Aufsetzen einer neuen DeepGreen-Instanz

In diesem Abschnitt sind alle wesentlichen Schritte enthalten, um die unter https://github.com//OA-DeepGreen erhältlichen Repositorien zu einem funktionierenden DeepGreen-System als Ganzes zusammenzufügen.

Ein wichtiger Hinweis sei hier jedoch schon angebracht: DeepGreen ist auf Basis von Python 2.7 geschrieben und verwendet zig Unterpakete (die via pip nachinstalliert werden); jedoch

Achtung

===> !!! Ende 2019 läuft der offizielle Support für Python 2.x aus !!! <===

Es könnte also nach Dezember 2019 kleiner (oder größere) Komplikationen bei der Installation und der Inbetriebnahme einer (neuen) DeepGreen-Instanz geben.

Installationsschritte im Einzelnen
# ============================================================
#   Things to be done for the li1x.int.zib.de - Installation
# ============================================================

#  purpose,  hostname,         ip,            mac,                cpu,  ram,   image
#  tapp1,    li11.int.zib.de,  10.255.0.11,   00:00:00:00:00:11,  1,    2 GB,   50 GB
#  tapp2,    li12.int.zib.de,  10.255.0.12,   00:00:00:00:00:12,  1,    4 GB,  150 GB
#  tgateway, li13.int.zib.de,  10.255.0.13,   00:00:00:00:00:13,  1,    2 GB,   50 GB
#  tindex1,  li14.int.zib.de,  10.255.0.14,   00:00:00:00:00:14,  1,    4 GB,  150 GB

# user 'green' is assigned to group 'kobv' [ pw: *** ]
# user 'deep' is additionally assigned to group 'wheel' [ pw: *** ]
#
# > [someone@li1x ~]$ sudo useradd -c 'DFG DeepGreen Project' -G kobv -m -u 1001 green
# > [someone@li1x ~]$ sudo passwd green
# > [someone@li1x ~]$ sudo useradd -c 'DFG DeepGreen Project' -G kobv,wheel -m -u 1002 deep
# > [someone@li1x ~]$ sudo passwd deep
#
# ... and afterwards on each li1x machine separately:
# a)
# > [green@li1x ~]$ ssh-keygen [-t rsa] -b 4096 -N ''
# b)
# > [green@li1x ~]$ for y in 1 2 3 4; do \
# > [green@li1x ~]$  [ ${y} -ne  x ] && (scp "green@li1${y}":.ssh/id_rsa.pub .ssh/"id_rsa_li1${y}.pub"; \
# > [green@li1x ~]$                      cat .ssh/"id_rsa_li1${y}.pub" >>.ssh/authorized_keys); \
# > [green@li1x ~]$ done
# > [green@li1x ~]$ chmod g-w .ssh/authorized_keys   ## ...!!! forgotten each time, sigh.
#
#
# ports needed to be open (per virtual machine li1x):
#
# > $ sudo firewall-cmd --list-ports
# > $ sudo firewall-cmd --add-port=<portid>/<protocoll>
# > $ sudo firewall-cmd --permanent --add-port=<portid>/<protocoll>
#
# ports needed to be open:
#
#  purpose,   hostname,          port(s)
#  tapp1,     li11.int.zib.de,   22/tcp:80/tcp:5998/tcp
#  tapp2,     li12.int.zib.de,   22/tcp:5025/tcp:5027/tcp:5030/tcp:5999/tcp
#  tgateway,  li13.int.zib.de,   22/tcp:80/tcp:443/tcp:5601/tcp:9200/tcp
#  tindex1,   li14.int.zib.de,   22/tcp:5601/tcp:9200/tcp


