Separate logstash/elasticsearch and verify hash

To allow for reuse of elasticsearch I'm splitting it away from
logstash. Also, I'm doing a hash check of the elasticsearch wget
for better security.

Change-Id: Iff42d538cd941abd50b000879ea4a237ea48d40e
This commit is contained in:
Ryan Lane
2013-09-23 14:17:17 -07:00
committed by Clark Boylan
parent ee43a33596
commit 0d96e7471a

View File

@@ -14,8 +14,9 @@
#
# Class to install elasticsearch.
#
class logstash::elasticsearch (
discover_nodes = ['localhost']
class elasticsearch (
$discover_nodes = ['localhost'],
$version = '0.20.5'
) {
# install java runtime
package { 'java7-runtime-headless':
@@ -23,26 +24,51 @@ class logstash::elasticsearch (
}
exec { 'get_elasticsearch_deb':
command => 'wget http://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.20.5.deb -O /tmp/elasticsearch-0.20.5.deb',
command => "wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-${version}.deb -O /tmp/elasticsearch-${version}.deb",
path => '/bin:/usr/bin',
creates => '/tmp/elasticsearch-0.20.5.deb',
creates => "/tmp/elasticsearch-${version}.deb",
}
exec { 'gen_elasticsearch_deb_sha1':
command => "sha1sum elasticsearch-${version}.deb > /tmp/elasticsearch-${version}.deb.sha1.gen",
path => '/bin:/usr/bin',
cwd => '/tmp',
creates => "/tmp/elasticsearch-${version}.deb.sha1.gen",
require => [
Exec['get_elasticsearch_deb'],
]
}
exec { 'get_elasticsearch_deb_sha1':
command => "wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-${version}.deb.sha1.txt -O /tmp/elasticsearch-${version}.deb.sha1.txt",
path => '/bin:/usr/bin',
creates => "/tmp/elasticsearch-${version}.deb.sha1.txt",
}
exec { 'check_elasticsearch_sha1':
command => "diff /tmp/elasticsearch-${version}.deb.sha1.txt /tmp/elasticsearch-${version}.deb.sha1.gen",
path => '/bin:/usr/bin',
require => [
Exec['gen_elasticsearch_deb_sha1'],
Exec['get_elasticsearch_deb_sha1'],
]
}
# install elastic search
package { 'elasticsearch':
ensure => latest,
source => '/tmp/elasticsearch-0.20.5.deb',
source => "/tmp/elasticsearch-${version}.deb",
provider => 'dpkg',
subscribe => Exec['get_elasticsearch_deb'],
require => [
Package['java7-runtime-headless'],
Exec['get_elasticsearch_deb'],
Exec['check_elasticsearch_sha1'],
]
}
file { '/etc/elasticsearch/elasticsearch.yml':
ensure => present,
content => template('logstash/elasticsearch.yml.erb'),
content => template('elasticsearch/elasticsearch.yml.erb'),
replace => true,
owner => 'root',
group => 'root',
@@ -58,19 +84,9 @@ class logstash::elasticsearch (
require => Package['elasticsearch'],
}
file { '/etc/elasticsearch/templates/logstash_settings.json':
ensure => present,
source => 'puppet:///modules/logstash/es-logstash-template.json',
replace => true,
owner => 'root',
group => 'root',
mode => '0644',
require => File['/etc/elasticsearch/templates'],
}
file { '/etc/elasticsearch/default-mapping.json':
ensure => present,
source => 'puppet:///modules/logstash/elasticsearch.mapping.json',
source => 'puppet:///modules/elasticsearch/elasticsearch.mapping.json',
replace => true,
owner => 'root',
group => 'root',
@@ -80,7 +96,7 @@ class logstash::elasticsearch (
file { '/etc/default/elasticsearch':
ensure => present,
source => 'puppet:///modules/logstash/elasticsearch.default',
source => 'puppet:///modules/elasticsearch/elasticsearch.default',
replace => true,
owner => 'root',
group => 'root',