elasticsearch
Version information
This version is compatible with:
- Puppet Enterprise 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- , , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'puppet-elasticsearch', '9.0.0'
Learn more about managing modules with a PuppetfileDocumentation
Elasticsearch Puppet Module
Table of Contents
- Module description - What the module does and why it is useful
- Setup - The basics of getting started with Elasticsearch
- Usage - Configuration options and additional functionality
- Advanced features - Extra information on advanced usage
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
- Support - When you need help with this module
- Transfer Notice
Module description
This module sets up Elasticsearch instances with additional resource for plugins, templates, and more.
This module is actively tested against Elasticsearch 2.x, 5.x, and 6.x.
WARNING: The 7.x major release of this module contains breaking changes!
In order to simplify the management of Elasticsearch moving forward, and add support for both Elasticsearch 6.x and 7.x, support for running multiple instances of Elasticsearch has been removed.
This module also does not currently handle the migration from the instance based configuration to the new single deployment model. Therefore in-place upgrades from version 6.x of this module to 7.x, or migrations from multi-instance to single deployment is not currently supported. We hope to add support for this in a future release.
Therefore please ensure that you test this major release in your environment before using it in production!
Setup
The module manages the following
- Elasticsearch repository files.
- Elasticsearch package.
- Elasticsearch configuration file.
- Elasticsearch service.
- Elasticsearch plugins.
- Elasticsearch snapshot repositories.
- Elasticsearch templates.
- Elasticsearch ingest pipelines.
- Elasticsearch index settings.
- Elasticsearch users, roles, and certificates.
- Elasticsearch licenses.
- Elasticsearch keystores.
Requirements
- The stdlib Puppet library.
- Augeas
- puppetlabs-java_ks for certificate management (optional).
Beginning with Elasticsearch 7.0.0, a Java JDK has been bundled as part of the elasticsearch package. However there still needs to be a version of Java present on the system being managed in order for Puppet to be able to run various utilities. We recommend managing your Java installation with the puppetlabs-java module.
Repository management
When using the repository management, the following module dependencies are required:
- General: Puppet/elastic_stack
- Debian/Ubuntu: Puppetlabs/apt
- openSUSE/SLES: puppet/zypprepo
Beginning with Elasticsearch
Declare the top-level elasticsearch
class (managing repositories) and set up an instance:
include ::java
class { 'elasticsearch': }
Usage
Main class
Most top-level parameters in the elasticsearch
class are set to reasonable defaults.
The following are some parameters that may be useful to override:
Install a specific version
class { 'elasticsearch':
version => '7.9.3'
}
Note: This will only work when using the repository.
Automatically restarting the service (default set to false)
By default, the module will not restart Elasticsearch when the configuration file, package, or plugins change. This can be overridden globally with the following option:
class { 'elasticsearch':
restart_on_change => true
}
Or controlled with the more granular options: restart_config_change
, restart_package_change
, and restart_plugin_change.
Automatic upgrades (default set to false)
class { 'elasticsearch':
autoupgrade => true
}
Removal/Decommissioning
class { 'elasticsearch':
ensure => 'absent'
}
Install everything but disable service(s) afterwards
class { 'elasticsearch':
status => 'disabled'
}
API Settings
Some resources, such as elasticsearch::template
, require communicating with the Elasticsearch REST API.
By default, these API settings are set to:
class { 'elasticsearch':
api_protocol => 'http',
api_host => 'localhost',
api_port => 9200,
api_timeout => 10,
api_basic_auth_username => undef,
api_basic_auth_password => undef,
api_ca_file => undef,
api_ca_path => undef,
validate_tls => true,
}
Each of these can be set at the top-level elasticsearch
class and inherited for each resource or overridden on a per-resource basis.
Dynamically Created Resources
This module supports managing all of its defined types through top-level parameters to better support Hiera and Puppet Enterprise.
For example, to manage an index template directly from the elasticsearch
class:
class { 'elasticsearch':
templates => {
'logstash' => {
'content' => {
'template' => 'logstash-*',
'settings' => {
'number_of_replicas' => 0
}
}
}
}
}
Plugins
This module can help manage a variety of plugins.
Note that module_dir
is where the plugin will install itself to and must match that published by the plugin author; it is not where you would like to install it yourself.
From an official repository
elasticsearch::plugin { 'x-pack': }
From a custom url
elasticsearch::plugin { 'jetty':
url => 'https://oss-es-plugins.s3.amazonaws.com/elasticsearch-jetty/elasticsearch-jetty-1.2.1.zip'
}
Using a proxy
You can also use a proxy if required by setting the proxy_host
and proxy_port
options:
elasticsearch::plugin { 'lmenezes/elasticsearch-kopf',
proxy_host => 'proxy.host.com',
proxy_port => 3128
}
Proxies that require usernames and passwords are similarly supported with the proxy_username
and proxy_password
parameters.
Plugin name formats that are supported include:
elasticsearch/plugin/version
(for official elasticsearch plugins downloaded from download.elastic.co)groupId/artifactId/version
(for community plugins downloaded from maven central or OSS Sonatype)username/repository
(for site plugins downloaded from github master)
Upgrading plugins
When you specify a certain plugin version, you can upgrade that plugin by specifying the new version.
elasticsearch::plugin { 'elasticsearch/elasticsearch-cloud-aws/2.1.1': }
And to upgrade, you would simply change it to
elasticsearch::plugin { 'elasticsearch/elasticsearch-cloud-aws/2.4.1': }
Please note that this does not work when you specify 'latest' as a version number.
ES 6.x and 7.x official plugins
For the Elasticsearch commercial plugins you can refer them to the simple name.
See Plugin installation for more details.
Scripts
Installs scripts to be used by Elasticsearch. These scripts are shared across all defined instances on the same host.
elasticsearch::script { 'myscript':
ensure => 'present',
source => 'puppet:///path/to/my/script.groovy'
}
Script directories can also be recursively managed for large collections of scripts:
elasticsearch::script { 'myscripts_dir':
ensure => 'directory,
source => 'puppet:///path/to/myscripts_dir'
recurse => 'remote',
}
Templates
By default templates use the top-level elasticsearch::api_*
settings to communicate with Elasticsearch.
The following is an example of how to override these settings:
elasticsearch::template { 'templatename':
api_protocol => 'https',
api_host => $::ipaddress,
api_port => 9201,
api_timeout => 60,
api_basic_auth_username => 'admin',
api_basic_auth_password => 'adminpassword',
api_ca_file => '/etc/ssl/certs',
api_ca_path => '/etc/pki/certs',
validate_tls => false,
source => 'puppet:///path/to/template.json',
}
From version 7.8 elasticserch provides a new composable templates functionality, both legacy templates api and new composable templates api are supported using different data types.
Data types & defines
For legacy templates template
is used.
For composable templates component_template
and index_template
are used.
Both types can be used at the same time
Add a new template using a file
This will install and/or replace the template in Elasticsearch:
elasticsearch::template { 'templatename':
source => 'puppet:///path/to/template.json',
}
Add a new template using content
This will install and/or replace the template in Elasticsearch:
elasticsearch::template { 'templatename':
content => {
'template' => "*",
'settings' => {
'number_of_replicas' => 0
}
}
}
Plain JSON strings are also supported.
elasticsearch::template { 'templatename':
content => '{"template":"*","settings":{"number_of_replicas":0}}'
}
Delete a template
elasticsearch::template { 'templatename':
ensure => 'absent'
}
Ingestion Pipelines
Pipelines behave similar to templates in that their contents can be controlled
over the Elasticsearch REST API with a custom Puppet resource.
API parameters follow the same rules as templates (those settings can either be
controlled at the top-level in the elasticsearch
class or set per-resource).
Adding a new pipeline
This will install and/or replace an ingestion pipeline in Elasticsearch (ingestion settings are compared against the present configuration):
elasticsearch::pipeline { 'addfoo':
content => {
'description' => 'Add the foo field',
'processors' => [{
'set' => {
'field' => 'foo',
'value' => 'bar'
}
}]
}
}
Delete a pipeline
elasticsearch::pipeline { 'addfoo':
ensure => 'absent'
}
Index Settings
This module includes basic support for ensuring an index is present or absent with optional index settings. API access settings follow the pattern previously mentioned for templates.
Creating an index
At the time of this writing, only index settings are supported.
Note that some settings (such as number_of_shards
) can only be set at index
creation time.
elasticsearch::index { 'foo':
settings => {
'index' => {
'number_of_replicas' => 0
}
}
}
Delete an index
elasticsearch::index { 'foo':
ensure => 'absent'
}
Snapshot Repositories
By default snapshotrepositories use the top-level `elasticsearch::api*` settings to communicate with Elasticsearch. The following is an example of how to override these settings:
elasticsearch::snapshot_repository { 'backups':
api_protocol => 'https',
api_host => $::ipaddress,
api_port => 9201,
api_timeout => 60,
api_basic_auth_username => 'admin',
api_basic_auth_password => 'adminpassword',
api_ca_file => '/etc/ssl/certs',
api_ca_path => '/etc/pki/certs',
validate_tls => false,
location => '/backups',
}
Delete a snapshot repository
elasticsearch::snapshot_repository { 'backups':
ensure => 'absent',
location => '/backup'
}
SLM (Snapshot Lifecycle Management)
By default SLM use the top-level elasticsearch::api_*
settings to communicate with Elasticsearch.
The following is an example of how to override these settings:
elasticsearch::slm_policy { 'policiyname':
api_protocol => 'https',
api_host => $::ipaddress,
api_port => 9201,
api_timeout => 60,
api_basic_auth_username => 'admin',
api_basic_auth_password => 'adminpassword',
api_ca_file => '/etc/ssl/certs',
api_ca_path => '/etc/pki/certs',
validate_tls => false,
source => 'puppet:///path/to/policy.json',
}
Add a new SLM policy using a file
This will install and/or replace the SLM policy in Elasticsearch:
elasticsearch::slm_policy { 'policyname':
source => 'puppet:///path/to/policy.json',
}
Add a new SLM policy using content
This will install and/or replace ILM policy in Elasticsearch:
elasticsearch::slm_policy { 'policyname':
content => {
name => '<backup-{now/d}>',
schedule => '0 30 1 * * ?',
repository => 'backup',
config => { },
retention => {
expire_after => '60d',
min_count => 2,
max_count => 10
}
}
}
ILM (Index Lifecycle Management)
By default ILM use the top-level elasticsearch::api_*
settings to communicate with Elasticsearch.
The following is an example of how to override these settings:
elasticsearch::ilm_policy { 'policiyname':
api_protocol => 'https',
api_host => $::ipaddress,
api_port => 9201,
api_timeout => 60,
api_basic_auth_username => 'admin',
api_basic_auth_password => 'adminpassword',
api_ca_file => '/etc/ssl/certs',
api_ca_path => '/etc/pki/certs',
validate_tls => false,
source => 'puppet:///path/to/policy.json',
}
Add a new ILM policy using a file
This will install and/or replace the ILM policy in Elasticsearch:
elasticsearch::ilm_policy { 'policyname':
source => 'puppet:///path/to/policy.json',
}
Add a new ILM policy using content
This will install and/or replace ILM policy in Elasticsearch:
elasticsearch::ilm_policy { 'policyname':
content => {
policy => {
phases => {
warm => {
min_age => "7d"
actions => {
forcemerge => {
max_num_segments => 1
}
}
}
}
}
}
}
Delete an ILM policy
This will install and/or replace the ILM policy in Elasticsearch:
elasticsearch::ilm_policy { 'policyname':
ensure => 'absent',
}
Connection Validator
This module offers a way to make sure an instance has been started and is up and running before
doing a next action. This is done via the use of the es_instance_conn_validator
resource.
es_instance_conn_validator { 'myinstance' :
server => 'es.example.com',
port => '9200',
}
A common use would be for example :
class { 'kibana4' :
require => Es_Instance_Conn_Validator['myinstance'],
}
Package installation
There are two different ways of installing Elasticsearch:
Repository
Choosing an Elasticsearch major version
This module uses the elastic/elastic_stack
module to manage package repositories. Because there is a separate repository for each major version of the Elastic stack, selecting which version to configure is necessary to change the default repository value, like this:
class { 'elastic_stack::repo':
version => 6,
}
class { 'elasticsearch':
version => '6.8.12',
}
This module defaults to the upstream package repositories, which as of Elasticsearch 6.3, includes X-Pack. In order to use the purely OSS (open source) package and repository, the appropriate oss
flag must be set on the elastic_stack::repo
and elasticsearch
classes:
class { 'elastic_stack::repo':
oss => true,
}
class { 'elasticsearch':
oss => true,
}
Manual repository management
You may want to manage repositories manually. You can disable automatic repository management like this:
class { 'elasticsearch':
manage_repo => false,
}
Remote package source
When a repository is not available or preferred you can install the packages from a remote source:
http/https/ftp
class { 'elasticsearch':
package_url => 'https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.2.deb',
proxy_url => 'http://proxy.example.com:8080/',
}
Setting proxy_url
to a location will enable download using the provided proxy
server.
This parameter is also used by elasticsearch::plugin
.
Setting the port in the proxy_url
is mandatory.
proxy_url
defaults to undef
(proxy disabled).
puppet://
class { 'elasticsearch':
package_url => 'puppet:///path/to/elasticsearch-1.4.2.deb'
}
Local file
class { 'elasticsearch':
package_url => 'file:/path/to/elasticsearch-1.4.2.deb'
}
JVM Configuration
When configuring Elasticsearch's memory usage, you can modify it by setting jvm_options
:
class { 'elasticsearch':
jvm_options => [
'-Xms4g',
'-Xmx4g'
]
}
Service management
Currently only the basic SysV-style init and Systemd service providers are supported, but other systems could be implemented as necessary (pull requests welcome).
Defaults File
The defaults file (/etc/defaults/elasticsearch
or /etc/sysconfig/elasticsearch
) for the Elasticsearch service can be populated as necessary.
This can either be a static file resource or a simple key value-style hash object, the latter being particularly well-suited to pulling out of a data source such as Hiera.