# ***************************
# * Still Unresolved Issues *
# ***************************
#
#
# + UNSUCCESSFUL(!!) /ALIENS/ LOGIN TRIALS
#
#   > $ ssh green@sl61.kobv.de
#   > green@sl61.kobv.de's password:
#   > Last failed login: Thu Sep  8 05:21:39 CEST 2016 from 46.183.221.133 on ssh:notty
#   > There were 2 failed login attempts since the last successful login.
#   > Last login: Wed Sep  7 09:42:30 2016 from gast-021-067.zib.de
#   > $
#
#   > $ host 46.183.221.133
#   > 133.221.183.46.in-addr.arpa domain name pointer ip-221-133.dataclub.biz.
#
#   Unbelievable, but sadly true...
#
#
# + OCCASIONAL REBOOT
#
#   In the very unlikely event... well, there should be
#   a strict boot sequence of the machines sl6x, as follows:
#
#     sl64  sl63  sl61  sl62
#
#   Other sequences might work, no warranty whatsoever.
#   All machines depend on the index elasticsearch (sl64),
#   and the applications connect through the gate (sl63).
#   So, there you are:  Please have a close look if all
#   services are up and running, right after rebooting...!
#
#
# + NGINX (both on sl61 /and/ sl63 !)
#
#   It seems that the 'Content-Type' for .svg file is not set.
#   Instead a client receives 'application/octet-stream'; for
#   what reason ever. Sigh.
#   So, there is a (very ugly) .gif alternative as
#   DeepGreen_Logo which is played out for the time being,
#   see jper/service/index.html and jper/service/footer.html .
#
#
# + REST-API (on sl61)
#   OAIPMH / SWORD-IN / SWORD-OUT (all on sl62)
#
#   All these interfaces are NOT thoroughly tested yet.  Having
#   said this, the unit test with 'nosetests' detects only minor
#   failures (due, for example, to the missing postcodes in the
#   current matching algorithm).
#



# -----------------------------
#  For all li11 li12 li13 li14
# -----------------------------

sudo yum install git -y

## sudo rpm -Uvh http://nginx.org/packages/rhel/7/noarch/RPMS/nginx-release-rhel-7-0.el7.ngx.noarch.rpm
sudo vi /etc/yum.repos.d/nginx.repo  #  !!! edit: NEW file !!!
#; # nginx.repo
#; [nginx]
#; name=nginx repo
#; baseurl=http://nginx.org/packages/rhel/7/$basearch/
#; gpgcheck=0
#; enabled=1
sudo yum install nginx -y

sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install python-pip -y
sudo yum install python-devel -y
#sudo yum install python-setuptools

sudo pip install --upgrade pip
sudo pip install --upgrade virtualenv
sudo rm /usr/lib64/python2.7/site-packages/pyOpenSSL-*
sudo pip install --upgrade urllib3[secure]
sudo pip install --upgrade gunicorn
sudo pip install --upgrade requests



# tapp1: For li11.int.zib.de ONLY (as user 'green')
# -------------------------------------------------

ssh green@li11.int.zib.de
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --add-service=http
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=5998/tcp
sudo firewall-cmd --add-port=5998/tcp
sudo semanage port -a -t http_port_t -p tcp 5998  #  jper service
exit

ssh green@li11.int.zib.de
cd
virtualenv -p python2.7 jper --no-site-packages
cd jper
mkdir src
cd src
git clone http://github.com/OA-DeepGreen/jper.git

sudo pip install --upgrade supervisor
curl -s https://raw.githubusercontent.com/Supervisor/initscripts/master/centos-systemd-etcs > ~/supervisord.service
sudo mv ~/supervisord.service /usr/lib/systemd/system/supervisord.service
sudo chmod g-w /usr/lib/systemd/system/supervisord.service
sudo chown root:root /usr/lib/systemd/system/supervisord.service
cd /etc/systemd/system/multi-user.target.wants
sudo ln -s /usr/lib/systemd/system/supervisord.service .
cd
sudo systemctl stop supervisord
sudo mkdir /var/log/supervisor
sudo mkdir /etc/supervisor/
sudo mkdir /etc/supervisor/conf.d
sudo cp /home/green/jper/src/jper/deployment/supervisord.conf /etc/supervisor/supervisord.conf
cd /etc
sudo ln -s supervisor/supervisord.conf .
cd
sudo systemctl start supervisord
exit

