Separate logstash/elasticsearch and verify hash

To allow for reuse of elasticsearch I'm splitting it away from logstash. Also, I'm doing a hash check of the elasticsearch wget for better security. Change-Id: Iff42d538cd941abd50b000879ea4a237ea48d40e
2013-09-23 14:17:17 -07:00 · 2013-09-23 14:17:17 -07:00 · 3870a5a2fa
commit 3870a5a2fa
parent 2925e7c360
6 changed files with 120 additions and 75 deletions
--- a/modules/elasticsearch/files/elasticsearch.default
+++ b/modules/elasticsearch/files/elasticsearch.default
--- a/modules/elasticsearch/files/elasticsearch.mapping.json
+++ b/modules/elasticsearch/files/elasticsearch.mapping.json
--- a/modules/elasticsearch/manifests/init.pp
+++ b/modules/elasticsearch/manifests/init.pp
@ -0,0 +1,116 @@
+# Copyright 2013 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Class to install elasticsearch.
+#
+class elasticsearch (
+  $discover_nodes = ['localhost'],
+  $version = '0.20.5'
+) {
+  # install java runtime
+  package { 'java7-runtime-headless':
+    ensure => present,
+  }
+
+  exec { 'get_elasticsearch_deb':
+    command => "wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-${version}.deb -O /tmp/elasticsearch-${version}.deb",
+    path    => '/bin:/usr/bin',
+    creates => "/tmp/elasticsearch-${version}.deb",
+  }
+
+  exec { 'gen_elasticsearch_deb_sha1':
+    command => "sha1sum elasticsearch-${version}.deb > /tmp/elasticsearch-${version}.deb.sha1.gen",
+    path    => '/bin:/usr/bin',
+    cwd     => '/tmp',
+    creates => "/tmp/elasticsearch-${version}.deb.sha1.gen",
+    require => [
+      Exec['get_elasticsearch_deb'],
+    ]
+  }
+
+  exec { 'get_elasticsearch_deb_sha1':
+    command => "wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-${version}.deb.sha1.txt -O /tmp/elasticsearch-${version}.deb.sha1.txt",
+    path    => '/bin:/usr/bin',
+    creates => "/tmp/elasticsearch-${version}.deb.sha1.txt",
+  }
+
+  exec { 'check_elasticsearch_sha1':
+    command => "diff /tmp/elasticsearch-${version}.deb.sha1.txt /tmp/elasticsearch-${version}.deb.sha1.gen",
+    path    => '/bin:/usr/bin',
+    require => [
+      Exec['gen_elasticsearch_deb_sha1'],
+      Exec['get_elasticsearch_deb_sha1'],
+    ]
+  }
+
+  # install elastic search
+  package { 'elasticsearch':
+    ensure    => latest,
+    source    => "/tmp/elasticsearch-${version}.deb",
+    provider  => 'dpkg',
+    subscribe => Exec['get_elasticsearch_deb'],
+    require   => [
+      Package['java7-runtime-headless'],
+      Exec['check_elasticsearch_sha1'],
+    ]
+  }
+
+  file { '/etc/elasticsearch/elasticsearch.yml':
+    ensure  => present,
+    content => template('elasticsearch/elasticsearch.yml.erb'),
+    replace => true,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    require => Package['elasticsearch'],
+  }
+
+  file { '/etc/elasticsearch/templates':
+    ensure  => directory,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0755',
+    require => Package['elasticsearch'],
+  }
+
+  file { '/etc/elasticsearch/default-mapping.json':
+    ensure  => present,
+    source  => 'puppet:///modules/elasticsearch/elasticsearch.mapping.json',
+    replace => true,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    require => Package['elasticsearch'],
+  }
+
+  file { '/etc/default/elasticsearch':
+    ensure  => present,
+    source  => 'puppet:///modules/elasticsearch/elasticsearch.default',
+    replace => true,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    require => Package['elasticsearch'],
+  }
+
+  service { 'elasticsearch':
+    ensure    => running,
+    require   => [
+      Package['elasticsearch'],
+      File['/etc/elasticsearch/elasticsearch.yml'],
+      File['/etc/elasticsearch/default-mapping.json'],
+      File['/etc/default/elasticsearch'],
+    ],
+  }
+}
--- a/modules/elasticsearch/templates/elasticsearch.yml.erb
+++ b/modules/elasticsearch/templates/elasticsearch.yml.erb
--- a/modules/logstash/manifests/elasticsearch.pp
+++ b/modules/logstash/manifests/elasticsearch.pp
@ -14,50 +14,7 @@
 #
 # Class to install elasticsearch.
 #
-class logstash::elasticsearch (
-  discover_nodes = ['localhost']
-) {
-  # install java runtime
-  package { 'java7-runtime-headless':
-    ensure => present,
-  }
-
-  exec { 'get_elasticsearch_deb':
-    command => 'wget http://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.20.5.deb -O /tmp/elasticsearch-0.20.5.deb',
-    path    => '/bin:/usr/bin',
-    creates => '/tmp/elasticsearch-0.20.5.deb',
-  }
-
-  # install elastic search
-  package { 'elasticsearch':
-    ensure    => latest,
-    source    => '/tmp/elasticsearch-0.20.5.deb',
-    provider  => 'dpkg',
-    subscribe => Exec['get_elasticsearch_deb'],
-    require   => [
-      Package['java7-runtime-headless'],
-      Exec['get_elasticsearch_deb'],
-    ]
-  }
-
-  file { '/etc/elasticsearch/elasticsearch.yml':
-    ensure  => present,
-    content => template('logstash/elasticsearch.yml.erb'),
-    replace => true,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    require => Package['elasticsearch'],
-  }
-
-  file { '/etc/elasticsearch/templates':
-    ensure  => directory,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0755',
-    require => Package['elasticsearch'],
-  }
-
+class logstash::elasticsearch {
  file { '/etc/elasticsearch/templates/logstash_settings.json':
    ensure  => present,
    source  => 'puppet:///modules/logstash/es-logstash-template.json',
@ -67,34 +24,4 @@ class logstash::elasticsearch (
    mode    => '0644',
    require => File['/etc/elasticsearch/templates'],
  }
-
-  file { '/etc/elasticsearch/default-mapping.json':
-    ensure  => present,
-    source  => 'puppet:///modules/logstash/elasticsearch.mapping.json',
-    replace => true,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    require => Package['elasticsearch'],
-  }
-
-  file { '/etc/default/elasticsearch':
-    ensure  => present,
-    source  => 'puppet:///modules/logstash/elasticsearch.default',
-    replace => true,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    require => Package['elasticsearch'],
-  }
-
-  service { 'elasticsearch':
-    ensure    => running,
-    require   => [
-      Package['elasticsearch'],
-      File['/etc/elasticsearch/elasticsearch.yml'],
-      File['/etc/elasticsearch/default-mapping.json'],
-      File['/etc/default/elasticsearch'],
-    ],
-  }
 }
--- a/modules/openstack_project/manifests/elasticsearch.pp
+++ b/modules/openstack_project/manifests/elasticsearch.pp
@ -30,7 +30,9 @@ class openstack_project::elasticsearch (
    sysadmins                 => $sysadmins,
  }

-  class { 'logstash::elasticsearch':
+  class { 'logstash::elasticsearch': }
+
+  class { '::elasticsearch':
    discover_nodes => $discover_nodes,
  }