File source
class { 'elasticsearch':
init_defaults_file => 'puppet:///path/to/defaults'
}
Hash representation
$config_hash = {
'ES_HEAP_SIZE' => '30g',
}
class { 'elasticsearch':
init_defaults => $config_hash
}
Note: init_defaults
hash can be passed to the main class and to the instance.
Advanced features
Security
File-based users, roles, and certificates can be managed by this module.
Note: If you are planning to use these features, it is highly recommended you read the following documentation to understand the caveats and extent of the resources available to you.
Roles
Roles in the file realm can be managed using the elasticsearch::role
type.
For example, to create a role called myrole
, you could use the following resource:
elasticsearch::role { 'myrole':
privileges => {
'cluster' => [ 'monitor' ],
'indices' => [{
'names' => [ '*' ],
'privileges' => [ 'read' ],
}]
}
}
This role would grant users access to cluster monitoring and read access to all indices.
See the Security documentation for your version to determine what privileges
to use and how to format them (the Puppet hash representation will simply be translated into yaml.)
Note: The Puppet provider for elasticsearch_user
has fine-grained control over the roles.yml
file and thus will leave the default roles in-place.
If you would like to explicitly purge the default roles (leaving only roles managed by puppet), you can do so by including the following in your manifest:
resources { 'elasticsearch_role':
purge => true,
}
Mappings
Associating mappings with a role for file-based management is done by passing an array of strings to the mappings
parameter of the elasticsearch::role
type.
For example, to define a role with mappings:
elasticsearch::role { 'logstash':
mappings => [
'cn=group,ou=devteam',
],
privileges => {
'cluster' => 'manage_index_templates',
'indices' => [{
'names' => ['logstash-*'],
'privileges' => [
'write',
'delete',
'create_index',
],
}],
},
}
If you'd like to keep the mappings file purged of entries not under Puppet's control, you should use the following resources
declaration because mappings are a separate low-level type:
resources { 'elasticsearch_role_mapping':
purge => true,
}
Users
Users can be managed using the elasticsearch::user
type.
For example, to create a user mysuser
with membership in myrole
:
elasticsearch::user { 'myuser':
password => 'mypassword',
roles => ['myrole'],
}
The password
parameter will also accept password hashes generated from the esusers
/users
utility and ensure the password is kept in-sync with the Shield users
file for all Elasticsearch instances.
elasticsearch::user { 'myuser':
password => '$2a$10$IZMnq6DF4DtQ9c4sVovgDubCbdeH62XncmcyD1sZ4WClzFuAdqspy',
roles => ['myrole'],
}
Note: When using the esusers
/users
provider (the default for plaintext passwords), Puppet has no way to determine whether the given password is in-sync with the password hashed by Elasticsearch.
In order to work around this, the elasticsearch::user
resource has been designed to accept refresh events in order to update password values.
This is not ideal, but allows you to instruct the resource to change the password when needed.
For example, to update the aforementioned user's password, you could include the following your manifest:
notify { 'update password': } ~>
elasticsearch::user { 'myuser':
password => 'mynewpassword',
roles => ['myrole'],
}
Certificates
SSL/TLS can be enabled by providing the appropriate class params with paths to the certificate and private key files, and a password for the keystore.
class { 'elasticsearch' :
ssl => true,
ca_certificate => '/path/to/ca.pem',
certificate => '/path/to/cert.pem',
private_key => '/path/to/key.pem',
keystore_password => 'keystorepassword',
}
Note: Setting up a proper CA and certificate infrastructure is outside the scope of this documentation, see the aforementioned security guide for more information regarding the generation of these certificate files.
The module will set up a keystore file for the node to use and set the relevant options in elasticsearch.yml
to enable TLS/SSL using the certificates and key provided.
System Keys
System keys can be passed to the module, where they will be placed into individual instance configuration directories.
This can be set at the elasticsearch
class and inherited across all instances:
class { 'elasticsearch':
system_key => 'puppet:///path/to/key',
}
Licensing
If you use the aforementioned security features, you may need to install a user license to leverage particular features outside of a trial license.
This module can handle installation of licenses without the need to write custom exec
or curl
code to install license data.
You may instruct the module to install a license through the elasticsearch::license
parameter:
class { 'elasticsearch':
license => $license,
}
The license
parameter will accept either a Puppet hash representation of the license file json or a plain json string that will be parsed into a native Puppet hash.
Although dependencies are automatically created to ensure that the Elasticsearch service is listening and ready before API calls are made, you may need to set the appropriate api_*
parameters to ensure that the module can interact with the Elasticsearch API over the appropriate port, protocol, and with sufficient user rights to install the license.
The native provider for licenses will not print license signatures as part of Puppet's changelog to ensure that sensitive values are not included in console output or Puppet reports.
Any fields present in the license
parameter that differ from the license installed in a cluster will trigger a flush of the resource and new POST
to the Elasticsearch API with the license content, though the sensitive signature
field is not compared as it is not returned from the Elasticsearch licensing APIs.
Data directories
There are several different ways of setting data directories for Elasticsearch.
In every case the required configuration options are placed in the elasticsearch.yml
file.
Default
By default we use:
/var/lib/elasticsearch
Which mirrors the upstream defaults.
Single global data directory
It is possible to override the default data directory by specifying the datadir
param:
class { 'elasticsearch':
datadir => '/var/lib/elasticsearch-data'
}
Multiple Global data directories
It's also possible to specify multiple data directories using the datadir
param:
class { 'elasticsearch':
datadir => [ '/var/lib/es-data1', '/var/lib/es-data2']
}
See the Elasticsearch documentation for additional information regarding this configuration.
Elasticsearch configuration
The config
option can be used to provide additional configuration options to Elasticsearch.
Configuration writeup
The config
hash can be written in 2 different ways:
Full hash writeup
Instead of writing the full hash representation:
class { 'elasticsearch':
config => {
'cluster' => {
'name' => 'ClusterName',
'routing' => {
'allocation' => {
'awareness' => {
'attributes' => 'rack'
}
}
}
}
}
}
Short hash writeup
class { 'elasticsearch':
config => {
'cluster' => {
'name' => 'ClusterName',
'routing.allocation.awareness.attributes' => 'rack'
}
}
}
Keystore Settings
Recent versions of Elasticsearch include the elasticsearch-keystore utility to create and manage the elasticsearch.keystore
file which can store sensitive values for certain settings.
The settings and values for this file can be controlled by this module.
Settings follow the behavior of the config
parameter for the top-level Elasticsearch class and elasticsearch::instance
defined types.
That is, you may define keystore settings globally, and all values will be merged with instance-specific settings for final inclusion in the elasticsearch.keystore
file.
Note that each hash key is passed to the elasticsearch-keystore
utility in a straightforward manner, so you should specify the hash passed to secrets
in flattened form (that is, without full nested hash representation).
For example, to define cloud plugin credentials for all instances:
class { 'elasticsearch':
secrets => {
'cloud.aws.access_key' => 'AKIA....',
'cloud.aws.secret_key' => 'AKIA....',
}
}
Purging Secrets
By default, if a secret setting exists on-disk that is not present in the secrets
hash, this module will leave it intact.
If you prefer to keep only secrets in the keystore that are specified in the secrets
hash, use the purge_secrets
boolean parameter either on the elasticsearch
class to set it globally or per-instance.
Notifying Services
Any changes to keystore secrets will notify running elasticsearch services by respecting the restart_on_change
and restart_config_change
parameters.
Reference
Class parameters are available in the auto-generated documentation pages. Autogenerated documentation for types, providers, and ruby helpers is also available on the same documentation site.
Limitations
This module is built upon and tested against the versions of Puppet listed in the metadata.json file (i.e. the listed compatible versions on the Puppet Forge).
The module has been tested on:
- Amazon Linux 1/2
- Debian 8/9/10
- CentOS 7/8
- OracleLinux 7/8
- Ubuntu 16.04, 18.04, 20.04
- SLES 12
Testing on other platforms has been light and cannot be guaranteed.
Development
Please see the CONTRIBUTING.md file for instructions regarding development environments and testing.
Support
The Puppet Elasticsearch module is community supported and not officially supported by Elastic Support.
Transfer Notice
This module was originally authored by Elastic. The maintainer preferred that Vox Pupuli take ownership of the module for future improvement and maintenance. Existing pull requests and issues were transferred over, please fork and continue to contribute here instead of Elastic.
Reference
Table of Contents
Classes
elasticsearch
: Manages the installation of Elasticsearch and related options.elasticsearch::config
: This class exists to coordinate all configuration related actions, functionality and logical units in a central place. It is not intended toelasticsearch::license
: A defined type to control Elasticsearch licenses.elasticsearch::package
: This class exists to coordinate all software package management related actions, functionality and logical units in a central place. It is nelasticsearch::service
: This class exists to coordinate all service management related actions, functionality and logical units in a central place. Note: "service
Defined types
elasticsearch::component_template
: This define allows you to insert, update or delete Elasticsearch component templates. Template content should be defined through either thelasticsearch::ilm_policy
: This define allows you to insert, update or delete Elasticsearch ILM policies. Policy content should be defined through either the `contenelasticsearch::index
: A defined type to control Elasticsearch index-level settings.elasticsearch::index_template
: This define allows you to insert, update or delete Elasticsearch index templates (using new composable api). Template content should be deelasticsearch::pipeline
: This define allows you to insert, update or delete Elasticsearch index ingestion pipelines. Pipeline content should be defined through theelasticsearch::plugin
: This define allows you to install arbitrary Elasticsearch plugins either by using the default repositories or by specifying an URLelasticsearch::role
: Manage x-pack roles.elasticsearch::script
: This define allows you to insert, update or delete scripts that are used within Elasticsearch.elasticsearch::slm_policy
: This define allows you to insert, update or delete Elasticsearch SLM policies. Policy content should be defined through either the `contenelasticsearch::snapshot_repository
: This define allows you to insert, update or delete Elasticsearch snapshot repositories.elasticsearch::template
: This define allows you to insert, update or delete Elasticsearch index templates. Template content should be defined through either the `celasticsearch::user
: Manages x-pack users.
Resource types
elasticsearch_component_template
: Manages Elasticsearch component templates.elasticsearch_ilm_policy
: Manages Elasticsearch ILM policies.elasticsearch_index
: Manages Elasticsearch index settings.elasticsearch_index_template
: Manages Elasticsearch index templates.elasticsearch_keystore
: Manages an Elasticsearch keystore settings file.elasticsearch_license
: Manages Elasticsearch licenses.elasticsearch_pipeline
: Manages Elasticsearch ingest pipelines.elasticsearch_plugin
: Plugin installation typeelasticsearch_role
: Type to model Elasticsearch roles.elasticsearch_role_mapping
: Type to model Elasticsearch role mappings.elasticsearch_slm_policy
: Manages Elasticsearch SLM policies.elasticsearch_snapshot_repository
: Manages Elasticsearch snapshot repositories.elasticsearch_template
: Manages Elasticsearch index templates.elasticsearch_user
: Type to model Elasticsearch users.elasticsearch_user_file
: Type to model Elasticsearch users.elasticsearch_user_roles
: Type to model Elasticsearch user roles.es_instance_conn_validator
: Verify that a connection can be successfully established between a node and Elasticsearch. It could potentially be used for other purposes su
Functions
array_suffix
: This function applies a suffix to all elements in an array. Examples: array_suffix(['a','b','c'], 'p') Will return: ['ap','bp','cp']concat_merge
: Merges two or more hashes together concatenating duplicate keys with array values and returns the resulting hash. For example: $hash1 =deep_implode
: Recursively flattens all keys of a hash into a dot-notated hash, deeply merging duplicate key values by natively combining them and returns tes_plugin_name
: Given a string, return the best guess at what the directory name will be for the given plugin. Any arguments past the first will be fallbacksplugin_dir
: Extracts the end plugin directory of the name
Data types
Classes
elasticsearch
Top-level Elasticsearch class which may manage installation of the Elasticsearch package, package repository, and other global options and parameters.
Examples
install Elasticsearch
class { 'elasticsearch': }
removal and decommissioning
class { 'elasticsearch':
ensure => 'absent',
}
install everything but disable service(s) afterwards
class { 'elasticsearch':
status => 'disabled',
}
Parameters
The following parameters are available in the elasticsearch
class:
ensure
api_basic_auth_password
api_basic_auth_username
api_ca_file
api_ca_path
api_host
api_port
api_protocol
api_timeout
autoupgrade
ca_certificate
certificate
config
configdir
configdir_recurselimit
daily_rolling_date_pattern
datadir
default_logging_level
defaults_location
deprecation_logging
deprecation_logging_level
download_tool
download_tool_insecure
download_tool_verify_certificates
elasticsearch_group
elasticsearch_user
file_rolling_type
homedir
indices
init_defaults
init_defaults_file
init_template
jvm_options
keystore_password
keystore_path
license
logdir
logdir_mode
logging_config
logging_file
logging_level
logging_template
manage_datadir
manage_logdir
manage_repo
oss
package_dir
package_dl_timeout
package_name
package_provider
package_url
pid_dir
pipelines
plugindir
plugins
private_key
private_key_type
proxy_url
purge_configdir
purge_package_dir
purge_secrets
repo_stage
restart_on_change
restart_config_change
restart_package_change
restart_plugin_change
roles
rolling_file_max_backup_index
rolling_file_max_file_size
scripts
secrets
security_logging_content
security_logging_source
service_name
service_provider
slm_policies
snapshot_repositories
ssl
status
system_key
systemd_service_path
templates
index_templates
component_templates
ilm_policies
users
validate_tls
version
ensure
Data type: Enum['absent', 'present']
Controls if the managed resources shall be present
or absent
.
If set to absent
, the managed software packages will be uninstalled, and
any traces of the packages will be purged as well as possible, possibly
including existing configuration files.
System modifications (if any) will be reverted as well as possible (e.g.
removal of created users, services, changed log settings, and so on).