ssh green@li11.int.zib.de
sudo yum install gcc -y
sudo yum install libxml2-devel -y
sudo yum install libxslt-devel -y
sudo yum install zlib-devel -y
sudo yum install expect -y
sudo yum install python34 -y
mkdir jper_reports
mkdir ftptmp
cd ~/jper/src/jper
source ../../bin/activate
pip install --upgrade urllib3[secure]
pip install --upgrade gunicorn
vi .gitmodules   # edit: change 'git@github.com:' --> 'https://github.com/'
git submodule init
git submodule update
vi jper/src/jper/magnificent-octopus/octopus/modules/jper/settings.py
#; JPER_BASE_URL = "https://test.oa-deepgreen.de/api/v1"
cp config/service.py local.cfg
vi local.cfg  # !!! edit: adjust to local installation environment !!!
#; SSL = True
#; ELASTIC_SEARCH_HOST = "http://li13.int.zib.de:9200"
#; ELASTIC_SEARCH_VERSION = "2.4.6"
#; ESDAO_TIME_BOX_LOOKBACK_ROUTED = 24
#; MAIL_FROM_ADDRESS = "green@test-deepgreen.de"
#; MAIL_SUBJECT_PREFIX = "[test-deepgreen] "
#; BASE_URL = "https://test.oa-deepgreen.de/"
#; PACKAGE_HANDLERS = {
#;     "https://datahub.deepgreen.org/FilesAndJATS": "service.packages.FilesAndJATS",
#;     "https://datahub.deepgreen.org/FilesAndRSC": "service.packages.FilesAndRSC",
#;     "http://purl.org/net/sword/package/SimpleZip" : "service.packages.SimpleZip"
#; }
#; API_URL = "https://test.oa-deepgreen.de/api/v1/notification"
#; TMP_DIR = "/home/green/ftptmp"
#; MOVEFTP_SCHEDULE = 2
#; PROCESSFTP_SCHEDULE = 5
#; CHECKUNROUTED_SCHEDULE = 15
#; REPORTSDIR = "/home/green/jper_reports"
#; SCHEDULE_MONTHLY_REPORTING = False
#; SCHEDULE_KEEP_ROUTED_MONTHS = 24
#; STORE_JPER_URL = "http://li12.int.zib.de"
#; KEEP_FAILED_NOTIFICATIONS = True
pip install --upgrade -r requirements.txt   # successfully completed!!! (-:
cd OAUtils/src
vi utils/config.py # adjust in !!last!! line:
#; configES = [{'host': 'li13.int.zib.de', 'port': 9200, 'timeout': 60}]
#; #                    ^^^^^^^^^^^^^^^^^
pip install --upgrade -e .
cd ../..
cd API/src
pip install --upgrade -e .
exit

ssh green@li11.int.zib.de
sudo groupadd sftpusers
sudo vi /etc/sudoers.d/03-deepgreen
#; ### bzfxxx: enable tty-less sFTP operations
#; Defaults!/home/green/jper/src/jper/service/models/createFTPuser.sh !requiretty
#; Defaults!/home/green/jper/src/jper/service/models/moveFTPfiles.sh !requiretty
#; Defaults!/home/green/jper/src/jper/service/models/deleteFTPuser.sh !requiretty
#;
#; ### bzfxxx: grant user green some sFTP operations
#; green ALL=(root) NOPASSWD: /home/green/jper/src/jper/service/models/createFTPuser.sh
#; green ALL=(root) NOPASSWD: /home/green/jper/src/jper/service/models/moveFTPfiles.sh
#; green ALL=(root) NOPASSWD: /home/green/jper/src/jper/service/models/deleteFTPuser.sh
sudo mkdir /home/sftpusers
sudo vi /etc/ssh/sshd_config
#;
#; #PasswordAuthentication yes
#;
#; Match Group !sftpusers
#;   PasswordAuthentication no
#;
#; Match Group sftpusers
#;   PasswordAuthentication yes
#;   ChrootDirectory /home/sftpusers/%u
#;   AllowTCPForwarding no
#;   X11Forwarding no
#;   ForceCommand internal-sftp
sudo systemctl restart sshd
sudo systemctl status sshd
exit

ssh green@li11.int.zib.de
cd /etc/nginx/conf.d
sudo mv default.conf default.conf.backup
sudo cp ~/jper/src/jper/deployment/jper_nginx jper_nginx.conf
#; if necessary, remove 'default_server' from /etc/nginx/nginx.conf instead. Really!
sudo systemctl restart nginx
exit

ssh green@li11.int.zib.de
cd /etc/supervisor/conf.d
sudo ln -s /home/green/jper/src/jper/deployment/jper.conf .
sudo supervisorctl reread
sudo supervisorctl update



