From a5487bbdcee1a38a64a46bb171bacbd53b2fb728 Mon Sep 17 00:00:00 2001 From: Gavin Williams Date: Wed, 29 Apr 2020 22:38:39 +0100 Subject: [PATCH] Fix private variable usage for '_plugindir' --- manifests/config.pp | 4 +- manifests/init.pp | 4 +- manifests/instance.pp.ignore | 281 +++++++++++++++++++++++++++++++++++ manifests/package.pp | 2 +- manifests/plugin.pp | 4 +- 5 files changed, 288 insertions(+), 7 deletions(-) create mode 100644 manifests/instance.pp.ignore diff --git a/manifests/config.pp b/manifests/config.pp index ee0301729..3c808bdb9 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -48,7 +48,7 @@ group => $elasticsearch::elasticsearch_group, owner => $elasticsearch::elasticsearch_user, mode => '0750'; - $elasticsearch::_plugindir: + $elasticsearch::real_plugindir: ensure => 'directory', group => $elasticsearch::elasticsearch_group, owner => $elasticsearch::elasticsearch_user, @@ -238,7 +238,7 @@ } } elsif ( $elasticsearch::ensure == 'absent' ) { - file { $elasticsearch::_plugindir: + file { $elasticsearch::real_plugindir: ensure => 'absent', force => true, backup => false, diff --git a/manifests/init.pp b/manifests/init.pp index 6c88a23f5..13bbb361e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -449,9 +449,9 @@ # Set the plugin path variable for use later in the module. if $plugindir == undef { - $_plugindir = "${homedir}/plugins" + $real_plugindir = "${homedir}/plugins" } else { - $_plugindir = $plugindir + $real_plugindir = $plugindir } # Should we restart Elasticsearch on config change? diff --git a/manifests/instance.pp.ignore b/manifests/instance.pp.ignore new file mode 100644 index 000000000..8cf3206bd --- /dev/null +++ b/manifests/instance.pp.ignore @@ -0,0 +1,281 @@ +# This define allows you to create or remove an elasticsearch instance +# +# @param ensure +# Controls if the managed resources shall be `present` or `absent`. +# If set to `absent`, the managed software packages will be uninstalled, and +# any traces of the packages will be purged as well as possible, possibly +# including existing configuration files. +# System modifications (if any) will be reverted as well as possible (e.g. +# removal of created users, services, changed log settings, and so on). +# This is a destructive parameter and should be used with care. +# + +# @param config +# Elasticsearch configuration hash. +# +# @param configdir +# Path to directory containing the elasticsearch configuration. +# Use this setting if your packages deviate from the norm (/etc/elasticsearch). +# +# @param configdir_recurselimit +# Dictates how deeply the file copy recursion logic should descend when +# copying files from the `elasticsearch::configdir` to instance `configdir`s. +# +# @param daily_rolling_date_pattern +# File pattern for the file appender log when file_rolling_type is `dailyRollingFile` +# +# @param datadir +# Allows you to set the data directory of Elasticsearch +# +# @param datadir_instance_directories +# Control whether individual directories for instances will be created within +# each instance's data directory. +# + +# @param file_rolling_type +# Configuration for the file appender rotation. It can be `dailyRollingFile` +# or `rollingFile`. The first rotates by name, and the second one by size. +# +# @param init_defaults +# Defaults file content in hash representation. +# +# @param init_defaults_file +# Defaults file as puppet resource. +# +# @param init_template +# Service file as a template +# +# @param jvm_options +# Array of options to set in jvm_options. +# +# @param keystore_password +# Password to encrypt this node's Java keystore. +# +# @param keystore_path +# Custom path to the java keystore file. This parameter is optional. +# +# @param logdir +# Log directory for this instance. +# +# @param logging_config +# Hash representation of information you want in the logging.yml file. +# +# @param logging_file +# Instead of a hash you can supply a puppet:// file source for the logging.yml file +# +# @param logging_level +# Default logging level for Elasticsearch. +# +# @param logging_template +# Use a custom logging template - just supply the reative path, ie +# $module_name/elasticsearch/logging.yml.erb +# +# @param private_key +# Path to the key associated with this node's certificate. +# +# @param purge_secrets +# Whether or not keys present in the keystore will be removed if they are not +# present in the specified secrets hash. +# +# @param rolling_file_max_backup_index +# Max number of logs to store whern file_rolling_type is `rollingFile` +# +# @param rolling_file_max_file_size +# Max log file size when file_rolling_type is `rollingFile` +# +# @param secrets +# Optional configuration hash of key/value pairs to store in the instance's +# Elasticsearch keystore file. If unset, the keystore is left unmanaged. +# +# @param security_plugin +# Which security plugin will be used to manage users, roles, and +# certificates. Inherited from top-level Elasticsearch class. +# +# @param service_flags +# Service flags used for the OpenBSD service configuration, defaults to undef. +# +# @param status +# To define the status of the service. If set to `enabled`, the service will +# be run and will be started at boot time. If set to `disabled`, the service +# is stopped and will not be started at boot time. If set to `running`, the +# service will be run but will not be started at boot time. You may use this +# to start a service on the first Puppet run instead of the system startup. +# If set to `unmanaged`, the service will not be started at boot time and Puppet +# does not care whether the service is running or not. For example, this may +# be useful if a cluster management software is used to decide when to start +# the service plus assuring it is running on the desired node. +# +# @param system_key +# Source for the Shield system key. Valid values are any that are +# supported for the file resource `source` parameter. +# +# @author Richard Pijnenburg +# @author Tyler Langlois +# +define elasticsearch::instance ( + Enum['absent', 'present'] $ensure = $elasticsearch::ensure, + Stdlib::Absolutepath $configdir = "${elasticsearch::configdir}/${name}", + Integer $configdir_recurselimit = $elasticsearch::configdir_recurselimit, + String $daily_rolling_date_pattern = $elasticsearch::daily_rolling_date_pattern, + Optional[Elasticsearch::Multipath] $datadir = undef, + Boolean $datadir_instance_directories = $elasticsearch::datadir_instance_directories, + String $file_rolling_type = $elasticsearch::file_rolling_type, + Hash $init_defaults = {}, + Optional[Stdlib::Absolutepath] $init_defaults_file = undef, + String $init_template = $elasticsearch::init_template, + Array[String] $jvm_options = $elasticsearch::jvm_options, + Optional[String] $keystore_password = undef, + Optional[Stdlib::Absolutepath] $keystore_path = undef, + Stdlib::Absolutepath $logdir = "${elasticsearch::logdir}/${name}", + Hash $logging_config = {}, + Optional[String] $logging_file = undef, + String $logging_level = $elasticsearch::default_logging_level, + Optional[String] $logging_template = undef, + Optional[Stdlib::Absolutepath] $private_key = undef, + Boolean $purge_secrets = $elasticsearch::purge_secrets, + Integer $rolling_file_max_backup_index = $elasticsearch::rolling_file_max_backup_index, + String $rolling_file_max_file_size = $elasticsearch::rolling_file_max_file_size, + Optional[Hash] $secrets = undef, + Optional[Enum['shield', 'x-pack']] $security_plugin = $elasticsearch::security_plugin, + Optional[String] $service_flags = undef, + Elasticsearch::Status $status = $elasticsearch::status, + Optional[String] $system_key = $elasticsearch::system_key, +) { + + File { + owner => $elasticsearch::elasticsearch_user, + group => $elasticsearch::elasticsearch_group, + } + + Exec { + path => [ '/bin', '/usr/bin', '/usr/local/bin' ], + cwd => '/', + } + + # ensure + if ! ($ensure in [ 'present', 'absent' ]) { + fail("\"${ensure}\" is not a valid ensure parameter value") + } + + if ($ensure == 'present') { + + # Configuration hash + if ($config == undef) { + $instance_config = {} + } else { + $instance_config = deep_implode($config) + } + + if(has_key($instance_config, 'node.name')) { + $instance_node_name = {} + } else { + $instance_node_name = { 'node.name' => "${::hostname}-${name}" } + } + + # String or array for data dir(s) + if ($datadir == undef) { + if ($datadir_instance_directories) { + if $elasticsearch::datadir =~ Array { + $instance_datadir = array_suffix($elasticsearch::datadir, "/${name}") + } else { + $instance_datadir = "${elasticsearch::datadir}/${name}" + } + } else { + $instance_datadir = $elasticsearch::datadir + } + } else { + $instance_datadir = $datadir + } + + # build up new config + $instance_conf = merge( + $main_config, + $instance_node_name, + $instance_datadir_config, + { 'path.logs' => $logdir }, + $tls_config, + $instance_config + ) + + # defaults file content + # ensure user did not provide both init_defaults and init_defaults_file + if ((!empty($init_defaults)) and ($init_defaults_file != undef)) { + fail ('Only one of $init_defaults and $init_defaults_file should be defined') + } + + $init_defaults_new = merge( + { 'DATA_DIR' => $elasticsearch::_datadir_default }, + $elasticsearch::init_defaults, + { + 'CONF_DIR' => $configdir, + 'ES_HOME' => $elasticsearch::homedir, + 'ES_JVM_OPTIONS' => "${configdir}/jvm.options", + 'ES_PATH_CONF' => $configdir, + 'LOG_DIR' => $logdir, + }, + $init_defaults + ) + + datacat_fragment { "main_config_${name}": + target => "${configdir}/elasticsearch.yml", + data => $instance_conf, + } + + datacat { "${configdir}/elasticsearch.yml": + template => "${module_name}/etc/elasticsearch/elasticsearch.yml.erb", + notify => $notify_service, + require => Class['elasticsearch::package'], + owner => $elasticsearch::elasticsearch_user, + group => $elasticsearch::elasticsearch_group, + mode => '0440', + } + + if ($elasticsearch::secrets != undef or $secrets != undef) { + if ($elasticsearch::secrets != undef) { + $main_secrets = $elasticsearch::secrets + } else { + $main_secrets = {} + } + + if ($secrets != undef) { + $instance_secrets = $secrets + } else { + $instance_secrets = {} + } + + elasticsearch_keystore { $name : + configdir => $elasticsearch::configdir, + purge => $purge_secrets, + settings => merge($main_secrets, $instance_secrets), + notify => $notify_service, + } + } + + $require_service = Class['elasticsearch::package'] + $before_service = undef + + } else { + + file { $configdir: + ensure => 'absent', + recurse => true, + force => true, + } + + $require_service = undef + $before_service = File[$configdir] + + $init_defaults_new = {} + } + + elasticsearch::service { $name: + ensure => $ensure, + status => $status, + service_flags => $service_flags, + init_defaults => $init_defaults_new, + init_defaults_file => $init_defaults_file, + init_template => $init_template, + require => $require_service, + before => $before_service, + } +} diff --git a/manifests/package.pp b/manifests/package.pp index e41aad857..2b2d4b8c2 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -181,7 +181,7 @@ exec { 'remove_plugin_dir': refreshonly => true, - command => "rm -rf ${elasticsearch::_plugindir}", + command => "rm -rf ${elasticsearch::real_plugindir}", } diff --git a/manifests/plugin.pp b/manifests/plugin.pp index ef96fbb79..767c1d5b9 100644 --- a/manifests/plugin.pp +++ b/manifests/plugin.pp @@ -127,10 +127,10 @@ source => $file_source, url => $url, proxy => $_proxy, - plugin_dir => $elasticsearch::_plugindir, + plugin_dir => $elasticsearch::real_plugindir, plugin_path => $module_dir, } - -> file { "${elasticsearch::_plugindir}/${_module_dir}": + -> file { "${elasticsearch::real_plugindir}/${_module_dir}": ensure => $_file_ensure, mode => 'o+Xr', recurse => true,