Gehel has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/356797 )
Change subject: logstash - curator connects only to localhost
......................................................................
logstash - curator connects only to localhost
Since elasticsearch on the logstash cluster only exposes its API to localhost
curator should only use localhost as well.
Change-Id: I2421dc967087f27f9d312c716021b0194783530d
---
M modules/elasticsearch/manifests/init.pp
M modules/role/manifests/logstash/elasticsearch.pp
2 files changed, 20 insertions(+), 6 deletions(-)
Approvals:
jenkins-bot: Verified
DCausse: Looks good to me, but someone else must approve
Gehel: Looks good to me, approved
diff --git a/modules/elasticsearch/manifests/init.pp
b/modules/elasticsearch/manifests/init.pp
index 4957e1b..1a3e14f 100644
--- a/modules/elasticsearch/manifests/init.pp
+++ b/modules/elasticsearch/manifests/init.pp
@@ -65,6 +65,13 @@
# - $gelf_port: port on which the logs will be sent
# - $gc_log: set to true to activate garbage collection logs
# Default: true
+# - $curator_uses_unicast_hosts: should curator try to connect to hosts
+# configured for unicast discovery or only to localhost. Curator
+# configuration allows to configure multiple hosts instead of just
+# localhost, which make sense for robustness. In some cases, we do not
+# want the API exposed outside of localhost, so using just localhost
+# is useful in those cases.
+# Default: true (use all hosts defined in unicast_hosts)
#
# == Sample usage:
#
@@ -101,6 +108,7 @@
$java_package = 'openjdk-8-jdk',
$version = 5,
$search_shard_count_limit = 1000,
+ $curator_uses_unicast_hosts = true,
) {
# Check arguments
@@ -146,8 +154,13 @@
java_package => $java_package,
}
+ $curator_hosts = $curator_uses_unicast_hosts ? {
+ true => $unicast_hosts,
+ default => [],
+ }
+
class { '::elasticsearch::curator':
- hosts => $unicast_hosts,
+ hosts => $curator_hosts,
}
# Package defaults this to 0750, which is annoying
diff --git a/modules/role/manifests/logstash/elasticsearch.pp
b/modules/role/manifests/logstash/elasticsearch.pp
index fab2b88..a3bcdf1 100644
--- a/modules/role/manifests/logstash/elasticsearch.pp
+++ b/modules/role/manifests/logstash/elasticsearch.pp
@@ -35,11 +35,12 @@
}
class { '::elasticsearch':
- require => [
- Package['elasticsearch/plugins'],
- File['/usr/share/elasticsearch/plugins'],
- ],
- plugins_dir => $plugins_dir,
+ require => [
+ Package['elasticsearch/plugins'],
+ File['/usr/share/elasticsearch/plugins'],
+ ],
+ plugins_dir => $plugins_dir,
+ curator_uses_unicast_hosts => false, # elasticsearch API is only
exposed to localhost
}
$logstash_nodes = hiera('logstash::cluster_hosts')
--
To view, visit https://gerrit.wikimedia.org/r/356797
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I2421dc967087f27f9d312c716021b0194783530d
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Gehel <guillaume.leder...@wikimedia.org>
Gerrit-Reviewer: DCausse <dcau...@wikimedia.org>
Gerrit-Reviewer: Gehel <guillaume.leder...@wikimedia.org>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
