[MediaWiki-commits] [Gerrit] T136996 Including a .policy file to grant permission to send... - change (operations/puppet)

Nicko (Code Review) Sun, 19 Jun 2016 09:06:22 -0700

Nicko has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/295129


Change subject: T136996 Including a .policy file to grant permission to send 
logs to logstash
......................................................................

T136996 Including a .policy file to grant permission to send logs to logstash

Change-Id: I980a818c54b486988987d3d935ce8a649ec440f5
---
M modules/elasticsearch/manifests/init.pp
M modules/elasticsearch/templates/elasticsearch.erb
A modules/elasticsearch/templates/elasticsearch.policy.erb
3 files changed, 13 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/29/295129/1

diff --git a/modules/elasticsearch/manifests/init.pp 
b/modules/elasticsearch/manifests/init.pp
index 44d3306..7ed887f 100644
--- a/modules/elasticsearch/manifests/init.pp
+++ b/modules/elasticsearch/manifests/init.pp
@@ -148,6 +148,14 @@
         mode    => '0444',
         require => Package['elasticsearch'],
     }
+    file { '/etc/elasticsearch/elasticsearch.policy':
+        ensure  => file,
+        owner   => 'root',
+        group   => 'root',
+        content => template("${module_name}/elasticsearch.policy.erb"),
+        mode    => '0444',
+        require => Package['elasticsearch'],
+    }
     file { '/etc/default/elasticsearch':
         ensure  => file,
         owner   => 'root',
@@ -175,6 +183,7 @@
             Package['elasticsearch'],
             File['/etc/elasticsearch/elasticsearch.yml'],
             File['/etc/elasticsearch/logging.yml'],
+            File['/etc/elasticsearch/elasticsearch.policy'],
             File['/etc/default/elasticsearch'],
         ],
     }
diff --git a/modules/elasticsearch/templates/elasticsearch.erb 
b/modules/elasticsearch/templates/elasticsearch.erb
index eaed6c2..8137dc1 100644
--- a/modules/elasticsearch/templates/elasticsearch.erb
+++ b/modules/elasticsearch/templates/elasticsearch.erb
@@ -37,4 +37,4 @@
 # Additional Java OPTS
 # Note: We've seen problems on some jessie hosts when this setting is
 # constructed by consecutive ES_JAVA_OPTS="${ES_JAVA_OPTS} ..." settings
-ES_JAVA_OPTS="-XX:HeapDumpPath=/var/lib/elasticsearch -XX:GCTimeLimit=70 
-XX:GCHeapFreeLimit=10"
+ES_JAVA_OPTS="-XX:HeapDumpPath=/var/lib/elasticsearch -XX:GCTimeLimit=70 
-XX:GCHeapFreeLimit=10 
-Djava.security.policy=file:///etc/elasticsearch/elasticsearch.policy"
diff --git a/modules/elasticsearch/templates/elasticsearch.policy.erb 
b/modules/elasticsearch/templates/elasticsearch.policy.erb
new file mode 100644
index 0000000..6e56a1e
--- /dev/null
+++ b/modules/elasticsearch/templates/elasticsearch.policy.erb
@@ -0,0 +1,3 @@
+grant codeBase "file:/usr/share/elasticsearch/logstash-gelf.jar" {
+  permission java.net.SocketPermission "localhost:0", "listen,resolve";
+};

-- 
To view, visit https://gerrit.wikimedia.org/r/295129
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I980a818c54b486988987d3d935ce8a649ec440f5
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Nicko <nicko.gla...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] T136996 Including a .policy file to grant permission to send... - change (operations/puppet)

Reply via email to