
else
chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
fi
}

124
bitnami/elasticsearch/9/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh
View File

@ -1,124 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami persistence library
# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libversion.sh
# Functions
########################
# Persist an application directory
# Globals:
# BITNAMI_ROOT_DIR
# BITNAMI_VOLUME_DIR
# Arguments:
# $1 - App folder name
# $2 - List of app files to persist
# Returns:
# true if all steps succeeded, false otherwise
#########################
persist_app() {
local -r app="${1:?missing app}"
local -a files_to_restore
read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")"
local -r install_dir="${BITNAMI_ROOT_DIR}/${app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
# Persist the individual files
if [[ "${#files_to_persist[@]}" -le 0 ]]; then
warn "No files are configured to be persisted"
return
fi
pushd "$install_dir" >/dev/null || exit
local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder
local -r tmp_file="/tmp/perms.acl"
for file_to_persist in "${files_to_persist[@]}"; do
if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then
error "Cannot persist '${file_to_persist}' because it does not exist"
return 1
fi
file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")"
file_to_persist_destination="${persist_dir}/${file_to_persist_relative}"
file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")"
# Get original permissions for existing files, which will be applied later
# Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume
getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file"
# Copy directories to the volume
ensure_dir_exists "$file_to_persist_destination_folder"
cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder"
# Restore permissions
pushd "$persist_dir" >/dev/null || exit
if am_i_root; then
setfacl --restore="$tmp_file"
else
# When running as non-root, don't change ownership
setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file")
fi
popd >/dev/null || exit
done
popd >/dev/null || exit
rm -f "$tmp_file"
# Install the persisted files into the installation directory, via symlinks
restore_persisted_app "$@"
}
########################
# Restore a persisted application directory
# Globals:
# BITNAMI_ROOT_DIR
# BITNAMI_VOLUME_DIR
# FORCE_MAJOR_UPGRADE
# Arguments:
# $1 - App folder name
# $2 - List of app files to restore
# Returns:
# true if all steps succeeded, false otherwise
#########################
restore_persisted_app() {
local -r app="${1:?missing app}"
local -a files_to_restore
read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")"
local -r install_dir="${BITNAMI_ROOT_DIR}/${app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
# Restore the individual persisted files
if [[ "${#files_to_restore[@]}" -le 0 ]]; then
warn "No persisted files are configured to be restored"
return
fi
local file_to_restore_relative file_to_restore_origin file_to_restore_destination
for file_to_restore in "${files_to_restore[@]}"; do
file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")"
# We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed
file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")"
file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")"
rm -rf "$file_to_restore_origin"
ln -sfn "$file_to_restore_destination" "$file_to_restore_origin"
done
}
########################
# Check if an application directory was already persisted
# Globals:
# BITNAMI_VOLUME_DIR
# Arguments:
# $1 - App folder name
# Returns:
# true if all steps succeeded, false otherwise
#########################
is_app_initialized() {
local -r app="${1:?missing app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
if ! is_mounted_dir_empty "$persist_dir"; then
true
else
false
fi
}

422
bitnami/elasticsearch/9/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh
View File

@ -1,422 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for managing services
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Read the provided pid file and returns a PID
# Arguments:
# $1 - Pid file
# Returns:
# PID
#########################
get_pid_from_file() {
local pid_file="${1:?pid file is missing}"
if [[ -f "$pid_file" ]]; then
if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then
echo "$(< "$pid_file")"
fi
fi
}
########################
# Check if a provided PID corresponds to a running service
# Arguments:
# $1 - PID
# Returns:
# Boolean
#########################
is_service_running() {
local pid="${1:?pid is missing}"
kill -0 "$pid" 2>/dev/null
}
########################
# Stop a service by sending a termination signal to its pid
# Arguments:
# $1 - Pid file
# $2 - Signal number (optional)
# Returns:
# None
#########################
stop_service_using_pid() {
local pid_file="${1:?pid file is missing}"
local signal="${2:-}"
local pid
pid="$(get_pid_from_file "$pid_file")"
[[ -z "$pid" ]] || ! is_service_running "$pid" && return
if [[ -n "$signal" ]]; then
kill "-${signal}" "$pid"
else
kill "$pid"
fi
local counter=10
while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do
sleep 1
counter=$((counter - 1))
done
}
########################
# Start cron daemon
# Arguments:
# None
# Returns:
# true if started correctly, false otherwise
#########################
cron_start() {
if [[ -x "/usr/sbin/cron" ]]; then
/usr/sbin/cron
elif [[ -x "/usr/sbin/crond" ]]; then
/usr/sbin/crond
else
false
fi
}
########################
# Generate a cron configuration file for a given service
# Arguments:
# $1 - Service name
# $2 - Command
# Flags:
# --run-as - User to run as (default: root)
# --schedule - Cron schedule configuration (default: * * * * *)
# Returns:
# None
#########################
generate_cron_conf() {
local service_name="${1:?service name is missing}"
local cmd="${2:?command is missing}"
local run_as="root"
local schedule="* * * * *"
local clean="true"
# Parse optional CLI flags
shift 2
while [[ "$#" -gt 0 ]]; do
case "$1" in
--run-as)
shift
run_as="$1"
;;
--schedule)
shift
schedule="$1"
;;
--no-clean)
clean="false"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
mkdir -p /etc/cron.d
if "$clean"; then
cat > "/etc/cron.d/${service_name}" <<EOF
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
${schedule} ${run_as} ${cmd}
EOF
else
echo "${schedule} ${run_as} ${cmd}" >> /etc/cron.d/"$service_name"
fi
}
########################
# Generate a logrotate configuration file
# Arguments:
# $1 - Service name
# $2 - Log files pattern
# Flags:
# --period - Period
# --rotations - Number of rotations to store
# --extra - Extra options (Optional)
# Returns:
# None
#########################
generate_logrotate_conf() {
local service_name="${1:?service name is missing}"
local log_path="${2:?log path is missing}"
local period="weekly"
local rotations="150"
local extra=""
local logrotate_conf_dir="/etc/logrotate.d"
local var_name
# Parse optional CLI flags
shift 2
while [[ "$#" -gt 0 ]]; do
case "$1" in
--period|--rotations|--extra)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "$var_name"="${1:?"$var_name" is missing}"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
mkdir -p "$logrotate_conf_dir"
cat <<EOF | sed '/^\s*$/d' > "${logrotate_conf_dir}/${service_name}"
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
${log_path} {
${period}
rotate ${rotations}
dateext
compress
copytruncate
missingok
$(indent "$extra" 2)
}
EOF
}
########################
# Remove a logrotate configuration file
# Arguments:
# $1 - Service name
# Returns:
# None
#########################
remove_logrotate_conf() {
local service_name="${1:?service name is missing}"
local logrotate_conf_dir="/etc/logrotate.d"
rm -f "${logrotate_conf_dir}/${service_name}"
}
########################
# Generate a Systemd configuration file
# Arguments:
# $1 - Service name
# Flags:
# --custom-service-content - Custom content to add to the [service] block
# --environment - Environment variable to define (multiple --environment options may be passed)
# --environment-file - Text file with environment variables (multiple --environment-file options may be passed)
# --exec-start - Start command (required)
# --exec-start-pre - Pre-start command (optional)
# --exec-start-post - Post-start command (optional)
# --exec-stop - Stop command (optional)
# --exec-reload - Reload command (optional)
# --group - System group to start the service with
# --name - Service full name (e.g. Apache HTTP Server, defaults to $1)
# --restart - When to restart the Systemd service after being stopped (defaults to always)
# --pid-file - Service PID file
# --standard-output - File where to print stdout output
# --standard-error - File where to print stderr output
# --success-exit-status - Exit code that indicates a successful shutdown
# --type - Systemd unit type (defaults to forking)
# --user - System user to start the service with
# --working-directory - Working directory at which to start the service
# Returns:
# None
#########################
generate_systemd_conf() {
local -r service_name="${1:?service name is missing}"
local -r systemd_units_dir="/etc/systemd/system"
local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service"
# Default values
local name="$service_name"
local type="forking"
local user=""
local group=""
local environment=""
local environment_file=""
local exec_start=""
local exec_start_pre=""
local exec_start_post=""
local exec_stop=""
local exec_reload=""
local restart="always"
local pid_file=""
local standard_output="journal"
local standard_error=""
local limits_content=""
local success_exit_status=""
local custom_service_content=""
local working_directory=""
# Parse CLI flags
shift
while [[ "$#" -gt 0 ]]; do
case "$1" in
--name \
| --type \
| --user \
| --group \
| --exec-start \
| --exec-stop \
| --exec-reload \
| --restart \
| --pid-file \
| --standard-output \
| --standard-error \
| --success-exit-status \
| --custom-service-content \
| --working-directory \
)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "$var_name"="${1:?"${var_name} value is missing"}"
;;
--limit-*)
[[ -n "$limits_content" ]] && limits_content+=$'\n'
var_name="${1//--limit-}"
shift
limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}"
;;
--exec-start-pre)
shift
[[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n'
exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}"
;;
--exec-start-post)
shift
[[ -n "$exec_start_post" ]] && exec_start_post+=$'\n'
exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}"
;;
--environment)
shift
# It is possible to add multiple environment lines
[[ -n "$environment" ]] && environment+=$'\n'
environment+="Environment=${1:?"--environment value is missing"}"
;;
--environment-file)
shift
# It is possible to add multiple environment-file lines
[[ -n "$environment_file" ]] && environment_file+=$'\n'
environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
# Validate inputs
local error="no"
if [[ -z "$exec_start" ]]; then
error "The --exec-start option is required"
error="yes"
fi
if [[ "$error" != "no" ]]; then
return 1
fi
# Generate the Systemd unit
cat > "$service_file" <<EOF
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
[Unit]
Description=Bitnami service for ${name}
# Starting/stopping the main bitnami service should cause the same effect for this service
PartOf=bitnami.service
[Service]
Type=${type}
EOF
if [[ -n "$working_directory" ]]; then
cat >> "$service_file" <<< "WorkingDirectory=${working_directory}"
fi
if [[ -n "$exec_start_pre" ]]; then
# This variable may contain multiple ExecStartPre= directives
cat >> "$service_file" <<< "$exec_start_pre"
fi
if [[ -n "$exec_start" ]]; then
cat >> "$service_file" <<< "ExecStart=${exec_start}"
fi
if [[ -n "$exec_start_post" ]]; then
# This variable may contain multiple ExecStartPost= directives
cat >> "$service_file" <<< "$exec_start_post"
fi
# Optional stop and reload commands
if [[ -n "$exec_stop" ]]; then
cat >> "$service_file" <<< "ExecStop=${exec_stop}"
fi
if [[ -n "$exec_reload" ]]; then
cat >> "$service_file" <<< "ExecReload=${exec_reload}"
fi
# User and group
if [[ -n "$user" ]]; then
cat >> "$service_file" <<< "User=${user}"
fi
if [[ -n "$group" ]]; then
cat >> "$service_file" <<< "Group=${group}"
fi
# PID file allows to determine if the main process is running properly (for Restart=always)
if [[ -n "$pid_file" ]]; then
cat >> "$service_file" <<< "PIDFile=${pid_file}"
fi
if [[ -n "$restart" ]]; then
cat >> "$service_file" <<< "Restart=${restart}"
fi
# Environment flags
if [[ -n "$environment" ]]; then
# This variable may contain multiple Environment= directives
cat >> "$service_file" <<< "$environment"
fi
if [[ -n "$environment_file" ]]; then
# This variable may contain multiple EnvironmentFile= directives
cat >> "$service_file" <<< "$environment_file"
fi
# Logging
if [[ -n "$standard_output" ]]; then
cat >> "$service_file" <<< "StandardOutput=${standard_output}"
fi
if [[ -n "$standard_error" ]]; then
cat >> "$service_file" <<< "StandardError=${standard_error}"
fi
if [[ -n "$custom_service_content" ]]; then
# This variable may contain multiple miscellaneous directives
cat >> "$service_file" <<< "$custom_service_content"
fi
if [[ -n "$success_exit_status" ]]; then
cat >> "$service_file" <<EOF
# When the process receives a SIGTERM signal, it exits with code ${success_exit_status}
SuccessExitStatus=${success_exit_status}
EOF
fi
cat >> "$service_file" <<EOF
# Optimizations
TimeoutStartSec=2min
TimeoutStopSec=30s
IgnoreSIGPIPE=no
KillMode=mixed
EOF
if [[ -n "$limits_content" ]]; then
cat >> "$service_file" <<EOF
# Limits
${limits_content}
EOF
fi
cat >> "$service_file" <<EOF
[Install]
# Enabling/disabling the main bitnami service should cause the same effect for this service
WantedBy=bitnami.service
EOF
}

294
bitnami/elasticsearch/9/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh
View File

@ -1,294 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Validation functions library
# shellcheck disable=SC1091,SC2086
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Check if the provided argument is an integer
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_int() {
local -r int="${1:?missing value}"
if [[ "$int" =~ ^-?[0-9]+ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a positive integer
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_positive_int() {
local -r int="${1:?missing value}"
if is_int "$int" && (( "${int}" >= 0 )); then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean or is the string 'yes/true'
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_boolean_yes() {
local -r bool="${1:-}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean yes/no value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_yes_no_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(yes|no)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean true/false value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_true_false_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(true|false)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean 1/0 value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_1_0_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^[10]$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is an empty string or not defined
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_empty_value() {
local -r val="${1:-}"
if [[ -z "$val" ]]; then
true
else
false
fi
}
########################
# Validate if the provided argument is a valid port
# Arguments:
# $1 - Port to validate
# Returns:
# Boolean and error message
#########################
validate_port() {
local value
local unprivileged=0
# Parse flags
while [[ "$#" -gt 0 ]]; do
case "$1" in
-unprivileged)
unprivileged=1
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
if [[ "$#" -gt 1 ]]; then
echo "too many arguments provided"
return 2
elif [[ "$#" -eq 0 ]]; then
stderr_print "missing port argument"
return 1
else
value=$1
fi
if [[ -z "$value" ]]; then
echo "the value is empty"
return 1
else
if ! is_int "$value"; then
echo "value is not an integer"
return 2
elif [[ "$value" -lt 0 ]]; then
echo "negative value provided"
return 2
elif [[ "$value" -gt 65535 ]]; then
echo "requested port is greater than 65535"
return 2
elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then
echo "privileged port requested"
return 3
fi
fi
}
########################
# Validate if the provided argument is a valid IPv6 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ipv6() {
local ip="${1:?ip is missing}"
local stat=1
local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$'
local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$'
if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then
stat=0
fi
return $stat
}
########################
# Validate if the provided argument is a valid IPv4 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ipv4() {
local ip="${1:?ip is missing}"
local stat=1
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")"
[[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \
&& ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]]
stat=$?
fi
return $stat
}
########################
# Validate if the provided argument is a valid IPv4 or IPv6 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ip() {
local ip="${1:?ip is missing}"
local stat=1
if validate_ipv4 "$ip"; then
stat=0
else
stat=$(validate_ipv6 "$ip")
fi
return $stat
}
########################
# Validate a string format
# Arguments:
# $1 - String to validate
# Returns:
# Boolean
#########################
validate_string() {
local string
local min_length=-1
local max_length=-1
# Parse flags
while [ "$#" -gt 0 ]; do
case "$1" in
-min-length)
shift
min_length=${1:-}
;;
-max-length)
shift
max_length=${1:-}
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
string="$1"
;;
esac
shift
done
if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then
echo "string length is less than $min_length"
return 1
fi
if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then
echo "string length is great than $max_length"
return 1
fi
}

51
bitnami/elasticsearch/9/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh
View File

@ -1,51 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for managing versions strings
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Gets semantic version
# Arguments:
# $1 - version: string to extract major.minor.patch
# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch
# Returns:
# array with the major, minor and release
#########################
get_sematic_version () {
local version="${1:?version is required}"
local section="${2:?section is required}"
local -a version_sections
#Regex to parse versions: x.y.z
local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?'
if [[ "$version" =~ $regex ]]; then
local i=1
local j=1
local n=${#BASH_REMATCH[*]}
while [[ $i -lt $n ]]; do
if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then
version_sections[j]="${BASH_REMATCH[$i]}"
((j++))
fi
((i++))
done
local number_regex='^[0-9]+$'
if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then
echo "${version_sections[$section]}"
return
else
stderr_print "Section allowed values are: 1, 2, and 3"
return 1
fi
fi
}

396
bitnami/elasticsearch/9/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh
View File

@ -1,396 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami web server handler library
# shellcheck disable=SC1090,SC1091
# Load generic libraries
. /opt/bitnami/scripts/liblog.sh
########################
# Execute a command (or list of commands) with the web server environment and library loaded
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_execute() {
local -r web_server="${1:?missing web server}"
shift
# Run program in sub-shell to avoid web server environment getting loaded when not necessary
(
. "/opt/bitnami/scripts/lib${web_server}.sh"
. "/opt/bitnami/scripts/${web_server}-env.sh"
"$@"
)
}
########################
# Prints the list of enabled web servers
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_list() {
local -r -a supported_web_servers=(apache nginx)
local -a existing_web_servers=()
for web_server in "${supported_web_servers[@]}"; do
[[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server")
done
echo "${existing_web_servers[@]:-}"
}
########################
# Prints the currently-enabled web server type (only one, in order of preference)
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_type() {
local -a web_servers
read -r -a web_servers <<< "$(web_server_list)"
echo "${web_servers[0]:-}"
}
########################
# Validate that a supported web server is configured
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_validate() {
local error_code=0
local supported_web_servers=("apache" "nginx")
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then
print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}"
elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then
print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable."
fi
return "$error_code"
}
########################
# Check whether the web server is running
# Globals:
# *
# Arguments:
# None
# Returns:
# true if the web server is running, false otherwise
#########################
is_web_server_running() {
"is_$(web_server_type)_running"
}
########################
# Start web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_start() {
info "Starting $(web_server_type) in background"
if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then
systemctl start "bitnami.$(web_server_type).service"
else
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh"
fi
}
########################
# Stop web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_stop() {
info "Stopping $(web_server_type)"
if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then
systemctl stop "bitnami.$(web_server_type).service"
else
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh"
fi
}
########################
# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --type - Application type, which has an effect on which configuration template to use
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --disable - Whether to render server configurations with a .disabled prefix
# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix
# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix
# --http-port - HTTP port number
# --https-port - HTTPS port number
# --document-root - Path to document root directory
# Apache-specific flags:
# --apache-additional-configuration - Additional vhost configuration (no default)
# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default)
# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default)
# --apache-before-vhost-configuration - Configuration to add before the <VirtualHost> directive (no default)
# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined)
# --apache-extra-directory-configuration - Extra configuration for the document root directory
# --apache-proxy-address - Address where to proxy requests
# --apache-proxy-configuration - Extra configuration for the proxy
# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost
# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost
# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined)
# NGINX-specific flags:
# --nginx-additional-configuration - Additional server block configuration (no default)
# --nginx-external-configuration - Configuration external to server block (no default)
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_web_server_app_configuration_exists() {
local app="${1:?missing app}"
shift
local -a apache_args nginx_args web_servers args_var
apache_args=("$app")
nginx_args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--disable \
| --disable-http \
| --disable-https \
)
apache_args+=("$1")
nginx_args+=("$1")
;;
--hosts \
| --server-name \
| --server-aliases \
| --type \
| --allow-remote-connections \
| --http-port \
| --https-port \
| --document-root \
)
apache_args+=("$1" "${2:?missing value}")
nginx_args+=("$1" "${2:?missing value}")
shift
;;
# Specific Apache flags
--apache-additional-configuration \
| --apache-additional-http-configuration \
| --apache-additional-https-configuration \
| --apache-before-vhost-configuration \
| --apache-allow-override \
| --apache-extra-directory-configuration \
| --apache-proxy-address \
| --apache-proxy-configuration \
| --apache-proxy-http-configuration \
| --apache-proxy-https-configuration \
| --apache-move-htaccess \
)
apache_args+=("${1//apache-/}" "${2:?missing value}")
shift
;;
# Specific NGINX flags
--nginx-additional-configuration \
| --nginx-external-configuration)
nginx_args+=("${1//nginx-/}" "${2:?missing value}")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
args_var="${web_server}_args[@]"
web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}"
done
}
########################
# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Returns:
# true if the configuration was disabled, false otherwise
########################
ensure_web_server_app_configuration_not_exists() {
local app="${1:?missing app}"
local -a web_servers
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app"
done
}
########################
# Ensure the web server loads the configuration for an application in a URL prefix
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --document-root - Path to document root directory
# --prefix - URL prefix from where it will be accessible (i.e. /myapp)
# --type - Application type, which has an effect on what configuration template will be used
# Apache-specific flags:
# --apache-additional-configuration - Additional vhost configuration (no default)
# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no')
# --apache-extra-directory-configuration - Extra configuration for the document root directory
# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup
# NGINX-specific flags:
# --nginx-additional-configuration - Additional server block configuration (no default)
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_web_server_prefix_configuration_exists() {
local app="${1:?missing app}"
shift
local -a apache_args nginx_args web_servers args_var
apache_args=("$app")
nginx_args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--allow-remote-connections \
| --document-root \
| --prefix \
| --type \
)
apache_args+=("$1" "${2:?missing value}")
nginx_args+=("$1" "${2:?missing value}")
shift
;;
# Specific Apache flags
--apache-additional-configuration \
| --apache-allow-override \
| --apache-extra-directory-configuration \
| --apache-move-htaccess \
)
apache_args+=("${1//apache-/}" "$2")
shift
;;
# Specific NGINX flags
--nginx-additional-configuration)
nginx_args+=("${1//nginx-/}" "$2")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
args_var="${web_server}_args[@]"
web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}"
done
}
########################
# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases
# --enable-http - Enable HTTP app configuration (if not enabled already)
# --enable-https - Enable HTTPS app configuration (if not enabled already)
# --disable-http - Disable HTTP app configuration (if not disabled already)
# --disable-https - Disable HTTPS app configuration (if not disabled already)
# --http-port - HTTP port number
# --https-port - HTTPS port number
# Returns:
# true if the configuration was updated, false otherwise
########################
web_server_update_app_configuration() {
local app="${1:?missing app}"
shift
local -a args web_servers
args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--enable-http \
| --enable-https \
| --disable-http \
| --disable-https \
)
args+=("$1")
;;
--hosts \
| --server-name \
| --server-aliases \
| --http-port \
| --https-port \
)
args+=("$1" "${2:?missing value}")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}"
done
}

27
bitnami/elasticsearch/9/debian-12/prebuildfs/usr/sbin/install_packages
View File

@ -1,27 +0,0 @@
#!/bin/sh
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
set -eu
n=0
max=2
export DEBIAN_FRONTEND=noninteractive
until [ $n -gt $max ]; do
set +e
(
apt-get update -qq &&
apt-get install -y --no-install-recommends "$@"
)
CODE=$?
set -e
if [ $CODE -eq 0 ]; then
break
fi
if [ $n -eq $max ]; then
exit $CODE
fi
echo "apt failed, retrying"
n=$(($n + 1))
done
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives

24
bitnami/elasticsearch/9/debian-12/prebuildfs/usr/sbin/run-script
View File

@ -1,24 +0,0 @@
#!/bin/sh
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
set -u
if [ $# -eq 0 ]; then
>&2 echo "No arguments provided"
exit 1
fi
script=$1
exit_code="${2:-96}"
fail_if_not_present="${3:-n}"
if test -f "$script"; then
sh $script
if [ $? -ne 0 ]; then
exit $((exit_code))
fi
elif [ "$fail_if_not_present" = "y" ]; then
>&2 echo "script not found: $script"
exit 127
fi

26
bitnami/elasticsearch/9/debian-12/prebuildfs/usr/sbin/uninstall_packages
View File

@ -1,26 +0,0 @@
#!/bin/sh
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
set -eu
n=0
max=2
export DEBIAN_FRONTEND=noninteractive
until [ $n -gt $max ]; do
set +e
(
apt-get autoremove --purge -y "$@"
)
CODE=$?
set -e
if [ $CODE -eq 0 ]; then
break
fi
if [ $n -eq $max ]; then
exit $CODE
fi
echo "apt failed, retrying"
n=$(($n + 1))
done
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives

258
bitnami/elasticsearch/9/debian-12/rootfs/opt/bitnami/scripts/elasticsearch-env.sh
View File