This is a destructive parameter and should be used with care.
api_basic_auth_password
Data type: Optional[String]
Defines the default REST basic auth password for API authentication.
api_basic_auth_username
Data type: Optional[String]
Defines the default REST basic auth username for API authentication.
api_ca_file
Data type: Optional[String]
Path to a CA file which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
api_ca_path
Data type: Optional[String]
Path to a directory with CA files which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
api_host
Data type: String
Default host to use when accessing Elasticsearch APIs.
api_port
Data type: Integer[0, 65535]
Default port to use when accessing Elasticsearch APIs.
api_protocol
Data type: Enum['http', 'https']
Default protocol to use when accessing Elasticsearch APIs.
api_timeout
Data type: Integer
Default timeout (in seconds) to use when accessing Elasticsearch APIs.
autoupgrade
Data type: Boolean
If set to true
, any managed package will be upgraded on each Puppet run
when the package provider is able to find a newer version than the present
one. The exact behavior is provider dependent (see
{package, "upgradeable"}[http://j.mp/xbxmNP] in the Puppet documentation).
ca_certificate
Data type: Optional[Stdlib::Absolutepath]
Path to the trusted CA certificate to add to this node's Java keystore.
Default value: undef
certificate
Data type: Optional[Stdlib::Absolutepath]
Path to the certificate for this node signed by the CA listed in ca_certificate.
Default value: undef
config
Data type: Hash
Elasticsearch configuration hash.
configdir
Data type: Stdlib::Absolutepath
Directory containing the elasticsearch configuration.
Use this setting if your packages deviate from the norm (/etc/elasticsearch
)
configdir_recurselimit
Data type: Integer
Dictates how deeply the file copy recursion logic should descend when
copying files from the configdir
to instance configdir
s.
daily_rolling_date_pattern
Data type: String
File pattern for the file appender log when file_rolling_type is 'dailyRollingFile'.
datadir
Data type: Elasticsearch::Multipath
Allows you to set the data directory of Elasticsearch.
default_logging_level
Data type: String
Default logging level for Elasticsearch.
Default value: $logging_level
defaults_location
Data type: Optional[Stdlib::Absolutepath]
Absolute path to directory containing init defaults file.
deprecation_logging
Data type: Boolean
Whether to enable deprecation logging. If enabled, deprecation logs will be saved to ${cluster.name}_deprecation.log in the Elasticsearch log folder.
deprecation_logging_level
Data type: String
Default deprecation logging level for Elasticsearch.
download_tool
Data type: Optional[String]
Command-line invocation with which to retrieve an optional package_url.
download_tool_insecure
Data type: Optional[String]
Command-line invocation with which to retrieve an optional package_url when certificate verification should be ignored.
download_tool_verify_certificates
Data type: Boolean
Whether or not to verify SSL/TLS certificates when retrieving package files using a download tool instead of a package management provider.
elasticsearch_group
Data type: String
The group Elasticsearch should run as. This also sets file group permissions.
elasticsearch_user
Data type: String
The user Elasticsearch should run as. This also sets file ownership.
file_rolling_type
Data type: Enum['dailyRollingFile', 'rollingFile', 'file']
Configuration for the file appender rotation. It can be 'dailyRollingFile', 'rollingFile' or 'file'. The first rotates by name, the second one by size or third don't rotate automatically.
homedir
Data type: Stdlib::Absolutepath
Directory where the elasticsearch installation's files are kept (plugins, etc.)
indices
Data type: Hash
Define indices via a hash. This is mainly used with Hiera's auto binding.
init_defaults
Data type: Hash
Defaults file content in hash representation.
init_defaults_file
Data type: Optional[String]
Defaults file as puppet resource.
init_template
Data type: String
Service file as a template.
jvm_options
Data type: Array[String]
Array of options to set in jvm_options.
keystore_password
Data type: Optional[String]
Password to encrypt this node's Java keystore.
Default value: undef
keystore_path
Data type: Optional[Stdlib::Absolutepath]
Custom path to the Java keystore file. This parameter is optional.
Default value: undef
license
Data type: Optional[Variant[String, Hash]]
Optional Elasticsearch license in hash or string form.
logdir
Data type: Stdlib::Absolutepath
Directory that will be used for Elasticsearch logging.
logdir_mode
Data type: Stdlib::Filemode
Mode directory that will be used for Elasticsearch logging (default 2750).
Default value: '2750'
logging_config
Data type: Hash
Representation of information to be included in the log4j.properties file.
logging_file
Data type: Optional[String]
Instead of a hash, you may supply a puppet://
file source for the
log4j.properties file.
logging_level
Data type: String
Default logging level for Elasticsearch.
logging_template
Data type: Optional[String]
Use a custom logging template - just supply the relative path, i.e.
$module/elasticsearch/logging.yml.erb
manage_datadir
Data type: Boolean
Enable datadir management (default true).
manage_logdir
Data type: Boolean
Enable logdir management (default true).
manage_repo
Data type: Boolean
Enable repo management by enabling official Elastic repositories.
oss
Data type: Boolean
Whether to use the purely open source Elasticsearch package distribution.
package_dir
Data type: Stdlib::Absolutepath
Directory where packages are downloaded to.
package_dl_timeout
Data type: Integer
For http, https, and ftp downloads, you may set how long the exec resource may take.
package_name
Data type: String
Name Of the package to install.
package_provider
Data type: Enum['package']
Method to install the packages, currently only package
is supported.
package_url
Data type: Optional[String]
URL of the package to download.
This can be an http, https, or ftp resource for remote packages, or a
puppet://
resource or file:/
for local packages
pid_dir
Data type: Optional[Stdlib::Absolutepath]
Directory where the elasticsearch process should write out its PID.
pipelines
Data type: Hash
Define pipelines via a hash. This is mainly used with Hiera's auto binding.
plugindir
Data type: Optional[Stdlib::Absolutepath]
Directory containing elasticsearch plugins. Use this setting if your packages deviate from the norm (/usr/share/elasticsearch/plugins)
plugins
Data type: Hash
Define plugins via a hash. This is mainly used with Hiera's auto binding.
private_key
Data type: Optional[Stdlib::Absolutepath]
Path to the key associated with this node's certificate.
Default value: undef
private_key_type
Data type: Enum['rsa','dsa','ec']
The type of the private key. Usually the private key is of type RSA key but it can also be an Elliptic Curve key (EC) or DSA.
Default value: 'rsa'
proxy_url
Data type: Optional[Stdlib::HTTPUrl]
For http and https downloads, you may set a proxy server to use. By default,
no proxy is used.
Format: proto://[user:pass@]server[:port]/
purge_configdir
Data type: Boolean
Purge the config directory of any unmanaged files.
purge_package_dir
Data type: Boolean
Purge package directory on removal
purge_secrets
Data type: Boolean
Whether or not keys present in the keystore will be removed if they are not present in the specified secrets hash.
repo_stage
Data type: Variant[Boolean, String]
Use stdlib stage setup for managing the repo instead of relationship ordering.
restart_on_change
Data type: Boolean
Determines if the application should be automatically restarted
whenever the configuration, package, or plugins change. Enabling this
setting will cause Elasticsearch to restart whenever there is cause to
re-read configuration files, load new plugins, or start the service using an
updated/changed executable. This may be undesireable in highly available
environments. If all other restart* parameters are left unset, the value of
restart_on_change
is used for all other restart*_change defaults.
restart_config_change
Data type: Boolean
Determines if the application should be automatically restarted whenever the configuration changes. This includes the Elasticsearch configuration file, any service files, and defaults files. Disabling automatic restarts on config changes may be desired in an environment where you need to ensure restarts occur in a controlled/rolling manner rather than during a Puppet run.
Default value: $restart_on_change
restart_package_change
Data type: Boolean
Determines if the application should be automatically restarted whenever the package (or package version) for Elasticsearch changes. Disabling automatic restarts on package changes may be desired in an environment where you need to ensure restarts occur in a controlled/rolling manner rather than during a Puppet run.
Default value: $restart_on_change
restart_plugin_change
Data type: Boolean
Determines if the application should be automatically restarted whenever plugins are installed or removed. Disabling automatic restarts on plugin changes may be desired in an environment where you need to ensure restarts occur in a controlled/rolling manner rather than during a Puppet run.
Default value: $restart_on_change
roles
Data type: Hash
Define roles via a hash. This is mainly used with Hiera's auto binding.
rolling_file_max_backup_index
Data type: Integer
Max number of logs to store whern file_rolling_type is 'rollingFile'
rolling_file_max_file_size
Data type: String
Max log file size when file_rolling_type is 'rollingFile'
scripts
Data type: Hash
Define scripts via a hash. This is mainly used with Hiera's auto binding.
secrets
Data type: Optional[Hash]
Optional default configuration hash of key/value pairs to store in the Elasticsearch keystore file. If unset, the keystore is left unmanaged.
security_logging_content
Data type: Optional[String]
File content for x-pack logging configuration file (will be placed into log4j2.properties file).
security_logging_source
Data type: Optional[String]
File source for x-pack logging configuration file (will be placed into log4j2.properties).
service_name
Data type: String
Elasticsearch service name
service_provider
Data type: Enum['init', 'openbsd', 'openrc', 'systemd']
The service resource type provider to use when managing elasticsearch instances.
slm_policies
Data type: Hash
Define slm_policies via a hash. This is mainly used with Hiera's auto binding.
Default value: {}
snapshot_repositories
Data type: Hash
Define snapshot repositories via a hash. This is mainly used with Hiera's auto binding.
ssl
Data type: Boolean
Whether to manage TLS certificates. Requires the ca_certificate, certificate, private_key and keystore_password parameters to be set.
status
Data type: Elasticsearch::Status
To define the status of the service. If set to enabled
, the service will
be run and will be started at boot time. If set to disabled
, the service
is stopped and will not be started at boot time. If set to running
, the
service will be run but will not be started at boot time. You may use this
to start a service on the first Puppet run instead of the system startup.
If set to unmanaged
, the service will not be started at boot time and Puppet
does not care whether the service is running or not. For example, this may
be useful if a cluster management software is used to decide when to start
the service plus assuring it is running on the desired node.
system_key
Data type: Optional[String]
Source for the x-pack system key. Valid values are any that are
supported for the file resource source
parameter.
systemd_service_path
Data type: Stdlib::Absolutepath
Path to the directory in which to install systemd service units.
templates
Data type: Hash
Define templates via a hash. This is mainly used with Hiera's auto binding.
index_templates
Data type: Hash
Define index_templates via a hash. This is mainly used with Hiera's auto binding.
Default value: {}
component_templates
Data type: Hash
Define component_templates via a hash. This is mainly used with Hiera's auto binding.
Default value: {}
ilm_policies
Data type: Hash
Define ilm_policies via a hash. This is mainly used with Hiera's auto binding.
Default value: {}
users
Data type: Hash
Define templates via a hash. This is mainly used with Hiera's auto binding.
validate_tls
Data type: Boolean
Enable TLS/SSL validation on API calls.
version
Data type: Variant[String, Boolean]
To set the specific version you want to install.
elasticsearch::config
This class exists to coordinate all configuration related actions, functionality and logical units in a central place.
It is not intended to be used directly by external resources like node definitions or other modules.
@author Gavin Williams gavin.williams@elastic.co
Examples
importing this class into other classes to use its functionality:
class { 'elasticsearch::config': }
elasticsearch::license
A defined type to control Elasticsearch licenses.
Parameters
The following parameters are available in the elasticsearch::license
class:
ensure
api_basic_auth_password
api_basic_auth_username
api_ca_file
api_ca_path
api_host
api_port
api_protocol
api_timeout
content
validate_tls
ensure
Data type: Enum['absent', 'present']
Controls whether the named pipeline should be present or absent in the cluster.
Default value: 'present'
api_basic_auth_password
Data type: Optional[String]
HTTP basic auth password to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_password
api_basic_auth_username
Data type: Optional[String]
HTTP basic auth username to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_username
api_ca_file
Data type: Optional[Stdlib::Absolutepath]
Path to a CA file which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_file
api_ca_path
Data type: Optional[Stdlib::Absolutepath]
Path to a directory with CA files which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_path
api_host
Data type: String
Host name or IP address of the ES instance to connect to.
Default value: $elasticsearch::api_host
api_port
Data type: Integer[0, 65535]
Port number of the ES instance to connect to
Default value: $elasticsearch::api_port
api_protocol
Data type: Enum['http', 'https']
Protocol that should be used to connect to the Elasticsearch API.
Default value: $elasticsearch::api_protocol
api_timeout
Data type: Integer
Timeout period (in seconds) for the Elasticsearch API.
Default value: $elasticsearch::api_timeout
content
Data type: Variant[String, Hash]
License content in hash or string form.
Default value: $elasticsearch::license
validate_tls
Data type: Boolean
Determines whether the validity of SSL/TLS certificates received from the Elasticsearch API should be verified or ignored.
Default value: $elasticsearch::validate_tls
elasticsearch::package
This class exists to coordinate all software package management related actions, functionality and logical units in a central place.
It is not intended to be used directly by external resources like node definitions or other modules.
Examples
importing this class by other classes to use its functionality:
class { 'elasticsearch::package': }
elasticsearch::service
This class exists to coordinate all service management related actions, functionality and logical units in a central place.
Note: "service" is the Puppet term and type for background processes in general and is used in a platform-independent way. E.g. "service" means "daemon" in relation to Unix-like systems.
Defined types
elasticsearch::component_template
This define allows you to insert, update or delete Elasticsearch component templates.
Template content should be defined through either the content
parameter
(when passing a hash or json string) or the source
parameter (when passing
the puppet file URI to a template json file).
Parameters
The following parameters are available in the elasticsearch::component_template
defined type:
ensure
api_basic_auth_password
api_basic_auth_username
api_ca_file
api_ca_path
api_host
api_port
api_protocol
api_timeout
content
source
validate_tls
ensure
Data type: Enum['absent', 'present']
Controls whether the named component template should be present or absent in the cluster.
Default value: 'present'
api_basic_auth_password
Data type: Optional[String]
HTTP basic auth password to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_password
api_basic_auth_username
Data type: Optional[String]
HTTP basic auth username to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_username
api_ca_file
Data type: Optional[Stdlib::Absolutepath]
Path to a CA file which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_file
api_ca_path
Data type: Optional[Stdlib::Absolutepath]
Path to a directory with CA files which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_path
api_host
Data type: String
Host name or IP address of the ES instance to connect to.
Default value: $elasticsearch::api_host
api_port
Data type: Integer[0, 65535]
Port number of the ES instance to connect to
Default value: $elasticsearch::api_port
api_protocol
Data type: Enum['http', 'https']
Protocol that should be used to connect to the Elasticsearch API.
Default value: $elasticsearch::api_protocol
api_timeout
Data type: Integer
Timeout period (in seconds) for the Elasticsearch API.
Default value: $elasticsearch::api_timeout
content
Data type: Optional[Variant[String, Hash]]
Contents of the template. Can be either a puppet hash or a string containing JSON.
Default value: undef
source
Data type: Optional[String]
Source path for the template file. Can be any value similar to source
values for file
resources.
Default value: undef
validate_tls
Data type: Boolean
Determines whether the validity of SSL/TLS certificates received from the Elasticsearch API should be verified or ignored.
Default value: $elasticsearch::validate_tls
elasticsearch::ilm_policy
This define allows you to insert, update or delete Elasticsearch ILM policies.
Policy content should be defined through either the content
parameter
(when passing a hash or json string) or the source
parameter (when passing
the puppet file URI to a policy json file).
Parameters
The following parameters are available in the elasticsearch::ilm_policy
defined type:
ensure
api_basic_auth_password
api_basic_auth_username
api_ca_file
api_ca_path
api_host
api_port
api_protocol
api_timeout
content
source
validate_tls
ensure
Data type: Enum['absent', 'present']
Controls whether the named ILM policy should be present or absent in the cluster.
Default value: 'present'
api_basic_auth_password
Data type: Optional[String]
HTTP basic auth password to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_password
api_basic_auth_username
Data type: Optional[String]
HTTP basic auth username to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_username
api_ca_file
Data type: Optional[Stdlib::Absolutepath]
Path to a CA file which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_file
api_ca_path
Data type: Optional[Stdlib::Absolutepath]
Path to a directory with CA files which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_path
api_host
Data type: String
Host name or IP address of the ES instance to connect to.
Default value: $elasticsearch::api_host
api_port
Data type: Integer[0, 65535]
Port number of the ES instance to connect to
Default value: $elasticsearch::api_port
api_protocol
Data type: Enum['http', 'https']
Protocol that should be used to connect to the Elasticsearch API.
Default value: $elasticsearch::api_protocol
api_timeout
Data type: Integer
Timeout period (in seconds) for the Elasticsearch API.
Default value: $elasticsearch::api_timeout
content
Data type: Optional[Variant[String, Hash]]
Contents of the policy. Can be either a puppet hash or a string containing JSON.
Default value: undef
source
Data type: Optional[String]
Source path for the policy file. Can be any value similar to source
values for file
resources.
Default value: undef
validate_tls
Data type: Boolean
Determines whether the validity of SSL/TLS certificates received from the Elasticsearch API should be verified or ignored.
Default value: $elasticsearch::validate_tls
elasticsearch::index
A defined type to control Elasticsearch index-level settings.
Parameters
The following parameters are available in the elasticsearch::index
defined type:
ensure
api_basic_auth_password
api_basic_auth_username
api_ca_file
api_ca_path
api_host
api_port
api_protocol
api_timeout
settings
validate_tls
ensure
Data type: Enum['absent', 'present']
Controls whether the named pipeline should be present or absent in the cluster.
Default value: 'present'
api_basic_auth_password
Data type: Optional[String]
HTTP basic auth password to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_password
api_basic_auth_username
Data type: Optional[String]
HTTP basic auth username to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_username
api_ca_file
Data type: Optional[Stdlib::Absolutepath]
Path to a CA file which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_file
api_ca_path
Data type: Optional[Stdlib::Absolutepath]
Path to a directory with CA files which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_path
api_host
Data type: String
Host name or IP address of the ES instance to connect to.
Default value: $elasticsearch::api_host
api_port
Data type: Integer[0, 65535]
Port number of the ES instance to connect to
Default value: $elasticsearch::api_port
api_protocol
Data type: Enum['http', 'https']
Protocol that should be used to connect to the Elasticsearch API.
Default value: $elasticsearch::api_protocol
api_timeout
Data type: Integer
Timeout period (in seconds) for the Elasticsearch API.
Default value: $elasticsearch::api_timeout
settings
Data type: Hash
Index settings in hash form (typically nested).
Default value: {}
validate_tls
Data type: Boolean
Determines whether the validity of SSL/TLS certificates received from the Elasticsearch API should be verified or ignored.
Default value: $elasticsearch::validate_tls
elasticsearch::index_template
This define allows you to insert, update or delete Elasticsearch index templates (using new composable api).
Template content should be defined through either the content
parameter
(when passing a hash or json string) or the source
parameter (when passing
the puppet file URI to a template json file).
Parameters
The following parameters are available in the elasticsearch::index_template
defined type:
ensure
api_basic_auth_password
api_basic_auth_username
api_ca_file
api_ca_path
api_host
api_port
api_protocol
api_timeout
content
source
validate_tls
ensure
Data type: Enum['absent', 'present']
Controls whether the named index template should be present or absent in the cluster.
Default value: 'present'
api_basic_auth_password
Data type: Optional[String]
HTTP basic auth password to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_password
api_basic_auth_username
Data type: Optional[String]
HTTP basic auth username to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_username
api_ca_file
Data type: Optional[Stdlib::Absolutepath]
Path to a CA file which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_file
api_ca_path
Data type: Optional[Stdlib::Absolutepath]
Path to a directory with CA files which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_path
api_host
Data type: String
Host name or IP address of the ES instance to connect to.
Default value: $elasticsearch::api_host
api_port
Data type: Integer[0, 65535]
Port number of the ES instance to connect to
Default value: $elasticsearch::api_port
api_protocol
Data type: Enum['http', 'https']
Protocol that should be used to connect to the Elasticsearch API.
Default value: $elasticsearch::api_protocol
api_timeout
Data type: Integer
Timeout period (in seconds) for the Elasticsearch API.
Default value: $elasticsearch::api_timeout
content
Data type: Optional[Variant[String, Hash]]
Contents of the template. Can be either a puppet hash or a string containing JSON.
Default value: undef
source
Data type: Optional[String]
Source path for the template file. Can be any value similar to source
values for file
resources.
Default value: undef
validate_tls
Data type: Boolean
Determines whether the validity of SSL/TLS certificates received from the Elasticsearch API should be verified or ignored.
Default value: $elasticsearch::validate_tls
elasticsearch::pipeline
This define allows you to insert, update or delete Elasticsearch index ingestion pipelines.
Pipeline content should be defined through the content
parameter.
Parameters
The following parameters are available in the elasticsearch::pipeline
defined type:
ensure
content
api_basic_auth_password
api_basic_auth_username
api_ca_file
api_ca_path
api_host
api_port
api_protocol
api_timeout
validate_tls
ensure
Data type: Enum['absent', 'present']
Controls whether the named pipeline should be present or absent in the cluster.
Default value: 'present'
content
Data type: Hash
Contents of the pipeline in hash form.
Default value: {}
api_basic_auth_password
Data type: Optional[String]
HTTP basic auth password to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_password
api_basic_auth_username
Data type: Optional[String]
HTTP basic auth username to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_username
api_ca_file
Data type: Optional[Stdlib::Absolutepath]
Path to a CA file which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_file
api_ca_path
Data type: Optional[Stdlib::Absolutepath]
Path to a directory with CA files which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_path
api_host
Data type: String
Host name or IP address of the ES instance to connect to.
Default value: $elasticsearch::api_host
api_port
Data type: Integer[0, 65535]
Port number of the ES instance to connect to
Default value: $elasticsearch::api_port
api_protocol
Data type: Enum['http', 'https']
Protocol that should be used to connect to the Elasticsearch API.
Default value: $elasticsearch::api_protocol
api_timeout
Data type: Integer
Timeout period (in seconds) for the Elasticsearch API.
Default value: $elasticsearch::api_timeout
validate_tls
Data type: Boolean
Determines whether the validity of SSL/TLS certificates received from the Elasticsearch API should be verified or ignored.
Default value: $elasticsearch::validate_tls
elasticsearch::plugin
This define allows you to install arbitrary Elasticsearch plugins either by using the default repositories or by specifying an URL
Examples
install from official repository
elasticsearch::plugin {'mobz/elasticsearch-head': module_dir => 'head'}
installation using a custom URL
elasticsearch::plugin { 'elasticsearch-jetty':
module_dir => 'elasticsearch-jetty',
url => 'https://oss-es-plugins.s3.amazonaws.com/elasticsearch-jetty/elasticsearch-jetty-0.90.0.zip',
}
Parameters
The following parameters are available in the elasticsearch::plugin
defined type:
ensure
configdir
java_opts
java_home
module_dir
proxy_host
proxy_password
proxy_port
proxy_username
source
url
ensure
Data type: Enum['absent', 'present']
Whether the plugin will be installed or removed. Set to 'absent' to ensure a plugin is not installed
Default value: 'present'
configdir
Data type: Stdlib::Absolutepath
Path to the elasticsearch configuration directory (ES_PATH_CONF) to which the plugin should be installed.
Default value: $elasticsearch::configdir
java_opts
Data type: Array[String]
Array of Java options to be passed to ES_JAVA_OPTS
Default value: []
java_home
Data type: Optional[Stdlib::Absolutepath]
Path to JAVA_HOME, if Java is installed in a non-standard location.
Default value: undef
module_dir
Data type: Optional[String]
Directory name where the module has been installed This is automatically generated based on the module name Specify a value here to override the auto generated value
Default value: undef
proxy_host
Data type: Optional[String]
Proxy host to use when installing the plugin
Default value: undef
proxy_password
Data type: Optional[String]
Proxy auth password to use when installing the plugin
Default value: undef
proxy_port
Data type: Optional[Integer[0, 65535]]
Proxy port to use when installing the plugin
Default value: undef
proxy_username
Data type: Optional[String]
Proxy auth username to use when installing the plugin
Default value: undef
source
Data type: Optional[String]
Specify the source of the plugin. This will copy over the plugin to the node and use it for installation. Useful for offline installation
Default value: undef
url
Data type: Optional[Stdlib::HTTPUrl]
Specify an URL where to download the plugin from.
Default value: undef
elasticsearch::role
Manage x-pack roles.
Examples
create and manage the role 'power_user' mapped to an LDAP group.
elasticsearch::role { 'power_user':
privileges => {
'cluster' => 'monitor',
'indices' => {
'*' => 'all',
},
},
mappings => [
"cn=users,dc=example,dc=com",
],
}
Parameters
The following parameters are available in the elasticsearch::role
defined type:
ensure
Data type: Enum['absent', 'present']
Whether the role should be present or not. Set to 'absent' to ensure a role is not present.
Default value: 'present'
mappings
Data type: Array
A list of optional mappings defined for this role.
Default value: []
privileges
Data type: Hash
A hash of permissions defined for the role. Valid privilege settings can be found in the x-pack documentation.
Default value: {}
elasticsearch::script
This define allows you to insert, update or delete scripts that are used within Elasticsearch.
Parameters
The following parameters are available in the elasticsearch::script
defined type:
ensure
Data type: String
Controls the state of the script file resource to manage.
Values are simply passed through to the file
resource.
Default value: 'present'
recurse
Data type: Optional[Variant[Boolean, Enum['remote']]]
Will be passed through to the script file resource.
Default value: undef
source
Data type: String
Puppet source of the script
elasticsearch::slm_policy
This define allows you to insert, update or delete Elasticsearch SLM policies.
Policy content should be defined through either the content
parameter
(when passing a hash or json string) or the source
parameter (when passing
the puppet file URI to a policy json file).
Parameters
The following parameters are available in the elasticsearch::slm_policy
defined type:
ensure
api_basic_auth_password
api_basic_auth_username
api_ca_file
api_ca_path
api_host
api_port
api_protocol
api_timeout
content
source
validate_tls
ensure
Data type: Enum['absent', 'present']
Controls whether the named SLM policy should be present or absent in the cluster.
Default value: 'present'
api_basic_auth_password
Data type: Optional[String]
HTTP basic auth password to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_password
api_basic_auth_username
Data type: Optional[String]
HTTP basic auth username to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_username
api_ca_file
Data type: Optional[Stdlib::Absolutepath]
Path to a CA file which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_file
api_ca_path
Data type: Optional[Stdlib::Absolutepath]
Path to a directory with CA files which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_path
api_host
Data type: String
Host name or IP address of the ES instance to connect to.
Default value: $elasticsearch::api_host
api_port
Data type: Integer[0, 65535]
Port number of the ES instance to connect to
Default value: $elasticsearch::api_port
api_protocol
Data type: Enum['http', 'https']
Protocol that should be used to connect to the Elasticsearch API.
Default value: $elasticsearch::api_protocol
api_timeout
Data type: Integer
Timeout period (in seconds) for the Elasticsearch API.
Default value: $elasticsearch::api_timeout
content
Data type: Optional[Variant[String, Hash]]
Contents of the policy. Can be either a puppet hash or a string containing JSON.
Default value: undef
source
Data type: Optional[String]
Source path for the policy file. Can be any value similar to source
values for file
resources.
Default value: undef
validate_tls
Data type: Boolean
Determines whether the validity of SSL/TLS certificates received from the Elasticsearch API should be verified or ignored.
Default value: $elasticsearch::validate_tls
elasticsearch::snapshot_repository
This define allows you to insert, update or delete Elasticsearch snapshot repositories.
Parameters
The following parameters are available in the elasticsearch::snapshot_repository
defined type:
ensure
api_basic_auth_password
api_basic_auth_username
api_ca_file
api_ca_path
api_host
api_port
api_protocol
api_timeout
repository_type
location
compress
chunk_size
max_restore_rate
max_snapshot_rate
validate_tls
ensure
Data type: Enum['absent', 'present']
Controls whether the named index template should be present or absent in the cluster.