# tapp2: For li12.int.zib.de ONLY (as user 'green')
# -------------------------------------------------

ssh green@li12.int.zib.de
sudo mkdir /data/green
sudo chown green:green /data/green
mkdir /data/green/jperstore
ln -s /data/green/jperstore .
exit

ssh green@li12.int.zib.de
# 2018-04-04 TD : port 80 (service http) taken out since this shall not be world-wide open!
# sudo firewall-cmd --permanent --add-service=http
# sudo firewall-cmd --add-service=http
# 2018-04-04 TD : instead do the following:
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.255.103.11" service name="http" log prefix="http" level="info" accept'
sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.255.103.11" service name="http" log prefix="http" level="info" accept'
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.255.103.13" service name="http" log prefix="http" level="info" accept'
sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.255.103.13" service name="http" log prefix="http" level="info" accept'
#
sudo firewall-cmd --permanent --add-port=5025/tcp
sudo firewall-cmd --add-port=5025/tcp
sudo firewall-cmd --permanent --add-port=5027/tcp
sudo firewall-cmd --add-port=5027/tcp
sudo firewall-cmd --permanent --add-port=5030/tcp
sudo firewall-cmd --add-port=5030/tcp
sudo firewall-cmd --permanent --add-port=5999/tcp
sudo firewall-cmd --add-port=5999/tcp
sudo semanage port -a -t http_port_t -p tcp 5025  #  sword-in  service
sudo semanage port -a -t http_port_t -p tcp 5027  #  sword-out service
sudo semanage port -a -t http_port_t -p tcp 5030  #  oaipmh    service
sudo semanage port -a -t http_port_t -p tcp 5999  #  store     service
exit

ssh green@li12.int.zib.de
cd
virtualenv -p python2.7 jper --no-site-packages
cd jper
mkdir src
cd src
git clone http://github.com/OA-DeepGreen/jper.git

sudo pip install --upgrade supervisor
curl -s https://raw.githubusercontent.com/Supervisor/initscripts/master/centos-systemd-etcs > ~/supervisord.service
sudo mv ~/supervisord.service /usr/lib/systemd/system/supervisord.service
sudo chmod g-w /usr/lib/systemd/system/supervisord.service
sudo chown root:root /usr/lib/systemd/system/supervisord.service
cd /etc/systemd/system/multi-user.target.wants
sudo ln -s /usr/lib/systemd/system/supervisord.service .
cd
sudo systemctl stop supervisord
sudo mkdir /var/log/supervisor
sudo mkdir /etc/supervisor/
sudo mkdir /etc/supervisor/conf.d
sudo cp /home/green/jper/src/jper/deployment/supervisord.conf /etc/supervisor/supervisord.conf
cd /etc
sudo ln -s supervisor/supervisord.conf .
cd
sudo systemctl start supervisord

sudo yum install gcc -y
sudo yum install libxml2-devel -y
sudo yum install libxslt-devel -y
sudo yum install zlib-devel -y
exit

#
#  store
#
ssh green@li12.int.zib.de
cd
virtualenv -p python2.7 store --no-site-packages
cd store
mkdir src
cd src
git clone http://github.com/OA-DeepGreen/store.git
cd store
source ../../bin/active
pip install --upgrade -e .
pip install --upgrade urllib3[secure]
pip install --upgrade gunicorn
cd /etc/supervisor/conf.d
sudo ln -s ~/store/src/store/deployment/store.conf .
sudo supervisorctl reread
sudo supervisorctl update
sudo supervisorctl status   # successfully completed!!! (-:
exit

#
#  jper-sword-in
#
ssh green@li12.int.zib.de
cd
virtualenv -p python2.7 jper-sword-in --no-site-packages
cd jper-sword-in
mkdir src
cd src
git clone https://github.com/OA-DeepGreen/jper-sword-in.git
cd jper-sword-in
vi .gitmodules   # edit: change 'git@github.com:' --> 'https://github.com/'
git submodule update --init --recursive
cp config/service.py local.cfg
vi local.cfg # edit: --> adjust http-url(s) for correct addresses
source ../../bin/activate
pip install --upgrade -r requirements.txt
pip install --upgrade urllib3[secure]
pip install --upgrade gunicorn

cd /etc/supervisor/conf.d
sudo ln -s ~/jper-sword-in/src/jper-sword-in/deployment/sword-in.conf .
sudo supervisorctl reread
sudo supervisorctl update
sudo supervisorctl status   # successfully completed!!! (-:
exit

