From 3870a5a2faaad8c3ff8669a7c0bee0018a26741f Mon Sep 17 00:00:00 2001
From: Ryan Lane <rlane@wikimedia.org>
Date: Mon, 23 Sep 2013 14:17:17 -0700
Subject: [PATCH] Separate logstash/elasticsearch and verify hash

To allow for reuse of elasticsearch I'm splitting it away from
logstash. Also, I'm doing a hash check of the elasticsearch wget
for better security.

Change-Id: Iff42d538cd941abd50b000879ea4a237ea48d40e
---
 .../files/elasticsearch.default               |   0
 .../files/elasticsearch.mapping.json          |   0
 modules/elasticsearch/manifests/init.pp       | 116 ++++++++++++++++++
 .../templates/elasticsearch.yml.erb           |   0
 modules/logstash/manifests/elasticsearch.pp   |  75 +----------
 .../manifests/elasticsearch.pp                |   4 +-
 6 files changed, 120 insertions(+), 75 deletions(-)
 rename modules/{logstash => elasticsearch}/files/elasticsearch.default (100%)
 rename modules/{logstash => elasticsearch}/files/elasticsearch.mapping.json (100%)
 create mode 100644 modules/elasticsearch/manifests/init.pp
 rename modules/{logstash => elasticsearch}/templates/elasticsearch.yml.erb (100%)

