pyrox.dev
Merge pull request #175000 from shyim/add-opensearch
opensearch: init at 2.5.0
authored by Kim Lindberger and committed by GitHub ad36a97d c64baa1f
+2
nixos/doc/manual/release-notes/rl-2305.section.md
+2
nixos/doc/manual/release-notes/rl-2305.section.md
···
36
37
- [imaginary](https://github.com/h2non/imaginary), a microservice for high-level image processing that Nextcloud can use to generate previews. Available as [services.imaginary](#opt-services.imaginary.enable).
38
39
- [goeland](https://github.com/slurdge/goeland), an alternative to rss2email written in golang with many filters. Available as [services.goeland](#opt-services.goeland.enable).
40
41
- [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable).
···
36
37
- [imaginary](https://github.com/h2non/imaginary), a microservice for high-level image processing that Nextcloud can use to generate previews. Available as [services.imaginary](#opt-services.imaginary.enable).
38
39
+
- [opensearch](https://opensearch.org), a search server alternative to Elasticsearch. Available as [services.opensearch](options.html#opt-services.opensearch.enable).
40
+
41
- [goeland](https://github.com/slurdge/goeland), an alternative to rss2email written in golang with many filters. Available as [services.goeland](#opt-services.goeland.enable).
42
43
- [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable).
+1
nixos/modules/module-list.nix
+1
nixos/modules/module-list.nix
+244
nixos/modules/services/search/opensearch.nix
+244
nixos/modules/services/search/opensearch.nix
···
···
1
+
{ config, lib, pkgs, ... }:
2
+
3
+
with lib;
4
+
5
+
let
6
+
cfg = config.services.opensearch;
7
+
8
+
settingsFormat = pkgs.formats.yaml {};
9
+
10
+
configDir = cfg.dataDir + "/config";
11
+
12
+
usingDefaultDataDir = cfg.dataDir == "/var/lib/opensearch";
13
+
usingDefaultUserAndGroup = cfg.user == "opensearch" && cfg.group == "opensearch";
14
+
15
+
opensearchYml = settingsFormat.generate "opensearch.yml" cfg.settings;
16
+
17
+
loggingConfigFilename = "log4j2.properties";
18
+
loggingConfigFile = pkgs.writeTextFile {
19
+
name = loggingConfigFilename;
20
+
text = cfg.logging;
21
+
};
22
+
in
23
+
{
24
+
25
+
options.services.opensearch = {
26
+
enable = mkEnableOption (lib.mdDoc "OpenSearch");
27
+
28
+
package = lib.mkPackageOptionMD pkgs "OpenSearch" {
29
+
default = [ "opensearch" ];
30
+
};
31
+
32
+
settings = lib.mkOption {
33
+
type = lib.types.submodule {
34
+
freeformType = settingsFormat.type;
35
+
36
+
options."network.host" = lib.mkOption {
37
+
type = lib.types.str;
38
+
default = "127.0.0.1";
39
+
description = lib.mdDoc ''
40
+
Which port this service should listen on.
41
+
'';
42
+
};
43
+
44
+
options."cluster.name" = lib.mkOption {
45
+
type = lib.types.str;
46
+
default = "opensearch";
47
+
description = lib.mdDoc ''
48
+
The name of the cluster.
49
+
'';
50
+
};
51
+
52
+
options."discovery.type" = lib.mkOption {
53
+
type = lib.types.str;
54
+
default = "single-node";
55
+
description = lib.mdDoc ''
56
+
The type of discovery to use.
57
+
'';
58
+
};
59
+
60
+
options."http.port" = lib.mkOption {
61
+
type = lib.types.port;
62
+
default = 9200;
63
+
description = lib.mdDoc ''
64
+
The port to listen on for HTTP traffic.
65
+
'';
66
+
};
67
+
68
+
options."transport.port" = lib.mkOption {
69
+
type = lib.types.port;
70
+
default = 9300;
71
+
description = lib.mdDoc ''
72
+
The port to listen on for transport traffic.
73
+
'';
74
+
};
75
+
};
76
+
77
+
default = {};
78
+
79
+
description = lib.mdDoc ''
80
+
OpenSearch configuration.