@ -1,258 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Environment configuration for elasticsearch
# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)
# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh
export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"
# Logging configuration
export MODULE="${MODULE:-elasticsearch}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
elasticsearch_env_vars=(
ELASTICSEARCH_CERTS_DIR
ELASTICSEARCH_DATA_DIR_LIST
ELASTICSEARCH_BIND_ADDRESS
ELASTICSEARCH_ADVERTISED_HOSTNAME
ELASTICSEARCH_CLUSTER_HOSTS
ELASTICSEARCH_CLUSTER_MASTER_HOSTS
ELASTICSEARCH_CLUSTER_NAME
ELASTICSEARCH_HEAP_SIZE
ELASTICSEARCH_MAX_ALLOWED_MEMORY_PERCENTAGE
ELASTICSEARCH_MAX_ALLOWED_MEMORY
ELASTICSEARCH_MAX_TIMEOUT
ELASTICSEARCH_LOCK_ALL_MEMORY
ELASTICSEARCH_DISABLE_JVM_HEAP_DUMP
ELASTICSEARCH_DISABLE_GC_LOGS
ELASTICSEARCH_IS_DEDICATED_NODE
ELASTICSEARCH_MINIMUM_MASTER_NODES
ELASTICSEARCH_NODE_NAME
ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH
ELASTICSEARCH_NODE_ROLES
ELASTICSEARCH_PLUGINS
ELASTICSEARCH_TRANSPORT_PORT_NUMBER
ELASTICSEARCH_HTTP_PORT_NUMBER
ELASTICSEARCH_ACTION_DESTRUCTIVE_REQUIRES_NAME
ELASTICSEARCH_ENABLE_SECURITY
ELASTICSEARCH_PASSWORD
ELASTICSEARCH_TLS_VERIFICATION_MODE
ELASTICSEARCH_TLS_USE_PEM
ELASTICSEARCH_KEYSTORE_PASSWORD
ELASTICSEARCH_TRUSTSTORE_PASSWORD
ELASTICSEARCH_KEY_PASSWORD
ELASTICSEARCH_KEYSTORE_LOCATION
ELASTICSEARCH_TRUSTSTORE_LOCATION
ELASTICSEARCH_NODE_CERT_LOCATION
ELASTICSEARCH_NODE_KEY_LOCATION
ELASTICSEARCH_CA_CERT_LOCATION
ELASTICSEARCH_SKIP_TRANSPORT_TLS
ELASTICSEARCH_TRANSPORT_TLS_USE_PEM
ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_PASSWORD
ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_PASSWORD
ELASTICSEARCH_TRANSPORT_TLS_KEY_PASSWORD
ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_LOCATION
ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_LOCATION
ELASTICSEARCH_TRANSPORT_TLS_NODE_CERT_LOCATION
ELASTICSEARCH_TRANSPORT_TLS_NODE_KEY_LOCATION
ELASTICSEARCH_TRANSPORT_TLS_CA_CERT_LOCATION
ELASTICSEARCH_ENABLE_REST_TLS
ELASTICSEARCH_HTTP_TLS_USE_PEM
ELASTICSEARCH_HTTP_TLS_KEYSTORE_PASSWORD
ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_PASSWORD
ELASTICSEARCH_HTTP_TLS_KEY_PASSWORD
ELASTICSEARCH_HTTP_TLS_KEYSTORE_LOCATION
ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_LOCATION
ELASTICSEARCH_HTTP_TLS_NODE_CERT_LOCATION
ELASTICSEARCH_HTTP_TLS_NODE_KEY_LOCATION
ELASTICSEARCH_HTTP_TLS_CA_CERT_LOCATION
ELASTICSEARCH_ENABLE_FIPS_MODE
ELASTICSEARCH_KEYS
DB_MINIMUM_MANAGER_NODES
)
for env_var in "${elasticsearch_env_vars[@]}"; do
file_env_var="${env_var}_FILE"
if [[ -n "${!file_env_var:-}" ]]; then
if [[ -r "${!file_env_var:-}" ]]; then
export "${env_var}=$(< "${!file_env_var}")"
unset "${file_env_var}"
else
warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
fi
fi
done
unset elasticsearch_env_vars
export DB_FLAVOR="elasticsearch"
# Paths
export ELASTICSEARCH_VOLUME_DIR="/bitnami/elasticsearch"
export DB_VOLUME_DIR="$ELASTICSEARCH_VOLUME_DIR"
export ELASTICSEARCH_BASE_DIR="/opt/bitnami/elasticsearch"
export DB_BASE_DIR="$ELASTICSEARCH_BASE_DIR"
export ELASTICSEARCH_CONF_DIR="${DB_BASE_DIR}/config"
export DB_CONF_DIR="$ELASTICSEARCH_CONF_DIR"
export ELASTICSEARCH_DEFAULT_CONF_DIR="${DB_BASE_DIR}/config.default"
export DB_DEFAULT_CONF_DIR="$ELASTICSEARCH_DEFAULT_CONF_DIR"
export ELASTICSEARCH_CERTS_DIR="${ELASTICSEARCH_CERTS_DIR:-${DB_CONF_DIR}/certs}"
export DB_CERTS_DIR="$ELASTICSEARCH_CERTS_DIR"
export ELASTICSEARCH_LOGS_DIR="${DB_BASE_DIR}/logs"
export DB_LOGS_DIR="$ELASTICSEARCH_LOGS_DIR"
export ELASTICSEARCH_PLUGINS_DIR="${DB_BASE_DIR}/plugins"
export DB_PLUGINS_DIR="$ELASTICSEARCH_PLUGINS_DIR"
export ELASTICSEARCH_DEFAULT_PLUGINS_DIR="${DB_BASE_DIR}/plugins.default"
export DB_DEFAULT_PLUGINS_DIR="$ELASTICSEARCH_DEFAULT_PLUGINS_DIR"
export ELASTICSEARCH_DATA_DIR="${DB_VOLUME_DIR}/data"
export DB_DATA_DIR="$ELASTICSEARCH_DATA_DIR"
export ELASTICSEARCH_DATA_DIR_LIST="${ELASTICSEARCH_DATA_DIR_LIST:-}"
export DB_DATA_DIR_LIST="$ELASTICSEARCH_DATA_DIR_LIST"
export ELASTICSEARCH_TMP_DIR="${DB_BASE_DIR}/tmp"
export DB_TMP_DIR="$ELASTICSEARCH_TMP_DIR"
export ELASTICSEARCH_BIN_DIR="${DB_BASE_DIR}/bin"
export DB_BIN_DIR="$ELASTICSEARCH_BIN_DIR"
export ELASTICSEARCH_MOUNTED_PLUGINS_DIR="${DB_VOLUME_DIR}/plugins"
export DB_MOUNTED_PLUGINS_DIR="$ELASTICSEARCH_MOUNTED_PLUGINS_DIR"
export ELASTICSEARCH_CONF_FILE="${DB_CONF_DIR}/elasticsearch.yml"
export DB_CONF_FILE="$ELASTICSEARCH_CONF_FILE"
export ELASTICSEARCH_LOG_FILE="${DB_LOGS_DIR}/elasticsearch.log"
export DB_LOG_FILE="$ELASTICSEARCH_LOG_FILE"
export ELASTICSEARCH_PID_FILE="${DB_TMP_DIR}/elasticsearch.pid"
export DB_PID_FILE="$ELASTICSEARCH_PID_FILE"
export ELASTICSEARCH_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d"
export DB_INITSCRIPTS_DIR="$ELASTICSEARCH_INITSCRIPTS_DIR"
export PATH="${DB_BIN_DIR}:${BITNAMI_ROOT_DIR}/common/bin:$PATH"
# System users (when running with a privileged user)
export ELASTICSEARCH_DAEMON_USER="elasticsearch"
export DB_DAEMON_USER="$ELASTICSEARCH_DAEMON_USER"
export ELASTICSEARCH_DAEMON_GROUP="elasticsearch"
export DB_DAEMON_GROUP="$ELASTICSEARCH_DAEMON_GROUP"
# Elasticsearch configuration
export ELASTICSEARCH_BIND_ADDRESS="${ELASTICSEARCH_BIND_ADDRESS:-}"
export DB_BIND_ADDRESS="$ELASTICSEARCH_BIND_ADDRESS"
export ELASTICSEARCH_ADVERTISED_HOSTNAME="${ELASTICSEARCH_ADVERTISED_HOSTNAME:-}"
export DB_ADVERTISED_HOSTNAME="$ELASTICSEARCH_ADVERTISED_HOSTNAME"
export ELASTICSEARCH_CLUSTER_HOSTS="${ELASTICSEARCH_CLUSTER_HOSTS:-}"
export DB_CLUSTER_HOSTS="$ELASTICSEARCH_CLUSTER_HOSTS"
export ELASTICSEARCH_CLUSTER_MASTER_HOSTS="${ELASTICSEARCH_CLUSTER_MASTER_HOSTS:-}"
export DB_CLUSTER_MASTER_HOSTS="$ELASTICSEARCH_CLUSTER_MASTER_HOSTS"
export ELASTICSEARCH_CLUSTER_NAME="${ELASTICSEARCH_CLUSTER_NAME:-}"
export DB_CLUSTER_NAME="$ELASTICSEARCH_CLUSTER_NAME"
export ELASTICSEARCH_HEAP_SIZE="${ELASTICSEARCH_HEAP_SIZE:-1024m}"
export DB_HEAP_SIZE="$ELASTICSEARCH_HEAP_SIZE"
export ELASTICSEARCH_MAX_ALLOWED_MEMORY_PERCENTAGE="${ELASTICSEARCH_MAX_ALLOWED_MEMORY_PERCENTAGE:-100}"
export DB_MAX_ALLOWED_MEMORY_PERCENTAGE="$ELASTICSEARCH_MAX_ALLOWED_MEMORY_PERCENTAGE"
export ELASTICSEARCH_MAX_ALLOWED_MEMORY="${ELASTICSEARCH_MAX_ALLOWED_MEMORY:-}"
export DB_MAX_ALLOWED_MEMORY="$ELASTICSEARCH_MAX_ALLOWED_MEMORY"
export ELASTICSEARCH_MAX_TIMEOUT="${ELASTICSEARCH_MAX_TIMEOUT:-60}"
export DB_MAX_TIMEOUT="$ELASTICSEARCH_MAX_TIMEOUT"
export ELASTICSEARCH_LOCK_ALL_MEMORY="${ELASTICSEARCH_LOCK_ALL_MEMORY:-no}"
export DB_LOCK_ALL_MEMORY="$ELASTICSEARCH_LOCK_ALL_MEMORY"
export ELASTICSEARCH_DISABLE_JVM_HEAP_DUMP="${ELASTICSEARCH_DISABLE_JVM_HEAP_DUMP:-no}"
export DB_DISABLE_JVM_HEAP_DUMP="$ELASTICSEARCH_DISABLE_JVM_HEAP_DUMP"
export ELASTICSEARCH_DISABLE_GC_LOGS="${ELASTICSEARCH_DISABLE_GC_LOGS:-no}"
export DB_DISABLE_GC_LOGS="$ELASTICSEARCH_DISABLE_GC_LOGS"
export ELASTICSEARCH_IS_DEDICATED_NODE="${ELASTICSEARCH_IS_DEDICATED_NODE:-no}"
export DB_IS_DEDICATED_NODE="$ELASTICSEARCH_IS_DEDICATED_NODE"
ELASTICSEARCH_MINIMUM_MASTER_NODES="${ELASTICSEARCH_MINIMUM_MASTER_NODES:-"${DB_MINIMUM_MANAGER_NODES:-}"}"
export ELASTICSEARCH_MINIMUM_MASTER_NODES="${ELASTICSEARCH_MINIMUM_MASTER_NODES:-}"
export DB_MINIMUM_MASTER_NODES="$ELASTICSEARCH_MINIMUM_MASTER_NODES"
export ELASTICSEARCH_NODE_NAME="${ELASTICSEARCH_NODE_NAME:-}"
export DB_NODE_NAME="$ELASTICSEARCH_NODE_NAME"
export ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH="${ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH:-}"
export DB_FS_SNAPSHOT_REPO_PATH="$ELASTICSEARCH_FS_SNAPSHOT_REPO_PATH"
export ELASTICSEARCH_NODE_ROLES="${ELASTICSEARCH_NODE_ROLES:-}"
export DB_NODE_ROLES="$ELASTICSEARCH_NODE_ROLES"
export ELASTICSEARCH_PLUGINS="${ELASTICSEARCH_PLUGINS:-}"
export DB_PLUGINS="$ELASTICSEARCH_PLUGINS"
export ELASTICSEARCH_TRANSPORT_PORT_NUMBER="${ELASTICSEARCH_TRANSPORT_PORT_NUMBER:-9300}"
export DB_TRANSPORT_PORT_NUMBER="$ELASTICSEARCH_TRANSPORT_PORT_NUMBER"
export ELASTICSEARCH_HTTP_PORT_NUMBER="${ELASTICSEARCH_HTTP_PORT_NUMBER:-9200}"
export DB_HTTP_PORT_NUMBER="$ELASTICSEARCH_HTTP_PORT_NUMBER"
export ELASTICSEARCH_ACTION_DESTRUCTIVE_REQUIRES_NAME="${ELASTICSEARCH_ACTION_DESTRUCTIVE_REQUIRES_NAME:-}"
export DB_ACTION_DESTRUCTIVE_REQUIRES_NAME="$ELASTICSEARCH_ACTION_DESTRUCTIVE_REQUIRES_NAME"
# Elasticsearch Security configuration
export ELASTICSEARCH_ENABLE_SECURITY="${ELASTICSEARCH_ENABLE_SECURITY:-false}"
export DB_ENABLE_SECURITY="$ELASTICSEARCH_ENABLE_SECURITY"
export ELASTICSEARCH_PASSWORD="${ELASTICSEARCH_PASSWORD:-bitnami}"
export DB_PASSWORD="$ELASTICSEARCH_PASSWORD"
export ELASTICSEARCH_USERNAME="elastic"
export DB_USERNAME="$ELASTICSEARCH_USERNAME"
export ELASTICSEARCH_TLS_VERIFICATION_MODE="${ELASTICSEARCH_TLS_VERIFICATION_MODE:-full}"
export DB_TLS_VERIFICATION_MODE="$ELASTICSEARCH_TLS_VERIFICATION_MODE"
export ELASTICSEARCH_TLS_USE_PEM="${ELASTICSEARCH_TLS_USE_PEM:-false}"
export DB_TLS_USE_PEM="$ELASTICSEARCH_TLS_USE_PEM"
export ELASTICSEARCH_KEYSTORE_PASSWORD="${ELASTICSEARCH_KEYSTORE_PASSWORD:-}"
export DB_KEYSTORE_PASSWORD="$ELASTICSEARCH_KEYSTORE_PASSWORD"
export ELASTICSEARCH_TRUSTSTORE_PASSWORD="${ELASTICSEARCH_TRUSTSTORE_PASSWORD:-}"
export DB_TRUSTSTORE_PASSWORD="$ELASTICSEARCH_TRUSTSTORE_PASSWORD"
export ELASTICSEARCH_KEY_PASSWORD="${ELASTICSEARCH_KEY_PASSWORD:-}"
export DB_KEY_PASSWORD="$ELASTICSEARCH_KEY_PASSWORD"
export ELASTICSEARCH_KEYSTORE_LOCATION="${ELASTICSEARCH_KEYSTORE_LOCATION:-${DB_CERTS_DIR}/elasticsearch.keystore.jks}"
export DB_KEYSTORE_LOCATION="$ELASTICSEARCH_KEYSTORE_LOCATION"
export ELASTICSEARCH_TRUSTSTORE_LOCATION="${ELASTICSEARCH_TRUSTSTORE_LOCATION:-${DB_CERTS_DIR}/elasticsearch.truststore.jks}"
export DB_TRUSTSTORE_LOCATION="$ELASTICSEARCH_TRUSTSTORE_LOCATION"
export ELASTICSEARCH_NODE_CERT_LOCATION="${ELASTICSEARCH_NODE_CERT_LOCATION:-${DB_CERTS_DIR}/tls.crt}"
export DB_NODE_CERT_LOCATION="$ELASTICSEARCH_NODE_CERT_LOCATION"
export ELASTICSEARCH_NODE_KEY_LOCATION="${ELASTICSEARCH_NODE_KEY_LOCATION:-${DB_CERTS_DIR}/tls.key}"
export DB_NODE_KEY_LOCATION="$ELASTICSEARCH_NODE_KEY_LOCATION"
export ELASTICSEARCH_CA_CERT_LOCATION="${ELASTICSEARCH_CA_CERT_LOCATION:-${DB_CERTS_DIR}/ca.crt}"
export DB_CA_CERT_LOCATION="$ELASTICSEARCH_CA_CERT_LOCATION"
export ELASTICSEARCH_SKIP_TRANSPORT_TLS="${ELASTICSEARCH_SKIP_TRANSPORT_TLS:-false}"
export DB_SKIP_TRANSPORT_TLS="$ELASTICSEARCH_SKIP_TRANSPORT_TLS"
export ELASTICSEARCH_TRANSPORT_TLS_USE_PEM="${ELASTICSEARCH_TRANSPORT_TLS_USE_PEM:-$DB_TLS_USE_PEM}"
export DB_TRANSPORT_TLS_USE_PEM="$ELASTICSEARCH_TRANSPORT_TLS_USE_PEM"
export ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_PASSWORD="${ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_PASSWORD:-$DB_KEYSTORE_PASSWORD}"
export DB_TRANSPORT_TLS_KEYSTORE_PASSWORD="$ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_PASSWORD"
export ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_PASSWORD="${ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_PASSWORD:-$DB_TRUSTSTORE_PASSWORD}"
export DB_TRANSPORT_TLS_TRUSTSTORE_PASSWORD="$ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_PASSWORD"
export ELASTICSEARCH_TRANSPORT_TLS_KEY_PASSWORD="${ELASTICSEARCH_TRANSPORT_TLS_KEY_PASSWORD:-$DB_KEY_PASSWORD}"
export DB_TRANSPORT_TLS_KEY_PASSWORD="$ELASTICSEARCH_TRANSPORT_TLS_KEY_PASSWORD"
export ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_LOCATION="${ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_LOCATION:-$DB_KEYSTORE_LOCATION}"
export DB_TRANSPORT_TLS_KEYSTORE_LOCATION="$ELASTICSEARCH_TRANSPORT_TLS_KEYSTORE_LOCATION"
export ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_LOCATION="${ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_LOCATION:-$DB_TRUSTSTORE_LOCATION}"
export DB_TRANSPORT_TLS_TRUSTSTORE_LOCATION="$ELASTICSEARCH_TRANSPORT_TLS_TRUSTSTORE_LOCATION"
export ELASTICSEARCH_TRANSPORT_TLS_NODE_CERT_LOCATION="${ELASTICSEARCH_TRANSPORT_TLS_NODE_CERT_LOCATION:-$DB_NODE_CERT_LOCATION}"
export DB_TRANSPORT_TLS_NODE_CERT_LOCATION="$ELASTICSEARCH_TRANSPORT_TLS_NODE_CERT_LOCATION"
export ELASTICSEARCH_TRANSPORT_TLS_NODE_KEY_LOCATION="${ELASTICSEARCH_TRANSPORT_TLS_NODE_KEY_LOCATION:-$DB_NODE_KEY_LOCATION}"
export DB_TRANSPORT_TLS_NODE_KEY_LOCATION="$ELASTICSEARCH_TRANSPORT_TLS_NODE_KEY_LOCATION"
export ELASTICSEARCH_TRANSPORT_TLS_CA_CERT_LOCATION="${ELASTICSEARCH_TRANSPORT_TLS_CA_CERT_LOCATION:-$DB_CA_CERT_LOCATION}"
export DB_TRANSPORT_TLS_CA_CERT_LOCATION="$ELASTICSEARCH_TRANSPORT_TLS_CA_CERT_LOCATION"
export ELASTICSEARCH_ENABLE_REST_TLS="${ELASTICSEARCH_ENABLE_REST_TLS:-true}"
export DB_ENABLE_REST_TLS="$ELASTICSEARCH_ENABLE_REST_TLS"
export ELASTICSEARCH_HTTP_TLS_USE_PEM="${ELASTICSEARCH_HTTP_TLS_USE_PEM:-$DB_TLS_USE_PEM}"
export DB_HTTP_TLS_USE_PEM="$ELASTICSEARCH_HTTP_TLS_USE_PEM"
export ELASTICSEARCH_HTTP_TLS_KEYSTORE_PASSWORD="${ELASTICSEARCH_HTTP_TLS_KEYSTORE_PASSWORD:-$DB_KEYSTORE_PASSWORD}"
export DB_HTTP_TLS_KEYSTORE_PASSWORD="$ELASTICSEARCH_HTTP_TLS_KEYSTORE_PASSWORD"
export ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_PASSWORD="${ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_PASSWORD:-$DB_TRUSTSTORE_PASSWORD}"
export DB_HTTP_TLS_TRUSTSTORE_PASSWORD="$ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_PASSWORD"
export ELASTICSEARCH_HTTP_TLS_KEY_PASSWORD="${ELASTICSEARCH_HTTP_TLS_KEY_PASSWORD:-$DB_KEY_PASSWORD}"
export DB_HTTP_TLS_KEY_PASSWORD="$ELASTICSEARCH_HTTP_TLS_KEY_PASSWORD"
export ELASTICSEARCH_HTTP_TLS_KEYSTORE_LOCATION="${ELASTICSEARCH_HTTP_TLS_KEYSTORE_LOCATION:-$DB_KEYSTORE_LOCATION}"
export DB_HTTP_TLS_KEYSTORE_LOCATION="$ELASTICSEARCH_HTTP_TLS_KEYSTORE_LOCATION"
export ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_LOCATION="${ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_LOCATION:-$DB_TRUSTSTORE_LOCATION}"
export DB_HTTP_TLS_TRUSTSTORE_LOCATION="$ELASTICSEARCH_HTTP_TLS_TRUSTSTORE_LOCATION"
export ELASTICSEARCH_HTTP_TLS_NODE_CERT_LOCATION="${ELASTICSEARCH_HTTP_TLS_NODE_CERT_LOCATION:-$DB_NODE_CERT_LOCATION}"
export DB_HTTP_TLS_NODE_CERT_LOCATION="$ELASTICSEARCH_HTTP_TLS_NODE_CERT_LOCATION"
export ELASTICSEARCH_HTTP_TLS_NODE_KEY_LOCATION="${ELASTICSEARCH_HTTP_TLS_NODE_KEY_LOCATION:-$DB_NODE_KEY_LOCATION}"
export DB_HTTP_TLS_NODE_KEY_LOCATION="$ELASTICSEARCH_HTTP_TLS_NODE_KEY_LOCATION"
export ELASTICSEARCH_HTTP_TLS_CA_CERT_LOCATION="${ELASTICSEARCH_HTTP_TLS_CA_CERT_LOCATION:-$DB_CA_CERT_LOCATION}"
export DB_HTTP_TLS_CA_CERT_LOCATION="$ELASTICSEARCH_HTTP_TLS_CA_CERT_LOCATION"
export ELASTICSEARCH_ENABLE_FIPS_MODE="${ELASTICSEARCH_ENABLE_FIPS_MODE:-false}"
export ELASTICSEARCH_KEYS="${ELASTICSEARCH_KEYS:-}"
# Custom environment variables may be defined below

47
bitnami/elasticsearch/9/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/entrypoint.sh
View File

@ -1,47 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
#set -o xtrace
# Load libraries
. /opt/bitnami/scripts/libbitnami.sh
. /opt/bitnami/scripts/libelasticsearch.sh
# Load environment
. /opt/bitnami/scripts/elasticsearch-env.sh
print_welcome_page
# We add the copy from default config in the entrypoint to not break users
# bypassing the setup.sh logic. If the file already exists do not overwrite (in
# case someone mounts a configuration file in /opt/bitnami/elasticsearch/conf)
debug "Copying files from $DB_DEFAULT_CONF_DIR to $DB_CONF_DIR"
cp -nr "$DB_DEFAULT_CONF_DIR"/. "$DB_CONF_DIR"
if ! is_dir_empty "$DB_DEFAULT_PLUGINS_DIR"; then
debug "Copying plugins from $DB_DEFAULT_PLUGINS_DIR to $DB_PLUGINS_DIR"
# Copy the plugins installed by default to the plugins directory
# If there is already a plugin with the same name in the plugins folder do nothing
for plugin_path in "${DB_DEFAULT_PLUGINS_DIR}"/*; do
plugin_name="$(basename "$plugin_path")"
plugin_moved_path="${DB_PLUGINS_DIR}/${plugin_name}"
if ! [[ -d "$plugin_moved_path" ]]; then
cp -r "$plugin_path" "$plugin_moved_path"
fi
done
fi
if [[ "$1" = "/opt/bitnami/scripts/elasticsearch/run.sh" ]]; then
info "** Starting Elasticsearch setup **"
/opt/bitnami/scripts/elasticsearch/setup.sh
info "** Elasticsearch setup finished! **"
fi
echo ""
exec "$@"

18
bitnami/elasticsearch/9/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/healthcheck.sh
View File

@ -1,18 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libelasticsearch.sh
# Load Elasticsearch environment variables
. /opt/bitnami/scripts/elasticsearch-env.sh
elasticsearch_healthcheck

49
bitnami/elasticsearch/9/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/postunpack.sh
View File

@ -1,49 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
# Load libraries
. /opt/bitnami/scripts/libelasticsearch.sh
. /opt/bitnami/scripts/libfs.sh
# Load environment
. /opt/bitnami/scripts/elasticsearch-env.sh
for dir in "$DB_TMP_DIR" "$DB_DATA_DIR" "$DB_LOGS_DIR" "${DB_BASE_DIR}/plugins" "${DB_BASE_DIR}/modules" "$DB_CONF_DIR" "$DB_VOLUME_DIR" "$DB_INITSCRIPTS_DIR" "$DB_MOUNTED_PLUGINS_DIR" "$DB_DEFAULT_CONF_DIR" "$DB_DEFAULT_PLUGINS_DIR"; do
ensure_dir_exists "$dir"
chmod -R ug+rwX "$dir"
done
elasticsearch_configure_logging
for dir in "$DB_TMP_DIR" "$DB_DATA_DIR" "$DB_LOGS_DIR" "${DB_BASE_DIR}/plugins" "${DB_BASE_DIR}/modules" "$DB_CONF_DIR" "$DB_VOLUME_DIR" "$DB_INITSCRIPTS_DIR" "$DB_MOUNTED_PLUGINS_DIR" "$DB_DEFAULT_CONF_DIR" "$DB_DEFAULT_PLUGINS_DIR"; do
# `elasticsearch-plugin install` command complains about being unable to create the a plugin's directory
# even when having the proper permissions.
# The reason: the code is checking trying to check the permissions by consulting the parent directory owner,
# instead of checking if the ES user actually has writing permissions.
#
# As a workaround, we will ensure the container works (at least) with the non-root user 1001. However,
# until we can avoid this hack, we can't guarantee this container to work on K8s distributions
# where containers are exectued with non-privileged users with random user IDs.
#
# Issue reported at: https://github.com/bitnami/bitnami-docker-elasticsearch/issues/50
chown -R 1001:0 "$dir"
done
elasticsearch_install_plugins
# Copy all initially generated configuration files to the default directory
# (this is to avoid breaking when entrypoint is being overridden)
cp -r "${DB_CONF_DIR}/"* "$DB_DEFAULT_CONF_DIR"
chmod o+rX -R "$DB_DEFAULT_CONF_DIR"
if ! is_dir_empty "$DB_PLUGINS_DIR"; then
# Move all initially installed plugins to the default plugins directory.
for plugin_path in "${DB_PLUGINS_DIR}"/*; do
plugin_name="$(basename "$plugin_path")"
plugin_moved_path="${DB_DEFAULT_PLUGINS_DIR}/${plugin_name}"
mv "$plugin_path" "$plugin_moved_path"
done
chmod o+rX -R "$DB_DEFAULT_PLUGINS_DIR"
fi

35
bitnami/elasticsearch/9/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/run.sh
View File

@ -1,35 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
#set -o xtrace
# Load libraries
. /opt/bitnami/scripts/libelasticsearch.sh
. /opt/bitnami/scripts/libos.sh
# Load environment
. /opt/bitnami/scripts/elasticsearch-env.sh
# Constants
EXEC=$(command -v elasticsearch)
ARGS=("-p" "$DB_PID_FILE")
[[ -z "${DB_EXTRA_FLAGS:-}" ]] || ARGS=("${ARGS[@]}" "${DB_EXTRA_FLAGS[@]}")
# JAVA_HOME to be deprecated, see warning:
# warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
export JAVA_HOME=/opt/bitnami/java
export ES_JAVA_HOME=/opt/bitnami/java
ARGS+=("$@")
info "** Starting Elasticsearch **"
if am_i_root; then
exec_as_user "$DB_DAEMON_USER" "$EXEC" "${ARGS[@]}"
else
exec "$EXEC" "${ARGS[@]}"
fi

35
bitnami/elasticsearch/9/debian-12/rootfs/opt/bitnami/scripts/elasticsearch/setup.sh
View File

@ -1,35 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
#set -o xtrace
# Load libraries
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libelasticsearch.sh
# Load environment
. /opt/bitnami/scripts/elasticsearch-env.sh
# Ensure Elasticsearch environment variables settings are valid
elasticsearch_validate
# Ensure Elasticsearch is stopped when this script ends
trap "elasticsearch_stop" EXIT
# Ensure 'daemon' user exists when running as 'root'
am_i_root && ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP"
# Ensure Elasticsearch is initialized
elasticsearch_initialize
# Ensure kernel settings are valid
elasticsearch_validate_kernel
# Install Elasticsearch plugins
elasticsearch_install_plugins
# Ensure custom initialization scripts are executed
elasticsearch_custom_init_scripts
# Ensure all the required keys are added after plugins are installed
elasticsearch_set_keys

24
bitnami/elasticsearch/9/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh
View File

@ -1,24 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libbitnami.sh
. /opt/bitnami/scripts/liblog.sh
if [[ "$OS_FLAVOUR" =~ photon && "$APP_VERSION" =~ ^1.8 ]]; then
# Option --module-path is not supported by JAVA 1.8 since modules were added in version 1.9
unset JAVA_TOOL_OPTIONS
fi
print_welcome_page
echo ""
exec "$@"

26
bitnami/elasticsearch/9/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh
View File

@ -1,26 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libfile.sh
. /opt/bitnami/scripts/liblog.sh
#
# Java post-unpack operations
#
# Override default files in the Java security directory. This is used for
# custom base images (with custom CA certificates or block lists is used)
if [[ -n "${JAVA_EXTRA_SECURITY_DIR:-}" ]] && ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then
info "Adding custom CAs to the Java security folder"
cp -Lr "${JAVA_EXTRA_SECURITY_DIR}/." /opt/bitnami/java/lib/security
fi

966
bitnami/elasticsearch/9/debian-12/rootfs/opt/bitnami/scripts/libelasticsearch.sh
View File

