Merge branch 'dbc-elk611' into 'dbc-17.09'

elk_dbc: 6.1.1

See merge request platform/nixpkgs!16

nixos/modules/dbc/services/search/elasticsearch/elasticsearch6.nix

@@ -18,11 +18,12 @@ let
 
   configDir = pkgs.buildEnv {
     name = "elasticsearch-config";
-    paths = [
-      (pkgs.writeTextDir "elasticsearch.yml" esConfig)
-      (pkgs.writeTextDir "jvm.options" cfg.jvmOptions)
-      (pkgs.writeTextDir "log4j2.properties" cfg.logging)
-    ];
+    paths = with pkgs; [
+      (writeTextDir "elasticsearch.yml" esConfig)
+      (writeTextDir "jvm.options" cfg.jvmOptions)
+      (writeTextDir "log4j2.properties" cfg.logging)
+    ]
+    ++ map ({filename, contents, ...}: writeTextDir filename contents) cfg.extraConfigFiles;
   };
 
   pluginsPath = pkgs.buildEnv {
@@ -253,6 +254,23 @@ in {
       type = types.listOf types.package;
     };
 
+    extraConfigFiles= mkOption {
+      description = "Extra files in the home/config";
+      example = [ { filename = "configfile.yml"; contents = "foo: bar"; } ];
+      default = [];
+      type = with types; listOf (submodule {
+        options = {
+          filename = mkOption {
+            description = "File name";
+            type = str;
+          };
+          contents = mkOption {
+            description = "File content string";
+            type = str;
+          };
+        };
+      });
+    };
   };
 
   ###### implementation
@@ -270,7 +288,7 @@ in {
       environment = {
         ES_HOME = cfg.home;
         ES_PATH_CONF = configDir;
-        ES_JAVA_OPTS = toString ([ "-Des.path.conf=${configDir}" ] ++ cfg.extraJavaOptions);
+        ES_JAVA_OPTS = toString (cfg.extraJavaOptions);
       };
       serviceConfig = {
         ExecStart = "${cfg.package}/bin/elasticsearch ${toString cfg.extraCmdLineOptions}";

nixos/tests/elk6-ror.nix

@@ -58,14 +58,21 @@ in {
               enable = true;
               package = pkgs.elasticsearch6_dbc;
               plugins = [ pkgs.elasticsearch6Plugins_dbc.elasticsearch_readonlyrest ];
+              extraConfigFiles = [
+                {
+                  filename = "readonlyrest.yml";
+                  contents = builtins.toJSON {
+                    readonlyrest.access_control_rules = [
+                      {
+                        name = "Block 1 - Allowing anything from localhost";
+                        hosts = ["127.0.0.1"];
+                      }
+                    ];
+                  };
+                }
+              ];
               extraConfig = {
                 network.host = "0.0.0.0";
-                readonlyrest.access_control_rules = [
-                  {
-                    name = "Block 1 - Allowing anything from localhost";
-                    hosts = ["127.0.0.1"];
-                  }
-                ];
               };
               dataDirs = with config.services.elasticsearch6_dbc; [
                 "${home}/data1"

pkgs/dbc/development/tools/misc/kibana/6.x.nix

@@ -11,9 +11,7 @@ let
   elasticArch = archOverrides."${arch}" or arch;
   plat = elemAt info 1;
   shas = {
-    "x86_64-linux"  = "03v80kxxr72pphsljy3klqcp67f842nzd3w8snf6656qdj285iaj";
-    "i686-linux"    = "1h1zr342dq7nngvzpf9pn9mvwsi7aksa3qjyqpcc4yvbmmyrlk0m"; # not fixed
-    "x86_64-darwin" = "0van8cnir6s520crc20bf2clbkf822c3ylpk7iiq7da8hwvsypp9"; # not fixed
+    "x86_64-linux"  = "0847flk4sfimcdx9wqkaglk7bvbnz1iyindz10z0d1fvbldivp46";
   };
 in stdenv.mkDerivation rec {
   name = "kibana-${version}";