81
+
'';
82
+
};
83
+
84
+
logging = lib.mkOption {
85
+
description = lib.mdDoc "opensearch logging configuration.";
86
+
87
+
default = ''
88
+
logger.action.name = org.opensearch.action
89
+
logger.action.level = info
90
+
91
+
appender.console.type = Console
92
+
appender.console.name = console
93
+
appender.console.layout.type = PatternLayout
94
+
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n
95
+
96
+
rootLogger.level = info
97
+
rootLogger.appenderRef.console.ref = console
98
+
'';
99
+
type = types.str;
100
+
};
101
+
102
+
dataDir = lib.mkOption {
103
+
type = lib.types.path;
104
+
default = "/var/lib/opensearch";
105
+
apply = converge (removeSuffix "/");
106
+
description = lib.mdDoc ''
107
+
Data directory for OpenSearch. If you change this, you need to
108
+
manually create the directory. You also need to create the
109
+
`opensearch` user and group, or change
110
+
[](#opt-services.opensearch.user) and
111
+
[](#opt-services.opensearch.group) to existing ones with
112
+
access to the directory.
113
+
'';
114
+
};
115
+
116
+
user = lib.mkOption {
117
+
type = lib.types.str;
118
+
default = "opensearch";
119
+
description = lib.mdDoc ''
120
+
The user OpenSearch runs as. Should be left at default unless
121
+
you have very specific needs.
122
+
'';
123
+
};
124
+
125
+
group = lib.mkOption {
126
+
type = lib.types.str;
127
+
default = "opensearch";
128
+
description = lib.mdDoc ''
129
+
The group OpenSearch runs as. Should be left at default unless
130
+
you have very specific needs.
131
+
'';
132
+
};
133
+
134
+
extraCmdLineOptions = lib.mkOption {
135
+
description = lib.mdDoc "Extra command line options for the OpenSearch launcher.";
136
+
default = [ ];
137
+
type = lib.types.listOf lib.types.str;
138
+
};
139
+
140
+
extraJavaOptions = lib.mkOption {
141
+
description = lib.mdDoc "Extra command line options for Java.";
142
+
default = [ ];
143
+
type = lib.types.listOf lib.types.str;
144
+
example = [ "-Djava.net.preferIPv4Stack=true" ];
145
+
};
146
+
147
+
restartIfChanged = lib.mkOption {
148
+
type = lib.types.bool;
149
+
description = lib.mdDoc ''
150
+
Automatically restart the service on config change.
151
+
This can be set to false to defer restarts on a server or cluster.
152
+
Please consider the security implications of inadvertently running an older version,
153
+
and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
154
+
'';
155
+
default = true;
156
+
};
157
+
};
158
+
159
+
config = mkIf cfg.enable {
160
+
systemd.services.opensearch = {
161
+
description = "OpenSearch Daemon";
162
+
wantedBy = [ "multi-user.target" ];
163
+
after = [ "network.target" ];
164
+
path = [ pkgs.inetutils ];
165
+
inherit (cfg) restartIfChanged;
166
+
environment = {
167
+
OPENSEARCH_HOME = cfg.dataDir;
168
+
OPENSEARCH_JAVA_OPTS = toString cfg.extraJavaOptions;
169
+
OPENSEARCH_PATH_CONF = configDir;
170
+
};
171
+
serviceConfig = {
172
+
ExecStartPre =
173
+
let
174
+
startPreFullPrivileges = ''
175
+
set -o errexit -o pipefail -o nounset -o errtrace
176
+
shopt -s inherit_errexit
177
+
'' + (optionalString (!config.boot.isContainer) ''
178
+
# Only set vm.max_map_count if lower than ES required minimum
179
+
# This avoids conflict if configured via boot.kernel.sysctl
180
+
if [ $(${pkgs.procps}/bin/sysctl -n vm.max_map_count) -lt 262144 ]; then
181
+
${pkgs.procps}/bin/sysctl -w vm.max_map_count=262144
182
+
fi
183
+
'');
184
+
startPreUnprivileged = ''
