- Add all the configurations in pillar.sls into the target file:
{%- if salt['pillar.get']('elasticsearch:config') %} /etc/elasticsearch/elasticsearch.yml: file.managed: - source: salt://elasticsearch/files/elasticsearch.yml - user: root - template: jinja - require: - sls: elasticsearch.pkg - context: config: {{ salt['pillar.get']('elasticsearch:config', '{}') }} {%- endif %}
2. Create multiple directories if it does not exists
{% for dir in (data_dir, log_dir) %} {% if dir %} {{ dir }}: file.directory: - user: elasticsearch - group: elasticsearch - mode: 0700 - makedirs: True - require_in: - service: elasticsearch {% endif %} {% endfor %}
3. Retrieve a value from pillar:
{% set data_dir = salt['pillar.get']('elasticsearch:config:path.data') %}
4. Include a new state in existing state or add a new state:
a. Create/Edit init.sls file
Add the following lines
include: - elasticsearch.repo - elasticsearch.pkg
5. Append a iptables rule:
iptables_elasticsearch_rest_api: iptables.append: - table: filter - chain: INPUT - jump: ACCEPT - match: - state - tcp - comment - comment: "Allow ElasticSearch REST API port" - connstate: NEW - dport: 9200 - proto: tcp - save: True
(this appends the rule to the end of the iptables file to insert it before use iptables.insert module)
6. Insert iptables rule:
iptables_elasticsearch_rest_api: iptables.insert: - position: 2 - table: filter - chain: INPUT - jump: ACCEPT - match: - state - tcp - comment - comment: "Allow ElasticSearch REST API port" - connstate: NEW - dport: 9200 - proto: tcp - save: True
7. REplace the variables in pillar.yml with the Jinja template
/etc/elasticsearch/jvm.options: file.managed: - source: salt://elasticsearch/files/jvm.options - user: root - group: elasticsearch - mode: 0660 - template: jinja - watch_in: - service: elasticsearch_service - context: jvm_opts: {{ salt['pillar.get']('elasticsearch:jvm_opts', '{}') }}
Then in elasticsearch/files/jvm.options add:
{% set heap_size = jvm_opts['heap_size'] %} -Xms{{ heap_size }}
8. Install elasticsearch as the version declared in pillar
elasticsearch: #Define the major and minor version for ElasticSearch version: [5, 5]
Then in the pkg.sls you can install the package as follwos:
include: - elasticsearch.repo {% from "elasticsearch/map.jinja" import elasticsearch_map with context %} {% from "elasticsearch/settings.sls" import elasticsearch with context %} ## Install ElasticSearch pkg with desired version elasticsearch_pkg: pkg.installed: - name: {{ elasticsearch_map.pkg }} {% if elasticsearch.version %} - version: {{ elasticsearch.version[0] }}.{{ elasticsearch.version[1] }}* {% endif %} - require: - sls: elasticsearch.repo - failhard: True
failhard: True so that the state apply exits if there is any error in installing elasticsearch.
9. Reload Elasticsearch daemon after change in elasticsearch.service file
elasticsearch_daemon_reload: module.run: - name: service.systemctl_reload - onchanges: - file: /usr/lib/systemd/system/elasticsearch.service
10. Install the plugins mentioned in pillar
{% for name, repo in plugins_pillar.items() %} elasticsearch-{{ name }}: cmd.run: - name: /usr/share/elasticsearch/bin/{{ plugin_bin }} install -b {{ repo }} - require: - sls: elasticsearch.install - unless: test -x /usr/share/elasticsearch/plugins/{{ name }} {% endfor %}
11. Enable and auto restart elasticsearch service after file changes.
elasticsearch_service: service.running: - name: elasticsearch - enable: True - watch: - file: /etc/elasticsearch/elasticsearch.yml - file: /etc/elasticsearch/jvm.options - file: /usr/lib/systemd/system/elasticsearch.service - require: - pkg: elasticsearch - failhard: True
12. Custom Error if no firewall package set
firewall_error: test.fail_without_changes: - name: "Please set firewall package as iptables or firewalld" - failhard: True
13. Install openjdk
{% set settings = salt['grains.filter_by']({ 'Debian': { 'package': 'openjdk-8-jdk', }, 'RedHat': { 'package': 'java-1.8.0-openjdk', }, }) %} ## Install Openjdk install_openjdk: pkg: - installed - name: {{ settings.package }}
14. Install package firewalld
firewalld_install: pkg.installed: - name: firewalld
15. Adding firewall rules
elasticsearch_firewalld_rules: firewalld.present: - name: public - ports: - 22/tcp - 9200/tcp - 9300/tcp - onlyif: - rpm -q firewalld - require: - service: firewalld
16. Enable and start firewalld service
firewalld: service.running: - enable: True - reload: True - require: - pkg: firewalld_install
One thought on “Salt stack formulas:”