Merge branch 'master' of git+ssh://github.com/rbkmoney/salt-common into fix_none_consul-reload-recursion

2024-11-06 02:15:20 +00:00 · 2021-05-20 17:58:42 +03:00 · 2021-05-20 17:58:42 +03:00 · 33253488a0
commit 33253488a0
parent 13c21ab835 ba167d23e0
2 changed files with 17 additions and 4 deletions
--- a/sls/elasticsearch/config.sls
+++ b/sls/elasticsearch/config.sls
@ -3,9 +3,14 @@
 from salt.utils import dictupdate
 import yaml

+class NoAliasDumper(yaml.SafeDumper):
+    def ignore_aliases(self, data):
+        return True
+
 conf_path = '/etc/elasticsearch/'
 log_path = '/var/log/elasticsearch/'
 data_path = '/var/lib/elasticsearch/'
+es_java_opts = '-Des.transport.cname_in_publish_address=true'

 packages_es = pillar('gentoo:portage:packages:app-misc/elasticsearch', {})
 es_version = packages_es.get('version', '=7.0.0')
@ -26,7 +31,7 @@ File.directory(
 fqdn = grains('fqdn')
 fqdn_ipv6 = grains('fqdn_ipv6')
 nodes = pillar('elastic:nodes', {})
-master_nodes = nodes.get('master', {})
+master_nodes = nodes.get('master', [])
 if not 'data' in nodes:
  nodes['data'] = master_nodes
 if not 'ingest' in nodes:
@ -102,7 +107,8 @@ if tls:
        'pemcert_filepath': 'http-cert.pem',
        'pemkey_filepath': 'http-key.pem',
        'pemtrustedcas_filepath': 'http-ca.pem',
-        'clientauth_mode': tls_http.get('clientauth_mode', 'OPTIONAL')
+        'clientauth_mode': tls_http.get('clientauth_mode', 'OPTIONAL'),
+        'enabled_protocols': ["TLSv1.2","TLSv1.3"]
      },
      'transport': {
        'enabled': tls_transport.get('enabled', tls_enabled),
@ -126,7 +132,7 @@ dictupdate.update(config, pillar('elastic:config'))
 File.managed(
  conf_path + 'elasticsearch.yml',
  mode=644, user='root', group='root',
-  contents="# This file is generated by Salt\n" + yaml.dump(config),
+  contents="# This file is generated by Salt\n" + yaml.dump(config, Dumper=NoAliasDumper),
  require=[File(conf_path)])

 File.managed(
@ -144,7 +150,7 @@ File.managed(
  template='jinja', source="salt://elasticsearch/files/elasticsearch.confd.tpl",
  defaults={
    'conf_dir': conf_path, 'log_dir': log_path, 'data_dir': data_dir,
-    'es_java_opts': '', 'l_nofile': l_nofile, 'l_memlock': l_memlock,
+    'es_java_opts': es_java_opts , 'l_nofile': l_nofile, 'l_memlock': l_memlock,
    'max_map_count': max_map_count, 'max_threads': max_threads, 'es_startup_sleep_time': 10})

 if tls:
--- a/sls/filebeat/init.sls
+++ b/sls/filebeat/init.sls
@ -5,6 +5,12 @@ include:
  - .config
  - .service

+/etc/conf.d/filebeat:
+  file.append:
+    - text: "export GODEBUG=x509ignoreCN=0"
+    - require: 
+      - pkg: app-admin/filebeat
+
 extend:
  filebeat:
    service.running:
@ -14,6 +20,7 @@ extend:
        - file: /etc/filebeat/conf.d/
        - file: /etc/filebeat/filebeat.template.json
        - file: /var/lib/filebeat/module/
+        - file: /etc/conf.d/filebeat
        {% for out in output.keys() %}
        {% if out in tls %}
        {% for pemtype in ('cert', 'key', 'ca') %}