Page MenuHomeDevCentral
Files F11726102

No OneTemporary
Actions

View Options

diff --git a/_modules/opensearch.py b/_modules/opensearch.py
index d0242bf..94bf144 100644
--- a/_modules/opensearch.py
+++ b/_modules/opensearch.py
@@ -1,105 +1,106 @@
# -*- coding: utf-8 -*-
# -------------------------------------------------------------
# Salt — PaaS OpenSearch execution module
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Description: Functions related to OpenSearch configuration
# License: BSD-2-Clause
# -------------------------------------------------------------
from salt.exceptions import CommandExecutionError, SaltCloudConfigError
def get_config(nodename=None):
"""
A function to get relevant values for OpenSearch configuration.
CLI Example:
salt * opensearch.get_config
"""
if nodename is None:
nodename = __grains__['id']
try:
clusters = __pillar__['opensearch_clusters']
except KeyError:
clusters = []
for _, cluster in clusters.items():
if nodename in cluster['nodes']:
return _expand_cluster_config(nodename, cluster)
raise CommandExecutionError(
SaltCloudConfigError(
"Node {0} not declared in pillar opensearch_clusters.".format(nodename)
)
)
def _expand_cluster_config(nodename, config):
config = dict(config)
nodes = _convert_to_ip(config["nodes"])
config.update({
"nodes": nodes,
"nodes_certificates": _get_nodes_info(config["nodes"]),
"node_name": nodename,
"network_host": _get_ip(nodename),
"lead_nodes": nodes,
+ "dashboards_nodes": nodes,
})
return config
def _convert_to_ip(ids):
return [_get_ip(id) for id in ids]
def _get_ip(nodename):
try:
network = __pillar__['nodes'][nodename]['network']
except KeyError:
raise CommandExecutionError(
SaltCloudConfigError(
"Node {0} not declared in pillar nodes.".format(nodename)
)
)
for field in ['ipv4_address', 'ipv6_address']:
if field in network:
return network[field]
def _get_nodes_info(ids):
return [_get_node_info(id) for id in ids]
def _get_node_info(nodename):
return {
"id": nodename,
"fqdn": __pillar__['nodes'][nodename]['hostname'],
"ip": _get_ip(nodename),
}
def hash_password(clear_password):
command = "/opt/opensearch/plugins/opensearch-security/tools/hash.sh -p '{0}'".format(clear_password)
env = {
"JAVA_HOME": "/opt/opensearch/jdk",
}
return __salt__['cmd.shell'](command, env=env)
def list_certificates(nodename=None):
config = get_config(nodename=None)
certificates = ['admin', 'root-ca']
for node in config["nodes_certificates"]:
certificates.extend([node['id'], node['id'] + '_http'])
return certificates
diff --git a/roles/opensearch/dashboards/config.sls b/roles/opensearch/dashboards/config.sls
new file mode 100644
index 0000000..7d483e7
--- /dev/null
+++ b/roles/opensearch/dashboards/config.sls
@@ -0,0 +1,23 @@
+# -------------------------------------------------------------
+# Salt — Provision OpenSearch
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# -------------------------------------------------------------
+
+{% set config = salt['opensearch.get_config']() %}
+
+# -------------------------------------------------------------
+# OpenSearch
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/opt/opensearch-dashboards/config/opensearch_dashboards.yml:
+ file.managed:
+ - source: salt://roles/opensearch/dashboards/files/opensearch_dashboards.yml
+ - user: opensearch
+ - group: opensearch
+ - mode: 0600
+ - template: jinja
+ - context:
+ config: {{ config }}
+ username: {{ salt['zr.get_username'](config['users']['dashboards']) }}
+ password: {{ salt['zr.get_password'](config['users']['dashboards']) }}
diff --git a/roles/opensearch/dashboards/files/dashboards.service b/roles/opensearch/dashboards/files/dashboards.service
new file mode 100644
index 0000000..74bd738
--- /dev/null
+++ b/roles/opensearch/dashboards/files/dashboards.service
@@ -0,0 +1,33 @@
+[Unit]
+Description=OpenSearch Dashboards
+Documentation=https://opensearch.org/docs/latest/
+After=network.target
+
+[Service]
+RuntimeDirectory=opensearch-dashboards
+PrivateTmp=true
+
+User=opensearch
+Group=opensearch
+
+LimitNOFILE=65536
+LimitMEMLOCK=infinity
+LimitNPROC=4096
+LimitAS=infinity
+LimitFSIZE=infinity
+
+WorkingDirectory=/opt/opensearch
+ExecStart=/opt/opensearch-dashboards/bin/opensearch-dashboards -q
+
+StandardOutput=journal
+StandardError=inherit
+
+# To shutdown: send SIGTERM signal to JVM, success if exit code 143
+TimeoutStopSec=0
+KillSignal=SIGTERM
