diff --git a/manifests/config.pp b/manifests/config.pp index fdd699c..0f8cf5d 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,225 +1,219 @@ # This class exists to coordinate all configuration related actions, # functionality and logical units in a central place. # # It is not intended to be used directly by external resources like node # definitions or other modules. # # @example importing this class into other classes to use its functionality: # class { 'elasticsearch::config': } # # @author Richard Pijnenburg # @author Tyler Langlois # @author Gavin Williams # class elasticsearch::config { - #### Configuration Exec { - path => [ '/bin', '/usr/bin', '/usr/local/bin' ], + path => ['/bin', '/usr/bin', '/usr/local/bin'], cwd => '/', } - $init_defaults = merge( - { - 'MAX_OPEN_FILES' => '65535', - }, - $elasticsearch::init_defaults - ) - - if ( $elasticsearch::ensure == 'present' ) { + $init_defaults = { + 'MAX_OPEN_FILES' => '65535', + }.merge($elasticsearch::init_defaults) + if ($elasticsearch::ensure == 'present') { file { $elasticsearch::homedir: ensure => 'directory', group => $elasticsearch::elasticsearch_group, owner => $elasticsearch::elasticsearch_user; $elasticsearch::configdir: ensure => 'directory', group => $elasticsearch::elasticsearch_group, owner => $elasticsearch::elasticsearch_user, mode => '2750'; $elasticsearch::datadir: ensure => 'directory', group => $elasticsearch::elasticsearch_group, owner => $elasticsearch::elasticsearch_user, mode => '2750'; $elasticsearch::logdir: ensure => 'directory', group => $elasticsearch::elasticsearch_group, owner => $elasticsearch::elasticsearch_user, mode => '2750'; $elasticsearch::real_plugindir: ensure => 'directory', group => $elasticsearch::elasticsearch_group, owner => $elasticsearch::elasticsearch_user, mode => 'o+Xr'; "${elasticsearch::homedir}/lib": ensure => 'directory', group => '0', owner => 'root', recurse => true; } # Defaults file, either from file source or from hash to augeas commands if ($elasticsearch::init_defaults_file != undef) { file { "${elasticsearch::defaults_location}/elasticsearch": ensure => $elasticsearch::ensure, source => $elasticsearch::init_defaults_file, owner => 'root', group => $elasticsearch::elasticsearch_group, mode => '0660', before => Service['elasticsearch'], notify => $elasticsearch::_notify_service, } } else { augeas { "${elasticsearch::defaults_location}/elasticsearch": incl => "${elasticsearch::defaults_location}/elasticsearch", lens => 'Shellvars.lns', changes => template("${module_name}/etc/sysconfig/defaults.erb"), before => Service['elasticsearch'], notify => $elasticsearch::_notify_service, } } # Generate config file $_config = deep_implode($elasticsearch::config) # Generate SSL config if $elasticsearch::ssl { if ($elasticsearch::keystore_password == undef) { fail('keystore_password required') } if ($elasticsearch::keystore_path == undef) { $_keystore_path = "${elasticsearch::configdir}/elasticsearch.ks" } else { $_keystore_path = $elasticsearch::keystore_path } # Set the correct xpack. settings based on ES version if (versioncmp($elasticsearch::version, '7') >= 0) { $_tls_config = { 'xpack.security.http.ssl.enabled' => true, 'xpack.security.http.ssl.keystore.path' => $_keystore_path, 'xpack.security.http.ssl.keystore.password' => $elasticsearch::keystore_password, 'xpack.security.transport.ssl.enabled' => true, 'xpack.security.transport.ssl.keystore.path' => $_keystore_path, 'xpack.security.transport.ssl.keystore.password' => $elasticsearch::keystore_password, } } else { $_tls_config = { 'xpack.security.transport.ssl.enabled' => true, 'xpack.security.http.ssl.enabled' => true, 'xpack.ssl.keystore.path' => $_keystore_path, 'xpack.ssl.keystore.password' => $elasticsearch::keystore_password, } } # Trust CA Certificate java_ks { 'elasticsearch_ca': ensure => 'latest', certificate => $elasticsearch::ca_certificate, target => $_keystore_path, password => $elasticsearch::keystore_password, trustcacerts => true, } # Load node certificate and private key java_ks { 'elasticsearch_node': ensure => 'latest', certificate => $elasticsearch::certificate, private_key => $elasticsearch::private_key, target => $_keystore_path, password => $elasticsearch::keystore_password, } } else { $_tls_config = {} } # # Logging file or hash # if ($elasticsearch::logging_file != undef) { # $_log4j_content = undef # } else { # if ($elasticsearch::logging_template != undef ) { # $_log4j_content = template($elasticsearch::logging_template) # } else { # $_log4j_content = template("${module_name}/etc/elasticsearch/log4j2.properties.erb") # } # $_logging_source = undef # } # file { # "${elasticsearch::configdir}/log4j2.properties": # ensure => file, # content => $_log4j_content, # source => $_logging_source, # mode => '0644', # notify => $elasticsearch::_notify_service, # require => Class['elasticsearch::package'], # before => Class['elasticsearch::service'], # } # Generate Elasticsearch config $_es_config = merge( $elasticsearch::config, { 'path.data' => $elasticsearch::datadir }, { 'path.logs' => $elasticsearch::logdir }, $_tls_config ) datacat_fragment { 'main_config': target => "${elasticsearch::configdir}/elasticsearch.yml", data => $_es_config, } datacat { "${elasticsearch::configdir}/elasticsearch.yml": template => "${module_name}/etc/elasticsearch/elasticsearch.yml.erb", notify => $elasticsearch::_notify_service, require => Class['elasticsearch::package'], owner => $elasticsearch::elasticsearch_user, group => $elasticsearch::elasticsearch_group, mode => '0440', } # Add any additional JVM options $elasticsearch::jvm_options.each |String $jvm_option| { file_line { "jvm_option_${jvm_option}": ensure => present, path => "${elasticsearch::configdir}/jvm.options", line => $jvm_option, notify => $elasticsearch::_notify_service, } } if $elasticsearch::system_key != undef { file { "${elasticsearch::configdir}/system_key": ensure => 'file', source => $elasticsearch::system_key, mode => '0400', } } # Add secrets to keystore if $elasticsearch::secrets != undef { elasticsearch_keystore { 'elasticsearch_secrets': configdir => $elasticsearch::configdir, purge => $elasticsearch::purge_secrets, settings => $elasticsearch::secrets, - notify => $::elasticsearch::_notify_service, + notify => $elasticsearch::_notify_service, } } - } elsif ( $elasticsearch::ensure == 'absent' ) { file { $elasticsearch::real_plugindir: ensure => 'absent', force => true, backup => false, } file { "${elasticsearch::defaults_location}/elasticsearch": ensure => 'absent', subscribe => Service['elasticsearch'], } } } diff --git a/manifests/index.pp b/manifests/index.pp index 1f58ad5..1d8b07e 100644 --- a/manifests/index.pp +++ b/manifests/index.pp @@ -1,77 +1,76 @@ # A defined type to control Elasticsearch index-level settings. # # @param ensure # Controls whether the named pipeline should be present or absent in # the cluster. # # @param api_basic_auth_password # HTTP basic auth password to use when communicating over the Elasticsearch # API. # # @param api_basic_auth_username # HTTP basic auth username to use when communicating over the Elasticsearch # API. # # @param api_ca_file # Path to a CA file which will be used to validate server certs when # communicating with the Elasticsearch API over HTTPS. # # @param api_ca_path # Path to a directory with CA files which will be used to validate server # certs when communicating with the Elasticsearch API over HTTPS. # # @param api_host # Host name or IP address of the ES instance to connect to. # # @param api_port # Port number of the ES instance to connect to # # @param api_protocol # Protocol that should be used to connect to the Elasticsearch API. # # @param api_timeout # Timeout period (in seconds) for the Elasticsearch API. # # @param settings # Index settings in hash form (typically nested). # # @param validate_tls # Determines whether the validity of SSL/TLS certificates received from the # Elasticsearch API should be verified or ignored. # # @author Richard Pijnenburg # @author Tyler Langlois # define elasticsearch::index ( Enum['absent', 'present'] $ensure = 'present', Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, String $api_host = $elasticsearch::api_host, Integer[0, 65535] $api_port = $elasticsearch::api_port, Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, Integer $api_timeout = $elasticsearch::api_timeout, Hash $settings = {}, Boolean $validate_tls = $elasticsearch::validate_tls, ) { - es_instance_conn_validator { "${name}-index-conn-validator": server => $api_host, port => $api_port, timeout => $api_timeout, } -> elasticsearch_index { $name: ensure => $ensure, settings => $settings, protocol => $api_protocol, host => $api_host, port => $api_port, timeout => $api_timeout, username => $api_basic_auth_username, password => $api_basic_auth_password, ca_file => $api_ca_file, ca_path => $api_ca_path, validate_tls => $validate_tls, } } diff --git a/manifests/init.pp b/manifests/init.pp index 035cf1b..55fc4e0 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,606 +1,600 @@ # Top-level Elasticsearch class which may manage installation of the # Elasticsearch package, package repository, and other # global options and parameters. # # @summary Manages the installation of Elasticsearch and related options. # # @example install Elasticsearch # class { 'elasticsearch': } # # @example removal and decommissioning # class { 'elasticsearch': # ensure => 'absent', # } # # @example install everything but disable service(s) afterwards # class { 'elasticsearch': # status => 'disabled', # } # # @param ensure # Controls if the managed resources shall be `present` or `absent`. # If set to `absent`, the managed software packages will be uninstalled, and # any traces of the packages will be purged as well as possible, possibly # including existing configuration files. # System modifications (if any) will be reverted as well as possible (e.g. # removal of created users, services, changed log settings, and so on). # This is a destructive parameter and should be used with care. # # @param api_basic_auth_password # Defines the default REST basic auth password for API authentication. # # @param api_basic_auth_username # Defines the default REST basic auth username for API authentication. # # @param api_ca_file # Path to a CA file which will be used to validate server certs when # communicating with the Elasticsearch API over HTTPS. # # @param api_ca_path # Path to a directory with CA files which will be used to validate server # certs when communicating with the Elasticsearch API over HTTPS. # # @param api_host # Default host to use when accessing Elasticsearch APIs. # # @param api_port # Default port to use when accessing Elasticsearch APIs. # # @param api_protocol # Default protocol to use when accessing Elasticsearch APIs. # # @param api_timeout # Default timeout (in seconds) to use when accessing Elasticsearch APIs. # # @param autoupgrade # If set to `true`, any managed package will be upgraded on each Puppet run # when the package provider is able to find a newer version than the present # one. The exact behavior is provider dependent (see # {package, "upgradeable"}[http://j.mp/xbxmNP] in