charts
charts copied to clipboard
bitnami
[bitnami/elasticsearch] Help, i can't install infinilabs/analysis-ik plugin
Name and Version
bitnami/elasticsearch 21.0.1
What architecture are you using?
amd64
What steps will reproduce the bug?
Install elasticsearch with the following configuration
Are you using any custom parameters or values?
values.yaml
plugins: https://get.infini.cloud/elasticsearch/analysis-ik/8.13.2
master:
heapSize: 256m
masterOnly: false
replicaCount: 1
resourcesPreset: medium
data:
replicaCount: 0
coordinating:
replicaCount: 0
ingest:
replicaCount: 0
security:
elasticPassword: xxx
enabled: true
tls:
autoGenerated: true
What is the expected behavior?
The analysis-ik plugin installed successfully
What do you see instead?
2024-04-19T21:51:10.989519528+08:00 Extended Plugins: []
* Classname: com.infinilabs.ik.elasticsearch.AnalysisIkPlugin
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2024-04-19T21:51:14.003265815+08:00 @ WARNING: plugin requires additional permissions @
2024-04-19T21:51:14.003272559+08:00 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.net.SocketPermission * connect,resolve
2024-04-19T21:51:14.003396660+08:00 See https://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.
-> Failed installing https://get.infini.cloud/elasticsearch/analysis-ik/8.13.2
-> Rolling back https://get.infini.cloud/elasticsearch/analysis-ik/8.13.2
-> Rolled back https://get.infini.cloud/elasticsearch/analysis-ik/8.13.2
Exception in thread "main" java.nio.file.FileSystemException: /opt/bitnami/elasticsearch/config/analysis-ik: Operation not permitted
2024-04-19T21:51:14.006217429+08:00 at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:100)
2024-04-19T21:51:14.006229771+08:00 at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
2024-04-19T21:51:14.006260602+08:00 at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setMode(UnixFileAttributeViews.java:277)
at java.base/sun.nio.fs.UnixFileAttributeViews$Posix.setPermissions(UnixFileAttributeViews.java:299)
2024-04-19T21:51:14.006298700+08:00 at java.base/java.nio.file.Files.setPosixFilePermissions(Files.java:2167)
at org.elasticsearch.plugins.cli.InstallPluginAction.setFileAttributes(InstallPluginAction.java:1087)
2024-04-19T21:51:14.006332135+08:00 at org.elasticsearch.plugins.cli.InstallPluginAction.installConfig(InstallPluginAction.java:1042)
2024-04-19T21:51:14.006389886+08:00 at org.elasticsearch.plugins.cli.InstallPluginAction.installPluginSupportFiles(InstallPluginAction.java:974)
2024-04-19T21:51:14.006398025+08:00 at org.elasticsearch.plugins.cli.InstallPluginAction.installPlugin(InstallPluginAction.java:943)
at org.elasticsearch.plugins.cli.InstallPluginAction.execute(InstallPluginAction.java:254)
2024-04-19T21:51:14.006407526+08:00 at org.elasticsearch.plugins.cli.InstallPluginCommand.execute(InstallPluginCommand.java:89)
at org.elasticsearch.common.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:54)
2024-04-19T21:51:14.006438670+08:00 at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:85)
2024-04-19T21:51:14.006441102+08:00 at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:94)
2024-04-19T21:51:14.006443659+08:00 at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:85)
at org.elasticsearch.cli.Command.main(Command.java:50)
2024-04-19T21:51:14.006493039+08:00 at org.elasticsearch.launcher.CliToolLauncher.main(CliToolLauncher.java:64)
Additional information
If i use root run container
master:
containerSecurityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
enabled: true
privileged: true
readOnlyRootFilesystem: false
runAsGroup: 0
runAsNonRoot: false
runAsUser: 0
seLinuxOptions: {}
podSecurityContext:
enabled: true
fsGroup: 0
fsGroupChangePolicy: Always
supplementalGroups: []
sysctls: []
# ....
Other errors occur:
elasticsearch 14:33:47.47 INFO ==>
2024-04-19T22:33:47.476269179+08:00 elasticsearch 14:33:47.47 DEBUG ==> Copying files from /opt/bitnami/elasticsearch/config.default to /opt/bitnami/elasticsearch/config
elasticsearch 14:33:47.48 INFO ==> ** Starting Elasticsearch setup **
2024-04-19T22:33:47.494601985+08:00 elasticsearch 14:33:47.49 DEBUG ==> Ensuring expected directories/files exist...