#
#  jper-sword-out
#
ssh green@li12.int.zib.de
cd
virtualenv -p python2.7 jper-sword-out --no-site-packages
cd jper-sword-out
mkdir src
cd src
git clone https://github.com/OA-DeepGreen/jper-sword-out.git
cd jper-sword-out
vi .gitmodules   # edit: change 'git@github.com:' --> 'https://github.com/'
git submodule update --init --recursive
cp config/service.py local.cfg
vi local.cfg # edit: --> adjust *base* http-url(s) for correct addresses
#            # (see also below: jper-sword-out/local.cfg for the entire file!)
#            # The last entry might be too high (HTTP_TIMEOUT in seconds).
#            # If not defined in local.cfg, it defaults to 30. Adjust to your needs!
#; DEBUG = True
#; SSL = True
#; ELASTIC_SEARCH_HOST = "http://li13.int.zib.de:9200"
#; ELASTIC_SEARCH_VERSION = "2.4.6"
#; LONG_CYCLE_RETRY_DELAY = 357
#; JPER_BASE_URL = "https://test.oa-deepgreen.de/api/v1"
#; """The base JPER API for requests"""
#; RUN_THROTTLE = 128
#; STORE_RESPONSE_DATA = True
#; # HTTP_TIMEOUT = 300
#; # maybe this is not a good idea with the proxy environment setting of li1x.int.zib.de
source ../../bin/activate
pip install --upgrade -r requirements.txt
pip install --upgrade urllib3[secure]
pip install --upgrade gunicorn
cd /etc/supervisor/conf.d
sudo ln -s ~/jper-sword-out/src/jper-sword-out/deployment/sword-out.conf .
sudo supervisorctl reread
sudo supervisorctl update
sudo supervisorctl status   # !!!unsuccessfully completed, since gateway still missing!!!
exit

#
#  jper-oaipmh
#
ssh green@li12.int.zib.de
cd
virtualenv -p python2.7 jper-oaipmh --no-site-packages
cd jper-oaipmh
mkdir src
cd src
git clone https://github.com/OA-DeepGreen/jper-oaipmh.git
cd jper-oaipmh
vi .gitmodules   # edit: change 'git@github.com:' --> 'https://github.com/'
git submodule update --init --recursive
source ../../bin/activate
pip install --upgrade -r requirements.txt
pip install --upgrade urllib3[secure]
pip install --upgrade gunicorn
cd /etc/supervisor/conf.d
sudo ln -s ~/jper-oaipmh/src/jper-oaipmh/deployment/oaipmh.conf .
sudo supervisorctl reread
sudo supervisorctl update
sudo supervisorctl status   # successfully completed!!! (-:
exit

ssh green@li12.int.zib.de
cd /etc/nginx/conf.d
sudo mv default.conf default.conf.backup
sudo cp ~/store/src/store/deployment/storage_nginx storage_nginx.conf
#; if necessary, remove 'default_server' from /etc/nginx/nginx.conf instead. Really!
sudo systemctl restart nginx
exit



# tgateway: For li13.int.zib.de ONLY (as user 'green')
# ----------------------------------------------------

ssh green@li13int.zib.de
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --add-service=https
sudo firewall-cmd --permanent --add-port=9200/tcp
sudo firewall-cmd --add-port=9200/tcp
sudo firewall-cmd --permanent --add-port=5601/tcp
sudo firewall-cmd --add-port=5601/tcp
sudo semanage port -m -t http_port_t -p tcp 9200
sudo semanage port -m -t http_port_t -p udp 9200
sudo semanage port -a -t http_port_t -p tcp 5601
sudo semanage port -a -t http_port_t -p udp 5601
exit

ssh green@li13.int.zib.de
cd
virtualenv -p python2.7 jper --no-site-packages
cd jper
mkdir src
cd src
git clone http://github.com/OA-DeepGreen/jper.git

cd /etc/nginx/conf.d
sudo mv default.conf default.conf.backup
sudo cp ~/jper/src/jper/deployment/gateway_nginx gateway_nginx.conf
sudo vi gateway_nginx.conf  # edit: change all the ip-numbers to the *correct* settings!!
#; since this instance will be behind a reverse proxy, take 'li13.int.zib.de' as central
#; server name serving the http web pages of DG! The proxy will pay attention to ssl, so
#; just simply disable all ssl functionality within this nginx config.
#; for now; disable the lower part of the .conf as well, starting with kibana settings.
#; ==> And, please: DO USE the parameter 'default_server'!  Seriously!!! <==
#; if necessary, remove 'default_server' from /etc/nginx/nginx.conf instead. Really!
sudo systemctl stop nginx
sudo systemctl start nginx
exit



# tindex1: For li14.int.zib.de ONLY (as user 'green')
# ---------------------------------------------------

ssh green@li14.int.zib.de
sudo firewall-cmd --permanent --add-port=9200/tcp
sudo firewall-cmd --add-port=9200/tcp
sudo firewall-cmd --permanent --add-port=5601/tcp
sudo firewall-cmd --add-port=5601/tcp
exit

ssh green@li14.int.zib.de
## sudo rpm -Uvh http://nginx.org/packages/rhel/7/noarch/RPMS/nginx-release-rhel-7-0.el7.ngx.noarch.rpm
sudo vi /etc/yum.repos.d/nginx.repo  #  !!! edit: NEW file !!!
#; # nginx.repo
#; [nginx]
#; name=nginx repo
#; baseurl=http://nginx.org/packages/rhel/7/$basearch/
#; gpgcheck=0
#; enabled=1
sudo yum install nginx -y

#; for the next command, you MUST download the Oracle jdk-package first;
#; accepting their terms, (urgh!)
## sudo rpm -ivh jdk-8u101-linux-x64.rpm
sudo yum install java -y
## java -version  #  interesting information for the next command ...
#### No editing profile.d/java.sh !!! oracle jdk-package will not be needed anymore !!!  Yeah!!!
## sudo vi /etc/profile.d/java.sh  #  !!! edit: NEW file !!!
## #; JAVA_HOME=/usr/java/jdk1.8.0_101/
## #; PATH=$JAVA_HOME/bin:$PATH
## #; export PATH JAVA_HOME
## #; export CLASSPATH=.
## source /etc/profile.de/java.sh

sudo rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
sudo vi /etc/yum.repos.d/elasticsearch.repo  #  !!! edit: NEW file !!!
#; [elasticsearch-2.x]
#; name=Elasticsearch repository for 2.x packages
#; baseurl=https://packages.elastic.co/elasticsearch/2.x/centos
#; gpgcheck=1
#; gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
#; enabled=1
sudo yum install elasticsearch -y
sudo vi /etc/elasticsearch/elasticsearch.yml
#; cluster.name: jper
#; path.data: /data/IndexES
#; path.repo: ["/data/BackupES"]
#; bootstrap.memory_lock: true
#; network.host: [ 10.255.103.14, _local_ ]
#; http.port: 9200
#; discovery.zen.ping.unicast.hosts: ["li14"]
#; index.number_of_replicas: 0
#; index.max_result_window: 1000000
sudo vi /etc/security/limits.conf
#; elasticsearch  soft  memlock  unlimited
#; elasticsearch  hard  memlock  unlimited
sudo vi /etc/sysconfig/elasticsearch
#; ES_HEAP_SIZE=1g
#; MAX_LOCKED_MEMORY=unlimited
sudo vi /usr/lib/systemd/system/elasticsearch.service
#; LimitMEMLOCK=infinity
sudo mkdir /data/IndexES
sudo chmod go+rwx /data/IndexES
sudo mkdir /data/BackupES
sudo chmod go+rwx /data/BackupES

sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch
sudo systemctl status elasticsearch

cd /usr/share/elasticsearch/
sudo bin/plugin install mobz/elasticsearch-head
sudo bin/plugin install mapper-attachments

curl -XPUT localhost:9200/_settings -d '{ "index": { "number_of_replicas": 0 } }'
curl -XPUT localhost:9200/_settings -d '{ "index": { "max_result_window": 1000000 }}'

sudo systemctl restart elasticsearch # to enable the plugins (!!)
curl localhost:9200/_cat/health # should give a 'green' go!! (-:
exit