@ -1,966 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami Elasticsearch library
# shellcheck disable=SC1090,SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libfile.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libnet.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libversion.sh
. /opt/bitnami/scripts/libservice.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Configure TLS settings
# Globals:
# ELASTICSEARCH_*
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_transport_tls_configuration() {
info "Configuring Elasticsearch Transport TLS settings..."
elasticsearch_conf_set xpack.security.transport.ssl.enabled "true"
elasticsearch_conf_set xpack.security.transport.ssl.verification_mode "$DB_TLS_VERIFICATION_MODE"
if is_boolean_yes "$DB_TRANSPORT_TLS_USE_PEM"; then
debug "Configuring Transport Layer TLS settings using PEM certificates..."
! is_empty_value "$DB_TRANSPORT_TLS_KEY_PASSWORD" && elasticsearch_set_key_value "xpack.security.transport.ssl.secure_key_passphrase" "$DB_TRANSPORT_TLS_KEY_PASSWORD"
elasticsearch_conf_set xpack.security.transport.ssl.key "$DB_TRANSPORT_TLS_NODE_KEY_LOCATION"
elasticsearch_conf_set xpack.security.transport.ssl.certificate "$DB_TRANSPORT_TLS_NODE_CERT_LOCATION"
elasticsearch_conf_set xpack.security.transport.ssl.certificate_authorities "$DB_TRANSPORT_TLS_CA_CERT_LOCATION"
else
debug "Configuring Transport Layer TLS settings using JKS/PKCS certificates..."
! is_empty_value "$DB_TRANSPORT_TLS_KEYSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.transport.ssl.keystore.secure_password" "$DB_TRANSPORT_TLS_KEYSTORE_PASSWORD"
! is_empty_value "$DB_TRANSPORT_TLS_TRUSTSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.transport.ssl.truststore.secure_password" "$DB_TRANSPORT_TLS_TRUSTSTORE_PASSWORD"
elasticsearch_conf_set xpack.security.transport.ssl.keystore.path "$DB_TRANSPORT_TLS_KEYSTORE_LOCATION"
elasticsearch_conf_set xpack.security.transport.ssl.truststore.path "$DB_TRANSPORT_TLS_TRUSTSTORE_LOCATION"
fi
}
########################
# Configure TLS settings
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_http_tls_configuration() {
info "Configuring Elasticsearch HTTP TLS settings..."
elasticsearch_conf_set xpack.security.http.ssl.enabled "true"
if is_boolean_yes "$DB_HTTP_TLS_USE_PEM"; then
debug "Configuring REST API TLS settings using PEM certificates..."
! is_empty_value "$DB_HTTP_TLS_KEY_PASSWORD" && elasticsearch_set_key_value "xpack.security.http.ssl.secure_key_passphrase" "$DB_HTTP_TLS_KEY_PASSWORD"
elasticsearch_conf_set xpack.security.http.ssl.key "$DB_HTTP_TLS_NODE_KEY_LOCATION"
elasticsearch_conf_set xpack.security.http.ssl.certificate "$DB_HTTP_TLS_NODE_CERT_LOCATION"
elasticsearch_conf_set xpack.security.http.ssl.certificate_authorities "$DB_HTTP_TLS_CA_CERT_LOCATION"
else
debug "Configuring REST API TLS settings using JKS/PKCS certificates..."
! is_empty_value "$DB_HTTP_TLS_KEYSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.http.ssl.keystore.secure_password" "$DB_HTTP_TLS_KEYSTORE_PASSWORD"
! is_empty_value "$DB_HTTP_TLS_TRUSTSTORE_PASSWORD" && elasticsearch_set_key_value "xpack.security.http.ssl.truststore.secure_password" "$DB_HTTP_TLS_TRUSTSTORE_PASSWORD"
elasticsearch_conf_set xpack.security.http.ssl.keystore.path "$DB_HTTP_TLS_KEYSTORE_LOCATION"
elasticsearch_conf_set xpack.security.http.ssl.truststore.path "$DB_HTTP_TLS_TRUSTSTORE_LOCATION"
fi
}
########################
# Migrate old Elasticsearch data
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
migrate_old_data() {
warn "Persisted data follows old structure. Migrating to new one..."
warn "Custom configuration files won't be persisted any longer!"
local old_data_dir="${DB_DATA_DIR}/elasticsearch"
local old_custom_conf_file="${old_data_dir}/conf/elasticsearch_custom.yml"
local custom_conf_file="${DB_CONF_DIR}/elasticsearch_custom.yml"
if [[ -f "$old_custom_conf_file" ]]; then
debug "Adding old custom configuration to user configuration"
echo "" >>"$custom_conf_file"
cat "$old_custom_conf_file" >>"$custom_conf_file"
fi
debug "Adapting data to new file structure"
find "${old_data_dir}/data" -maxdepth 1 -mindepth 1 -exec mv {} "$DB_DATA_DIR" \;
debug "Removing data that is not persisted anymore from persisted directory"
rm -rf "$old_data_dir" "${DB_DATA_DIR}/java"
}
########################
# Set Elasticsearch keystore values
# Globals:
# ELASTICSEARCH_KEYS
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_set_keys() {
read -r -a keys_list <<<"$(tr ',;' ' ' <<<"$ELASTICSEARCH_KEYS")"
if [[ "${#keys_list[@]}" -gt 0 ]]; then
for key_value in "${keys_list[@]}"; do
read -r -a key_value <<<"$(tr '=' ' ' <<<"$key_value")"
local key="${key_value[0]}"
local value="${key_value[1]}"
elasticsearch_set_key_value "$key" "$value"
done
fi
}
########################
# Set Elasticsearch keystore values
# Globals:
# ELASTICSEARCH_*
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_set_key_value() {
local key="${1:?missing key}"
local value="${2:?missing value}"
debug "Storing key: ${key}"
elasticsearch-keystore add --stdin --force "$key" <<<"$value"
am_i_root && chown "$DB_DAEMON_USER:$DB_DAEMON_GROUP" "${DB_CONF_DIR}/elasticsearch.keystore"
# Avoid exit code of previous commands to affect the result of this function
true
}
#!/bin/bash
#
# Bitnami Elasticsearch/Opensearch common library
# shellcheck disable=SC1090,SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libfile.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libnet.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libversion.sh
. /opt/bitnami/scripts/libservice.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Write a configuration setting value
# Globals:
# DB_CONF_FILE
# Arguments:
# $1 - key
# $2 - value
# $3 - YAML type (string, int or bool)
# Returns:
# None
#########################
elasticsearch_conf_write() {
local -r key="${1:?Missing key}"
local -r value="${2:-}"
local -r type="${3:-string}"
local -r tempfile=$(mktemp)
case "$type" in
string)
yq eval "(.${key}) |= \"${value}\"" "$DB_CONF_FILE" >"$tempfile"
;;
int)
yq eval "(.${key}) |= ${value}" "$DB_CONF_FILE" >"$tempfile"
;;
bool)
yq eval "(.${key}) |= (\"${value}\" | test(\"true\"))" "$DB_CONF_FILE" >"$tempfile"
;;
*)
error "Type unknown: ${type}"
return 1
;;
esac
cp "$tempfile" "$DB_CONF_FILE"
}
########################
# Set a configuration setting value
# Globals:
# DB_CONF_FILE
# Arguments:
# $1 - key
# $2 - values (array)
# Returns:
# None
#########################
elasticsearch_conf_set() {
local key="${1:?missing key}"
shift
local values=("${@}")
if [[ "${#values[@]}" -eq 0 ]]; then
stderr_print "$key"
stderr_print "missing values"
return 1
elif [[ "${#values[@]}" -eq 1 ]] && [[ -n "${values[0]}" ]]; then
elasticsearch_conf_write "$key" "${values[0]}"
else
for i in "${!values[@]}"; do
if [[ -n "${values[$i]}" ]]; then
elasticsearch_conf_write "${key}[$i]" "${values[$i]}"
fi
done
fi
}
########################
# Check if Elasticsearch is running
# Globals:
# DB_TMP_DIR
# Arguments:
# None
# Returns:
# Boolean
#########################
is_elasticsearch_running() {
local pid
pid="$(get_pid_from_file "$DB_PID_FILE")"
if [[ -z "$pid" ]]; then
false
else
is_service_running "$pid"
fi
}
########################
# Check if Elasticsearch is not running
# Globals:
# DB_TMP_DIR
# Arguments:
# None
# Returns:
# Boolean
#########################
is_elasticsearch_not_running() {
! is_elasticsearch_running
return "$?"
}
########################
# Stop Elasticsearch
# Globals:
# DB_TMP_DIR
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_stop() {
! is_elasticsearch_running && return
debug "Stopping ${DB_FLAVOR^}..."
stop_service_using_pid "$DB_PID_FILE"
}
########################
# Start Elasticsearch and wait until it's ready
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_start() {
is_elasticsearch_running && return
debug "Starting ${DB_FLAVOR^}..."
local command=("${DB_BASE_DIR}/bin/${DB_FLAVOR}" "-d" "-p" "$DB_PID_FILE")
am_i_root && command=("run_as_user" "$DB_DAEMON_USER" "${command[@]}")
if [[ "$BITNAMI_DEBUG" = true ]]; then
"${command[@]}" &
else
"${command[@]}" >/dev/null 2>&1 &
fi
local retries=50
local seconds=2
# Check the process is running
retry_while "is_elasticsearch_running" "$retries" "$seconds"
# Check Elasticsearch API is reachable
retry_while "elasticsearch_healthcheck" "$retries" "$seconds"
}
########################
# Validate kernel settings
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_validate_kernel() {
# Auxiliary functions
validate_sysctl_key() {
local key="${1:?key is missing}"
local value="${2:?value is missing}"
local current_value
current_value="$(sysctl -n "$key")"
if [[ "$current_value" -lt "$value" ]]; then
error "Invalid kernel settings. ${DB_FLAVOR^} requires at least: $key = $value"
exit 1
fi
}
debug "Validating Kernel settings..."
if [[ $(yq eval .index.store.type "$DB_CONF_FILE") ]]; then
debug "Custom index.store.type found in the config file. Skipping kernel validation..."
else
validate_sysctl_key "fs.file-max" 65536
fi
if [[ $(yq eval .node.store.allow_mmap "$DB_CONF_FILE") ]]; then
debug "Custom node.store.allow_mmap found in the config file. Skipping kernel validation..."
else
validate_sysctl_key "vm.max_map_count" 262144
fi
}
########################
# Validate settings in DB_* env vars
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_validate() {
local error_code=0
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
validate_node_roles() {
if [ -n "$DB_NODE_ROLES" ]; then
read -r -a roles_list <<<"$(get_elasticsearch_roles)"
local master_role="master"
local major_version="$(get_sematic_version "$(elasticsearch_get_version)" 1)"
[[ "$DB_FLAVOR" = "opensearch" && "$major_version" -eq 2 ]] && master_role="cluster_manager"
if [[ "${#roles_list[@]}" -le 0 ]]; then
warn "Setting ${DB_FLAVOR^^}_NODE_ROLES is empty and ${DB_FLAVOR^^}_IS_DEDICATED_NODE is set to true, ${DB_FLAVOR^} will be configured as coordinating-only node."
fi
for role in "${roles_list[@]}"; do
case "$role" in
"$master_role" | data | data_content | data_hot | data_warm | data_cold | data_frozen | ingest | ml | remote_cluster_client | transform) ;;
*)
print_validation_error "Invalid node role '$role'. Supported roles are '${master_role},data,data_content,data_hot,data_warm,data_cold,data_frozen,ingest,ml,remote_cluster_client,transform'"
;;
esac
done
fi
}
debug "Ensuring expected directories/files exist..."
am_i_root && ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP"
for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_PLUGINS_DIR" "$DB_BASE_DIR/modules" "$DB_CONF_DIR"; do
ensure_dir_exists "$dir"
am_i_root && chown -R "$DB_DAEMON_USER:$DB_DAEMON_GROUP" "$dir" || true
done
debug "Validating settings in DB_* env vars..."
for var in "DB_HTTP_PORT_NUMBER" "DB_TRANSPORT_PORT_NUMBER"; do
if ! err=$(validate_port "${!var}"); then
print_validation_error "An invalid port was specified in the environment variable $var: $err"
fi
done
if ! is_boolean_yes "$DB_IS_DEDICATED_NODE"; then
warn "Setting ${DB_FLAVOR^^}_IS_DEDICATED_NODE is disabled."
warn "${DB_FLAVOR^^}_NODE_ROLES will be ignored and ${DB_FLAVOR^} will asume all different roles."
else
validate_node_roles
fi
if [[ -n "$DB_BIND_ADDRESS" ]] && ! validate_ipv4 "$DB_BIND_ADDRESS"; then
print_validation_error "The Bind Address specified in the environment variable ${DB_FLAVOR^^}_BIND_ADDRESS is not a valid IPv4"
fi
if is_boolean_yes "$DB_ENABLE_SECURITY"; then
if [[ "$DB_FLAVOR" = "opensearch" ]]; then
if [[ ! -f "$OPENSEARCH_SECURITY_ADMIN_KEY_LOCATION" ]] || [[ ! -f "$OPENSEARCH_SECURITY_ADMIN_CERT_LOCATION" ]]; then
print_validation_error "In order to enable Opensearch Security, you must provide a valid admin PEM key and certificate."
fi
if is_empty_value "$OPENSEARCH_SECURITY_NODES_DN"; then
print_validation_error "The variable OPENSEARCH_SECURITY_NODES_DN is required."
fi
if is_empty_value "$OPENSEARCH_SECURITY_ADMIN_DN"; then
print_validation_error "The variable OPENSEARCH_SECURITY_ADMIN_DN is required."
fi
if ! is_boolean_yes "$OPENSEARCH_ENABLE_REST_TLS"; then
print_validation_error "Opensearch does not support plaintext conections (HTTP) when Security is enabled."
fi
fi
if ! is_boolean_yes "$DB_SKIP_TRANSPORT_TLS"; then
if is_boolean_yes "$DB_TRANSPORT_TLS_USE_PEM"; then
if [[ ! -f "$DB_TRANSPORT_TLS_NODE_CERT_LOCATION" ]] || [[ ! -f "$DB_TRANSPORT_TLS_NODE_KEY_LOCATION" ]] || [[ ! -f "$DB_TRANSPORT_TLS_CA_CERT_LOCATION" ]]; then
print_validation_error "In order to configure the TLS encryption for ${DB_FLAVOR^} Transport you must provide your node key, certificate and a valid certification_authority certificate."
fi
elif [[ ! -f "$DB_TRANSPORT_TLS_KEYSTORE_LOCATION" ]] || [[ ! -f "$DB_TRANSPORT_TLS_TRUSTSTORE_LOCATION" ]]; then
print_validation_error "In order to configure the TLS encryption for ${DB_FLAVOR^} Transport with JKS/PKCS12 certs you must mount a valid keystore and truststore."
fi
fi
if is_boolean_yes "$DB_HTTP_TLS_USE_PEM"; then
if is_boolean_yes "$DB_HTTP_TLS_USE_PEM"; then
if [[ ! -f "$DB_HTTP_TLS_NODE_CERT_LOCATION" ]] || [[ ! -f "$DB_HTTP_TLS_NODE_KEY_LOCATION" ]] || [[ ! -f "$DB_HTTP_TLS_CA_CERT_LOCATION" ]]; then
print_validation_error "In order to configure the TLS encryption for ${DB_FLAVOR^} you must provide your node key, certificate and a valid certification_authority certificate."
fi
elif [[ ! -f "$DB_HTTP_TLS_KEYSTORE_LOCATION" ]] || [[ ! -f "$DB_HTTP_TLS_TRUSTSTORE_LOCATION" ]]; then
print_validation_error "In order to configure the TLS encryption for ${DB_FLAVOR^} with JKS/PKCS12 certs you must mount a valid keystore and truststore."
fi
fi
fi
[[ "$error_code" -eq 0 ]] || exit "$error_code"
}
########################
# Determine the hostname by which Elasticsearch can be contacted
# Returns:
# The value of $DB_ADVERTISED_HOSTNAME or the current host address
########################
get_elasticsearch_hostname() {
if [[ -n "$DB_ADVERTISED_HOSTNAME" ]]; then
echo "$DB_ADVERTISED_HOSTNAME"
else
get_machine_ip
fi
}
########################
# Evaluates the env variable DB_NODE_ROLES and replaces master with
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# Array of node roles
#########################
get_elasticsearch_roles() {
local major_version="$(get_sematic_version "$(elasticsearch_get_version)" 1)"
read -r -a roles_list_tmp <<<"$(tr ',;' ' ' <<<"$DB_NODE_ROLES")"
roles_list=("${roles_list_tmp[@]}")
for i in "${!roles_list[@]}"; do
if [[ ${roles_list[$i]} == "master" ]] && [[ "$DB_FLAVOR" = "opensearch" && "$major_version" -eq 2 ]]; then
roles_list[i]="cluster_manager"
fi
done
echo "${roles_list[@]}"
}
########################
# Configure cluster settings
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_cluster_configuration() {
# Auxiliary functions
bind_address() {
if [[ -n "$DB_BIND_ADDRESS" ]]; then
echo "$DB_BIND_ADDRESS"
else
echo "0.0.0.0"
fi
}
is_node_master() {
if is_boolean_yes "$DB_IS_DEDICATED_NODE"; then
if [ -n "$DB_NODE_ROLES" ]; then
read -r -a roles_list <<<"$(get_elasticsearch_roles)"
if [[ " ${roles_list[*]} " = *" master "* ]]; then
true
elif [[ "$DB_FLAVOR" = "opensearch" && " ${roles_list[*]} " = *" cluster_manager "* ]]; then
true
else
false
fi
else
false
fi
else
true
fi
}
info "Configuring ${DB_FLAVOR^} cluster settings..."
elasticsearch_conf_set network.host "$(get_elasticsearch_hostname)"
elasticsearch_conf_set network.publish_host "$(get_elasticsearch_hostname)"
elasticsearch_conf_set network.bind_host "$(bind_address)"
elasticsearch_conf_set cluster.name "$DB_CLUSTER_NAME"
elasticsearch_conf_set node.name "${DB_NODE_NAME:-$(hostname)}"
if [[ -n "$DB_CLUSTER_HOSTS" ]]; then
read -r -a host_list <<<"$(tr ',;' ' ' <<<"$DB_CLUSTER_HOSTS")"
master_list=("${host_list[@]}")
if [[ -n "$DB_CLUSTER_MASTER_HOSTS" ]]; then
read -r -a master_list <<<"$(tr ',;' ' ' <<<"$DB_CLUSTER_MASTER_HOSTS")"
fi
elasticsearch_conf_set discovery.seed_hosts "${host_list[@]}"
if is_node_master; then
local major_version="$(get_sematic_version "$(elasticsearch_get_version)" 1)"
if [[ "$DB_FLAVOR" = "opensearch" && "$major_version" -eq 2 ]]; then
elasticsearch_conf_set cluster.initial_cluster_manager_nodes "${master_list[@]}"
else
elasticsearch_conf_set cluster.initial_master_nodes "${master_list[@]}"
fi
fi
elasticsearch_conf_set discovery.initial_state_timeout "10m"
else
elasticsearch_conf_set "discovery.type" "single-node"
fi
}
########################
# Extend cluster settings with custom, user-provided config
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_custom_configuration() {
local custom_conf_file="${DB_CONF_DIR}/my_${DB_FLAVOR}.yml"
local -r tempfile=$(mktemp)
[[ ! -s "$custom_conf_file" ]] && return
info "Adding custom configuration"
yq eval-all 'select(fileIndex == 0) * select(fileIndex == 1)' "$DB_CONF_FILE" "$custom_conf_file" >"$tempfile"
cp "$tempfile" "$DB_CONF_FILE"
}
########################
# Configure node roles.
# There are 3 scenarios:
# * If DB_IS_DEDICATED_NODE is disabled, 'node.roles' is omitted and assumes all the roles (check docs).
# * Otherwise, 'node.roles' with a list of roles provided with DB_NODE_ROLES.
# * In addition, if DB_NODE_ROLES is empty, node.roles will be configured empty, meaning that the role is 'coordinating-only'.
#
# Docs ref: https://www.elastic.co/guide/en/opensearch/reference/current/modules-node.html
#
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_configure_node_roles() {
debug "Configure ${DB_FLAVOR^} Node roles..."
local set_repo_path="no"
if is_boolean_yes "$DB_IS_DEDICATED_NODE"; then
read -r -a roles_list <<<"$(get_elasticsearch_roles)"
if [[ "${#roles_list[@]}" -eq 0 ]]; then
elasticsearch_conf_write node.roles "[]" int
else
elasticsearch_conf_set node.roles "${roles_list[@]}"
for role in "${roles_list[@]}"; do
case "$role" in
cluster_manager | master | data | data_content | data_hot | data_warm | data_cold | data_frozen)
set_repo_path="yes"
;;
*) ;;
esac
done
fi
else
set_repo_path="yes"
fi
if is_boolean_yes "$set_repo_path" && [[ -n "$DB_FS_SNAPSHOT_REPO_PATH" ]]; then
# Configure path.repo to restore snapshots from system repository
# It must be set on every cluster_manager and data node
# ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshots-filesystem-repository.html
elasticsearch_conf_set path.repo "$DB_FS_SNAPSHOT_REPO_PATH"
fi
}
########################
# Configure Heap Size
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_set_heap_size() {
local heap_size
# Remove heap.options if it already exists
rm -f "${DB_CONF_DIR}/jvm.options.d/heap.options"
if [[ -n "$DB_HEAP_SIZE" ]]; then
debug "Using specified values for Xmx and Xms heap options..."
heap_size="$DB_HEAP_SIZE"
else
debug "Calculating appropriate Xmx and Xms values..."
local machine_mem=""
machine_mem="$(get_total_memory)"
if [[ "$machine_mem" -lt 65536 ]]; then
local max_allowed_memory
local calculated_heap_size
calculated_heap_size="$((machine_mem / 2))"
max_allowed_memory="$((DB_MAX_ALLOWED_MEMORY_PERCENTAGE * machine_mem))"
max_allowed_memory="$((max_allowed_memory / 100))"
# Allow for absolute memory limit when calculating limit from percentage
if [[ -n "$DB_MAX_ALLOWED_MEMORY" && "$max_allowed_memory" -gt "$DB_MAX_ALLOWED_MEMORY" ]]; then
max_allowed_memory="$DB_MAX_ALLOWED_MEMORY"
fi
if [[ "$calculated_heap_size" -gt "$max_allowed_memory" ]]; then
info "Calculated Java heap size of ${calculated_heap_size} will be limited to ${max_allowed_memory}"
calculated_heap_size="$max_allowed_memory"
fi
heap_size="${calculated_heap_size}m"
else
heap_size=32768m
fi
fi
debug "Setting '-Xmx${heap_size} -Xms${heap_size}' heap options..."
cat >"${DB_CONF_DIR}/jvm.options.d/heap.options" <<EOF
-Xms${heap_size}
-Xmx${heap_size}
EOF
am_i_root && chown "$DB_DAEMON_USER:$DB_DAEMON_GROUP" "${DB_CONF_DIR}/jvm.options.d/heap.options"
# Avoid exit code of previous commands to affect the result of this function
true
}
########################
# Configure/initialize Elasticsearch/Opensearch
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_initialize() {
info "Configuring/Initializing ${DB_FLAVOR^}..."
# This fixes an issue where the trap would kill the entrypoint.sh, if a PID was left over from a previous run
# Exec replaces the process without creating a new one, and when the container is restarted it may have the same PID
rm -f "$DB_PID_FILE"
read -r -a data_dirs_list <<<"$(tr ',;' ' ' <<<"$DB_DATA_DIR_LIST")"
if [[ "${#data_dirs_list[@]}" -gt 0 ]]; then
info "Multiple data directories specified, ignoring ${DB_FLAVOR^^}_DATA_DIR environment variable."
else
data_dirs_list+=("$DB_DATA_DIR")
# Persisted data from old versions of
if [[ "$DB_FLAVOR" = "elasticsearch" ]] && ! is_dir_empty "$DB_DATA_DIR"; then
debug "Detected persisted data from previous deployments"
[[ -d "$DB_DATA_DIR/elasticsearch" ]] && [[ -f "$DB_DATA_DIR/elasticsearch/.initialized" ]] && migrate_old_data
fi
fi
debug "Ensuring expected directories/files exist..."
for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_PLUGINS_DIR" "$DB_BASE_DIR/modules" "$DB_CONF_DIR"; do
ensure_dir_exists "$dir"
am_i_root && chown -R "$DB_DAEMON_USER:$DB_DAEMON_GROUP" "$dir" || true
done
for dir in "${data_dirs_list[@]}"; do
ensure_dir_exists "$dir"
am_i_root && is_mounted_dir_empty "$dir" && chown -R "$DB_DAEMON_USER:$DB_DAEMON_GROUP" "$dir"
done
if is_file_writable "${DB_CONF_DIR}/jvm.options" && is_file_writable "${DB_CONF_DIR}/jvm.options.d"; then
if is_boolean_yes "$DB_DISABLE_JVM_HEAP_DUMP"; then
info "Disabling JVM heap dumps..."
replace_in_file "${DB_CONF_DIR}/jvm.options" "-XX:[+]HeapDumpOnOutOfMemoryError" "# -XX:+HeapDumpOnOutOfMemoryError"
fi
if is_boolean_yes "$DB_DISABLE_GC_LOGS"; then
info "Disabling JVM GC logs..."
replace_in_file "${DB_CONF_DIR}/jvm.options" "(^.*logs[/]gc.log.*$)" "# \1"
fi
elasticsearch_set_heap_size
else
warn "The JVM options configuration files are not writable. Configurations based on environment variables will not be applied"
fi
if [[ -f "$DB_CONF_FILE" ]]; then
info "Custom configuration file detected, using it..."
else
info "Setting default configuration"
touch "$DB_CONF_FILE"
elasticsearch_conf_set http.port "$DB_HTTP_PORT_NUMBER"
elasticsearch_conf_set path.data "${data_dirs_list[@]}"
elasticsearch_conf_set transport.port "$DB_TRANSPORT_PORT_NUMBER"
is_boolean_yes "$DB_LOCK_ALL_MEMORY" && elasticsearch_conf_set bootstrap.memory_lock "true"
elasticsearch_cluster_configuration
elasticsearch_configure_node_roles
if [[ "$DB_FLAVOR" = "opensearch" ]]; then
if is_boolean_yes "$DB_ENABLE_SECURITY"; then
info "Configuring ${DB_FLAVOR^} security NODES_DN and ADMIN_DN"
read -r -a nodes_dn <<<"$(tr ';' ' ' <<<"$OPENSEARCH_SECURITY_NODES_DN")"
read -r -a admin_dn <<<"$(tr ';' ' ' <<<"$OPENSEARCH_SECURITY_ADMIN_DN")"
elasticsearch_conf_set plugins.security.nodes_dn "${nodes_dn[@]}"
elasticsearch_conf_set plugins.security.authcz.admin_dn "${admin_dn[@]}"
fi
fi
# Moved here to be able to overwrite nodes_dn and admin_dn from custom configuration
elasticsearch_custom_configuration
if [[ "$DB_FLAVOR" = "opensearch" ]]; then
if is_boolean_yes "$DB_ENABLE_SECURITY"; then
info "Configuring ${DB_FLAVOR^} security plugin"
is_boolean_yes "$DB_ENABLE_REST_TLS" && opensearch_http_tls_configuration
! is_boolean_yes "$DB_SKIP_TRANSPORT_TLS" && opensearch_transport_tls_configuration
opensearch_security_configure_users
if is_boolean_yes "$OPENSEARCH_SECURITY_BOOTSTRAP"; then
opensearch_security_bootstrap
fi
else
elasticsearch_conf_set plugins.security.disabled "true"
fi
else
[[ -n "$DB_ACTION_DESTRUCTIVE_REQUIRES_NAME" ]] && elasticsearch_conf_set action.destructive_requires_name "$(is_boolean_yes "$DB_ACTION_DESTRUCTIVE_REQUIRES_NAME" && echo "true" || echo "false")"
# X-Pack settings.
elasticsearch_conf_set xpack.security.enabled "$(is_boolean_yes "$DB_ENABLE_SECURITY" && echo "true" || echo "false")"
! is_empty_value "$DB_PASSWORD" && elasticsearch_set_key_value "bootstrap.password" "$DB_PASSWORD"
if is_boolean_yes "$DB_ENABLE_SECURITY"; then
is_boolean_yes "$DB_ENABLE_REST_TLS" && elasticsearch_http_tls_configuration
! is_boolean_yes "$DB_SKIP_TRANSPORT_TLS" && elasticsearch_transport_tls_configuration
if is_boolean_yes "$ELASTICSEARCH_ENABLE_FIPS_MODE"; then
elasticsearch_conf_set xpack.security.fips_mode.enabled "true"
elasticsearch_conf_set xpack.security.authc.password_hashing.algorithm "pbkdf2"
fi
fi
# Latest Elasticseach releases install x-pack-ml by default. Since we have faced some issues with this library on certain platforms,
# currently we are disabling this machine learning module whatsoever by defining "xpack.ml.enabled=false" in the "elasicsearch.yml" file
if is_dir_empty "${DB_BASE_DIR}/modules/x-pack-ml/platform/linux-"*; then
elasticsearch_conf_set xpack.ml.enabled "false"
fi
fi
fi
}
########################
# Install Elasticsearch plugins
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_install_plugins() {
read -r -a plugins_list <<<"$(tr ',;' ' ' <<<"$DB_PLUGINS")"
local mandatory_plugins=""
local cmd="elasticsearch-plugin"
[[ "$DB_FLAVOR" = "opensearch" ]] && cmd="opensearch-plugin"
# Helper function for extracting the plugin name from a tarball name
# Examples:
# get_plugin_name plugin -> plugin
# get_plugin_name file://plugin.zip -> plugin
# get_plugin_name http://plugin-0.1.2.zip -> plugin
get_plugin_name() {
local plugin="${1:?missing plugin}"
# Remove any paths, and strip both the .zip extension and the version
basename "$plugin" | sed -E -e 's/.zip$//' -e 's/-[0-9]+\.[0-9]+(\.[0-9]+){0,}$//'
}
# Collect plugins that should be installed offline
read -r -a mounted_plugins <<<"$(find "$DB_MOUNTED_PLUGINS_DIR" -type f -name "*.zip" -print0 | xargs -0)"
if [[ "${#mounted_plugins[@]}" -gt 0 ]]; then
for plugin in "${mounted_plugins[@]}"; do
plugins_list+=("file://${plugin}")
done
fi
# Skip if there isn't any plugin to install
[[ -z "${plugins_list[*]:-}" ]] && return
# Install plugins
debug "Installing plugins: ${plugins_list[*]}"
for plugin in "${plugins_list[@]}"; do
plugin_name="$(get_plugin_name "$plugin")"
[[ -n "$mandatory_plugins" ]] && mandatory_plugins="${mandatory_plugins},${plugin_name}" || mandatory_plugins="$plugin_name"
# Check if the plugin was already installed
if [[ -d "${DB_PLUGINS_DIR}/${plugin_name}" ]]; then
debug "Plugin already installed: ${plugin}"
continue
fi
debug "Installing plugin: ${plugin}"
if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then
"$cmd" install -b -v "$plugin"
else
"$cmd" install -b -v "$plugin" >/dev/null 2>&1
fi
done
# Mark plugins as mandatory
elasticsearch_conf_set plugin.mandatory "$mandatory_plugins"
}
########################
# Run custom initialization scripts
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_custom_init_scripts() {
read -r -a init_scripts <<<"$(find "$DB_INITSCRIPTS_DIR" -type f -name "*.sh" -print0 | xargs -0)"
if [[ "${#init_scripts[@]}" -gt 0 ]] && [[ ! -f "$DB_VOLUME_DIR"/.user_scripts_initialized ]]; then
info "Loading user's custom files from $DB_INITSCRIPTS_DIR"
for f in "${init_scripts[@]}"; do
debug "Executing $f"
case "$f" in
*.sh)
if [[ -x "$f" ]]; then
if ! "$f"; then
error "Failed executing $f"
return 1
fi
else
warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail"
. "$f"
fi
;;
*)
warn "Skipping $f, supported formats are: .sh"
;;
esac
done
touch "$DB_VOLUME_DIR"/.user_scripts_initialized
fi
}
########################
# Modify log4j2.properties to send events to stdout instead of a logfile
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# None
#########################
elasticsearch_configure_logging() {
# Back up the original file for users who'd like to use logfile logging
cp "${DB_CONF_DIR}/log4j2.properties" "${DB_CONF_DIR}/log4j2.file.properties"
# Replace RollingFile with Console
replace_in_file "${DB_CONF_DIR}/log4j2.properties" "RollingFile" "Console"
local -a delete_patterns=(
# Remove RollingFile specific settings
"^.*\.policies\..*$" "^.*\.filePattern.*$" "^.*\.fileName.*$" "^.*\.strategy\..*$"
# Remove headers
"^###.*$"
# Remove .log and .json because of multiline configurations (filename)
"^\s\s.*\.log" "^\s\s.*\.json"
# Remove default rolling logger and references
"^appender\.rolling" "appenderRef\.rolling"
# Remove _old loggers
"_old\."
# Remove .filePermissions config
"\.filePermissions"
)
for pattern in "${delete_patterns[@]}"; do
remove_in_file "${DB_CONF_DIR}/log4j2.properties" "$pattern"
done
}
########################
# Check Elasticsearch/Opensearch health
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# 0 when healthy (or waiting for Opensearch security bootstrap)
# 1 when unhealthy
#########################
elasticsearch_healthcheck() {
info "Checking ${DB_FLAVOR^} health..."
local -r cmd="curl"
local command_args=("--silent" "--write-out" "%{http_code}")
local protocol="http"
local host
host=$(get_elasticsearch_hostname)
if validate_ipv6 "$host"; then
host="[${host}]"
fi
if is_boolean_yes "$DB_ENABLE_SECURITY"; then
command_args+=("-k" "--user" "${DB_USERNAME}:${DB_PASSWORD}")
is_boolean_yes "$DB_ENABLE_REST_TLS" && protocol="https"
fi
# Combination of --silent, --output and --write-out allows us to obtain both the status code and the request body
output=$(mktemp)
command_args+=("-o" "$output" "${protocol}://${host}:${DB_HTTP_PORT_NUMBER}/_cluster/health?local=true")
HTTP_CODE=$("$cmd" "${command_args[@]}")
if [[ ${HTTP_CODE} -ge 200 && ${HTTP_CODE} -le 299 ]] || ([[ "$DB_FLAVOR" = "opensearch" ]] && [[ ${HTTP_CODE} -eq 503 ]] && grep -q "OpenSearch Security not initialized" "$output" ); then
rm "$output"
return 0
else
rm "$output"
return 1
fi
}
########################
# Extract opensearch version from version string
# Globals:
# DB_*
# Arguments:
# None
# Returns:
# Version string
#########################
elasticsearch_get_version() {
local ver_string
local -a ver_split
if [[ "$DB_FLAVOR" = "opensearch" ]]; then
ver_string=$("${DB_BIN_DIR}/opensearch" "--version" 2>/dev/null)
else
ver_string=$("${DB_BIN_DIR}/elasticsearch" "--version" 2>/dev/null)
fi
read -r -a ver_split <<< "$ver_string"
echo "${ver_split[1]::-1}"
}

10
bitnami/kibana/8.17/README.md Normal file
View File

@ -0,0 +1,10 @@
# ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog
Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:
- Granting community users access for the first time to security-optimized versions of popular container images.
- Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
- Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
- For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.
These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).

10
bitnami/kibana/8.18/README.md Normal file
View File

@ -0,0 +1,10 @@
# ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog
Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:
- Granting community users access for the first time to security-optimized versions of popular container images.
- Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
- Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
- For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.
These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).

10
bitnami/kibana/8.19/README.md Normal file
View File

@ -0,0 +1,10 @@
# ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog
Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:
- Granting community users access for the first time to security-optimized versions of popular container images.
- Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
- Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
- For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.
These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).

10
bitnami/kibana/9.0/README.md Normal file
View File

@ -0,0 +1,10 @@
# ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog
Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:
- Granting community users access for the first time to security-optimized versions of popular container images.
- Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
- Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
- For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.
These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).

59
bitnami/kibana/9/debian-12/Dockerfile
View File

@ -1,59 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
FROM docker.io/bitnami/minideb:bookworm
ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith"
ARG TARGETARCH
LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
org.opencontainers.image.created="2025-09-07T01:23:09Z" \
org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kibana/README.md" \
org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kibana" \
org.opencontainers.image.title="kibana" \
org.opencontainers.image.vendor="Broadcom, Inc." \
org.opencontainers.image.version="9.1.3"
ENV HOME="/" \
OS_ARCH="${TARGETARCH:-amd64}" \
OS_FLAVOUR="debian-12" \
OS_NAME="linux" \
PATH="/opt/bitnami/common/bin:/opt/bitnami/kibana/bin:$PATH"
COPY prebuildfs /
SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
# Install required system packages and dependencies
RUN install_packages ca-certificates curl libexpat1 libgcc-s1 libnss3 libstdc++6 procps
RUN --mount=type=secret,id=downloads_url,env=SECRET_DOWNLOADS_URL \
DOWNLOADS_URL=${SECRET_DOWNLOADS_URL:-${DOWNLOADS_URL}} ; \
mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \
COMPONENTS=( \
"yq-4.47.1-3-linux-${OS_ARCH}-debian-12" \
"kibana-9.1.3-0-linux-${OS_ARCH}-debian-12" \
) ; \
for COMPONENT in "${COMPONENTS[@]}"; do \
if [ ! -f "${COMPONENT}.tar.gz" ]; then \
curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \
curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \
fi ; \
sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \
tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner ; \
rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
done
RUN apt-get update && apt-get upgrade -y && \
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
RUN chmod g+rwX /opt/bitnami
RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
COPY rootfs /
RUN /opt/bitnami/scripts/kibana/postunpack.sh
ENV APP_VERSION="9.1.3" \
BITNAMI_APP_NAME="kibana" \
IMAGE_REVISION="1"
EXPOSE 5601
USER 1001
ENTRYPOINT [ "/opt/bitnami/scripts/kibana/entrypoint.sh" ]
CMD [ "/opt/bitnami/scripts/kibana/run.sh" ]

2
bitnami/kibana/9/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
View File

@ -1,2 +0,0 @@
Bitnami containers ship with software bundles. You can find the licenses under:
/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt

53
bitnami/kibana/9/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh
View File

@ -1,53 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami custom library
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Constants
BOLD='\033[1m'
# Functions
########################
# Print the welcome page
# Globals:
# DISABLE_WELCOME_MESSAGE
# BITNAMI_APP_NAME
# Arguments:
# None
# Returns:
# None
#########################
print_welcome_page() {
if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then
if [[ -n "$BITNAMI_APP_NAME" ]]; then
print_image_welcome_page
fi
fi
}
########################
# Print the welcome page for a Bitnami Docker image
# Globals:
# BITNAMI_APP_NAME
# Arguments:
# None
# Returns:
# None
#########################
print_image_welcome_page() {
local github_url="https://github.com/bitnami/containers"
info ""
info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}"
info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}"
info "${YELLOW}NOTICE: Starting August 28th, 2025, only a limited subset of images/charts will remain available for free. Backup will be available for some time at the 'Bitnami Legacy' repository. More info at https://github.com/bitnami/containers/issues/83267${RESET}"
info ""
}

141
bitnami/kibana/9/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh
View File

@ -1,141 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for managing files
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libos.sh
# Functions
########################
# Replace a regex-matching string in a file
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - substitute regex
# $4 - use POSIX regex. Default: true
# Returns:
# None
#########################
replace_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local substitute_regex="${3:?substitute regex is required}"
local posix_regex=${4:-true}
local result
# We should avoid using 'sed in-place' substitutions
# 1) They are not compatible with files mounted from ConfigMap(s)
# 2) We found incompatibility issues with Debian10 and "in-place" substitutions
local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
if [[ $posix_regex = true ]]; then
result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
else
result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
fi
echo "$result" > "$filename"
}
########################
# Replace a regex-matching multiline string in a file
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - substitute regex
# Returns:
# None
#########################
replace_in_file_multiline() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local substitute_regex="${3:?substitute regex is required}"
local result
local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")"
echo "$result" > "$filename"
}
########################
# Remove a line in a file based on a regex
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - use POSIX regex. Default: true
# Returns:
# None
#########################
remove_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local posix_regex=${3:-true}
local result
# We should avoid using 'sed in-place' substitutions
# 1) They are not compatible with files mounted from ConfigMap(s)
# 2) We found incompatibility issues with Debian10 and "in-place" substitutions
if [[ $posix_regex = true ]]; then
result="$(sed -E "/$match_regex/d" "$filename")"
else
result="$(sed "/$match_regex/d" "$filename")"
fi
echo "$result" > "$filename"
}
########################
# Appends text after the last line matching a pattern
# Arguments:
# $1 - file
# $2 - match regex
# $3 - contents to add
# Returns:
# None
#########################
append_file_after_last_match() {
local file="${1:?missing file}"
local match_regex="${2:?missing pattern}"
local value="${3:?missing value}"
# We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again
result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)"
echo "$result" > "$file"
}
########################
# Wait until certain entry is present in a log file
# Arguments:
# $1 - entry to look for
# $2 - log file
# $3 - max retries. Default: 12
# $4 - sleep between retries (in seconds). Default: 5
# Returns:
# Boolean
#########################
wait_for_log_entry() {
local -r entry="${1:-missing entry}"
local -r log_file="${2:-missing log file}"
local -r retries="${3:-12}"
local -r interval_time="${4:-5}"
local attempt=0
check_log_file_for_entry() {
if ! grep -qE "$entry" "$log_file"; then
debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})"
return 1
fi
}
debug "Checking that ${log_file} log file contains entry \"${entry}\""
if retry_while check_log_file_for_entry "$retries" "$interval_time"; then
debug "Found entry \"${entry}\" in ${log_file}"
true
else
error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries"
debug_execute cat "$log_file"
return 1
fi
}

193
bitnami/kibana/9/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh
View File

@ -1,193 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for file system actions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Ensure a file/directory is owned (user and group) but the given user
# Arguments:
# $1 - filepath
# $2 - owner
# Returns:
# None
#########################
owned_by() {
local path="${1:?path is missing}"
local owner="${2:?owner is missing}"
local group="${3:-}"
if [[ -n $group ]]; then
chown "$owner":"$group" "$path"
else
chown "$owner":"$owner" "$path"
fi
}
########################
# Ensure a directory exists and, optionally, is owned by the given user
# Arguments:
# $1 - directory
# $2 - owner
# Returns:
# None
#########################
ensure_dir_exists() {
local dir="${1:?directory is missing}"
local owner_user="${2:-}"
local owner_group="${3:-}"
[ -d "${dir}" ] || mkdir -p "${dir}"
if [[ -n $owner_user ]]; then
owned_by "$dir" "$owner_user" "$owner_group"
fi
}
########################
# Checks whether a directory is empty or not
# arguments:
# $1 - directory
# returns:
# boolean
#########################
is_dir_empty() {
local -r path="${1:?missing directory}"
# Calculate real path in order to avoid issues with symlinks
local -r dir="$(realpath "$path")"
if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then
true
else
false
fi
}
########################
# Checks whether a mounted directory is empty or not
# arguments:
# $1 - directory
# returns:
# boolean
#########################
is_mounted_dir_empty() {
local dir="${1:?missing directory}"
if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then
true
else
false
fi
}
########################
# Checks whether a file can be written to or not
# arguments:
# $1 - file
# returns:
# boolean
#########################
is_file_writable() {
local file="${1:?missing file}"
local dir
dir="$(dirname "$file")"
if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then
true
else
false
fi
}
########################
# Relativize a path
# arguments:
# $1 - path
# $2 - base
# returns:
# None
#########################
relativize() {
local -r path="${1:?missing path}"
local -r base="${2:?missing base}"
pushd "$base" >/dev/null || exit
realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||'
popd >/dev/null || exit
}
########################
# Configure permissions and ownership recursively
# Globals:
# None
# Arguments:
# $1 - paths (as a string).
# Flags:
# -f|--file-mode - mode for directories.
# -d|--dir-mode - mode for files.
# -u|--user - user
# -g|--group - group
# Returns:
# None
#########################
configure_permissions_ownership() {
local -r paths="${1:?paths is missing}"
local dir_mode=""
local file_mode=""
local user=""
local group=""
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-f | --file-mode)
shift
file_mode="${1:?missing mode for files}"
;;
-d | --dir-mode)
shift
dir_mode="${1:?missing mode for directories}"
;;
-u | --user)
shift
user="${1:?missing user}"
;;
-g | --group)
shift
group="${1:?missing group}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a filepaths <<<"$paths"
for p in "${filepaths[@]}"; do
if [[ -e "$p" ]]; then
find -L "$p" -printf ""
if [[ -n $dir_mode ]]; then
find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode"
fi
if [[ -n $file_mode ]]; then
find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode"
fi
if [[ -n $user ]] && [[ -n $group ]]; then
find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}"
elif [[ -n $user ]] && [[ -z $group ]]; then
find -L "$p" -print0 | xargs -r -0 chown "${user}"
elif [[ -z $user ]] && [[ -n $group ]]; then
find -L "$p" -print0 | xargs -r -0 chgrp "${group}"
fi
else
stderr_print "$p does not exist"
fi
done
}

18
bitnami/kibana/9/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh
View File

@ -1,18 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library to use for scripts expected to be used as Kubernetes lifecycle hooks
# shellcheck disable=SC1091
# Load generic libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libos.sh
# Override functions that log to stdout/stderr of the current process, so they print to process 1
for function_to_override in stderr_print debug_execute; do
# Output is sent to output of process 1 and thus end up in the container log
# The hook output in general isn't saved
eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2"
done

146
bitnami/kibana/9/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh
View File

@ -1,146 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for logging functions
# Constants
RESET='\033[0m'
RED='\033[38;5;1m'
GREEN='\033[38;5;2m'
YELLOW='\033[38;5;3m'
MAGENTA='\033[38;5;5m'
CYAN='\033[38;5;6m'
# Functions
########################
# Print to STDERR
# Arguments:
# Message to print
# Returns:
# None
#########################
stderr_print() {
# 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it
local bool="${BITNAMI_QUIET:-false}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
printf "%b\\n" "${*}" >&2
fi
}
########################
# Log message
# Arguments:
# Message to log
# Returns:
# None
#########################
log() {
local color_bool="${BITNAMI_COLOR:-true}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$color_bool" = 1 || "$color_bool" =~ ^(yes|true)$ ]]; then
stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}"
else
stderr_print "${MODULE:-} $(date "+%T.%2N ")${*}"
fi
}
########################
# Log an 'info' message
# Arguments:
# Message to log
# Returns:
# None
#########################
info() {
local msg_color=""
local color_bool="${BITNAMI_COLOR:-true}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$color_bool" = 1 || "$color_bool" =~ ^(yes|true)$ ]];then
msg_color="$GREEN"
fi
log "${msg_color}INFO ${RESET} ==> ${*}"
}
########################
# Log message
# Arguments:
# Message to log
# Returns:
# None
#########################
warn() {
local msg_color=""
local color_bool="${BITNAMI_COLOR:-true}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$color_bool" = 1 || "$color_bool" =~ ^(yes|true)$ ]];then
msg_color="$YELLOW"
fi
log "${msg_color}WARN ${RESET} ==> ${*}"
}
########################
# Log an 'error' message
# Arguments:
# Message to log
# Returns:
# None
#########################
error() {
local msg_color=""
local color_bool="${BITNAMI_COLOR:-true}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$color_bool" = 1 || "$color_bool" =~ ^(yes|true)$ ]];then
msg_color="$RED"
fi
log "${msg_color}ERROR${RESET} ==> ${*}"
}
########################
# Log a 'debug' message
# Globals:
# BITNAMI_DEBUG
# Arguments:
# None
# Returns:
# None
#########################
debug() {
local msg_color=""
local color_bool="${BITNAMI_COLOR:-true}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$color_bool" = 1 || "$color_bool" =~ ^(yes|true)$ ]] ;then
msg_color="$MAGENTA"
fi
local debug_bool="${BITNAMI_DEBUG:-false}"
if [[ "$debug_bool" = 1 || "$debug_bool" =~ ^(yes|true)$ ]]; then
log "${msg_color}DEBUG${RESET} ==> ${*}"
fi
}
########################
# Indent a string
# Arguments:
# $1 - string
# $2 - number of indentation characters (default: 4)
# $3 - indentation character (default: " ")
# Returns:
# None
#########################
indent() {
local string="${1:-}"
local num="${2:?missing num}"
local char="${3:-" "}"
# Build the indentation unit string
local indent_unit=""
for ((i = 0; i < num; i++)); do
indent_unit="${indent_unit}${char}"
done
# shellcheck disable=SC2001
# Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions
echo "$string" | sed "s/^/${indent_unit}/"
}

171
bitnami/kibana/9/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh
View File

@ -1,171 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for network functions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Resolve IP address for a host/domain (i.e. DNS lookup)
# Arguments:
# $1 - Hostname to resolve
# $2 - IP address version (v4, v6), leave empty for resolving to any version
# Returns:
# IP
#########################
dns_lookup() {
local host="${1:?host is missing}"
local ip_version="${2:-}"
getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1
}
#########################
# Wait for a hostname and return the IP
# Arguments:
# $1 - hostname
# $2 - number of retries
# $3 - seconds to wait between retries
# Returns:
# - IP address that corresponds to the hostname
#########################
wait_for_dns_lookup() {
local hostname="${1:?hostname is missing}"
local retries="${2:-5}"
local seconds="${3:-1}"
check_host() {
if [[ $(dns_lookup "$hostname") == "" ]]; then
false
else
true
fi
}
# Wait for the host to be ready
retry_while "check_host ${hostname}" "$retries" "$seconds"
dns_lookup "$hostname"
}
########################
# Get machine's IP
# Arguments:
# None
# Returns:
# Machine IP
#########################
get_machine_ip() {
local -a ip_addresses
local hostname
hostname="$(hostname)"
read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)"
if [[ "${#ip_addresses[@]}" -gt 1 ]]; then
warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}"
elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then
error "Could not find any IP address associated to hostname ${hostname}"
exit 1
fi
# Check if the first IP address is IPv6 to add brackets
if validate_ipv6 "${ip_addresses[0]}" ; then
echo "[${ip_addresses[0]}]"
else
echo "${ip_addresses[0]}"
fi
}
########################
# Check if the provided argument is a resolved hostname
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_hostname_resolved() {
local -r host="${1:?missing value}"
if [[ -n "$(dns_lookup "$host")" ]]; then
true
else
false
fi
}
########################
# Parse URL
# Globals:
# None
# Arguments:
# $1 - uri - String
# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String
# Returns:
# String
parse_uri() {
local uri="${1:?uri is missing}"
local component="${2:?component is missing}"
# Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with
# additional sub-expressions to split authority into userinfo, host and port
# Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969)
local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?'
# || | ||| | | | | | | | | |
# |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment
# 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #...
# | 4 authority
# 3 //...
local index=0
case "$component" in
scheme)
index=2
;;
authority)
index=4
;;
userinfo)
index=6
;;
host)
index=7
;;
port)
index=9
;;
path)
index=10
;;
query)
index=13
;;
fragment)
index=14
;;
*)
stderr_print "unrecognized component $component"
return 1
;;
esac
[[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}"
}
########################
# Wait for a HTTP connection to succeed
# Globals:
# *
# Arguments:
# $1 - URL to wait for
# $2 - Maximum amount of retries (optional)
# $3 - Time between retries (optional)
# Returns:
# true if the HTTP connection succeeded, false otherwise
#########################
wait_for_http_connection() {
local url="${1:?missing url}"
local retries="${2:-}"
local sleep_time="${3:-}"
if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then
error "Could not connect to ${url}"
return 1
fi
}

657
bitnami/kibana/9/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh
View File

@ -1,657 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for operating system actions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Check if an user exists in the system
# Arguments:
# $1 - user
# Returns:
# Boolean
#########################
user_exists() {
local user="${1:?user is missing}"
id "$user" >/dev/null 2>&1
}
########################
# Check if a group exists in the system
# Arguments:
# $1 - group
# Returns:
# Boolean
#########################
group_exists() {
local group="${1:?group is missing}"
getent group "$group" >/dev/null 2>&1
}
########################
# Create a group in the system if it does not exist already
# Arguments:
# $1 - group
# Flags:
# -i|--gid - the ID for the new group
# -s|--system - Whether to create new user as system user (uid <= 999)
# Returns:
# None
#########################
ensure_group_exists() {
local group="${1:?group is missing}"
local gid=""
local is_system_user=false
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-i | --gid)
shift
gid="${1:?missing gid}"
;;
-s | --system)
is_system_user=true
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if ! group_exists "$group"; then
local -a args=("$group")
if [[ -n "$gid" ]]; then
if group_exists "$gid"; then
error "The GID $gid is already in use." >&2
return 1
fi
args+=("--gid" "$gid")
fi
$is_system_user && args+=("--system")
groupadd "${args[@]}" >/dev/null 2>&1
fi
}
########################
# Create an user in the system if it does not exist already
# Arguments:
# $1 - user
# Flags:
# -i|--uid - the ID for the new user
# -g|--group - the group the new user should belong to
# -a|--append-groups - comma-separated list of supplemental groups to append to the new user
# -h|--home - the home directory for the new user
# -s|--system - whether to create new user as system user (uid <= 999)
# Returns:
# None
#########################
ensure_user_exists() {
local user="${1:?user is missing}"
local uid=""
local group=""
local append_groups=""
local home=""
local is_system_user=false
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-i | --uid)
shift
uid="${1:?missing uid}"
;;
-g | --group)
shift
group="${1:?missing group}"
;;
-a | --append-groups)
shift
append_groups="${1:?missing append_groups}"
;;
-h | --home)
shift
home="${1:?missing home directory}"
;;
-s | --system)
is_system_user=true
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if ! user_exists "$user"; then
local -a user_args=("-N" "$user")
if [[ -n "$uid" ]]; then
if user_exists "$uid"; then
error "The UID $uid is already in use."
return 1
fi
user_args+=("--uid" "$uid")
else
$is_system_user && user_args+=("--system")
fi
useradd "${user_args[@]}" >/dev/null 2>&1
fi
if [[ -n "$group" ]]; then
local -a group_args=("$group")
$is_system_user && group_args+=("--system")
ensure_group_exists "${group_args[@]}"
usermod -g "$group" "$user" >/dev/null 2>&1
fi
if [[ -n "$append_groups" ]]; then
local -a groups
read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")"
for group in "${groups[@]}"; do
ensure_group_exists "$group"
usermod -aG "$group" "$user" >/dev/null 2>&1
done
fi
if [[ -n "$home" ]]; then
mkdir -p "$home"
usermod -d "$home" "$user" >/dev/null 2>&1
configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group"
fi
}
########################
# Check if the script is currently running as root
# Arguments:
# $1 - user
# $2 - group
# Returns:
# Boolean
#########################
am_i_root() {
if [[ "$(id -u)" = "0" ]]; then
true
else
false
fi
}
########################
# Print OS metadata
# Arguments:
# $1 - Flag name
# Flags:
# --id - Distro ID
# --version - Distro version
# --branch - Distro branch
# --codename - Distro codename
# --name - Distro name
# --pretty-name - Distro pretty name
# Returns:
# String
#########################
get_os_metadata() {
local -r flag_name="${1:?missing flag}"
# Helper function
get_os_release_metadata() {
local -r env_name="${1:?missing environment variable name}"
(
. /etc/os-release
echo "${!env_name}"
)
}
case "$flag_name" in
--id)
get_os_release_metadata ID
;;
--version)
get_os_release_metadata VERSION_ID
;;
--branch)
get_os_release_metadata VERSION_ID | sed 's/\..*//'
;;
--codename)
get_os_release_metadata VERSION_CODENAME
;;
--name)
get_os_release_metadata NAME
;;
--pretty-name)
get_os_release_metadata PRETTY_NAME
;;
*)
error "Unknown flag ${flag_name}"
return 1
;;
esac
}
########################
# Get total memory available
# Arguments:
# None
# Returns:
# Memory in bytes
#########################
get_total_memory() {
echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024))
}
########################
# Get machine size depending on specified memory
# Globals:
# None
# Arguments:
# None
# Flags:
# --memory - memory size (optional)
# Returns:
# Detected instance size
#########################
get_machine_size() {
local memory=""
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
--memory)
shift
memory="${1:?missing memory}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if [[ -z "$memory" ]]; then
debug "Memory was not specified, detecting available memory automatically"
memory="$(get_total_memory)"
fi
sanitized_memory=$(convert_to_mb "$memory")
if [[ "$sanitized_memory" -gt 26000 ]]; then
echo 2xlarge
elif [[ "$sanitized_memory" -gt 13000 ]]; then
echo xlarge
elif [[ "$sanitized_memory" -gt 6000 ]]; then
echo large
elif [[ "$sanitized_memory" -gt 3000 ]]; then
echo medium
elif [[ "$sanitized_memory" -gt 1500 ]]; then
echo small
else
echo micro
fi
}
########################
# Get machine size depending on specified memory
# Globals:
# None
# Arguments:
# $1 - memory size (optional)
# Returns:
# Detected instance size
#########################
get_supported_machine_sizes() {
echo micro small medium large xlarge 2xlarge
}
########################
# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048)
# Globals:
# None
# Arguments:
# $1 - memory size
# Returns:
# Result of the conversion
#########################
convert_to_mb() {
local amount="${1:-}"
if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then
size="${BASH_REMATCH[1]}"
unit="${BASH_REMATCH[2]}"
if [[ "$unit" = "g" || "$unit" = "G" ]]; then
amount="$((size * 1024))"
else
amount="$size"
fi
fi
echo "$amount"
}
#########################
# Redirects output to /dev/null if debug mode is disabled
# Globals:
# BITNAMI_DEBUG
# Arguments:
# $@ - Command to execute
# Returns:
# None
#########################
debug_execute() {
if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then
"$@"
else
"$@" >/dev/null 2>&1
fi
}
########################
# Retries a command a given number of times
# Arguments:
# $1 - cmd (as a string)
# $2 - max retries. Default: 12
# $3 - sleep between retries (in seconds). Default: 5
# Returns:
# Boolean
#########################
retry_while() {
local cmd="${1:?cmd is missing}"
local retries="${2:-12}"
local sleep_time="${3:-5}"
local return_value=1
read -r -a command <<<"$cmd"
for ((i = 1; i <= retries; i += 1)); do
"${command[@]}" && return_value=0 && break
sleep "$sleep_time"
done
return $return_value
}
########################
# Generate a random string
# Arguments:
# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii
# -c|--count - Number of characters, defaults to 32
# Arguments:
# None
# Returns:
# None
# Returns:
# String
#########################
generate_random_string() {
local type="ascii"
local count="32"
local filter
local result
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
-t | --type)
shift
type="$1"
;;
-c | --count)
shift
count="$1"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
# Validate type
case "$type" in
ascii)
filter="[:print:]"
;;
numeric)
filter="0-9"
;;
alphanumeric)
filter="a-zA-Z0-9"
;;
alphanumeric+special|special+alphanumeric)
# Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters
# Special characters are harder to write, and it could impact the overall UX if most passwords are too complex
filter='a-zA-Z0-9:@.,/+!='
;;
*)
echo "Invalid type ${type}" >&2
return 1
;;
esac
# Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size
# Note there is a very small chance of strings starting with EOL character
# Therefore, the higher amount of lines read, this will happen less frequently
result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")"
echo "$result"
}
########################
# Create md5 hash from a string
# Arguments:
# $1 - string
# Returns:
# md5 hash - string
#########################
generate_md5_hash() {
local -r str="${1:?missing input string}"
echo -n "$str" | md5sum | awk '{print $1}'
}
########################
# Create sha1 hash from a string
# Arguments:
# $1 - string
# $2 - algorithm - 1 (default), 224, 256, 384, 512
# Returns:
# sha1 hash - string
#########################
generate_sha_hash() {
local -r str="${1:?missing input string}"
local -r algorithm="${2:-1}"
echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}'
}
########################
# Converts a string to its hexadecimal representation
# Arguments:
# $1 - string
# Returns:
# hexadecimal representation of the string
#########################
convert_to_hex() {
local -r str=${1:?missing input string}
local -i iterator
local char
for ((iterator = 0; iterator < ${#str}; iterator++)); do
char=${str:iterator:1}
printf '%x' "'${char}"
done
}
########################
# Get boot time
# Globals:
# None
# Arguments:
# None
# Returns:
# Boot time metadata
#########################
get_boot_time() {
stat /proc --format=%Y
}
########################
# Get machine ID
# Globals:
# None
# Arguments:
# None
# Returns:
# Machine ID
#########################
get_machine_id() {
local machine_id
if [[ -f /etc/machine-id ]]; then
machine_id="$(cat /etc/machine-id)"
fi
if [[ -z "$machine_id" ]]; then
# Fallback to the boot-time, which will at least ensure a unique ID in the current session
machine_id="$(get_boot_time)"
fi
echo "$machine_id"
}
########################
# Get the root partition's disk device ID (e.g. /dev/sda1)
# Globals:
# None
# Arguments:
# None
# Returns:
# Root partition disk ID
#########################
get_disk_device_id() {
local device_id=""
if grep -q ^/dev /proc/mounts; then
device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)"
fi
# If it could not be autodetected, fallback to /dev/sda1 as a default
if [[ -z "$device_id" || ! -b "$device_id" ]]; then
device_id="/dev/sda1"
fi
echo "$device_id"
}
########################
# Get the root disk device ID (e.g. /dev/sda)
# Globals:
# None
# Arguments:
# None
# Returns:
# Root disk ID
#########################
get_root_disk_device_id() {
get_disk_device_id | sed -E 's/p?[0-9]+$//'
}
########################
# Get the root disk size in bytes
# Globals:
# None
# Arguments:
# None
# Returns:
# Root disk size in bytes
#########################
get_root_disk_size() {
fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true
}
########################
# Run command as a specific user and group (optional)
# Arguments:
# $1 - USER(:GROUP) to switch to
# $2..$n - command to execute
# Returns:
# Exit code of the specified command
#########################
run_as_user() {
run_chroot "$@"
}
########################
# Execute command as a specific user and group (optional),
# replacing the current process image
# Arguments:
# $1 - USER(:GROUP) to switch to
# $2..$n - command to execute
# Returns:
# Exit code of the specified command
#########################
exec_as_user() {
run_chroot --replace-process "$@"
}
########################
# Run a command using chroot
# Arguments:
# $1 - USER(:GROUP) to switch to
# $2..$n - command to execute
# Flags:
# -r | --replace-process - Replace the current process image (optional)
# Returns:
# Exit code of the specified command
#########################
run_chroot() {
local userspec
local user
local homedir
local replace=false
local -r cwd="$(pwd)"
# Parse and validate flags
while [[ "$#" -gt 0 ]]; do
case "$1" in
-r | --replace-process)
replace=true
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
# Parse and validate arguments
if [[ "$#" -lt 2 ]]; then
echo "expected at least 2 arguments"
return 1
else
userspec=$1
shift
# userspec can optionally include the group, so we parse the user
user=$(echo "$userspec" | cut -d':' -f1)
fi
if ! am_i_root; then
error "Could not switch to '${userspec}': Operation not permitted"
return 1
fi
# Get the HOME directory for the user to switch, as chroot does
# not properly update this env and some scripts rely on it
homedir=$(eval echo "~${user}")
if [[ ! -d $homedir ]]; then
homedir="${HOME:-/}"
fi
# Obtaining value for "$@" indirectly in order to properly support shell parameter expansion
if [[ "$replace" = true ]]; then
exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
else
chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
fi
}

124
bitnami/kibana/9/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh
View File

@ -1,124 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami persistence library
# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libversion.sh
# Functions
########################
# Persist an application directory
# Globals:
# BITNAMI_ROOT_DIR
# BITNAMI_VOLUME_DIR
# Arguments:
# $1 - App folder name
# $2 - List of app files to persist
# Returns:
# true if all steps succeeded, false otherwise
#########################
persist_app() {
local -r app="${1:?missing app}"
local -a files_to_restore
read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")"
local -r install_dir="${BITNAMI_ROOT_DIR}/${app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
# Persist the individual files
if [[ "${#files_to_persist[@]}" -le 0 ]]; then
warn "No files are configured to be persisted"
return
fi
pushd "$install_dir" >/dev/null || exit
local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder
local -r tmp_file="/tmp/perms.acl"
for file_to_persist in "${files_to_persist[@]}"; do
if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then
error "Cannot persist '${file_to_persist}' because it does not exist"
return 1
fi
file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")"
file_to_persist_destination="${persist_dir}/${file_to_persist_relative}"
file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")"
# Get original permissions for existing files, which will be applied later
# Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume
getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file"
# Copy directories to the volume
ensure_dir_exists "$file_to_persist_destination_folder"
cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder"
# Restore permissions
pushd "$persist_dir" >/dev/null || exit
if am_i_root; then
setfacl --restore="$tmp_file"
else
# When running as non-root, don't change ownership
setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file")
fi
popd >/dev/null || exit
done
popd >/dev/null || exit
rm -f "$tmp_file"
# Install the persisted files into the installation directory, via symlinks
restore_persisted_app "$@"
}
########################
# Restore a persisted application directory
# Globals:
# BITNAMI_ROOT_DIR
# BITNAMI_VOLUME_DIR
# FORCE_MAJOR_UPGRADE
# Arguments:
# $1 - App folder name
# $2 - List of app files to restore
# Returns:
# true if all steps succeeded, false otherwise
#########################
restore_persisted_app() {
local -r app="${1:?missing app}"
local -a files_to_restore
read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")"
local -r install_dir="${BITNAMI_ROOT_DIR}/${app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
# Restore the individual persisted files
if [[ "${#files_to_restore[@]}" -le 0 ]]; then
warn "No persisted files are configured to be restored"
return
fi
local file_to_restore_relative file_to_restore_origin file_to_restore_destination
for file_to_restore in "${files_to_restore[@]}"; do
file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")"
# We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed
file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")"
file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")"
rm -rf "$file_to_restore_origin"
ln -sfn "$file_to_restore_destination" "$file_to_restore_origin"
done
}
########################
# Check if an application directory was already persisted
# Globals:
# BITNAMI_VOLUME_DIR
# Arguments:
# $1 - App folder name
# Returns:
# true if all steps succeeded, false otherwise
#########################
is_app_initialized() {
local -r app="${1:?missing app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
if ! is_mounted_dir_empty "$persist_dir"; then
true
else
false
fi
}

422
bitnami/kibana/9/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh
View File

@ -1,422 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for managing services
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Read the provided pid file and returns a PID
# Arguments:
# $1 - Pid file
# Returns:
# PID
#########################
get_pid_from_file() {
local pid_file="${1:?pid file is missing}"
if [[ -f "$pid_file" ]]; then
if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then
echo "$(< "$pid_file")"
fi
fi
}
########################
# Check if a provided PID corresponds to a running service
# Arguments:
# $1 - PID
# Returns:
# Boolean
#########################
is_service_running() {
local pid="${1:?pid is missing}"
kill -0 "$pid" 2>/dev/null
}
########################
# Stop a service by sending a termination signal to its pid
# Arguments:
# $1 - Pid file
# $2 - Signal number (optional)
# Returns:
# None
#########################
stop_service_using_pid() {
local pid_file="${1:?pid file is missing}"
local signal="${2:-}"
local pid
pid="$(get_pid_from_file "$pid_file")"
[[ -z "$pid" ]] || ! is_service_running "$pid" && return
if [[ -n "$signal" ]]; then
kill "-${signal}" "$pid"
else
kill "$pid"
fi
local counter=10
while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do
sleep 1
counter=$((counter - 1))
done
}
########################
# Start cron daemon
# Arguments:
# None
# Returns:
# true if started correctly, false otherwise
#########################
cron_start() {
if [[ -x "/usr/sbin/cron" ]]; then
/usr/sbin/cron
elif [[ -x "/usr/sbin/crond" ]]; then
/usr/sbin/crond
else
false
fi
}
########################
# Generate a cron configuration file for a given service
# Arguments:
# $1 - Service name
# $2 - Command
# Flags:
# --run-as - User to run as (default: root)
# --schedule - Cron schedule configuration (default: * * * * *)
# Returns:
# None
#########################
generate_cron_conf() {
local service_name="${1:?service name is missing}"
local cmd="${2:?command is missing}"
local run_as="root"
local schedule="* * * * *"
local clean="true"
# Parse optional CLI flags
shift 2
while [[ "$#" -gt 0 ]]; do
case "$1" in
--run-as)
shift
run_as="$1"
;;
--schedule)
shift
schedule="$1"
;;
--no-clean)
clean="false"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
mkdir -p /etc/cron.d
if "$clean"; then
cat > "/etc/cron.d/${service_name}" <<EOF
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
${schedule} ${run_as} ${cmd}
EOF
else
echo "${schedule} ${run_as} ${cmd}" >> /etc/cron.d/"$service_name"
fi
}
########################
# Generate a logrotate configuration file
# Arguments:
# $1 - Service name
# $2 - Log files pattern
# Flags:
# --period - Period
# --rotations - Number of rotations to store
# --extra - Extra options (Optional)
# Returns:
# None
#########################
generate_logrotate_conf() {
local service_name="${1:?service name is missing}"
local log_path="${2:?log path is missing}"
local period="weekly"
local rotations="150"
local extra=""
local logrotate_conf_dir="/etc/logrotate.d"
local var_name
# Parse optional CLI flags
shift 2
while [[ "$#" -gt 0 ]]; do
case "$1" in
--period|--rotations|--extra)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "$var_name"="${1:?"$var_name" is missing}"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
mkdir -p "$logrotate_conf_dir"
cat <<EOF | sed '/^\s*$/d' > "${logrotate_conf_dir}/${service_name}"
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
${log_path} {
${period}
rotate ${rotations}
dateext
compress
copytruncate
missingok
$(indent "$extra" 2)
}
EOF
}
########################
# Remove a logrotate configuration file
# Arguments:
# $1 - Service name
# Returns:
# None
#########################
remove_logrotate_conf() {
local service_name="${1:?service name is missing}"
local logrotate_conf_dir="/etc/logrotate.d"
rm -f "${logrotate_conf_dir}/${service_name}"
}
########################
# Generate a Systemd configuration file
# Arguments:
# $1 - Service name
# Flags:
# --custom-service-content - Custom content to add to the [service] block
# --environment - Environment variable to define (multiple --environment options may be passed)
# --environment-file - Text file with environment variables (multiple --environment-file options may be passed)
# --exec-start - Start command (required)
# --exec-start-pre - Pre-start command (optional)
# --exec-start-post - Post-start command (optional)
# --exec-stop - Stop command (optional)
# --exec-reload - Reload command (optional)
# --group - System group to start the service with
# --name - Service full name (e.g. Apache HTTP Server, defaults to $1)
# --restart - When to restart the Systemd service after being stopped (defaults to always)
# --pid-file - Service PID file
# --standard-output - File where to print stdout output
# --standard-error - File where to print stderr output
# --success-exit-status - Exit code that indicates a successful shutdown
# --type - Systemd unit type (defaults to forking)
# --user - System user to start the service with
# --working-directory - Working directory at which to start the service
# Returns:
# None
#########################
generate_systemd_conf() {
local -r service_name="${1:?service name is missing}"
local -r systemd_units_dir="/etc/systemd/system"
local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service"
# Default values
local name="$service_name"
local type="forking"
local user=""
local group=""
local environment=""
local environment_file=""
local exec_start=""
local exec_start_pre=""
local exec_start_post=""
local exec_stop=""
local exec_reload=""
local restart="always"
local pid_file=""
local standard_output="journal"
local standard_error=""
local limits_content=""
local success_exit_status=""
local custom_service_content=""
local working_directory=""
# Parse CLI flags
shift
while [[ "$#" -gt 0 ]]; do
case "$1" in
--name \
| --type \
| --user \
| --group \
| --exec-start \
| --exec-stop \
| --exec-reload \
| --restart \
| --pid-file \
| --standard-output \
| --standard-error \
| --success-exit-status \
| --custom-service-content \
| --working-directory \
)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "$var_name"="${1:?"${var_name} value is missing"}"
;;
--limit-*)
[[ -n "$limits_content" ]] && limits_content+=$'\n'
var_name="${1//--limit-}"
shift
limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}"
;;
--exec-start-pre)
shift
[[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n'
exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}"
;;
--exec-start-post)
shift
[[ -n "$exec_start_post" ]] && exec_start_post+=$'\n'
exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}"
;;
--environment)
shift
# It is possible to add multiple environment lines
[[ -n "$environment" ]] && environment+=$'\n'
environment+="Environment=${1:?"--environment value is missing"}"
;;
--environment-file)
shift
# It is possible to add multiple environment-file lines
[[ -n "$environment_file" ]] && environment_file+=$'\n'
environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
# Validate inputs
local error="no"
if [[ -z "$exec_start" ]]; then
error "The --exec-start option is required"
error="yes"
fi
if [[ "$error" != "no" ]]; then
return 1
fi
# Generate the Systemd unit
cat > "$service_file" <<EOF
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
[Unit]
Description=Bitnami service for ${name}
# Starting/stopping the main bitnami service should cause the same effect for this service
PartOf=bitnami.service
[Service]
Type=${type}
EOF
if [[ -n "$working_directory" ]]; then
cat >> "$service_file" <<< "WorkingDirectory=${working_directory}"
fi
if [[ -n "$exec_start_pre" ]]; then
# This variable may contain multiple ExecStartPre= directives
cat >> "$service_file" <<< "$exec_start_pre"
fi
if [[ -n "$exec_start" ]]; then
cat >> "$service_file" <<< "ExecStart=${exec_start}"
fi
if [[ -n "$exec_start_post" ]]; then
# This variable may contain multiple ExecStartPost= directives
cat >> "$service_file" <<< "$exec_start_post"
fi
# Optional stop and reload commands
if [[ -n "$exec_stop" ]]; then
cat >> "$service_file" <<< "ExecStop=${exec_stop}"
fi
if [[ -n "$exec_reload" ]]; then
cat >> "$service_file" <<< "ExecReload=${exec_reload}"
fi
# User and group
if [[ -n "$user" ]]; then
cat >> "$service_file" <<< "User=${user}"
fi
if [[ -n "$group" ]]; then
cat >> "$service_file" <<< "Group=${group}"
fi
# PID file allows to determine if the main process is running properly (for Restart=always)
if [[ -n "$pid_file" ]]; then
cat >> "$service_file" <<< "PIDFile=${pid_file}"
fi
if [[ -n "$restart" ]]; then
cat >> "$service_file" <<< "Restart=${restart}"
fi
# Environment flags
if [[ -n "$environment" ]]; then
# This variable may contain multiple Environment= directives
cat >> "$service_file" <<< "$environment"
fi
if [[ -n "$environment_file" ]]; then
# This variable may contain multiple EnvironmentFile= directives
cat >> "$service_file" <<< "$environment_file"
fi
# Logging
if [[ -n "$standard_output" ]]; then
cat >> "$service_file" <<< "StandardOutput=${standard_output}"
fi
if [[ -n "$standard_error" ]]; then
cat >> "$service_file" <<< "StandardError=${standard_error}"
fi
if [[ -n "$custom_service_content" ]]; then
# This variable may contain multiple miscellaneous directives
cat >> "$service_file" <<< "$custom_service_content"
fi
if [[ -n "$success_exit_status" ]]; then
cat >> "$service_file" <<EOF
# When the process receives a SIGTERM signal, it exits with code ${success_exit_status}
SuccessExitStatus=${success_exit_status}
EOF
fi
cat >> "$service_file" <<EOF
# Optimizations
TimeoutStartSec=2min
TimeoutStopSec=30s
IgnoreSIGPIPE=no
KillMode=mixed
EOF
if [[ -n "$limits_content" ]]; then
cat >> "$service_file" <<EOF
# Limits
${limits_content}
EOF
fi
cat >> "$service_file" <<EOF
[Install]
# Enabling/disabling the main bitnami service should cause the same effect for this service
WantedBy=bitnami.service
EOF
}

294
bitnami/kibana/9/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh
View File

@ -1,294 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Validation functions library
# shellcheck disable=SC1091,SC2086
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Check if the provided argument is an integer
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_int() {
local -r int="${1:?missing value}"
if [[ "$int" =~ ^-?[0-9]+ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a positive integer
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_positive_int() {
local -r int="${1:?missing value}"
if is_int "$int" && (( "${int}" >= 0 )); then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean or is the string 'yes/true'
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_boolean_yes() {
local -r bool="${1:-}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean yes/no value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_yes_no_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(yes|no)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean true/false value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_true_false_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(true|false)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean 1/0 value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_1_0_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^[10]$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is an empty string or not defined
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_empty_value() {
local -r val="${1:-}"
if [[ -z "$val" ]]; then
true
else
false
fi
}
########################
# Validate if the provided argument is a valid port
# Arguments:
# $1 - Port to validate
# Returns:
# Boolean and error message
#########################
validate_port() {
local value
local unprivileged=0
# Parse flags
while [[ "$#" -gt 0 ]]; do
case "$1" in
-unprivileged)
unprivileged=1
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
if [[ "$#" -gt 1 ]]; then
echo "too many arguments provided"
return 2
elif [[ "$#" -eq 0 ]]; then
stderr_print "missing port argument"
return 1
else
value=$1
fi
if [[ -z "$value" ]]; then
echo "the value is empty"
return 1
else
if ! is_int "$value"; then
echo "value is not an integer"
return 2
elif [[ "$value" -lt 0 ]]; then
echo "negative value provided"
return 2
elif [[ "$value" -gt 65535 ]]; then
echo "requested port is greater than 65535"
return 2
elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then
echo "privileged port requested"
return 3
fi
fi
}
########################
# Validate if the provided argument is a valid IPv6 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ipv6() {
local ip="${1:?ip is missing}"
local stat=1
local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$'
local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$'
if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then
stat=0
fi
return $stat
}
########################
# Validate if the provided argument is a valid IPv4 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ipv4() {
local ip="${1:?ip is missing}"
local stat=1
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")"
[[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \
&& ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]]
stat=$?
fi
return $stat
}
########################
# Validate if the provided argument is a valid IPv4 or IPv6 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ip() {
local ip="${1:?ip is missing}"
local stat=1
if validate_ipv4 "$ip"; then
stat=0
else
stat=$(validate_ipv6 "$ip")
fi
return $stat
}
########################
# Validate a string format
# Arguments:
# $1 - String to validate
# Returns:
# Boolean
#########################
validate_string() {
local string
local min_length=-1
local max_length=-1
# Parse flags
while [ "$#" -gt 0 ]; do
case "$1" in
-min-length)
shift
min_length=${1:-}
;;
-max-length)
shift
max_length=${1:-}
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
string="$1"
;;
esac
shift
done
if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then
echo "string length is less than $min_length"
return 1
fi
if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then
echo "string length is great than $max_length"
return 1
fi
}

51
bitnami/kibana/9/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh
View File

@ -1,51 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for managing versions strings
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Gets semantic version
# Arguments:
# $1 - version: string to extract major.minor.patch
# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch
# Returns:
# array with the major, minor and release
#########################
get_sematic_version () {
local version="${1:?version is required}"
local section="${2:?section is required}"
local -a version_sections
#Regex to parse versions: x.y.z
local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?'
if [[ "$version" =~ $regex ]]; then
local i=1
local j=1
local n=${#BASH_REMATCH[*]}
while [[ $i -lt $n ]]; do
if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then
version_sections[j]="${BASH_REMATCH[$i]}"
((j++))
fi
((i++))
done
local number_regex='^[0-9]+$'
if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then
echo "${version_sections[$section]}"
return
else
stderr_print "Section allowed values are: 1, 2, and 3"
return 1
fi
fi
}

396
bitnami/kibana/9/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh
View File

@ -1,396 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami web server handler library
# shellcheck disable=SC1090,SC1091
# Load generic libraries
. /opt/bitnami/scripts/liblog.sh
########################
# Execute a command (or list of commands) with the web server environment and library loaded
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_execute() {
local -r web_server="${1:?missing web server}"
shift
# Run program in sub-shell to avoid web server environment getting loaded when not necessary
(
. "/opt/bitnami/scripts/lib${web_server}.sh"
. "/opt/bitnami/scripts/${web_server}-env.sh"
"$@"
)
}
########################
# Prints the list of enabled web servers
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_list() {
local -r -a supported_web_servers=(apache nginx)
local -a existing_web_servers=()
for web_server in "${supported_web_servers[@]}"; do
[[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server")
done
echo "${existing_web_servers[@]:-}"
}
########################
# Prints the currently-enabled web server type (only one, in order of preference)
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_type() {
local -a web_servers
read -r -a web_servers <<< "$(web_server_list)"
echo "${web_servers[0]:-}"
}
########################
# Validate that a supported web server is configured
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_validate() {
local error_code=0
local supported_web_servers=("apache" "nginx")
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then
print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}"
elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then
print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable."
fi
return "$error_code"
}
########################
# Check whether the web server is running
# Globals:
# *
# Arguments:
# None
# Returns:
# true if the web server is running, false otherwise
#########################
is_web_server_running() {
"is_$(web_server_type)_running"
}
########################
# Start web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_start() {
info "Starting $(web_server_type) in background"
if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then
systemctl start "bitnami.$(web_server_type).service"
else
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh"
fi
}
########################
# Stop web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_stop() {
info "Stopping $(web_server_type)"
if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then
systemctl stop "bitnami.$(web_server_type).service"
else
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh"
fi
}
########################
# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --type - Application type, which has an effect on which configuration template to use
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --disable - Whether to render server configurations with a .disabled prefix
# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix
# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix
# --http-port - HTTP port number
# --https-port - HTTPS port number
# --document-root - Path to document root directory
# Apache-specific flags:
# --apache-additional-configuration - Additional vhost configuration (no default)
# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default)
# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default)
# --apache-before-vhost-configuration - Configuration to add before the <VirtualHost> directive (no default)
# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined)
# --apache-extra-directory-configuration - Extra configuration for the document root directory
# --apache-proxy-address - Address where to proxy requests
# --apache-proxy-configuration - Extra configuration for the proxy
# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost
# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost
# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined)
# NGINX-specific flags:
# --nginx-additional-configuration - Additional server block configuration (no default)
# --nginx-external-configuration - Configuration external to server block (no default)
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_web_server_app_configuration_exists() {
local app="${1:?missing app}"
shift
local -a apache_args nginx_args web_servers args_var
apache_args=("$app")
nginx_args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--disable \
| --disable-http \
| --disable-https \
)
apache_args+=("$1")
nginx_args+=("$1")
;;
--hosts \
| --server-name \
| --server-aliases \
| --type \
| --allow-remote-connections \
| --http-port \
| --https-port \
| --document-root \
)
apache_args+=("$1" "${2:?missing value}")
nginx_args+=("$1" "${2:?missing value}")
shift
;;
# Specific Apache flags
--apache-additional-configuration \
| --apache-additional-http-configuration \
| --apache-additional-https-configuration \
| --apache-before-vhost-configuration \
| --apache-allow-override \
| --apache-extra-directory-configuration \
| --apache-proxy-address \
| --apache-proxy-configuration \
| --apache-proxy-http-configuration \
| --apache-proxy-https-configuration \
| --apache-move-htaccess \
)
apache_args+=("${1//apache-/}" "${2:?missing value}")
shift
;;
# Specific NGINX flags
--nginx-additional-configuration \
| --nginx-external-configuration)
nginx_args+=("${1//nginx-/}" "${2:?missing value}")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
args_var="${web_server}_args[@]"
web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}"
done
}
########################
# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Returns:
# true if the configuration was disabled, false otherwise
########################
ensure_web_server_app_configuration_not_exists() {
local app="${1:?missing app}"
local -a web_servers
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app"
done
}
########################
# Ensure the web server loads the configuration for an application in a URL prefix
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --document-root - Path to document root directory
# --prefix - URL prefix from where it will be accessible (i.e. /myapp)
# --type - Application type, which has an effect on what configuration template will be used
# Apache-specific flags:
# --apache-additional-configuration - Additional vhost configuration (no default)
# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no')
# --apache-extra-directory-configuration - Extra configuration for the document root directory
# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup
# NGINX-specific flags:
# --nginx-additional-configuration - Additional server block configuration (no default)
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_web_server_prefix_configuration_exists() {
local app="${1:?missing app}"
shift
local -a apache_args nginx_args web_servers args_var
apache_args=("$app")
nginx_args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--allow-remote-connections \
| --document-root \
| --prefix \
| --type \
)
apache_args+=("$1" "${2:?missing value}")
nginx_args+=("$1" "${2:?missing value}")
shift
;;
# Specific Apache flags
--apache-additional-configuration \
| --apache-allow-override \
| --apache-extra-directory-configuration \
| --apache-move-htaccess \
)
apache_args+=("${1//apache-/}" "$2")
shift
;;
# Specific NGINX flags
--nginx-additional-configuration)
nginx_args+=("${1//nginx-/}" "$2")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
args_var="${web_server}_args[@]"
web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}"
done
}
########################
# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases
# --enable-http - Enable HTTP app configuration (if not enabled already)
# --enable-https - Enable HTTPS app configuration (if not enabled already)
# --disable-http - Disable HTTP app configuration (if not disabled already)
# --disable-https - Disable HTTPS app configuration (if not disabled already)
# --http-port - HTTP port number
# --https-port - HTTPS port number
# Returns:
# true if the configuration was updated, false otherwise
########################
web_server_update_app_configuration() {
local app="${1:?missing app}"
shift
local -a args web_servers
args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--enable-http \
| --enable-https \
| --disable-http \
| --disable-https \
)
args+=("$1")
;;
--hosts \
| --server-name \
| --server-aliases \
| --http-port \
| --https-port \
)
args+=("$1" "${2:?missing value}")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}"
done
}

27
bitnami/kibana/9/debian-12/prebuildfs/usr/sbin/install_packages
View File

@ -1,27 +0,0 @@
#!/bin/sh
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
set -eu
n=0
max=2
export DEBIAN_FRONTEND=noninteractive
until [ $n -gt $max ]; do
set +e
(
apt-get update -qq &&
apt-get install -y --no-install-recommends "$@"
)
CODE=$?
set -e
if [ $CODE -eq 0 ]; then
break
fi
if [ $n -eq $max ]; then
exit $CODE
fi
echo "apt failed, retrying"
n=$(($n + 1))
done
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives

24
bitnami/kibana/9/debian-12/prebuildfs/usr/sbin/run-script
View File

@ -1,24 +0,0 @@
#!/bin/sh
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
set -u
if [ $# -eq 0 ]; then
>&2 echo "No arguments provided"
exit 1
fi
script=$1
exit_code="${2:-96}"
fail_if_not_present="${3:-n}"
if test -f "$script"; then
sh $script
if [ $? -ne 0 ]; then
exit $((exit_code))
fi
elif [ "$fail_if_not_present" = "y" ]; then
>&2 echo "script not found: $script"
exit 127
fi

26
bitnami/kibana/9/debian-12/prebuildfs/usr/sbin/uninstall_packages
View File

@ -1,26 +0,0 @@
#!/bin/sh
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
set -eu
n=0
max=2
export DEBIAN_FRONTEND=noninteractive
until [ $n -gt $max ]; do
set +e
(
apt-get autoremove --purge -y "$@"
)
CODE=$?
set -e
if [ $CODE -eq 0 ]; then
break
fi
if [ $n -eq $max ]; then
exit $CODE
fi
echo "apt failed, retrying"
n=$(($n + 1))
done
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives

182
bitnami/kibana/9/debian-12/rootfs/opt/bitnami/scripts/kibana-env.sh
View File

@ -1,182 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Environment configuration for kibana
# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)
# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh
export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"
# Logging configuration
export MODULE="${MODULE:-kibana}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
kibana_env_vars=(
KIBANA_ELASTICSEARCH_URL
KIBANA_ELASTICSEARCH_PORT_NUMBER
KIBANA_HOST
KIBANA_PORT_NUMBER
KIBANA_WAIT_READY_MAX_RETRIES
KIBANA_INITSCRIPTS_START_SERVER
KIBANA_FORCE_INITSCRIPTS
KIBANA_DISABLE_STRICT_CSP
KIBANA_CERTS_DIR
KIBANA_SERVER_ENABLE_TLS
KIBANA_SERVER_KEYSTORE_LOCATION
KIBANA_SERVER_KEYSTORE_PASSWORD
KIBANA_SERVER_TLS_USE_PEM
KIBANA_SERVER_CERT_LOCATION
KIBANA_SERVER_KEY_LOCATION
KIBANA_SERVER_KEY_PASSWORD
KIBANA_PASSWORD
KIBANA_ELASTICSEARCH_ENABLE_TLS
KIBANA_ELASTICSEARCH_TLS_VERIFICATION_MODE
KIBANA_ELASTICSEARCH_TRUSTSTORE_LOCATION
KIBANA_ELASTICSEARCH_TRUSTSTORE_PASSWORD
KIBANA_ELASTICSEARCH_TLS_USE_PEM
KIBANA_ELASTICSEARCH_CA_CERT_LOCATION
KIBANA_DISABLE_STRICT_CSP
KIBANA_CREATE_USER
KIBANA_ELASTICSEARCH_PASSWORD
KIBANA_SERVER_PUBLICBASEURL
KIBANA_XPACK_SECURITY_ENCRYPTIONKEY
KIBANA_XPACK_REPORTING_ENCRYPTIONKEY
KIBANA_NEWSFEED_ENABLED
KIBANA_ELASTICSEARCH_REQUESTTIMEOUT
ELASTICSEARCH_URL
KIBANA_ELASTICSEARCH_PORT_NUMBER
KIBANA_ELASTICSEARCH_PORT
KIBANA_PORT_NUMBER
KIBANA_INITSCRIPTS_MAX_RETRIES
)
for env_var in "${kibana_env_vars[@]}"; do
file_env_var="${env_var}_FILE"
if [[ -n "${!file_env_var:-}" ]]; then
if [[ -r "${!file_env_var:-}" ]]; then
export "${env_var}=$(< "${!file_env_var}")"
unset "${file_env_var}"
else
warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
fi
fi
done
unset kibana_env_vars
export SERVER_FLAVOR="kibana"
# Paths
export BITNAMI_VOLUME_DIR="/bitnami"
export KIBANA_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/kibana"
export SERVER_VOLUME_DIR="$KIBANA_VOLUME_DIR"
export KIBANA_BASE_DIR="${BITNAMI_ROOT_DIR}/kibana"
export SERVER_BASE_DIR="$KIBANA_BASE_DIR"
export KIBANA_CONF_DIR="${SERVER_BASE_DIR}/config"
export SERVER_CONF_DIR="$KIBANA_CONF_DIR"
export KIBANA_DEFAULT_CONF_DIR="${SERVER_BASE_DIR}/config.default"
export SERVER_DEFAULT_CONF_DIR="$KIBANA_DEFAULT_CONF_DIR"
export KIBANA_LOGS_DIR="${SERVER_BASE_DIR}/logs"
export SERVER_LOGS_DIR="$KIBANA_LOGS_DIR"
export KIBANA_TMP_DIR="${SERVER_BASE_DIR}/tmp"
export SERVER_TMP_DIR="$KIBANA_TMP_DIR"
export KIBANA_BIN_DIR="${SERVER_BASE_DIR}/bin"
export SERVER_BIN_DIR="$KIBANA_BIN_DIR"
export KIBANA_PLUGINS_DIR="${SERVER_BASE_DIR}/plugins"
export SERVER_PLUGINS_DIR="$KIBANA_PLUGINS_DIR"
export KIBANA_DEFAULT_PLUGINS_DIR="${SERVER_BASE_DIR}/plugins.default"
export SERVER_DEFAULT_PLUGINS_DIR="$KIBANA_DEFAULT_PLUGINS_DIR"
export KIBANA_DATA_DIR="${SERVER_VOLUME_DIR}/data"
export SERVER_DATA_DIR="$KIBANA_DATA_DIR"
export KIBANA_MOUNTED_CONF_DIR="${SERVER_VOLUME_DIR}/conf"
export SERVER_MOUNTED_CONF_DIR="$KIBANA_MOUNTED_CONF_DIR"
export KIBANA_CONF_FILE="${SERVER_CONF_DIR}/kibana.yml"
export SERVER_CONF_FILE="$KIBANA_CONF_FILE"
export KIBANA_LOG_FILE="${SERVER_LOGS_DIR}/kibana.log"
export SERVER_LOG_FILE="$KIBANA_LOG_FILE"
export KIBANA_PID_FILE="${SERVER_TMP_DIR}/kibana.pid"
export SERVER_PID_FILE="$KIBANA_PID_FILE"
export KIBANA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d"
export SERVER_INITSCRIPTS_DIR="$KIBANA_INITSCRIPTS_DIR"
# System users (when running with a privileged user)
export KIBANA_DAEMON_USER="kibana"
export SERVER_DAEMON_USER="$KIBANA_DAEMON_USER"
export KIBANA_DAEMON_GROUP="kibana"
export SERVER_DAEMON_GROUP="$KIBANA_DAEMON_GROUP"
# Kibana configuration
KIBANA_ELASTICSEARCH_URL="${KIBANA_ELASTICSEARCH_URL:-"${ELASTICSEARCH_URL:-}"}"
export KIBANA_ELASTICSEARCH_URL="${KIBANA_ELASTICSEARCH_URL:-elasticsearch}"
export SERVER_DB_URL="$KIBANA_ELASTICSEARCH_URL"
KIBANA_ELASTICSEARCH_PORT_NUMBER="${KIBANA_ELASTICSEARCH_PORT_NUMBER:-"${KIBANA_ELASTICSEARCH_PORT_NUMBER:-}"}"
KIBANA_ELASTICSEARCH_PORT_NUMBER="${KIBANA_ELASTICSEARCH_PORT_NUMBER:-"${KIBANA_ELASTICSEARCH_PORT:-}"}"
KIBANA_ELASTICSEARCH_PORT_NUMBER="${KIBANA_ELASTICSEARCH_PORT_NUMBER:-"${KIBANA_PORT_NUMBER:-}"}"
export KIBANA_ELASTICSEARCH_PORT_NUMBER="${KIBANA_ELASTICSEARCH_PORT_NUMBER:-9200}"
export SERVER_DB_PORT_NUMBER="$KIBANA_ELASTICSEARCH_PORT_NUMBER"
export KIBANA_HOST="${KIBANA_HOST:-0.0.0.0}"
export SERVER_HOST="$KIBANA_HOST"
export KIBANA_PORT_NUMBER="${KIBANA_PORT_NUMBER:-5601}"
export SERVER_PORT_NUMBER="$KIBANA_PORT_NUMBER"
KIBANA_WAIT_READY_MAX_RETRIES="${KIBANA_WAIT_READY_MAX_RETRIES:-"${KIBANA_INITSCRIPTS_MAX_RETRIES:-}"}"
export KIBANA_WAIT_READY_MAX_RETRIES="${KIBANA_WAIT_READY_MAX_RETRIES:-30}"
export SERVER_WAIT_READY_MAX_RETRIES="$KIBANA_WAIT_READY_MAX_RETRIES"
export KIBANA_INITSCRIPTS_START_SERVER="${KIBANA_INITSCRIPTS_START_SERVER:-yes}"
export SERVER_INITSCRIPTS_START_SERVER="$KIBANA_INITSCRIPTS_START_SERVER"
export KIBANA_FORCE_INITSCRIPTS="${KIBANA_FORCE_INITSCRIPTS:-no}"
export SERVER_FORCE_INITSCRIPTS="$KIBANA_FORCE_INITSCRIPTS"
export KIBANA_DISABLE_STRICT_CSP="${KIBANA_DISABLE_STRICT_CSP:-no}"
export SERVER_DISABLE_STRICT_CSP="$KIBANA_DISABLE_STRICT_CSP"
# Kibana server SSL/TLS configuration
export KIBANA_CERTS_DIR="${KIBANA_CERTS_DIR:-${SERVER_CONF_DIR}/certs}"
export SERVER_CERTS_DIR="$KIBANA_CERTS_DIR"
export KIBANA_SERVER_ENABLE_TLS="${KIBANA_SERVER_ENABLE_TLS:-false}"
export SERVER_ENABLE_TLS="$KIBANA_SERVER_ENABLE_TLS"
export KIBANA_SERVER_KEYSTORE_LOCATION="${KIBANA_SERVER_KEYSTORE_LOCATION:-${SERVER_CERTS_DIR}/server/kibana.keystore.p12}"
export SERVER_KEYSTORE_LOCATION="$KIBANA_SERVER_KEYSTORE_LOCATION"
export KIBANA_SERVER_KEYSTORE_PASSWORD="${KIBANA_SERVER_KEYSTORE_PASSWORD:-}"
export SERVER_KEYSTORE_PASSWORD="$KIBANA_SERVER_KEYSTORE_PASSWORD"
export KIBANA_SERVER_TLS_USE_PEM="${KIBANA_SERVER_TLS_USE_PEM:-false}"
export SERVER_TLS_USE_PEM="$KIBANA_SERVER_TLS_USE_PEM"
export KIBANA_SERVER_CERT_LOCATION="${KIBANA_SERVER_CERT_LOCATION:-${SERVER_CERTS_DIR}/server/tls.crt}"
export SERVER_CERT_LOCATION="$KIBANA_SERVER_CERT_LOCATION"
export KIBANA_SERVER_KEY_LOCATION="${KIBANA_SERVER_KEY_LOCATION:-${SERVER_CERTS_DIR}/server/tls.key}"
export SERVER_KEY_LOCATION="$KIBANA_SERVER_KEY_LOCATION"
export KIBANA_SERVER_KEY_PASSWORD="${KIBANA_SERVER_KEY_PASSWORD:-}"
export SERVER_KEY_PASSWORD="$KIBANA_SERVER_KEY_PASSWORD"
# Elasticsearch Security configuration
export KIBANA_PASSWORD="${KIBANA_PASSWORD:-}"
export SERVER_PASSWORD="$KIBANA_PASSWORD"
export KIBANA_ELASTICSEARCH_ENABLE_TLS="${KIBANA_ELASTICSEARCH_ENABLE_TLS:-false}"
export SERVER_DB_ENABLE_TLS="$KIBANA_ELASTICSEARCH_ENABLE_TLS"
export KIBANA_ELASTICSEARCH_TLS_VERIFICATION_MODE="${KIBANA_ELASTICSEARCH_TLS_VERIFICATION_MODE:-full}"
export SERVER_DB_TLS_VERIFICATION_MODE="$KIBANA_ELASTICSEARCH_TLS_VERIFICATION_MODE"
export KIBANA_ELASTICSEARCH_TRUSTSTORE_LOCATION="${KIBANA_ELASTICSEARCH_TRUSTSTORE_LOCATION:-${SERVER_CERTS_DIR}/elasticsearch/elasticsearch.truststore.p12}"
export SERVER_DB_TRUSTSTORE_LOCATION="$KIBANA_ELASTICSEARCH_TRUSTSTORE_LOCATION"
export KIBANA_ELASTICSEARCH_TRUSTSTORE_PASSWORD="${KIBANA_ELASTICSEARCH_TRUSTSTORE_PASSWORD:-}"
export SERVER_DB_TRUSTSTORE_PASSWORD="$KIBANA_ELASTICSEARCH_TRUSTSTORE_PASSWORD"
export KIBANA_ELASTICSEARCH_TLS_USE_PEM="${KIBANA_ELASTICSEARCH_TLS_USE_PEM:-false}"
export SERVER_DB_TLS_USE_PEM="$KIBANA_ELASTICSEARCH_TLS_USE_PEM"
export KIBANA_ELASTICSEARCH_CA_CERT_LOCATION="${KIBANA_ELASTICSEARCH_CA_CERT_LOCATION:-${SERVER_CERTS_DIR}/elasticsearch/ca.crt}"
export SERVER_DB_CA_CERT_LOCATION="$KIBANA_ELASTICSEARCH_CA_CERT_LOCATION"
export KIBANA_DISABLE_STRICT_CSP="${KIBANA_DISABLE_STRICT_CSP:-no}"
export KIBANA_CREATE_USER="${KIBANA_CREATE_USER:-false}"
export KIBANA_ELASTICSEARCH_PASSWORD="${KIBANA_ELASTICSEARCH_PASSWORD:-}"
export KIBANA_SERVER_PUBLICBASEURL="${KIBANA_SERVER_PUBLICBASEURL:-}"
export KIBANA_XPACK_SECURITY_ENCRYPTIONKEY="${KIBANA_XPACK_SECURITY_ENCRYPTIONKEY:-}"
export KIBANA_XPACK_REPORTING_ENCRYPTIONKEY="${KIBANA_XPACK_REPORTING_ENCRYPTIONKEY:-}"
export KIBANA_NEWSFEED_ENABLED="${KIBANA_NEWSFEED_ENABLED:-true}"
export KIBANA_ELASTICSEARCH_REQUESTTIMEOUT="${KIBANA_ELASTICSEARCH_REQUESTTIMEOUT:-30000}"
# Custom environment variables may be defined below

48
bitnami/kibana/9/debian-12/rootfs/opt/bitnami/scripts/kibana/entrypoint.sh
View File

@ -1,48 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace
# Load libraries
. /opt/bitnami/scripts/libkibana.sh
. /opt/bitnami/scripts/libbitnami.sh
. /opt/bitnami/scripts/liblog.sh
# Load environment
. /opt/bitnami/scripts/kibana-env.sh
print_welcome_page
# We add the copy from default config in the entrypoint to not break users
# bypassing the setup.sh logic. If the file already exists do not overwrite (in
# case someone mounts a configuration file in /opt/bitnami/elasticsearch/conf)
debug "Copying files from $SERVER_DEFAULT_CONF_DIR to $SERVER_CONF_DIR"
cp -nr "$SERVER_DEFAULT_CONF_DIR"/. "$SERVER_CONF_DIR"
if ! is_dir_empty "$SERVER_DEFAULT_PLUGINS_DIR"; then
debug "Copying plugins from $SERVER_DEFAULT_PLUGINS_DIR to $SERVER_PLUGINS_DIR"
# Copy the plugins installed by default to the plugins directory
# If there is already a plugin with the same name in the plugins folder do nothing
for plugin_path in "${SERVER_DEFAULT_PLUGINS_DIR}"/*; do
plugin_name="$(basename "$plugin_path")"
plugin_moved_path="${SERVER_PLUGINS_DIR}/${plugin_name}"
if ! [[ -d "$plugin_moved_path" ]]; then
cp -r "$plugin_path" "$plugin_moved_path"
fi
done
fi
if [[ "$1" = "/opt/bitnami/scripts/kibana/run.sh" ]]; then
info "** Starting Kibana setup **"
/opt/bitnami/scripts/kibana/setup.sh
info "** Kibana setup finished! **"
fi
echo ""
exec "$@"

41
bitnami/kibana/9/debian-12/rootfs/opt/bitnami/scripts/kibana/postunpack.sh
View File

@ -1,41 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace
# Load libraries
. /opt/bitnami/scripts/libkibana.sh
. /opt/bitnami/scripts/libfs.sh
# Load environment
. /opt/bitnami/scripts/kibana-env.sh
for dir in "$SERVER_TMP_DIR" "$SERVER_LOGS_DIR" "$SERVER_CONF_DIR" "$SERVER_DEFAULT_CONF_DIR" "$SERVER_PLUGINS_DIR" "$SERVER_DEFAULT_PLUGINS_DIR" "$SERVER_VOLUME_DIR" "$SERVER_DATA_DIR" "$SERVER_INITSCRIPTS_DIR"; do
ensure_dir_exists "$dir"
chmod -R ug+rwX "$dir"
done
kibana_conf_set "path.data" "$SERVER_DATA_DIR"
# For backwards compatibility, create a symlink to the default path
! is_dir_empty "${SERVER_BASE_DIR}/data" || rm -rf "${SERVER_BASE_DIR}/data" && ln -s "$SERVER_DATA_DIR" "${SERVER_BASE_DIR}/data"
# Copy all initially generated configuration files to the default directory
# (this is to avoid breaking when entrypoint is being overridden)
cp -r "${SERVER_CONF_DIR}/"* "$SERVER_DEFAULT_CONF_DIR"
chmod o+rX -R "$SERVER_DEFAULT_CONF_DIR"
if ! is_dir_empty "$SERVER_PLUGINS_DIR"; then
# Move all initially installed plugins to the default plugins directory.
for plugin_path in "${SERVER_PLUGINS_DIR}"/*; do
plugin_name="$(basename "$plugin_path")"
plugin_moved_path="${SERVER_DEFAULT_PLUGINS_DIR}/${plugin_name}"
mv "$plugin_path" "$plugin_moved_path"
done
chmod o+rX -R "$SERVER_DEFAULT_PLUGINS_DIR"
fi

26
bitnami/kibana/9/debian-12/rootfs/opt/bitnami/scripts/kibana/run.sh
View File

@ -1,26 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace
# Load libraries
. /opt/bitnami/scripts/libkibana.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
# Load environment
. /opt/bitnami/scripts/kibana-env.sh
info "** Starting Kibana **"
start_command=("${SERVER_BIN_DIR}/kibana" "serve")
if am_i_root; then
exec_as_user "$SERVER_DAEMON_USER" "${start_command[@]}"
else
exec "${start_command[@]}"
fi

32
bitnami/kibana/9/debian-12/rootfs/opt/bitnami/scripts/kibana/setup.sh
View File

@ -1,32 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace
# Load libraries
. /opt/bitnami/scripts/libkibana.sh
. /opt/bitnami/scripts/libos.sh
# Load environment
. /opt/bitnami/scripts/kibana-env.sh
# Ensure kibana environment variables are valid
kibana_validate
# Ensure 'daemon' user exists when running as 'root'
am_i_root && ensure_user_exists "$SERVER_DAEMON_USER" --group "$SERVER_DAEMON_GROUP"
# Ensure kibana is initialized
kibana_initialize
# Create kibana_system user, if necessary
is_boolean_yes "$KIBANA_CREATE_USER" && kibana_create_system_user
# Ensure custom initialization scripts are executed
kibana_custom_init_scripts

528
bitnami/kibana/9/debian-12/rootfs/opt/bitnami/scripts/libkibana.sh
View File

@ -1,528 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami Kibana library
# shellcheck disable=SC1090
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libservice.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Set Elasticsearch keystore values
# Globals:
# ELASTICSEARCH_*
# Arguments:
# None
# Returns:
# None
#########################
kibana_set_key_value() {
local key="${1:?missing key}"
local value="${2:?missing value}"
debug "Storing key: ${key}"
kibana-keystore add --stdin --force "$key" <<<"$value"
}
########################
# Waits for Elasticsearch to be available and creates the user 'kibana_user', if it doesn't exists
# Globals:
# KIBANA_*
# Arguments:
# None
# Returns:
# None
#########################
kibana_create_system_user() {
local -r retries="60"
local -r sleep_time="5"
local url
url=$(kibana_sanitize_elasticsearch_hosts "${KIBANA_ELASTICSEARCH_URL}" "${KIBANA_ELASTICSEARCH_PORT_NUMBER}")
check_elasticsearch() {
local status_code="000"
status_code=$(curl -L -s -k -o /dev/null "${url}" -w "%{http_code}")
debug "Attempted to connect with Elasticserach. Status code: $status_code"
# Any status code different to 000 will be considered valid
[[ "$status_code" != "000" ]]
}
info "Waiting for Elasticsearch to be ready."
# Wait for elasticsearch to be available
if ! retry_while "check_elasticsearch" "$retries" "$sleep_time"; then
error "Timeout waiting for the Elasticsearch to respond"
return 1
fi
# Check kibana_system user doesn't exists
status_code=$(curl -L -s -k -o /dev/null -u "kibana_system:${KIBANA_PASSWORD}" "${url}" -w "%{http_code}")
if [[ "$status_code" == "401" ]]; then
info "Setting password for user 'kibana_system'"
curl -L -s -k -o /dev/null -X POST -u "elastic:${KIBANA_ELASTICSEARCH_PASSWORD}" -H "Content-Type: application/json" "${url}/_security/user/kibana_system/_password" -d "{\"password\":\"${KIBANA_PASSWORD}\"}"
status_code=$(curl -L -s -k -o /dev/null -u "kibana_system:${KIBANA_PASSWORD}" "${url}" -w "%{http_code}")
if [[ "$status_code" == "200" ]]; then
info "Password for kibana_system successfully configured"
else
error "An error occurred while configuring kibana_system user"
return 1
fi
else
info "Skipping 'kibana_system' user creation. User already exists. Status code: ${status_code}"
fi
}
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami Kibana/Opensearch Dashboards common library
# shellcheck disable=SC1090
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libfile.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libservice.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Validate settings in SERVER_* env vars
# Globals:
# SERVER_*
# Arguments:
# None
# Returns:
# 0 if the validation succeeded, 1 otherwise
#########################
kibana_validate() {
debug "Validating settings in SERVER_* environment variables..."
local error_code=0
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
check_multi_value() {
if [[ " ${2} " != *" ${!1} "* ]]; then
print_validation_error "The allowed values for ${1} are: ${2}"
fi
}
check_empty_value() {
if is_empty_value "${!1}"; then
print_validation_error "${1} must be set"
fi
}
# Warn users in case the configuration file is not writable
is_file_writable "$SERVER_CONF_FILE" || warn "The ${SERVER_FLAVOR^} configuration file '${SERVER_CONF_FILE}' is not writable. Configurations based on environment variables will not be applied for this file."
if [[ "$SERVER_FLAVOR" = "kibana" ]]; then
if is_boolean_yes "$KIBANA_CREATE_USER"; then
if is_empty_value "$KIBANA_PASSWORD"; then
print_validation_error "The variable KIBANA_CREATE_USER is set but no KIBANA_PASSWORD provided for the kibana_system user."
fi
if is_empty_value "$KIBANA_ELASTICSEARCH_PASSWORD"; then
print_validation_error "Password for the 'elastic' user is required in order to create the kibana_system user. Please provide it using the variable KIBANA_ELASTICSEARCH_PASSWORD."
fi
fi
fi
# User inputs
check_empty_value "SERVER_DB_URL"
check_empty_value "SERVER_HOST"
for var in "SERVER_DB_PORT_NUMBER" "SERVER_PORT_NUMBER"; do
if ! err=$(validate_port "${!var}"); then
print_validation_error "An invalid port was specified in the environment variable $var: $err"
fi
done
if is_boolean_yes "$SERVER_ENABLE_TLS"; then
if is_boolean_yes "$SERVER_TLS_USE_PEM"; then
if [[ ! -f "$SERVER_CERT_LOCATION" ]] || [[ ! -f "$SERVER_KEY_LOCATION" ]]; then
print_validation_error "In order to configure the TLS encryption for ${SERVER_FLAVOR^} server using PEM certs you must provide your a valid key and certificate."
fi
elif [[ ! -f "$SERVER_KEYSTORE_LOCATION" ]]; then
print_validation_error "In order to configure the TLS encryption for ${SERVER_FLAVOR^} server using PKCS12 certs you must mount a valid keystore."
fi
fi
if is_boolean_yes "$SERVER_DB_ENABLE_TLS"; then
check_multi_value "SERVER_DB_TLS_VERIFICATION_MODE" "full certificate none"
if [[ "$SERVER_DB_TLS_VERIFICATION_MODE" != "none" ]];then
if is_boolean_yes "$SERVER_DB_TLS_USE_PEM"; then
if [[ ! -f "$SERVER_DB_CA_CERT_LOCATION" ]]; then
print_validation_error "In order to connect to Elasticsearch via HTTPS, a valid CA certificate is required."
fi
elif [[ ! -f "$SERVER_DB_TRUSTSTORE_LOCATION" ]]; then
print_validation_error "In order to connect to Elasticsearch via HTTPS, a valid PKCS12 truststore is required."
fi
fi
fi
[[ "$error_code" -eq 0 ]] || exit "$error_code"
}
########################
# Configure/initialize Kibana/Dashboards
# Globals:
# SERVER_*
# Arguments:
# None
# Returns:
# None
#########################
kibana_initialize() {
info "Configuring/Initializing ${SERVER_FLAVOR^}..."
debug "Ensuring expected directories/files exist..."
for dir in "$SERVER_TMP_DIR" "$SERVER_LOGS_DIR" "$SERVER_CONF_DIR" "$SERVER_DATA_DIR"; do
ensure_dir_exists "$dir"
am_i_root && chown -R "$SERVER_DAEMON_USER:$SERVER_DAEMON_GROUP" "$dir"
done
if is_file_writable "$SERVER_CONF_FILE"; then
local dbFlavor="elasticsearch"
[[ "$SERVER_FLAVOR" = "opensearch-dashboards" ]] && dbFlavor="opensearch"
if is_mounted_dir_empty "$SERVER_MOUNTED_CONF_DIR"; then
info "Setting default configuration"
kibana_conf_set "pid.file" "$SERVER_PID_FILE"
kibana_conf_set "server.host" "$SERVER_HOST"
kibana_conf_set "server.port" "$SERVER_PORT_NUMBER" "int"
kibana_conf_set "${dbFlavor}.hosts" "$(kibana_sanitize_elasticsearch_hosts "${SERVER_DB_URL}" "${SERVER_DB_PORT_NUMBER}")"
else
info "Found mounted configuration directory"
if ! cp -Lr "$SERVER_MOUNTED_CONF_DIR"/* "$SERVER_CONF_DIR"; then
error "Issue copying mounted configuration files from $SERVER_MOUNTED_CONF_DIR to $SERVER_CONF_DIR. Make sure you are not mounting configuration files in $SERVER_CONF_DIR and $SERVER_MOUNTED_CONF_DIR at the same time"
exit 1
fi
fi
# Kibana override configuration
if [[ "$SERVER_FLAVOR" = "kibana" ]]; then
if is_boolean_yes "$KIBANA_DISABLE_STRICT_CSP"; then
kibana_conf_set "csp.strict" "false" "bool"
fi
if ! is_empty_value "$KIBANA_SERVER_PUBLICBASEURL"; then
kibana_conf_set "server.publicBaseUrl" "$KIBANA_SERVER_PUBLICBASEURL"
fi
if ! is_empty_value "$KIBANA_XPACK_SECURITY_ENCRYPTIONKEY"; then
kibana_conf_set "xpack.security.encryptionKey" "$KIBANA_XPACK_SECURITY_ENCRYPTIONKEY"
fi
if ! is_empty_value "$KIBANA_XPACK_REPORTING_ENCRYPTIONKEY"; then
kibana_conf_set "xpack.reporting.encryptionKey" "$KIBANA_XPACK_REPORTING_ENCRYPTIONKEY"
fi
if ! is_boolean_yes "$KIBANA_NEWSFEED_ENABLED"; then
kibana_conf_set "newsfeed.enabled" "false" "bool"
fi
if [[ "$KIBANA_ELASTICSEARCH_REQUESTTIMEOUT" != "30000" ]]; then
kibana_conf_set "elasticsearch.requestTimeout" "$KIBANA_ELASTICSEARCH_REQUESTTIMEOUT"
fi
fi
# Configure Elasticsearch/Opensearch authentication
if ! is_empty_value "$SERVER_PASSWORD"; then
local user="kibana_system"
[[ "$SERVER_FLAVOR" = "opensearch-dashboards" ]] && user="kibanaserver"
kibana_conf_set "${dbFlavor}.username" "$user"
kibana_conf_set "${dbFlavor}.password" "$SERVER_PASSWORD"
elif [[ "$SERVER_FLAVOR" = "opensearch-dashboards" ]]; then
info "Security settings not provided, removing plugin"
opensearch-dashboards-plugin remove securityDashboards
replace_in_file "$SERVER_CONF_FILE" "^opensearch_security\." "#opensearch_security."
fi
# Configure Webserver TLS settings (Client -> Kibana/Dashboards)
if is_boolean_yes "$SERVER_ENABLE_TLS"; then
kibana_conf_set "server.ssl.enabled" "true" "bool"
[[ "$SERVER_FLAVOR" = "opensearch-dashboards" ]] && kibana_conf_set "opensearch_security.cookie.secure" "true" "bool"
if is_boolean_yes "$SERVER_TLS_USE_PEM"; then
kibana_conf_set "server.ssl.certificate" "$SERVER_CERT_LOCATION"
kibana_conf_set "server.ssl.key" "$SERVER_KEY_LOCATION"
if ! is_empty_value "$SERVER_KEY_PASSWORD"; then
kibana_conf_set "server.ssl.keyPassphrase" "$SERVER_KEY_PASSWORD"
fi
else
kibana_conf_set "server.ssl.keystore.path" "$SERVER_KEYSTORE_LOCATION"
if ! is_empty_value "$SERVER_KEYSTORE_PASSWORD"; then
kibana_conf_set "server.ssl.keystore.password" "$SERVER_KEYSTORE_PASSWORD"
fi
fi
fi
# Configure Database TLS settings (Kibana/Dashboards -> Elasticsearch/Opensearch)
if is_boolean_yes "$SERVER_DB_ENABLE_TLS"; then
kibana_conf_set "${dbFlavor}.ssl.verificationMode" "$SERVER_DB_TLS_VERIFICATION_MODE"
if [[ "$SERVER_DB_TLS_VERIFICATION_MODE" != "none" ]];then
if is_boolean_yes "$SERVER_DB_TLS_USE_PEM"; then
kibana_conf_set "${dbFlavor}.ssl.certificateAuthorities" "$SERVER_DB_CA_CERT_LOCATION"
else
kibana_conf_set "${dbFlavor}.ssl.truststore.path" "$SERVER_DB_TRUSTSTORE_LOCATION"
if ! is_empty_value "$SERVER_DB_TRUSTSTORE_PASSWORD"; then
kibana_conf_set "${dbFlavor}.ssl.truststore.password" "$SERVER_DB_TRUSTSTORE_PASSWORD"
fi
fi
fi
fi
fi
}
########################
# Write a configuration setting value
# Globals:
# SERVER_CONF_FILE
# Arguments:
# $1 - key
# $2 - value
# $3 - YAML type (string, int or bool)
# Returns:
# None
#########################
kibana_conf_set() {
local -r key="${1:?Missing key}"
local -r value="${2:-}"
local -r type="${3:-string}"
local -r tempfile=$(mktemp)
case "$type" in
string)
yq eval "(.${key}) |= \"${value}\"" "$SERVER_CONF_FILE" >"$tempfile"
;;
int)
yq eval "(.${key}) |= ${value}" "$SERVER_CONF_FILE" >"$tempfile"
;;
bool)
yq eval "(.${key}) |= (\"${value}\" | test(\"true\"))" "$SERVER_CONF_FILE" >"$tempfile"
;;
*)
error "Type unknown: ${type}"
return 1
;;
esac
cp "$tempfile" "$SERVER_CONF_FILE"
}
########################
# Read a configuration setting value
# Globals:
# SERVER_CONF_FILE
# Arguments:
# $1 - key
# Returns:
# Outputs the key to stdout (Empty response if key is not set)
#########################
kibana_conf_get() {
local key="${1:?missing key}"
if [[ -r "$SERVER_CONF_FILE" ]]; then
local -r res="$(yq eval ".${key}" "$SERVER_CONF_FILE")"
if [[ ! "$res" = "null" ]]; then
echo "$res"
fi
fi
}
########################
# Configure/initialize Kibana/Dashboards
# For backwards compatibility, it is allowed to specify the host and port in
# different env-vars and this function will build the correct url.
# Globals:
# SERVER_*
# Arguments:
# $1 - hostUrl
# $2 - port
# Returns:
# None
#########################
kibana_sanitize_elasticsearch_hosts() {
local -r hostUrl="${1:?missing hostUrl}"
local -r port="${2:?missing port}"
local scheme
if is_boolean_yes "$SERVER_DB_ENABLE_TLS"; then
scheme="https"
else
scheme="http"
fi
if grep -q -E "^https?://[^:]+:[0-9]+$" <<<"$hostUrl"; then # i.e. http://localhost:9200
echo "${hostUrl}"
elif grep -q -E "^https?://[^:]+$" <<<"$hostUrl"; then # i.e. http://localhost
echo "${hostUrl}:${port}"
elif grep -q -E "^[^:]+:[0-9]+$" <<<"$hostUrl"; then # i.e. localhost:9200
echo "${scheme}://${hostUrl}"
else # i.e. localhost
echo "${scheme}://${hostUrl}:${port}"
fi
}
########################
# Check if Kibana/Dashboards is running
# Globals:
# SERVER_*
# Arguments:
# None
# Returns:
# Boolean
#########################
is_kibana_running() {
local pid
pid="$(get_pid_from_file "${SERVER_PID_FILE}")"
if [[ -z "$pid" ]]; then
false
else
is_service_running "$pid"
fi
}
########################
# Check if Kibana/Dashboards is not running
# Globals:
# SERVER_*
# Arguments:
# None
# Returns:
# Boolean
#########################
is_kibana_not_running() {
! is_kibana_running
}
########################
# Check if Kibana/Dashboards is ready
# Globals:
# SERVER_*
# Arguments:
# None
# Returns:
# Boolean
#########################
is_kibana_ready() {
local basePath
local rewriteBasePath
local scheme="http"
local opts=()
rewriteBasePath=$(kibana_conf_get "server.rewriteBasePath")
# The default value for is 'server.rewriteBasePath' is 'true' when ommited.'
# Therefore, we must check the value is not 'true'
! is_boolean_yes "$rewriteBasePath" && basePath=$(kibana_conf_get "server.basePath")
[[ "$SERVER_FLAVOR" = "opensearch-dashboards" ]] && ! is_empty_value "$SERVER_PASSWORD" && opts+=("-u" "kibanaserver:${SERVER_PASSWORD}")
if is_boolean_yes "$SERVER_DB_ENABLE_TLS"; then
scheme="https"
opts+=("-k")
fi
if is_kibana_running; then
# Kibana 7 and Opensearch expects .status.overall.state to be 'green', while 8 expects .status.overall.level to be 'available'
local -r status="$(yq eval '.status.overall | pick(["state", "level"]) | .[]' - <<<"$(curl -s "${opts[@]}" "${scheme}://127.0.0.1:${SERVER_PORT_NUMBER}${basePath}/api/status")")"
[[ "$status" = "green" || "$status" = "available" ]] && return
else
false
fi
}
########################
# Wait until Kibana/Dashboards is ready
# Globals:
# SERVER_*
# Arguments:
# None
# Returns:
# Boolean
#########################
wait_for_kibana_ready() {
info "Waiting for ${SERVER_FLAVOR^} to be started and ready"
retries="$SERVER_WAIT_READY_MAX_RETRIES"
until is_kibana_ready || [[ "$retries" -eq 0 ]]; do
debug "Waiting for ${SERVER_FLAVOR^} server: $((retries--)) remaining attempts..."
sleep 2
done
if [[ "$retries" -eq 0 ]]; then
error "${SERVER_FLAVOR^} is not available after ${SERVER_WAIT_READY_MAX_RETRIES} retries"
if [[ -r "${SERVER_LOGS_DIR}/init_scripts_start.log" ]]; then
info "Dumping ${SERVER_LOGS_DIR}/init_scripts_start.log for additional diagnostics..."
cat "${SERVER_LOGS_DIR}/init_scripts_start.log"
fi
exit 1
fi
}
########################
# Start Kibana/Dashboards in background mode
# Globals:
# SERVER_*
# Arguments:
# Extra arguments to pass to the command (optional array)
# Returns:
# None
#########################
kibana_start_bg() {
local extra_args=("${@}")
info "Starting ${SERVER_FLAVOR^} in background"
local start_command=("${SERVER_BIN_DIR}/${SERVER_FLAVOR}" "serve" "${extra_args[@]}")
am_i_root && start_command=("run_as_user" "$SERVER_DAEMON_USER" "${start_command[@]}")
debug_execute "${start_command[@]}" &
}
########################
# Run custom initialization scripts
# Globals:
# SERVER_*
# Arguments:
# None
# Returns:
# None
#########################
kibana_custom_init_scripts() {
read -r -a init_scripts <<<"$(find "$SERVER_INITSCRIPTS_DIR" -type f -name "*.sh" -print0 | xargs -0)"
if [[ "${#init_scripts[@]}" -gt 0 ]] && [[ ! -f "$SERVER_VOLUME_DIR"/.user_scripts_initialized ]] || is_boolean_yes "$SERVER_FORCE_INITSCRIPTS"; then
if is_boolean_yes "$SERVER_FORCE_INITSCRIPTS"; then
info "Forcing execution of user files"
fi
if is_boolean_yes "${SERVER_INITSCRIPTS_START_SERVER}"; then
# Binding to localhost to not give false positives for external connections
kibana_start_bg "--host" "127.0.0.1" "--log-file" "${SERVER_LOGS_DIR}/init_scripts_start.log"
wait_for_kibana_ready
fi
info "Loading user's custom files from $SERVER_INITSCRIPTS_DIR"
for f in "${init_scripts[@]}"; do
debug "Executing $f"
case "$f" in
*.sh)
if [[ -x "$f" ]]; then
if ! "$f"; then
error "Failed executing $f"
return 1
fi
else
warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail"
. "$f"
fi
;;
*)
warn "Skipping $f, supported formats are: .sh"
;;
esac
done
touch "$SERVER_VOLUME_DIR"/.user_scripts_initialized
is_kibana_running && stop_service_using_pid "$SERVER_PID_FILE"
retry_while "is_kibana_not_running"
fi
}

10
bitnami/logstash/8.17/README.md Normal file
View File

@ -0,0 +1,10 @@
# ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog
Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:
- Granting community users access for the first time to security-optimized versions of popular container images.
- Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
- Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
- For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.
These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).

10
bitnami/logstash/8.18/README.md Normal file
View File

@ -0,0 +1,10 @@
# ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog
Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:
- Granting community users access for the first time to security-optimized versions of popular container images.
- Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
- Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
- For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.
These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).

10
bitnami/logstash/8.19/README.md Normal file
View File

@ -0,0 +1,10 @@
# ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog
Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:
- Granting community users access for the first time to security-optimized versions of popular container images.
- Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
- Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
- For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.
These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).

10
bitnami/logstash/9.0/README.md Normal file
View File

@ -0,0 +1,10 @@
# ⚠️ Important Notice: Upcoming changes to the Bitnami Catalog
Beginning August 28th, 2025, Bitnami will evolve its public catalog to offer a curated set of hardened, security-focused images under the new [Bitnami Secure Images initiative](https://news.broadcom.com/app-dev/broadcom-introduces-bitnami-secure-images-for-production-ready-containerized-applications). As part of this transition:
- Granting community users access for the first time to security-optimized versions of popular container images.
- Bitnami will begin deprecating support for non-hardened, Debian-based software images in its free tier and will gradually remove non-latest tags from the public catalog. As a result, community users will have access to a reduced number of hardened images. These images are published only under the “latest” tag and are intended for development purposes
- Starting August 28th, over two weeks, all existing container images, including older or versioned tags (e.g., 2.50.0, 10.6), will be migrated from the public catalog (docker.io/bitnami) to the “Bitnami Legacy” repository (docker.io/bitnamilegacy), where they will no longer receive updates.
- For production workloads and long-term support, users are encouraged to adopt Bitnami Secure Images, which include hardened containers, smaller attack surfaces, CVE transparency (via VEX/KEV), SBOMs, and enterprise support.
These changes aim to improve the security posture of all Bitnami users by promoting best practices for software supply chain integrity and up-to-date deployments. For more details, visit the [Bitnami Secure Images announcement](https://github.com/bitnami/containers/issues/83267).

66
bitnami/logstash/9/debian-12/Dockerfile
View File

@ -1,66 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
FROM docker.io/bitnami/minideb:bookworm
ARG DOWNLOADS_URL="downloads.bitnami.com/files/stacksmith"
ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
ARG LOGSTASH_PLUGINS
ARG TARGETARCH
LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
org.opencontainers.image.created="2025-09-07T01:33:17Z" \
org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/logstash/README.md" \
org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/logstash" \
org.opencontainers.image.title="logstash" \
org.opencontainers.image.vendor="Broadcom, Inc." \
org.opencontainers.image.version="9.1.3"
ENV HOME="/" \
OS_ARCH="${TARGETARCH:-amd64}" \
OS_FLAVOUR="debian-12" \
OS_NAME="linux"
COPY prebuildfs /
SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
# Install required system packages and dependencies
RUN install_packages ca-certificates curl procps zlib1g
RUN --mount=type=secret,id=downloads_url,env=SECRET_DOWNLOADS_URL \
DOWNLOADS_URL=${SECRET_DOWNLOADS_URL:-${DOWNLOADS_URL}} ; \
mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ || exit 1 ; \
COMPONENTS=( \
"yq-4.47.1-3-linux-${OS_ARCH}-debian-12" \
"java-17.0.16-12-0-linux-${OS_ARCH}-debian-12" \
"logstash-9.1.3-0-linux-${OS_ARCH}-debian-12" \
) ; \
for COMPONENT in "${COMPONENTS[@]}"; do \
if [ ! -f "${COMPONENT}.tar.gz" ]; then \
curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz" -O ; \
curl -SsLf "https://${DOWNLOADS_URL}/${COMPONENT}.tar.gz.sha256" -O ; \
fi ; \
sha256sum -c "${COMPONENT}.tar.gz.sha256" ; \
tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner ; \
rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
done
RUN apt-get update && apt-get upgrade -y && \
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
RUN chmod g+rwX /opt/bitnami
RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
RUN uninstall_packages curl
COPY rootfs /
RUN /opt/bitnami/scripts/java/postunpack.sh
RUN /opt/bitnami/scripts/logstash/postunpack.sh
ENV APP_VERSION="9.1.3" \
BITNAMI_APP_NAME="logstash" \
IMAGE_REVISION="1" \
JAVA_HOME="/opt/bitnami/java" \
PATH="/opt/bitnami/common/bin:/opt/bitnami/java/bin:/opt/bitnami/logstash/bin:$PATH"
EXPOSE 8080
WORKDIR /opt/bitnami/logstash
USER 1001
ENTRYPOINT [ "/opt/bitnami/scripts/logstash/entrypoint.sh" ]
CMD [ "/opt/bitnami/scripts/logstash/run.sh" ]

13
bitnami/logstash/9/debian-12/docker-compose.yml
View File

@ -1,13 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
services:
logstash:
image: docker.io/bitnami/logstash:9
ports:
- 8080:8080
volumes:
- logstash_data:/bitnami
volumes:
logstash_data:
driver: local

2
bitnami/logstash/9/debian-12/prebuildfs/opt/bitnami/licenses/licenses.txt
View File

@ -1,2 +0,0 @@
Bitnami containers ship with software bundles. You can find the licenses under:
/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt

53
bitnami/logstash/9/debian-12/prebuildfs/opt/bitnami/scripts/libbitnami.sh
View File

@ -1,53 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami custom library
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Constants
BOLD='\033[1m'
# Functions
########################
# Print the welcome page
# Globals:
# DISABLE_WELCOME_MESSAGE
# BITNAMI_APP_NAME
# Arguments:
# None
# Returns:
# None
#########################
print_welcome_page() {
if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then
if [[ -n "$BITNAMI_APP_NAME" ]]; then
print_image_welcome_page
fi
fi
}
########################
# Print the welcome page for a Bitnami Docker image
# Globals:
# BITNAMI_APP_NAME
# Arguments:
# None
# Returns:
# None
#########################
print_image_welcome_page() {
local github_url="https://github.com/bitnami/containers"
info ""
info "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}"
info "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}"
info "${YELLOW}NOTICE: Starting August 28th, 2025, only a limited subset of images/charts will remain available for free. Backup will be available for some time at the 'Bitnami Legacy' repository. More info at https://github.com/bitnami/containers/issues/83267${RESET}"
info ""
}

141
bitnami/logstash/9/debian-12/prebuildfs/opt/bitnami/scripts/libfile.sh
View File

@ -1,141 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for managing files
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libos.sh
# Functions
########################
# Replace a regex-matching string in a file
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - substitute regex
# $4 - use POSIX regex. Default: true
# Returns:
# None
#########################
replace_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local substitute_regex="${3:?substitute regex is required}"
local posix_regex=${4:-true}
local result
# We should avoid using 'sed in-place' substitutions
# 1) They are not compatible with files mounted from ConfigMap(s)
# 2) We found incompatibility issues with Debian10 and "in-place" substitutions
local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
if [[ $posix_regex = true ]]; then
result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
else
result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
fi
echo "$result" > "$filename"
}
########################
# Replace a regex-matching multiline string in a file
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - substitute regex
# Returns:
# None
#########################
replace_in_file_multiline() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local substitute_regex="${3:?substitute regex is required}"
local result
local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")"
echo "$result" > "$filename"
}
########################
# Remove a line in a file based on a regex
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - use POSIX regex. Default: true
# Returns:
# None
#########################
remove_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local posix_regex=${3:-true}
local result
# We should avoid using 'sed in-place' substitutions
# 1) They are not compatible with files mounted from ConfigMap(s)
# 2) We found incompatibility issues with Debian10 and "in-place" substitutions
if [[ $posix_regex = true ]]; then
result="$(sed -E "/$match_regex/d" "$filename")"
else
result="$(sed "/$match_regex/d" "$filename")"
fi
echo "$result" > "$filename"
}
########################
# Appends text after the last line matching a pattern
# Arguments:
# $1 - file
# $2 - match regex
# $3 - contents to add
# Returns:
# None
#########################
append_file_after_last_match() {
local file="${1:?missing file}"
local match_regex="${2:?missing pattern}"
local value="${3:?missing value}"
# We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again
result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)"
echo "$result" > "$file"
}
########################
# Wait until certain entry is present in a log file
# Arguments:
# $1 - entry to look for
# $2 - log file
# $3 - max retries. Default: 12
# $4 - sleep between retries (in seconds). Default: 5
# Returns:
# Boolean
#########################
wait_for_log_entry() {
local -r entry="${1:-missing entry}"
local -r log_file="${2:-missing log file}"
local -r retries="${3:-12}"
local -r interval_time="${4:-5}"
local attempt=0
check_log_file_for_entry() {
if ! grep -qE "$entry" "$log_file"; then
debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})"
return 1
fi
}
debug "Checking that ${log_file} log file contains entry \"${entry}\""
if retry_while check_log_file_for_entry "$retries" "$interval_time"; then
debug "Found entry \"${entry}\" in ${log_file}"
true
else
error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries"
debug_execute cat "$log_file"
return 1
fi
}

193
bitnami/logstash/9/debian-12/prebuildfs/opt/bitnami/scripts/libfs.sh
View File

@ -1,193 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for file system actions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Ensure a file/directory is owned (user and group) but the given user
# Arguments:
# $1 - filepath
# $2 - owner
# Returns:
# None
#########################
owned_by() {
local path="${1:?path is missing}"
local owner="${2:?owner is missing}"
local group="${3:-}"
if [[ -n $group ]]; then
chown "$owner":"$group" "$path"
else
chown "$owner":"$owner" "$path"
fi
}
########################
# Ensure a directory exists and, optionally, is owned by the given user
# Arguments:
# $1 - directory
# $2 - owner
# Returns:
# None
#########################
ensure_dir_exists() {
local dir="${1:?directory is missing}"
local owner_user="${2:-}"
local owner_group="${3:-}"
[ -d "${dir}" ] || mkdir -p "${dir}"
if [[ -n $owner_user ]]; then
owned_by "$dir" "$owner_user" "$owner_group"
fi
}
########################
# Checks whether a directory is empty or not
# arguments:
# $1 - directory
# returns:
# boolean
#########################
is_dir_empty() {
local -r path="${1:?missing directory}"
# Calculate real path in order to avoid issues with symlinks
local -r dir="$(realpath "$path")"
if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then
true
else
false
fi
}
########################
# Checks whether a mounted directory is empty or not
# arguments:
# $1 - directory
# returns:
# boolean
#########################
is_mounted_dir_empty() {
local dir="${1:?missing directory}"
if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then
true
else
false
fi
}
########################
# Checks whether a file can be written to or not
# arguments:
# $1 - file
# returns:
# boolean
#########################
is_file_writable() {
local file="${1:?missing file}"
local dir
dir="$(dirname "$file")"
if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then
true
else
false
fi
}
########################
# Relativize a path
# arguments:
# $1 - path
# $2 - base
# returns:
# None
#########################
relativize() {
local -r path="${1:?missing path}"
local -r base="${2:?missing base}"
pushd "$base" >/dev/null || exit
realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||'
popd >/dev/null || exit
}
########################
# Configure permissions and ownership recursively
# Globals:
# None
# Arguments:
# $1 - paths (as a string).
# Flags:
# -f|--file-mode - mode for directories.
# -d|--dir-mode - mode for files.
# -u|--user - user
# -g|--group - group
# Returns:
# None
#########################
configure_permissions_ownership() {
local -r paths="${1:?paths is missing}"
local dir_mode=""
local file_mode=""
local user=""
local group=""
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-f | --file-mode)
shift
file_mode="${1:?missing mode for files}"
;;
-d | --dir-mode)
shift
dir_mode="${1:?missing mode for directories}"
;;
-u | --user)
shift
user="${1:?missing user}"
;;
-g | --group)
shift
group="${1:?missing group}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a filepaths <<<"$paths"
for p in "${filepaths[@]}"; do
if [[ -e "$p" ]]; then
find -L "$p" -printf ""
if [[ -n $dir_mode ]]; then
find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode"
fi
if [[ -n $file_mode ]]; then
find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode"
fi
if [[ -n $user ]] && [[ -n $group ]]; then
find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}"
elif [[ -n $user ]] && [[ -z $group ]]; then
find -L "$p" -print0 | xargs -r -0 chown "${user}"
elif [[ -z $user ]] && [[ -n $group ]]; then
find -L "$p" -print0 | xargs -r -0 chgrp "${group}"
fi
else
stderr_print "$p does not exist"
fi
done
}

18
bitnami/logstash/9/debian-12/prebuildfs/opt/bitnami/scripts/libhook.sh
View File

@ -1,18 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library to use for scripts expected to be used as Kubernetes lifecycle hooks
# shellcheck disable=SC1091
# Load generic libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libos.sh
# Override functions that log to stdout/stderr of the current process, so they print to process 1
for function_to_override in stderr_print debug_execute; do
# Output is sent to output of process 1 and thus end up in the container log
# The hook output in general isn't saved
eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2"
done

146
bitnami/logstash/9/debian-12/prebuildfs/opt/bitnami/scripts/liblog.sh
View File

@ -1,146 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for logging functions
# Constants
RESET='\033[0m'
RED='\033[38;5;1m'
GREEN='\033[38;5;2m'
YELLOW='\033[38;5;3m'
MAGENTA='\033[38;5;5m'
CYAN='\033[38;5;6m'
# Functions
########################
# Print to STDERR
# Arguments:
# Message to print
# Returns:
# None
#########################
stderr_print() {
# 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it
local bool="${BITNAMI_QUIET:-false}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
printf "%b\\n" "${*}" >&2
fi
}
########################
# Log message
# Arguments:
# Message to log
# Returns:
# None
#########################
log() {
local color_bool="${BITNAMI_COLOR:-true}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$color_bool" = 1 || "$color_bool" =~ ^(yes|true)$ ]]; then
stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}"
else
stderr_print "${MODULE:-} $(date "+%T.%2N ")${*}"
fi
}
########################
# Log an 'info' message
# Arguments:
# Message to log
# Returns:
# None
#########################
info() {
local msg_color=""
local color_bool="${BITNAMI_COLOR:-true}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$color_bool" = 1 || "$color_bool" =~ ^(yes|true)$ ]];then
msg_color="$GREEN"
fi
log "${msg_color}INFO ${RESET} ==> ${*}"
}
########################
# Log message
# Arguments:
# Message to log
# Returns:
# None
#########################
warn() {
local msg_color=""
local color_bool="${BITNAMI_COLOR:-true}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$color_bool" = 1 || "$color_bool" =~ ^(yes|true)$ ]];then
msg_color="$YELLOW"
fi
log "${msg_color}WARN ${RESET} ==> ${*}"
}
########################
# Log an 'error' message
# Arguments:
# Message to log
# Returns:
# None
#########################
error() {
local msg_color=""
local color_bool="${BITNAMI_COLOR:-true}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$color_bool" = 1 || "$color_bool" =~ ^(yes|true)$ ]];then
msg_color="$RED"
fi
log "${msg_color}ERROR${RESET} ==> ${*}"
}
########################
# Log a 'debug' message
# Globals:
# BITNAMI_DEBUG
# Arguments:
# None
# Returns:
# None
#########################
debug() {
local msg_color=""
local color_bool="${BITNAMI_COLOR:-true}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$color_bool" = 1 || "$color_bool" =~ ^(yes|true)$ ]] ;then
msg_color="$MAGENTA"
fi
local debug_bool="${BITNAMI_DEBUG:-false}"
if [[ "$debug_bool" = 1 || "$debug_bool" =~ ^(yes|true)$ ]]; then
log "${msg_color}DEBUG${RESET} ==> ${*}"
fi
}
########################
# Indent a string
# Arguments:
# $1 - string
# $2 - number of indentation characters (default: 4)
# $3 - indentation character (default: " ")
# Returns:
# None
#########################
indent() {
local string="${1:-}"
local num="${2:?missing num}"
local char="${3:-" "}"
# Build the indentation unit string
local indent_unit=""
for ((i = 0; i < num; i++)); do
indent_unit="${indent_unit}${char}"
done
# shellcheck disable=SC2001
# Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions
echo "$string" | sed "s/^/${indent_unit}/"
}

171
bitnami/logstash/9/debian-12/prebuildfs/opt/bitnami/scripts/libnet.sh
View File

@ -1,171 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for network functions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Resolve IP address for a host/domain (i.e. DNS lookup)
# Arguments:
# $1 - Hostname to resolve
# $2 - IP address version (v4, v6), leave empty for resolving to any version
# Returns:
# IP
#########################
dns_lookup() {
local host="${1:?host is missing}"
local ip_version="${2:-}"
getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1
}
#########################
# Wait for a hostname and return the IP
# Arguments:
# $1 - hostname
# $2 - number of retries
# $3 - seconds to wait between retries
# Returns:
# - IP address that corresponds to the hostname
#########################
wait_for_dns_lookup() {
local hostname="${1:?hostname is missing}"
local retries="${2:-5}"
local seconds="${3:-1}"
check_host() {
if [[ $(dns_lookup "$hostname") == "" ]]; then
false
else
true
fi
}
# Wait for the host to be ready
retry_while "check_host ${hostname}" "$retries" "$seconds"
dns_lookup "$hostname"
}
########################
# Get machine's IP
# Arguments:
# None
# Returns:
# Machine IP
#########################
get_machine_ip() {
local -a ip_addresses
local hostname
hostname="$(hostname)"
read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)"
if [[ "${#ip_addresses[@]}" -gt 1 ]]; then
warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}"
elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then
error "Could not find any IP address associated to hostname ${hostname}"
exit 1
fi
# Check if the first IP address is IPv6 to add brackets
if validate_ipv6 "${ip_addresses[0]}" ; then
echo "[${ip_addresses[0]}]"
else
echo "${ip_addresses[0]}"
fi
}
########################
# Check if the provided argument is a resolved hostname
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_hostname_resolved() {
local -r host="${1:?missing value}"
if [[ -n "$(dns_lookup "$host")" ]]; then
true
else
false
fi
}
########################
# Parse URL
# Globals:
# None
# Arguments:
# $1 - uri - String
# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String
# Returns:
# String
parse_uri() {
local uri="${1:?uri is missing}"
local component="${2:?component is missing}"
# Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with
# additional sub-expressions to split authority into userinfo, host and port
# Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969)
local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?'
# || | ||| | | | | | | | | |
# |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment
# 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #...
# | 4 authority
# 3 //...
local index=0
case "$component" in
scheme)
index=2
;;
authority)
index=4
;;
userinfo)
index=6
;;
host)
index=7
;;
port)
index=9
;;
path)
index=10
;;
query)
index=13
;;
fragment)
index=14
;;
*)
stderr_print "unrecognized component $component"
return 1
;;
esac
[[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}"
}
########################
# Wait for a HTTP connection to succeed
# Globals:
# *
# Arguments:
# $1 - URL to wait for
# $2 - Maximum amount of retries (optional)
# $3 - Time between retries (optional)
# Returns:
# true if the HTTP connection succeeded, false otherwise
#########################
wait_for_http_connection() {
local url="${1:?missing url}"
local retries="${2:-}"
local sleep_time="${3:-}"
if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then
error "Could not connect to ${url}"
return 1
fi
}

657
bitnami/logstash/9/debian-12/prebuildfs/opt/bitnami/scripts/libos.sh
View File

