-
Notifications
You must be signed in to change notification settings - Fork 56
Opensearch image build
Dan Bason edited this page Jan 27, 2023
·
2 revisions
Opni ships with custom images for Opensearch and Opensearch Dashboards. These images are the base images with required plugins installed. They are hosted in the Rancher Dockerhub repos.
The Opensearch image also has a custom entrypoint script to reduce the memory usage.
- Opni UI plugin - https://github.com/rancher/opni-ui/tree/plugin
- OpniPreProcessor (ingest plugin) - https://github.com/tybalex/opni-ingest-plugin/tree/main/AIOps-OpniPreProcessor
- OpniJsonDetector (ingest plugin) - https://github.com/tybalex/opni-ingest-plugin/tree/main/Logging-OpniJsonDetector
The images get built as part of the Dagger build process. While they don't use dockerfiles the equivalent dockerfiles to build the images are as follows
Opensearch
ARG OPENSEARCH_VERSION=2.4.0
ARG OPNI_VERSION=0.8.1
FROM opensearchproject/opensearch:${OPENSEARCH_VERSION}
ARG OPNI_VERSION
RUN opensearch-plugin -s install -b https://github.com/tybalex/opni-preprocessing-plugin/releases/download/v${OPNI_VERSION}/opnipreprocessing.zip
RUN opensearch-plugin -s install -b https://github.com/tybalex/opni-preprocessing-plugin/releases/download/v${OPNI_VERSION}/opnijsondetector.zip
COPY entrypoint.sh ./opensearch-docker-entrypoint.sh
entrypoint.sh
#!/bin/bash
# Copyright OpenSearch Contributors
# SPDX-License-Identifier: Apache-2.0
# This script specify the entrypoint startup actions for opensearch
# It will start both opensearch and performance analyzer plugin cli
# If either process failed, the entire docker container will be removed
# in favor of a newly started container
# Export OpenSearch Home
export OPENSEARCH_HOME=/usr/share/opensearch
export OPENSEARCH_PATH_CONF=$OPENSEARCH_HOME/config
# The virtual file /proc/self/cgroup should list the current cgroup
# membership. For each hierarchy, you can follow the cgroup path from
# this file to the cgroup filesystem (usually /sys/fs/cgroup/) and
# introspect the statistics for the cgroup for the given
# hierarchy. Alas, Docker breaks this by mounting the container
# statistics at the root while leaving the cgroup paths as the actual
# paths. Therefore, OpenSearch provides a mechanism to override
# reading the cgroup path from /proc/self/cgroup and instead uses the
# cgroup path defined the JVM system property
# opensearch.cgroups.hierarchy.override. Therefore, we set this value here so
# that cgroup statistics are available for the container this process
# will run in.
export OPENSEARCH_JAVA_OPTS="-Dopensearch.cgroups.hierarchy.override=/ $OPENSEARCH_JAVA_OPTS"
# Holds the PID of opensearch and performance analyzer processes.
declare OPENSEARCH_PID
declare PA_PID
##Security Plugin
function setupSecurityPlugin {
SECURITY_PLUGIN="opensearch-security"
if [ -d "$OPENSEARCH_HOME/plugins/$SECURITY_PLUGIN" ]; then
if [ "$DISABLE_INSTALL_DEMO_CONFIG" = "true" ]; then
echo "Disabling execution of install_demo_configuration.sh for OpenSearch Security Plugin"
else
echo "Enabling execution of install_demo_configuration.sh for OpenSearch Security Plugin"
bash $OPENSEARCH_HOME/plugins/$SECURITY_PLUGIN/tools/install_demo_configuration.sh -y -i -s
fi
if [ "$DISABLE_SECURITY_PLUGIN" = "true" ]; then
echo "Disabling OpenSearch Security Plugin"
opensearch_opt="-Eplugins.security.disabled=true"
opensearch_opts+=("${opensearch_opt}")
else
echo "Enabling OpenSearch Security Plugin"
fi
fi
}
# Trap function that is used to terminate opensearch and performance analyzer
# when a relevant signal is caught.
function terminateProcesses {
if kill -0 $OPENSEARCH_PID >& /dev/null; then
echo "Killing opensearch process $OPENSEARCH_PID"
kill -TERM $OPENSEARCH_PID
wait $OPENSEARCH_PID
fi
if ! [ "$DISABLE_PERFORMANCE_ANALYZER_AGENT_CLI" = "true" ]; then
if kill -0 $PA_PID >& /dev/null; then
echo "Killing performance analyzer process $PA_PID"
kill -TERM $PA_PID
wait $PA_PID
fi
fi
}
# Start up the opensearch and performance analyzer agent processes.
# When either of them halts, this script exits, or we receive a SIGTERM or SIGINT signal then we want to kill both these processes.
function runOpensearch {
# Files created by OpenSearch should always be group writable too
umask 0002
if [[ "$(id -u)" == "0" ]]; then
echo "OpenSearch cannot run as root. Please start your container as another user."
exit 1
fi
# Parse Docker env vars to customize OpenSearch
#
# e.g. Setting the env var cluster.name=testcluster
# will cause OpenSearch to be invoked with -Ecluster.name=testcluster
opensearch_opts=()
while IFS='=' read -r envvar_key envvar_value
do
# OpenSearch settings need to have at least two dot separated lowercase
# words, e.g. `cluster.name`, except for `processors` which we handle
# specially
if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ || "$envvar_key" == "processors" ]]; then
if [[ ! -z $envvar_value ]]; then
opensearch_opt="-E${envvar_key}=${envvar_value}"
opensearch_opts+=("${opensearch_opt}")
fi
fi
done < <(env)
setupSecurityPlugin
# Enable job control so we receive SIGCHLD when a child process terminates
set -m
# Make sure we terminate the child processes in the event of us received TERM (e.g. "docker container stop"), INT (e.g. ctrl-C), EXIT (this script terminates for an unexpected reason), or CHLD (one of the processes terminated unexpectedly)
trap terminateProcesses TERM INT EXIT CHLD
# Start opensearch
"$@" "${opensearch_opts[@]}" &
OPENSEARCH_PID=$!
# Start performance analyzer agent
if [ "$DISABLE_PERFORMANCE_ANALYZER_AGENT_CLI" = "true" ]; then
echo "Disabling performance analyzer cli"
else
$OPENSEARCH_HOME/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli > $OPENSEARCH_HOME/logs/performance-analyzer.log 2>&1 &
PA_PID=$!
fi
# Wait for the child processes to terminate
wait $OPENSEARCH_PID
local opensearch_exit_code=$?
echo "OpenSearch exited with code ${opensearch_exit_code}"
wait $PA_PID
echo "Performance analyzer exited with code $?"
# This script should exit with the same code as the opensearch command, but
# it would be a breaking change. Next line should be uncommented for the
# next major release.
# exit ${opensearch_exit_code}
}
# Prepend "opensearch" command if no argument was provided or if the first
# argument looks like a flag (i.e. starts with a dash).
if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
set -- opensearch "$@"
fi
if [ "$1" = "opensearch" ]; then
# If the first argument is opensearch, then run the setup script.
runOpensearch "$@"
else
# Otherwise, just exec the command.
exec "$@"
fi
Opensearch Dashboards
ARG OPENSEARCH_VERSION=2.4.0
ARG OPNI_VERSION=0.8.1
FROM opensearchproject/opensearch-dashboards:${OPENSEARCH_VERSION}
RUN opensearch-dashboards-plugin install https://github.com/rancher/opni-ui/releases/download/plugin-${OPNI_VERSION}/opni-dashboards-plugin-${OPNI_VERSION}.zip
Architecture
- Backends
- Core Components