Hi !
First of all , thank you for your help.
I don´t understand a puppet behaviour with a elasticsearch puppet module.
It´s probably that my lack of experience wirh puppet is the cause.
- Module version: Elastic Search 6.3.1
- Puppet version: 5.5
- OS and version: CentOS 7.5
I have deployed a elasticsearch 6.3.1 development cluster with 3 nodes via
puppet. It has also been installed a search guard
"search-guard-6:6.3.1-23.0" through puppet. To activate search guard plugin
in dev environment , I have used two scripts included in this plugin,
"install_demo_configuration.sh" and "sgadmin_demo.sh". These scripts, add
certain configurations lines to elasticsearch.yml. Every time puppet agent
request the catalog in these machines ,the elasticsearch.yml is overwritten
according to the configuration of the manifest, and search guard doesn´t
work. This also causes elasticsearch service to stop working. The
elasticsearch manifest that we have used to install elasticsearch and
search guard plugin :
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
include ::java
class profile::elk6::elasticsearch {
$version=hiera('profile::elk6::elasticsearch::version')
$clustername=hiera('profile::elk6::elasticsearch::clustername')
$ismaster=hiera('profile::elk6::elasticsearch::ismaster')
$isdatanode=hiera('profile::elk6::elasticsearch::isdatanode')
$esmasters=hiera('profile::elk6::elasticsearch::esmasters')
$datadir=hiera('profile::elk6::elasticsearch::datadir')
$esheapsize=hiera('profile::elk6::elasticsearch::heapsize')
$config_hash ={ 'ES_HEAP_SIZE' => "$esheapsize", 'MAX_LOCKED_MEMORY' =>
"unlimited" }
class { '::elasticsearch':
version => $version,
status => 'enabled',
manage_repo => true,
datadir => $datadir,
config => {
'cluster.name' => $clustername,
'network.host' => $::ipaddress_eth0,
'node.data' => $isdatanode,
'node.master' => $ismaster,
'discovery.zen.ping.unicast.hosts'=> $esmasters,
'discovery.zen.minimum_master_nodes'=> 2,
'http.port' => 9200,
'http.cors.allow-origin' => "/.*/",
'http.cors.enabled' => true,
'http.cors.allow-headers' => "Authorization, X-Requested-With,
Content-Type, Content-Length",
'http.cors.allow-credentials' => true
# 'bootstrap.unlockall' => 'true'
},
init_defaults => $config_hash,
}
elasticsearch::plugin { 'com.floragunn:search-guard-6:6.3.1-23.0':
instances => 'esmaster',
}
elasticsearch::instance { 'es-01': }
# checks if ES is available on localhost
es_instance_conn_validator { "es$::ipaddress_eth0" :
server => $::ipaddress_eth0,
port => '9200',
}
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
When the elasticsearch.yml is overwritten and search guard causes that
elasticsearch service to stop working , the log shows:
"java.lang.IllegalStateException: failed to load plugin class
[com.floragunn.searchguard.SearchGuardPlugin]"
"Caused by: org.elasticsearch.ElasticsearchException:
searchguard.ssl.transport.keystore_filepath or
searchguard.ssl.transport.pemkey_filepath must be set if transport ssl is
reqested."
¿Is it possible to add the configurations lines for search guard plugin in
the puppet manifest and avoid this behavior? ¿Is there a mistake in my
puppet manifest?
Regards and thanks in advance!
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/02e9dab7-ad17-431a-9fee-56e04788c002%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
