Page MenuHomeDevCentral
Files F28985469

config.sls
No OneTemporary
Actions

config.sls
View Options

# -------------------------------------------------------------
# Salt — Provision OpenSearch
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# -------------------------------------------------------------
{% set config = salt['opensearch.get_config']() %}
# -------------------------------------------------------------
# OpenSearch
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/opt/opensearch/config/opensearch.yml:
file.managed:
- source: salt://roles/opensearch/opensearch/files/opensearch.conf
- user: opensearch
- group: opensearch
- template: jinja
- context:
config: {{ config }}
# -------------------------------------------------------------
# TLS certificates
#
# This method is based on OpenSearch Ansible playbook to
# generate self-signed certificates for node to node (transport)
# communication, and for the rest API.
#
# The certificates are generated by Search Guard Offline TLS Tool.
#
# This should only run on one node, then provisioned everywhere.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/usr/local/dl/search-guard-tlstool.zip:
file.managed:
- source: https://maven.search-guard.com/search-guard-tlstool/1.8/search-guard-tlstool-1.8.zip
- source_hash: f59f963c7ee28d557849ccde297660a3c593a6bf3531d7852fb9ab8b4fc7597e
/opt/tlstool:
archive.extracted:
- source: /usr/local/dl/search-guard-tlstool.zip
- enforce_toplevel: False
- user: opensearch
- group: opensearch
/opt/tlstool/config/tlsconfig.yml:
file.managed:
- source: salt://roles/opensearch/opensearch/files/tlsconfig.yml.jinja
- template: jinja
- context:
config: {{ config }}
domain_name: {{ grains['domain'] }}
node_full_domain_name: {{ grains['fqdn'] }}
opensearch_generate_certificates:
cmd.run:
- name: /opt/tlstool/tools/sgtlstool.sh -c /opt/tlstool/config/tlsconfig.yml -ca -crt -t /opt/tlstool/config/
- env:
JAVA_HOME: /opt/opensearch/jdk
- creates: /opt/tlstool/config/root-ca.pem
{% for certificate in salt['opensearch.list_certificates']() %}
opensearch_deploy_certificate_{{ certificate }}:
cmd.run:
- name: install --mode=0600 --owner=opensearch {{ certificate }}.pem {{ certificate }}.key /opt/opensearch/config
- cwd: /opt/tlstool/config
- creates: /opt/opensearch/config/{{ certificate }}.pem
{% endfor %}
# -------------------------------------------------------------
# Security plugin
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/opt/opensearch/plugins/opensearch-security/securityconfig/internal_users.yml:
file.managed:
- source: salt://roles/opensearch/opensearch/files/internal_users.yml.jinja
- user: opensearch
- group: opensearch
- template: jinja
- context:
users:
{% for user, credential in config['users'].items() %}
{{ user }}:
username: {{ salt['zr.get_username'](credential) }}
password: {{ salt['zr.get_password'](credential) }}
{% endfor %}
opensearch_security_initialize:
cmd.run:
- name: >
bash /opt/opensearch/plugins/opensearch-security/tools/securityadmin.sh
-cacert /opt/opensearch/config/root-ca.pem
-cert /opt/opensearch/config/admin.pem
-key /opt/opensearch/config/admin.key
-f /opt/opensearch/plugins/opensearch-security/securityconfig/internal_users.yml
-nhnv -icl
-h {{ config['network_host'] }}
touch /opt/opensearch/plugins/opensearch-security/securityconfig/.initialized
- env:
JAVA_HOME: /opt/opensearch/jdk
- creates: /opt/opensearch/plugins/opensearch-security/securityconfig/.initialized

File Metadata

Mime Type
text/plain
Expires
Sun, May 17, 19:06 (1 d, 12 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3709688
Default Alt Text
config.sls (3 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator