From 7c71c45d296849ff07bf8e3c8a13fcf2ed1323f9 Mon Sep 17 00:00:00 2001 From: thomashaw Date: Mon, 15 Nov 2021 19:13:09 +0000 Subject: [PATCH] ELK merge - includes new Elastalert, Logstash, Kibana, Elastalert, Auditbeat, Filebeat modules and other misc changes. --- lib/batch/batch_secgen.rb | 2 +- lib/helpers/scenario.rb | 15 + lib/objects/module.rb | 2 +- lib/objects/system.rb | 52 +- lib/output/project_files_creator.rb | 49 +- lib/readers/module_reader.rb | 37 +- lib/readers/system_reader.rb | 39 +- lib/readers/xml_reader.rb | 49 + lib/schemas/scenario_schema.xsd | 1 + lib/templates/Puppetfile.erb | 4 +- lib/templates/Vagrantfile.erb | 37 +- lib/test/base_upgrade_testing.rb | 2 +- .../random_filename/secgen_local/local.rb | 2 +- .../apache/metadata.json | 4 +- .../logging/elasticsearch/elasticsearch.pp | 13 + .../logging/elasticsearch/manifests/config.pp | 20 + .../logging/elasticsearch/manifests/init.pp | 18 + .../elasticsearch/manifests/install.pp | 20 + .../elasticsearch/manifests/service.pp | 14 + .../logging/elasticsearch/secgen_metadata.xml | 10 +- .../templates/elasticsearch.yml.erb | 8 + .../services/unix/logging/kibana/kibana.pp | 12 + .../unix/logging/kibana/manifests/config.pp | 18 + .../unix/logging/kibana/manifests/init.pp | 11 + .../unix/logging/kibana/manifests/install.pp | 5 + .../unix/logging/kibana/manifests/service.pp | 6 + .../unix/logging/kibana/secgen_metadata.xml | 6 +- .../logging/kibana/templates/kibana.yml.erb | 6 + .../logging/logstash/files/combined_path.rb | 35 + .../unix/logging/logstash/logstash.pp | 12 + .../unix/logging/logstash/manifests/config.pp | 34 + .../unix/logging/logstash/manifests/init.pp | 11 + .../logging/logstash/manifests/install.pp | 11 + .../logging/logstash/manifests/service.pp | 6 + .../unix/logging/logstash/secgen_metadata.xml | 6 +- .../templates/configfile-template.erb | 24 + .../logstash/templates/logstash.yml.erb | 4 + .../java/.devcontainer/Dockerfile | 6 + .../java/.devcontainer/devcontainer.json | 23 + .../java/.github/workflows/nightly.yml | 230 ++++ .../java/.github/workflows/pr_test.yml | 211 ++++ .../java/.gitpod.Dockerfile | 18 + .../java_stretch_compatible/java/.gitpod.yml | 9 + .../java/.rubocop_todo.yml | 0 .../java_stretch_compatible/java/CHANGELOG.md | 131 +++ .../java_stretch_compatible/java/CODEOWNERS | 2 + .../java/CONTRIBUTING.md | 2 +- .../java_stretch_compatible/java}/LICENSE | 2 +- .../java_stretch_compatible/java/README.md | 246 ++++ .../java_stretch_compatible/java/REFERENCE.md | 436 +++++++ .../java/data/common.yaml | 1 + .../java/examples/alternative.pp | 2 +- .../java_stretch_compatible/java/hiera.yaml | 21 + .../java/lib/facter/java_libjvm_path.rb | 18 +- .../java/lib/facter/java_major_version.rb | 8 +- .../java/lib/facter/java_patch_level.rb | 10 +- .../java/lib/facter/java_version.rb | 6 +- .../java/manifests/adopt.pp | 312 +++++ .../java/manifests/config.pp | 22 +- .../java/manifests/download.pp | 328 ++++++ .../java/manifests/init.pp | 31 +- .../java/manifests/params.pp | 133 +-- .../java/manifests/sap.pp | 227 ++++ .../java/metadata.json | 41 +- .../java/provision.yaml | 96 ++ .../unix/logging/auditbeat/.puppet-lint.rc | 1 + .../unix/logging/auditbeat/CHANGELOG.md | 99 +- .../unix/logging/auditbeat/README.md | 96 +- .../unix/logging/auditbeat/auditbeat.pp | 41 +- .../unix/logging/auditbeat/data/common.yaml | 1 + .../logging/auditbeat/files/rules/.no_files | 0 .../unix/logging/auditbeat/hiera.yaml | 21 + .../logging/auditbeat/manifests/config.pp | 41 +- .../unix/logging/auditbeat/manifests/init.pp | 10 +- .../logging/auditbeat/manifests/install.pp | 1 + .../unix/logging/auditbeat/manifests/repo.pp | 53 +- .../logging/auditbeat/manifests/service.pp | 1 + .../unix/logging/auditbeat/metadata.json | 38 +- .../logging/auditbeat/secgen_metadata.xml | 11 +- .../auditbeat/spec/classes/auditbeat_spec.rb | 129 -- .../logging/auditbeat/spec/default_facts.yml | 8 - .../logging/auditbeat/spec/spec_helper.rb | 36 - .../auditbeat/templates/audit_rules.erb | 7 - .../unix/logging/elastalert/elastalert.pp | 18 + .../elastalert/files/dev-example-alert.json | 224 ++++ .../elastalert/files/elastalert-index.rb | 18 + .../elastalert/files/elastalert-index.service | 15 + .../logging/elastalert/files/elastalert.diff | 17 + .../elastalert/files/elastalert.service | 12 + .../logging/elastalert/files/exec_alerter.py | 63 + .../elastalert/files/rules/example-rule.yaml | 13 + .../logging/elastalert/manifests/config.pp | 35 + .../unix/logging/elastalert/manifests/init.pp | 15 + .../logging/elastalert/manifests/install.pp | 21 + .../logging/elastalert/manifests/service.pp | 36 + .../secgen_metadata.xml | 8 +- .../elastalert/templates/config.yaml.erb | 115 ++ .../unix/logging/elasticsearch/CHANGELOG.md | 976 ---------------- .../logging/elasticsearch/CONTRIBUTING.md | 69 -- .../unix/logging/elasticsearch/CONTRIBUTORS | 33 - .../unix/logging/elasticsearch/README.md | 1041 ----------------- .../unix/logging/elasticsearch/checksums.json | 119 -- .../logging/elasticsearch/data/common.yaml | 66 -- .../elasticsearch/data/distro/Amazon.yaml | 3 - .../elasticsearch/data/distro/Amazon/2.yaml | 3 - .../elasticsearch/data/distro/Debian/7.yaml | 4 - .../data/distro/Ubuntu/12.04.yaml | 4 - .../data/distro/Ubuntu/14.04.yaml | 4 - .../elasticsearch/data/kernel/Darwin.yaml | 5 - .../elasticsearch/data/kernel/Linux.yaml | 8 - .../elasticsearch/data/kernel/OpenBSD.yaml | 10 - .../logging/elasticsearch/data/os/Debian.yaml | 2 - .../logging/elasticsearch/data/os/Gentoo.yaml | 6 - .../logging/elasticsearch/data/os/RedHat.yaml | 2 - .../elasticsearch/data/os/RedHat/5.yaml | 3 - .../elasticsearch/data/os/RedHat/6.yaml | 3 - .../logging/elasticsearch/data/os/Suse.yaml | 3 - .../elasticsearch/data/os/Suse/11.yaml | 4 - .../logging/elasticsearch/elasticsearch.pp | 18 - .../files/etc/init.d/elasticsearch.Debian.erb | 207 ---- .../etc/init.d/elasticsearch.OpenBSD.erb | 27 - .../files/etc/init.d/elasticsearch.RedHat.erb | 183 --- .../files/etc/init.d/elasticsearch.SLES.erb | 148 --- .../files/etc/init.d/elasticsearch.openrc.erb | 90 -- .../etc/init.d/elasticsearch.systemd.erb | 60 - .../unix/logging/elasticsearch/hiera.yaml | 27 - .../elasticsearch/lib/facter/es_facts.rb | 122 -- .../elasticsearch_shield_users_native.rb | 16 - .../puppet/parser/functions/array_suffix.rb | 46 - .../puppet/parser/functions/concat_merge.rb | 50 - .../puppet/parser/functions/deep_implode.rb | 46 - .../puppet/parser/functions/es_plugin_name.rb | 42 - .../lib/puppet/parser/functions/plugin_dir.rb | 43 - .../lib/puppet/provider/elastic_parsedfile.rb | 26 - .../lib/puppet/provider/elastic_plugin.rb | 208 ---- .../lib/puppet/provider/elastic_rest.rb | 303 ----- .../puppet/provider/elastic_user_command.rb | 123 -- .../lib/puppet/provider/elastic_user_roles.rb | 49 - .../lib/puppet/provider/elastic_yaml.rb | 58 - .../provider/elasticsearch_index/ruby.rb | 25 - .../elasticsearch_keystore.rb | 166 --- .../provider/elasticsearch_license/shield.rb | 31 - .../provider/elasticsearch_license/x-pack.rb | 33 - .../provider/elasticsearch_pipeline/ruby.rb | 12 - .../elasticsearch_plugin.rb | 21 - .../provider/elasticsearch_plugin/plugin.rb | 18 - .../provider/elasticsearch_role/oss_xpack.rb | 12 - .../provider/elasticsearch_role/shield.rb | 12 - .../provider/elasticsearch_role/xpack.rb | 12 - .../elasticsearch_role_mapping/oss_xpack.rb | 12 - .../elasticsearch_role_mapping/shield.rb | 12 - .../elasticsearch_role_mapping/xpack.rb | 12 - .../elasticsearch_service_file/ruby.rb | 81 -- .../elasticsearch_snapshot_repository/ruby.rb | 52 - .../provider/elasticsearch_template/ruby.rb | 21 - .../elasticsearch_user/elasticsearch_users.rb | 15 - .../provider/elasticsearch_user/esusers.rb | 15 - .../provider/elasticsearch_user/users.rb | 16 - .../elasticsearch_user_file/oss_xpack.rb | 29 - .../elasticsearch_user_file/shield.rb | 29 - .../provider/elasticsearch_user_file/xpack.rb | 29 - .../elasticsearch_user_roles/oss_xpack.rb | 11 - .../elasticsearch_user_roles/shield.rb | 11 - .../elasticsearch_user_roles/xpack.rb | 11 - .../es_instance_conn_validator/tcp_port.rb | 50 - .../lib/puppet/type/elasticsearch_index.rb | 34 - .../lib/puppet/type/elasticsearch_keystore.rb | 64 - .../lib/puppet/type/elasticsearch_license.rb | 52 - .../lib/puppet/type/elasticsearch_pipeline.rb | 29 - .../lib/puppet/type/elasticsearch_plugin.rb | 52 - .../lib/puppet/type/elasticsearch_role.rb | 15 - .../puppet/type/elasticsearch_role_mapping.rb | 15 - .../puppet/type/elasticsearch_service_file.rb | 87 -- .../type/elasticsearch_snapshot_repository.rb | 51 - .../lib/puppet/type/elasticsearch_template.rb | 114 -- .../lib/puppet/type/elasticsearch_user.rb | 51 - .../puppet/type/elasticsearch_user_file.rb | 30 - .../puppet/type/elasticsearch_user_roles.rb | 20 - .../puppet/type/es_instance_conn_validator.rb | 33 - .../lib/puppet/util/es_instance_validator.rb | 44 - .../puppet_x/elastic/asymmetric_compare.rb | 24 - .../lib/puppet_x/elastic/deep_implode.rb | 33 - .../lib/puppet_x/elastic/deep_to_i.rb | 20 - .../lib/puppet_x/elastic/deep_to_s.rb | 20 - .../elastic/elasticsearch_rest_resource.rb | 93 -- .../lib/puppet_x/elastic/es_versioning.rb | 61 - .../lib/puppet_x/elastic/hash.rb | 73 -- .../lib/puppet_x/elastic/plugin_parsing.rb | 33 - .../logging/elasticsearch/manifests/config.pp | 175 --- .../logging/elasticsearch/manifests/index.pp | 77 -- .../logging/elasticsearch/manifests/init.pp | 581 --------- .../elasticsearch/manifests/instance.pp | 533 --------- .../elasticsearch/manifests/license.pp | 104 -- .../elasticsearch/manifests/package.pp | 193 --- .../elasticsearch/manifests/pipeline.pp | 79 -- .../logging/elasticsearch/manifests/plugin.pp | 152 --- .../logging/elasticsearch/manifests/role.pp | 60 - .../logging/elasticsearch/manifests/script.pp | 37 - .../elasticsearch/manifests/service.pp | 93 -- .../elasticsearch/manifests/service/init.pp | 161 --- .../manifests/service/openbsd.pp | 121 -- .../elasticsearch/manifests/service/openrc.pp | 166 --- .../manifests/service/systemd.pp | 194 --- .../manifests/snapshot_repository.pp | 104 -- .../elasticsearch/manifests/template.pp | 100 -- .../logging/elasticsearch/manifests/user.pp | 51 - .../unix/logging/elasticsearch/metadata.json | 84 -- .../etc/elasticsearch/elasticsearch.yml.erb | 19 - .../etc/elasticsearch/jvm.options.erb | 43 - .../etc/elasticsearch/log4j2.properties.erb | 99 -- .../etc/elasticsearch/logging.yml.erb | 71 -- .../templates/etc/sysconfig/defaults.erb | 6 - .../usr/lib/tmpfiles.d/elasticsearch.conf.erb | 1 - .../logging/elasticsearch/types/multipath.pp | 1 - .../logging/elasticsearch/types/status.pp | 1 - .../unix/logging/filebeat/.pmtignore | 20 + .../unix/logging/filebeat/.puppet-lint.rc | 1 + .../utilities/unix/logging/filebeat/.sync.yml | 5 + .../unix/logging/filebeat/CHANGELOG.md | 147 ++- .../utilities/unix/logging/filebeat/README.md | 209 ++-- .../unix/logging/filebeat/filebeat.pp | 39 +- .../filebeat/lib/facter/filebeat_version.rb | 13 +- .../unix/logging/filebeat/manifests/config.pp | 47 +- .../unix/logging/filebeat/manifests/init.pp | 46 +- .../unix/logging/filebeat/manifests/input.pp | 137 +++ .../filebeat/manifests/install/windows.pp | 14 +- .../unix/logging/filebeat/manifests/params.pp | 71 +- .../unix/logging/filebeat/manifests/repo.pp | 11 +- .../logging/filebeat/manifests/service.pp | 59 +- .../unix/logging/filebeat/metadata.json | 30 +- .../filebeat/templates/filebeat.yml.erb | 1 - .../logging/filebeat/templates/input.yml.erb | 211 ++++ .../filebeat/templates/prospector.yml.erb | 350 +++--- .../templates/systemd/logging.conf.erb | 2 + .../unix/logging/kibana/CHANGELOG.md | 109 -- .../unix/logging/kibana/CONTRIBUTING.md | 113 -- .../unix/logging/kibana/CONTRIBUTORS | 9 - modules/utilities/unix/logging/kibana/Gemfile | 56 - .../unix/logging/kibana/Gemfile.lock | 482 -------- modules/utilities/unix/logging/kibana/LICENSE | 202 ---- .../utilities/unix/logging/kibana/Makefile | 5 - .../unix/logging/kibana/README.markdown | 220 ---- .../utilities/unix/logging/kibana/Rakefile | 184 --- .../unix/logging/kibana/checksums.json | 26 - .../unix/logging/kibana/data/common.yaml | 7 - .../utilities/unix/logging/kibana/hiera.yaml | 7 - .../utilities/unix/logging/kibana/kibana.pp | 15 - .../lib/puppet/provider/elastic_kibana.rb | 155 --- .../puppet/provider/kibana_plugin/kibana.rb | 15 - .../provider/kibana_plugin/kibana_plugin.rb | 14 - .../kibana/lib/puppet/type/kibana_plugin.rb | 36 - .../kibana/lib/puppet_x/elastic/hash.rb | 73 -- .../unix/logging/kibana/manifests/config.pp | 22 - .../unix/logging/kibana/manifests/init.pp | 61 - .../unix/logging/kibana/manifests/install.pp | 33 - .../unix/logging/kibana/manifests/service.pp | 46 - .../unix/logging/kibana/metadata.json | 64 - .../templates/etc/kibana/kibana.yml.erb | 7 - .../unix/logging/kibana/tests/init.pp | 12 - .../unix/logging/kibana/types/status.pp | 1 - .../utilities/unix/logging/logstash/CHANGELOG | 198 ---- .../unix/logging/logstash/CONTRIBUTING.md | 60 - .../unix/logging/logstash/CONTRIBUTORS | 19 - .../utilities/unix/logging/logstash/LICENSE | 13 - .../utilities/unix/logging/logstash/Makefile | 52 - .../utilities/unix/logging/logstash/README.md | 325 ----- .../unix/logging/logstash/Vagrantfile | 29 - .../logstash/Vagrantfile.d/manifests/site.pp | 34 - .../logging/logstash/Vagrantfile.d/server.sh | 27 - .../unix/logging/logstash/checksums.json | 49 - .../unix/logging/logstash/doc/_index.html | 161 --- .../unix/logging/logstash/doc/css/common.css | 8 - .../logging/logstash/doc/css/full_list.css | 58 - .../unix/logging/logstash/doc/css/style.css | 496 -------- .../logging/logstash/doc/file.README.html | 397 ------- .../unix/logging/logstash/doc/frames.html | 17 - .../unix/logging/logstash/doc/index.html | 397 ------- .../unix/logging/logstash/doc/js/app.js | 292 ----- .../unix/logging/logstash/doc/js/full_list.js | 216 ---- .../unix/logging/logstash/doc/js/jquery.js | 4 - .../logstash/doc/puppet_class_list.html | 75 -- .../logstash/doc/puppet_classes/logstash.html | 617 ---------- .../puppet_classes/logstash_3A_3Aconfig.html | 219 ---- .../puppet_classes/logstash_3A_3Apackage.html | 417 ------- .../puppet_classes/logstash_3A_3Aservice.html | 462 -------- .../doc/puppet_defined_type_list.html | 68 -- .../logstash_3A_3Aconfigfile.html | 322 ----- .../logstash_3A_3Apatternfile.html | 218 ---- .../logstash_3A_3Aplugin.html | 390 ------ .../logstash/doc/top-level-namespace.html | 98 -- .../logging/logstash/files/grok-pattern-0 | 1 - .../logging/logstash/files/grok-pattern-1 | 1 - .../files/logstash-output-cowsay-5.0.0.zip | Bin 12518 -> 0 bytes .../logging/logstash/files/null-output.conf | 4 - .../unix/logging/logstash/logstash.pp | 10 - .../unix/logging/logstash/manifests/config.pp | 50 - .../logging/logstash/manifests/configfile.pp | 86 -- .../unix/logging/logstash/manifests/init.pp | 174 --- .../logging/logstash/manifests/package.pp | 132 --- .../logstash/manifests/package/install.pp | 29 - .../logging/logstash/manifests/patternfile.pp | 40 - .../unix/logging/logstash/manifests/plugin.pp | 127 -- .../logging/logstash/manifests/service.pp | 173 --- .../unix/logging/logstash/metadata.json | 72 -- .../templates/configfile-template.erb | 14 - .../logstash/templates/jvm.options.erb | 27 - .../logstash/templates/logstash.yml.erb | 18 - .../logstash/templates/pipelines.yml.erb | 1 - .../logstash/templates/startup.options.erb | 14 - .../logging/watcher/manifests/configure.pp | 23 - .../logging/watcher/templates/watch.json.erb | 50 - .../utilities/unix/logging/watcher/watcher.pp | 1 - scenarios/examples/elkstack.xml | 131 ++- secgen.rb | 2 +- 314 files changed, 4946 insertions(+), 19102 deletions(-) create mode 100644 lib/helpers/scenario.rb create mode 100644 lib/readers/xml_reader.rb create mode 100644 modules/services/unix/logging/elasticsearch/elasticsearch.pp create mode 100644 modules/services/unix/logging/elasticsearch/manifests/config.pp create mode 100644 modules/services/unix/logging/elasticsearch/manifests/init.pp create mode 100644 modules/services/unix/logging/elasticsearch/manifests/install.pp create mode 100644 modules/services/unix/logging/elasticsearch/manifests/service.pp rename modules/{utilities => services}/unix/logging/elasticsearch/secgen_metadata.xml (76%) create mode 100644 modules/services/unix/logging/elasticsearch/templates/elasticsearch.yml.erb create mode 100644 modules/services/unix/logging/kibana/kibana.pp create mode 100644 modules/services/unix/logging/kibana/manifests/config.pp create mode 100644 modules/services/unix/logging/kibana/manifests/init.pp create mode 100644 modules/services/unix/logging/kibana/manifests/install.pp create mode 100644 modules/services/unix/logging/kibana/manifests/service.pp rename modules/{utilities => services}/unix/logging/kibana/secgen_metadata.xml (86%) create mode 100644 modules/services/unix/logging/kibana/templates/kibana.yml.erb create mode 100644 modules/services/unix/logging/logstash/files/combined_path.rb create mode 100644 modules/services/unix/logging/logstash/logstash.pp create mode 100644 modules/services/unix/logging/logstash/manifests/config.pp create mode 100644 modules/services/unix/logging/logstash/manifests/init.pp create mode 100644 modules/services/unix/logging/logstash/manifests/install.pp create mode 100644 modules/services/unix/logging/logstash/manifests/service.pp rename modules/{utilities => services}/unix/logging/logstash/secgen_metadata.xml (84%) create mode 100644 modules/services/unix/logging/logstash/templates/configfile-template.erb create mode 100644 modules/services/unix/logging/logstash/templates/logstash.yml.erb create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/.devcontainer/Dockerfile create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/.devcontainer/devcontainer.json create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/.github/workflows/nightly.yml create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/.github/workflows/pr_test.yml create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/.gitpod.Dockerfile create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/.gitpod.yml create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/.rubocop_todo.yml create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/CODEOWNERS rename modules/utilities/unix/{logging/elasticsearch => languages/java_stretch_compatible/java}/LICENSE (99%) create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/README.md create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/REFERENCE.md create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/data/common.yaml create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/hiera.yaml create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/manifests/adopt.pp create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/manifests/download.pp create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/manifests/sap.pp create mode 100644 modules/utilities/unix/languages/java_stretch_compatible/java/provision.yaml create mode 100644 modules/utilities/unix/logging/auditbeat/.puppet-lint.rc create mode 100644 modules/utilities/unix/logging/auditbeat/data/common.yaml create mode 100644 modules/utilities/unix/logging/auditbeat/files/rules/.no_files create mode 100644 modules/utilities/unix/logging/auditbeat/hiera.yaml delete mode 100644 modules/utilities/unix/logging/auditbeat/spec/classes/auditbeat_spec.rb delete mode 100644 modules/utilities/unix/logging/auditbeat/spec/default_facts.yml delete mode 100644 modules/utilities/unix/logging/auditbeat/spec/spec_helper.rb delete mode 100644 modules/utilities/unix/logging/auditbeat/templates/audit_rules.erb create mode 100644 modules/utilities/unix/logging/elastalert/elastalert.pp create mode 100644 modules/utilities/unix/logging/elastalert/files/dev-example-alert.json create mode 100644 modules/utilities/unix/logging/elastalert/files/elastalert-index.rb create mode 100644 modules/utilities/unix/logging/elastalert/files/elastalert-index.service create mode 100644 modules/utilities/unix/logging/elastalert/files/elastalert.diff create mode 100644 modules/utilities/unix/logging/elastalert/files/elastalert.service create mode 100644 modules/utilities/unix/logging/elastalert/files/exec_alerter.py create mode 100644 modules/utilities/unix/logging/elastalert/files/rules/example-rule.yaml create mode 100644 modules/utilities/unix/logging/elastalert/manifests/config.pp create mode 100644 modules/utilities/unix/logging/elastalert/manifests/init.pp create mode 100644 modules/utilities/unix/logging/elastalert/manifests/install.pp create mode 100644 modules/utilities/unix/logging/elastalert/manifests/service.pp rename modules/utilities/unix/logging/{watcher => elastalert}/secgen_metadata.xml (85%) create mode 100644 modules/utilities/unix/logging/elastalert/templates/config.yaml.erb delete mode 100644 modules/utilities/unix/logging/elasticsearch/CHANGELOG.md delete mode 100644 modules/utilities/unix/logging/elasticsearch/CONTRIBUTING.md delete mode 100644 modules/utilities/unix/logging/elasticsearch/CONTRIBUTORS delete mode 100644 modules/utilities/unix/logging/elasticsearch/README.md delete mode 100644 modules/utilities/unix/logging/elasticsearch/checksums.json delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/common.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/distro/Amazon.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/distro/Amazon/2.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/distro/Debian/7.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/distro/Ubuntu/12.04.