185
+
set -o errexit -o pipefail -o nounset -o errtrace
186
+
shopt -s inherit_errexit
187
+
188
+
# Install plugins
189
+
ln -sfT ${cfg.package}/lib ${cfg.dataDir}/lib
190
+
ln -sfT ${cfg.package}/modules ${cfg.dataDir}/modules
191
+
192
+
# opensearch needs to create the opensearch.keystore in the config directory
193
+
# so this directory needs to be writable.
194
+
mkdir -p ${configDir}
195
+
chmod 0700 ${configDir}
196
+
197
+
# Note that we copy config files from the nix store instead of symbolically linking them
198
+
# because otherwise X-Pack Security will raise the following exception:
199
+
# java.security.AccessControlException:
200
+
# access denied ("java.io.FilePermission" "/var/lib/opensearch/config/opensearch.yml" "read")
201
+
202
+
cp ${opensearchYml} ${configDir}/opensearch.yml
203
+
204
+
# Make sure the logging configuration for old OpenSearch versions is removed:
205
+
rm -f "${configDir}/logging.yml"
206
+
cp ${loggingConfigFile} ${configDir}/${loggingConfigFilename}
207
+
mkdir -p ${configDir}/scripts
208
+
cp ${cfg.package}/config/jvm.options ${configDir}/jvm.options
209
+
210
+
# redirect jvm logs to the data directory
211
+
mkdir -p ${cfg.dataDir}/logs
212
+
chmod 0700 ${cfg.dataDir}/logs
213
+
sed -e '#logs/gc.log#${cfg.dataDir}/logs/gc.log#' -i ${configDir}/jvm.options
214
+
'';
215
+
in [
216
+
"+${pkgs.writeShellScript "opensearch-start-pre-full-privileges" startPreFullPrivileges}"
217
+
"${pkgs.writeShellScript "opensearch-start-pre-unprivileged" startPreUnprivileged}"
218
+
];
219
+
ExecStartPost = pkgs.writeShellScript "opensearch-start-post" ''
220
+
set -o errexit -o pipefail -o nounset -o errtrace
221
+
shopt -s inherit_errexit
222
+
223
+
# Make sure opensearch is up and running before dependents
224
+
# are started
225
+
while ! ${pkgs.curl}/bin/curl -sS -f http://${cfg.settings."network.host"}:${toString cfg.settings."http.port"} 2>/dev/null; do
226
+
sleep 1
227
+
done
228
+
'';
229
+
ExecStart = "${cfg.package}/bin/opensearch ${toString cfg.extraCmdLineOptions}";
230
+
User = cfg.user;
231
+
Group = cfg.group;
232
+
LimitNOFILE = "1024000";
233
+
Restart = "always";
234
+
TimeoutStartSec = "infinity";
235
+
DynamicUser = usingDefaultUserAndGroup && usingDefaultDataDir;
236
+
} // (optionalAttrs (usingDefaultDataDir) {
237
+
StateDirectory = "opensearch";
238
+
StateDirectoryMode = "0700";
239
+
});
240
+
};
241
+
242
+
environment.systemPackages = [ cfg.package ];
243
+
};
244
+
}
+1
nixos/tests/all-tests.nix
+1
nixos/tests/all-tests.nix
···
490
ombi = handleTest ./ombi.nix {};
491
openarena = handleTest ./openarena.nix {};
492
openldap = handleTest ./openldap.nix {};
493
+
opensearch = discoverTests (import ./opensearch.nix);
494
openresty-lua = handleTest ./openresty-lua.nix {};
495
opensmtpd = handleTest ./opensmtpd.nix {};
496
opensmtpd-rspamd = handleTest ./opensmtpd-rspamd.nix {};
+52
nixos/tests/opensearch.nix
+52
nixos/tests/opensearch.nix
···
···
1
+
let
2
+
opensearchTest =
3
+
import ./make-test-python.nix (
4
+
{ pkgs, lib, extraSettings ? {} }: {
5
+
name = "opensearch";
6
+
meta.maintainers = with pkgs.lib.maintainers; [ shyim ];
7
+
8
+
nodes.machine = lib.mkMerge [
9
+
{
10
+
virtualisation.memorySize = 2048;
11
+
services.opensearch.enable = true;
12
+
}
13
+
extraSettings
14
+
];
15
+
16
+
testScript = ''
17
+
machine.start()
18
+
machine.wait_for_unit("opensearch.service")
19
+
machine.wait_for_open_port(9200)
20
+
21
+
machine.succeed(
22
+
"curl --fail localhost:9200"
23
+
)
24
+
'';
25
+
});
26