Default value: 'present'
api_basic_auth_password
Data type: Optional[String]
HTTP basic auth password to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_password
api_basic_auth_username
Data type: Optional[String]
HTTP basic auth username to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_username
api_ca_file
Data type: Optional[Stdlib::Absolutepath]
Path to a CA file which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_file
api_ca_path
Data type: Optional[Stdlib::Absolutepath]
Path to a directory with CA files which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_path
api_host
Data type: String
Host name or IP address of the ES instance to connect to.
Default value: $elasticsearch::api_host
api_port
Data type: Integer[0, 65535]
Port number of the ES instance to connect to
Default value: $elasticsearch::api_port
api_protocol
Data type: Enum['http', 'https']
Protocol that should be used to connect to the Elasticsearch API.
Default value: $elasticsearch::api_protocol
api_timeout
Data type: Integer
Timeout period (in seconds) for the Elasticsearch API.
Default value: $elasticsearch::api_timeout
repository_type
Data type: Optional[String]
Snapshot repository type.
Default value: undef
location
Data type: String
Location of snapshots. Mandatory
compress
Data type: Boolean
Compress the snapshot metadata files?
Default value: true
chunk_size
Data type: Optional[String]
Chunk size to break big files down into.
Default value: undef
max_restore_rate
Data type: Optional[String]
Throttle value for node restore rate.
Default value: undef
max_snapshot_rate
Data type: Optional[String]
Throttle value for node snapshot rate.
Default value: undef
validate_tls
Data type: Boolean
Determines whether the validity of SSL/TLS certificates received from the Elasticsearch API should be verified or ignored.
Default value: $elasticsearch::validate_tls
elasticsearch::template
This define allows you to insert, update or delete Elasticsearch index templates.
Template content should be defined through either the content
parameter
(when passing a hash or json string) or the source
parameter (when passing
the puppet file URI to a template json file).
Parameters
The following parameters are available in the elasticsearch::template
defined type:
ensure
api_basic_auth_password
api_basic_auth_username
api_ca_file
api_ca_path
api_host
api_port
api_protocol
api_timeout
content
source
validate_tls
ensure
Data type: Enum['absent', 'present']
Controls whether the named index template should be present or absent in the cluster.
Default value: 'present'
api_basic_auth_password
Data type: Optional[String]
HTTP basic auth password to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_password
api_basic_auth_username
Data type: Optional[String]
HTTP basic auth username to use when communicating over the Elasticsearch API.
Default value: $elasticsearch::api_basic_auth_username
api_ca_file
Data type: Optional[Stdlib::Absolutepath]
Path to a CA file which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_file
api_ca_path
Data type: Optional[Stdlib::Absolutepath]
Path to a directory with CA files which will be used to validate server certs when communicating with the Elasticsearch API over HTTPS.
Default value: $elasticsearch::api_ca_path
api_host
Data type: String
Host name or IP address of the ES instance to connect to.
Default value: $elasticsearch::api_host
api_port
Data type: Integer[0, 65535]
Port number of the ES instance to connect to
Default value: $elasticsearch::api_port
api_protocol
Data type: Enum['http', 'https']
Protocol that should be used to connect to the Elasticsearch API.
Default value: $elasticsearch::api_protocol
api_timeout
Data type: Integer
Timeout period (in seconds) for the Elasticsearch API.
Default value: $elasticsearch::api_timeout
content
Data type: Optional[Variant[String, Hash]]
Contents of the template. Can be either a puppet hash or a string containing JSON.
Default value: undef
source
Data type: Optional[String]
Source path for the template file. Can be any value similar to source
values for file
resources.
Default value: undef
validate_tls
Data type: Boolean
Determines whether the validity of SSL/TLS certificates received from the Elasticsearch API should be verified or ignored.
Default value: $elasticsearch::validate_tls
elasticsearch::user
Manages x-pack users.
Examples
creates and manage a user with membership in the 'logstash' and 'kibana4' roles.
elasticsearch::user { 'bob':
password => 'foobar',
roles => ['logstash', 'kibana4'],
}
Parameters
The following parameters are available in the elasticsearch::user
defined type:
ensure
Data type: Enum['absent', 'present']
Whether the user should be present or not.
Set to absent
to ensure a user is not installed
Default value: 'present'
password
Data type: String
Password for the given user. A plaintext password will be managed with the esusers utility and requires a refresh to update, while a hashed password from the esusers utility will be managed manually in the uses file.
roles
Data type: Array
A list of roles to which the user should belong.
Default value: []
Resource types
elasticsearch_component_template
Manages Elasticsearch component templates.
Properties
The following properties are available in the elasticsearch_component_template
type.
content
Structured content of template.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the elasticsearch_component_template
type.
name
namevar
Template name.
provider
The specific backend to use for this elasticsearch_component_template
resource. You will seldom need to specify this
--- Puppet will usually discover the appropriate provider for your platform.
source
Puppet source to file containing template contents.
elasticsearch_ilm_policy
Manages Elasticsearch ILM policies.
Properties
The following properties are available in the elasticsearch_ilm_policy
type.
content
Structured content of policy.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the elasticsearch_ilm_policy
type.
name
namevar
Policy name.
provider
The specific backend to use for this elasticsearch_ilm_policy
resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
source
Puppet source to file containing ILM policy contents.
elasticsearch_index
Manages Elasticsearch index settings.
Properties
The following properties are available in the elasticsearch_index
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
settings
Structured settings for the index in hash form.
Parameters
The following parameters are available in the elasticsearch_index
type.
name
namevar
Index name.
provider
The specific backend to use for this elasticsearch_index
resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
elasticsearch_index_template
Manages Elasticsearch index templates.
Properties
The following properties are available in the elasticsearch_index_template
type.
content
Structured content of template.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the elasticsearch_index_template
type.
name
namevar
Template name.
provider
The specific backend to use for this elasticsearch_index_template
resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
source
Puppet source to file containing template contents.
elasticsearch_keystore
Manages an Elasticsearch keystore settings file.
Properties
The following properties are available in the elasticsearch_keystore
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
settings
A key/value hash of settings names and values.
Parameters
The following parameters are available in the elasticsearch_keystore
type.
configdir
Path to the elasticsearch configuration directory (ES_PATH_CONF).
Default value: /etc/elasticsearch
instance
Elasticsearch instance this keystore belongs to.
provider
The specific backend to use for this elasticsearch_keystore
resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
purge
Valid values: true
, false
, yes
, no
Whether to proactively remove settings that exist in the keystore but are not present in this resource's settings.
Default value: false
elasticsearch_license
Manages Elasticsearch licenses.
Properties
The following properties are available in the elasticsearch_license
type.
content
Structured hash for license content data.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the elasticsearch_license
type.
name
namevar
Pipeline name.
provider
The specific backend to use for this elasticsearch_license
resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
elasticsearch_pipeline
Manages Elasticsearch ingest pipelines.
Properties
The following properties are available in the elasticsearch_pipeline
type.
content
Structured content of pipeline.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the elasticsearch_pipeline
type.
name
namevar
Pipeline name.
provider
The specific backend to use for this elasticsearch_pipeline
resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
elasticsearch_plugin
Plugin installation type
Properties
The following properties are available in the elasticsearch_plugin
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the elasticsearch_plugin
type.
configdir
elasticsearch_package_name
java_home
java_opts
name
plugin_dir
plugin_path
provider
proxy
source
url
configdir
Path to the elasticsearch configuration directory (ES_PATH_CONF).
Default value: /etc/elasticsearch
elasticsearch_package_name
Name of the system Elasticsearch package.
java_home
Optional string to set the environment variable JAVA_HOME.
java_opts
Optional array of Java options for ES_JAVA_OPTS.
Default value: []
name
namevar
An arbitrary name used as the identity of the resource.
plugin_dir
Path to the Plugins directory
Default value: /usr/share/elasticsearch/plugins
plugin_path
Override name of the directory created for the plugin
provider
The specific backend to use for this elasticsearch_plugin
resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
proxy
Proxy Host
source
Source of the package. puppet:// or file:// resource
url
Url of the package
elasticsearch_role
Type to model Elasticsearch roles.
Properties
The following properties are available in the elasticsearch_role
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
privileges
Security privileges of the given role.
Parameters
The following parameters are available in the elasticsearch_role
type.
name
Valid values: %r{^[a-zA-Z_]{1}[-\w@.$]{0,39}$}
namevar
Role name.
provider
The specific backend to use for this elasticsearch_role
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
elasticsearch_role_mapping
Type to model Elasticsearch role mappings.
Properties
The following properties are available in the elasticsearch_role_mapping
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
mappings
List of role mappings.
Parameters
The following parameters are available in the elasticsearch_role_mapping
type.
name
Valid values: %r{^[a-zA-Z_]{1}[-\w@.$]{0,39}$}
namevar
Role name.
provider
The specific backend to use for this elasticsearch_role_mapping
resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
elasticsearch_slm_policy
Manages Elasticsearch SLM policies.
Properties
The following properties are available in the elasticsearch_slm_policy
type.
content
Structured content of policy.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the elasticsearch_slm_policy
type.
name
namevar
Policy name.
provider
The specific backend to use for this elasticsearch_slm_policy
resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
source
Puppet source to file containing SLM policy contents.
elasticsearch_snapshot_repository
Manages Elasticsearch snapshot repositories.
Properties
The following properties are available in the elasticsearch_snapshot_repository
type.
chunk_size
File chunk size
compress
Compress the repository data
Default value: true
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
location
Repository location
max_restore_rate
Maximum Restore rate
max_snapshot_rate
Maximum Snapshot rate
Parameters
The following parameters are available in the elasticsearch_snapshot_repository
type.
name
namevar
Repository name.
provider
The specific backend to use for this elasticsearch_snapshot_repository
resource. You will seldom need to specify this
--- Puppet will usually discover the appropriate provider for your platform.
type
Repository type
Default value: fs
elasticsearch_template
Manages Elasticsearch index templates.
Properties
The following properties are available in the elasticsearch_template
type.
content
Structured content of template.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the elasticsearch_template
type.
name
namevar
Template name.
provider
The specific backend to use for this elasticsearch_template
resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
source
Puppet source to file containing template contents.
elasticsearch_user
Type to model Elasticsearch users.
Properties
The following properties are available in the elasticsearch_user
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the elasticsearch_user
type.
configdir
Path to the elasticsearch configuration directory (ES_PATH_CONF).
name
namevar
User name.
password
Plaintext password for user.
Required features: manages_plaintext_passwords.
provider
The specific backend to use for this elasticsearch_user
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
elasticsearch_user_file
Type to model Elasticsearch users.
Properties
The following properties are available in the elasticsearch_user_file
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
hashed_password
Valid values: %r{^[$]2a[$].{56}$}
Hashed password for user.
Parameters
The following parameters are available in the elasticsearch_user_file
type.
configdir
Path to the elasticsearch configuration directory (ES_PATH_CONF).
name
namevar
User name.
provider
The specific backend to use for this elasticsearch_user_file
resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
elasticsearch_user_roles
Type to model Elasticsearch user roles.
Properties
The following properties are available in the elasticsearch_user_roles
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
roles
Array of roles that the user should belong to.
Parameters
The following parameters are available in the elasticsearch_user_roles
type.
name
namevar
User name.
provider
The specific backend to use for this elasticsearch_user_roles
resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
es_instance_conn_validator
Verify that a connection can be successfully established between a node and Elasticsearch. It could potentially be used for other purposes such as monitoring.
Properties
The following properties are available in the es_instance_conn_validator
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the es_instance_conn_validator
type.
name
namevar
An arbitrary name used as the identity of the resource.
port
The port that the Elasticsearch instance should be listening on.
Default value: 9200
provider
The specific backend to use for this es_instance_conn_validator
resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
server
DNS name or IP address of the server where Elasticsearch should be running.
Default value: localhost
sleep_interval
The number of seconds that the validator should wait before retrying the connection to Elasticsearch; defaults to 10 seconds.
Default value: 10
timeout
The max number of seconds that the validator should wait before giving up and deciding that Elasticsearch is not running; defaults to 60 seconds.
Default value: 60
Functions
array_suffix
Type: Ruby 3.x API
This function applies a suffix to all elements in an array.
Examples:
array_suffix(['a','b','c'], 'p')
Will return: ['ap','bp','cp']
array_suffix()
This function applies a suffix to all elements in an array.
Examples:
array_suffix(['a','b','c'], 'p')
Will return: ['ap','bp','cp']
Returns: Any
Array
concat_merge
Type: Ruby 3.x API
Merges two or more hashes together concatenating duplicate keys with array values and returns the resulting hash.
For example:
$hash1 = {'a' => [1]}
$hash2 = {'a' => [2]}
concat_merge($hash1, $hash2)
# The resulting hash is equivalent to:
# { 'a' => [1, 2] }
When there is a duplicate key that is not an array, the key in the rightmost hash will "win."
concat_merge()
Merges two or more hashes together concatenating duplicate keys with array values and returns the resulting hash.
For example:
$hash1 = {'a' => [1]}
$hash2 = {'a' => [2]}
concat_merge($hash1, $hash2)
# The resulting hash is equivalent to:
# { 'a' => [1, 2] }
When there is a duplicate key that is not an array, the key in the rightmost hash will "win."
Returns: Any
String
deep_implode
Type: Ruby 3.x API
Recursively flattens all keys of a hash into a dot-notated hash, deeply merging duplicate key values by natively combining them and returns the resulting hash.
That is confusing, look at the examples for more clarity.
For example:
$hash = {'top' => {'sub' => [1]}, 'top.sub' => [2] }
$flattened_hash = deep_implode($hash)
# The resulting hash is equivalent to:
# { 'top.sub' => [1, 2] }
When the function encounters array or hash values, they are concatenated or merged, respectively. When duplace paths for a key are generated, the function will prefer to retain keys with the longest root key.
deep_implode()
Recursively flattens all keys of a hash into a dot-notated hash, deeply merging duplicate key values by natively combining them and returns the resulting hash.
That is confusing, look at the examples for more clarity.
For example:
$hash = {'top' => {'sub' => [1]}, 'top.sub' => [2] }
$flattened_hash = deep_implode($hash)
# The resulting hash is equivalent to:
# { 'top.sub' => [1, 2] }
When the function encounters array or hash values, they are concatenated or merged, respectively. When duplace paths for a key are generated, the function will prefer to retain keys with the longest root key.