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/distro/Ubuntu/14.04.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/kernel/Darwin.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/kernel/Linux.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/kernel/OpenBSD.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/os/Debian.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/os/Gentoo.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/os/RedHat.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/os/RedHat/5.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/os/RedHat/6.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/os/Suse.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/data/os/Suse/11.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/elasticsearch.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.Debian.erb delete mode 100644 modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.OpenBSD.erb delete mode 100644 modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.RedHat.erb delete mode 100755 modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.SLES.erb delete mode 100644 modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.openrc.erb delete mode 100644 modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.systemd.erb delete mode 100644 modules/utilities/unix/logging/elasticsearch/hiera.yaml delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/facter/es_facts.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/feature/elasticsearch_shield_users_native.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/array_suffix.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/concat_merge.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/deep_implode.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/es_plugin_name.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/plugin_dir.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_parsedfile.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_plugin.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_rest.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_command.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_roles.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_yaml.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_index/ruby.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_keystore/elasticsearch_keystore.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/shield.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/x-pack.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_pipeline/ruby.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/elasticsearch_plugin.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/plugin.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/oss_xpack.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/shield.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/xpack.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/oss_xpack.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/shield.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/xpack.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_service_file/ruby.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_snapshot_repository/ruby.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_template/ruby.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/elasticsearch_users.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/esusers.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/users.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/oss_xpack.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/shield.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/xpack.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/oss_xpack.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/shield.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/xpack.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/es_instance_conn_validator/tcp_port.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_index.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_keystore.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_license.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_pipeline.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_plugin.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role_mapping.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_service_file.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_snapshot_repository.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_template.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_file.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_roles.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/type/es_instance_conn_validator.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet/util/es_instance_validator.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/asymmetric_compare.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_implode.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_i.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_s.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/elasticsearch_rest_resource.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/es_versioning.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/hash.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/plugin_parsing.rb delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/config.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/index.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/init.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/instance.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/license.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/package.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/pipeline.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/plugin.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/role.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/script.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/service.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/service/init.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/service/openbsd.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/service/openrc.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/service/systemd.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/snapshot_repository.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/template.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/manifests/user.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/metadata.json delete mode 100644 modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/elasticsearch.yml.erb delete mode 100644 modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/jvm.options.erb delete mode 100644 modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/log4j2.properties.erb delete mode 100644 modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/logging.yml.erb delete mode 100644 modules/utilities/unix/logging/elasticsearch/templates/etc/sysconfig/defaults.erb delete mode 100644 modules/utilities/unix/logging/elasticsearch/templates/usr/lib/tmpfiles.d/elasticsearch.conf.erb delete mode 100644 modules/utilities/unix/logging/elasticsearch/types/multipath.pp delete mode 100644 modules/utilities/unix/logging/elasticsearch/types/status.pp create mode 100644 modules/utilities/unix/logging/filebeat/.pmtignore create mode 100644 modules/utilities/unix/logging/filebeat/.puppet-lint.rc create mode 100644 modules/utilities/unix/logging/filebeat/.sync.yml create mode 100644 modules/utilities/unix/logging/filebeat/manifests/input.pp create mode 100644 modules/utilities/unix/logging/filebeat/templates/input.yml.erb create mode 100644 modules/utilities/unix/logging/filebeat/templates/systemd/logging.conf.erb delete mode 100644 modules/utilities/unix/logging/kibana/CHANGELOG.md delete mode 100644 modules/utilities/unix/logging/kibana/CONTRIBUTING.md delete mode 100644 modules/utilities/unix/logging/kibana/CONTRIBUTORS delete mode 100644 modules/utilities/unix/logging/kibana/Gemfile delete mode 100644 modules/utilities/unix/logging/kibana/Gemfile.lock delete mode 100644 modules/utilities/unix/logging/kibana/LICENSE delete mode 100644 modules/utilities/unix/logging/kibana/Makefile delete mode 100644 modules/utilities/unix/logging/kibana/README.markdown delete mode 100644 modules/utilities/unix/logging/kibana/Rakefile delete mode 100644 modules/utilities/unix/logging/kibana/checksums.json delete mode 100644 modules/utilities/unix/logging/kibana/data/common.yaml delete mode 100644 modules/utilities/unix/logging/kibana/hiera.yaml delete mode 100644 modules/utilities/unix/logging/kibana/kibana.pp delete mode 100644 modules/utilities/unix/logging/kibana/lib/puppet/provider/elastic_kibana.rb delete mode 100644 modules/utilities/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana.rb delete mode 100644 modules/utilities/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana_plugin.rb delete mode 100644 modules/utilities/unix/logging/kibana/lib/puppet/type/kibana_plugin.rb delete mode 100644 modules/utilities/unix/logging/kibana/lib/puppet_x/elastic/hash.rb delete mode 100644 modules/utilities/unix/logging/kibana/manifests/config.pp delete mode 100644 modules/utilities/unix/logging/kibana/manifests/init.pp delete mode 100644 modules/utilities/unix/logging/kibana/manifests/install.pp delete mode 100644 modules/utilities/unix/logging/kibana/manifests/service.pp delete mode 100644 modules/utilities/unix/logging/kibana/metadata.json delete mode 100644 modules/utilities/unix/logging/kibana/templates/etc/kibana/kibana.yml.erb delete mode 100644 modules/utilities/unix/logging/kibana/tests/init.pp delete mode 100644 modules/utilities/unix/logging/kibana/types/status.pp delete mode 100644 modules/utilities/unix/logging/logstash/CHANGELOG delete mode 100644 modules/utilities/unix/logging/logstash/CONTRIBUTING.md delete mode 100644 modules/utilities/unix/logging/logstash/CONTRIBUTORS delete mode 100644 modules/utilities/unix/logging/logstash/LICENSE delete mode 100644 modules/utilities/unix/logging/logstash/Makefile delete mode 100644 modules/utilities/unix/logging/logstash/README.md delete mode 100644 modules/utilities/unix/logging/logstash/Vagrantfile delete mode 100644 modules/utilities/unix/logging/logstash/Vagrantfile.d/manifests/site.pp delete mode 100644 modules/utilities/unix/logging/logstash/Vagrantfile.d/server.sh delete mode 100644 modules/utilities/unix/logging/logstash/checksums.json delete mode 100644 modules/utilities/unix/logging/logstash/doc/_index.html delete mode 100644 modules/utilities/unix/logging/logstash/doc/css/common.css delete mode 100644 modules/utilities/unix/logging/logstash/doc/css/full_list.css delete mode 100644 modules/utilities/unix/logging/logstash/doc/css/style.css