Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Elasticsearch 7.6.0 cannot be used as service in GitLab pipeline anymore #52503

Closed
dawi opened this issue Feb 19, 2020 · 3 comments · Fixed by #52525
Closed

Elasticsearch 7.6.0 cannot be used as service in GitLab pipeline anymore #52503

dawi opened this issue Feb 19, 2020 · 3 comments · Fixed by #52525
Assignees
@pugnascotia
Labels
:Delivery/Packaging RPM and deb packaging, tar and zip archives, shell and batch scripts Team:Delivery Meta label for Delivery team

Comments

@dawi
Copy link

dawi commented Feb 19, 2020

Starting with version 7.6.0 Elasticsearch cannot be started as service in a Gitlab pipeline anymore.

Gitlab sets a CI_SERVER_TLS_CA_FILE variable which contains a path to a file.
It seems that this variable is now expanded to contain the content of the file.

Service container logs:
2020-02-19T06:52:56.510497268Z ERROR: File -----BEGIN CERTIFICATE-----
2020-02-19T06:52:56.510521348Z ....
2020-02-19T06:52:56.510608065Z -----END CERTIFICATE-----
2020-02-19T06:52:56.510610718Z  from CI_SERVER_TLS_CA_FILE does not exist

I am not completely sure if this is an Elasticsearch issue or not, but I figured out that Elasticsearch does some environment variable processing and it could very well be the cause of this issue:

Also extract the support for _FILE env vars into a separate script, so
that it can be called from more than once place (the behaviour is
idempotent).

https://github.com/elastic/elasticsearch/blob/v7.6.0/distribution/src/bin/elasticsearch-env-from-file
@ywelsch ywelsch added the :Delivery/Packaging RPM and deb packaging, tar and zip archives, shell and batch scripts label Feb 19, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-core-infra (:Core/Infra/Packaging)

@jasontedor
Copy link
Member

@pugnascotia Can you take a look?

@pugnascotia
Copy link
Contributor

This is caused by #49182. We implemented a generic mechanism for sourcing secrets from files instead of environment variables, by settings SECRET_VAR_FILE (holding a file name) to populate SECRET_VAR.

However, as far as I can tell there are only really two variables where we might want this behaviour. We could apply this mechanism only for recognised variables. @jasontedor what do you think? I think that would be better than skipping processing of _FILE variables that don't point to files.

pugnascotia added a commit to pugnascotia/elasticsearch that referenced this issue Feb 19, 2020
@pugnascotia
Limit _FILE env var support to specific vars
8f90c5b 
Closes elastic#52503. Implement a list of `_FILE` env vars that will be used to
populate env vars with file content, instead of processing all `_FILE`
vars in the environment.
@pugnascotia pugnascotia mentioned this issue Feb 19, 2020
Merged
pugnascotia added a commit that referenced this issue Feb 21, 2020
@pugnascotia
Limit _FILE env var support to specific vars (#52525)
ae68e4f 
Closes #52503. Implement a list of `_FILE` env vars that will be used to
populate env vars with file content, instead of processing all `_FILE`
vars in the environment.
pugnascotia added a commit to pugnascotia/elasticsearch that referenced this issue Feb 21, 2020
@pugnascotia
Limit _FILE env var support to specific vars
7e6ae34 
Backport of elastic#52525.

Closes elastic#52503. Implement a list of `_FILE` env vars that will be used to
populate env vars with file content, instead of processing all `_FILE`
vars in the environment.
@pugnascotia pugnascotia mentioned this issue Feb 21, 2020
Merged
pugnascotia added a commit to pugnascotia/elasticsearch that referenced this issue Feb 21, 2020
@pugnascotia
Limit _FILE env var support to specific vars
63f6a77 
Backport of elastic#52525.

Closes elastic#52503. Implement a list of `_FILE` env vars that will be used to
populate env vars with file content, instead of processing all `_FILE`
vars in the environment.
@pugnascotia pugnascotia mentioned this issue Feb 21, 2020
Merged
pugnascotia added a commit that referenced this issue Feb 21, 2020
@pugnascotia
Limit _FILE env var support to specific vars (#52647)
0206b7c 
Backport of #52525.

Closes #52503. Implement a list of `_FILE` env vars that will be used to
populate env vars with file content, instead of processing all `_FILE`
vars in the environment.
pugnascotia added a commit that referenced this issue Feb 21, 2020
@pugnascotia
Limit _FILE env var support to specific vars (#52645)
ce7ebb2 
Backport of #52525.

Closes #52503. Implement a list of `_FILE` env vars that will be used to
populate env vars with file content, instead of processing all `_FILE`
vars in the environment.
@pugnascotia pugnascotia mentioned this issue Feb 26, 2020
Closed
@codebrain codebrain mentioned this issue Apr 1, 2020
Closed
@mark-vieira mark-vieira added the Team:Delivery Meta label for Delivery team label Nov 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pugnascotia pugnascotia

Labels
:Delivery/Packaging RPM and deb packaging, tar and zip archives, shell and batch scripts Team:Delivery Meta label for Delivery team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Limit _FILE env var support to specific vars pugnascotia/elasticsearch
6 participants
@dawi @ywelsch @mark-vieira @jasontedor @pugnascotia @elasticmachine