pkgs/dbc/development/tools/misc/kibana/plugins.nix

@@ -5,11 +5,10 @@ with pkgs.lib;
  kibana_readonlyrest = rec {
     name = "kibana-readonlyrest-${version}";
     pluginName = "kibana-readonlyrest";
-    version = "1.16.15";
+    version = "1.16.15_es6.1.1";
     src = fetchurl {
-      url = "https://artifactory.dbc.dk/artifactory/binary-platform/kibana/readonlyrest/readonlyrest_kbn_pro-${version}_es6.0.0.zip";
-      sha256 = "17a40cc90db9ce471488021c30b29b8a5baccef4d8e35d927127e2b6901ad302";
-      name = "readonlyrest_kbn_pro-${version}_es6.0.0.zip";
+      url = "https://artifactory.dbc.dk/artifactory/binary-platform/kibana/readonlyrest/readonlyrest_kbn_pro-${version}.zip";
+      sha256 = "0xn3k63fxar881mn4nmmi1vjs71vsj33znmnfjn8mhrc6sw6kf1f";
     };
 
     meta = {

pkgs/dbc/servers/search/elasticsearch/6.x.nix

@@ -8,9 +8,15 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "https://artifacts.elastic.co/downloads/elasticsearch/${name}.tar.gz";
-    sha256 = "1x6rwf8y64cafs9i1ypxhrqy9r796w3pf0zn8i94i1mrm1vyh804";
+    sha256 = "1dkl7crha5g8h9c1zs1ahcmv221cpipzkvk574g99gdi586ckb8c";
   };
 
+  patches = [ ./es-home-6.x.patch ];
+
+  postPatch = ''
+    sed -i "s|ES_CLASSPATH=\"\$ES_HOME/lib/\*\"|ES_CLASSPATH=\"$out/lib/*\"|" ./bin/elasticsearch-env
+  '';
+
   buildInputs = [ makeWrapper jre_headless ] ++
     (if (!stdenv.isDarwin) then [utillinux] else [getopt]);
 
@@ -19,20 +25,8 @@ stdenv.mkDerivation rec {
     cp -R bin config lib modules plugins $out
 
     chmod -x $out/bin/*.*
-    cat > $out/bin/elasticsearch-env <<-EOF
-      if [ -z "\$ES_HOME" ]; then
-          echo "You must set the ES_HOME var" >&2
-          exit 1
-      fi
-      if [ -z "\$ES_PATH_CONF" ]; then
-          echo "You must set the ES_PATH_CONF var" >&2
-          exit 1
-      fi
-      JAVA="${jre_headless}"/bin/java
-    EOF
 
     wrapProgram $out/bin/elasticsearch \
-      --prefix ES_CLASSPATH : "$out/lib/*" \
       ${if (!stdenv.isDarwin)
         then ''--prefix PATH : "${utillinux}/bin/"''
         else ''--prefix PATH : "${getopt}/bin"''} \
@@ -46,8 +40,6 @@ stdenv.mkDerivation rec {
     description = "Open Source, Distributed, RESTful Search Engine";
     license = licenses.asl20;
     platforms = platforms.unix;
-    maintainers = [
-      maintainers.apeschar
-    ];
+    maintainers = with maintainers; [ apeschar basvandijk ];
   };
 }

pkgs/dbc/servers/search/elasticsearch/es-home-6.x.patch

@@ -0,0 +1,26 @@
+diff -Naur a/bin/elasticsearch-env b/bin/elasticsearch-env
+--- a/bin/elasticsearch-env	2017-12-12 13:31:51.000000000 +0100
++++ b/bin/elasticsearch-env	2017-12-18 19:51:12.282809695 +0100
+@@ -19,18 +19,10 @@
+   fi
+ done
+
+-# determine Elasticsearch home; to do this, we strip from the path until we find
+-# bin, and then strip bin (there is an assumption here that there is no nested
+-# directory under bin also named bin)
+-ES_HOME=`dirname "$SCRIPT"`
+-
+-# now make ES_HOME absolute
+-ES_HOME=`cd "$ES_HOME"; pwd`
+-
+-while [ "`basename "$ES_HOME"`" != "bin" ]; do
+-  ES_HOME=`dirname "$ES_HOME"`
+-done
+-ES_HOME=`dirname "$ES_HOME"`
++if [ -z "$ES_HOME" ]; then
++    echo "You must set the ES_HOME var" >&2
++    exit 1
++fi
+
+ # now set the classpath
+ ES_CLASSPATH="$ES_HOME/lib/*"

pkgs/dbc/servers/search/elasticsearch/plugins.nix

@@ -1,36 +1,26 @@
-{ pkgs, stdenv, fetchurl, unzip, elasticsearch }:
+{ pkgs, stdenv, fetchurl, unzip, elasticsearch, zip }:
 
 with pkgs.lib;
 