delete mode 100644 modules/utilities/unix/logging/logstash/doc/file.README.html delete mode 100644 modules/utilities/unix/logging/logstash/doc/frames.html delete mode 100644 modules/utilities/unix/logging/logstash/doc/index.html delete mode 100644 modules/utilities/unix/logging/logstash/doc/js/app.js delete mode 100644 modules/utilities/unix/logging/logstash/doc/js/full_list.js delete mode 100644 modules/utilities/unix/logging/logstash/doc/js/jquery.js delete mode 100644 modules/utilities/unix/logging/logstash/doc/puppet_class_list.html delete mode 100644 modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash.html delete mode 100644 modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aconfig.html delete mode 100644 modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Apackage.html delete mode 100644 modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aservice.html delete mode 100644 modules/utilities/unix/logging/logstash/doc/puppet_defined_type_list.html delete mode 100644 modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aconfigfile.html delete mode 100644 modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Apatternfile.html delete mode 100644 modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aplugin.html delete mode 100644 modules/utilities/unix/logging/logstash/doc/top-level-namespace.html delete mode 100644 modules/utilities/unix/logging/logstash/files/grok-pattern-0 delete mode 100644 modules/utilities/unix/logging/logstash/files/grok-pattern-1 delete mode 100644 modules/utilities/unix/logging/logstash/files/logstash-output-cowsay-5.0.0.zip delete mode 100644 modules/utilities/unix/logging/logstash/files/null-output.conf delete mode 100644 modules/utilities/unix/logging/logstash/logstash.pp delete mode 100644 modules/utilities/unix/logging/logstash/manifests/config.pp delete mode 100644 modules/utilities/unix/logging/logstash/manifests/configfile.pp delete mode 100644 modules/utilities/unix/logging/logstash/manifests/init.pp delete mode 100644 modules/utilities/unix/logging/logstash/manifests/package.pp delete mode 100644 modules/utilities/unix/logging/logstash/manifests/package/install.pp delete mode 100644 modules/utilities/unix/logging/logstash/manifests/patternfile.pp delete mode 100644 modules/utilities/unix/logging/logstash/manifests/plugin.pp delete mode 100644 modules/utilities/unix/logging/logstash/manifests/service.pp delete mode 100644 modules/utilities/unix/logging/logstash/metadata.json delete mode 100644 modules/utilities/unix/logging/logstash/templates/configfile-template.erb delete mode 100644 modules/utilities/unix/logging/logstash/templates/jvm.options.erb delete mode 100644 modules/utilities/unix/logging/logstash/templates/logstash.yml.erb delete mode 100644 modules/utilities/unix/logging/logstash/templates/pipelines.yml.erb delete mode 100644 modules/utilities/unix/logging/logstash/templates/startup.options.erb delete mode 100644 modules/utilities/unix/logging/watcher/manifests/configure.pp delete mode 100644 modules/utilities/unix/logging/watcher/templates/watch.json.erb delete mode 100644 modules/utilities/unix/logging/watcher/watcher.pp diff --git a/lib/batch/batch_secgen.rb b/lib/batch/batch_secgen.rb index 9b13314a0..3964ae46e 100644 --- a/lib/batch/batch_secgen.rb +++ b/lib/batch/batch_secgen.rb @@ -143,7 +143,7 @@ def parse_opts(opts) when '--failed' options[:failed] = true when '--affinity-group' - options[:affinity_group] = true + options[:affinity_group] = true else Print.err 'Invalid argument' exit(false) diff --git a/lib/helpers/scenario.rb b/lib/helpers/scenario.rb new file mode 100644 index 000000000..0c4a5ef76 --- /dev/null +++ b/lib/helpers/scenario.rb @@ -0,0 +1,15 @@ +class ScenarioHelper + + def self.get_scenario_name(scenario_path) + scenario_path.split('/').last.split('.').first + '-' + end + + def self.get_prefix(options, scenario_name) + options[:prefix] ? (options[:prefix] + '-' + scenario_name) : ('SecGen-' + scenario_name) + end + + def self.get_hostname(options, scenario_path, system_name) + "#{get_prefix(options, get_scenario_name(scenario_path))}#{system_name}".tr('_', '-') + end + +end \ No newline at end of file diff --git a/lib/objects/module.rb b/lib/objects/module.rb index fb3633a76..06eb5a4c2 100644 --- a/lib/objects/module.rb +++ b/lib/objects/module.rb @@ -89,7 +89,7 @@ class Module # @return [Object] the module path with _ rather than / for use as a variable name def module_path_name module_path_name = module_path.clone - module_path_name.gsub!('/','_') + module_path_name.gsub!('/', '_') end # @return [Object] a list of attributes that can be used to re-select the same modules diff --git a/lib/objects/system.rb b/lib/objects/system.rb index f66899a17..64354b366 100644 --- a/lib/objects/system.rb +++ b/lib/objects/system.rb @@ -2,30 +2,40 @@ require 'json' require 'base64' require 'duplicate' +require_relative '../helpers/scenario' + class System attr_accessor :name + attr_accessor :hostname attr_accessor :attributes # (basebox selection) attr_accessor :module_selectors # (filters) attr_accessor :module_selections # (after resolution) attr_accessor :num_actioned_module_conflicts + attr_accessor :memory # (RAM allocation for the system) + attr_accessor :options # (command line options hash) + attr_accessor :scenario_path # (path to scenario file associated with this system) # Attributes for resetting retry loop - attr_accessor :available_mods #(command line options hash) - attr_accessor :original_datastores #(command line options hash) - attr_accessor :original_module_selectors #(command line options hash) - attr_accessor :original_available_modules #(command line options hash) + attr_accessor :available_mods + attr_accessor :original_datastores + attr_accessor :original_module_selectors + attr_accessor :original_available_modules # Initalizes System object # @param [Object] name of the system # @param [Object] attributes such as base box selection # @param [Object] module_selectors these are modules that define filters for selecting the actual modules to use - def initialize(name, attributes, module_selectors) + def initialize(name, attributes, module_selectors, scenario_file, options) self.name = name self.attributes = attributes self.module_selectors = module_selectors self.module_selections = [] self.num_actioned_module_conflicts = 0 + self.memory = "512" + self.options = options + self.scenario_path = scenario_file + set_hostname end # selects from the available modules, based on the selection filters that have been specified @@ -463,4 +473,36 @@ class System modules_to_add end + def has_module(module_name) + has_module = false + module_selections.each do |mod| + if mod.module_path_end == module_name + has_module = true + end + end + has_module + end + + def get_module(module_name) + selected_module = nil + module_selections.each do |mod| + if mod.module_path_end == module_name + selected_module = mod + end + end + selected_module + end + + def set_options(opts) + self.options = opts if opts != nil and self.options == {} + end + + def set_hostname + self.hostname = ScenarioHelper.get_hostname(self.options, self.scenario_path, self.name) + end + + def get_hostname + set_hostname + self.hostname + end end diff --git a/lib/output/project_files_creator.rb b/lib/output/project_files_creator.rb index 1d751c141..0232fb781 100644 --- a/lib/output/project_files_creator.rb +++ b/lib/output/project_files_creator.rb @@ -125,14 +125,7 @@ class ProjectFilesCreator xml_report_generator = XmlScenarioGenerator.new(@systems, @scenario, @time) xml = xml_report_generator.output Print.std "Creating scenario definition file: #{xfile}" - begin - File.open(xfile, 'w+') do |file| - file.write(xml) - end - rescue StandardError => e - Print.err "Error writing file: #{e.message}" - abort - end + write_data_to_file(xml, xfile) # Create the marker xml file x2file = "#{@out_dir}/#{FLAGS_FILENAME}" @@ -140,14 +133,7 @@ class ProjectFilesCreator xml_marker_generator = XmlMarkerGenerator.new(@systems, @scenario, @time) xml = xml_marker_generator.output Print.std "Creating flags and hints file: #{x2file}" - begin - File.open(x2file, 'w+') do |file| - file.write(xml) - end - rescue StandardError => e - Print.err "Error writing file: #{e.message}" - abort - end + write_data_to_file(xml, x2file) # Create the CTFd zip file for import ctfdfile = "#{@out_dir}/CTFd_importable.zip" @@ -187,6 +173,17 @@ class ProjectFilesCreator end + def write_data_to_file(data, path) + begin + File.open(path, 'w+') do |file| + file.write(data) + end + rescue StandardError => e + Print.err "Error writing file: #{e.message}" + abort + end + end + # @param [Object] template erb path # @param [Object] filename file to write to def template_based_file_write(template, filename) @@ -253,6 +250,26 @@ class ProjectFilesCreator split_name.join('-') end +# Determine how much memory the system requires for Vagrantfile + def resolve_memory(system) + if @options.has_key? :memory_per_vm + memory = @options[:memory_per_vm] + elsif @options.has_key? :total_memory + memory = @options[:total_memory].to_i / @systems.length.to_i + elsif (@options.has_key? :ovirtuser) && (@options.has_key? :ovirtpass) && (@base_type.include? 'desktop') + memory = '1536' + else + memory = '512' + end + + system.module_selections.each do |mod| + if mod.module_path_name.include? "elasticsearch" + memory = '8192' + end + end + memory + end + # Returns binding for erb files (access to variables in this classes scope) # @return binding def get_binding diff --git a/lib/readers/module_reader.rb b/lib/readers/module_reader.rb index 58148fb2f..a2acce99f 100644 --- a/lib/readers/module_reader.rb +++ b/lib/readers/module_reader.rb @@ -2,9 +2,9 @@ require 'nokogiri' require_relative '../helpers/constants.rb' require_relative '../objects/module' -require_relative 'system_reader.rb' +require_relative 'xml_reader.rb' -class ModuleReader +class ModuleReader < XMLReader def self.get_all_available_modules Print.info 'Reading available base modules...' @@ -105,30 +105,9 @@ class ModuleReader end Print.verbose "Reading #{module_type}: #{module_path}" - doc, xsd = nil - begin - doc = Nokogiri::XML(File.read(file)) - rescue - Print.err "Failed to read #{module_type} metadata file (#{file})" - exit - end - # validate scenario XML against schema - begin - xsd = Nokogiri::XML::Schema(File.read(schema_file)) - xsd.validate(doc).each do |error| - Print.err "Error in #{module_type} metadata file (#{file}):" - Print.err ' ' + error.message - exit - end - rescue Exception => e - Print.err "Failed to validate #{module_type} metadata file (#{file}): against schema (#{schema_file})" - Print.err e.message - exit - end - - # remove xml namespaces for ease of processing - doc.remove_namespaces! + # Parse and validate the schema + doc = parse_doc(file, schema_file, module_type) new_module = Module.new(module_type) # save module path (and as an attribute for filtering) @@ -159,12 +138,8 @@ class ModuleReader # for each element in the vulnerability doc.xpath("/#{module_type}/*").each do |module_doc| - - # new_module.attributes[module_doc.name] = module_doc.content - # creates the array if null (new_module.attributes[module_doc.name] ||= []).push(module_doc.content) - end # for each conflict in the module @@ -220,9 +195,7 @@ class ModuleReader (new_module.default_inputs_selectors["#{into}"] ||= []).unshift(module_selector) - module_node.xpath('@*').each do |attr| - module_selector.attributes["#{attr.name}"] = [attr.text] unless attr.text.nil? || attr.text == '' - end + module_selector.attributes = read_attributes(module_node) Print.verbose " #{module_node.name} (#{module_selector.unique_id}), selecting based on:" module_selector.attributes.each do |attr| if attr[0] && attr[1] && attr[0].to_s != "module_type" diff --git a/lib/readers/system_reader.rb b/lib/readers/system_reader.rb index a0c1ed05f..4fd0bb64f 100644 --- a/lib/readers/system_reader.rb +++ b/lib/readers/system_reader.rb @@ -3,52 +3,27 @@ require 'digest' require_relative '../objects/system' require_relative '../objects/module' +require_relative 'xml_reader.rb' -class SystemReader +class SystemReader < XMLReader # uses nokogiri to extract all system information from scenario.xml # This includes module filters, which are module objects that contain filters for selecting # from the actual modules that are available # @return [Array] Array containing Systems objects - def self.read_scenario(scenario_file) + def self.read_scenario(scenario_file, options) systems = [] - Print.verbose "Reading scenario file: #{scenario_file}" - doc, xsd = nil - begin - doc = Nokogiri::XML(File.read(scenario_file)) - rescue - Print.err "Failed to read scenario configuration file (#{scenario_file})" - exit - end - - # validate scenario XML against schema - begin - xsd = Nokogiri::XML::Schema(File.open(SCENARIO_SCHEMA_FILE)) - xsd.validate(scenario_file).each do |error| - Print.err "Error in scenario configuration file (#{scenario_file}):" - Print.err " #{error.line}: #{error.message}" - exit - end - rescue Exception => e - Print.err "Failed to validate scenario configuration file (#{scenario_file}): against schema (#{SCENARIO_SCHEMA_FILE})" - Print.err e.message - exit - end - - # remove xml namespaces for ease of processing - doc.remove_namespaces! + # Parse and validate the schema + doc = parse_doc(scenario_file, SCENARIO_SCHEMA_FILE, 'scenario') doc.xpath('/scenario/system').each_with_index do |system_node, system_index| module_selectors = [] - system_attributes = {} system_name = system_node.at_xpath('system_name').text Print.verbose "system: #{system_name}" # system attributes, such as basebox selection - system_node.xpath('@*').each do |attr| - system_attributes["#{attr.name}"] = attr.text unless attr.text.nil? || attr.text == '' - end + system_attributes = read_attributes(system_node) # literal values to store directly in a datastore system_node.xpath('*[@into_datastore]/value').each do |value| @@ -146,7 +121,7 @@ class SystemReader end end - systems << System.new(system_name, system_attributes, module_selectors) + systems << System.new(system_name, system_attributes, module_selectors, scenario_file, options) end return systems diff --git a/lib/readers/xml_reader.rb b/lib/readers/xml_reader.rb new file mode 100644 index 000000000..561756884 --- /dev/null +++ b/lib/readers/xml_reader.rb @@ -0,0 +1,49 @@ +require 'nokogiri' +require 'digest' + +class XMLReader + + # uses nokogiri to extract all system information from scenario.xml + # This includes module filters, which are module objects that contain filters for selecting + # from the actual modules that are available + # @return [Array] Array containing Systems objects + + def self.parse_doc(file_path, schema, type) + doc = nil + begin + doc = Nokogiri::XML(File.read(file_path)) + rescue + Print.err "Failed to read #{type} configuration file (#{file_path})" + exit + end + validate_xml(doc, file_path, schema, type) + # remove xml namespaces for ease of processing + doc.remove_namespaces! + end + + def self.validate_xml(doc, file_path, schema, type) + # validate XML against schema + begin + xsd = Nokogiri::XML::Schema(File.open(schema)) + xsd.validate(doc).each do |error| + Print.err "Error in scenario configuration file (#{scenario_file}):" + Print.err " #{error.line}: #{error.message}" + exit + end + rescue Exception => e + Print.err "Failed to validate #{type} xml file (#{file_path}): against schema (#{schema})" + Print.err e.message + exit + end + + end + + def self.read_attributes(node) + attributes = {} + node.xpath('@*').each do |attr| + attributes["#{attr.name}"] = [attr.text] unless attr.text.nil? || attr.text == '' + end + attributes + end + +end \ No newline at end of file diff --git a/lib/schemas/scenario_schema.xsd b/lib/schemas/scenario_schema.xsd index 5b71cdede..6ade17661 100644 --- a/lib/schemas/scenario_schema.xsd +++ b/lib/schemas/scenario_schema.xsd @@ -103,6 +103,7 @@ + diff --git a/lib/templates/Puppetfile.erb b/lib/templates/Puppetfile.erb index 83b0ea80e..52fec5b2f 100644 --- a/lib/templates/Puppetfile.erb +++ b/lib/templates/Puppetfile.erb @@ -8,7 +8,9 @@ forge "https://forgeapi.puppetlabs.com" -mod 'puppetlabs-stdlib', '4.24.0' # stdlib enables parsejson() in manifests and other useful functions +mod 'puppetlabs-stdlib', '4.25.1' # stdlib enables parsejson() in manifests and other useful functions +mod 'puppetlabs-concat', '5.2.0' +mod 'puppetlabs-vcsrepo', '2.0.0' mod 'puppetlabs-apt', '7.4.0' # pin apt to 7.4.0 as current version is incompatible with our base boxes mod 'SecGen-secgen_functions', :path => '<%= SECGEN_FUNCTIONS_PUPPET_DIR %>' diff --git a/lib/templates/Vagrantfile.erb b/lib/templates/Vagrantfile.erb index 5611134b8..69377b4de 100644 --- a/lib/templates/Vagrantfile.erb +++ b/lib/templates/Vagrantfile.erb @@ -6,7 +6,8 @@ # Based on <%= @scenario %> <% require 'json' require 'base64' - require 'securerandom' -%> + require 'securerandom' + require_relative './lib/helpers/scenario.rb' -%> <% scenario_name = @scenario.split('/').last.split('.').first + '-' prefix = @options[:prefix] ? (@options[:prefix] + '-' + scenario_name) : ('SecGen-' + scenario_name) -%> @@ -28,7 +29,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| end end end - end -%> + end + system.memory = resolve_memory(system) -%> config.vm.define "<%= system.name %>" do |<%= system.name %>| <% if (@options.has_key? :ovirtuser) && (@options.has_key? :ovirtpass) %> #oVirt provider begin @@ -44,13 +46,12 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| end %> <%= " ovirt.template = '#{@ovirt_base_template}'" %> -<%= if @options.has_key? :memory_per_vm -" ovirt.memory_size = '#{@options[:memory_per_vm]} MB'\n" - elsif @options.has_key? :total_memory -" ovirt.memory_size = '#{(@options[:total_memory].to_i / @systems.length.to_i)} MB'\n" - else -" ovirt.memory_size = '3000 MB' - ovirt.memory_guaranteed = '512 MB'\n" +<%= +" ovirt.memory_size = '#{system.memory} MB'\n" -%> +<%= if @base_type.include? 'desktop' +" ovirt.memory_guaranteed = '512 MB'\n" + elsif system.memory.to_i >= 4096 +" ovirt.memory_guaranteed = '4096 MB'\n" end -%> <%= if @options.has_key? :cpu_cores " ovirt.cpu_cores = #{@options[:cpu_cores]}\n" @@ -77,9 +78,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| <%= if @options.has_key? :esxi_disktype " esxi.guest_disk_type = '#{@options[:esxi_disktype]}'" end -%> -<%= if @options.has_key? :memory_per_vm -" esxi.guest_memsize = '#{@options[:memory_per_vm]}'" - end -%> +<%= " esxi.guest_memsize = '#{system.memory} MB'\n" + -%> <%= if @options.has_key? :cpu_cores " esxi.guest_numvcpus = #{@options[:cpu_cores]}\n" end -%> @@ -87,7 +87,7 @@ end # End ESXi provider <% else %> - config.vm.provider :virtualbox do |vb| + <%= system.name %>.vm.provider :virtualbox do |vb| <% system.module_selections.each do |selected_module| if selected_module.module_type == 'base' @cpu_word_size = selected_module.attributes['cpu_word_size'].first.downcase @@ -108,11 +108,7 @@ end end -%> <%= vtxpid = (@options.has_key? :vtxvpid) ? 'on' : 'off' " vb.customize ['modifyvm', :id, '--vtxvpid', '#{vtxpid}']\n" -%> -<%= if @options.has_key? :memory_per_vm - " vb.memory = #{@options[:memory_per_vm]}\n" - elsif @options.has_key? :total_memory - " vb.memory = #{@options[:total_memory]}/#{@systems.length}\n" - end -%> +<%= " vb.memory = '#{system.memory}'\n"-%> <%= if @options.has_key? :cpu_cores " vb.cpus = #{@options[:cpu_cores]}\n" end -%> @@ -147,12 +143,12 @@ end <% if (@options.has_key? :ovirtuser) && (@options.has_key? :ovirtpass) %> # TODO <%# if selected_module.attributes['platform'].first.downcase != 'windows' %> <%# gets stuck setting host name on Windows XP %> - <%= system.name %>.vm.hostname = '<%= "#{prefix}#{system.name}".tr('_', '-') %>' + <%= system.name %>.vm.hostname = '<%= system.get_hostname %>' <%# end %> <%= system.name %>.vm.box = 'ovirt4' <%= system.name %>.vm.box_url = 'https://github.com/myoung34/vagrant-ovirt4/blob/master/example_box/dummy.box?raw=true' <% elsif (@options.has_key? :esxiuser) && (@options.has_key? :esxipass) %> - <%= system.name %>.vm.hostname = '<%= "#{prefix}#{system.name}".tr('_', '-') %>' + <%= system.name %>.vm.hostname = '<%= system.get_hostname %>' <%= system.name %>.vm.box = "<%= selected_module.module_path_name %>" <%= system.name %>.vm.box_url = "<%= selected_module.attributes['esxi_url'].first %>" <% else %> @@ -229,6 +225,7 @@ end <%=module_name%>.temp_dir = "/cygdrive/c/vagrant/" <% else %> <%=module_name%>.environment_path = "environments/" + <%=module_name%>.environment_variables = {'RUBYOPT' => '-W0'} <%=module_name%>.environment = "production" <% end %> <%=module_name%>.synced_folder_type = "rsync" diff --git a/lib/test/base_upgrade_testing.rb b/lib/test/base_upgrade_testing.rb index 778907b1e..807ad49ff 100644 --- a/lib/test/base_upgrade_testing.rb +++ b/lib/test/base_upgrade_testing.rb @@ -91,7 +91,7 @@ def generate_scenarios(selected_base) module_selections << mod module_selections << get_network_module - system = System.new(system_name, {}, []) + system = System.new(system_name, {}, [], 'testing.xml', {} ) system.module_selections = module_selections xml_generator = XmlScenarioGenerator.new([system], system_name, Time.new.to_s) diff --git a/modules/generators/filenames/random_filename/secgen_local/local.rb b/modules/generators/filenames/random_filename/secgen_local/local.rb index f6b5db909..d1b10901d 100644 --- a/modules/generators/filenames/random_filename/secgen_local/local.rb +++ b/modules/generators/filenames/random_filename/secgen_local/local.rb @@ -31,7 +31,7 @@ class FilenameGenerator < StringEncoder extension = '' end - 15.times { leaked_filenames << Faker::File.file_name('', file_name, extension, '').chomp('.') } + 15.times { leaked_filenames << Faker::File.file_name(dir:'', name:file_name, ext:extension, directory_separator: '').chomp('.') } output = leaked_filenames.sample diff --git a/modules/services/unix/http/apache_stretch_compatible/apache/metadata.json b/modules/services/unix/http/apache_stretch_compatible/apache/metadata.json index a7aa8e164..dffb29dd4 100644 --- a/modules/services/unix/http/apache_stretch_compatible/apache/metadata.json +++ b/modules/services/unix/http/apache_stretch_compatible/apache/metadata.json @@ -10,11 +10,11 @@ "dependencies": [ { "name": "puppetlabs/stdlib", - "version_requirement": ">= 4.13.1 < 5.0.0" + "version_requirement": ">= 4.13.1 < 5.3.0" }, { "name": "puppetlabs/concat", - "version_requirement": ">= 2.2.1 < 5.0.0" + "version_requirement": ">= 2.2.1 < 5.3.0" } ], "data_provider": null, diff --git a/modules/services/unix/logging/elasticsearch/elasticsearch.pp b/modules/services/unix/logging/elasticsearch/elasticsearch.pp new file mode 100644 index 000000000..475b4bc94 --- /dev/null +++ b/modules/services/unix/logging/elasticsearch/elasticsearch.pp @@ -0,0 +1,13 @@ +unless defined('analysis_alert_action_server') { + $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) + $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0] + $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0] + + include ::java + + class { 'elasticsearch': + api_host => $elasticsearch_ip, + api_port => $elasticsearch_port, + } + +} diff --git a/modules/services/unix/logging/elasticsearch/manifests/config.pp b/modules/services/unix/logging/elasticsearch/manifests/config.pp new file mode 100644 index 000000000..de0cb651b --- /dev/null +++ b/modules/services/unix/logging/elasticsearch/manifests/config.pp @@ -0,0 +1,20 @@ +class elasticsearch::config ( + $elasticsearch_ip, + $elasticsearch_port = '9200', + $node_name = 'my_es_node', + $log_path = '/var/log/elasticsearch', + $data_path = '/var/lib/elasticsearch', +) { + + Exec { path => ['/bin','/sbin','/usr/bin', '/usr/sbin'] } + + # Configure Elasticsearch + file { '/etc/elasticsearch/elasticsearch.yml': + ensure => file, + mode => '0644', + owner => 'root', + group => 'elasticsearch', + content => template('elasticsearch_7/elasticsearch.yml.erb') + } + +} diff --git a/modules/services/unix/logging/elasticsearch/manifests/init.pp b/modules/services/unix/logging/elasticsearch/manifests/init.pp new file mode 100644 index 000000000..1870f43f2 --- /dev/null +++ b/modules/services/unix/logging/elasticsearch/manifests/init.pp @@ -0,0 +1,18 @@ +class elasticsearch ( + $api_host, + $api_port, + $package_url = 'https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.0-amd64.deb', +) { + + Exec { path => ['/bin','/sbin','/usr/bin', '/usr/sbin'] } + + class { 'elasticsearch::install': + package_url => $package_url, + }-> + class { 'elasticsearch::config': + elasticsearch_ip => $api_host, + elasticsearch_port => $api_port, + }-> + class { 'elasticsearch::service': } + +} diff --git a/modules/services/unix/logging/elasticsearch/manifests/install.pp b/modules/services/unix/logging/elasticsearch/manifests/install.pp new file mode 100644 index 000000000..ae164f8ab --- /dev/null +++ b/modules/services/unix/logging/elasticsearch/manifests/install.pp @@ -0,0 +1,20 @@ +class elasticsearch::install ( + String $package_url = 'https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.0-amd64.deb', +) { + + Exec { path => ['/bin','/sbin','/usr/bin', '/usr/sbin'] } + + # Install Elasticsearch + exec { 'es add gpg key': + command => 'wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -' + }-> + exec { 'es add apt repository': + command => 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list' + }-> + exec { 'es update apt': + command => 'apt-get update' + }-> + package { 'elasticsearch': + ensure => present, + } +} diff --git a/modules/services/unix/logging/elasticsearch/manifests/service.pp b/modules/services/unix/logging/elasticsearch/manifests/service.pp new file mode 100644 index 000000000..d47da8d90 --- /dev/null +++ b/modules/services/unix/logging/elasticsearch/manifests/service.pp @@ -0,0 +1,14 @@ +class elasticsearch::service { + service { 'elasticsearch': + enable => true, + } + + # remove startup timeout + file { '/etc/systemd/system/elasticsearch.service.d/': + ensure => directory, + }-> + file { '/etc/systemd/system/elasticsearch.service.d/startup-timeout.conf': + ensure => present, + content => "[Service]\nTimeoutStartSec=180" + } +} diff --git a/modules/utilities/unix/logging/elasticsearch/secgen_metadata.xml b/modules/services/unix/logging/elasticsearch/secgen_metadata.xml similarity index 76% rename from modules/utilities/unix/logging/elasticsearch/secgen_metadata.xml rename to modules/services/unix/logging/elasticsearch/secgen_metadata.xml index 24657b5f0..676a62c08 100644 --- a/modules/utilities/unix/logging/elasticsearch/secgen_metadata.xml +++ b/modules/services/unix/logging/elasticsearch/secgen_metadata.xml @@ -1,8 +1,8 @@ - + xsi:schemaLocation="http://www.github/cliffe/SecGen/service"> Elasticsearch Thomas Shaw Elastic @@ -27,12 +27,8 @@ update - - augeas - - java - + diff --git a/modules/services/unix/logging/elasticsearch/templates/elasticsearch.yml.erb b/modules/services/unix/logging/elasticsearch/templates/elasticsearch.yml.erb new file mode 100644 index 000000000..a2b7b7d29 --- /dev/null +++ b/modules/services/unix/logging/elasticsearch/templates/elasticsearch.yml.erb @@ -0,0 +1,8 @@ +network.host: <%= @elasticsearch_ip %> +http.port: <%= @elasticsearch_port %> +node.name: <%= @node_name %> +node.master: true +path.data: "<%= @data_path%>" +path.logs: "<%= @log_path %>" +discovery.seed_hosts: ["<%= @elasticsearch_ip %>"] +cluster.initial_master_nodes: ["<%= @node_name %>"] \ No newline at end of file diff --git a/modules/services/unix/logging/kibana/kibana.pp b/modules/services/unix/logging/kibana/kibana.pp new file mode 100644 index 000000000..8695ae35f --- /dev/null +++ b/modules/services/unix/logging/kibana/kibana.pp @@ -0,0 +1,12 @@ +unless defined('analysis_alert_action_server') { + $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) + $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0] + $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0] + $kibana_port = 0 + $secgen_parameters['kibana_port'][0] + + class { 'kibana': + elasticsearch_ip => $elasticsearch_ip, + elasticsearch_port => $elasticsearch_port, + kibana_port => $kibana_port + } +} \ No newline at end of file diff --git a/modules/services/unix/logging/kibana/manifests/config.pp b/modules/services/unix/logging/kibana/manifests/config.pp new file mode 100644 index 000000000..1f661d5ba --- /dev/null +++ b/modules/services/unix/logging/kibana/manifests/config.pp @@ -0,0 +1,18 @@ +class kibana::config ( + $elasticsearch_ip, + $elasticsearch_port = '9200', + $kibana_port = '5601', +) { + + Exec { path => ['/bin','/sbin','/usr/bin', '/usr/sbin'] } + + # Configure Kibana + file { '/etc/kibana/kibana.yml': + ensure => file, + mode => '0660', + owner => 'kibana', + group => 'kibana', + content => template('kibana_7/kibana.yml.erb') + } + +} diff --git a/modules/services/unix/logging/kibana/manifests/init.pp b/modules/services/unix/logging/kibana/manifests/init.pp new file mode 100644 index 000000000..34be84ed5 --- /dev/null +++ b/modules/services/unix/logging/kibana/manifests/init.pp @@ -0,0 +1,11 @@ +class kibana($elasticsearch_ip, $elasticsearch_port = '9200', $kibana_port = '5601') { + + class { 'kibana::install': }-> + class { 'kibana::config': + elasticsearch_ip => $elasticsearch_ip, + elasticsearch_port => $elasticsearch_port, + kibana_port => $kibana_port + } -> + class { 'kibana::service': } + +} \ No newline at end of file diff --git a/modules/services/unix/logging/kibana/manifests/install.pp b/modules/services/unix/logging/kibana/manifests/install.pp new file mode 100644 index 000000000..98457113c --- /dev/null +++ b/modules/services/unix/logging/kibana/manifests/install.pp @@ -0,0 +1,5 @@ +class kibana::install () { + package { 'kibana': + ensure => present, + } +} diff --git a/modules/services/unix/logging/kibana/manifests/service.pp b/modules/services/unix/logging/kibana/manifests/service.pp new file mode 100644 index 000000000..e7c98886d --- /dev/null +++ b/modules/services/unix/logging/kibana/manifests/service.pp @@ -0,0 +1,6 @@ +class kibana::service { + service { 'kibana': + enable => true, + hasrestart => true, + } +} diff --git a/modules/utilities/unix/logging/kibana/secgen_metadata.xml b/modules/services/unix/logging/kibana/secgen_metadata.xml similarity index 86% rename from modules/utilities/unix/logging/kibana/secgen_metadata.xml rename to modules/services/unix/logging/kibana/secgen_metadata.xml index c573862a7..cf438ef14 100644 --- a/modules/utilities/unix/logging/kibana/secgen_metadata.xml +++ b/modules/services/unix/logging/kibana/secgen_metadata.xml @@ -1,8 +1,8 @@ - + xsi:schemaLocation="http://www.github/cliffe/SecGen/service"> Kibana Thomas Shaw Elastic @@ -37,4 +37,4 @@ update - + diff --git a/modules/services/unix/logging/kibana/templates/kibana.yml.erb b/modules/services/unix/logging/kibana/templates/kibana.yml.erb new file mode 100644 index 000000000..e160f64ac --- /dev/null +++ b/modules/services/unix/logging/kibana/templates/kibana.yml.erb @@ -0,0 +1,6 @@ +server.host: <%= @elasticsearch_ip %> +server.port: <%= @kibana_port %> +elasticsearch.hosts: ["http://<%= @elasticsearch_ip %>:<%= @elasticsearch_port %>"] +xpack.security.encryptionKey: "<%= SecureRandom.hex %>" +xpack.encryptedSavedObjects.encryptionKey: "<%= SecureRandom.hex %>" +xpack.reporting.encryptionKey: "<%= SecureRandom.hex %>" \ No newline at end of file diff --git a/modules/services/unix/logging/logstash/files/combined_path.rb b/modules/services/unix/logging/logstash/files/combined_path.rb new file mode 100644 index 000000000..3fd150688 --- /dev/null +++ b/modules/services/unix/logging/logstash/files/combined_path.rb @@ -0,0 +1,35 @@ +def remove_duplicates(path) # could this be a problem with things like remote file systems? we'll see... + simple_path = path + if path.include?('//') + second_segment = path.split('//')[1] + simple_path = "/" + second_segment + end + simple_path +end + +def remove_relative(path) + split_path = path.split('/') + while split_path.include? '..' + dotdot_index = split_path.index('..') + split_path.delete_at(dotdot_index-1) # remove the parent directory + split_path.delete_at(dotdot_index-1) # remove the '..' + end + split_path.join('/') +end + +def register(params) + # do nothing, no logstash params +end + +# the filter method receives an event and must return a list of events. +def filter(event) + proc_cwd = event.get("[process][working_directory]") + file_path = event.get("[file][path]") + if proc_cwd != nil and file_path != nil and proc_cwd != '' and file_path != '' + combined_path = proc_cwd + "/" + file_path + combined_path = remove_duplicates(combined_path) + combined_path = remove_relative(combined_path) + event.set("combined_path", combined_path) + end + [event] +end \ No newline at end of file diff --git a/modules/services/unix/logging/logstash/logstash.pp b/modules/services/unix/logging/logstash/logstash.pp new file mode 100644 index 000000000..f6944479f --- /dev/null +++ b/modules/services/unix/logging/logstash/logstash.pp @@ -0,0 +1,12 @@ +unless defined('analysis_alert_action_server') { + $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) + $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0] + $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0] + $logstash_port = 0 + $secgen_parameters['logstash_port'][0] + + class { 'logstash': + elasticsearch_ip => $elasticsearch_ip, + elasticsearch_port => $elasticsearch_port, + logstash_port => $logstash_port + } +} \ No newline at end of file diff --git a/modules/services/unix/logging/logstash/manifests/config.pp b/modules/services/unix/logging/logstash/manifests/config.pp new file mode 100644 index 000000000..6467f7647 --- /dev/null +++ b/modules/services/unix/logging/logstash/manifests/config.pp @@ -0,0 +1,34 @@ +class logstash::config ( + $elasticsearch_ip, + $elasticsearch_port = '9200', + $logstash_port = '5044', + $log_path = '/var/log/logstash', + $data_path = '/var/lib/logstash', + $config_path = '/etc/logstash/conf.d', +) { + + file { '/etc/logstash/logstash.yml': + ensure => file, + mode => '0644', + owner => 'logstash', + group => 'logstash', + content => template('logstash_7/logstash.yml.erb') + } + + file { '/etc/logstash/conf.d/': + ensure => directory, + mode => '0775', + owner => 'logstash', + group => 'logstash', + } + + file { '/etc/logstash/conf.d/my_ls_config.conf': + ensure => file, + mode => '0644', + owner => 'logstash', + group => 'logstash', + content => template('logstash_7/configfile-template.erb'), + require => File['/etc/logstash/conf.d/'] + } + +} diff --git a/modules/services/unix/logging/logstash/manifests/init.pp b/modules/services/unix/logging/logstash/manifests/init.pp new file mode 100644 index 000000000..d99fd4f61 --- /dev/null +++ b/modules/services/unix/logging/logstash/manifests/init.pp @@ -0,0 +1,11 @@ +class logstash($elasticsearch_ip, $elasticsearch_port = '9200', $logstash_port = '5044') { + + class { 'logstash::install': } -> + class { 'logstash::config': + elasticsearch_ip => $elasticsearch_ip, + elasticsearch_port => $elasticsearch_port, + logstash_port => $logstash_port, + } -> + class { 'logstash::service': } + +} \ No newline at end of file diff --git a/modules/services/unix/logging/logstash/manifests/install.pp b/modules/services/unix/logging/logstash/manifests/install.pp new file mode 100644 index 000000000..79660ff70 --- /dev/null +++ b/modules/services/unix/logging/logstash/manifests/install.pp @@ -0,0 +1,11 @@ +class logstash::install () { + package { 'logstash': + ensure => present, + } + + file { '/etc/logstash/combined_path.rb': + ensure => file, + source => 'puppet:///modules/logstash/combined_path.rb', + require => Package['logstash'], + } +} diff --git a/modules/services/unix/logging/logstash/manifests/service.pp b/modules/services/unix/logging/logstash/manifests/service.pp new file mode 100644 index 000000000..b6e57672e --- /dev/null +++ b/modules/services/unix/logging/logstash/manifests/service.pp @@ -0,0 +1,6 @@ +class logstash::service { + service { 'logstash': + enable => true, + hasrestart => true, + } +} diff --git a/modules/utilities/unix/logging/logstash/secgen_metadata.xml b/modules/services/unix/logging/logstash/secgen_metadata.xml similarity index 84% rename from modules/utilities/unix/logging/logstash/secgen_metadata.xml rename to modules/services/unix/logging/logstash/secgen_metadata.xml index 649a2a4f8..e5169dc0c 100644 --- a/modules/utilities/unix/logging/logstash/secgen_metadata.xml +++ b/modules/services/unix/logging/logstash/secgen_metadata.xml @@ -1,8 +1,8 @@ - + xsi:schemaLocation="http://www.github/cliffe/SecGen/service"> Logstash Thomas Shaw Elastic @@ -32,4 +32,4 @@ update - + diff --git a/modules/services/unix/logging/logstash/templates/configfile-template.erb b/modules/services/unix/logging/logstash/templates/configfile-template.erb new file mode 100644 index 000000000..4fdb9bcbf --- /dev/null +++ b/modules/services/unix/logging/logstash/templates/configfile-template.erb @@ -0,0 +1,24 @@ +input { + beats { + port => <%= @logstash_port %> + } +} + +filter { + ruby { + path => "/etc/logstash/combined_path.rb" + } +} + +output { + elasticsearch { + hosts => "<%= @elasticsearch_ip-%>:<%= @elasticsearch_port-%>" + manage_template => false + index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" + } + # Write to file as well as pushing to elasticsearch for testing, can be removed eventually... + file { + path => "/tmp/logstash.log" + } + stdout { codec => rubydebug } +} \ No newline at end of file diff --git a/modules/services/unix/logging/logstash/templates/logstash.yml.erb b/modules/services/unix/logging/logstash/templates/logstash.yml.erb new file mode 100644 index 000000000..0d8ea9925 --- /dev/null +++ b/modules/services/unix/logging/logstash/templates/logstash.yml.erb @@ -0,0 +1,4 @@ +http.host: <%= @elasticsearch_ip %> +path.data: "<%= @data_path %>" +path.config: "<%= @config_path %>" +path.logs: "<%= @log_path %>" \ No newline at end of file diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/.devcontainer/Dockerfile b/modules/utilities/unix/languages/java_stretch_compatible/java/.devcontainer/Dockerfile new file mode 100644 index 000000000..12ed4ff10 --- /dev/null +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/.devcontainer/Dockerfile @@ -0,0 +1,6 @@ +FROM puppet/pdk:latest + +# [Optional] Uncomment this section to install additional packages. +# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ +# && apt-get -y install --no-install-recommends + diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/.devcontainer/devcontainer.json b/modules/utilities/unix/languages/java_stretch_compatible/java/.devcontainer/devcontainer.json new file mode 100644 index 000000000..f1a55dc3f --- /dev/null +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/.devcontainer/devcontainer.json @@ -0,0 +1,23 @@ +// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at: +// https://github.com/microsoft/vscode-dev-containers/tree/v0.140.1/containers/puppet +{ + "name": "Puppet Development Kit (Community)", + "dockerFile": "Dockerfile", + + // Set *default* container specific settings.json values on container create. + "settings": { + "terminal.integrated.shell.linux": "/bin/bash" + }, + + // Add the IDs of extensions you want installed when the container is created. + "extensions": [ + "puppet.puppet-vscode", + "rebornix.Ruby" + ] + + // Use 'forwardPorts' to make a list of ports inside the container available locally. + // "forwardPorts": [], + + // Use 'postCreateCommand' to run commands after the container is created. + // "postCreateCommand": "pdk --version", +} diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/.github/workflows/nightly.yml b/modules/utilities/unix/languages/java_stretch_compatible/java/.github/workflows/nightly.yml new file mode 100644 index 000000000..d59437aab --- /dev/null +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/.github/workflows/nightly.yml @@ -0,0 +1,230 @@ +name: "nightly" + +on: + schedule: + - cron: '0 0 * * *' + +env: + HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 + HONEYCOMB_DATASET: litmus tests + +jobs: + setup_matrix: + name: "Setup Test Matrix" + runs-on: ubuntu-20.04 + outputs: + matrix: ${{ steps.get-matrix.outputs.matrix }} + + steps: + - name: "Honeycomb: Start recording" + uses: kvrhdn/gha-buildevents@v1.0.2 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + + - name: "Honeycomb: Start first step" + run: | + echo STEP_ID=0 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + if: ${{ github.repository_owner == 'puppetlabs' }} + + - name: Activate Ruby 2.7 + uses: actions/setup-ruby@v1 + if: ${{ github.repository_owner == 'puppetlabs' }} + with: + ruby-version: "2.7" + + - name: Cache gems + uses: actions/cache@v2 + if: ${{ github.repository_owner == 'puppetlabs' }} + with: + path: vendor/gems + key: ${{ runner.os }}-${{ github.event_name }}-${{ hashFiles('**/Gemfile') }} + restore-keys: | + ${{ runner.os }}-${{ github.event_name }}- + ${{ runner.os }}- + + - name: Install gems + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + buildevents cmd $TRACE_ID $STEP_ID 'bundle config path vendor/gems' -- bundle config path vendor/gems + buildevents cmd $TRACE_ID $STEP_ID 'bundle config jobs 8' -- bundle config jobs 8 + buildevents cmd $TRACE_ID $STEP_ID 'bundle config retry 3' -- bundle config retry 3 + buildevents cmd $TRACE_ID $STEP_ID 'bundle install' -- bundle install + buildevents cmd $TRACE_ID $STEP_ID 'bundle clean' -- bundle clean + + - name: Setup Acceptance Test Matrix + id: get-matrix + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then + buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata + else + echo "::set-output name=matrix::{}" + fi + + - name: "Honeycomb: Record setup time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' + + Acceptance: + needs: + - setup_matrix + + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} + + env: + BUILDEVENT_FILE: '../buildevents.txt' + + steps: + - run: | + echo 'platform=${{ matrix.platform }}' >> $BUILDEVENT_FILE + echo 'collection=${{ matrix.collection }}' >> $BUILDEVENT_FILE + + - name: "Honeycomb: Start recording" + uses: kvrhdn/gha-buildevents@v1.0.2 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + matrix-key: ${{ matrix.platform }}-${{ matrix.collection }} + + - name: "Honeycomb: start first step" + run: | + echo STEP_ID=${{ matrix.platform }}-${{ matrix.collection }}-1 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + + - name: Activate Ruby 2.7 + uses: actions/setup-ruby@v1 + with: + ruby-version: "2.7" + + - name: Cache gems + uses: actions/cache@v2 + with: + path: vendor/gems + key: ${{ runner.os }}-${{ github.event_name }}-${{ hashFiles('**/Gemfile') }} + restore-keys: | + ${{ runner.os }}-${{ github.event_name }}- + ${{ runner.os }}- + + - name: "Honeycomb: Record cache setup time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Cache retrieval' + echo STEP_ID=${{ matrix.platform }}-${{ matrix.collection }}-2 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Bundler Setup + run: | + buildevents cmd $TRACE_ID $STEP_ID 'bundle config path vendor/gems' -- bundle config path vendor/gems + buildevents cmd $TRACE_ID $STEP_ID 'bundle config jobs 8' -- bundle config jobs 8 + buildevents cmd $TRACE_ID $STEP_ID 'bundle config retry 3' -- bundle config retry 3 + buildevents cmd $TRACE_ID $STEP_ID 'bundle install' -- bundle install + buildevents cmd $TRACE_ID $STEP_ID 'bundle clean' -- bundle clean + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Bundler Setup time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Bundler Setup' + echo STEP_ID=${{ matrix.platform }}-${{ matrix.collection }}-3 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Provision test environment + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:provision ${{ matrix.platform }}' -- bundle exec rake 'litmus:provision[provision::provision_service,${{ matrix.platform }}]' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + echo ::group::=== INVENTORY === + sed -e 's/password: .