the Puppet documentation). # # @param ca_certificate # Path to the trusted CA certificate to add to this node's Java keystore. # # @param certificate # Path to the certificate for this node signed by the CA listed in # ca_certificate. # # @param config # Elasticsearch configuration hash. # # @param configdir # Directory containing the elasticsearch configuration. # Use this setting if your packages deviate from the norm (`/etc/elasticsearch`) # # @param configdir_recurselimit # Dictates how deeply the file copy recursion logic should descend when # copying files from the `configdir` to instance `configdir`s. # # @param daily_rolling_date_pattern # File pattern for the file appender log when file_rolling_type is 'dailyRollingFile'. # # @param datadir # Allows you to set the data directory of Elasticsearch. # # @param default_logging_level # Default logging level for Elasticsearch. # # @param defaults_location # Absolute path to directory containing init defaults file. # # @param deprecation_logging # Whether to enable deprecation logging. If enabled, deprecation logs will be # saved to ${cluster.name}_deprecation.log in the Elasticsearch log folder. # # @param deprecation_logging_level # Default deprecation logging level for Elasticsearch. # # @param download_tool # Command-line invocation with which to retrieve an optional package_url. # # @param download_tool_insecure # Command-line invocation with which to retrieve an optional package_url when # certificate verification should be ignored. # # @param download_tool_verify_certificates # Whether or not to verify SSL/TLS certificates when retrieving package files # using a download tool instead of a package management provider. # # @param elasticsearch_group # The group Elasticsearch should run as. This also sets file group # permissions. # # @param elasticsearch_user # The user Elasticsearch should run as. This also sets file ownership. # # @param file_rolling_type # Configuration for the file appender rotation. It can be 'dailyRollingFile', # 'rollingFile' or 'file'. The first rotates by name, the second one by size # or third don't rotate automatically. # # @param homedir # Directory where the elasticsearch installation's files are kept (plugins, etc.) # # @param indices # Define indices via a hash. This is mainly used with Hiera's auto binding. # # @param init_defaults # Defaults file content in hash representation. # # @param init_defaults_file # Defaults file as puppet resource. # # @param init_template # Service file as a template. # # @param jvm_options # Array of options to set in jvm_options. # # @param keystore_password # Password to encrypt this node's Java keystore. # # @param keystore_path # Custom path to the Java keystore file. This parameter is optional. # # @param license # Optional Elasticsearch license in hash or string form. # # @param logdir # Directory that will be used for Elasticsearch logging. # # @param logging_config # Representation of information to be included in the log4j.properties file. # # @param logging_file # Instead of a hash, you may supply a `puppet://` file source for the # log4j.properties file. # # @param logging_level # Default logging level for Elasticsearch. # # @param logging_template # Use a custom logging template - just supply the relative path, i.e. # `$module/elasticsearch/logging.yml.erb` # # @param manage_repo # Enable repo management by enabling official Elastic repositories. # # @param oss # Whether to use the purely open source Elasticsearch package distribution. # # @param package_dir # Directory where packages are downloaded to. # # @param package_dl_timeout # For http, https, and ftp downloads, you may set how long the exec resource # may take. # # @param package_name # Name Of the package to install. # # @param package_provider # Method to install the packages, currently only `package` is supported. # # @param package_url # URL of the package to download. # This can be an http, https, or ftp resource for remote packages, or a # `puppet://` resource or `file:/` for local packages # # @param pid_dir # Directory where the elasticsearch process should write out its PID. # # @param pipelines # Define pipelines via a hash. This is mainly used with Hiera's auto binding. # # @param plugindir # Directory containing elasticsearch plugins. # Use this setting if your packages deviate from the norm (/usr/share/elasticsearch/plugins) # # @param plugins # Define plugins via a hash. This is mainly used with Hiera's auto binding. # # @param private_key # Path to the key associated with this node's certificate. # # @param proxy_url # For http and https downloads, you may set a proxy server to use. By default, # no proxy is used. # Format: `proto://[user:pass@]server[:port]/` # # @param purge_configdir # Purge the config directory of any unmanaged files. # # @param purge_package_dir # Purge package directory on removal # # @param purge_secrets # Whether or not keys present in the keystore will be removed if they are not # present in the specified secrets hash. # # @param repo_stage # Use stdlib stage setup for managing the repo instead of relationship # ordering. # # @param restart_on_change # Determines if the application should be automatically restarted # whenever the configuration, package, or plugins change. Enabling this # setting will cause Elasticsearch to restart whenever there is cause to # re-read configuration files, load new plugins, or start the service using an # updated/changed executable. This may be undesireable in highly available # environments. If all other