docker部署时,自动创建用户密码。
bash
#!/bin/bash
set -e
# 解决 Windows 换行符问题
sed -i 's/\r$//' "$0" 2>/dev/null || true
# 核心修复:默认HTTP(ES未开HTTPS)、去掉默认密码(避免认证失败)
ES_HOST=${ES_HOST:-elasticsearch}
ES_PORT=${ES_PORT:-9200}
ES_PROTOCOL=${ES_PROTOCOL:-http}
ELASTIC_PASSWORD=${ELASTIC_PASSWORD:-} # 留空,无认证时跳过
ES_USERNAME=${ES_USERNAME:-jetlinks_admin}
ES_PASSWORD=${ES_PASSWORD:-es_ZwJl@2025!Jetlinks#124}
MAX_WAIT_SECONDS=${MAX_WAIT_SECONDS:-300}
WAIT_INTERVAL=${WAIT_INTERVAL:-5}
elapsed_seconds=0
# 极简健康检查
check_es_health() {
if [ -n "$ELASTIC_PASSWORD" ]; then
es_health=$(curl --max-time 10 --connect-timeout 5 --insecure -s -u "elastic:${ELASTIC_PASSWORD}" "${ES_PROTOCOL}://${ES_HOST}:${ES_PORT}/_cluster/health" 2>/dev/null || echo '{"status":"unreachable"}')
else
es_health=$(curl --max-time 10 --connect-timeout 5 --insecure -s "${ES_PROTOCOL}://${ES_HOST}:${ES_PORT}/_cluster/health" 2>/dev/null || echo '{"status":"unreachable"}')
fi
health_status=$(echo "$es_health" | grep -o '"status":"[^"]*' | cut -d'"' -f4)
echo "Current ES health status: $health_status"
[ "$health_status" = "green" ] || [ "$health_status" = "yellow" ]
}
# 等待ES启动
echo "Waiting for Elasticsearch at ${ES_PROTOCOL}://${ES_HOST}:${ES_PORT}..."
while ! check_es_health; do
if [ $elapsed_seconds -ge $MAX_WAIT_SECONDS ]; then
echo "❌ Timeout waiting for ES!"
exit 1
fi
echo "ES not ready (elapsed: ${elapsed_seconds}s), sleep ${WAIT_INTERVAL}s..."
sleep $WAIT_INTERVAL
elapsed_seconds=$((elapsed_seconds + WAIT_INTERVAL))
done
echo "✅ ES is ready (health: $health_status)!"
# 仅当有超管密码时,创建用户
if [ -n "$ELASTIC_PASSWORD" ]; then
# 直接创建用户并分配内置的superuser角色(最简单,不会出错)
echo "正在创建JetLinks超级管理员用户..."
# 尝试删除已存在的用户(如果存在)
curl --max-time 5 --insecure -u "elastic:${ELASTIC_PASSWORD}" -XDELETE "${ES_PROTOCOL}://${ES_HOST}:${ES_PORT}/_security/user/${ES_USERNAME}" 2>/dev/null || true
# 创建用户
USER_RESULT=$(curl --max-time 10 --insecure -u "elastic:${ELASTIC_PASSWORD}" -XPUT "${ES_PROTOCOL}://${ES_HOST}:${ES_PORT}/_security/user/${ES_USERNAME}" \
-H "Content-Type: application/json" \
-d"{
\"password\": \"${ES_PASSWORD}\",
\"roles\": [\"superuser\"],
\"full_name\": \"JetLinks Admin User\",
\"enabled\": true
}" 2>/dev/null || echo '{"created":false}')
echo "用户创建结果: $USER_RESULT"
# 验证用户
echo "验证用户创建是否成功..."
if curl --max-time 5 --insecure -u "${ES_USERNAME}:${ES_PASSWORD}" -s "${ES_PROTOCOL}://${ES_HOST}:${ES_PORT}/" >/dev/null; then
echo "✅ JetLinks超级管理员用户创建成功!"
else
echo "⚠️ 用户验证失败,但ES已启动,继续..."
fi
else
echo "⚠️ 未设置ELASTIC_PASSWORD,跳过用户创建"
# 测试是否真的需要认证
if curl --max-time 5 --insecure -s "${ES_PROTOCOL}://${ES_HOST}:${ES_PORT}/" >/dev/null; then
echo "✅ ES无需认证即可访问"
else
echo "❌ ES需要认证但未提供密码,请设置ELASTIC_PASSWORD环境变量"
fi
fi
echo "✅ 部署完成!"