chown: changing ownership of '/opt/bitnami/elasticsearch/config/certs/ca.crt': Read-only file system
2024-04-19T22:33:48.961388677+08:00 chown: changing ownership of '/opt/bitnami/elasticsearch/config/certs/tls.key': Read-only file system
2024-04-19T22:33:48.961391451+08:00 chown: changing ownership of '/opt/bitnami/elasticsearch/config/certs/tls.crt': Read-only file system
2024-04-19T22:33:48.961393308+08:00 chown: changing ownership of '/opt/bitnami/elasticsearch/config/certs/..data': Read-only file system
2024-04-19T22:33:48.961395937+08:00 chown: changing ownership of '/opt/bitnami/elasticsearch/config/certs/..2024_04_19_14_33_30.4069200578/tls.key': Read-only file system
2024-04-19T22:33:48.961398958+08:00 chown: changing ownership of '/opt/bitnami/elasticsearch/config/certs/..2024_04_19_14_33_30.4069200578/tls.crt': Read-only file system
2024-04-19T22:33:48.961401321+08:00 chown: changing ownership of '/opt/bitnami/elasticsearch/config/certs/..2024_04_19_14_33_30.4069200578/ca.crt': Read-only file system
2024-04-19T22:33:48.961404189+08:00 chown: changing ownership of '/opt/bitnami/elasticsearch/config/certs/..2024_04_19_14_33_30.4069200578': Read-only file system
2024-04-19T22:33:48.961411662+08:00 chown: changing ownership of '/opt/bitnami/elasticsearch/config/certs': Read-only file system
Perhaps it's because they conflict:
https://github.com/bitnami/charts/blob/3f528aaf16f9d54c6564e225dda54d87bf46dddd/bitnami/elasticsearch/templates/master/statefulset.yaml#L321-L324
https://github.com/bitnami/containers/blob/f9c0491bc648c894ce0a47cd5ced5c50e755ff92/bitnami/elasticsearch/8/debian-12/rootfs/opt/bitnami/scripts/libelasticsearch.sh#L378-L383
debug "Ensuring expected directories/files exist..."
am_i_root && ensure_user_exists "$DB_DAEMON_USER" --group "$DB_DAEMON_GROUP"
for dir in "$DB_TMP_DIR" "$DB_LOGS_DIR" "$DB_PLUGINS_DIR" "$DB_BASE_DIR/modules" "$DB_CONF_DIR"; do
ensure_dir_exists "$dir"
am_i_root && chown -R "$DB_DAEMON_USER:$DB_DAEMON_GROUP" "$dir"
done
Thank you for bringing this issue to our attention. We appreciate your involvement! If you're interested in contributing a solution, we welcome you to create a pull request. The Bitnami team is excited to review your submission and offer feedback. You can find the contributing guidelines here.
Your contribution will greatly benefit the community. Feel free to reach out if you have any questions or need assistance.
Do i just delete this line? https://github.com/bitnami/charts/blob/3f528aaf16f9d54c6564e225dda54d87bf46dddd/bitnami/elasticsearch/templates/master/statefulset.yaml#L324
mmm not at all, this is something that was recently added as a security best practice, see https://github.com/bitnami/charts/issues/24251. Let me invoke @javsalgar who worked on the changes
Could you first try removing the readOnly: true to see if that sorts the integration issue with the plugin?
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.
After the PR merged, you also must use infinilabs.eastcoal.tech instead of release.infinilabs.com to download the ik plugin.
Because the bitnami container gets plugin name from the name of the downloaded file, and infinilabs.eastcoal.tech will rewrite downloaded file from elasticsearch-analysis-ik-8.14.1.zip to analysis-ik-8.14.1.zip .
The reference codes: https://github.com/bitnami/containers/blob/e6cbc0119bc9a0b347597748e047a5109b2a85be/bitnami/elasticsearch/8/debian-12/rootfs/opt/bitnami/scripts/libelasticsearch.sh#L782-L786