-let
-  esPlugin = a@{
-    pluginName,
-    installPhase ? ''
-      mkdir -p $out/bin
-      ES_HOME=$out ${elasticsearch}/bin/elasticsearch-plugin --install ${pluginName} --url file://$src
-    '',
-    ...
-  }:
-    stdenv.mkDerivation (a // {
-      inherit installPhase;
-      unpackPhase = "true";
-      buildInputs = [ unzip ];
-      meta = a.meta // {
-        platforms = elasticsearch.meta.platforms;
-        maintainers = (a.meta.maintainers or []) ++ [ maintainers.offline ];
-      };
-    });
-in {
-  elasticsearch_readonlyrest = esPlugin rec {
+{
+  elasticsearch_readonlyrest = stdenv.mkDerivation rec {
     name = "elasticsearch-readonlyrest-${version}";
     pluginName = "elasticsearch-readonlyrest";
-    version = "1.16.15";
+    version = "1.16.15_es6.1.1";
     src = fetchurl {
-      url = "https://artifactory.dbc.dk/artifactory/binary-platform/elasticsearch/readonlyrest/readonlyrest-${version}_es6.0.0.zip";
-      sha256 = "eb61410ae98f6f68121fd1e815eb04b940ca023248d91102896ca276aea7d48b";
-      name = "readonlyrest-${version}_es6.0.0.zip";
+      url = "https://artifactory.dbc.dk/artifactory/binary-platform/elasticsearch/readonlyrest/readonlyrest-${version}.zip";
+      sha256 = "1zbmmlps5b95dbdb7ppph58q5ij8160dwg6baxhrlch1dzvg2sbi";
     };
 
+    buildInputs = [ zip unzip ];
+    patches = [ ./ror-policy.patch ];
+
+    installPhase = ''
+      zip -r out.zip .
+      mkdir -p $out/bin
+      ES_HOME=$out ${elasticsearch}/bin/elasticsearch-plugin --install ${pluginName} --url file://$(readlink -e out.zip)
+    '';
+
     meta = {
       homepage = https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin;
       description = "Elasticsearch and Kibana security plugin";

pkgs/dbc/servers/search/elasticsearch/ror-policy.patch

@@ -0,0 +1,11 @@
+diff -Naur a/plugin-security.policy b/plugin-security.policy
+--- a/plugin-security.policy        2018-01-10 15:15:10.000000000 +0100
++++ b/plugin-security.policy       2018-01-25 09:30:02.404714101 +0100
+@@ -5,4 +5,5 @@
+   permission java.util.PropertyPermission "*", "read,write";
+   permission java.lang.RuntimePermission "getClassLoader";
+   permission java.net.SocketPermission "*", "accept, resolve, connect";
+-};
+\ No newline at end of file
++  permission java.io.FilePermission "/nix/store/-", "read, readlink";
++};

pkgs/dbc/tools/misc/logstash/6.x.nix

@@ -6,7 +6,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "https://artifacts.elastic.co/downloads/logstash/${name}.tar.gz";
-    sha256 = "0q8nq91wv1c0gwjh0qrd7k7hjrfdl9g7cwncilsdmhkny1y2adiy";
+    sha256 = "07apb0135rlbraqw3pmwf13jjhzgflr6qik0b0qxp8im0hwx082p";
   };
 
   dontBuild         = true;

pkgs/top-level/all-packages.nix

@@ -1868,7 +1868,7 @@ with pkgs;
   # The latest version used by elasticsearch, logstash, kibana and the the beats from elastic.
   elk5Version = "5.6.6";
   elk6Version = "6.1.2";
-  elk6Version_dbc = "6.0.0";
+  elk6Version_dbc = "6.1.1";
 
   elasticsearch = callPackage ../servers/search/elasticsearch { };
   elasticsearch2 = callPackage ../servers/search/elasticsearch/2.x.nix { };