restart_* parameters are left unset, the value of # `restart_on_change` is used for all other restart_*_change defaults. # # @param restart_config_change # Determines if the application should be automatically restarted # whenever the configuration changes. This includes the Elasticsearch # configuration file, any service files, and defaults files. # Disabling automatic restarts on config changes may be desired in an # environment where you need to ensure restarts occur in a controlled/rolling # manner rather than during a Puppet run. # # @param restart_package_change # Determines if the application should be automatically restarted # whenever the package (or package version) for Elasticsearch changes. # Disabling automatic restarts on package changes may be desired in an # environment where you need to ensure restarts occur in a controlled/rolling # manner rather than during a Puppet run. # # @param restart_plugin_change # Determines if the application should be automatically restarted whenever # plugins are installed or removed. # Disabling automatic restarts on plugin changes may be desired in an # environment where you need to ensure restarts occur in a controlled/rolling # manner rather than during a Puppet run. # # @param roles # Define roles via a hash. This is mainly used with Hiera's auto binding. # # @param rolling_file_max_backup_index # Max number of logs to store whern file_rolling_type is 'rollingFile' # # @param rolling_file_max_file_size # Max log file size when file_rolling_type is 'rollingFile' # # @param scripts # Define scripts via a hash. This is mainly used with Hiera's auto binding. # # @param secrets # Optional default configuration hash of key/value pairs to store in the # Elasticsearch keystore file. If unset, the keystore is left unmanaged. # # @param security_logging_content # File content for x-pack logging configuration file (will be placed # into log4j2.properties file). # # @param security_logging_source # File source for x-pack logging configuration file (will be placed # into log4j2.properties). # # @param service_name # Elasticsearch service name # # @param service_provider # The service resource type provider to use when managing elasticsearch instances. # # @param snapshot_repositories # Define snapshot repositories via a hash. This is mainly used with Hiera's auto binding. # # @param ssl # Whether to manage TLS certificates. Requires the ca_certificate, # certificate, private_key and keystore_password parameters to be set. # # @param status # To define the status of the service. If set to `enabled`, the service will # be run and will be started at boot time. If set to `disabled`, the service # is stopped and will not be started at boot time. If set to `running`, the # service will be run but will not be started at boot time. You may use this # to start a service on the first Puppet run instead of the system startup. # If set to `unmanaged`, the service will not be started at boot time and Puppet # does not care whether the service is running or not. For example, this may # be useful if a cluster management software is used to decide when to start # the service plus assuring it is running on the desired node. # # @param system_key # Source for the x-pack system key. Valid values are any that are # supported for the file resource `source` parameter. # # @param systemd_service_path # Path to the directory in which to install systemd service units. # # @param templates # Define templates via a hash. This is mainly used with Hiera's auto binding. # # @param users # Define templates via a hash. This is mainly used with Hiera's auto binding. # # @param validate_tls # Enable TLS/SSL validation on API calls. # # @param version # To set the specific version you want to install. # # @author Richard Pijnenburg # @author Tyler Langlois # @author Gavin Williams # class elasticsearch ( Enum['absent', 'present'] $ensure, Optional[String] $api_basic_auth_password, Optional[String] $api_basic_auth_username, Optional[String] $api_ca_file, Optional[String] $api_ca_path, String $api_host, Integer[0, 65535] $api_port, Enum['http', 'https'] $api_protocol, Integer $api_timeout, Boolean $autoupgrade, Hash $config, Stdlib::Absolutepath $configdir, Integer $configdir_recurselimit, String $daily_rolling_date_pattern, Elasticsearch::Multipath $datadir, Optional[Stdlib::Absolutepath] $defaults_location, Boolean $deprecation_logging, String $deprecation_logging_level, Optional[String] $download_tool, Optional[String] $download_tool_insecure, Boolean $download_tool_verify_certificates, String $elasticsearch_group, String $elasticsearch_user, Enum['dailyRollingFile', 'rollingFile', 'file'] $file_rolling_type, Stdlib::Absolutepath $homedir, Hash $indices, Hash $init_defaults, Optional[String] $init_defaults_file, String $init_template, Array[String] $jvm_options, Optional[Variant[String, Hash]] $license, Stdlib::Absolutepath $logdir, Hash $logging_config, Optional[String] $logging_file, String $logging_level, Optional[String] $logging_template, Boolean $manage_repo, Boolean $oss, Stdlib::Absolutepath $package_dir, Integer $package_dl_timeout, String $package_name, Enum['package'] $package_provider, Optional[String] $package_url, Optional[Stdlib::Absolutepath] $pid_dir, Hash $pipelines, Optional[Stdlib::Absolutepath] $plugindir, Hash $plugins, Optional[Stdlib::HTTPUrl] $proxy_url, Boolean $purge_configdir, Boolean $purge_package_dir, Boolean $purge_secrets, Variant[Boolean, String] $repo_stage, Boolean $restart_on_change, Hash $roles, Integer $rolling_file_max_backup_index, String $rolling_file_max_file_size, Hash $scripts, Optional[Hash] $secrets, Optional[String] $security_logging_content, Optional[String] $security_logging_source, String $service_name, Enum['init', 'openbsd', 'openrc', 'systemd'] $service_provider, Hash $snapshot_repositories, Boolean $ssl, Elasticsearch::Status $status, Optional[String] $system_key, Stdlib::Absolutepath $systemd_service_path, Hash $templates, Hash $users, Boolean $validate_tls, Variant[String, Boolean] $version, Optional[Stdlib::Absolutepath] $ca_certificate = undef, Optional[Stdlib::Absolutepath] $certificate = undef, String $default_logging_level = $logging_level, Optional[String] $keystore_password = undef, Optional[Stdlib::Absolutepath] $keystore_path = undef, Optional[Stdlib::Absolutepath] $private_key = undef, Boolean $restart_config_change = $restart_on_change, Boolean $restart_package_change = $restart_on_change, Boolean $restart_plugin_change = $restart_on_change, ) { - #### Validate parameters if ($package_url != undef and $version != false) { fail('Unable to set the version number when using package_url option.') } if ($version != false) { case $facts['os']['family'] { 'RedHat', 'Linux', 'Suse': { if ($version =~ /.+-\d/) { $pkg_version = $version } else { $pkg_version = "${version}-1" } } default: { $pkg_version = $version } } } # This value serves as an unchanging default for platforms as a default for # init scripts to fallback on. $_datadir_default = $facts['kernel'] ? { 'Linux' => '/var/lib/elasticsearch', 'OpenBSD' => '/var/elasticsearch/data', default => undef, } # The OSS package distribution's package appends `-oss` to the end of the # canonical package name. $_package_name = $oss ? { true => "${package_name}-oss", default => $package_name, } # Set the plugin path variable for use later in the module. if $plugindir == undef { $real_plugindir = "${homedir}/plugins" } else { $real_plugindir = $plugindir } # Should we restart Elasticsearch on config change? $_notify_service = $elasticsearch::restart_config_change ? { true => Service[$elasticsearch::service_name], false => undef, } #### Manage actions contain elasticsearch::package contain elasticsearch::config contain elasticsearch::service create_resources('elasticsearch::index', $elasticsearch::indices) create_resources('elasticsearch::pipeline', $elasticsearch::pipelines) create_resources('elasticsearch::plugin', $elasticsearch::plugins) create_resources('elasticsearch::role', $elasticsearch::roles) create_resources('elasticsearch::script', $elasticsearch::scripts) create_resources('elasticsearch::snapshot_repository', $elasticsearch::snapshot_repositories) create_resources('elasticsearch::template', $elasticsearch::templates) create_resources('elasticsearch::user', $elasticsearch::users) if ($manage_repo == true) { if ($repo_stage == false) { # Use normal relationship ordering contain elastic_stack::repo Class['elastic_stack::repo'] -> Class['elasticsearch::package'] - } else { # Use staging for ordering if !(defined(Stage[$repo_stage])) { stage { $repo_stage: before => Stage['main'] } } include elastic_stack::repo - Class<|title == 'elastic_stack::repo'|>{ + Class<|title == 'elastic_stack::repo'|> { stage => $repo_stage, } } } if ($license != undef) { contain elasticsearch::license } #### Manage relationships # # Note that many of these overly verbose declarations work around # https://tickets.puppetlabs.com/browse/PUP-1410 # which means clean arrow order chaining won't work if someone, say, # doesn't declare any plugins. # # forgive me for what you're about to see if defined(Class['java']) { Class['java'] -> Class['elasticsearch::config'] } if $ensure == 'present' { - # Installation, configuration and service Class['elasticsearch::package'] -> Class['elasticsearch::config'] if $restart_config_change { Class['elasticsearch::config'] ~> Class['elasticsearch::service'] } else { Class['elasticsearch::config'] -> Class['elasticsearch::service'] } # Top-level ordering bindings for resources. Class['elasticsearch::config'] -> Elasticsearch::Plugin <| ensure == 'present' or ensure == 'installed' |> Elasticsearch::Plugin <| ensure == 'absent' |> -> Class['elasticsearch::config'] Class['elasticsearch::config'] -> Elasticsearch::User <| ensure == 'present' |> # Elasticsearch::User <| ensure == 'absent' |> # -> Class['elasticsearch::config'] # Class['elasticsearch::config'] # -> Elasticsearch::Role <| |> Class['elasticsearch::config'] -> Elasticsearch::Template <| |> Class['elasticsearch::config'] -> Elasticsearch::Pipeline <| |> Class['elasticsearch::config'] -> Elasticsearch::Index <| |> Class['elasticsearch::config'] -> Elasticsearch::Snapshot_repository <| |> - } else { - # Absent; remove configuration before the package. Class['elasticsearch::config'] -> Class['elasticsearch::package'] # Top-level ordering bindings for resources. Elasticsearch::Plugin <| |> -> Class['elasticsearch::config'] Elasticsearch::User <| |> -> Class['elasticsearch::config'] Elasticsearch::Role <| |> -> Class['elasticsearch::config'] Elasticsearch::Template <| |> -> Class['elasticsearch::config'] Elasticsearch::Pipeline <| |> -> Class['elasticsearch::config'] Elasticsearch::Index <| |> -> Class['elasticsearch::config'] Elasticsearch::Snapshot_repository <| |> -> Class['elasticsearch::config'] - } # Install plugins before managing users/roles Elasticsearch::Plugin <| ensure == 'present' or ensure == 'installed' |> -> Elasticsearch::User <| |> Elasticsearch::Plugin <| ensure == 'present' or ensure == 'installed' |> -> Elasticsearch::Role <| |> # Remove plugins after managing users/roles