Skip to main content

Salt stack formulas:

By
  1. Add all the configurations in pillar.sls into the target file:
1
2
3
4
5
6
7
8
9
10
11
{%- if salt['pillar.get']('elasticsearch:config') %}
/etc/elasticsearch/elasticsearch.yml:
  file.managed:
    - source: salt://elasticsearch/files/elasticsearch.yml
    - user: root
    - template: jinja
    - require:
      - sls: elasticsearch.pkg
    - context:
        config: {{ salt['pillar.get']('elasticsearch:config', '{}') }}
{%- endif %}
2. Create multiple directories if it does not exists
1
2
3
4
5
6
7
8
9
10
11
12
{% for dir in (data_dir, log_dir) %}
{% if dir %}
{{ dir }}:
  file.directory:
    - user: elasticsearch
    - group: elasticsearch
    - mode: 0700
    - makedirs: True
    - require_in:
      - service: elasticsearch
{% endif %}
{% endfor %}
3. Retrieve a value from pillar:
1
{% set data_dir = salt['pillar.get']('elasticsearch:config:path.data') %}
4. Include a new state in existing state or add a new state:
a. Create/Edit init.sls file
Add the following lines
1
2
3
include:
  - elasticsearch.repo
  - elasticsearch.pkg
5. Append a iptables rule:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
iptables_elasticsearch_rest_api:
  iptables.append:
    - table: filter
    - chain: INPUT
    - jump: ACCEPT
    - match:
      - state
      - tcp
      - comment
    - comment: "Allow ElasticSearch REST API port"
    - connstate: NEW
    - dport: 9200
    - proto: tcp
    - save: True
(this appends the rule to the end of the iptables file to insert it before use iptables.insert module)
6. Insert iptables rule:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
iptables_elasticsearch_rest_api:
  iptables.insert:
    - position: 2
    - table: filter
    - chain: INPUT
    - jump: ACCEPT
    - match:
      - state
      - tcp
      - comment
    - comment: "Allow ElasticSearch REST API port"
    - connstate: NEW
    - dport: 9200
    - proto: tcp
    - save: True
7. REplace the variables in pillar.yml with the Jinja template
1
2
3
4
5
6
7
8
9
10
11
/etc/elasticsearch/jvm.options:
  file.managed:
    - source: salt://elasticsearch/files/jvm.options
    - user: root
    - group: elasticsearch
    - mode: 0660
    - template: jinja
    - watch_in:
      - service: elasticsearch_service
    - context:
        jvm_opts: {{ salt['pillar.get']('elasticsearch:jvm_opts', '{}') }}
Then in elasticsearch/files/jvm.options add:
1
2
{% set heap_size = jvm_opts['heap_size'] %}
-Xms{{ heap_size }}
8. Install elasticsearch as the version declared in pillar
1
2
3
elasticsearch:
  #Define the major and minor version for ElasticSearch
  version: [5, 5]
Then in the pkg.sls you can install the package as follwos:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
include:
  - elasticsearch.repo
 
{% from "elasticsearch/map.jinja" import elasticsearch_map with context %}
{% from "elasticsearch/settings.sls" import elasticsearch with context %}
 
## Install ElasticSearch pkg with desired version
elasticsearch_pkg:
  pkg.installed:
    - name: {{ elasticsearch_map.pkg }}
    {% if elasticsearch.version %}
    - version: {{ elasticsearch.version[0] }}.{{ elasticsearch.version[1] }}*
    {% endif %}
    - require:
      - sls: elasticsearch.repo
    - failhard: True
failhard: True so that the state apply exits if there is any error in installing elasticsearch.
9. Reload Elasticsearch daemon after change in elasticsearch.service file
1
2
3
4
5
elasticsearch_daemon_reload:
  module.run:
    - name: service.systemctl_reload
    - onchanges:
      - file: /usr/lib/systemd/system/elasticsearch.service
10. Install the plugins mentioned in pillar
1
2
3
4
5
6
7
8
{% for name, repo in plugins_pillar.items() %}
elasticsearch-{{ name }}:
  cmd.run:
    - name: /usr/share/elasticsearch/bin/{{ plugin_bin }} install -b {{ repo }}
    - require:
      - sls: elasticsearch.install
    - unless: test -x /usr/share/elasticsearch/plugins/{{ name }}
{% endfor %}
11. Enable and auto restart elasticsearch service after file changes.
1
2
3
4
5
6
7
8
9
10
11
elasticsearch_service:
  service.running:
    - name: elasticsearch
    - enable: True
    - watch:
      - file: /etc/elasticsearch/elasticsearch.yml
      - file: /etc/elasticsearch/jvm.options
      - file: /usr/lib/systemd/system/elasticsearch.service
    - require:
      - pkg: elasticsearch
    - failhard: True
12. Custom Error if no firewall package set
1
2
3
4
firewall_error:
   test.fail_without_changes:
     - name: "Please set firewall package as iptables or firewalld"
     - failhard: True
13. Install openjdk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
{% set settings = salt['grains.filter_by']({
  'Debian': {
    'package': 'openjdk-8-jdk',
  },
  'RedHat': {
    'package': 'java-1.8.0-openjdk',
  },
}) %}
 