@ -1,657 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for operating system actions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Check if an user exists in the system
# Arguments:
# $1 - user
# Returns:
# Boolean
#########################
user_exists() {
local user="${1:?user is missing}"
id "$user" >/dev/null 2>&1
}
########################
# Check if a group exists in the system
# Arguments:
# $1 - group
# Returns:
# Boolean
#########################
group_exists() {
local group="${1:?group is missing}"
getent group "$group" >/dev/null 2>&1
}
########################
# Create a group in the system if it does not exist already
# Arguments:
# $1 - group
# Flags:
# -i|--gid - the ID for the new group
# -s|--system - Whether to create new user as system user (uid <= 999)
# Returns:
# None
#########################
ensure_group_exists() {
local group="${1:?group is missing}"
local gid=""
local is_system_user=false
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-i | --gid)
shift
gid="${1:?missing gid}"
;;
-s | --system)
is_system_user=true
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if ! group_exists "$group"; then
local -a args=("$group")
if [[ -n "$gid" ]]; then
if group_exists "$gid"; then
error "The GID $gid is already in use." >&2
return 1
fi
args+=("--gid" "$gid")
fi
$is_system_user && args+=("--system")
groupadd "${args[@]}" >/dev/null 2>&1
fi
}
########################
# Create an user in the system if it does not exist already
# Arguments:
# $1 - user
# Flags:
# -i|--uid - the ID for the new user
# -g|--group - the group the new user should belong to
# -a|--append-groups - comma-separated list of supplemental groups to append to the new user
# -h|--home - the home directory for the new user
# -s|--system - whether to create new user as system user (uid <= 999)
# Returns:
# None
#########################
ensure_user_exists() {
local user="${1:?user is missing}"
local uid=""
local group=""
local append_groups=""
local home=""
local is_system_user=false
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-i | --uid)
shift
uid="${1:?missing uid}"
;;
-g | --group)
shift
group="${1:?missing group}"
;;
-a | --append-groups)
shift
append_groups="${1:?missing append_groups}"
;;
-h | --home)
shift
home="${1:?missing home directory}"
;;
-s | --system)
is_system_user=true
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if ! user_exists "$user"; then
local -a user_args=("-N" "$user")
if [[ -n "$uid" ]]; then
if user_exists "$uid"; then
error "The UID $uid is already in use."
return 1
fi
user_args+=("--uid" "$uid")
else
$is_system_user && user_args+=("--system")
fi
useradd "${user_args[@]}" >/dev/null 2>&1
fi
if [[ -n "$group" ]]; then
local -a group_args=("$group")
$is_system_user && group_args+=("--system")
ensure_group_exists "${group_args[@]}"
usermod -g "$group" "$user" >/dev/null 2>&1
fi
if [[ -n "$append_groups" ]]; then
local -a groups
read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")"
for group in "${groups[@]}"; do
ensure_group_exists "$group"
usermod -aG "$group" "$user" >/dev/null 2>&1
done
fi
if [[ -n "$home" ]]; then
mkdir -p "$home"
usermod -d "$home" "$user" >/dev/null 2>&1
configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group"
fi
}
########################
# Check if the script is currently running as root
# Arguments:
# $1 - user
# $2 - group
# Returns:
# Boolean
#########################
am_i_root() {
if [[ "$(id -u)" = "0" ]]; then
true
else
false
fi
}
########################
# Print OS metadata
# Arguments:
# $1 - Flag name
# Flags:
# --id - Distro ID
# --version - Distro version
# --branch - Distro branch
# --codename - Distro codename
# --name - Distro name
# --pretty-name - Distro pretty name
# Returns:
# String
#########################
get_os_metadata() {
local -r flag_name="${1:?missing flag}"
# Helper function
get_os_release_metadata() {
local -r env_name="${1:?missing environment variable name}"
(
. /etc/os-release
echo "${!env_name}"
)
}
case "$flag_name" in
--id)
get_os_release_metadata ID
;;
--version)
get_os_release_metadata VERSION_ID
;;
--branch)
get_os_release_metadata VERSION_ID | sed 's/\..*//'
;;
--codename)
get_os_release_metadata VERSION_CODENAME
;;
--name)
get_os_release_metadata NAME
;;
--pretty-name)
get_os_release_metadata PRETTY_NAME
;;
*)
error "Unknown flag ${flag_name}"
return 1
;;
esac
}
########################
# Get total memory available
# Arguments:
# None
# Returns:
# Memory in bytes
#########################
get_total_memory() {
echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024))
}
########################
# Get machine size depending on specified memory
# Globals:
# None
# Arguments:
# None
# Flags:
# --memory - memory size (optional)
# Returns:
# Detected instance size
#########################
get_machine_size() {
local memory=""
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
--memory)
shift
memory="${1:?missing memory}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if [[ -z "$memory" ]]; then
debug "Memory was not specified, detecting available memory automatically"
memory="$(get_total_memory)"
fi
sanitized_memory=$(convert_to_mb "$memory")
if [[ "$sanitized_memory" -gt 26000 ]]; then
echo 2xlarge
elif [[ "$sanitized_memory" -gt 13000 ]]; then
echo xlarge
elif [[ "$sanitized_memory" -gt 6000 ]]; then
echo large
elif [[ "$sanitized_memory" -gt 3000 ]]; then
echo medium
elif [[ "$sanitized_memory" -gt 1500 ]]; then
echo small
else
echo micro
fi
}
########################
# Get machine size depending on specified memory
# Globals:
# None
# Arguments:
# $1 - memory size (optional)
# Returns:
# Detected instance size
#########################
get_supported_machine_sizes() {
echo micro small medium large xlarge 2xlarge
}
########################
# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048)
# Globals:
# None
# Arguments:
# $1 - memory size
# Returns:
# Result of the conversion
#########################
convert_to_mb() {
local amount="${1:-}"
if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then
size="${BASH_REMATCH[1]}"
unit="${BASH_REMATCH[2]}"
if [[ "$unit" = "g" || "$unit" = "G" ]]; then
amount="$((size * 1024))"
else
amount="$size"
fi
fi
echo "$amount"
}
#########################
# Redirects output to /dev/null if debug mode is disabled
# Globals:
# BITNAMI_DEBUG
# Arguments:
# $@ - Command to execute
# Returns:
# None
#########################
debug_execute() {
if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then
"$@"
else
"$@" >/dev/null 2>&1
fi
}
########################
# Retries a command a given number of times
# Arguments:
# $1 - cmd (as a string)
# $2 - max retries. Default: 12
# $3 - sleep between retries (in seconds). Default: 5
# Returns:
# Boolean
#########################
retry_while() {
local cmd="${1:?cmd is missing}"
local retries="${2:-12}"
local sleep_time="${3:-5}"
local return_value=1
read -r -a command <<<"$cmd"
for ((i = 1; i <= retries; i += 1)); do
"${command[@]}" && return_value=0 && break
sleep "$sleep_time"
done
return $return_value
}
########################
# Generate a random string
# Arguments:
# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii
# -c|--count - Number of characters, defaults to 32
# Arguments:
# None
# Returns:
# None
# Returns:
# String
#########################
generate_random_string() {
local type="ascii"
local count="32"
local filter
local result
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
-t | --type)
shift
type="$1"
;;
-c | --count)
shift
count="$1"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
# Validate type
case "$type" in
ascii)
filter="[:print:]"
;;
numeric)
filter="0-9"
;;
alphanumeric)
filter="a-zA-Z0-9"
;;
alphanumeric+special|special+alphanumeric)
# Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters
# Special characters are harder to write, and it could impact the overall UX if most passwords are too complex
filter='a-zA-Z0-9:@.,/+!='
;;
*)
echo "Invalid type ${type}" >&2
return 1
;;
esac
# Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size
# Note there is a very small chance of strings starting with EOL character
# Therefore, the higher amount of lines read, this will happen less frequently
result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")"
echo "$result"
}
########################
# Create md5 hash from a string
# Arguments:
# $1 - string
# Returns:
# md5 hash - string
#########################
generate_md5_hash() {
local -r str="${1:?missing input string}"
echo -n "$str" | md5sum | awk '{print $1}'
}
########################
# Create sha1 hash from a string
# Arguments:
# $1 - string
# $2 - algorithm - 1 (default), 224, 256, 384, 512
# Returns:
# sha1 hash - string
#########################
generate_sha_hash() {
local -r str="${1:?missing input string}"
local -r algorithm="${2:-1}"
echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}'
}
########################
# Converts a string to its hexadecimal representation
# Arguments:
# $1 - string
# Returns:
# hexadecimal representation of the string
#########################
convert_to_hex() {
local -r str=${1:?missing input string}
local -i iterator
local char
for ((iterator = 0; iterator < ${#str}; iterator++)); do
char=${str:iterator:1}
printf '%x' "'${char}"
done
}
########################
# Get boot time
# Globals:
# None
# Arguments:
# None
# Returns:
# Boot time metadata
#########################
get_boot_time() {
stat /proc --format=%Y
}
########################
# Get machine ID
# Globals:
# None
# Arguments:
# None
# Returns:
# Machine ID
#########################
get_machine_id() {
local machine_id
if [[ -f /etc/machine-id ]]; then
machine_id="$(cat /etc/machine-id)"
fi
if [[ -z "$machine_id" ]]; then
# Fallback to the boot-time, which will at least ensure a unique ID in the current session
machine_id="$(get_boot_time)"
fi
echo "$machine_id"
}
########################
# Get the root partition's disk device ID (e.g. /dev/sda1)
# Globals:
# None
# Arguments:
# None
# Returns:
# Root partition disk ID
#########################
get_disk_device_id() {
local device_id=""
if grep -q ^/dev /proc/mounts; then
device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)"
fi
# If it could not be autodetected, fallback to /dev/sda1 as a default
if [[ -z "$device_id" || ! -b "$device_id" ]]; then
device_id="/dev/sda1"
fi
echo "$device_id"
}
########################
# Get the root disk device ID (e.g. /dev/sda)
# Globals:
# None
# Arguments:
# None
# Returns:
# Root disk ID
#########################
get_root_disk_device_id() {
get_disk_device_id | sed -E 's/p?[0-9]+$//'
}
########################
# Get the root disk size in bytes
# Globals:
# None
# Arguments:
# None
# Returns:
# Root disk size in bytes
#########################
get_root_disk_size() {
fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true
}
########################
# Run command as a specific user and group (optional)
# Arguments:
# $1 - USER(:GROUP) to switch to
# $2..$n - command to execute
# Returns:
# Exit code of the specified command
#########################
run_as_user() {
run_chroot "$@"
}
########################
# Execute command as a specific user and group (optional),
# replacing the current process image
# Arguments:
# $1 - USER(:GROUP) to switch to
# $2..$n - command to execute
# Returns:
# Exit code of the specified command
#########################
exec_as_user() {
run_chroot --replace-process "$@"
}
########################
# Run a command using chroot
# Arguments:
# $1 - USER(:GROUP) to switch to
# $2..$n - command to execute
# Flags:
# -r | --replace-process - Replace the current process image (optional)
# Returns:
# Exit code of the specified command
#########################
run_chroot() {
local userspec
local user
local homedir
local replace=false
local -r cwd="$(pwd)"
# Parse and validate flags
while [[ "$#" -gt 0 ]]; do
case "$1" in
-r | --replace-process)
replace=true
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
# Parse and validate arguments
if [[ "$#" -lt 2 ]]; then
echo "expected at least 2 arguments"
return 1
else
userspec=$1
shift
# userspec can optionally include the group, so we parse the user
user=$(echo "$userspec" | cut -d':' -f1)
fi
if ! am_i_root; then
error "Could not switch to '${userspec}': Operation not permitted"
return 1
fi
# Get the HOME directory for the user to switch, as chroot does
# not properly update this env and some scripts rely on it
homedir=$(eval echo "~${user}")
if [[ ! -d $homedir ]]; then
homedir="${HOME:-/}"
fi
# Obtaining value for "$@" indirectly in order to properly support shell parameter expansion
if [[ "$replace" = true ]]; then
exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
else
chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
fi
}

124
bitnami/logstash/9/debian-12/prebuildfs/opt/bitnami/scripts/libpersistence.sh
View File

@ -1,124 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami persistence library
# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libversion.sh
# Functions
########################
# Persist an application directory
# Globals:
# BITNAMI_ROOT_DIR
# BITNAMI_VOLUME_DIR
# Arguments:
# $1 - App folder name
# $2 - List of app files to persist
# Returns:
# true if all steps succeeded, false otherwise
#########################
persist_app() {
local -r app="${1:?missing app}"
local -a files_to_restore
read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")"
local -r install_dir="${BITNAMI_ROOT_DIR}/${app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
# Persist the individual files
if [[ "${#files_to_persist[@]}" -le 0 ]]; then
warn "No files are configured to be persisted"
return
fi
pushd "$install_dir" >/dev/null || exit
local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder
local -r tmp_file="/tmp/perms.acl"
for file_to_persist in "${files_to_persist[@]}"; do
if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then
error "Cannot persist '${file_to_persist}' because it does not exist"
return 1
fi
file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")"
file_to_persist_destination="${persist_dir}/${file_to_persist_relative}"
file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")"
# Get original permissions for existing files, which will be applied later
# Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume
getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file"
# Copy directories to the volume
ensure_dir_exists "$file_to_persist_destination_folder"
cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder"
# Restore permissions
pushd "$persist_dir" >/dev/null || exit
if am_i_root; then
setfacl --restore="$tmp_file"
else
# When running as non-root, don't change ownership
setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file")
fi
popd >/dev/null || exit
done
popd >/dev/null || exit
rm -f "$tmp_file"
# Install the persisted files into the installation directory, via symlinks
restore_persisted_app "$@"
}
########################
# Restore a persisted application directory
# Globals:
# BITNAMI_ROOT_DIR
# BITNAMI_VOLUME_DIR
# FORCE_MAJOR_UPGRADE
# Arguments:
# $1 - App folder name
# $2 - List of app files to restore
# Returns:
# true if all steps succeeded, false otherwise
#########################
restore_persisted_app() {
local -r app="${1:?missing app}"
local -a files_to_restore
read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")"
local -r install_dir="${BITNAMI_ROOT_DIR}/${app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
# Restore the individual persisted files
if [[ "${#files_to_restore[@]}" -le 0 ]]; then
warn "No persisted files are configured to be restored"
return
fi
local file_to_restore_relative file_to_restore_origin file_to_restore_destination
for file_to_restore in "${files_to_restore[@]}"; do
file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")"
# We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed
file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")"
file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")"
rm -rf "$file_to_restore_origin"
ln -sfn "$file_to_restore_destination" "$file_to_restore_origin"
done
}
########################
# Check if an application directory was already persisted
# Globals:
# BITNAMI_VOLUME_DIR
# Arguments:
# $1 - App folder name
# Returns:
# true if all steps succeeded, false otherwise
#########################
is_app_initialized() {
local -r app="${1:?missing app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
if ! is_mounted_dir_empty "$persist_dir"; then
true
else
false
fi
}

422
bitnami/logstash/9/debian-12/prebuildfs/opt/bitnami/scripts/libservice.sh
View File

@ -1,422 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for managing services
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Read the provided pid file and returns a PID
# Arguments:
# $1 - Pid file
# Returns:
# PID
#########################
get_pid_from_file() {
local pid_file="${1:?pid file is missing}"
if [[ -f "$pid_file" ]]; then
if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then
echo "$(< "$pid_file")"
fi
fi
}
########################
# Check if a provided PID corresponds to a running service
# Arguments:
# $1 - PID
# Returns:
# Boolean
#########################
is_service_running() {
local pid="${1:?pid is missing}"
kill -0 "$pid" 2>/dev/null
}
########################
# Stop a service by sending a termination signal to its pid
# Arguments:
# $1 - Pid file
# $2 - Signal number (optional)
# Returns:
# None
#########################
stop_service_using_pid() {
local pid_file="${1:?pid file is missing}"
local signal="${2:-}"
local pid
pid="$(get_pid_from_file "$pid_file")"
[[ -z "$pid" ]] || ! is_service_running "$pid" && return
if [[ -n "$signal" ]]; then
kill "-${signal}" "$pid"
else
kill "$pid"
fi
local counter=10
while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do
sleep 1
counter=$((counter - 1))
done
}
########################
# Start cron daemon
# Arguments:
# None
# Returns:
# true if started correctly, false otherwise
#########################
cron_start() {
if [[ -x "/usr/sbin/cron" ]]; then
/usr/sbin/cron
elif [[ -x "/usr/sbin/crond" ]]; then
/usr/sbin/crond
else
false
fi
}
########################
# Generate a cron configuration file for a given service
# Arguments:
# $1 - Service name
# $2 - Command
# Flags:
# --run-as - User to run as (default: root)
# --schedule - Cron schedule configuration (default: * * * * *)
# Returns:
# None
#########################
generate_cron_conf() {
local service_name="${1:?service name is missing}"
local cmd="${2:?command is missing}"
local run_as="root"
local schedule="* * * * *"
local clean="true"
# Parse optional CLI flags
shift 2
while [[ "$#" -gt 0 ]]; do
case "$1" in
--run-as)
shift
run_as="$1"
;;
--schedule)
shift
schedule="$1"
;;
--no-clean)
clean="false"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
mkdir -p /etc/cron.d
if "$clean"; then
cat > "/etc/cron.d/${service_name}" <<EOF
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
${schedule} ${run_as} ${cmd}
EOF
else
echo "${schedule} ${run_as} ${cmd}" >> /etc/cron.d/"$service_name"
fi
}
########################
# Generate a logrotate configuration file
# Arguments:
# $1 - Service name
# $2 - Log files pattern
# Flags:
# --period - Period
# --rotations - Number of rotations to store
# --extra - Extra options (Optional)
# Returns:
# None
#########################
generate_logrotate_conf() {
local service_name="${1:?service name is missing}"
local log_path="${2:?log path is missing}"
local period="weekly"
local rotations="150"
local extra=""
local logrotate_conf_dir="/etc/logrotate.d"
local var_name
# Parse optional CLI flags
shift 2
while [[ "$#" -gt 0 ]]; do
case "$1" in
--period|--rotations|--extra)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "$var_name"="${1:?"$var_name" is missing}"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
mkdir -p "$logrotate_conf_dir"
cat <<EOF | sed '/^\s*$/d' > "${logrotate_conf_dir}/${service_name}"
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
${log_path} {
${period}
rotate ${rotations}
dateext
compress
copytruncate
missingok
$(indent "$extra" 2)
}
EOF
}
########################
# Remove a logrotate configuration file
# Arguments:
# $1 - Service name
# Returns:
# None
#########################
remove_logrotate_conf() {
local service_name="${1:?service name is missing}"
local logrotate_conf_dir="/etc/logrotate.d"
rm -f "${logrotate_conf_dir}/${service_name}"
}
########################
# Generate a Systemd configuration file
# Arguments:
# $1 - Service name
# Flags:
# --custom-service-content - Custom content to add to the [service] block
# --environment - Environment variable to define (multiple --environment options may be passed)
# --environment-file - Text file with environment variables (multiple --environment-file options may be passed)
# --exec-start - Start command (required)
# --exec-start-pre - Pre-start command (optional)
# --exec-start-post - Post-start command (optional)
# --exec-stop - Stop command (optional)
# --exec-reload - Reload command (optional)
# --group - System group to start the service with
# --name - Service full name (e.g. Apache HTTP Server, defaults to $1)
# --restart - When to restart the Systemd service after being stopped (defaults to always)
# --pid-file - Service PID file
# --standard-output - File where to print stdout output
# --standard-error - File where to print stderr output
# --success-exit-status - Exit code that indicates a successful shutdown
# --type - Systemd unit type (defaults to forking)
# --user - System user to start the service with
# --working-directory - Working directory at which to start the service
# Returns:
# None
#########################
generate_systemd_conf() {
local -r service_name="${1:?service name is missing}"
local -r systemd_units_dir="/etc/systemd/system"
local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service"
# Default values
local name="$service_name"
local type="forking"
local user=""
local group=""
local environment=""
local environment_file=""
local exec_start=""
local exec_start_pre=""
local exec_start_post=""
local exec_stop=""
local exec_reload=""
local restart="always"
local pid_file=""
local standard_output="journal"
local standard_error=""
local limits_content=""
local success_exit_status=""
local custom_service_content=""
local working_directory=""
# Parse CLI flags
shift
while [[ "$#" -gt 0 ]]; do
case "$1" in
--name \
| --type \
| --user \
| --group \
| --exec-start \
| --exec-stop \
| --exec-reload \
| --restart \
| --pid-file \
| --standard-output \
| --standard-error \
| --success-exit-status \
| --custom-service-content \
| --working-directory \
)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "$var_name"="${1:?"${var_name} value is missing"}"
;;
--limit-*)
[[ -n "$limits_content" ]] && limits_content+=$'\n'
var_name="${1//--limit-}"
shift
limits_content+="Limit${var_name^^}=${1:?"--limit-${var_name} value is missing"}"
;;
--exec-start-pre)
shift
[[ -n "$exec_start_pre" ]] && exec_start_pre+=$'\n'
exec_start_pre+="ExecStartPre=${1:?"--exec-start-pre value is missing"}"
;;
--exec-start-post)
shift
[[ -n "$exec_start_post" ]] && exec_start_post+=$'\n'
exec_start_post+="ExecStartPost=${1:?"--exec-start-post value is missing"}"
;;
--environment)
shift
# It is possible to add multiple environment lines
[[ -n "$environment" ]] && environment+=$'\n'
environment+="Environment=${1:?"--environment value is missing"}"
;;
--environment-file)
shift
# It is possible to add multiple environment-file lines
[[ -n "$environment_file" ]] && environment_file+=$'\n'
environment_file+="EnvironmentFile=${1:?"--environment-file value is missing"}"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
# Validate inputs
local error="no"
if [[ -z "$exec_start" ]]; then
error "The --exec-start option is required"
error="yes"
fi
if [[ "$error" != "no" ]]; then
return 1
fi
# Generate the Systemd unit
cat > "$service_file" <<EOF
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
[Unit]
Description=Bitnami service for ${name}
# Starting/stopping the main bitnami service should cause the same effect for this service
PartOf=bitnami.service
[Service]
Type=${type}
EOF
if [[ -n "$working_directory" ]]; then
cat >> "$service_file" <<< "WorkingDirectory=${working_directory}"
fi
if [[ -n "$exec_start_pre" ]]; then
# This variable may contain multiple ExecStartPre= directives
cat >> "$service_file" <<< "$exec_start_pre"
fi
if [[ -n "$exec_start" ]]; then
cat >> "$service_file" <<< "ExecStart=${exec_start}"
fi
if [[ -n "$exec_start_post" ]]; then
# This variable may contain multiple ExecStartPost= directives
cat >> "$service_file" <<< "$exec_start_post"
fi
# Optional stop and reload commands
if [[ -n "$exec_stop" ]]; then
cat >> "$service_file" <<< "ExecStop=${exec_stop}"
fi
if [[ -n "$exec_reload" ]]; then
cat >> "$service_file" <<< "ExecReload=${exec_reload}"
fi
# User and group
if [[ -n "$user" ]]; then
cat >> "$service_file" <<< "User=${user}"
fi
if [[ -n "$group" ]]; then
cat >> "$service_file" <<< "Group=${group}"
fi
# PID file allows to determine if the main process is running properly (for Restart=always)
if [[ -n "$pid_file" ]]; then
cat >> "$service_file" <<< "PIDFile=${pid_file}"
fi
if [[ -n "$restart" ]]; then
cat >> "$service_file" <<< "Restart=${restart}"
fi
# Environment flags
if [[ -n "$environment" ]]; then
# This variable may contain multiple Environment= directives
cat >> "$service_file" <<< "$environment"
fi
if [[ -n "$environment_file" ]]; then
# This variable may contain multiple EnvironmentFile= directives
cat >> "$service_file" <<< "$environment_file"
fi
# Logging
if [[ -n "$standard_output" ]]; then
cat >> "$service_file" <<< "StandardOutput=${standard_output}"
fi
if [[ -n "$standard_error" ]]; then
cat >> "$service_file" <<< "StandardError=${standard_error}"
fi
if [[ -n "$custom_service_content" ]]; then
# This variable may contain multiple miscellaneous directives
cat >> "$service_file" <<< "$custom_service_content"
fi
if [[ -n "$success_exit_status" ]]; then
cat >> "$service_file" <<EOF
# When the process receives a SIGTERM signal, it exits with code ${success_exit_status}
SuccessExitStatus=${success_exit_status}
EOF
fi
cat >> "$service_file" <<EOF
# Optimizations
TimeoutStartSec=2min
TimeoutStopSec=30s
IgnoreSIGPIPE=no
KillMode=mixed
EOF
if [[ -n "$limits_content" ]]; then
cat >> "$service_file" <<EOF
# Limits
${limits_content}
EOF
fi
cat >> "$service_file" <<EOF
[Install]
# Enabling/disabling the main bitnami service should cause the same effect for this service
WantedBy=bitnami.service
EOF
}

294
bitnami/logstash/9/debian-12/prebuildfs/opt/bitnami/scripts/libvalidations.sh
View File

@ -1,294 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Validation functions library
# shellcheck disable=SC1091,SC2086
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Check if the provided argument is an integer
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_int() {
local -r int="${1:?missing value}"
if [[ "$int" =~ ^-?[0-9]+ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a positive integer
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_positive_int() {
local -r int="${1:?missing value}"
if is_int "$int" && (( "${int}" >= 0 )); then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean or is the string 'yes/true'
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_boolean_yes() {
local -r bool="${1:-}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean yes/no value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_yes_no_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(yes|no)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean true/false value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_true_false_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(true|false)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean 1/0 value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_1_0_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^[10]$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is an empty string or not defined
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_empty_value() {
local -r val="${1:-}"
if [[ -z "$val" ]]; then
true
else
false
fi
}
########################
# Validate if the provided argument is a valid port
# Arguments:
# $1 - Port to validate
# Returns:
# Boolean and error message
#########################
validate_port() {
local value
local unprivileged=0
# Parse flags
while [[ "$#" -gt 0 ]]; do
case "$1" in
-unprivileged)
unprivileged=1
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
if [[ "$#" -gt 1 ]]; then
echo "too many arguments provided"
return 2
elif [[ "$#" -eq 0 ]]; then
stderr_print "missing port argument"
return 1
else
value=$1
fi
if [[ -z "$value" ]]; then
echo "the value is empty"
return 1
else
if ! is_int "$value"; then
echo "value is not an integer"
return 2
elif [[ "$value" -lt 0 ]]; then
echo "negative value provided"
return 2
elif [[ "$value" -gt 65535 ]]; then
echo "requested port is greater than 65535"
return 2
elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then
echo "privileged port requested"
return 3
fi
fi
}
########################
# Validate if the provided argument is a valid IPv6 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ipv6() {
local ip="${1:?ip is missing}"
local stat=1
local full_address_regex='^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$'
local short_address_regex='^((([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6}::(([0-9a-fA-F]{1,4}:){0,6}[0-9a-fA-F]{1,4}){0,6})$'
if [[ $ip =~ $full_address_regex || $ip =~ $short_address_regex || $ip == "::" ]]; then
stat=0
fi
return $stat
}
########################
# Validate if the provided argument is a valid IPv4 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ipv4() {
local ip="${1:?ip is missing}"
local stat=1
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")"
[[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \
&& ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]]
stat=$?
fi
return $stat
}
########################
# Validate if the provided argument is a valid IPv4 or IPv6 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ip() {
local ip="${1:?ip is missing}"
local stat=1
if validate_ipv4 "$ip"; then
stat=0
else
stat=$(validate_ipv6 "$ip")
fi
return $stat
}
########################
# Validate a string format
# Arguments:
# $1 - String to validate
# Returns:
# Boolean
#########################
validate_string() {
local string
local min_length=-1
local max_length=-1
# Parse flags
while [ "$#" -gt 0 ]; do
case "$1" in
-min-length)
shift
min_length=${1:-}
;;
-max-length)
shift
max_length=${1:-}
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
string="$1"
;;
esac
shift
done
if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then
echo "string length is less than $min_length"
return 1
fi
if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then
echo "string length is great than $max_length"
return 1
fi
}

51
bitnami/logstash/9/debian-12/prebuildfs/opt/bitnami/scripts/libversion.sh
View File

@ -1,51 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Library for managing versions strings
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Gets semantic version
# Arguments:
# $1 - version: string to extract major.minor.patch
# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch
# Returns:
# array with the major, minor and release
#########################
get_sematic_version () {
local version="${1:?version is required}"
local section="${2:?section is required}"
local -a version_sections
#Regex to parse versions: x.y.z
local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?'
if [[ "$version" =~ $regex ]]; then
local i=1
local j=1
local n=${#BASH_REMATCH[*]}
while [[ $i -lt $n ]]; do
if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then
version_sections[j]="${BASH_REMATCH[$i]}"
((j++))
fi
((i++))
done
local number_regex='^[0-9]+$'
if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then
echo "${version_sections[$section]}"
return
else
stderr_print "Section allowed values are: 1, 2, and 3"
return 1
fi
fi
}

396
bitnami/logstash/9/debian-12/prebuildfs/opt/bitnami/scripts/libwebserver.sh
View File

@ -1,396 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami web server handler library
# shellcheck disable=SC1090,SC1091
# Load generic libraries
. /opt/bitnami/scripts/liblog.sh
########################
# Execute a command (or list of commands) with the web server environment and library loaded
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_execute() {
local -r web_server="${1:?missing web server}"
shift
# Run program in sub-shell to avoid web server environment getting loaded when not necessary
(
. "/opt/bitnami/scripts/lib${web_server}.sh"
. "/opt/bitnami/scripts/${web_server}-env.sh"
"$@"
)
}
########################
# Prints the list of enabled web servers
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_list() {
local -r -a supported_web_servers=(apache nginx)
local -a existing_web_servers=()
for web_server in "${supported_web_servers[@]}"; do
[[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server")
done
echo "${existing_web_servers[@]:-}"
}
########################
# Prints the currently-enabled web server type (only one, in order of preference)
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_type() {
local -a web_servers
read -r -a web_servers <<< "$(web_server_list)"
echo "${web_servers[0]:-}"
}
########################
# Validate that a supported web server is configured
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_validate() {
local error_code=0
local supported_web_servers=("apache" "nginx")
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then
print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}"
elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then
print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable."
fi
return "$error_code"
}
########################
# Check whether the web server is running
# Globals:
# *
# Arguments:
# None
# Returns:
# true if the web server is running, false otherwise
#########################
is_web_server_running() {
"is_$(web_server_type)_running"
}
########################
# Start web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_start() {
info "Starting $(web_server_type) in background"
if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then
systemctl start "bitnami.$(web_server_type).service"
else
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh"
fi
}
########################
# Stop web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_stop() {
info "Stopping $(web_server_type)"
if [[ "${BITNAMI_SERVICE_MANAGER:-}" = "systemd" ]]; then
systemctl stop "bitnami.$(web_server_type).service"
else
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh"
fi
}
########################
# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --type - Application type, which has an effect on which configuration template to use
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --disable - Whether to render server configurations with a .disabled prefix
# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix
# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix
# --http-port - HTTP port number
# --https-port - HTTPS port number
# --document-root - Path to document root directory
# Apache-specific flags:
# --apache-additional-configuration - Additional vhost configuration (no default)
# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default)
# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default)
# --apache-before-vhost-configuration - Configuration to add before the <VirtualHost> directive (no default)
# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined)
# --apache-extra-directory-configuration - Extra configuration for the document root directory
# --apache-proxy-address - Address where to proxy requests
# --apache-proxy-configuration - Extra configuration for the proxy
# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost
# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost
# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined)
# NGINX-specific flags:
# --nginx-additional-configuration - Additional server block configuration (no default)
# --nginx-external-configuration - Configuration external to server block (no default)
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_web_server_app_configuration_exists() {
local app="${1:?missing app}"
shift
local -a apache_args nginx_args web_servers args_var
apache_args=("$app")
nginx_args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--disable \
| --disable-http \
| --disable-https \
)
apache_args+=("$1")
nginx_args+=("$1")
;;
--hosts \
| --server-name \
| --server-aliases \
| --type \
| --allow-remote-connections \
| --http-port \
| --https-port \
| --document-root \
)
apache_args+=("$1" "${2:?missing value}")
nginx_args+=("$1" "${2:?missing value}")
shift
;;
# Specific Apache flags
--apache-additional-configuration \
| --apache-additional-http-configuration \
| --apache-additional-https-configuration \
| --apache-before-vhost-configuration \
| --apache-allow-override \
| --apache-extra-directory-configuration \
| --apache-proxy-address \
| --apache-proxy-configuration \
| --apache-proxy-http-configuration \
| --apache-proxy-https-configuration \
| --apache-move-htaccess \
)
apache_args+=("${1//apache-/}" "${2:?missing value}")
shift
;;
# Specific NGINX flags
--nginx-additional-configuration \
| --nginx-external-configuration)
nginx_args+=("${1//nginx-/}" "${2:?missing value}")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
args_var="${web_server}_args[@]"
web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}"
done
}
########################
# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Returns:
# true if the configuration was disabled, false otherwise
########################
ensure_web_server_app_configuration_not_exists() {
local app="${1:?missing app}"
local -a web_servers
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app"
done
}
########################
# Ensure the web server loads the configuration for an application in a URL prefix
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --document-root - Path to document root directory
# --prefix - URL prefix from where it will be accessible (i.e. /myapp)
# --type - Application type, which has an effect on what configuration template will be used
# Apache-specific flags:
# --apache-additional-configuration - Additional vhost configuration (no default)
# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no')
# --apache-extra-directory-configuration - Extra configuration for the document root directory
# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup
# NGINX-specific flags:
# --nginx-additional-configuration - Additional server block configuration (no default)
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_web_server_prefix_configuration_exists() {
local app="${1:?missing app}"
shift
local -a apache_args nginx_args web_servers args_var
apache_args=("$app")
nginx_args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--allow-remote-connections \
| --document-root \
| --prefix \
| --type \
)
apache_args+=("$1" "${2:?missing value}")
nginx_args+=("$1" "${2:?missing value}")
shift
;;
# Specific Apache flags
--apache-additional-configuration \
| --apache-allow-override \
| --apache-extra-directory-configuration \
| --apache-move-htaccess \
)
apache_args+=("${1//apache-/}" "$2")
shift
;;
# Specific NGINX flags
--nginx-additional-configuration)
nginx_args+=("${1//nginx-/}" "$2")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
args_var="${web_server}_args[@]"
web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}"
done
}
########################
# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases
# --enable-http - Enable HTTP app configuration (if not enabled already)
# --enable-https - Enable HTTPS app configuration (if not enabled already)
# --disable-http - Disable HTTP app configuration (if not disabled already)
# --disable-https - Disable HTTPS app configuration (if not disabled already)
# --http-port - HTTP port number
# --https-port - HTTPS port number
# Returns:
# true if the configuration was updated, false otherwise
########################
web_server_update_app_configuration() {
local app="${1:?missing app}"
shift
local -a args web_servers
args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--enable-http \
| --enable-https \
| --disable-http \
| --disable-https \
)
args+=("$1")
;;
--hosts \
| --server-name \
| --server-aliases \
| --http-port \
| --https-port \
)
args+=("$1" "${2:?missing value}")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}"
done
}