Elasticsearch::User <| |> -> Elasticsearch::Plugin <| ensure == 'absent' |> Elasticsearch::Role <| |> -> Elasticsearch::Plugin <| ensure == 'absent' |> # Ensure roles are defined before managing users that reference roles Elasticsearch::Role <| |> -> Elasticsearch::User <| ensure == 'present' |> # Ensure users are removed before referenced roles are managed Elasticsearch::User <| ensure == 'absent' |> -> Elasticsearch::Role <| |> # Ensure users and roles are managed before calling out to REST resources Elasticsearch::Role <| |> -> Elasticsearch::Template <| |> Elasticsearch::User <| |> -> Elasticsearch::Template <| |> Elasticsearch::Role <| |> -> Elasticsearch::Pipeline <| |> Elasticsearch::User <| |> -> Elasticsearch::Pipeline <| |> Elasticsearch::Role <| |> -> Elasticsearch::Index <| |> Elasticsearch::User <| |> -> Elasticsearch::Index <| |> Elasticsearch::Role <| |> -> Elasticsearch::Snapshot_repository <| |> Elasticsearch::User <| |> -> Elasticsearch::Snapshot_repository <| |> # Ensure that any command-line based user changes are performed before the # file is modified Elasticsearch_user <| |> -> Elasticsearch_user_file <| |> } diff --git a/manifests/package.pp b/manifests/package.pp index 2b2d4b8..3b956a9 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -1,192 +1,168 @@ # This class exists to coordinate all software package management related # actions, functionality and logical units in a central place. # # It is not intended to be used directly by external resources like node # definitions or other modules. # # @example importing this class by other classes to use its functionality: # class { 'elasticsearch::package': } # # @author Richard Pijnenburg # @author Tyler Langlois # class elasticsearch::package { - Exec { - path => [ '/bin', '/usr/bin', '/usr/local/bin' ], + path => ['/bin', '/usr/bin', '/usr/local/bin'], cwd => '/', tries => 3, try_sleep => 10, } if $elasticsearch::ensure == 'present' { - if $elasticsearch::restart_package_change { Package['elasticsearch'] ~> Class['elasticsearch::service'] } Package['elasticsearch'] ~> Exec['remove_plugin_dir'] # Create directory to place the package file $package_dir = $elasticsearch::package_dir exec { 'create_package_dir_elasticsearch': cwd => '/', path => ['/usr/bin', '/bin'], command => "mkdir -p ${package_dir}", creates => $package_dir, } file { $package_dir: ensure => 'directory', purge => $elasticsearch::purge_package_dir, force => $elasticsearch::purge_package_dir, backup => false, require => Exec['create_package_dir_elasticsearch'], } # Check if we want to install a specific version or not if $elasticsearch::version == false { - $package_ensure = $elasticsearch::autoupgrade ? { true => 'latest', false => 'present', } - } else { - # install specific version $package_ensure = $elasticsearch::pkg_version - } # action if ($elasticsearch::package_url != undef) { - case $elasticsearch::package_provider { - 'package': { $before = Package['elasticsearch'] } + 'package': { $before = Package['elasticsearch'] } default: { fail("software provider \"${elasticsearch::package_provider}\".") } } $filename_array = split($elasticsearch::package_url, '/') $basefilename = $filename_array[-1] $source_array = split($elasticsearch::package_url, ':') $protocol_type = $source_array[0] $ext_array = split($basefilename, '\.') $ext = $ext_array[-1] $pkg_source = "${package_dir}/${basefilename}" case $protocol_type { - 'puppet': { - file { $pkg_source: ensure => file, source => $elasticsearch::package_url, require => File[$package_dir], backup => false, before => $before, } - } 'ftp', 'https', 'http': { - if $elasticsearch::proxy_url != undef { $exec_environment = [ 'use_proxy=yes', "http_proxy=${elasticsearch::proxy_url}", "https_proxy=${elasticsearch::proxy_url}", ] } else { $exec_environment = [] } case $elasticsearch::download_tool { String: { $_download_command = if $elasticsearch::download_tool_verify_certificates { $elasticsearch::download_tool } else { $elasticsearch::download_tool_insecure } exec { 'download_package_elasticsearch': command => "${_download_command} ${pkg_source} ${elasticsearch::package_url} 2> /dev/null", creates => $pkg_source, environment => $exec_environment, timeout => $elasticsearch::package_dl_timeout, require => File[$package_dir], before => $before, } } default: { fail("no \$elasticsearch::download_tool defined for ${facts['os']['family']}") } } - } 'file': { - $source_path = $source_array[1] file { $pkg_source: ensure => file, source => $source_path, require => File[$package_dir], backup => false, before => $before, } - } default: { fail("Protocol must be puppet, file, http, https, or ftp. You have given \"${protocol_type}\"") } } if ($elasticsearch::package_provider == 'package') { - case $ext { 'deb': { Package { provider => 'dpkg', source => $pkg_source } } 'rpm': { Package { provider => 'rpm', source => $pkg_source } } default: { fail("Unknown file extention \"${ext}\".") } } - } - } else { if ($elasticsearch::manage_repo and $facts['os']['family'] == 'Debian') { Class['apt::update'] -> Package['elasticsearch'] } } - - # Package removal } else { - + # Package removal if ($facts['os']['family'] == 'Suse') { Package { provider => 'rpm', } $package_ensure = 'absent' } else { $package_ensure = 'purged' } - } if ($elasticsearch::package_provider == 'package') { - package { 'elasticsearch': ensure => $package_ensure, name => $elasticsearch::_package_name, } exec { 'remove_plugin_dir': refreshonly => true, command => "rm -rf ${elasticsearch::real_plugindir}", } - - } else { fail("\"${elasticsearch::package_provider}\" is