| author | ymh <ymh.work@gmail.com> |
| Sun, 18 Dec 2016 01:13:51 +0100 | |
| changeset 476 | 9cffc7f32f14 |
| parent 406 | cf0f23803a53 |
| permissions | -rwxr-xr-x |
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
1 |
# Elasticsearch Puppet Module |
| 28 | 2 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
3 |
[](https://travis-ci.org/elastic/puppet-elasticsearch) |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
4 |
[](https://forge.puppetlabs.com/elasticsearch/elasticsearch) |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
5 |
[](https://forge.puppetlabs.com/elasticsearch/elasticsearch) |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
6 |
[](https://forge.puppetlabs.com/elasticsearch/elasticsearch) |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
7 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
8 |
#### Table of Contents |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
9 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
10 |
1. [Module description - What the module does and why it is useful](#module-description) |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
11 |
2. [Setup - The basics of getting started with Elasticsearch](#setup) |
| 28 | 12 |
* [The module manages the following](#the-module-manages-the-following) |
13 |
* [Requirements](#requirements) |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
14 |
3. [Usage - Configuration options and additional functionality](#usage) |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
15 |
4. [Advanced features - Extra information on advanced usage](#advanced-features) |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
16 |
5. [Reference - An under-the-hood peek at what the module is doing and how](#reference) |
| 28 | 17 |
6. [Limitations - OS compatibility, etc.](#limitations) |
18 |
7. [Development - Guide for contributing to the module](#development) |
|
19 |
8. [Support - When you need help with this module](#support) |
|
20 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
21 |
## Module description |
| 28 | 22 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
23 |
This module sets up [Elasticsearch](https://www.elastic.co/overview/elasticsearch/) instances with additional resource for plugins, templates, and more. |
| 28 | 24 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
25 |
This module has been tested against all versions of ES 1.x and 2.x. |
| 28 | 26 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
27 |
## Setup |
| 28 | 28 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
29 |
### The module manages the following |
| 28 | 30 |
|
31 |
* Elasticsearch repository files. |
|
32 |
* Elasticsearch package. |
|
33 |
* Elasticsearch configuration file. |
|
34 |
* Elasticsearch service. |
|
35 |
* Elasticsearch plugins. |
|
36 |
* Elasticsearch templates. |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
37 |
* Elasticsearch Shield users, roles, and certificates. |
| 28 | 38 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
39 |
### Requirements |
| 28 | 40 |
|
41 |
* The [stdlib](https://forge.puppetlabs.com/puppetlabs/stdlib) Puppet library. |
|
42 |
* [ceritsc/yum](https://forge.puppetlabs.com/ceritsc/yum) For yum version lock. |
|
43 |
* [richardc/datacat](https://forge.puppetlabs.com/richardc/datacat) |
|
44 |
* [Augeas](http://augeas.net/) |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
45 |
* [puppetlabs-java](https://forge.puppetlabs.com/puppetlabs/java) for Java installation (optional). |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
46 |
* [puppetlabs-java_ks](https://forge.puppetlabs.com/puppetlabs/java_ks) for Shield certificate management (optional). |
| 28 | 47 |
|
48 |
#### Repository management |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
49 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
50 |
When using the repository management, the following module dependencies are required: |
| 28 | 51 |
|
52 |
* Debian/Ubuntu: [Puppetlabs/apt](http://forge.puppetlabs.com/puppetlabs/apt) |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
53 |
* OpenSuSE/SLES: [Darin/zypprepo](https://forge.puppetlabs.com/darin/zypprepo) |
| 28 | 54 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
55 |
### Beginning with Elasticsearch |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
56 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
57 |
Declare the top-level `elasticsearch` class (managing repositories) and set up an instance: |
| 28 | 58 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
59 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
60 |
class { 'elasticsearch': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
61 |
java_install => true, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
62 |
manage_repo => true, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
63 |
repo_version => '2.x', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
64 |
} |
| 28 | 65 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
66 |
elasticsearch::instance { 'es-01': } |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
67 |
``` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
68 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
69 |
## Usage |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
70 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
71 |
### Main class |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
72 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
73 |
Most top-level parameters in the `elasticsearch` class are set to reasonable defaults. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
74 |
The following are some parameters that may be useful to override: |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
75 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
76 |
#### Install a specific version |
| 28 | 77 |
|
78 |
```puppet |
|
79 |
class { 'elasticsearch': |
|
80 |
version => '1.4.2' |
|
81 |
} |
|
82 |
``` |
|
83 |
||
84 |
Note: This will only work when using the repository. |
|
85 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
86 |
#### Automatically restarting the service (default set to false) |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
87 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
88 |
By default, the module will not restart Elasticsearch when the configuration file, package, or plugins change. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
89 |
This can be overridden globally with the following option: |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
90 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
91 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
92 |
class { 'elasticsearch': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
93 |
restart_on_change => true |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
94 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
95 |
``` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
96 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
97 |
Or controlled with the more granular options: `restart_config_change`, `restart_package_change`, and `restart_plugin_change.` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
98 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
99 |
#### Automatic upgrades (default set to false) |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
100 |
|
| 28 | 101 |
```puppet |
102 |
class { 'elasticsearch': |
|
103 |
autoupgrade => true |
|
104 |
} |
|
105 |
``` |
|
106 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
107 |
#### Removal/Decommissioning |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
108 |
|
| 28 | 109 |
```puppet |
110 |
class { 'elasticsearch': |
|
111 |
ensure => 'absent' |
|
112 |
} |
|
113 |
``` |
|
114 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
115 |
#### Install everything but disable service(s) afterwards |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
116 |
|
| 28 | 117 |
```puppet |
118 |
class { 'elasticsearch': |
|
119 |
status => 'disabled' |
|
120 |
} |
|
121 |
``` |
|
122 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
123 |
#### API Settings |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
124 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
125 |
Some resources, such as `elasticsearch::template`, require communicating with the Elasticsearch REST API. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
126 |
By default, these API settings are set to: |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
127 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
128 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
129 |
class { 'elasticsearch': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
130 |
api_protocol => 'http', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
131 |
api_host => 'localhost', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
132 |
api_port => 9200, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
133 |
api_timeout => 10, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
134 |
api_basic_auth_username => undef, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
135 |
api_basic_auth_password => undef, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
136 |
api_ca_file => undef, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
137 |
api_ca_path => undef, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
138 |
validate_tls => true, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
139 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
140 |
``` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
141 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
142 |
Each of these can be set at the top-level `elasticsearch` class and inherited for each resource or overridden on a per-resource basis. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
143 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
144 |
### Instances |
| 28 | 145 |
|
146 |
This module works with the concept of instances. For service to start you need to specify at least one instance. |
|
147 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
148 |
#### Quick setup |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
149 |
|
| 28 | 150 |
```puppet |
151 |
elasticsearch::instance { 'es-01': } |
|
152 |
``` |
|
153 |
||
154 |
This will set up its own data directory and set the node name to `$hostname-$instance_name` |
|
155 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
156 |
#### Advanced options |
| 28 | 157 |
|
158 |
Instance specific options can be given: |
|
159 |
||
160 |
```puppet |
|
161 |
elasticsearch::instance { 'es-01': |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
162 |
config => { }, # Configuration hash |
| 28 | 163 |
init_defaults => { }, # Init defaults hash |
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
164 |
datadir => [ ], # Data directory |
| 28 | 165 |
} |
166 |
``` |
|
167 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
168 |
See [Advanced features](#advanced-features) for more information. |
| 28 | 169 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
170 |
### Plugins |
| 28 | 171 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
172 |
This module can help manage [a variety of plugins](http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-plugins.html#known-plugins). |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
173 |
Note that `module_dir` is where the plugin will install itself to and must match that published by the plugin author; it is not where you would like to install it yourself. |
| 28 | 174 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
175 |
#### From an official repository |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
176 |
|
| 28 | 177 |
```puppet |
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
178 |
elasticsearch::plugin { 'lmenezes/elasticsearch-kopf': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
179 |
instances => 'instance_name' |
| 28 | 180 |
} |
181 |
