@Override public BootstrapCheckResult check(BootstrapContext context) { if (isSystemCallFilterInstalled() && mightFork()) { return BootstrapCheckResult.failure(message(context)); } else { return BootstrapCheckResult.success(); } }
void init(final boolean daemonize, final Path pidFile, final boolean quiet, Environment initialEnv) throws NodeValidationException, UserException { try { Bootstrap.init(!daemonize, pidFile, quiet, initialEnv); } catch (BootstrapException | RuntimeException e) { // format exceptions to the console in a special way // to avoid 2MB stacktraces from guice, etc. throw new StartupException(e); } }
/** * Add dynamic {@link SocketPermission}s based on HTTP and transport settings. * * @param policy the {@link Permissions} instance to apply the dynamic {@link SocketPermission}s to. * @param settings the {@link Settings} instance to read the HTTP and transport settings from */ private static void addBindPermissions(Permissions policy, Settings settings) { addSocketPermissionForHttp(policy, settings); addSocketPermissionForTransportProfiles(policy, settings); addSocketPermissionForTribeNodes(policy, settings); }
@Override public BootstrapCheckResult check(BootstrapContext context) { if (BootstrapSettings.MEMORY_LOCK_SETTING.get(context.settings()) && !isMemoryLocked()) { return BootstrapCheckResult.failure("memory locking requested for elasticsearch process but memory is not locked"); } else { return BootstrapCheckResult.success(); } }
@Override public BootstrapCheckResult check(BootstrapContext context) { if (BootstrapSettings.SYSTEM_CALL_FILTER_SETTING.get(context.settings()) && !isSystemCallFilterInstalled()) { final String message = "system call filters failed to install; " + "check the logs and fix your configuration or disable system call filters at your own risk"; return BootstrapCheckResult.failure(message); } else { return BootstrapCheckResult.success(); } }
public final BootstrapCheckResult check(BootstrapContext context) { final long maxFileDescriptorCount = getMaxFileDescriptorCount(); if (maxFileDescriptorCount != -1 && maxFileDescriptorCount < limit) { final String message = String.format( Locale.ROOT, "max file descriptors [%d] for elasticsearch process is too low, increase to at least [%d]", getMaxFileDescriptorCount(), limit); return BootstrapCheckResult.failure(message); } else { return BootstrapCheckResult.success(); } }
@Override public BootstrapCheckResult check(BootstrapContext context) { if (getVmName().toLowerCase(Locale.ROOT).contains("client")) { final String message = String.format( Locale.ROOT, "JVM is using the client VM [%s] but should be using a server VM for the best performance", getVmName()); return BootstrapCheckResult.failure(message); } else { return BootstrapCheckResult.success(); } }
@Override public final BootstrapCheckResult check(BootstrapContext context) { if (isAllPermissionGranted()) { return BootstrapCheck.BootstrapCheckResult.failure("granting the all permission effectively disables security"); } return BootstrapCheckResult.success(); }
/** * Returns true if we were able to lock the process's address space. */ public static boolean isMemoryLocked() { return Natives.isMemoryLocked(); }
/** Returns true if user is root, false if not, or if we don't know */ static boolean definitelyRunningAsRoot() { if (Constants.WINDOWS) { return false; // don't know } try { return JNACLibrary.geteuid() == 0; } catch (UnsatisfiedLinkError e) { // this will have already been logged by Kernel32Library, no need to repeat it return false; } }
/** * Required method that's called by Apache Commons procrun when * running as a service on Windows, when the service is stopped. * * http://commons.apache.org/proper/commons-daemon/procrun.html * * NOTE: If this method is renamed and/or moved, make sure to * update elasticsearch-service.bat! */ static void close(String[] args) throws IOException { Bootstrap.stop(); }
/** * Returns true if system call filter is installed (supported systems only) */ public static boolean isSystemCallFilterInstalled() { return Natives.isSystemCallFilterInstalled(); }
@Override public void printStackTrace(PrintWriter s) { printStackTrace(s::println); }
@Override protected void validateNodeBeforeAcceptingRequests( final BootstrapContext context, final BoundTransportAddress boundTransportAddress, List<BootstrapCheck> checks) throws NodeValidationException { BootstrapChecks.check(context, boundTransportAddress, checks); }
public String getMessage() { assert isFailure(); assert message != null; return message; }
boolean isMemoryLocked() { return Natives.isMemoryLocked(); }
boolean isSystemCallFilterInstalled() { return Natives.isSystemCallFilterInstalled(); }
@Override public void printStackTrace(PrintStream s) { printStackTrace(s::println); }