Puppet Class: wazuh::elasticsearch

Defined in:
manifests/elasticsearch.pp

Overview

Wazuh App Copyright © 2021 Wazuh Inc. (License GPLv2) Setup for elasticsearch

Parameters:

  • elasticsearch_cluster_name (Any) (defaults to: 'es-wazuh')
  • elasticsearch_node_name (Any) (defaults to: 'es-node-01')
  • elasticsearch_node_master (Any) (defaults to: true)
  • elasticsearch_node_data (Any) (defaults to: true)
  • elasticsearch_node_ingest (Any) (defaults to: true)
  • elasticsearch_node_max_local_storage_nodes (Any) (defaults to: '1')
  • elasticsearch_service (Any) (defaults to: 'elasticsearch')
  • elasticsearch_package (Any) (defaults to: 'elasticsearch')
  • elasticsearch_version (Any) (defaults to: '7.10.2')
  • elasticsearch_user (Any) (defaults to: 'elasticsearch')
  • elasticsearch_group (Any) (defaults to: 'elasticsearch')
  • elasticsearch_ip (Any) (defaults to: 'localhost')
  • elasticsearch_port (Any) (defaults to: '9200')
  • elasticsearch_discovery_option (Any) (defaults to: 'discovery.type: single-node')
  • elasticsearch_cluster_initial_master_nodes (Any) (defaults to: "#cluster.initial_master_nodes: ['es-node-01']")
  • elasticsearch_path_config (Any) (defaults to: '/etc/elasticsearch')
  • elasticsearch_path_eshome (Any) (defaults to: '/usr/share/elasticsearch')
  • elasticsearch_path_data (Any) (defaults to: '/var/lib/elasticsearch')
  • elasticsearch_path_logs (Any) (defaults to: '/var/log/elasticsearch')
  • elasticsearch_limits_file (Any) (defaults to: '/etc/security/limits.conf')
  • jvm_options_memmory (Any) (defaults to: '1g') 


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'manifests/elasticsearch.pp', line 3

class wazuh::elasticsearch (
  # Elasticsearch.yml configuration

  $elasticsearch_cluster_name = 'es-wazuh',
  $elasticsearch_node_name = 'es-node-01',
  $elasticsearch_node_master = true,
  $elasticsearch_node_data = true,
  $elasticsearch_node_ingest = true,
  $elasticsearch_node_max_local_storage_nodes = '1',
  $elasticsearch_service = 'elasticsearch',
  $elasticsearch_package = 'elasticsearch',
  $elasticsearch_version = '7.10.2',

  # user/group elasticsearch processes run as
  $elasticsearch_user = 'elasticsearch',
  $elasticsearch_group = 'elasticsearch',

  $elasticsearch_ip = 'localhost',
  $elasticsearch_port = '9200',
  $elasticsearch_discovery_option = 'discovery.type: single-node',
  $elasticsearch_cluster_initial_master_nodes = "#cluster.initial_master_nodes: ['es-node-01']",

  # elasticsearch paths
  $elasticsearch_path_config = '/etc/elasticsearch',
  $elasticsearch_path_eshome = '/usr/share/elasticsearch',
  $elasticsearch_path_data = '/var/lib/elasticsearch',
  $elasticsearch_path_logs = '/var/log/elasticsearch',

  $elasticsearch_limits_file = '/etc/security/limits.conf',

  # JVM options
  $jvm_options_memmory = '1g',

){

  # install package
  package { 'elasticsearch':
    ensure => $elasticsearch_version,
    name   => $elasticsearch_package,
  }

  file { 'Configure elasticsearch.yml':
    owner   => 'elasticsearch',
    path    => "${$elasticsearch_path_config}/elasticsearch.yml",
    group   => 'elasticsearch',
    mode    => '0644',
    notify  => Service[$elasticsearch_service], ## Restarts the service
    content => template('wazuh/elasticsearch_yml.erb'),
    require => Package[$elasticsearch_package],
  }

  file { 'Configure jvm.options':
    owner   => 'elasticsearch',
    path    => "${$elasticsearch_path_config}/jvm.options",
    group   => 'elasticsearch',
    mode    => '0660',
    notify  => Service[$elasticsearch_service], ## Restarts the service
    content => template('wazuh/jvm_options.erb'),
    require => Package[$elasticsearch_package],
  }

  file { 'Ensure limits file exists':
    ensure => present,
    path   => $elasticsearch_limits_file,
  }

  file_line { 'Ensure nofile limits':
    path    => $elasticsearch_limits_file,
    line    => 'elasticsearch - nofile  65535',
    require => Package[$elasticsearch_package],
  }

  file_line { 'Ensure memlock limits':
    path    => $elasticsearch_limits_file,
    line    => 'elasticsearch - memlock unlimited',
    require => Package[$elasticsearch_package],
  }

  file { [$elasticsearch_path_config, $elasticsearch_path_eshome, $elasticsearch_path_data]:
  recurse => true,
  owner   => $elasticsearch_user,
  group   => $elasticsearch_group,
  require => Package[$elasticsearch_package],
  }

  service { 'elasticsearch':
    ensure  => running,
    enable  => true,
    require => Package[$elasticsearch_package],
  }

}