``` |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
182 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
183 |
#### From a custom url |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
184 |
|
| 28 | 185 |
```puppet |
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
186 |
elasticsearch::plugin { 'jetty': |
| 28 | 187 |
url => 'https://oss-es-plugins.s3.amazonaws.com/elasticsearch-jetty/elasticsearch-jetty-1.2.1.zip', |
188 |
instances => 'instance_name' |
|
189 |
} |
|
190 |
``` |
|
191 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
192 |
#### Using a proxy |
| 28 | 193 |
|
194 |
You can also use a proxy if required by setting the `proxy_host` and `proxy_port` options: |
|
195 |
```puppet |
|
196 |
elasticsearch::plugin { 'lmenezes/elasticsearch-kopf', |
|
197 |
instances => 'instance_name', |
|
198 |
proxy_host => 'proxy.host.com', |
|
199 |
proxy_port => 3128 |
|
200 |
} |
|
201 |
``` |
|
202 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
203 |
Proxies that require usernames and passwords are similarly supported with the `proxy_username` and `proxy_password` parameters. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
204 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
205 |
Plugin name formats that are supported include: |
| 28 | 206 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
207 |
* `elasticsearch/plugin/version` (for official elasticsearch plugins downloaded from download.elastic.co) |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
208 |
* `groupId/artifactId/version` (for community plugins downloaded from maven central or OSS Sonatype) |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
209 |
* `username/repository` (for site plugins downloaded from github master) |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
210 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
211 |
#### Upgrading plugins |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
212 |
|
| 28 | 213 |
When you specify a certain plugin version, you can upgrade that plugin by specifying the new version. |
214 |
||
215 |
```puppet |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
216 |
elasticsearch::plugin { 'elasticsearch/elasticsearch-cloud-aws/2.1.1': } |
| 28 | 217 |
``` |
218 |
||
219 |
And to upgrade, you would simply change it to |
|
220 |
||
221 |
```puppet |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
222 |
elasticsearch::plugin { 'elasticsearch/elasticsearch-cloud-aws/2.4.1': } |
| 28 | 223 |
``` |
224 |
||
225 |
Please note that this does not work when you specify 'latest' as a version number. |
|
226 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
227 |
#### ES 2.x official plugins |
| 28 | 228 |
For the Elasticsearch commercial plugins you can refer them to the simple name. |
229 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
230 |
See [Plugin installation](https://www.elastic.co/guide/en/elasticsearch/plugins/current/installation.html) for more details. |
| 28 | 231 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
232 |
### Scripts |
| 28 | 233 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
234 |
Installs [scripts](http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting.html) to be used by Elasticsearch. |
| 28 | 235 |
These scripts are shared across all defined instances on the same host. |
236 |
||
237 |
```puppet |
|
238 |
elasticsearch::script { 'myscript': |
|
239 |
ensure => 'present', |
|
240 |
source => 'puppet:///path/to/my/script.groovy' |
|
241 |
} |
|
242 |
``` |
|
243 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
244 |
### Templates |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
245 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
246 |
By default templates use the top-level `elasticsearch::api_*` settings to communicate with Elasticsearch. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
247 |
The following is an example of how to override these settings: |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
248 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
249 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
250 |
elasticsearch::template { 'templatename': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
251 |
api_protocol => 'https', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
252 |
api_host => $::ipaddress, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
253 |
api_port => 9201, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
254 |
api_timeout => 60, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
255 |
api_basic_auth_username => 'admin', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
256 |
api_basic_auth_password => 'adminpassword', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
257 |
api_ca_file => '/etc/ssl/certs', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
258 |
api_ca_path => '/etc/pki/certs', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
259 |
validate_tls => false, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
260 |
source => 'puppet:///path/to/template.json', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
261 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
262 |
``` |
| 28 | 263 |
|
264 |
#### Add a new template using a file |
|
265 |
||
266 |
This will install and/or replace the template in Elasticsearch: |
|
267 |
||
268 |
```puppet |
|
269 |
elasticsearch::template { 'templatename': |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
270 |
source => 'puppet:///path/to/template.json', |
| 28 | 271 |
} |
272 |
``` |
|
273 |
||
274 |
#### Add a new template using content |
|
275 |
||
276 |
This will install and/or replace the template in Elasticsearch: |
|
277 |
||
278 |
```puppet |
|
279 |
elasticsearch::template { 'templatename': |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
280 |
content => { |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
281 |
'template' => "*", |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
282 |
'settings' => { |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
