From 61cf119ff7f4f22fc37ac3c8848981091fe196f1 Mon Sep 17 00:00:00 2001
From: Divya Priya Muthuvel <dpriyamuthuvel4@gmail.com>
Date: Tue, 13 Jan 2026 19:16:57 +0530
Subject: [PATCH] Add Elasticsearch 9.2.3 image and workload configuration

---
 .../9.2.3/alma-linux-9.dockerfile             |  63 ++++++++++
 image/elasticsearch/9.2.3/context/.gitignore  |   4 +
 workload/elasticsearch/9.2.3/conf/jvm.options |  91 ++++++++++++++
 .../9.2.3/conf/security-limit.conf            |   4 +
 workload/elasticsearch/9.2.3/conf/server.yml  | 119 ++++++++++++++++++
 .../elasticsearch/9.2.3/conf/supervisor.ini   |   7 ++
 6 files changed, 288 insertions(+)
 create mode 100644 image/elasticsearch/9.2.3/alma-linux-9.dockerfile
 create mode 100644 image/elasticsearch/9.2.3/context/.gitignore
 create mode 100644 workload/elasticsearch/9.2.3/conf/jvm.options
 create mode 100644 workload/elasticsearch/9.2.3/conf/security-limit.conf
 create mode 100644 workload/elasticsearch/9.2.3/conf/server.yml
 create mode 100644 workload/elasticsearch/9.2.3/conf/supervisor.ini

diff --git a/image/elasticsearch/9.2.3/alma-linux-9.dockerfile b/image/elasticsearch/9.2.3/alma-linux-9.dockerfile
new file mode 100644
index 0000000..3f6d77b
--- /dev/null
+++ b/image/elasticsearch/9.2.3/alma-linux-9.dockerfile
@@ -0,0 +1,63 @@
+# Docker image to use.
+FROM sloopstash/alma-linux-9:v1.1.1 AS install_system_packages
+
+# Install system packages.
+RUN set -x \
+  && dnf install -y perl-Digest-SHA \
+  && dnf clean all \
+  && rm -rf /var/cache/dnf
+
+# Intermediate Docker image to use.
+FROM --platform=linux/amd64 install_system_packages AS install_elasticsearch_amd64
+
+# Install Elasticsearch.
+WORKDIR /tmp
+RUN set -x \
+  && wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-9.2.3-linux-x86_64.tar.gz --quiet \
+  && wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-9.2.3-linux-x86_64.tar.gz.sha512 --quiet \
+  && shasum -a 512 -c elasticsearch-9.2.3-linux-x86_64.tar.gz.sha512 \
+  && tar -xzf elasticsearch-9.2.3-linux-x86_64.tar.gz > /dev/null \
+  && mkdir /usr/local/lib/elasticsearch \
+  && cp -r elasticsearch-9.2.3/* /usr/local/lib/elasticsearch/ \
+  && rm -rf elasticsearch-9.2.3*
+
+# Intermediate Docker image to use.
+FROM --platform=linux/arm64 install_system_packages AS install_elasticsearch_arm64
+
+# Install Elasticsearch.
+WORKDIR /tmp
+RUN set -x \
+  && wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-9.2.3-linux-aarch64.tar.gz --quiet \
+  && wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-9.2.3-linux-aarch64.tar.gz.sha512 --quiet \
+  && shasum -a 512 -c elasticsearch-9.2.3-linux-aarch64.tar.gz.sha512 \
+  && tar xvzf elasticsearch-9.2.3-linux-aarch64.tar.gz > /dev/null \
+  && mkdir /usr/local/lib/elasticsearch \
+  && cp -r elasticsearch-9.2.3/* /usr/local/lib/elasticsearch/ \
+  && rm -rf elasticsearch-9.2.3*
+
+# Intermediate Docker image to use.
+FROM install_elasticsearch_${TARGETARCH}
+
+# Create system user for Elasticsearch.
+RUN useradd -m elasticsearch
+
+# Create Elasticsearch directories.
+RUN set -x \
+  && mkdir /opt/elasticsearch \
+  && mkdir /opt/elasticsearch/data \
+  && mkdir /opt/elasticsearch/log \
+  && mkdir /opt/elasticsearch/conf \
+  && mkdir /opt/elasticsearch/script \
+  && mkdir /opt/elasticsearch/system \
+  && touch /opt/elasticsearch/system/server.pid \
+  && touch /opt/elasticsearch/system/supervisor.ini \
+  && ln -sf /opt/elasticsearch/conf/server.yml /usr/local/lib/elasticsearch/config/elasticsearch.yml \
+  && ln -sf /opt/elasticsearch/conf/jvm.options /usr/local/lib/elasticsearch/config/jvm.options \
+  && ln -s /opt/elasticsearch/system/security-limit.conf /etc/security/limits.d/elasticsearch.conf \
+  && ln -s /opt/elasticsearch/system/supervisor.ini /etc/supervisord.d/elasticsearch.ini \
+  && chown -R elasticsearch:elasticsearch /usr/local/lib/elasticsearch \
+  && chown -R elasticsearch:elasticsearch /opt/elasticsearch \
+  && history -c
+
+# Set default work directory.