## Install Openjdk
install_openjdk:
  pkg:
    - installed
    - name: {{ settings.package }}
14. Install package firewalld
1
2
3
firewalld_install:
  pkg.installed:
    - name: firewalld
15. Adding firewall rules
1
2
3
4
5
6
7
8
9
10
11
elasticsearch_firewalld_rules:
  firewalld.present:
    - name: public
    - ports:
      - 22/tcp
      - 9200/tcp
      - 9300/tcp
    - onlyif:
      - rpm -q firewalld
    - require:
      - service: firewalld
16. Enable and start firewalld service
1
2
3
4
5
6
firewalld:
  service.running:
    - enable: True
    - reload: True
    - require:
      - pkg: firewalld_install
Labels:

Comments

Post a Comment

Popular posts from this blog

Saltstack and Vault integration

By
First install and configure vault using this tutorial: https://apassionatechie.wordpress.com/2017/03/05/hashicorp-vault/ Use the latest version of vault. Then install salt using the steps given here: https://docs.saltstack.com/en/latest/topics/installation/ If you face any issues then refer these links: https://apassionatechie.wordpress.com/2017/07/31/salt-issues/ https://apassionatechie.wordpress.com/2017/08/03/salt-stack-formulas/ Now let's integrate vault and salt so that we can access vault secrets from inside salt state. First let's add some key values into our vault. vault write secret/ssh/user1 password="abc123" Then you can check it by reading: vault read secret/ssh/user1 To allow salt to access your secrets you must firstly create a policy as follows: salt-policy.hcl [code] path "secret/*" { capabilities = ["read", "list"] } path "auth/*" { capabilities = ["read", "list","sudo",...
2 comments
Read more

Salt stack issues

By
The function “state.apply” is running as PID Restart salt-minion with command:  service salt-minion restart No matching sls found for ‘init’ in env ‘base’ Add top.sls file in the directory where your main sls file is present. Create the file as follows: 1 2 3 base: 'web*' : - apache If the sls is present in a subdirectory elasticsearch/init.sls then write the top.sls as: 1 2 3 base: '*' : - elasticsearch.init How to execute saltstack-formulas create file  /srv/pillar/top.sls  with content: base : ' * ' : - salt create file  /srv/pillar/salt.sls  with content: salt : master : worker_threads : 2 fileserver_backend : - roots - git gitfs_remotes : - git://github.com/saltstack-formulas/epel-formula.git - git://github.com/saltstack-formulas/git-formula.git - git://github.com/saltstack-formulas/nano-formula.git - git://github.com/saltstack-f...
12 comments
Read more

How to grep the output of cURL?

By
curl writes the output to stderr, so redirect that and also suppress the progress: curl - v -- silent https :// google . com / 2 >& 1 | grep expire The reason why  curl  writes the information to stderr is so you can do: curl <url> | someprgram  without that information clobbering the input of  someprogram It is possible to use  --stderr -  as parameter, to redirect the output from stderr (default) to stdout. With this option you also should use  --silent  to suppress the progress bar. $ curl - v -- silent https :// google . com / -- stderr - | grep expire * expire date : 2015 - 09 - 01 00 : 00 : 00 GMT  
Post a Comment
Read more