+
in
27
+
{
28
+
opensearch = opensearchTest {};
29
+
opensearchCustomPathAndUser = opensearchTest {
30
+
extraSettings = {
31
+
services.opensearch.dataDir = "/var/opensearch_test";
32
+
services.opensearch.user = "open_search";
33
+
services.opensearch.group = "open_search";
34
+
system.activationScripts.createDirectory = {
35
+
text = ''
36
+
mkdir -p "/var/opensearch_test"
37
+
chown open_search:open_search /var/opensearch_test
38
+
chmod 0700 /var/opensearch_test
39
+
'';
40
+
deps = [ "users" "groups" ];
41
+
};
42
+
users = {
43
+
groups.open_search = {};
44
+
users.open_search = {
45
+
description = "OpenSearch daemon user";
46
+
group = "open_search";
47
+
isSystemUser = true;
48
+
};
49
+
};
50
+
};
51
+
};
52
+
}
+54
pkgs/servers/search/opensearch/default.nix
+54
pkgs/servers/search/opensearch/default.nix
···
···
1
+
{ lib
2
+
, stdenvNoCC
3
+
, fetchurl
4
+
, makeWrapper
5
+
, jre_headless
6
+
, util-linux
7
+
, gnugrep
8
+
, coreutils
9
+
, autoPatchelfHook
10
+
, zlib
11
+
, nixosTests
12
+
}:
13
+
14
+
stdenvNoCC.mkDerivation rec {
15
+
pname = "opensearch";
16
+
version = "2.5.0";
17
+
18
+
src = fetchurl {
19
+
url = "https://artifacts.opensearch.org/releases/bundle/opensearch/${version}/opensearch-${version}-linux-x64.tar.gz";
20
+
hash = "sha256-WPD5StVBb/hK+kP/1wkQQBKRQma/uaP+8ULeIFUBL1U=";
21
+
};
22
+
23
+
nativeBuildInputs = [ makeWrapper ];
24
+
buildInputs = [ jre_headless util-linux ];
25
+
patches = [./opensearch-home-fix.patch ];
26
+
27
+
installPhase = ''
28
+
runHook preInstall
29
+
30
+
mkdir -p $out
31
+
cp -R bin config lib modules plugins $out
32
+
33
+
substituteInPlace $out/bin/opensearch \
34
+
--replace 'bin/opensearch-keystore' "$out/bin/opensearch-keystore"
35
+
36
+
wrapProgram $out/bin/opensearch \
37
+
--prefix PATH : "${lib.makeBinPath [ util-linux gnugrep coreutils ]}" \
38
+
--set JAVA_HOME "${jre_headless}"
39
+
40
+
wrapProgram $out/bin/opensearch-plugin --set JAVA_HOME "${jre_headless}"
41
+
42
+
runHook postInstall
43
+
'';
44
+
45
+
passthru.tests = nixosTests.opensearch;
46
+
47
+
meta = {
48
+
description = "Open Source, Distributed, RESTful Search Engine";
49
+
homepage = "https://github.com/opensearch-project/OpenSearch";
50
+
license = lib.licenses.asl20;
51
+
platforms = lib.platforms.unix;
52
+
maintainers = with lib.maintainers; [ shyim ];
53
+
};
54
+
}
+26
pkgs/servers/search/opensearch/opensearch-home-fix.patch
+26
pkgs/servers/search/opensearch/opensearch-home-fix.patch
···
···
1
+
diff -Naur a/bin/opensearch-env b/bin/opensearch-env
2
+
--- a/bin/opensearch-env 2017-12-12 13:31:51.000000000 +0100
3
+
+++ b/bin/opensearch-env 2017-12-18 19:51:12.282809695 +0100
4
+
@@ -19,18 +19,10 @@
5
+
fi
6
+
done
7
+
8
+
-# determine OpenSearch home; to do this, we strip from the path until we find
9
+
-# bin, and then strip bin (there is an assumption here that there is no nested
10
+
-# directory under bin also named bin)
11
+
-OPENSEARCH_HOME=`dirname "$SCRIPT"`
12
+
-
13
+
-# now make OPENSEARCH_HOME absolute
14
+
-OPENSEARCH_HOME=`cd "$OPENSEARCH_HOME"; pwd`
15
+
-
16
+
-while [ "`basename "$OPENSEARCH_HOME"`" != "bin" ]; do
17
+
- OPENSEARCH_HOME=`dirname "$OPENSEARCH_HOME"`
18
+
-done
19
+
-OPENSEARCH_HOME=`dirname "$OPENSEARCH_HOME"`
20
+
+if [ -z "$OPENSEARCH_HOME" ]; then
21
+
+ echo "You must set the OPENSEARCH_HOME var" >&2
22
+
+ exit 1
23
+
+fi
24
+
25
+
# now set the classpath
26
+
OPENSEARCH_CLASSPATH="$OPENSEARCH_HOME/lib/*"
+2
pkgs/top-level/all-packages.nix
+2
pkgs/top-level/all-packages.nix