+WORKDIR /opt/elasticsearch
\ No newline at end of file
diff --git a/image/elasticsearch/9.2.3/context/.gitignore b/image/elasticsearch/9.2.3/context/.gitignore
new file mode 100644
index 0000000..409b213
--- /dev/null
+++ b/image/elasticsearch/9.2.3/context/.gitignore
@@ -0,0 +1,4 @@
+# Ignore everything in this directory.
+*
+# Except this file.
+!.gitignore
diff --git a/workload/elasticsearch/9.2.3/conf/jvm.options b/workload/elasticsearch/9.2.3/conf/jvm.options
new file mode 100644
index 0000000..1ec0ab8
--- /dev/null
+++ b/workload/elasticsearch/9.2.3/conf/jvm.options
@@ -0,0 +1,91 @@
+################################################################
+##
+## JVM configuration
+##
+################################################################
+##
+## WARNING: DO NOT EDIT THIS FILE. If you want to override the
+## JVM options in this file, or set any additional options, you
+## should create one or more files in the jvm.options.d
+## directory containing your adjustments.
+##
+## See https://www.elastic.co/guide/en/elasticsearch/reference/@project.minor.version@/advanced-configuration.html#set-jvm-options
+## for more information.
+##
+################################################################
+
+
+
+################################################################
+## IMPORTANT: JVM heap size
+################################################################
+##
+## The heap size is automatically configured by Elasticsearch
+## based on the available memory in your system and the roles
+## each node is configured to fulfill. If specifying heap is
+## required, it should be done through a file in jvm.options.d,
+## which should be named with .options suffix, and the min and
+## max should be set to the same value. For example, to set the
+## heap to 4 GB, create a new file in the jvm.options.d
+## directory containing these lines:
+##
+-Xms512m
+-Xmx512m
+##
+## See https://www.elastic.co/guide/en/elasticsearch/reference/@project.minor.version@/heap-size.html
+## for more information
+##
+################################################################
+
+
+################################################################
+## Expert settings
+################################################################
+##
+## All settings below here are considered expert settings. Do
+## not adjust them unless you understand what you are doing. Do
+## not edit them in this file; instead, create a new file in the
+## jvm.options.d directory containing your adjustments.
+##
+################################################################
+
+-XX:+UseG1GC
+
+## JVM temporary directory
+-Djava.io.tmpdir=${ES_TMPDIR}
+
+# Leverages accelerated vector hardware instructions; removing this may
+# result in less optimal vector performance
+20-:--add-modules=jdk.incubator.vector
+
+# Required to workaround performance issue in JDK 23, https://github.com/elastic/elasticsearch/issues/113030
+23:-XX:CompileCommand=dontinline,java/lang/invoke/MethodHandle.setAsTypeCache
+23:-XX:CompileCommand=dontinline,java/lang/invoke/MethodHandle.asTypeUncached
+
+# Lucene 10: apply MADV_NORMAL advice to enable more aggressive readahead
+-Dorg.apache.lucene.store.defaultReadAdvice=normal
+
+# Lucene provides a mechanism for shared mmapped arenas to be referenced between multiple threads
+# this is to get around potential performance issues when closing shared arenas on many threads
+# default to 1 to disable this feature
+-Dorg.apache.lucene.store.MMapDirectory.sharedArenaMaxPermits=1
+
+## heap dumps
+
+# generate a heap dump when an allocation from the Java heap fails; heap dumps
+# are created in the working directory of the JVM unless an alternative path is
+# specified
+-XX:+HeapDumpOnOutOfMemoryError
+
+# exit right after heap dump on out of memory error
+-XX:+ExitOnOutOfMemoryError
+
+# specify an alternative path for heap dumps; ensure the directory exists and
+# has sufficient space
+-XX:HeapDumpPath=/heap/dump/path
+
+# specify an alternative path for JVM fatal error logs
+-XX:ErrorFile=hs_err_pid%p.log
+
+## GC logging
+-Xlog:gc*,gc+age=trace,safepoint:file=gc.log:utctime,level,pid,tags:filecount=32,filesize=64m
\ No newline at end of file
diff --git a/workload/elasticsearch/9.2.3/conf/security-limit.conf b/workload/elasticsearch/9.2.3/conf/security-limit.conf
new file mode 100644
index 0000000..42d7cf7
--- /dev/null
+++ b/workload/elasticsearch/9.2.3/conf/security-limit.conf
@@ -0,0 +1,4 @@
+elasticsearch soft nofile  65536
+elasticsearch hard nofile  65536
+elasticsearch soft memlock unlimited
+elasticsearch hard memlock unlimited
diff --git a/workload/elasticsearch/9.2.3/conf/server.yml b/workload/elasticsearch/9.2.3/conf/server.yml
new file mode 100644
index 0000000..9614395
--- /dev/null
+++ b/workload/elasticsearch/9.2.3/conf/server.yml
@@ -0,0 +1,119 @@
+# ======================== Elasticsearch Configuration =========================
+#
+# NOTE: Elasticsearch comes with reasonable defaults for most settings.