Returns: Any
Hash
es_plugin_name
Type: Ruby 3.x API
Given a string, return the best guess at what the directory name will be for the given plugin. Any arguments past the first will be fallbacks (using the same logic) should the first fail.
For example, all the following return values are "plug":
es_plugin_name('plug')
es_plugin_name('foo/plug')
es_plugin_name('foo/plug/1.0.0')
es_plugin_name('foo/elasticsearch-plug')
es_plugin_name('foo/es-plug/1.3.2')
es_plugin_name()
Given a string, return the best guess at what the directory name will be for the given plugin. Any arguments past the first will be fallbacks (using the same logic) should the first fail.
For example, all the following return values are "plug":
es_plugin_name('plug')
es_plugin_name('foo/plug')
es_plugin_name('foo/plug/1.0.0')
es_plugin_name('foo/elasticsearch-plug')
es_plugin_name('foo/es-plug/1.3.2')
Returns: Any
String
plugin_dir
Type: Ruby 3.x API
Extracts the end plugin directory of the name
plugin_dir()
Extracts the end plugin directory of the name
Returns: Any
String
Data types
Elasticsearch::Multipath
The Elasticsearch::Multipath data type.
Alias of Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath]
Elasticsearch::Status
The Elasticsearch::Status data type.
Alias of Enum['enabled', 'disabled', 'running', 'unmanaged']
Changelog
All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.
v9.0.0 (2024-02-21)
Breaking changes:
- Drop Debian 10 support #1214 (h-haaks)
- Drop Ubuntu 18.04 support #1213 (zilchms)
- Drop Puppet 6 support #1191 (bastelfreak)
Implemented enhancements:
- Add Ubuntu 22.04 support #1212 (zilchms)
- bump elastic_stack \<10.0.0 #1207 (sandwitch)
- Add Puppet 8 support #1196 (bastelfreak)
- modulesync 7.3.0; allow stdlib 9.x #1192 (bastelfreak)
- Add support for SLM policies #1164 (NITEMAN)
- Add support for ILM policies #1163 (NITEMAN)
- Add support for composable index templates #1146 (NITEMAN)
Closed issues:
- Use Elasticsearch 7+ as default for configuration #1210
- fix lib directory permissions without changing the mode of files in the directory #1203
- warnings when used with stlib 9. #1201
- File jvm.options in root is unmanaged/may be missing #1197
- Setting an Elastic Version should be optional #1174
- 'jvm.options' (prerequisite, required file) is unmanaged by module #1093
- Support for index lifecycle management (ILM) #1038
- Puppet for elastic stack 7.1 #1037
Merged pull requests:
- Use Elasticsearch 7+ as default for configuration #1211 (asusk7m550)
- Remove legacy top-scope syntax #1205 (smortex)
- (#1203) Fix lib directory and file permissions #1204 (ttousai)
- Add owner/group to jvm.options file and Use jvm.options.d/jvm.options file by default #1202 (phaedriel)
- Allow newer java and java_ks versions #1193 (saz)
v8.1.0 (2023-01-05)
Implemented enhancements:
- Make datadir and logdir management optional #1184 (phaedriel)
- Support different paths for elasticsearch-plugin #1181 (phaedriel)
- Remove deprecated validate_slength #1176 (phaedriel)
- Use jvm.options.d folder on ES 7.7.0+ #1159 (phaedriel)
- Update tests to use Hiera 5 #1158 (cocker-cc)
Fixed bugs:
- Some exception when installing analysis-ik plugin #1011
- Fix usage of static
'elasticsearch'
instead of$elasticsearch::service_name
#1178 (phaedriel) - Fix user role mapping config file #1165 (otterz)
Merged pull requests:
- Add option to set private key type #1186 (phaedriel)
- Add test condition 'version != false' (tls_config block) #1175 (phaedriel)
- Fix elasticsearch facts and http check #1170 (fe80)
- Add match to file_line jvm.options #1168 (phaedriel)
- Allow change logdir mode value #1167 (phaedriel)
- fix lib directory permissions; do not depend on umask #1166 (fionera)
- Delete old CI job definitions #1161 (bastelfreak)
- Remove datacat module from Richard Clamp #1160 (phaedriel)
v8.0.2 (2022-04-08)
Merged pull requests:
- puppetlabs/java: Allow 8.x #1156 (bastelfreak)
v8.0.1 (2022-03-18)
Fixed bugs:
Merged pull requests:
- Cleanup README.md #1143 (bastelfreak)
v8.0.0 (2022-01-07)
Breaking changes:
- Unlist Operating Systems which have reached EOL #1127 (smortex)
- Drop support of Puppet 4 and 5 (EOL) #1126 (smortex)
Implemented enhancements:
Fixed bugs:
- typo in config.pp #1130
- fix error in custom fact resolution when conf file is empty #1140 (fe80)
- regression: Fix rubocop cleanup #1139 (bastelfreak)
- config.pp: fix typo #1131 (Aseiide)
- Fix more failing master tests #1077 (fatmcgav)
Closed issues:
- elasticsearch::init does not respect service_name other than 'elasticsearch' #1110
- Centos/RHEL 8 support #1100
- RFC: Remove support for instances #1025
- Add support for other OS's / distro's #94
Merged pull requests:
- puppetlabs/stdlib: Allow 8.x & elastic_stack: Migrate from elastic to puppet namespace #1141 (bastelfreak)
- update metadata.json for Vox Pupuli namespace #1136 (bastelfreak)
- Stop using Travis CI #1124 (jmlrt)
- Increase of the role-name length to 40 #1115 (Kuermel)
- Do not restart Elasticsearch on config change when restart_config_change is set to false #1114 (scornelissen85)
- make sure plugins installed before service is started #1106 (shamil)
- Bump module version to
7.0.0
and update docs #1105 (fatmcgav) - Bump Elasticsearch version and some cleanup #1104 (fatmcgav)
- Add Elasticsearch 7 to test matrix #1088 (fatmcgav)
- Remove multi instance support #1085 (fatmcgav)
- Add some more badges #1076 (fatmcgav)
- Bump Beaker versions to support latest OS' #1075 (fatmcgav)
- Fix failing tests on master #1074 (fatmcgav)
- Fix misspelling of openSUSE #1073 (m-rey)
- Fix intake failure for variable_scope #1066 (fatmcgav)
7.0.0 (2020-12-23)
This is a new major version release of the Elasticsearch module that contains a number of breaking changes and adds support for deploying and managing Elasticsearch 7.x.
Breaking changes
- Removed support for running multiple instances of Elasticsearch on a single host
- Removed support for Elasticsearch older than version 6.x
Features
- Support for deploying Elasticsearch 7.x
- Support and Testing for a number of newer OS'
- Amazon Linux 2
- CentOS 8
- Oracle Linux 8
- Debian 10
- Ubuntu 18.04
- Ubuntu 20.04
Bug fixes
Various little bug fixes as a result of cleaning up and refactoring a lot of the code.
6.4.0 (August 28, 2019)
Features
- Support for Puppet 6
Fixes
- Fix "Could not autoload" errors in some custom types/providers.
- Resolved an issue arising from the use of
hiera()
in Hiera yaml data files.
6.3.4 (August 7, 2019)
Puppet < 4.10 No Longer Supported
Puppet 4.10.0 is the new minimum required version of Puppet.
Fixes
- The Elasticsearch log directory is no longer recursively managed to avoid stomping on the user/mode settings that Elasticsearch prefers.
- Package management on apt-based systems no longer encounters dependency errors when
manage_repo => false
. - Plugin configuration files are now more well-supported by respecting subdirectory copy recursion. See
elasticsearch::configdir_recurselimit
for more information. - An error related to elasticsearch_roles and
yield
errors has been fixed - Correctly permit instances to be set to
absent
without errors.
6.3.3 (September 7, 2018)
Note that this release includes changes to a default value that may affect users that rely on curl
or wget
to retrieve Elasticsearch package files, as now all certificates are validated by default.
To preserve existing behavior, set $elasticsearch::download_tool_verify_certificates
to false
.
Fixes
- Update puppetlabs-stdlib dependency to < 6.0.0
- By default, package files downloaded with tools like wget or curl (i.e., the
$elasticsearch::download_tool
parameter) now verify certificates by default and a new boolean parameter has been added to indicate whether to ignore certificates ($elasticsearch::download_tool_verify_certificates
).
6.3.2 (August 28, 2018)
Fixes
- Fix an issue with string coercion for certain fields in pipelines.
6.3.1 (August 6, 2018)
Primarily a bugfix release.
Fixes
- REST-based resources are now coerced to string values to uniformly compare user defined values and Elasticsearch API responses.
- Resolve deprecation warnings related to use of the deprecated is_array() function.
- Fixed an erroneous inclusion of '<' in logging.yml
- Resolve deprecation warnings related to use of the deprecated is_string() function.
6.3.0 (June 18, 2018)
Migration Guide
Elasticsearch 6.3 includes several big changes that are reflected in this module. When upgrading from module versions prior to 6.3, there are a number of upgrade considerations to take into account:
- This module defaults to the upstream package repositories, which now include X-Pack bundled by default. To preserve previous behavior which does not include X-Pack, follow the
README
instructions to configureoss
-only repositories/packages.- Note that if your system was previously using the
elasticsearch
package and you instead choose to move to theoss
distribution, theelasticsearch
andelasticsearch-oss
packages may conflict. If that occurs, consider ensuring that theelasticsearch
package is absent before the::elasticsearch
class runs. This module does not explicitly remove the conflicting package to avoid unexpected package removal.
- Note that if your system was previously using the
- Use of the
elastic_stack::repo
class for managing package repositories brings a couple changes:- All repository-level parameters and settings have been removed from the
::elasticsearch
class. These parameters can now be set on theelastic_stack::repo
class. - This may mean that leftover yum/apt/etc. repositories named
elasticsearch
may persist after upgrade.
- All repository-level parameters and settings have been removed from the
- Some changes have been made to align this module's file-level permissions with upstream defaults on some configuration, data, and logging directories. Though these have been tested, operators should be aware that some permissions may change on-disk after upgrading to version >= 6.3.x of this module.
Features
- Added support for managing Elasticsearch licenses.
- This module now uses the elastic-stack module to manage package repositories.
- Supports OSS packaging distribution.
- X-Pack bundled with 6.3 support.
Fixes
- Ensure that the stock Elasticsearch service is not running.
- Service files for removed instances were previously set to ensure => absent on removal. Because this limits Puppet's ability to verify that the named service is running or not, these service files are always present now whether an instance is set to present or absent.
- The service defaults file now enforces user/group ownership inline with the service user runtime.
- The
scripts
configuration directory is now recursively copied instead of symlinked to avoid Elasticsearch security manager permission errors. - X-Pack and other meta-plugins are now properly detected as installed by the native plugin provider.
6.2.2 (March 13, 2018)
Fixes
- Fixed language compatibility errors that could arise when using JRuby 1.7 on Puppet Servers.
6.2.1 (February 14, 2018)
This is primarily a bugfix release to address an issue when installing Elasticsearch 6.2.x plugins such as X-Pack that use the new meta-plugin architecture. While the change has been tested with several plugins and versions of Elasticsearch, if any unexpected behavior arises, help is available on the Elastic forums or via an issue in the puppet-elasticsearch Github repository.
Fixes
- Rewrote the
exists?
logic for theelasticsearch_plugin
provider. This fundamentally changes how the module detects the presence of plugins but should be backwards compatible.
6.2.0 (February 9, 2018)
Features
- Add support for Amazon Linux 2
- Add support for managing Elasticsearch Snapshot Repository resources
Fixes
- Fixed an issue when setting
file_rolling_type => file
in Elasticsearch 6. - Removed ExecStartPre=- from systemd template
6.1.0 (December 18, 2017)
Features
- Removed
tea
module dependency for pre-existing types instdlib
module. - Support
file
as afile_rolling_type
. - Added
java_opts
parameter toelasticsearch::plugin
resource. - Brought some options in
jvm.options
up-to-date with upstream. - Plugins can now have their
JAVA_HOME
set through thejava_home
parameter.
Fixes
- Fixed issue with
ES_PATH_CONF
being unset in SysV init files.
6.0.0 (November 14, 2017)
Major version upgrade with several important deprecations:
- Puppet version 3 is no longer supported.
- Package pinning is no longer supported.
- Java installation is no longer supported.
- The python and ruby defined types have been removed.
- Repo management through
manage_repo
is now set totrue
by default. - All
*_hiera_merge
parameters have been removed.
Minor:
- elasticsearch::plugin only accepts
present
orabsent
- Some REST-resource based providers (such as templates and pipelines) now validate parameters (such as numeric port numbers) more rigorously.
The following migration guide is intended to help aid in upgrading this module.
Migration Guide
Puppet 3.x No Longer Supported
Puppet 4.5.0 is the new minimum required version of Puppet, which offers better safety, module metadata, and Ruby features. Migrating from Puppet 3 to Puppet 4 is beyond the scope of this guide, but the official upgrade documentation can help. As with any version or module upgrade, remember to restart any agents and master servers as needed.
Package Pinning No Longer Supported
Package pinning caused lots of unexpected behavior and usually caused more problems than solutions.
If you still require package pinning, consider using the apt::pin
resource on Debian-based systems or a yum::versionlock
resource from the yum module for Red Hat-based systems.
Java Installation No Longer Supported
Java installation was a very simple operation in this module which simply declared an instance of the java
class but created conflicts for users who managed Java separately.
If you still wish to configure Java alongside this module, consider using the puppetlabs/java module and installing Java with the following configuration:
class { "java" : distribution => "jre" }
This will install a version of Java suitable for Elasticsearch in most situations. Note that in some older distributions, you may need to take extra steps to install a more recent version of Java that supports Elasticsearch.
Removal of Python and Ruby Resources
These resource types were simple wrappers around package
resources with their providers set to pip
and gem
, respectively.
Simply defining your own resources similarly to:
package { 'elasticsearch' : provider => 'pip' }
Is sufficient.