diff --git a/modules/logstash/files/elasticsearch.default b/modules/elasticsearch/files/elasticsearch.default
similarity index 100%
rename from modules/logstash/files/elasticsearch.default
rename to modules/elasticsearch/files/elasticsearch.default
diff --git a/modules/logstash/files/elasticsearch.mapping.json b/modules/elasticsearch/files/elasticsearch.mapping.json
similarity index 100%
rename from modules/logstash/files/elasticsearch.mapping.json
rename to modules/elasticsearch/files/elasticsearch.mapping.json
diff --git a/modules/elasticsearch/manifests/init.pp b/modules/elasticsearch/manifests/init.pp
new file mode 100644
index 0000000000..560edc58a0
--- /dev/null
+++ b/modules/elasticsearch/manifests/init.pp
@@ -0,0 +1,116 @@
+# Copyright 2013 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Class to install elasticsearch.
+#
+class elasticsearch (
+  $discover_nodes = ['localhost'],
+  $version = '0.20.5'
+) {
+  # install java runtime
+  package { 'java7-runtime-headless':
+    ensure => present,
+  }
+
+  exec { 'get_elasticsearch_deb':
+    command => "wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-${version}.deb -O /tmp/elasticsearch-${version}.deb",
+    path    => '/bin:/usr/bin',
+    creates => "/tmp/elasticsearch-${version}.deb",
+  }
+
+  exec { 'gen_elasticsearch_deb_sha1':
+    command => "sha1sum elasticsearch-${version}.deb > /tmp/elasticsearch-${version}.deb.sha1.gen",
+    path    => '/bin:/usr/bin',
+    cwd     => '/tmp',
+    creates => "/tmp/elasticsearch-${version}.deb.sha1.gen",
+    require => [
+      Exec['get_elasticsearch_deb'],
+    ]
+  }
+
+  exec { 'get_elasticsearch_deb_sha1':
+    command => "wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-${version}.deb.sha1.txt -O /tmp/elasticsearch-${version}.deb.sha1.txt",
+    path    => '/bin:/usr/bin',
+    creates => "/tmp/elasticsearch-${version}.deb.sha1.txt",
+  }
+
+  exec { 'check_elasticsearch_sha1':
+    command => "diff /tmp/elasticsearch-${version}.deb.sha1.txt /tmp/elasticsearch-${version}.deb.sha1.gen",
+    path    => '/bin:/usr/bin',
+    require => [
+      Exec['gen_elasticsearch_deb_sha1'],
+      Exec['get_elasticsearch_deb_sha1'],
+    ]
+  }
+
+  # install elastic search
+  package { 'elasticsearch':
+    ensure    => latest,
+    source    => "/tmp/elasticsearch-${version}.deb",
+    provider  => 'dpkg',
+    subscribe => Exec['get_elasticsearch_deb'],
+    require   => [
+      Package['java7-runtime-headless'],
+      Exec['check_elasticsearch_sha1'],
+    ]
+  }
+
+  file { '/etc/elasticsearch/elasticsearch.yml':
+    ensure  => present,
+    content => template('elasticsearch/elasticsearch.yml.erb'),
+    replace => true,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    require => Package['elasticsearch'],
+  }
+
+  file { '/etc/elasticsearch/templates':
+    ensure  => directory,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0755',
+    require => Package['elasticsearch'],
+  }
+
+  file { '/etc/elasticsearch/default-mapping.json':
+    ensure  => present,
+    source  => 'puppet:///modules/elasticsearch/elasticsearch.mapping.json',
+    replace => true,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    require => Package['elasticsearch'],
+  }
+
+  file { '/etc/default/elasticsearch':
+    ensure  => present,
+    source  => 'puppet:///modules/elasticsearch/elasticsearch.default',
+    replace => true,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    require => Package['elasticsearch'],
+  }
+
+  service { 'elasticsearch':
+    ensure    => running,
+    require   => [
+      Package['elasticsearch'],
+      File['/etc/elasticsearch/elasticsearch.yml'],
+      File['/etc/elasticsearch/default-mapping.json'],
+      File['/etc/default/elasticsearch'],
+    ],
+  }
+}
diff --git a/modules/logstash/templates/elasticsearch.yml.erb b/modules/elasticsearch/templates/elasticsearch.yml.erb
similarity index 100%
rename from modules/logstash/templates/elasticsearch.yml.erb
rename to modules/elasticsearch/templates/elasticsearch.yml.erb
diff --git a/modules/logstash/manifests/elasticsearch.pp b/modules/logstash/manifests/elasticsearch.pp
index eb4562274e..be958f37d1 100644
--- a/modules/logstash/manifests/elasticsearch.pp
+++ b/modules/logstash/manifests/elasticsearch.pp
@@ -14,50 +14,7 @@
 #
 # Class to install elasticsearch.
 #
-class logstash::elasticsearch (
-  discover_nodes = ['localhost']
-) {
-  # install java runtime
-  package { 'java7-runtime-headless':
-    ensure => present,
-  }
-
-  exec { 'get_elasticsearch_deb':
-    command => 'wget http://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.20.5.deb -O /tmp/elasticsearch-0.20.5.deb',
-    path    => '/bin:/usr/bin',
-    creates => '/tmp/elasticsearch-0.20.5.deb',
-  }
-
-  # install elastic search
-  package { 'elasticsearch':
-    ensure    => latest,
-    source    => '/tmp/elasticsearch-0.20.5.deb',
-    provider  => 'dpkg',
-    subscribe => Exec['get_elasticsearch_deb'],
-    require   => [
-      Package['java7-runtime-headless'],
-      Exec['get_elasticsearch_deb'],
-    ]
-  }
-
-  file { '/etc/elasticsearch/elasticsearch.yml':
-    ensure  => present,
-    content => template('logstash/elasticsearch.yml.erb'),
-    replace => true,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    require => Package['elasticsearch'],
-  }
-
-  file { '/etc/elasticsearch/templates':
-    ensure  => directory,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0755',
-    require => Package['elasticsearch'],
-  }
-
+class logstash::elasticsearch {
   file { '/etc/elasticsearch/templates/logstash_settings.json':
     ensure  => present,
     source  => 'puppet:///modules/logstash/es-logstash-template.json',
@@ -67,34 +24,4 @@ class logstash::elasticsearch (
     mode    => '0644',
     require => File['/etc/elasticsearch/templates'],
   }
-
-  file { '/etc/elasticsearch/default-mapping.json':
-    ensure  => present,
-    source  => 'puppet:///modules/logstash/elasticsearch.mapping.json',
-    replace => true,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    require => Package['elasticsearch'],
-  }
-
-  file { '/etc/default/elasticsearch':
-    ensure  => present,
-    source  => 'puppet:///modules/logstash/elasticsearch.default',
-    replace => true,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    require => Package['elasticsearch'],
-  }
-
-  service { 'elasticsearch':
-    ensure    => running,
-    require   => [
-      Package['elasticsearch'],
-      File['/etc/elasticsearch/elasticsearch.yml'],
-      File['/etc/elasticsearch/default-mapping.json'],
-      File['/etc/default/elasticsearch'],
-    ],
-  }
 }
diff --git a/modules/openstack_project/manifests/elasticsearch.pp b/modules/openstack_project/manifests/elasticsearch.pp
index b6929e4408..24fc4fbf70 100644
--- a/modules/openstack_project/manifests/elasticsearch.pp
+++ b/modules/openstack_project/manifests/elasticsearch.pp
@@ -30,7 +30,9 @@ class openstack_project::elasticsearch (
     sysadmins                 => $sysadmins,
   }
 
-  class { 'logstash::elasticsearch':
+  class { 'logstash::elasticsearch': }
+
+  class { '::elasticsearch':
     discover_nodes => $discover_nodes,
   }