not supported") } - } diff --git a/manifests/pipeline.pp b/manifests/pipeline.pp index 4571ba8..64a3c72 100644 --- a/manifests/pipeline.pp +++ b/manifests/pipeline.pp @@ -1,79 +1,78 @@ # This define allows you to insert, update or delete Elasticsearch index # ingestion pipelines. # # Pipeline content should be defined through the `content` parameter. # # @param ensure # Controls whether the named pipeline should be present or absent in # the cluster. # # @param content # Contents of the pipeline in hash form. # # @param api_basic_auth_password # HTTP basic auth password to use when communicating over the Elasticsearch # API. # # @param api_basic_auth_username # HTTP basic auth username to use when communicating over the Elasticsearch # API. # # @param api_ca_file # Path to a CA file which will be used to validate server certs when # communicating with the Elasticsearch API over HTTPS. # # @param api_ca_path # Path to a directory with CA files which will be used to validate server # certs when communicating with the Elasticsearch API over HTTPS. # # @param api_host # Host name or IP address of the ES instance to connect to. # # @param api_port # Port number of the ES instance to connect to # # @param api_protocol # Protocol that should be used to connect to the Elasticsearch API. # # @param api_timeout # Timeout period (in seconds) for the Elasticsearch API. # # @param validate_tls # Determines whether the validity of SSL/TLS certificates received from the # Elasticsearch API should be verified or ignored. # # @author Tyler Langlois # define elasticsearch::pipeline ( Enum['absent', 'present'] $ensure = 'present', Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, String $api_host = $elasticsearch::api_host, Integer[0, 65535] $api_port = $elasticsearch::api_port, Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, Integer $api_timeout = $elasticsearch::api_timeout, Hash $content = {}, Boolean $validate_tls = $elasticsearch::validate_tls, ) { - es_instance_conn_validator { "${name}-ingest-pipeline": server => $api_host, port => $api_port, timeout => $api_timeout, } -> elasticsearch_pipeline { $name: ensure => $ensure, content => $content, protocol => $api_protocol, host => $api_host, port => $api_port, timeout => $api_timeout, username => $api_basic_auth_username, password => $api_basic_auth_password, ca_file => $api_ca_file, ca_path => $api_ca_path, validate_tls => $validate_tls, } } diff --git a/manifests/plugin.pp b/manifests/plugin.pp index 7f219c8..6527f59 100644 --- a/manifests/plugin.pp +++ b/manifests/plugin.pp @@ -1,146 +1,144 @@ # This define allows you to install arbitrary Elasticsearch plugins # either by using the default repositories or by specifying an URL # # @example install from official repository # elasticsearch::plugin {'mobz/elasticsearch-head': module_dir => 'head'} # # @example installation using a custom URL # elasticsearch::plugin { 'elasticsearch-jetty': # module_dir => 'elasticsearch-jetty', # url => 'https://oss-es-plugins.s3.amazonaws.com/elasticsearch-jetty/elasticsearch-jetty-0.90.0.zip', # } # # @param ensure # Whether the plugin will be installed or removed. # Set to 'absent' to ensure a plugin is not installed # # @param configdir # Path to the elasticsearch configuration directory (ES_PATH_CONF) # to which the plugin should be installed. # # @param java_opts # Array of Java options to be passed to `ES_JAVA_OPTS` # # @param java_home # Path to JAVA_HOME, if Java is installed in a non-standard location. # # @param module_dir # Directory name where the module has been installed # This is automatically generated based on the module name # Specify a value here to override the auto generated value # # @param proxy_host # Proxy host to use when installing the plugin # # @param proxy_password # Proxy auth password to use when installing the plugin # # @param proxy_port # Proxy port to use when installing the plugin # # @param proxy_username # Proxy auth username to use when installing the plugin # # @param source # Specify the source of the plugin. # This will copy over the plugin to the node and use it for installation. # Useful for offline installation # # @param url # Specify an URL where to download the plugin from. # # @author Richard Pijnenburg # @author Matteo Sessa # @author Dennis Konert # @author Tyler Langlois # @author Gavin Williams # define elasticsearch::plugin ( Enum['absent', 'present'] $ensure = 'present', Stdlib::Absolutepath $configdir = $elasticsearch::configdir, Array[String] $java_opts = [], Optional[Stdlib::Absolutepath] $java_home = undef, Optional[String] $module_dir = undef, Optional[String] $proxy_host = undef, Optional[String] $proxy_password = undef, Optional[Integer[0, 65535]] $proxy_port = undef, Optional[String] $proxy_username = undef, Optional[String] $source = undef, Optional[Stdlib::HTTPUrl] $url = undef, ) { - include elasticsearch case $ensure { 'present': { $_file_ensure = 'directory' $_file_before = [] } 'absent': { $_file_ensure = $ensure $_file_before = File[$elasticsearch::real_plugindir] } - default: { } + default: { + } } # set proxy by override or parse and use proxy_url from # elasticsearch::proxy_url or use no proxy at all if ($proxy_host != undef and $proxy_port != undef) { if ($proxy_username != undef and $proxy_password != undef) { $_proxy_auth = "${proxy_username}:${proxy_password}@" } else { $_proxy_auth = undef } $_proxy = "http://${_proxy_auth}${proxy_host}:${proxy_port}" } elsif ($elasticsearch::proxy_url != undef) { $_proxy = $elasticsearch::proxy_url } else { $_proxy = undef } if ($source != undef) { - $filename_array = split($source, '/') $basefilename = $filename_array[-1] $file_source = "${elasticsearch::package_dir}/${basefilename}" file { $file_source: ensure => 'file', source => $source, before => Elasticsearch_plugin[$name], } - } else { $file_source = undef } $_module_dir = es_plugin_name($module_dir, $name) elasticsearch_plugin { $name: ensure => $ensure, configdir => $configdir, elasticsearch_package_name => 'elasticsearch', java_opts => $java_opts, java_home => $java_home, source => $file_source, url => $url, proxy => $_proxy, plugin_dir => $elasticsearch::real_plugindir, plugin_path => $module_dir, before => Service['elasticsearch'], } -> file { "${elasticsearch::real_plugindir}/${_module_dir}": ensure => $_file_ensure, mode => 'o+Xr', recurse => true, before => $_file_before, } if $elasticsearch::restart_plugin_change { Elasticsearch_plugin[$name] { notify +> Service['elasticsearch'], } } } diff --git a/manifests/service.pp b/manifests/service.pp index 6e46270..ec37fe0 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -1,53 +1,52 @@ # This class exists to coordinate all service management related actions, # functionality and logical units in a central place. # # *Note*: "service" is the Puppet term and type for background processes # in general and is used in a platform-independent way. E.g. "service" means # "daemon" in relation to Unix-like systems. # # @author Richard Pijnenburg # @author Tyler Langlois # @author Gavin Williams # class elasticsearch::service { - #### Service management if $elasticsearch::ensure == 'present' { - case $elasticsearch::status { # make sure service is currently running, start it on boot 'enabled': { $_service_ensure = 'running' $_service_enable = true } # make sure service is currently stopped, do not start it on boot 'disabled': { $_service_ensure = 'stopped' $_service_enable = false } # make sure service is currently running, do not start it on boot 'running': { $_service_ensure = 'running' $_service_enable = false } # do not start service on boot, do not care whether currently running # or not 'unmanaged': { $_service_ensure = undef $_service_enable = false } - default: { } + default: { + } } } else { # make sure the service is stopped and disabled (the removal itself will be # done by package.pp) $_service_ensure = 'stopped' $_service_enable = false } service { $elasticsearch::service_name: ensure => $_service_ensure, enable => $_service_enable, } } diff --git a/manifests/snapshot_repository.pp b/manifests/snapshot_repository.pp index 1906194..cf0e2e0 100644 --- a/manifests/snapshot_repository.pp +++ b/manifests/snapshot_repository.pp @@ -1,104 +1,103 @@ # This define allows you to insert, update or delete Elasticsearch snapshot # repositories. # # @param ensure # Controls whether the named index template should be present or absent in # the cluster. # # @param api_basic_auth_password # HTTP basic auth password to use when communicating over the Elasticsearch # API. # # @param api_basic_auth_username # HTTP basic auth username to use when communicating over the Elasticsearch # API. # # @param api_ca_file # Path to a CA file which will be used to validate server certs when # communicating with the Elasticsearch API over HTTPS. # # @param api_ca_path # Path to a directory with CA files which will be used to validate server # certs when communicating with the Elasticsearch API over HTTPS. # # @param api_host # Host name or IP address of the ES instance to connect to. # # @param api_port # Port number of the ES instance to connect to # # @param api_protocol # Protocol that should be used to connect to the Elasticsearch API. # # @param api_timeout # Timeout period (in seconds) for the Elasticsearch API. # # @param repository_type # Snapshot repository type. # # @param location # Location of snapshots. Mandatory # # @param compress # Compress the snapshot metadata files? # # @param chunk_size # Chunk size to break big files down into. # # @param max_restore_rate # Throttle value for node restore rate. # # @param max_snapshot_rate # Throttle value for node snapshot rate. # # @param validate_tls # Determines whether the validity of SSL/TLS certificates received from the # Elasticsearch API should be verified or ignored. # # @author Gavin Williams # @author Richard Pijnenburg # @author Tyler Langlois # define elasticsearch::snapshot_repository ( String $location, Enum['absent', 'present'] $ensure = 'present', Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, String $api_host = $elasticsearch::api_host, Integer[0, 65535] $api_port = $elasticsearch::api_port, Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, Integer $api_timeout = $elasticsearch::api_timeout, Boolean $compress = true, Optional[String] $chunk_size = undef, Optional[String] $max_restore_rate = undef, Optional[String] $max_snapshot_rate = undef, Optional[String] $repository_type = undef, Boolean $validate_tls = $elasticsearch::validate_tls, ) { - es_instance_conn_validator { "${name}-snapshot": server => $api_host, port => $api_port, timeout => $api_timeout, } -> elasticsearch_snapshot_repository { $name: ensure => $ensure, chunk_size => $chunk_size, compress => $compress, location => $location, max_restore_rate => $max_restore_rate, max_snapshot_rate => $max_snapshot_rate, type => $repository_type, protocol => $api_protocol, host => $api_host, port => $api_port, timeout => $api_timeout, username => $api_basic_auth_username, password => $api_basic_auth_password, ca_file => $api_ca_file, ca_path => $api_ca_path, validate_tls => $validate_tls, } }