Automatic Package Repository Management
This parameter is now set to true
by default to automatically manage the Elastic repository.
If you do not wish to configure the repository to automatically retrieve package updates, set this parameter to false
:
class { 'elasticsearch': manage_repo => false }
Removal of hiera_merge
Parameters
Updates to Hiera in later versions of Puppet mean that you can set merging behavior in end-user configuration.
Read the upstream Hiera documentation regarding lookup_options
to learn how to configure Hiera appropriately for your needs.
5.5.0 (November 13, 2017)
Features
- Updated puppetlabs/java dependency to
< 5.0.0
Fixes
- Properly support plugin installation on 6.x series with explicit
ES_PATH_CONF
- set file ownership of systemd service file to root user/group
- Fix propagating the pid_dir into OpenBSD rcscript
5.4.3 (September 1, 2017)
Features
- Bumped puppet/java dependency to < 3.0.0
Fixes
- Append
--quiet
flag to >= 5.x versions of Elasticsearch systemd service units - Disable es_facts collection on SearchGuard nodes with TLS enabled
5.4.2 (August 18, 2017)
Features
- Bumped puppet/yum dependency to < 3.0.0
Fixes
- Custom facts no longer attempt to connect to SSL/TLS secured ports.
5.4.1 (August 7, 2017)
Fixed an issue where logging_yml_ensure
and log4j2_ensure
would not propagate to elasticsearch::instance
resources.
5.4.0 (August 3, 2017)
Features
- The
api_timeout
parameter is now passed to thees_instance_conn_validator
resource for index, pipeline, and template defined types. - Updated puppetlabs/apt dependency to < 5.0.0.
- Both the
logging.yml
andlog4j2.properties
files can be selectively enabled/disabled with thelogging_yml_ensure
andlog4j2_ensure
parameters on theelasticsearch
class andelasticsearch::instance
defined type. jvm_options
are now controllable on a per-instance basis.
Fixes
- Fixed an edge case with
es_instance_validator
in which ruby connection errors were not caught. - Plugins with colon-delimited names (such as maven plugins) are properly handled now.
- Fixed a bug that would cause dependency cycles when using parameters to create defined types.
5.3.1 (June 14, 2017)
Summary
Minor release to fix bugs related to the elasticsearch_keystore
type and generated docs.
Features
- Moved documentation to Yard for doc auto-generation for all classes/types/etc.
Fixes
- Fixed dependency order bug with the
elasticsearch_keystore
type and augeas defaults resource.
5.3.0 (June 5, 2017)
Summary
Minor bugfix release with added support for managing Elasticsearch keystores, custom repository URLs, and more.
Features
- Failures are no longer raised when no instances are defined for a plugin and service restarts are not requested.
- The
datadir
for instances can now be shared among multiple instances by using thedatadir_instance_directories
parameter. repo_baseurl
is now exposed as a top-level parameter for users who wish to control custom repositories.elasticsearch-keystore
values can now be managed via native Puppet resources.
Fixes
- log4j template now properly respects deprecation logging settings.
5.2.0 (May 5, 2017)
Summary
Release supporting several new features and bugfixes for 5.4.0 users and users who need the ability to update plugins.
Features
- Support for Shield/X-Pack logging configuration file added.
- The
elasticsearch::script
type now supports recursively managing directories of scripts. - All module defined types can now be managed as top-level hash parameters to the
elasticsearch
class (primarily for hiera and PE)
Fixes
- Fixed a bug that prevented plugins from being updated properly.
- Fixed deprecated
default.path
options introduced in Elasticsearch 5.4.0.
5.1.1 (April 13, 2017)
Summary
Features
- Instance configs now have highest precedence when constructing the final yaml config file.
Fixes
This is a hotfix release to support users affected by an upstream Elasticsearch issue.
See the associated issue for details regarding the workaround.
The change implemented in this release is to place the elasticsearch::instance
config
parameter at the highest precedence when merging the final config yaml which permits users manually override path.data
values.
5.1.0 (February 28, 2017)
Summary
Ingest pipeline and index settings support. Minor bugfixes.
Features
- Ingestion pipelines supported via custom resources.
- Index settings support.
Fixes
- Custom facts no longer fail when trying to read unreadable elasticsearch config files.
Accept
andContent-Type
headers properly set for providers (to support ES 6.x)
5.0.0 (February 9, 2017)
Going forward, This module will follow Elasticsearch's upstream major version to indicate compatability. That is, version 5.x of this module supports version 5 of Elasticsearch, and version 6.x of this module will be released once Elasticsearch 6 support is added.
Summary
Note that this is a major version release! Please read the release notes carefully before upgrading to avoid downtime/unexpected behavior. Remember to restart any puppetmaster servers to clear provider caches and pull in updated code.
Backwards-Incompatible Changes
- The
elasticsearch::shield::user
andelasticsearch::shield::role
resources have been renamed toelasticsearch::user
andelasticsearch::role
since the resource now handles both Shield and X-Pack. - Both Shield and X-Pack configuration files are kept in
/etc/elasticsearch/shield
and/etc/elasticsearch/x-pack
, respectively. If you previously managed Shield resources with version 0.x of this module, you may need to migrate files from/usr/share/elasticsearch/shield
. - The default data directory has been changed to
/var/lib/elasticsearch
. If you used the previous default (the Elasticsearch home directory,/usr/share/elasticsearch/data
), you may need to migrate your data. - The first changes that may be Elasticsearch 1.x-incompatible have been introduced (see the elasticsearch support lifecycle). This only impacts version 1.x running on systemd-based distributions.
- sysctl management has been removed (and the module removed as a dependency for this module), and puppet/yum is used in lieu of ceritsc/yum.
Features
- Support management of the global jvm.options configuration file.
- X-Pack support added.
- Restricted permissions to the elasticsearch.yml file.
- Deprecation log configuration support added.
- Synced systemd service file with upstream.
Bugfixes
- Fixed case in which index template could prepend an additional 'index.' to index settings.
- Fixed a case in which dependency cycles could arise when pinning packages on CentOS.
- No longer recursively change the Elasticsearch home directory's lib/ to the elasticsearch user.
- Unused defaults values now purged from instance init defaults files.
Changes
- Changed default data directory to /var/lib
- sysctl settings are no longer managed by the thias/sysctl module.
- Calls to
elasticsearch -version
in elasticsearch::plugin code replaced with native Puppet code to resolve Elasticsearch package version. Should improve resiliency when managing plugins. - Shield and X-Pack configuration files are stored in /etc/elasticsearch instead of /usr/share/elasticsearch.
- Removed deprecated ceritsc/yum module in favor of puppet/yum.
Testing changes
0.15.1 (December 1, 2016)
Summary
Primarily a bugfix release for Elasticsearch 5.x support-related issues. Note updated minimum required puppet versions as well.
Features
Bugfixes
- Removed ES_HEAP_SIZE check in init scripts for Elasticsearch 5.x
- Changed sysctl value to a string to avoid type errors for some versions
- Fixed a $LOAD_PATH error that appeared in some cases for puppet_x/elastic/es_versioning
Changes
- Updated minimium required version for Puppet and PE to reflect tested versions and versions supported by Puppet Labs
Testing changes
0.15.0 (November 17, 2016)
Summary
- Support for Ubuntu Xenial (16.04) formally declared.
- Initial support for running Elasticsearch 5.x series.
Features
- Support management of 5.x-style Elastic yum/apt package repositories.
- Support service scripts for 5.x series of Elasticsearch
Bugfixes
- Update the apt::source call to not cause deprecation warnings
- Updated module metadata to correctly require puppet-stdlib with validate_integer()
Changes
Testing changes
- Ubuntu Xenial (16.04) added to the test matrix.
0.14.0 (October 12, 2016)
Summary
Primarily a bugfix release for issues related to plugin proxy functionality, various system service fixes, and directory permissions. This release also adds the ability to define logging rolling file settings and a CA file/path for template API access.
Features
- Added 'file_rolling_type' parameter to allow selecting file logging rotation type between "dailyRollingFile" or "rollingFile". Also added 'daily_rolling_date_pattern', 'rolling_file_max_backup_index' and 'rolling_file_max_file_size' for file rolling customization.
Bugfixes
- Permissions on the Elasticsearch plugin directory have been fixed to permit world read rights.
- The service systemd unit now
Wants=
a network target to fix bootup parallelization problems. - Recursively create the logdir for elasticsearch when creating multiple instances
- Files and directories with root ownership now specify UID/GID 0 instead to improve compatability with *BSDs.
- Elasticsearch Debian init file changed to avoid throwing errors when DATA_DIR, WORK_DIR and/or LOG_DIR were an empty variable.
- Fixed a broken File dependency when a plugin was set to absent and elasticsearch set to present.
- Fixed issue when using the
proxy
parameter on plugins in Elasticsearch 2.x.
Changes
- The
api_ca_file
andapi_ca_path
parameters have been added to support custom CA bundles for API access. - Numerics in elasticsearch.yml will always be properly unquoted.
- puppetlabs/java is now listed as a dependency in metadata.json to avoid unexpected installation problems.
Testing changes
0.13.2 (August 29, 2016)
Summary
Primarily a bugfix release to resolve HTTPS use in elasticsearch::template resources, 5.x plugin operations, and plugin file permission enforcement.
Features
- Plugin installation for the 5.x series of Elasticsearch is now properly supported.
Bugfixes
- Recursively enforce correct plugin directory mode to avoid Elasticsearch startup permissions errors.
- Fixed an edge case where dependency cycles could arise when managing absent resources.
- Elasticsearch templates now properly use HTTPS when instructed to do so.
Changes
- Updated the elasticsearch_template type to return more helpful error output.
- Updated the es_instance_conn_validator type to silence deprecation warnings in Puppet >= 4.
Testing changes
0.13.1 (August 8, 2016)
Summary
Lingering bugfixes from elasticsearch::template changes.
More robust systemd mask handling.
Updated some upstream module parameters for deprecation warnings.
Support for the Shield system_key
file.
Features
- Added
system_key
parameter to theelasticsearch
class andelasticsearch::instance
type for placing Shield system keys.
Bugfixes
- Fixed systemd elasticsearch.service unit masking to use systemctl rather than raw symlinking to avoid puppet file backup errors.
- Fixed a couple of cases that broke compatability with older versions of puppet (elasticsearch_template types on puppet versions prior to 3.6 and yumrepo parameters on puppet versions prior to 3.5.1)
- Fixed issues that caused templates to be incorrectly detected as out-of-sync and thus always changed on each puppet run.
- Resources are now explicitly ordered to ensure behavior such as plugins being installed before instance start, users managed before templates changed, etc.
Changes
- Updated repository gpg fingerprint key to long form to silence module warnings.
Testing changes
0.13.0 (August 1, 2016)
Summary
Rewritten elasticsearch::template using native type and provider. Fixed and added additional proxy parameters to elasticsearch::plugin instances. Exposed repo priority parameters for apt and yum repos.
Features
- In addition to better consistency, the
elasticsearch::template
type now also accepts variousapi_*
parameters to control how access to the Elasticsearch API is configured (there are top-level parameters that are inherited and can be overwritten inelasticsearch::api_*
). - The
elasticsearch::config
parameter now supports deep hiera merging. - Added the
elasticsearch::repo_priority
parameter to support apt and yum repository priority configuration. - Added
proxy_username
andproxy_password
parameters toelasticsearch::plugin
.
Bugfixes
- Content of templates should now properly trigger new API PUT requests when the index template stored in Elasticsearch differs from the template defined in puppet.
- Installing plugins with proxy parameters now works correctly due to changed Java property flags.
- The
elasticsearch::plugin::module_dir
parameter has been re-implemented to aid in working around plugins with non-standard plugin directories.
Changes
- The
file
parameter on theelasticsearch::template
defined type has been deprecated to be consistent with usage of thesource
parameter for other types.
Testing changes
0.12.0 (July 20, 2016)
IMPORTANT! A bug was fixed that mistakenly added /var/lib to the list of DATA_DIR paths on Debian-based systems. This release removes that environment variable, which could potentially change path.data directories for instances of Elasticsearch. Take proper precautions when upgrading to avoid unexpected downtime or data loss (test module upgrades, et cetera).
Summary
Rewritten yaml generator, code cleanup, and various bugfixes. Configuration file yaml no longer nested. Service no longer restarts by default, and exposes more granular restart options.
Features
- The additional parameters restart_config_change, restart_package_change, and restart_plugin_change have been added for more granular control over service restarts.
Bugfixes
- Special yaml cases such as arrays of hashes and strings like "::" are properly supported.
- Previous Debian SysV init scripts mistakenly set the
DATA_DIR
environment variable to a non-default value. - Some plugins failed installation due to capitalization munging, the elasticsearch_plugin provider no longer forces downcasing.
Changes
- The
install_options
parameter on theelasticsearch::plugin
type has been removed. This was an undocumented parameter that often caused problems for users. - The
elasticsearch.service
systemd unit is no longer removed but masked by default, effectively hiding it from systemd but retaining the upstream vendor unit on disk for package management consistency. restart_on_change
now defaults to false to reduce unexpected cluster downtime (can be set to true if desired).- Package pinning is now contained within a separate class, so users can opt to manage package repositories manually and still use this module's pinning feature.
- All configuration hashes are now flattened into dot-notated yaml in the elasticsearch configuration file. This should be fairly transparent in terms of behavior, though the config file formatting will change.
Testing changes
- The acceptance test suite has been dramatically slimmed to cut down on testing time and reduce false positives.
0.11.0 ( May 23, 2016 )
Summary
Shield support, SLES support, and overhauled testing setup.