+KillMode=process
+SendSIGKILL=no
+SuccessExitStatus=143
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/opensearch/dashboards/files/opensearch_dashboards.yml b/roles/opensearch/dashboards/files/opensearch_dashboards.yml
new file mode 100644
index 0000000..506bb76
--- /dev/null
+++ b/roles/opensearch/dashboards/files/opensearch_dashboards.yml
@@ -0,0 +1,24 @@
+server.port: 5601
+server.host: {{ config["network_host"] }}
+opensearch.hosts:
+{% for node in config["dashboards_nodes"] %}
+ - https://{{ node }}:9200
+{% endfor %}
+
+opensearch.ssl.verificationMode: none
+opensearch.username: {{ username }}
+opensearch.password: {{ password }}
+
+opensearch.requestHeadersWhitelist:
+ - authorization
+ - securitytenant
+
+opensearch_security.multitenancy.enabled: True
+opensearch_security.multitenancy.tenants.preferred:
+ - Private
+ - Global
+
+opensearch_security.readonly_mode.roles:
+ - kibana_read_only
+
+opensearch_security.cookie.secure: False
diff --git a/roles/opensearch/init.sls b/roles/opensearch/dashboards/init.sls
similarity index 92%
copy from roles/opensearch/init.sls
copy to roles/opensearch/dashboards/init.sls
index 6025408..a4b3370 100644
--- a/roles/opensearch/init.sls
+++ b/roles/opensearch/dashboards/init.sls
@@ -1,9 +1,10 @@
# -------------------------------------------------------------
# Salt — Provision OpenSearch
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- - .opensearch
+ - .config
+ - .service
diff --git a/roles/opensearch/dashboards/service.sls b/roles/opensearch/dashboards/service.sls
new file mode 100644
index 0000000..39a6efd
--- /dev/null
+++ b/roles/opensearch/dashboards/service.sls
@@ -0,0 +1,31 @@
+# -------------------------------------------------------------
+# Salt — Provision OpenSearch
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# systemd
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% from "map.jinja" import services with context %}
+
+# -------------------------------------------------------------
+# Unit configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if services['manager'] == 'systemd' %}
+
+opensearch_dashboards_unit:
+ file.managed:
+ - name: /etc/systemd/system/dashboards.service
+ - source: salt://roles/opensearch/dashboards/files/dashboards.service
+ - mode: 0644
+ service.running:
+ - name: dashboards
+ - enable: true
+ - watch:
+ - file: opensearch_dashboards_unit
+
+{% endif %}
diff --git a/roles/opensearch/init.sls b/roles/opensearch/init.sls
index 6025408..e1539f9 100644
--- a/roles/opensearch/init.sls
+++ b/roles/opensearch/init.sls
@@ -1,9 +1,10 @@
# -------------------------------------------------------------
# Salt — Provision OpenSearch
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- .opensearch
+ - .dashboards
diff --git a/roles/opensearch/opensearch/files/internal_users.yml.jinja b/roles/opensearch/opensearch/files/internal_users.yml.jinja
index 1139eb5..9af4c9c 100644
--- a/roles/opensearch/opensearch/files/internal_users.yml.jinja
+++ b/roles/opensearch/opensearch/files/internal_users.yml.jinja
@@ -1,38 +1,41 @@
# -------------------------------------------------------------
# OpenSearch configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Source file: roles/opensearch/opensearch/files/internal_users.yml.jinja
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
_meta:
type: "internalusers"
config_version: 2
# -------------------------------------------------------------
# Reserved users to ensure access continuity
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ users['admin']['username'] }}:
hash: {{ salt['opensearch.hash_password'](users['admin']['password']) }}
reserved: true
backend_roles:
- "admin"
description: "Alternative admin user"
# -------------------------------------------------------------
# Dashboards (formerly Kibana)
+#
+# Currently, it seems easier to use harcoded `kibanaserver` name
+# instead of assign a backend role.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ users['dashboards']['username'] }}:
hash: {{ salt['opensearch.hash_password'](users['dashboards']['password']) }}
reserved: true
description: "Dashboards to OpenSearch machine user"

File Metadata

Mime Type
text/x-diff
Expires
Fri, Sep 19, 00:28 (1 d, 1 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2991966
Default Alt Text
(10 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator