Skip to main content

Salt stack formulas:

By

  1. Add all the configurations in pillar.sls into the target file:


[code]

{%- if salt['pillar.get']('elasticsearch:config') %}
/etc/elasticsearch/elasticsearch.yml:
file.managed:
- source: salt://elasticsearch/files/elasticsearch.yml
- user: root
- template: jinja
- require:
- sls: elasticsearch.pkg
- context:
config: {{ salt['pillar.get']('elasticsearch:config', '{}') }}
{%- endif %}

[/code]

2. Create multiple directories if it does not exists

[code]

{% for dir in (data_dir, log_dir) %}
{% if dir %}
{{ dir }}:
file.directory:
- user: elasticsearch
- group: elasticsearch
- mode: 0700
- makedirs: True
- require_in:
- service: elasticsearch
{% endif %}
{% endfor %}
[/code]

3. Retrieve a value from pillar:

[code]

{% set data_dir = salt['pillar.get']('elasticsearch:config:path.data') %}

[/code]

4. Include a new state in existing state or add a new state:

a. Create/Edit init.sls file

Add the following lines

[code]
include:
- elasticsearch.repo
- elasticsearch.pkg
[/code]

5. Append a iptables rule:

[code]
iptables_elasticsearch_rest_api:
iptables.append:
- table: filter
- chain: INPUT
- jump: ACCEPT
- match:
- state
- tcp
- comment
- comment: "Allow ElasticSearch REST API port"
- connstate: NEW
- dport: 9200
- proto: tcp
- save: True

[/code]
(this appends the rule to the end of the iptables file to insert it before use iptables.insert module)

6. Insert iptables rule:

[code]
iptables_elasticsearch_rest_api:
iptables.insert:
- position: 2
- table: filter
- chain: INPUT
- jump: ACCEPT
- match:
- state
- tcp
- comment
- comment: "Allow ElasticSearch REST API port"
- connstate: NEW
- dport: 9200
- proto: tcp
- save: True
[/code]
7. REplace the variables in pillar.yml with the Jinja template

[code]
/etc/elasticsearch/jvm.options:
file.managed:
- source: salt://elasticsearch/files/jvm.options
- user: root
- group: elasticsearch
- mode: 0660
- template: jinja
- watch_in:
- service: elasticsearch_service
- context:
jvm_opts: {{ salt['pillar.get']('elasticsearch:jvm_opts', '{}') }}
[/code]

Then in elasticsearch/files/jvm.options add:

[code]
{% set heap_size = jvm_opts['heap_size'] %}
-Xms{{ heap_size }}
[/code]

8. Install elasticsearch as the version declared in pillar

[code]
elasticsearch:
#Define the major and minor version for ElasticSearch
version: [5, 5]
[/code]

Then in the pkg.sls you can install the package as follwos:
[code]
include:
- elasticsearch.repo

{% from "elasticsearch/map.jinja" import elasticsearch_map with context %}
{% from "elasticsearch/settings.sls" import elasticsearch with context %}

## Install ElasticSearch pkg with desired version
elasticsearch_pkg:
pkg.installed:
- name: {{ elasticsearch_map.pkg }}
{% if elasticsearch.version %}
- version: {{ elasticsearch.version[0] }}.{{ elasticsearch.version[1] }}*
{% endif %}
- require:
- sls: elasticsearch.repo
- failhard: True

[/code]

failhard: True so that the state apply exits if there is any error in installing elasticsearch.

9. Reload Elasticsearch daemon after change in elasticsearch.service file
[code]
elasticsearch_daemon_reload:
module.run:
- name: service.systemctl_reload
- onchanges:
- file: /usr/lib/systemd/system/elasticsearch.service
[/code]

10. Install the plugins mentioned in pillar
[code]
{% for name, repo in plugins_pillar.items() %}
elasticsearch-{{ name }}:
cmd.run:
- name: /usr/share/elasticsearch/bin/{{ plugin_bin }} install -b {{ repo }}
- require:
- sls: elasticsearch.install
- unless: test -x /usr/share/elasticsearch/plugins/{{ name }}
{% endfor %}
[/code]

11. Enable and auto restart elasticsearch service after file changes.
[code]
elasticsearch_service:
service.running:
- name: elasticsearch
- enable: True
- watch:
- file: /etc/elasticsearch/elasticsearch.yml
- file: /etc/elasticsearch/jvm.options
- file: /usr/lib/systemd/system/elasticsearch.service
- require:
- pkg: elasticsearch
- failhard: True
[/code]

12. Custom Error if no firewall package set
[code]
firewall_error:
test.fail_without_changes:
- name: "Please set firewall package as iptables or firewalld"
- failhard: True
[/code]

13. Install openjdk
[code]
{% set settings = salt['grains.filter_by']({
'Debian': {
'package': 'openjdk-8-jdk',
},
'RedHat': {
'package': 'java-1.8.0-openjdk',
},
}) %}

## Install Openjdk
install_openjdk:
pkg:
- installed
- name: {{ settings.package }}
[/code]

14. Install package firewalld
[code]
firewalld_install:
pkg.installed:
- name: firewalld
[/code]

15. Adding firewall rules
[code]
elasticsearch_firewalld_rules:
firewalld.present:
- name: public
- ports:
- 22/tcp
- 9200/tcp
- 9300/tcp
- onlyif:
- rpm -q firewalld
- require:
- service: firewalld
[/code]

16. Enable and start firewalld service
[code]
firewalld:
service.running:
- enable: True
- reload: True
- require:
- pkg: firewalld_install
[/code]
Labels:

Comments

Post a Comment

Popular posts from this blog

Saltstack and Vault integration

By
First install and configure vault using this tutorial: https://apassionatechie.wordpress.com/2017/03/05/hashicorp-vault/ Use the latest version of vault. Then install salt using the steps given here: https://docs.saltstack.com/en/latest/topics/installation/ If you face any issues then refer these links: https://apassionatechie.wordpress.com/2017/07/31/salt-issues/ https://apassionatechie.wordpress.com/2017/08/03/salt-stack-formulas/ Now let's integrate vault and salt so that we can access vault secrets from inside salt state. First let's add some key values into our vault. vault write secret/ssh/user1 password="abc123" Then you can check it by reading: vault read secret/ssh/user1 To allow salt to access your secrets you must firstly create a policy as follows: salt-policy.hcl [code] path "secret/*" { capabilities = ["read", "list"] } path "auth/*" { capabilities = ["read", "list","sudo",...
2 comments
Read more

Salt stack issues

By
The function “state.apply” is running as PID Restart salt-minion with command:  service salt-minion restart No matching sls found for ‘init’ in env ‘base’ Add top.sls file in the directory where your main sls file is present. Create the file as follows: 1 2 3 base: 'web*' : - apache If the sls is present in a subdirectory elasticsearch/init.sls then write the top.sls as: 1 2 3 base: '*' : - elasticsearch.init How to execute saltstack-formulas create file  /srv/pillar/top.sls  with content: base : ' * ' : - salt create file  /srv/pillar/salt.sls  with content: salt : master : worker_threads : 2 fileserver_backend : - roots - git gitfs_remotes : - git://github.com/saltstack-formulas/epel-formula.git - git://github.com/saltstack-formulas/git-formula.git - git://github.com/saltstack-formulas/nano-formula.git - git://github.com/saltstack-f...
12 comments
Read more

How to grep the output of cURL?

By
curl writes the output to stderr, so redirect that and also suppress the progress: curl - v -- silent https :// google . com / 2 >& 1 | grep expire The reason why  curl  writes the information to stderr is so you can do: curl <url> | someprgram  without that information clobbering the input of  someprogram It is possible to use  --stderr -  as parameter, to redirect the output from stderr (default) to stdout. With this option you also should use  --silent  to suppress the progress bar. $ curl - v -- silent https :// google . com / -- stderr - | grep expire * expire date : 2015 - 09 - 01 00 : 00 : 00 GMT  
Post a Comment
Read more