From b57169901f789eb98a441a73034c67b2132f632e Mon Sep 17 00:00:00 2001
From: Thomas Schaffter <thomas.schaffter@gmail.com>
Date: Thu, 12 Oct 2023 20:06:53 +0000
Subject: [PATCH] Fix ES healthcheck

---
 apps/openchallenges/elasticsearch/docker-healthcheck | 12 ++++++++++--
 docker/openchallenges/services/elasticsearch.yml     | 10 ++++++++++
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/apps/openchallenges/elasticsearch/docker-healthcheck b/apps/openchallenges/elasticsearch/docker-healthcheck
index 4002a67d6f..b1f1d1b817 100755
--- a/apps/openchallenges/elasticsearch/docker-healthcheck
+++ b/apps/openchallenges/elasticsearch/docker-healthcheck
@@ -2,9 +2,17 @@
 # See https://github.com/docker-library/healthcheck/blob/master/elasticsearch/docker-healthcheck
 set -eo pipefail
 
-host="$(hostname --ip-address || echo '127.0.0.1')"
+host="127.0.0.1"
+port=9200
 
-if health="$(curl --cacert /usr/share/elasticsearch/config/certs/ca/ca.crt -fsSL "http://$host:9200/_cat/health?h=status")"; then
+# Authentication
+username="elastic"
+password=$ELASTIC_PASSWORD
+token=$(echo -n "$username:$password" | openssl base64)
+
+if health="$(curl -H "Authorization: Basic $token" \
+		--cacert /usr/share/elasticsearch/config/certs/ca/ca.crt \
+		-fsSL "https://$host:$port/_cat/health?h=status")"; then
 	health="$(echo "$health" | sed -r 's/^[[:space:]]+|[[:space:]]+$//g')" # trim whitespace (otherwise we'll have "green")
 	if [ "$health" = 'green' ] || [ "$health" = 'yellow' ]; then
 		exit 0
diff --git a/docker/openchallenges/services/elasticsearch.yml b/docker/openchallenges/services/elasticsearch.yml
index 3e56384945..b8425a9fcf 100644
--- a/docker/openchallenges/services/elasticsearch.yml
+++ b/docker/openchallenges/services/elasticsearch.yml
@@ -80,6 +80,8 @@ services:
         limits:
           memory: 2G
     depends_on:
+      openchallenges-elasticsearch-setup:
+        condition: service_started
       openchallenges-elasticsearch-node-2:
         condition: service_started
       openchallenges-elasticsearch-node-3:
@@ -107,6 +109,7 @@ services:
       - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certs/openchallenges-elasticsearch-node-2/openchallenges-elasticsearch-node-2.crt
       - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certs/openchallenges-elasticsearch-node-2/openchallenges-elasticsearch-node-2.key
       - xpack.security.audit.enabled=true
+      - ELASTIC_PASSWORD=changeme
     networks:
       - openchallenges
     volumes:
@@ -120,6 +123,9 @@ services:
       resources:
         limits:
           memory: 2G
+    depends_on:
+      openchallenges-elasticsearch-setup:
+        condition: service_started
 
   openchallenges-elasticsearch-node-3:
     image: ghcr.io/sage-bionetworks/openchallenges-elasticsearch:${OPENCHALLENGES_VERSION:-local}
@@ -143,6 +149,7 @@ services:
       - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certs/openchallenges-elasticsearch-node-3/openchallenges-elasticsearch-node-3.crt
       - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certs/openchallenges-elasticsearch-node-3/openchallenges-elasticsearch-node-3.key
       - xpack.security.audit.enabled=true
+      - ELASTIC_PASSWORD=changeme
     networks:
       - openchallenges
     volumes:
@@ -156,3 +163,6 @@ services:
       resources:
         limits:
           memory: 2G
+    depends_on:
+      openchallenges-elasticsearch-setup:
+        condition: service_started