Elasticsearch-7.2 with opendistro-security (#33)

2024-11-06 10:25:23 +00:00 · 2019-10-01 15:18:40 +03:00 · 2019-10-01 15:18:40 +03:00 · 9a21c4f4e7
commit 9a21c4f4e7
parent 38069ffc79
6 changed files with 38 additions and 12 deletions
--- a/sls/elasticsearch/config.sls
+++ b/sls/elasticsearch/config.sls
@ -21,7 +21,12 @@ File.directory(

 fqdn = grains('fqdn')
 fqdn_ipv6 = grains('fqdn_ipv6')
-hosts = pillar('elastic:hosts', [])
+nodes = pillar('elastic:nodes', {})
+master_nodes = nodes.get('master', {})
+if not 'data' in nodes:
+  nodes['data'] = master_nodes
+if not 'ingest' in nodes:
+  nodes['ingest'] = nodes['data']

 data_count = pillar('elastic:data-dir-count', False)
 if data_count:
@ -62,15 +67,22 @@ config = {
  'bootstrap': {'memory_lock': True},
  'network': { 'host': '${HOSTNAME}' },
  'http': { 'port': 9200 },
-  'gateway': { 'recover_after_nodes': len(hosts)/2 },
-  'discovery': { 'zen': {
-    'ping': { 'unicast': {}},
-  }},
+  'cluster': {
+    'initial_master_nodes': pillar('elastic:initial_master_nodes', master_nodes) },
+  'discovery': {
+    'seed_hosts': pillar('elastic:seed_hosts', master_nodes) },
+  'gateway': {
+    'expected_master_nodes': len(master_nodes),
+    'expected_data_nodes': len(nodes['data']),
+    'recover_after_time': '5m',
+    'recover_after_master_nodes': len(master_nodes)/2,
+  },
 }

-config['discovery']['zen']['ping']['unicast']['hosts'] = filter(
-  lambda x: x != fqdn and x not in fqdn_ipv6,
-  hosts)
+for node_type in ('master', 'data', 'ingest'):
+  if any(name in nodes[node_type] for name in (fqdn, fqdn_ipv6)):
+    config['node'][node_type] = True
+
 if tls:
  config['opendistro_security'] = {
    'ssl': {
--- a/sls/elasticsearch/init.sls
+++ b/sls/elasticsearch/init.sls
@ -1,6 +1,5 @@
 {% set tls_enabled = salt.pillar.get('elastic:tls:enabled', False) %}
 include:
-  - java.icedtea3
  - elasticsearch.pkg
  - elasticsearch.config

@ -25,7 +24,7 @@ elasticsearch:
  service.running:
    - enable: True
    - watch:
-      - pkg: icedtea3
+      - pkg: openjdk-bin11
      - pkg: app-misc/elasticsearch
      - file: /etc/elasticsearch/elasticsearch.yml
      - file: /etc/elasticsearch/jvm.options
--- a/sls/elasticsearch/pkg.sls
+++ b/sls/elasticsearch/pkg.sls
@ -1,7 +1,7 @@
 {% import 'pkg/common' as pkg %}
 include:
-  - java.icedtea3
  - gentoo.portage.packages  
+  - java.openjdk-bin11-system

 app-misc/elasticsearch:
  pkg.installed:
--- a/sls/java/icedtea3.sls
+++ b/sls/java/icedtea3.sls
@ -1,4 +1,3 @@
-# -*- mode: yaml -*-
 icedtea3:
  pkg.installed:
    - pkgs:
--- a/sls/java/openjdk-bin11-system.sls
+++ b/sls/java/openjdk-bin11-system.sls
@ -0,0 +1,9 @@
+include:
+  - .openjdk-bin11
+
+set-java-system-vm:
+  eselect.set:
+    - target: openjdk-bin-11
+    - action_parameter: system
+    - require:
+      - pkg: openjdk-bin11
--- a/sls/java/openjdk-bin11.sls
+++ b/sls/java/openjdk-bin11.sls
@ -0,0 +1,7 @@
+include:
+  - java.common
+
+openjdk-bin11:
+  pkg.installed:
+    - pkgs:
+      - dev-java/openjdk-bin: "~:11[headless-awt,gentoo-vm,-cups,-webstart,-alsa]"