Skip to content

Commit 9aaf072

Browse files
rjernstrjernst
authored
Add pidfile access for server (#123313)
1 parent 4bd1f81 commit 9aaf072

File tree

3 files changed

+40
-31
lines changed

3 files changed

+40
-31
lines changed

libs/entitlement/src/main/java/org/elasticsearch/entitlement/bootstrap/EntitlementBootstrap.java

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,8 @@ public record BootstrapArgs(
4141
Path configDir,
4242
Path libDir,
4343
Path logsDir,
44-
Path tempDir
44+
Path tempDir,
45+
Path pidFile
4546
) {
4647
public BootstrapArgs {
4748
requireNonNull(pluginPolicies);
@@ -80,6 +81,7 @@ public static BootstrapArgs bootstrapArgs() {
8081
* @param libDir the lib directory for Elasticsearch
8182
* @param tempDir the temp directory for Elasticsearch
8283
* @param logsDir the log directory for Elasticsearch
84+
* @param pidFile path to a pid file for Elasticsearch, or {@code null} if one was not specified
8385
*/
8486
public static void bootstrap(
8587
Map<String, Policy> pluginPolicies,
@@ -91,7 +93,8 @@ public static void bootstrap(
9193
Path configDir,
9294
Path libDir,
9395
Path logsDir,
94-
Path tempDir
96+
Path tempDir,
97+
Path pidFile
9598
) {
9699
logger.debug("Loading entitlement agent");
97100
if (EntitlementBootstrap.bootstrapArgs != null) {
@@ -107,7 +110,8 @@ public static void bootstrap(
107110
configDir,
108111
libDir,
109112
logsDir,
110-
tempDir
113+
tempDir,
114+
pidFile
111115
);
112116
exportInitializationToAgent();
113117
loadAgent(findAgentJar());

libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java

Lines changed: 31 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -148,6 +148,36 @@ private static PolicyManager createPolicyManager() {
148148
);
149149

150150
List<Scope> serverScopes = new ArrayList<>();
151+
List<FileData> serverModuleFileDatas = new ArrayList<>();
152+
Collections.addAll(
153+
serverModuleFileDatas,
154+
// Base ES directories
155+
FileData.ofPath(bootstrapArgs.configDir(), READ),
156+
FileData.ofPath(bootstrapArgs.logsDir(), READ_WRITE),
157+
FileData.ofRelativePath(Path.of(""), DATA, READ_WRITE),
158+
FileData.ofRelativePath(Path.of(""), SHARED_REPO, READ_WRITE),
159+
160+
// OS release on Linux
161+
FileData.ofPath(Path.of("/etc/os-release"), READ).withPlatform(LINUX),
162+
FileData.ofPath(Path.of("/etc/system-release"), READ).withPlatform(LINUX),
163+
FileData.ofPath(Path.of("/usr/lib/os-release"), READ).withPlatform(LINUX),
164+
// read max virtual memory areas
165+
FileData.ofPath(Path.of("/proc/sys/vm/max_map_count"), READ).withPlatform(LINUX),
166+
FileData.ofPath(Path.of("/proc/meminfo"), READ).withPlatform(LINUX),
167+
// load averages on Linux
168+
FileData.ofPath(Path.of("/proc/loadavg"), READ).withPlatform(LINUX),
169+
// control group stats on Linux. cgroup v2 stats are in an unpredicable
170+
// location under `/sys/fs/cgroup`, so unfortunately we have to allow
171+
// read access to the entire directory hierarchy.
172+
FileData.ofPath(Path.of("/proc/self/cgroup"), READ).withPlatform(LINUX),
173+
FileData.ofPath(Path.of("/sys/fs/cgroup/"), READ).withPlatform(LINUX),
174+
// // io stats on Linux
175+
FileData.ofPath(Path.of("/proc/self/mountinfo"), READ).withPlatform(LINUX),
176+
FileData.ofPath(Path.of("/proc/diskstats"), READ).withPlatform(LINUX)
177+
);
178+
if (bootstrapArgs.pidFile() != null) {
179+
serverModuleFileDatas.add(FileData.ofPath(bootstrapArgs.pidFile(), READ_WRITE));
180+
}
151181
Collections.addAll(
152182
serverScopes,
153183
new Scope(
@@ -173,33 +203,7 @@ private static PolicyManager createPolicyManager() {
173203
new OutboundNetworkEntitlement(),
174204
new LoadNativeLibrariesEntitlement(),
175205
new ManageThreadsEntitlement(),
176-
new FilesEntitlement(
177-
List.of(
178-
// Base ES directories
179-
FileData.ofPath(bootstrapArgs.configDir(), READ),
180-
FileData.ofPath(bootstrapArgs.logsDir(), READ_WRITE),
181-
FileData.ofRelativePath(Path.of(""), DATA, READ_WRITE),
182-
FileData.ofRelativePath(Path.of(""), SHARED_REPO, READ_WRITE),
183-
184-
// OS release on Linux
185-
FileData.ofPath(Path.of("/etc/os-release"), READ).withPlatform(LINUX),
186-
FileData.ofPath(Path.of("/etc/system-release"), READ).withPlatform(LINUX),
187-
FileData.ofPath(Path.of("/usr/lib/os-release"), READ).withPlatform(LINUX),
188-
// read max virtual memory areas
189-
FileData.ofPath(Path.of("/proc/sys/vm/max_map_count"), READ).withPlatform(LINUX),
190-
FileData.ofPath(Path.of("/proc/meminfo"), READ).withPlatform(LINUX),
191-
// load averages on Linux
192-
FileData.ofPath(Path.of("/proc/loadavg"), READ).withPlatform(LINUX),
193-
// control group stats on Linux. cgroup v2 stats are in an unpredicable
194-
// location under `/sys/fs/cgroup`, so unfortunately we have to allow
195-
// read access to the entire directory hierarchy.
196-
FileData.ofPath(Path.of("/proc/self/cgroup"), READ).withPlatform(LINUX),
197-
FileData.ofPath(Path.of("/sys/fs/cgroup/"), READ).withPlatform(LINUX),
198-
// // io stats on Linux
199-
FileData.ofPath(Path.of("/proc/self/mountinfo"), READ).withPlatform(LINUX),
200-
FileData.ofPath(Path.of("/proc/diskstats"), READ).withPlatform(LINUX)
201-
)
202-
)
206+
new FilesEntitlement(serverModuleFileDatas)
203207
)
204208
),
205209
new Scope("org.apache.httpcomponents.httpclient", List.of(new OutboundNetworkEntitlement())),

server/src/main/java/org/elasticsearch/bootstrap/Elasticsearch.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -255,7 +255,8 @@ private static void initPhase2(Bootstrap bootstrap) throws IOException {
255255
nodeEnv.configDir(),
256256
nodeEnv.libDir(),
257257
nodeEnv.logsDir(),
258-
nodeEnv.tmpDir()
258+
nodeEnv.tmpDir(),
259+
args.pidFile()
259260
);
260261
entitlementSelfTest();
261262
} else {

0 commit comments

Comments
 (0)