Features
- Support for shield
- TLS Certificate management
- Users (role and password management for file-based realms)
- Roles (file-based with mapping support)
- Support (repository proxies)[https://github.com/elastic/puppet-elasticsearch/pull/615]
- Support for (SSL auth on API calls)[https://github.com/elastic/puppet-elasticsearch/pull/577]
Bugfixes
- (Fix Facter calls)[https://github.com/elastic/puppet-elasticsearch/pull/590] in custom providers
Changes
Testing changes
- Overhaul testing methodology, see CONTRIBUTING for updates
- Add SLES 12, Oracle 6, and PE 2016.1.1 to testing matrix
- Enforce strict variable checking
Known bugs
- This is the first release with Shield support, some untested edge cases may exist
##0.10.3 ( Feb 08, 2016 )
###Summary Adding support for OpenBSD and minor fixes
####Features
- Add required changes to work with ES 2.2.x plugins
- Support for custom log directory
- Support for OpenBSD
####Bugfixes
- Add correct relation to file resource and plugin installation
- Notify service when upgrading the package
####Changes
- Remove plugin dir when upgrading Elasticsearch
####Testing changes
####Known bugs
- Possible package conflicts when using ruby/python defines with main package name
##0.10.2 ( Jan 19, 2016 )
###Summary Bugfix release and adding Gentoo support
####Features
- Added Gentoo support
####Bugfixes
- Create init script when set to unmanaged
- init_template variable was not passed on correctly to other classes / defines
- Fix issue with plugin type that caused run to stall
- Export ES_GC_LOG_FILE in init scripts
####Changes
- Improve documentation about init_defaults
- Update common files
- Removed recurse option on data directory management
- Add retry functionality to plugin type
####Testing changes
####Known bugs
- Possible package conflicts when using ruby/python defines with main package name
##0.10.1 ( Dec 17, 2015 )
###Summary Bugfix release for proxy functionality in plugin installation
####Features
####Bugfixes
- Proxy settings were not passed on correctly
####Changes
- Cleanup .pmtignore to exclude more files
####Testing changes
####Known bugs
- Possible package conflicts when using ruby/python defines with main package name
##0.10.0 ( Dec 14, 2015 )
###Summary Module now works with ES 2.x completely
####Features
- Work with ES 2.x new plugin system and remain to work with 1.x
- Implemented datacat module from Richard Clamp so other modules can hook into it for adding configuration options
- Fixed init and systemd files to work with 1.x and 2.x
- Made the module work with newer pl-apt module versions
- Export es_include so it is passed on to ES
- Ability to supply long gpg key for apt repo
####Bugfixes
- Documentation and typographical fixes
- Do not force puppet:/// schema resource
- Use package resource defaults rather than setting provider and source
####Changes
####Testing changes
- Improve unit testing and shorten the runtime
####Known bugs
- Possible package conflicts when using ruby/python defines with main package name
##0.9.9 ( Sep 01, 2015 )
###Summary Bugfix release and extra features
####Features
- Work with ES 2.x
- Add Java 8 detection in debian init script
- Improve offline plugin installation
####Bugfixes
- Fix a bug with new ruby versions but older puppet versions causing type error
- Fix config tempate to use correct ruby scoping
- Fix regex retrieving proxy port while downloading plugin
- Fix systemd template for better variable handling
- Template define was using wrong pathing for removal
####Changes
####Testing changes
####Known bugs
- Possible package conflicts when using ruby/python defines with main package name
##0.9.8 ( Jul 07, 2015 )
###Summary
####Features
- Work with ES 2.x
####Bugfixes
- Fix plugin to maintain backwards compatibility
####Changes
####Testing changes
- ensure testing works with Puppet 4.x ( Rspec and Acceptance )
####Known bugs
- Possible package conflicts when using ruby/python defines with main package name
##0.9.7 ( Jun 24, 2015 )
###Summary This releases adds several important features and fixes an important plugin installation issue with ES 1.6 and higher.
####Features
- Automate plugin dir extraction
- use init service provider for Amazon Linux
- Add Puppetlabs/apt and ceritsc/yum as required modules
- Added Timeout to fetching facts in case ES does not respond
- Add proxy settings for package download
####Bugfixes
- Fixed systemd template to fix issue with LimitMEMLOCK setting
- Improve package version handling when specifying a version
- Add tmpfiles.d file to manage sub dir in /var/run path
- Fix plugin installations for ES 1.6 and higher
####Changes
- Removed Modulefile, only maintaining metadata.json file
####Testing changes
- Added unit testing for package pinning feature
- Added integration testing with Elasticsearch to find issues earlier
- Fix openSUSE 13 testing
####Known bugs
- Possible package conflicts when using ruby/python defines with main package name
##0.9.6 ( May 28, 2015 )
###Summary Bugfix release 0.9.6
####Features
- Implemented package version pinning to avoid accidental upgrading
- Added support for Debian 8
- Added support for upgrading plugins
- Managing LimitNOFILE and LimitMEMLOCK settings in systemd
####Bugfixes
####Changes
- Dropped official support for PE 3.1.x and 3.2.x
####Testing changes
- Several testing changes implemented to increase coverage
####Known bugs
- Possible package conflicts when using ruby/python defines with main package name
##0.9.5( Apr 16, 2015 )
###Summary Bugfix release 0.9.5
We reverted the change that implemented the full 40 character for the apt repo key. This caused issues with some older versions of the puppetlabs-apt module
####Features
####Bugfixes
- Revert using the full 40 character for the apt repo key.
####Changes
####Testing changes
####Known bugs
- Possible package conflicts when using ruby/python defines with main package name
##0.9.4( Apr 14, 2015 )
###Summary Bugfix release 0.9.4
####Features
- Add the ability to create and populate scripts
####Bugfixes
- add support for init_defaults_file to elasticsearch::instance
- Update apt key to full 40characters
####Changes
- Fix readme regarding module_dir with plugins
####Testing changes
- Adding staged removal test
- Convert git urls to https
- Add centos7 node config
####Known bugs
- Possible package conflicts when using ruby/python defines with main package name
##0.9.3( Mar 24, 2015 )
###Summary Bugfix release 0.9.3
####Features
####Bugfixes
- Not setting repo_version did not give the correct error
- Systemd file did not contain User/Group values
####Changes
- Brand rename from Elasticsearch to Elastic
####Testing changes
- Moved from multiple Gemfiles to single Gemfile
####Known bugs
- Possible package conflicts when using ruby/python defines with main package name
##0.9.2( Mar 06, 2015 )
###Summary Bugfix release 0.9.2
####Features
- Introducing es_instance_conn_validator resource to verify instance availability
####Bugfixes
- Fix missing data path when using the path config setting but not setting the data path
####Changes None
####Testing changes None
####Known bugs
- Possible package conflicts when using ruby/python defines with main package name
##0.9.1 ( Feb 23, 2015 )
###Summary This is the first bug fix release for 0.9 version. A bug was reported with the recursive file management.
####Features None
####Bugfixes
- Fix recursive file management
- Set undefined variables to work with strict_variables
####Changes None
####Testing changes None
####Known bugs
- Possible package conflicts when using ruby/python defines with main package name
##0.9.0 ( Feb 02, 2015 )
###Summary This release is the first one towards 1.0 release. Our planning is to provide LTS releases with the puppet module
####Features
- Support for using hiera to define instances and plugins.
- Support for openSUSE 13.x
- Custom facts about the installed Elasticsearch instance(s)
- Proxy host/port support for the plugin installation
- Ability to supply a custom logging.yml template
####Bugfixes
- Ensure file owners are correct accross all related files
- Fix of possible service name conflict
- Empty main config would fail with instances
- Removal of standard files from packages we dont use
- Ensuring correct sequence of plugin and template defines
- Added ES_CLASSPATH export to init scripts
####Changes
- Java installation to use puppetlabs-java module
- Added Support and testing for Puppet 3.7 and PE 3.7
- Improve metadata.json based on scoring from Forge
####Testing changes
- Added testing against Puppet 3.7 and PE 3.7
- Using rspec3
- Using rspec-puppet-facts gem simplifies rspec testing
####Known Bugs
- Possible package conflicts when using ruby/python defines with main package name
##0.4.0 ( Jun 18, 2014 ) - Backwards compatible breaking release
###Summary This release introduces instances to facilitate the option to have more then a single instance running on the host system.
####Features
- Rewrite module to incorperate multi instance support
- New readme layout
####Bugfixes
- None
####Changes
- Adding ec2-linux osfamily for repo management
- Retry behaviour for plugin installation
####Testing changes
- Adding Puppet 3.6.x testing
- Ubuntu 14.04 testing
- Using new docker images
- Pin rspec to 2.14.x
####Known Bugs
- No known bugs
##0.3.2 ( May 15, 2014 )
- Add support for SLC/Scientific Linux CERN ( PR #121 )
- Add support for custom package names ( PR #122 )
- Fix python and ruby client defines to avoid name clashes.
- Add ability to use stage instead of anchor for repo class
- Minor fixes to system tests
##0.3.1 ( April 22, 2014 )
- Ensure we create the plugin directory before installing plugins
- Added Puppet 3.5.x to rspec and system tests
##0.3.0 ( April 2, 2014 )
- Fix minor issue with yumrepo in repo class ( PR #92 )
- Implement openSUSE support
- Implement Junit reporting for tests
- Adding more system tests and convert to Docker images
- Use Augeas for managing the defaults file
- Add retry to package download exec
- Add management to manage the logging.yml file
- Improve inline documentation
- Improve support for Debian 6
- Improve augeas for values with spaces
- Run plugin install as ES user ( PR #108 )
- Fix rights for the plugin directory
- Pin Rake for Ruby 1.8.7
- Adding new metadata for Forge.
- Increase time for retry to insert the template
##0.2.4 ( Feb 21, 2014 )
- Set puppetlabs-stdlib dependency version from 3.0.0 to 3.2.0 to be inline with other modules
- Let puppet run fail when template insert fails
- Documentation improvements ( PR #77, #78, #83 )
- Added beaker system tests
- Fixed template define after failing system tests
- Some fixes so variables are more inline with intended structure
##0.2.3 ( Feb 06, 2014 )
- Add repository management feature
- Improve testing coverage and implement basic resource coverage reporting
- Add puppet 3.4.x testing
- Fix dependency in template define ( PR #72 )
- For apt repo change from key server to key file
##0.2.2 ( Jan 23, 2014 )
- Ensure exec names are unique. This caused issues when using our logstash module
- Add spec tests for plugin define
##0.2.1 ( Jan 22, 2014 )
- Simplify the management of the defaults file ( PR #64 )
- Doc improvements for the plugin define ( PR #66 )
- Allow creation of data directory ( PR #68 )
- Fail early when package version and package_url are defined
##0.2.0 ( Nov 19, 2013 )
- Large rewrite of the entire module described below
- Make the core more dynamic for different service providers and multi instance capable
- Add better testing and devided into different files
- Fix template function. Replace of template is now only done when the file is changed
- Add different ways to install the package except from the repository ( puppet/http/https/ftp/file )
- Update java class to install openjdk 1.7
- Add tests for python function
- Update config file template to fix scoping issue ( from PR #57 )
- Add validation of templates
- Small changes for preperation for system tests
- Update readme for new functionality
- Added more test scenario's
- Added puppet parser validate task for added checking
- Ensure we don't add stuff when removing the module
- Update python client define
- Add ruby client define
- Add tests for ruby clients and update python client tests
##0.1.3 ( Sep 06, 2013 )
- Exec path settings has been updated to fix warnings ( PR #37, #47 )
- Adding define to install python bindings ( PR #43 )
- Scope deprecation fixes ( PR #41 )
- feature to install plugins ( PR #40 )
##0.1.2 ( Jun 21, 2013 )
- Update rake file to ignore the param inherit
- Added missing documentation to the template define
- Fix for template define to allow multiple templates ( PR #36 by Bruce Morrison )
##0.1.1 ( Jun 14, 2013 )
- Add Oracle Linux to the OS list ( PR #25 by Stas Alekseev )
- Respect the restart_on_change on the defaults ( PR #29 by Simon Effenberg )
- Make sure the config can be empty as advertised in the readme
- Remove dependency cycle when the defaults file is updated ( PR #31 by Bruce Morrison )
- Enable retry on the template insert in case ES isn't started yet ( PR #32 by Bruce Morrison )
- Update templates to avoid deprecation notice with Puppet 3.2.x
- Update template define to avoid auto insert issue with ES
- Update spec tests to reflect changes to template define
##0.1.0 ( May 09, 2013 )
- Populate .gitignore ( PR #19 by Igor Galić )
- Add ability to install initfile ( PR #20 by Justin Lambert )
- Add ability to manage default file service parameters ( PR #21 by Mathieu Bornoz )
- Providing complete containment of the module ( PR #24 by Brian Lalor )
- Add ability to specify package version ( PR #25 by Justin Lambert )
- Adding license file
##0.0.7 ( Mar 23, 2013 )
- Ensure config directory is created and managed ( PR #13 by Martin Seener )
- Dont backup package if it changes
- Create explicit dependency on template directory ( PR #16 by Igor Galić )
- Make the config directory variable ( PR #17 by Igor Galić and PR #18 by Vincent Janelle )
- Fixing template define
##0.0.6 ( Mar 05, 2013 )
- Fixing issue with configuration not printing out arrays
- New feature to write the config hash shorter
- Updated readme to reflect the new feature
- Adding spec tests for config file generation
##0.0.5 ( Mar 03, 2013 )
- Option to disable restart on config file change ( PR #10 by Chris Boulton )
##0.0.4 ( Mar 02, 2013 )
- Fixed a major issue with the config template ( Issue #9 )
##0.0.3 ( Mar 02, 2013 )
- Adding spec tests
- Fixed init issue on Ubuntu ( Issue #6 by Marcus Furlong )
- Fixed config template problem ( Issue #8 by surfchris )
- New feature to manage templates
##0.0.2 ( Feb 16, 2013 )
- Feature to supply a package instead of being dependent on the repository
- Feature to install java in case one doesn't manage it externally
- Adding RedHat and Amazon as Operating systems
- fixed a typo - its a shard not a shared :) ( PR #5 by Martin Seener )
##0.0.1 ( Jan 13, 2013 )
- Initial release of the module
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppet/elastic_stack (>= 8.0.0 < 10.0.0)
- puppetlabs/java (>= 1.0.0 < 11.0.0)
- puppetlabs/java_ks (>= 1.5.0 < 6.0.0)
- puppetlabs/stdlib (>= 6.1.0 < 10.0.0)
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use thes Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.