Using environment variables in readonlyrest.yml (Elasticsearch on Systemd)

joemo2023 · June 23, 2022, 1:01pm

Hi there
I’m wanting to use environment variables (CentOS) in my readonlyrest.yml.
It seems that this has been supported in various ways in the past although I can’t get it working at the moment. I am using version 7.16.2.

I have tried the following syntaxes, found in previous support threads:

“${MY_ENV_VAR}”
“${ENV:MY_ENV_VAR}”
“@{env:MY_ENV_VAR}”

But each time it results in an error, e.g.:
“Cannot resolve ENV Variable ‘MY_ENV_VAR’”

Is this still supported and if so what syntax should I use?

Many thanks

joemo2023 · July 1, 2022, 9:27am

Hey there, sorry to bump, but just wondering whether environment variables are currently expected to work as per documentation or are there issues with it?
I thought maybe upgrading to 8.2.2/1.40 would solve the problem but using an environment variable such as ${LDAP_PASS} causes an exception:

uncaught exception in thread [main]
java.lang.IllegalStateException:failed to load plugin class [tech.beshu.ror.es.ReadonlyRestPlugin]
Likely root cause: org.elasticsearch.ElasticsearchException: Invalid ROR SSL configuration. Cannot resolve ENV variable ‘LDAP_PASS’.

Not a big issue, just curious because I’ve been unable to get it to work.

Edit:
Just to confirm (as that would be the obvious next question!), I have created the environment variable:

export LDAP_PASS=myldappass

printenv
> LDAP_PASS=myldappass

coutoPL · July 1, 2022, 3:16pm

Please take a look at the documentation. Here is an example in our tests.

If it doesn’t work, it probably means that JVM process doesn’t see the env (probably sth wrong with exporting)

joemo2023 · July 4, 2022, 8:17am

For info, in case anyone else has the same problem and comes across this post (this isn’t a ROR problem, but you might find yourself looking here)…

The issue is that if you are running elasticsearch as a service, it doesn’t have access to system environment variables.

To get around this, look in the elasticsearch system service file, something like this (I am running CentOS):
/usr/lib/systemd/system/elasticsearch.service

You will see the line:
EnvironmentFile=/etc/sysconfig/elasticsearch

You can set environment variables for elasticsearch inside that file, i.e. append:
LDAP_PASS=myldappass

Then:

systemctl daemon-reload

Then restart elasticsearch, and the environment variable should be picked up.

sscarduzio · July 4, 2022, 9:32am

Great point @joemo2023, very useful note. Thanks for taking the time to write this for the future googler’s benefit.