+#       Before you set out to tweak and tune the configuration, make sure you
+#       understand what are you trying to accomplish and the consequences.
+#
+# The primary way of configuring a node is via this file. This template lists
+# the most important settings you may want to configure for a production cluster.
+#
+# Please consult the documentation for further information on configuration options:
+# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
+#
+# ---------------------------------- Cluster -----------------------------------
+#
+# Use a descriptive name for your cluster:
+#
+cluster.name: elasticsearch
+#
+# ------------------------------------ Node ------------------------------------
+#
+# Use a descriptive name for the node:
+#
+node.name: elasticsearch
+#
+# Add custom attributes to the node:
+#
+#node.attr.rack: r1
+#
+# ----------------------------------- Paths ------------------------------------
+#
+# Path to directory where to store the data (separate multiple locations by comma):
+#
+path.data: /opt/elasticsearch/data
+#
+# Path to log files:
+#
+path.logs: /opt/elasticsearch/log
+#
+# ----------------------------------- Memory -----------------------------------
+#
+# Lock the memory on startup:
+#
+bootstrap.memory_lock: false
+#
+# Make sure that the heap size is set to about half the memory available
+# on the system and that the owner of the process is allowed to use this
+# limit.
+#
+# Elasticsearch performs poorly when the system is swapping the memory.
+#
+# ---------------------------------- Network -----------------------------------
+#
+# By default Elasticsearch is only accessible on localhost. Set a different
+# address here to expose this node on the network:
+#
+network.host: 0.0.0.0
+#
+# By default Elasticsearch listens for HTTP traffic on the first free port it
+# finds starting at 9200. Set a specific HTTP port here:
+#
+http.port: 9200
+#
+# For more information, consult the network module documentation.
+#
+# --------------------------------- Discovery ----------------------------------
+#
+# Pass an initial list of hosts to perform discovery when this node is started:
+# The default list of hosts is ["127.0.0.1", "[::1]"]
+#
+discovery.seed_hosts: []
+#
+# Bootstrap the cluster using an initial set of master-eligible nodes:
+#
+cluster.initial_master_nodes: ["elasticsearch"]
+#
+# For more information, consult the discovery and cluster formation module documentation.
+#
+# ---------------------------------- Various -----------------------------------
+#
+# Allow wildcard deletion of indices:
+#
+action.destructive_requires_name: false
+
+#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
+#
+# The following settings, TLS certificates, and keys have been automatically
+# generated to configure Elasticsearch security features on 01-09-2025 06:15:04
+#
+# --------------------------------------------------------------------------------
+
+# Enable security features
+xpack.security.enabled: false
+
+xpack.security.enrollment.enabled: false
+
+# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
+#xpack.security.http.ssl:
+  #enabled: false
+  #keystore.path: certs/http.p12
+
+# Enable encryption and mutual authentication between cluster nodes
+#xpack.security.transport.ssl:
+  #enabled: false
+  #verification_mode: certificate
+  #keystore.path: certs/transport.p12
+  #truststore.path: certs/transport.p12
+# Create a new cluster with the current node only
+# Additional nodes can still join the cluster later
+#cluster.initial_master_nodes: ["21ec2b263c3b"]
+
+# Allow HTTP API connections from anywhere
+# Connections are encrypted and require user authentication
+http.host: 0.0.0.0
+
+# Allow other nodes to join the cluster from anywhere
+# Connections are encrypted and mutually authenticated
+transport.host: 0.0.0.0
+
+#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
diff --git a/workload/elasticsearch/9.2.3/conf/supervisor.ini b/workload/elasticsearch/9.2.3/conf/supervisor.ini
new file mode 100644
index 0000000..455320c
--- /dev/null
+++ b/workload/elasticsearch/9.2.3/conf/supervisor.ini
@@ -0,0 +1,7 @@
+[program:elasticsearch]
+command=/usr/local/lib/elasticsearch/bin/elasticsearch -p /opt/elasticsearch/system/server.pid
+user=elasticsearch
+directory=/usr/local/lib/elasticsearch
+process_name=%(program_name)s
+pidfile=/opt/elasticsearch/system/server.pid
+autorestart=false