27
bitnami/logstash/9/debian-12/prebuildfs/usr/sbin/install_packages
View File

@ -1,27 +0,0 @@
#!/bin/sh
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
set -eu
n=0
max=2
export DEBIAN_FRONTEND=noninteractive
until [ $n -gt $max ]; do
set +e
(
apt-get update -qq &&
apt-get install -y --no-install-recommends "$@"
)
CODE=$?
set -e
if [ $CODE -eq 0 ]; then
break
fi
if [ $n -eq $max ]; then
exit $CODE
fi
echo "apt failed, retrying"
n=$(($n + 1))
done
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives

24
bitnami/logstash/9/debian-12/prebuildfs/usr/sbin/run-script
View File

@ -1,24 +0,0 @@
#!/bin/sh
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
set -u
if [ $# -eq 0 ]; then
>&2 echo "No arguments provided"
exit 1
fi
script=$1
exit_code="${2:-96}"
fail_if_not_present="${3:-n}"
if test -f "$script"; then
sh $script
if [ $? -ne 0 ]; then
exit $((exit_code))
fi
elif [ "$fail_if_not_present" = "y" ]; then
>&2 echo "script not found: $script"
exit 127
fi

26
bitnami/logstash/9/debian-12/prebuildfs/usr/sbin/uninstall_packages
View File

@ -1,26 +0,0 @@
#!/bin/sh
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
set -eu
n=0
max=2
export DEBIAN_FRONTEND=noninteractive
until [ $n -gt $max ]; do
set +e
(
apt-get autoremove --purge -y "$@"
)
CODE=$?
set -e
if [ $CODE -eq 0 ]; then
break
fi
if [ $n -eq $max ]; then
exit $CODE
fi
echo "apt failed, retrying"
n=$(($n + 1))
done
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives

24
bitnami/logstash/9/debian-12/rootfs/opt/bitnami/scripts/java/entrypoint.sh
View File

@ -1,24 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libbitnami.sh
. /opt/bitnami/scripts/liblog.sh
if [[ "$OS_FLAVOUR" =~ photon && "$APP_VERSION" =~ ^1.8 ]]; then
# Option --module-path is not supported by JAVA 1.8 since modules were added in version 1.9
unset JAVA_TOOL_OPTIONS
fi
print_welcome_page
echo ""
exec "$@"

26
bitnami/logstash/9/debian-12/rootfs/opt/bitnami/scripts/java/postunpack.sh
View File

@ -1,26 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libfile.sh
. /opt/bitnami/scripts/liblog.sh
#
# Java post-unpack operations
#
# Override default files in the Java security directory. This is used for
# custom base images (with custom CA certificates or block lists is used)
if [[ -n "${JAVA_EXTRA_SECURITY_DIR:-}" ]] && ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then
info "Adding custom CAs to the Java security folder"
cp -Lr "${JAVA_EXTRA_SECURITY_DIR}/." /opt/bitnami/java/lib/security
fi

411
bitnami/logstash/9/debian-12/rootfs/opt/bitnami/scripts/liblogstash.sh
View File

@ -1,411 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Bitnami Logstash library
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfile.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libnet.sh
. /opt/bitnami/scripts/libservice.sh
########################
# Validate settings in Logstash environment variables
# Globals:
# LOGSTASH_*
# Arguments:
# None
# Returns:
# None
#########################
logstash_validate() {
debug "Validating settings in LOGSTASH_* environment variables"
local error_code=0
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
check_yes_no_value() {
if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then
print_validation_error "The allowed values for ${1} are: yes no"
fi
}
check_resolved_hostname() {
if ! is_hostname_resolved "$1"; then
warn "Hostname ${1} could not be resolved, this could lead to connection issues"
fi
}
check_valid_port() {
local port_var="${1:?missing port variable}"
local err
if ! err="$(validate_port "${!port_var}")"; then
print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}."
fi
}
check_resolved_hostname "$LOGSTASH_BIND_ADDRESS"
check_yes_no_value "LOGSTASH_EXPOSE_API"
check_valid_port "LOGSTASH_API_PORT_NUMBER"
check_yes_no_value "LOGSTASH_ENABLE_MULTIPLE_PIPELINES"
# Pipeline configuration parameters
# Inputs
check_yes_no_value "LOGSTASH_ENABLE_BEATS_INPUT"
is_boolean_yes "$LOGSTASH_ENABLE_BEATS_INPUT" && check_valid_port "LOGSTASH_BEATS_PORT_NUMBER"
check_yes_no_value "LOGSTASH_ENABLE_GELF_INPUT"
is_boolean_yes "$LOGSTASH_ENABLE_GELF_INPUT" && check_valid_port "LOGSTASH_GELF_PORT_NUMBER"
check_yes_no_value "LOGSTASH_ENABLE_HTTP_INPUT"
is_boolean_yes "$LOGSTASH_ENABLE_HTTP_INPUT" && check_valid_port "LOGSTASH_HTTP_PORT_NUMBER"
check_yes_no_value "LOGSTASH_ENABLE_TCP_INPUT"
is_boolean_yes "$LOGSTASH_ENABLE_TCP_INPUT" && check_valid_port "LOGSTASH_TCP_PORT_NUMBER"
check_yes_no_value "LOGSTASH_ENABLE_UDP_INPUT"
is_boolean_yes "$LOGSTASH_ENABLE_UDP_INPUT" && check_valid_port "LOGSTASH_UDP_PORT_NUMBER"
# Outputs
check_yes_no_value "LOGSTASH_ENABLE_STDOUT_OUTPUT"
check_yes_no_value "LOGSTASH_ENABLE_ELASTICSEARCH_OUTPUT"
if is_boolean_yes "$LOGSTASH_ENABLE_ELASTICSEARCH_OUTPUT"; then
check_resolved_hostname "$LOGSTASH_ELASTICSEARCH_HOST"
check_valid_port "LOGSTASH_ELASTICSEARCH_PORT_NUMBER"
fi
[[ "$error_code" -eq 0 ]] || exit "$error_code"
}
########################
# Create sample config file
# Globals:
# LOGSTASH_*
# Arguments:
# None
# Returns:
# None
#########################
logstash_create_sample_pipeline_config_file() {
# Default supported inputs/outputs come from historic Bitnami defaults
# Configuration reference: https://www.elastic.co/guide/en/logstash/current/config-examples.html
info "Creating sample config file"
local inputs=""
local outputs=""
# Parse inputs
if is_boolean_yes "$LOGSTASH_ENABLE_BEATS_INPUT"; then
# Newer versions of the logstash-input-beats use ssl_enabled instead of ssl
if [[ $(logstash_major_version) -eq 7 ]]; then
inputs+=$'\n'"beats {
ssl => false
host => \"${LOGSTASH_BIND_ADDRESS}\"
port => ${LOGSTASH_BEATS_PORT_NUMBER}
}"
else
inputs+=$'\n'"beats {
ssl_enabled => false
host => \"${LOGSTASH_BIND_ADDRESS}\"
port => ${LOGSTASH_BEATS_PORT_NUMBER}
}"
fi
fi
if is_boolean_yes "$LOGSTASH_ENABLE_GELF_INPUT"; then
inputs+=$'\n'"gelf {
host => \"${LOGSTASH_BIND_ADDRESS}\"
port => ${LOGSTASH_GELF_PORT_NUMBER}
}"
fi
if is_boolean_yes "$LOGSTASH_ENABLE_HTTP_INPUT"; then
# Newer versions of the logstash-input-http use ssl_enabled instead of ssl
if [[ $(logstash_major_version) -eq 7 ]]; then
inputs+=$'\n'"http {
ssl => false
host => \"${LOGSTASH_BIND_ADDRESS}\"
port => ${LOGSTASH_HTTP_PORT_NUMBER}
}"
else
inputs+=$'\n'"http {
ssl_enabled => false
host => \"${LOGSTASH_BIND_ADDRESS}\"
port => ${LOGSTASH_HTTP_PORT_NUMBER}
}"
fi
fi
if is_boolean_yes "$LOGSTASH_ENABLE_TCP_INPUT"; then
inputs+=$'\n'"tcp {
mode => \"server\"
host => \"${LOGSTASH_BIND_ADDRESS}\"
port => ${LOGSTASH_TCP_PORT_NUMBER}
}"
fi
if is_boolean_yes "$LOGSTASH_ENABLE_UDP_INPUT"; then
inputs+=$'\n'"udp {
host => \"${LOGSTASH_BIND_ADDRESS}\"
port => ${LOGSTASH_UDP_PORT_NUMBER}
}"
fi
# Parse outputs
is_boolean_yes "$LOGSTASH_ENABLE_STDOUT_OUTPUT" && outputs+=$'\n'"stdout { }"
if is_boolean_yes "$LOGSTASH_ENABLE_ELASTICSEARCH_OUTPUT"; then
outputs+=$'\n'"elasticsearch {
hosts => [\"${LOGSTASH_ELASTICSEARCH_HOST}:${LOGSTASH_ELASTICSEARCH_PORT_NUMBER}\"]
document_id => \"%{logstash_checksum}\"
index => \"logstash-%{+YYYY.MM.dd}\"
}"
fi
# Indent and add newline so it looks good
[[ -n "$inputs" ]] && inputs="$(indent "$inputs" 2)"$'\n'
[[ -n "$outputs" ]] && outputs="$(indent "$outputs" 2)"$'\n'
# Create the configuration file
cat >"$LOGSTASH_PIPELINE_CONF_FILE" <<EOF
input {${inputs}}
output {${outputs}}
EOF
}
########################
# Create a pipeline file
# Globals:
# LOGSTASH_*
# Arguments:
# None
# Returns:
# None
#########################
logstash_create_sample_pipelines_yml_file() {
info "Creating pipelines.yml file for multiple pipelines"
logstash_yml_set "${LOGSTASH_CONF_DIR}/pipelines.yml" '[0]."pipeline.id"' 'my-pipeline_1'
logstash_yml_set "${LOGSTASH_CONF_DIR}/pipelines.yml" '[0]."path.config"' "$LOGSTASH_PIPELINE_CONF_DIR"
}
########################
# Configure Logstash Heap Size
# Globals:
# LOGSTASH_*
# Arguments:
# None
# Returns:
# None
#########################
logstash_set_heap_size() {
local heap_size
if [[ -n "$LOGSTASH_HEAP_SIZE" ]]; then
debug "Using specified values for Xmx and Xms heap options"
heap_size="$LOGSTASH_HEAP_SIZE"
else
debug "Calculating appropriate Xmx and Xms values"
local machine_mem=""
machine_mem="$(get_total_memory)"
if [[ "$machine_mem" -lt 65536 ]]; then
local max_allowed_memory
local calculated_heap_size
calculated_heap_size="$((machine_mem / 2))"
max_allowed_memory="$((LOGSTASH_MAX_ALLOWED_MEMORY_PERCENTAGE * machine_mem))"
max_allowed_memory="$((max_allowed_memory / 100))"
# Allow for absolute memory limit when calculating limit from percentage
if [[ -n "$LOGSTASH_MAX_ALLOWED_MEMORY" && "$max_allowed_memory" -gt "$LOGSTASH_MAX_ALLOWED_MEMORY" ]]; then
max_allowed_memory="$LOGSTASH_MAX_ALLOWED_MEMORY"
fi
if [[ "$calculated_heap_size" -gt "$max_allowed_memory" ]]; then
info "Calculated Java heap size of ${calculated_heap_size} will be limited to ${max_allowed_memory}"
calculated_heap_size="$max_allowed_memory"
fi
heap_size="${calculated_heap_size}m"
else
heap_size=32768m
fi
fi
debug "Setting '-Xmx${heap_size} -Xms${heap_size}' heap options"
replace_in_file "${LOGSTASH_CONF_DIR}/jvm.options" "-Xmx[0-9]+[mg]+" "-Xmx${heap_size}"
replace_in_file "${LOGSTASH_CONF_DIR}/jvm.options" "-Xms[0-9]+[mg]+" "-Xms${heap_size}"
}
########################
# Write a configuration setting value
# Globals:
# None
# Arguments:
# $1 - conf file
# $2 - key
# $3 - value
# $4 - YAML type (string, int or bool)
# Returns:
# None
#########################
logstash_yml_set() {
local -r conf_file="${1:?missing conf file}"
local -r key="${2:?missing key}"
local -r value="${3:-}"
local -r type="${4:-string}"
local -r tempfile=$(mktemp)
case "$type" in
string)
yq eval "(.${key}) |= \"${value}\"" "$conf_file" >"$tempfile"
;;
int)
yq eval "(.${key}) |= ${value}" "$conf_file" >"$tempfile"
;;
bool)
yq eval "(.${key}) |= (\"${value}\" | test(\"true\"))" "$conf_file" >"$tempfile"
;;
*)
error "Type unknown: ${type}"
return 1
;;
esac
cp "$tempfile" "$conf_file"
}
########################
# Ensure Logstash is initialized
# Globals:
# LOGSTASH_*
# Arguments:
# None
# Returns:
# None
#########################
logstash_initialize() {
info "Initializing Logstash"
logstash_set_heap_size
# Based on naming from https://www.elastic.co/guide/en/logstash/current/config-setting-files.html
if ! is_mounted_dir_empty "$LOGSTASH_MOUNTED_CONF_DIR"; then
info "Mounted setting files detected"
cp -Lr "$LOGSTASH_MOUNTED_CONF_DIR"/. "$LOGSTASH_CONF_DIR"
fi
if is_boolean_yes "$LOGSTASH_EXPOSE_API"; then
if is_file_writable "$LOGSTASH_CONF_FILE"; then
info "Enabling Logstash API endpoint"
logstash_yml_set "$LOGSTASH_CONF_FILE" '"api.http.host"' "$LOGSTASH_BIND_ADDRESS"
logstash_yml_set "$LOGSTASH_CONF_FILE" '"api.http.port"' "$LOGSTASH_API_PORT_NUMBER"
else
warn "The Logstash configuration file '${LOGSTASH_CONF_FILE}' is not writable. Configurations based on environment variables will be passed as command-line arguments instead."
fi
fi
if is_boolean_yes "$LOGSTASH_ENABLE_MULTIPLE_PIPELINES"; then
if [[ -e "${LOGSTASH_MOUNTED_CONF_DIR}/pipelines.yml" ]]; then
info "Detected mounted 'pipelines.yml' configuration file for multiple pipelines"
else
logstash_create_sample_pipelines_yml_file
fi
fi
# Skip further configuration if Logstash pipeline configuration was passed as a string
[[ -n "$LOGSTASH_PIPELINE_CONF_STRING" ]] && return
if ! is_mounted_dir_empty "$LOGSTASH_MOUNTED_PIPELINE_CONF_DIR"; then
info "Detected mounted pipeline configuration files"
cp -Lr "$LOGSTASH_MOUNTED_PIPELINE_CONF_DIR"/* "$LOGSTASH_PIPELINE_CONF_DIR"
elif [[ -e "${LOGSTASH_MOUNTED_CONF_DIR}/${LOGSTASH_PIPELINE_CONF_FILENAME}" ]]; then
# Support for legacy configuration before configurations were separated into 'config' and 'pipeline'
warn "Detected mounted '${LOGSTASH_MOUNTED_CONF_DIR}/${LOGSTASH_PIPELINE_CONF_FILENAME}' pipeline configuration file in legacy directory."
warn "Support for this configuration may be deprecated in a future version of this image. Please mount the pipeline files to '${LOGSTASH_MOUNTED_PIPELINE_CONF_DIR}' instead."
cp -Lr "${LOGSTASH_MOUNTED_CONF_DIR}/${LOGSTASH_PIPELINE_CONF_FILENAME}" "$LOGSTASH_PIPELINE_CONF_DIR"
elif is_dir_empty "$LOGSTASH_PIPELINE_CONF_DIR"; then
logstash_create_sample_pipeline_config_file
else
info "Detected existing files in '${LOGSTASH_PIPELINE_CONF_DIR}', skipping sample pipeline generation"
fi
}
########################
# Check if Logstash is running
# Globals:
# LOGSTASH_PID_FILE
# Arguments:
# None
# Returns:
# Boolean
#########################
is_logstash_running() {
# Logstash does not create any PID file
# We regenerate the PID file for each time we query it to avoid getting outdated
pgrep -f "org.logstash.Logstash" >"$LOGSTASH_PID_FILE"
local pid
pid="$(get_pid_from_file "$LOGSTASH_PID_FILE")"
if [[ -n "$pid" ]]; then
is_service_running "$pid"
else
false
fi
}
########################
# Check if Logstash is not running
# Globals:
# LOGSTASH_PID_FILE
# Arguments:
# None
# Returns:
# Boolean
#########################
is_logstash_not_running() {
! is_logstash_running
return "$?"
}
########################
# Stop Logstash
# Globals:
# LOGSTASH_PID_FILE
# Arguments:
# None
# Returns:
# None
#########################
logstash_stop() {
! is_logstash_running && return
debug "Stopping Logstash"
stop_service_using_pid "$LOGSTASH_PID_FILE"
}
########################
# Install Logstash plugins
# Globals:
# LOGSTASH_*
# Arguments:
# None
# Returns:
# None
#########################
logstash_install_plugins() {
read -r -a plugins_list <<<"$(tr ',;' ' ' <<<"$LOGSTASH_PLUGINS")"
# Skip if there isn't any plugin to install
[[ -z "${plugins_list[*]:-}" ]] && return
# Install plugins
info "Installing plugins: ${plugins_list[*]}"
for plugin in "${plugins_list[@]}"; do
debug "Installing plugin: ${plugin}"
if [[ "${BITNAMI_DEBUG:-false}" = true ]]; then
logstash-plugin install "$plugin"
else
logstash-plugin install "$plugin" >/dev/null 2>&1
fi
done
}
########################
# Get Logstash major version
# Globals:
# LOGSTASH_BASE_DIR
# Arguments:
# None
# Returns:
# logstash major version
#########################
logstash_major_version() {
local -r raw_version="$("${LOGSTASH_BASE_DIR}/bin/logstash" --version | grep -oE [0-9\.]+)"
get_sematic_version "$raw_version" 1
}

125
bitnami/logstash/9/debian-12/rootfs/opt/bitnami/scripts/logstash-env.sh
View File

@ -1,125 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
#
# Environment configuration for logstash
# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)
# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh
export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"
# Logging configuration
export MODULE="${MODULE:-logstash}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
logstash_env_vars=(
LOGSTASH_PIPELINE_CONF_FILENAME
LOGSTASH_BIND_ADDRESS
LOGSTASH_EXPOSE_API
LOGSTASH_API_PORT_NUMBER
LOGSTASH_PIPELINE_CONF_STRING
LOGSTASH_PLUGINS
LOGSTASH_EXTRA_FLAGS
LOGSTASH_HEAP_SIZE
LOGSTASH_MAX_ALLOWED_MEMORY_PERCENTAGE
LOGSTASH_MAX_ALLOWED_MEMORY
LOGSTASH_ENABLE_MULTIPLE_PIPELINES
LOGSTASH_ENABLE_BEATS_INPUT
LOGSTASH_BEATS_PORT_NUMBER
LOGSTASH_ENABLE_GELF_INPUT
LOGSTASH_GELF_PORT_NUMBER
LOGSTASH_ENABLE_HTTP_INPUT
LOGSTASH_HTTP_PORT_NUMBER
LOGSTASH_ENABLE_TCP_INPUT
LOGSTASH_TCP_PORT_NUMBER
LOGSTASH_ENABLE_UDP_INPUT
LOGSTASH_UDP_PORT_NUMBER
LOGSTASH_ENABLE_STDOUT_OUTPUT
LOGSTASH_ENABLE_ELASTICSEARCH_OUTPUT
LOGSTASH_ELASTICSEARCH_HOST
LOGSTASH_ELASTICSEARCH_PORT_NUMBER
LOGSTASH_CONF_FILENAME
LOGSTASH_CONF_STRING
LOGSTASH_EXTRA_ARGS
)
for env_var in "${logstash_env_vars[@]}"; do
file_env_var="${env_var}_FILE"
if [[ -n "${!file_env_var:-}" ]]; then
if [[ -r "${!file_env_var:-}" ]]; then
export "${env_var}=$(< "${!file_env_var}")"
unset "${file_env_var}"
else
warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
fi
fi
done
unset logstash_env_vars
# Paths
export LOGSTASH_BASE_DIR="/opt/bitnami/logstash"
export LOGSTASH_CONF_DIR="${LOGSTASH_BASE_DIR}/config"
export LOGSTASH_DEFAULT_CONF_DIR="${LOGSTASH_BASE_DIR}/config.default"
export LOGSTASH_PIPELINE_CONF_DIR="${LOGSTASH_BASE_DIR}/pipeline"
export LOGSTASH_DEFAULT_PIPELINE_CONF_DIR="${LOGSTASH_BASE_DIR}/pipeline.default"
export LOGSTASH_BIN_DIR="${LOGSTASH_BASE_DIR}/bin"
export LOGSTASH_CONF_FILE="${LOGSTASH_CONF_DIR}/logstash.yml"
LOGSTASH_PIPELINE_CONF_FILENAME="${LOGSTASH_PIPELINE_CONF_FILENAME:-"${LOGSTASH_CONF_FILENAME:-}"}"
export LOGSTASH_PIPELINE_CONF_FILENAME="${LOGSTASH_PIPELINE_CONF_FILENAME:-logstash.conf}"
export LOGSTASH_PIPELINE_CONF_FILE="${LOGSTASH_PIPELINE_CONF_DIR}/${LOGSTASH_PIPELINE_CONF_FILENAME}"
export LOGSTASH_VOLUME_DIR="/bitnami/logstash"
export LOGSTASH_DATA_DIR="${LOGSTASH_VOLUME_DIR}/data"
export LOGSTASH_MOUNTED_CONF_DIR="${LOGSTASH_VOLUME_DIR}/config"
export LOGSTASH_MOUNTED_PIPELINE_CONF_DIR="${LOGSTASH_VOLUME_DIR}/pipeline"
# System users (when running with a privileged user)
export LOGSTASH_DAEMON_USER="logstash"
export LOGSTASH_DAEMON_GROUP="logstash"
# Logstash configuration
export LOGSTASH_BIND_ADDRESS="${LOGSTASH_BIND_ADDRESS:-0.0.0.0}"
export LOGSTASH_EXPOSE_API="${LOGSTASH_EXPOSE_API:-no}"
export LOGSTASH_API_PORT_NUMBER="${LOGSTASH_API_PORT_NUMBER:-9600}"
LOGSTASH_PIPELINE_CONF_STRING="${LOGSTASH_PIPELINE_CONF_STRING:-"${LOGSTASH_CONF_STRING:-}"}"
export LOGSTASH_PIPELINE_CONF_STRING="${LOGSTASH_PIPELINE_CONF_STRING:-}"
export LOGSTASH_PLUGINS="${LOGSTASH_PLUGINS:-}"
LOGSTASH_EXTRA_FLAGS="${LOGSTASH_EXTRA_FLAGS:-"${LOGSTASH_EXTRA_ARGS:-}"}"
export LOGSTASH_EXTRA_FLAGS="${LOGSTASH_EXTRA_FLAGS:-}"
export LOGSTASH_HEAP_SIZE="${LOGSTASH_HEAP_SIZE:-1024m}"
export LOGSTASH_MAX_ALLOWED_MEMORY_PERCENTAGE="${LOGSTASH_MAX_ALLOWED_MEMORY_PERCENTAGE:-100}"
export LOGSTASH_MAX_ALLOWED_MEMORY="${LOGSTASH_MAX_ALLOWED_MEMORY:-}"
# Logstash pipeline configuration
export LOGSTASH_ENABLE_MULTIPLE_PIPELINES="${LOGSTASH_ENABLE_MULTIPLE_PIPELINES:-no}"
export LOGSTASH_ENABLE_BEATS_INPUT="${LOGSTASH_ENABLE_BEATS_INPUT:-no}"
export LOGSTASH_BEATS_PORT_NUMBER="${LOGSTASH_BEATS_PORT_NUMBER:-5044}"
export LOGSTASH_ENABLE_GELF_INPUT="${LOGSTASH_ENABLE_GELF_INPUT:-no}"
export LOGSTASH_GELF_PORT_NUMBER="${LOGSTASH_GELF_PORT_NUMBER:-12201}"
export LOGSTASH_ENABLE_HTTP_INPUT="${LOGSTASH_ENABLE_HTTP_INPUT:-yes}"
export LOGSTASH_HTTP_PORT_NUMBER="${LOGSTASH_HTTP_PORT_NUMBER:-8080}"
export LOGSTASH_ENABLE_TCP_INPUT="${LOGSTASH_ENABLE_TCP_INPUT:-no}"
export LOGSTASH_TCP_PORT_NUMBER="${LOGSTASH_TCP_PORT_NUMBER:-5010}"
export LOGSTASH_ENABLE_UDP_INPUT="${LOGSTASH_ENABLE_UDP_INPUT:-no}"
export LOGSTASH_UDP_PORT_NUMBER="${LOGSTASH_UDP_PORT_NUMBER:-5000}"
export LOGSTASH_ENABLE_STDOUT_OUTPUT="${LOGSTASH_ENABLE_STDOUT_OUTPUT:-yes}"
export LOGSTASH_ENABLE_ELASTICSEARCH_OUTPUT="${LOGSTASH_ENABLE_ELASTICSEARCH_OUTPUT:-no}"
export LOGSTASH_ELASTICSEARCH_HOST="${LOGSTASH_ELASTICSEARCH_HOST:-elasticsearch}"
export LOGSTASH_ELASTICSEARCH_PORT_NUMBER="${LOGSTASH_ELASTICSEARCH_PORT_NUMBER:-9200}"
# Default JVM configuration
export JAVA_HOME="${BITNAMI_ROOT_DIR}/java"
# Other parameters
export PATH="${LOGSTASH_BIN_DIR}:${JAVA_HOME}/bin:${BITNAMI_ROOT_DIR}/common/bin:${PATH}"
# Custom environment variables may be defined below

42
bitnami/logstash/9/debian-12/rootfs/opt/bitnami/scripts/logstash/entrypoint.sh
View File

@ -1,42 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
#set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libbitnami.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/liblogstash.sh
# Load Logstash environment variables
. /opt/bitnami/scripts/logstash-env.sh
print_welcome_page
# We add the copy from default config in the entrypoint to not break users
# bypassing the setup.sh logic. If the file already exists do not overwrite (in
# case someone mounts a configuration file in /opt/bitnami/logstash/config
# /opt/bitnami/logstash/pipeline)
if ! is_dir_empty "$LOGSTASH_DEFAULT_CONF_DIR"; then
debug "Copying files from $LOGSTASH_DEFAULT_CONF_DIR to $LOGSTASH_CONF_DIR"
cp -nr "$LOGSTASH_DEFAULT_CONF_DIR"/. "$LOGSTASH_CONF_DIR"
fi
if ! is_dir_empty "$LOGSTASH_DEFAULT_PIPELINE_CONF_DIR"; then
debug "Copying files from $LOGSTASH_DEFAULT_PIPELINE_CONF_DIR to $LOGSTASH_PIPELINE_CONF_DIR"
cp -nr "$LOGSTASH_DEFAULT_PIPELINE_CONF_DIR"/. "$LOGSTASH_PIPELINE_CONF_DIR"
fi
if [[ "$*" = *"/opt/bitnami/scripts/logstash/run.sh"* ]]; then
info "** Starting Logstash setup **"
/opt/bitnami/scripts/logstash/setup.sh
info "** Logstash setup finished! **"
fi
echo ""
exec "$@"

71
bitnami/logstash/9/debian-12/rootfs/opt/bitnami/scripts/logstash/postunpack.sh
View File

@ -1,71 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/liblogstash.sh
# Load Logstash environment variables
. /opt/bitnami/scripts/logstash-env.sh
info "Creating Logstash daemon user"
ensure_user_exists "$LOGSTASH_DAEMON_USER" --group "$LOGSTASH_DAEMON_GROUP"
for dir in "$LOGSTASH_BASE_DIR/vendor/bundle/jruby" "$LOGSTASH_CONF_DIR" "$LOGSTASH_PIPELINE_CONF_DIR" "$LOGSTASH_DEFAULT_CONF_DIR" "$LOGSTASH_DEFAULT_PIPELINE_CONF_DIR" "$LOGSTASH_MOUNTED_CONF_DIR" "$LOGSTASH_MOUNTED_PIPELINE_CONF_DIR" "$LOGSTASH_VOLUME_DIR" "$LOGSTASH_DATA_DIR"; do
ensure_dir_exists "$dir"
configure_permissions_ownership "$dir" -d "775" -f "664" -u "$LOGSTASH_DAEMON_USER" -g "root"
done
for file in "$LOGSTASH_BASE_DIR/Gemfile" "$LOGSTASH_BASE_DIR/Gemfile.lock"; do
configure_permissions_ownership "$file" -f "664" -u "$LOGSTASH_DAEMON_USER" -g "root"
done
info "Configuring paths"
logstash_yml_set "$LOGSTASH_CONF_FILE" '"path.data"' "$LOGSTASH_DATA_DIR"
info "Configuring logging to standard output"
# Back up the original file for users who'd like to use logfile logging
cp -L "${LOGSTASH_CONF_DIR}/log4j2.properties" "${LOGSTASH_CONF_DIR}/log4j2.orig.properties"
cat > "${LOGSTASH_CONF_DIR}/log4j2.properties" << EOF
status = error
name = LogstashPropertiesConfig
appender.console.type = Console
appender.console.name = plain_console
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c]%notEmpty{[%X{pipeline.id}]}%notEmpty{[%X{plugin.id}]} %m%n
appender.json_console.type = Console
appender.json_console.name = json_console
appender.json_console.layout.type = JSONLayout
appender.json_console.layout.compact = true
appender.json_console.layout.eventEol = true
rootLogger.level = \${sys:ls.log.level}
rootLogger.appenderRef.console.ref = \${sys:ls.log.format}_console
EOF
logstash_install_plugins
# As the gems directory depends on the jruby version, we need to create a symlink /opt/bitnami/logstash/gems
# so we can mount an emptydir in readOnlyRootFilesystem
ln -s /opt/bitnami/logstash/vendor/bundle/jruby/*/gems /opt/bitnami/logstash/gems
# Copy all initially generated configuration files to the default directory
# (this is to avoid breaking when entrypoint is being overridden)
if ! is_dir_empty "$LOGSTASH_CONF_DIR"; then
cp -r "$LOGSTASH_CONF_DIR"/* "$LOGSTASH_DEFAULT_CONF_DIR"
chmod o+r -R "$LOGSTASH_DEFAULT_CONF_DIR"
fi
if ! is_dir_empty "$LOGSTASH_PIPELINE_CONF_DIR"; then
cp -r "$LOGSTASH_PIPELINE_CONF_DIR"/* "$LOGSTASH_DEFAULT_PIPELINE_CONF_DIR"
chmod o+r -R "$LOGSTASH_DEFAULT_PIPELINE_CONF_DIR"
fi

44
bitnami/logstash/9/debian-12/rootfs/opt/bitnami/scripts/logstash/run.sh
View File

@ -1,44 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/liblogstash.sh
# Load Logstash environment variables
. /opt/bitnami/scripts/logstash-env.sh
declare -a cmd=("logstash")
if is_boolean_yes "$LOGSTASH_EXPOSE_API"; then
cmd+=("--api.http.host" "$LOGSTASH_BIND_ADDRESS" "--api.http.port" "$LOGSTASH_API_PORT_NUMBER")
fi
if [[ -n "$LOGSTASH_PIPELINE_CONF_STRING" ]]; then
cmd+=("-e" "$LOGSTASH_PIPELINE_CONF_STRING")
elif ! is_boolean_yes "$LOGSTASH_ENABLE_MULTIPLE_PIPELINES"; then
cmd+=("-f" "$LOGSTASH_PIPELINE_CONF_DIR")
fi
declare -a extra_args=()
read -r -a extra_args <<< "$LOGSTASH_EXTRA_FLAGS"
[[ "${#extra_args[@]}" -gt 0 ]] && cmd+=("${extra_args[@]}")
# JAVA_HOME to be deprecated, see warning:
# warning: usage of JAVA_HOME is deprecated, use LS_JAVA_HOME
export LS_JAVA_HOME=/opt/bitnami/java
info "** Starting Logstash **"
if am_i_root; then
exec_as_user "$LOGSTASH_DAEMON_USER" "${cmd[@]}"
else
exec "${cmd[@]}"
fi

27
bitnami/logstash/9/debian-12/rootfs/opt/bitnami/scripts/logstash/setup.sh
View File

@ -1,27 +0,0 @@
#!/bin/bash
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/liblogstash.sh
# Load Logstash environment variables
. /opt/bitnami/scripts/logstash-env.sh
# Ensure Logstash environment variables are valid
logstash_validate
# Ensure 'daemon' user exists when running as 'root'
am_i_root && ensure_user_exists "$LOGSTASH_DAEMON_USER" --group "$LOGSTASH_DAEMON_GROUP"
# Ensure Logstash is initialized
logstash_initialize
# Install Logstash plugins
logstash_install_plugins