283 |
'number_of_replicas' => 0 |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
284 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
285 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
286 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
287 |
``` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
288 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
289 |
Plain JSON strings are also supported. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
290 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
291 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
292 |
elasticsearch::template { 'templatename': |
| 28 | 293 |
content => '{"template":"*","settings":{"number_of_replicas":0}}' |
294 |
} |
|
295 |
``` |
|
296 |
||
297 |
#### Delete a template |
|
298 |
||
299 |
```puppet |
|
300 |
elasticsearch::template { 'templatename': |
|
301 |
ensure => 'absent' |
|
302 |
} |
|
303 |
``` |
|
304 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
305 |
### Bindings/Clients |
| 28 | 306 |
|
307 |
Install a variety of [clients/bindings](http://www.elasticsearch.org/guide/en/elasticsearch/client/community/current/clients.html): |
|
308 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
309 |
#### Python |
| 28 | 310 |
|
311 |
```puppet |
|
312 |
elasticsearch::python { 'rawes': } |
|
313 |
``` |
|
314 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
315 |
#### Ruby |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
316 |
|
| 28 | 317 |
```puppet |
318 |
elasticsearch::ruby { 'elasticsearch': } |
|
319 |
``` |
|
320 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
321 |
### Connection Validator |
| 28 | 322 |
|
323 |
This module offers a way to make sure an instance has been started and is up and running before |
|
324 |
doing a next action. This is done via the use of the `es_instance_conn_validator` resource. |
|
325 |
```puppet |
|
326 |
es_instance_conn_validator { 'myinstance' : |
|
327 |
server => 'es.example.com', |
|
328 |
port => '9200', |
|
329 |
} |
|
330 |
``` |
|
331 |
||
332 |
A common use would be for example : |
|
333 |
||
334 |
```puppet |
|
335 |
class { 'kibana4' : |
|
336 |
require => Es_Instance_Conn_Validator['myinstance'], |
|
337 |
} |
|
338 |
``` |
|
339 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
340 |
### Package installation |
| 28 | 341 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
342 |
There are two different ways of installing Elasticsearch: |
| 28 | 343 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
344 |
#### Repository |
| 28 | 345 |
|
346 |
This option allows you to use an existing repository for package installation. |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
347 |
The `repo_version` corresponds with the `major.minor` version of Elasticsearch for versions before 2.x. |
| 28 | 348 |
|
349 |
```puppet |
|
350 |
class { 'elasticsearch': |
|
351 |
manage_repo => true, |
|
352 |
repo_version => '1.4', |
|
353 |
} |
|
354 |
``` |
|
355 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
356 |
For 2.x versions of Elasticsearch, use `repo_version => '2.x'`. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
357 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
358 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
359 |
class { 'elasticsearch': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
360 |
manage_repo => true, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
361 |
repo_version => '2.x', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
362 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
363 |
``` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
364 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
365 |
#### Remote package source |
| 28 | 366 |
|
367 |
When a repository is not available or preferred you can install the packages from a remote source: |
|
368 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
369 |
##### http/https/ftp |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
370 |
|
| 28 | 371 |
```puppet |
372 |
class { 'elasticsearch': |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
373 |
package_url => 'https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.2.deb', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
374 |
proxy_url => 'http://proxy.example.com:8080/', |
| 28 | 375 |
} |
376 |
``` |
|
377 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
378 |
Setting `proxy_url` to a location will enable download using the provided proxy |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
379 |
server. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
380 |
This parameter is also used by `elasticsearch::plugin`. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
381 |
Setting the port in the `proxy_url` is mandatory. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
382 |
`proxy_url` defaults to `undef` (proxy disabled). |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
383 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
384 |
##### puppet:// |
| 28 | 385 |
```puppet |
386 |
class { 'elasticsearch': |
|
387 |
package_url => 'puppet:///path/to/elasticsearch-1.4.2.deb' |
|
388 |
} |
|
389 |
``` |
|
390 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
391 |
##### Local file |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
392 |
|
| 28 | 393 |
```puppet |
394 |
class { 'elasticsearch': |
|
395 |
package_url => 'file:/path/to/elasticsearch-1.4.2.deb' |
|
396 |
} |
|
397 |
``` |
|
398 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
399 |
### Java installation |
| 28 | 400 |
|
401 |
Most sites will manage Java separately; however, this module can attempt to install Java as well. |
|
402 |
This is done by using the [puppetlabs-java](https://forge.puppetlabs.com/puppetlabs/java) module. |
|
403 |
||
404 |
```puppet |
|
405 |
class { 'elasticsearch': |
|
406 |
java_install => true |
|
407 |
} |
|
408 |
``` |
|
409 |
||
410 |
Specify a particular Java package/version to be installed: |
|
411 |
||
412 |
```puppet |
|
413 |
class { 'elasticsearch': |
|
414 |
java_install => true, |
|
415 |
java_package => 'packagename' |
|
416 |
} |
|
417 |
``` |
|
418 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
419 |
### Service management |
| 28 | 420 |
|
421 |
Currently only the basic SysV-style [init](https://en.wikipedia.org/wiki/Init) and [Systemd](http://en.wikipedia.org/wiki/Systemd) service providers are supported, but other systems could be implemented as necessary (pull requests welcome). |
|
422 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
423 |
#### Defaults File |
| 28 | 424 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
425 |
The *defaults* file (`/etc/defaults/elasticsearch` or `/etc/sysconfig/elasticsearch`) for the Elasticsearch service can be populated as necessary. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
426 |
This can either be a static file resource or a simple key value-style [hash](http://docs.puppetlabs.com/puppet/latest/reference/lang_datatypes.html#hashes) object, the latter being particularly well-suited to pulling out of a data source such as Hiera. |
| 28 | 427 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
428 |
##### File source |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
429 |
|
| 28 | 430 |
```puppet |
431 |
class { 'elasticsearch': |
|
432 |
init_defaults_file => 'puppet:///path/to/defaults' |
|
433 |
} |
|
434 |
``` |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
435 |
##### Hash representation |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
436 |
|
| 28 | 437 |
```puppet |
438 |
$config_hash = { |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
439 |
'ES_HEAP_SIZE' => '30g', |
| 28 | 440 |
} |
441 |
||
442 |
class { 'elasticsearch': |
|
443 |
init_defaults => $config_hash |
|
444 |
} |
|
445 |
``` |
|
446 |
||
447 |
Note: `init_defaults` hash can be passed to the main class and to the instance. |
|
448 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
449 |
## Advanced features |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
450 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
451 |
### Shield |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
452 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
453 |
[Shield](https://www.elastic.co/products/shield) users, roles, and certificates can be managed by this module. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
454 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
455 |
**Note**: If you are planning to use these features, it is *highly recommended* you read the following documentation to understand the caveats and extent of the resources available to you. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
456 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
457 |
#### Getting Started |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
458 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
459 |
Although this module can handle several types of Shield resources, you are expected to manage the plugin installation and versions for your deployment. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
460 |
For example, the following manifest will install Elasticseach with a single instance running shield: |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
461 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
462 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
463 |
class { 'elasticsearch': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
464 |
java_install => true, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
465 |
manage_repo => true, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
466 |
repo_version => '1.7', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
467 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
468 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
469 |
elasticsearch::instance { 'es-01': } |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
470 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
471 |
Elasticsearch::Plugin { instances => ['es-01'], } |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
472 |
elasticsearch::plugin { 'elasticsearch/license/latest': } |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
473 |
elasticsearch::plugin { 'elasticsearch/shield/latest': } |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
474 |
``` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
475 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
476 |
The following examples will assume the preceding resources are part of your puppet manifest. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
477 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
478 |
#### Roles |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
479 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
480 |
Roles in the `esusers` realm can be managed using the `elasticsearch::shield::role` type. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
481 |
For example, to create a role called `myrole`, you could use the following resource: |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
482 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
483 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
484 |
elasticsearch::shield::role { 'myrole': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
485 |
privileges => { |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
486 |
'cluster' => 'monitor', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
487 |
'indices' => { |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
488 |
'*' => 'read' |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
489 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
490 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
491 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
492 |
``` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
493 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
494 |
This role would grant users access to cluster monitoring and read access to all indices. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
495 |
See the [Shield documentation](https://www.elastic.co/guide/en/shield/index.html) for your version to determine what `privileges` to use and how to format them (the Puppet hash representation will simply be translated into yaml.) |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
496 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
497 |
**Note**: The Puppet provider for `esusers` has fine-grained control over the `roles.yml` file and thus will leave the default roles Shield installs in-place. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
498 |
If you would like to explicitly purge the default roles (leaving only roles managed by puppet), you can do so by including the following in your manifest: |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
499 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
500 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
501 |
resources { 'elasticsearch_shield_role': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
502 |
purge => true, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
503 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
504 |
``` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
505 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
506 |
##### Mappings |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
507 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
508 |
Associating mappings with a role is done by passing an array of strings to the `mappings` parameter of the `elasticsearch::shield::role` type. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
509 |
For example, to define a role with mappings using Shield >= 2.3.x style role definitions: |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
510 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
511 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
512 |
elasticsearch::shield::role { 'logstash': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
513 |
mappings => [ |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
514 |
'cn=group,ou=devteam', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
515 |
], |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
516 |
privileges => { |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
517 |
'cluster' => 'manage_index_templates', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
518 |
'indices' => [{ |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
519 |
'names' => ['logstash-*'], |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
520 |
'privileges' => [ |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
521 |
'write', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
522 |
'delete', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
523 |
'create_index', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
524 |
], |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
525 |
}], |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
526 |
}, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
527 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
528 |
``` |
| 28 | 529 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
530 |
**Note**: Observe the brackets around `indices` in the preceding role definition; which is an array of hashes per the format in Shield 2.3.x. Follow the documentation to determine the correct formatting for your version of Shield. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
531 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
532 |
If you'd like to keep the mappings file purged of entries not under Puppet's control, you should use the following `resources` declaration because mappings are a separate low-level type: |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
533 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
534 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
535 |
resources { 'elasticsearch_shield_role_mapping': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
536 |
purge => true, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
537 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
538 |
``` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
539 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
540 |
#### Users |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
541 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
542 |
Users can be managed using the `elasticsearch::shield::user` type. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
543 |
For example, to create a user `mysuser` with membership in `myrole`: |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
544 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
545 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
546 |
elasticsearch::shield::user { 'myuser': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
547 |
password => 'mypassword', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
548 |
roles => ['myrole'], |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
549 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
550 |
``` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
551 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
552 |
The `password` parameter will also accept password hashes generated from the `esusers` utility and ensure the password is kept in-sync with the Shield `users` file for all Elasticsearch instances. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
553 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
554 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
555 |
elasticsearch::shield::user { 'myuser': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
556 |
password => '$2a$10$IZMnq6DF4DtQ9c4sVovgDubCbdeH62XncmcyD1sZ4WClzFuAdqspy', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
557 |
roles => ['myrole'], |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
558 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
559 |
``` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
560 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
561 |
**Note**: When using the `esusers` provider (the default for plaintext passwords), Puppet has no way to determine whether the given password is in-sync with the password hashed by Shield. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
562 |
In order to work around this, the `elasticsearch::shield::user` resource has been designed to accept refresh events in order to update password values. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
563 |
This is not ideal, but allows you to instruct the resource to change the password when needed. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
564 |
For example, to update the aforementioned user's password, you could include the following your manifest: |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
565 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
566 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
567 |
notify { 'update password': } ~> |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
568 |
elasticsearch::shield::user { 'myuser': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
569 |
password => 'mynewpassword', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
570 |
roles => ['myrole'], |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
571 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
572 |
``` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
573 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
574 |
#### Certificates |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
575 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
576 |
SSL/TLS can be enabled by providing an `elasticsearch::instance` type with paths to the certificate and private key files, and a password for the keystore. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
577 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
578 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
579 |
elasticsearch::instance { 'es-01': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
580 |
ssl => true, |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
581 |
ca_certificate => '/path/to/ca.pem', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
582 |
certificate => '/path/to/cert.pem', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
583 |
private_key => '/path/to/key.pem', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
584 |
keystore_password => 'keystorepassword', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
585 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
586 |
``` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
587 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
588 |
**Note**: Setting up a proper CA and certificate infrastructure is outside the scope of this documentation, see the aforementioned Shield guide for more information regarding the generation of these certificate files. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
589 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
590 |
The module will set up a keystore file for the node to use and set the relevant options in `elasticsearch.yml` to enable TLS/SSL using the certificates and key provided. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
591 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
592 |
#### System Keys |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
593 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
594 |
Shield system keys can be passed to the module, where they will be placed into individual instance configuration directories. |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
595 |
This can be set at the `elasticsearch` class and inherited across all instances: |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
596 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
597 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
598 |
class { 'elasticsearch': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
599 |
system_key => 'puppet:///path/to/key', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
600 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
601 |
``` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
602 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
603 |
Or set on a per-instance basis: |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
604 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
605 |
```puppet |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
606 |
elasticsearch::instance { 'es-01': |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
607 |
system_key => '/local/path/to/key', |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
608 |
} |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
609 |
``` |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
610 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
611 |
### Package version pinning |
| 28 | 612 |
|
613 |
The module supports pinning the package version to avoid accidental upgrades that are not done by Puppet. |
|
614 |
To enable this feature: |
|
615 |
||
616 |
```puppet |
|
617 |
class { 'elasticsearch': |
|
618 |
package_pin => true, |
|
619 |
version => '1.5.2', |
|
620 |
} |
|
621 |
``` |
|
622 |
||
623 |
In this example we pin the package version to 1.5.2. |
|
624 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
625 |
### Data directories |
| 28 | 626 |
|
627 |
There are 4 different ways of setting data directories for Elasticsearch. |
|
628 |
In every case the required configuration options are placed in the `elasticsearch.yml` file. |
|
629 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
630 |
#### Default |
| 28 | 631 |
By default we use: |
632 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
633 |
/usr/share/elasticsearch/data/$instance_name |
| 28 | 634 |
|
635 |
Which provides a data directory per instance. |
|
636 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
637 |
#### Single global data directory |
| 28 | 638 |
|
639 |
```puppet |
|
640 |
class { 'elasticsearch': |
|
641 |
datadir => '/var/lib/elasticsearch-data' |
|
642 |
} |
|
643 |
``` |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
644 |
|
| 28 | 645 |
Creates the following for each instance: |
646 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
647 |
/var/lib/elasticsearch-data/$instance_name |
| 28 | 648 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
649 |
#### Multiple Global data directories |
| 28 | 650 |
|
651 |
```puppet |
|
652 |
class { 'elasticsearch': |
|
653 |
datadir => [ '/var/lib/es-data1', '/var/lib/es-data2'] |
|
654 |
} |
|
655 |
``` |
|
656 |
Creates the following for each instance: |
|
657 |
`/var/lib/es-data1/$instance_name` |
|
658 |
and |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
659 |
`/var/lib/es-data2/$instance_name`. |
| 28 | 660 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
661 |
#### Single instance data directory |
| 28 | 662 |
|
663 |
```puppet |
|
664 |
class { 'elasticsearch': } |
|
665 |
||
666 |
elasticsearch::instance { 'es-01': |
|
667 |
datadir => '/var/lib/es-data-es01' |
|
668 |
} |
|
669 |
``` |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
670 |
|
| 28 | 671 |
Creates the following for this instance: |
672 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
673 |
/var/lib/es-data-es01 |
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
674 |
|
|
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
675 |
#### Multiple instance data directories |
| 28 | 676 |
|
677 |
```puppet |
|
678 |
class { 'elasticsearch': } |
|
679 |
||
680 |
elasticsearch::instance { 'es-01': |
|
681 |
datadir => ['/var/lib/es-data1-es01', '/var/lib/es-data2-es01'] |
|
682 |
} |
|
683 |
``` |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
684 |
|
| 28 | 685 |
Creates the following for this instance: |
686 |
`/var/lib/es-data1-es01` |
|
687 |
and |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
688 |
`/var/lib/es-data2-es01`. |
| 28 | 689 |
|
690 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
691 |
### Main and instance configurations |
| 28 | 692 |
|
693 |
The `config` option in both the main class and the instances can be configured to work together. |
|
694 |
||
695 |
The options in the `instance` config hash will merged with the ones from the main class and override any duplicates. |
|
696 |
||
697 |
#### Simple merging |
|
698 |
||
699 |
```puppet |
|
700 |
class { 'elasticsearch': |
|
701 |
config => { 'cluster.name' => 'clustername' } |
|
702 |
} |
|
703 |
||
704 |
elasticsearch::instance { 'es-01': |
|
705 |
config => { 'node.name' => 'nodename' } |
|
706 |
} |
|
707 |
elasticsearch::instance { 'es-02': |
|
708 |
config => { 'node.name' => 'nodename2' } |
|
709 |
} |
|
710 |
``` |
|
711 |
||
712 |
This example merges the `cluster.name` together with the `node.name` option. |
|
713 |
||
714 |
#### Overriding |
|
715 |
||
716 |
When duplicate options are provided, the option in the instance config overrides the ones from the main class. |
|
717 |
||
718 |
```puppet |
|
719 |
class { 'elasticsearch': |
|
720 |
config => { 'cluster.name' => 'clustername' } |
|
721 |
} |
|
722 |
||
723 |
elasticsearch::instance { 'es-01': |
|
724 |
config => { 'node.name' => 'nodename', 'cluster.name' => 'otherclustername' } |
|
725 |
} |
|
726 |
||
727 |
elasticsearch::instance { 'es-02': |
|
728 |
config => { 'node.name' => 'nodename2' } |
|
729 |
} |
|
730 |
``` |
|
731 |
||
732 |
This will set the cluster name to `otherclustername` for the instance `es-01` but will keep it to `clustername` for instance `es-02` |
|
733 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
734 |
#### Configuration writeup |
| 28 | 735 |
|
736 |
The `config` hash can be written in 2 different ways: |
|
737 |
||
738 |
##### Full hash writeup |
|
739 |
||
740 |
Instead of writing the full hash representation: |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
741 |
|
| 28 | 742 |
```puppet |
743 |
class { 'elasticsearch': |
|
744 |
config => { |
|
745 |
'cluster' => { |
|
746 |
'name' => 'ClusterName', |
|
747 |
'routing' => { |
|
748 |
'allocation' => { |
|
749 |
'awareness' => { |
|
750 |
'attributes' => 'rack' |
|
751 |
} |
|
752 |
} |
|
753 |
} |
|
754 |
} |
|
755 |
} |
|
756 |
} |
|
757 |
``` |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
758 |
|
| 28 | 759 |
##### Short hash writeup |
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
760 |
|
| 28 | 761 |
```puppet |
762 |
class { 'elasticsearch': |
|
763 |
config => { |
|
764 |
'cluster' => { |
|
765 |
'name' => 'ClusterName', |
|
766 |
'routing.allocation.awareness.attributes' => 'rack' |
|
767 |
} |
|
768 |
} |
|
769 |
} |
|
770 |
``` |
|
771 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
772 |
## Limitations |
| 28 | 773 |
|
774 |
This module has been built on and tested against Puppet 3.2 and higher. |
|
775 |
||
776 |
The module has been tested on: |
|
777 |
||
778 |
* Debian 6/7/8 |
|
779 |
* CentOS 6/7 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
780 |
* OracleLinux 6/7 |
| 28 | 781 |
* Ubuntu 12.04, 14.04 |
782 |
* OpenSuSE 13.x |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
783 |
* SLES 12 |
| 28 | 784 |
|
785 |
Other distro's that have been reported to work: |
|
786 |
||
787 |
* RHEL 6 |
|
788 |
* Scientific 6 |
|
789 |
||
790 |
Testing on other platforms has been light and cannot be guaranteed. |
|
791 |
||
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
792 |
## Development |
| 28 | 793 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
794 |
Please see the [CONTRIBUTING.md](CONTRIBUTING.md) file for instructions regarding development environments and testing. |
| 28 | 795 |
|
|
406
cf0f23803a53
upgrade elasticsearch to 5.0, upgrade ember
ymh <ymh.work@gmail.com>
parents:
28
diff
changeset
|
796 |
## Support |
| 28 | 797 |
|
798 |
Need help? Join us in [#elasticsearch](https://webchat.freenode.net?channels=%23elasticsearch) on Freenode IRC or on the [discussion forum](https://discuss.elastic.co/). |