- Add all the configurations in pillar.sls into the target file:
{%- if salt['pillar.get']('elasticsearch:config') %}
/etc/elasticsearch/elasticsearch.yml:
file.managed:
- source: salt://elasticsearch/files/elasticsearch.yml
- user: root
- template: jinja
- require:
- sls: elasticsearch.pkg
- context:
config: {{ salt['pillar.get']('elasticsearch:config', '{}') }}
{%- endif %}
2. Create multiple directories if it does not exists
{% for dir in (data_dir, log_dir) %}
{% if dir %}
{{ dir }}:
file.directory:
- user: elasticsearch
- group: elasticsearch
- mode: 0700
- makedirs: True
- require_in:
- service: elasticsearch
{% endif %}
{% endfor %}
3. Retrieve a value from pillar:
{% set data_dir = salt['pillar.get']('elasticsearch:config:path.data') %}
4. Include a new state in existing state or add a new state:
a. Create/Edit init.sls file
Add the following lines
include: - elasticsearch.repo - elasticsearch.pkg
5. Append a iptables rule:
iptables_elasticsearch_rest_api:
iptables.append:
- table: filter
- chain: INPUT
- jump: ACCEPT
- match:
- state
- tcp
- comment
- comment: "Allow ElasticSearch REST API port"
- connstate: NEW
- dport: 9200
- proto: tcp
- save: True
(this appends the rule to the end of the iptables file to insert it before use iptables.insert module)
6. Insert iptables rule:
iptables_elasticsearch_rest_api:
iptables.insert:
- position: 2
- table: filter
- chain: INPUT
- jump: ACCEPT
- match:
- state
- tcp
- comment
- comment: "Allow ElasticSearch REST API port"
- connstate: NEW
- dport: 9200
- proto: tcp
- save: True
7. REplace the variables in pillar.yml with the Jinja template
/etc/elasticsearch/jvm.options:
file.managed:
- source: salt://elasticsearch/files/jvm.options
- user: root
- group: elasticsearch
- mode: 0660
- template: jinja
- watch_in:
- service: elasticsearch_service
- context:
jvm_opts: {{ salt['pillar.get']('elasticsearch:jvm_opts', '{}') }}
Then in elasticsearch/files/jvm.options add:
{% set heap_size = jvm_opts['heap_size'] %}
-Xms{{ heap_size }}
8. Install elasticsearch as the version declared in pillar
elasticsearch: #Define the major and minor version for ElasticSearch version: [5, 5]
Then in the pkg.sls you can install the package as follwos:
include:
- elasticsearch.repo
{% from "elasticsearch/map.jinja" import elasticsearch_map with context %}
{% from "elasticsearch/settings.sls" import elasticsearch with context %}
## Install ElasticSearch pkg with desired version
elasticsearch_pkg:
pkg.installed:
- name: {{ elasticsearch_map.pkg }}
{% if elasticsearch.version %}
- version: {{ elasticsearch.version[0] }}.{{ elasticsearch.version[1] }}*
{% endif %}
- require:
- sls: elasticsearch.repo
- failhard: True
failhard: True so that the state apply exits if there is any error in installing elasticsearch.
9. Reload Elasticsearch daemon after change in elasticsearch.service file
elasticsearch_daemon_reload:
module.run:
- name: service.systemctl_reload
- onchanges:
- file: /usr/lib/systemd/system/elasticsearch.service
10. Install the plugins mentioned in pillar
{% for name, repo in plugins_pillar.items() %}
elasticsearch-{{ name }}:
cmd.run:
- name: /usr/share/elasticsearch/bin/{{ plugin_bin }} install -b {{ repo }}
- require:
- sls: elasticsearch.install
- unless: test -x /usr/share/elasticsearch/plugins/{{ name }}
{% endfor %}
11. Enable and auto restart elasticsearch service after file changes.
elasticsearch_service:
service.running:
- name: elasticsearch
- enable: True
- watch:
- file: /etc/elasticsearch/elasticsearch.yml
- file: /etc/elasticsearch/jvm.options
- file: /usr/lib/systemd/system/elasticsearch.service
- require:
- pkg: elasticsearch
- failhard: True
12. Custom Error if no firewall package set
firewall_error:
test.fail_without_changes:
- name: "Please set firewall package as iptables or firewalld"
- failhard: True
13. Install openjdk
{% set settings = salt['grains.filter_by']({
'Debian': {
'package': 'openjdk-8-jdk',
},
'RedHat': {
'package': 'java-1.8.0-openjdk',
},
}) %}
## Install Openjdk
install_openjdk:
pkg:
- installed
- name: {{ settings.package }}
14. Install package firewalld
firewalld_install:
pkg.installed:
- name: firewalld
15. Adding firewall rules
elasticsearch_firewalld_rules:
firewalld.present:
- name: public
- ports:
- 22/tcp
- 9200/tcp
- 9300/tcp
- onlyif:
- rpm -q firewalld
- require:
- service: firewalld
16. Enable and start firewalld service
firewalld:
service.running:
- enable: True
- reload: True
- require:
- pkg: firewalld_install
Linux the great 
One thought on “Salt stack formulas:”