*/password: "[redacted]"/' < inventory.yaml || true + echo ::endgroup:: + + # The provision service hands out machines as soon as they're provisioned. + # The GCP VMs might still take a while to spool up and configure themselves fully. + # This retry loop spins until all agents have been installed successfully. + - name: Install agent + uses: nick-invision/retry@v1 + with: + timeout_minutes: 30 + max_attempts: 5 + retry_wait_seconds: 60 + command: buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_agent ${{ matrix.collection }}' -- bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' + + # The agent installer on windows does not finish in time for this to work. To + # work around this for now, retry after a minute if installing the module failed. + - name: Install module + uses: nick-invision/retry@v1 + with: + timeout_minutes: 30 + max_attempts: 2 + retry_wait_seconds: 60 + command: buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_module' -- bundle exec rake 'litmus:install_module' + + - name: "Honeycomb: Record deployment times" + if: ${{ always() }} + run: | + echo ::group::honeycomb step + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Deploy test system' + echo STEP_ID=${{ matrix.platform }}-${{ matrix.collection }}-4 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + echo ::endgroup:: + + - name: Run acceptance tests + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:acceptance:parallel' -- bundle exec rake 'litmus:acceptance:parallel' + + - name: "Honeycomb: Record acceptance testing times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Run acceptance tests' + echo STEP_ID=${{ matrix.platform }}-${{ matrix.collection }}-5 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Remove test environment + if: ${{ always() }} + run: | + if [ -f inventory.yaml ]; then + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:tear_down' -- bundle exec rake 'litmus:tear_down' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + fi + + - name: "Honeycomb: Record removal times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Remove test environment' + + slack-workflow-status: + if: always() + name: Post Workflow Status To Slack + needs: + - Acceptance + runs-on: ubuntu-20.04 + steps: + - name: Slack Workflow Notification + uses: Gamesight/slack-workflow-status@master + with: + # Required Input + repo_token: ${{ secrets.GITHUB_TOKEN }} + slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }} + # Optional Input + channel: '#team-ia-bots' + name: 'GABot' diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/.github/workflows/pr_test.yml b/modules/utilities/unix/languages/java_stretch_compatible/java/.github/workflows/pr_test.yml new file mode 100644 index 000000000..17f5a649b --- /dev/null +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/.github/workflows/pr_test.yml @@ -0,0 +1,211 @@ +name: "PR Testing" + +on: [pull_request] + +env: + HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 + HONEYCOMB_DATASET: litmus tests + +jobs: + setup_matrix: + name: "Setup Test Matrix" + runs-on: ubuntu-20.04 + outputs: + matrix: ${{ steps.get-matrix.outputs.matrix }} + + steps: + - name: "Honeycomb: Start recording" + uses: kvrhdn/gha-buildevents@v1.0.2 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + + - name: "Honeycomb: Start first step" + run: | + echo STEP_ID=0 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + if: ${{ github.repository_owner == 'puppetlabs' }} + + - name: Activate Ruby 2.7 + uses: actions/setup-ruby@v1 + if: ${{ github.repository_owner == 'puppetlabs' }} + with: + ruby-version: "2.7" + + - name: Cache gems + uses: actions/cache@v2 + if: ${{ github.repository_owner == 'puppetlabs' }} + with: + path: vendor/gems + key: ${{ runner.os }}-${{ github.event_name }}-${{ hashFiles('**/Gemfile') }} + restore-keys: | + ${{ runner.os }}-${{ github.event_name }}- + ${{ runner.os }}- + + - name: Install gems + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + buildevents cmd $TRACE_ID $STEP_ID 'bundle config path vendor/gems' -- bundle config path vendor/gems + buildevents cmd $TRACE_ID $STEP_ID 'bundle config jobs 8' -- bundle config jobs 8 + buildevents cmd $TRACE_ID $STEP_ID 'bundle config retry 3' -- bundle config retry 3 + buildevents cmd $TRACE_ID $STEP_ID 'bundle install' -- bundle install + buildevents cmd $TRACE_ID $STEP_ID 'bundle clean' -- bundle clean + + - name: Setup Acceptance Test Matrix + id: get-matrix + if: ${{ github.repository_owner == 'puppetlabs' }} + run: | + if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then + buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata + else + echo "::set-output name=matrix::{}" + fi + + - name: "Honeycomb: Record setup time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix' + + Acceptance: + needs: + - setup_matrix + + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} + + env: + BUILDEVENT_FILE: '../buildevents.txt' + + steps: + - run: | + echo 'platform=${{ matrix.platform }}' >> $BUILDEVENT_FILE + echo 'collection=${{ matrix.collection }}' >> $BUILDEVENT_FILE + + - name: "Honeycomb: Start recording" + uses: kvrhdn/gha-buildevents@v1.0.2 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + matrix-key: ${{ matrix.platform }}-${{ matrix.collection }} + + - name: "Honeycomb: start first step" + run: | + echo STEP_ID=${{ matrix.platform }}-${{ matrix.collection }}-1 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Checkout Source + uses: actions/checkout@v2 + + - name: Activate Ruby 2.7 + uses: actions/setup-ruby@v1 + with: + ruby-version: "2.7" + + - name: Cache gems + uses: actions/cache@v2 + with: + path: vendor/gems + key: ${{ runner.os }}-${{ github.event_name }}-${{ hashFiles('**/Gemfile') }} + restore-keys: | + ${{ runner.os }}-${{ github.event_name }}- + ${{ runner.os }}- + + - name: "Honeycomb: Record cache setup time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Cache retrieval' + echo STEP_ID=${{ matrix.platform }}-${{ matrix.collection }}-2 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Bundler Setup + run: | + buildevents cmd $TRACE_ID $STEP_ID 'bundle config path vendor/gems' -- bundle config path vendor/gems + buildevents cmd $TRACE_ID $STEP_ID 'bundle config jobs 8' -- bundle config jobs 8 + buildevents cmd $TRACE_ID $STEP_ID 'bundle config retry 3' -- bundle config retry 3 + buildevents cmd $TRACE_ID $STEP_ID 'bundle install' -- bundle install + buildevents cmd $TRACE_ID $STEP_ID 'bundle clean' -- bundle clean + echo ::group::bundler environment + buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env + echo ::endgroup:: + + - name: "Honeycomb: Record Bundler Setup time" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Bundler Setup' + echo STEP_ID=${{ matrix.platform }}-${{ matrix.collection }}-3 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Provision test environment + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:provision ${{ matrix.platform }}' -- bundle exec rake 'litmus:provision[provision::provision_service,${{ matrix.platform }}]' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + echo ::group::=== INVENTORY === + sed -e 's/password: .*/password: "[redacted]"/' < inventory.yaml || true + echo ::endgroup:: + + # The provision service hands out machines as soon as they're provisioned. + # The GCP VMs might still take a while to spool up and configure themselves fully. + # This retry loop spins until all agents have been installed successfully. + - name: Install agent + uses: nick-invision/retry@v1 + with: + timeout_minutes: 30 + max_attempts: 5 + retry_wait_seconds: 60 + command: buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_agent ${{ matrix.collection }}' -- bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' + + # The agent installer on windows does not finish in time for this to work. To + # work around this for now, retry after a minute if installing the module failed. + - name: Install module + uses: nick-invision/retry@v1 + with: + timeout_minutes: 30 + max_attempts: 2 + retry_wait_seconds: 60 + command: buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:install_module' -- bundle exec rake 'litmus:install_module' + + - name: "Honeycomb: Record deployment times" + if: ${{ always() }} + run: | + echo ::group::honeycomb step + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Deploy test system' + echo STEP_ID=${{ matrix.platform }}-${{ matrix.collection }}-4 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + echo ::endgroup:: + + - name: Run acceptance tests + run: | + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:acceptance:parallel' -- bundle exec rake 'litmus:acceptance:parallel' + + - name: "Honeycomb: Record acceptance testing times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Run acceptance tests' + echo STEP_ID=${{ matrix.platform }}-${{ matrix.collection }}-5 >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + + - name: Remove test environment + if: ${{ always() }} + run: | + if [ -f inventory.yaml ]; then + buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:tear_down' -- bundle exec rake 'litmus:tear_down' + echo ::group::=== REQUEST === + cat request.json || true + echo + echo ::endgroup:: + fi + + - name: "Honeycomb: Record removal times" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Remove test environment' diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/.gitpod.Dockerfile b/modules/utilities/unix/languages/java_stretch_compatible/java/.gitpod.Dockerfile new file mode 100644 index 000000000..0814c5e61 --- /dev/null +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/.gitpod.Dockerfile @@ -0,0 +1,18 @@ +FROM gitpod/workspace-full +RUN sudo wget https://apt.puppet.com/puppet-tools-release-bionic.deb && \ + wget https://apt.puppetlabs.com/puppet6-release-bionic.deb && \ + sudo dpkg -i puppet6-release-bionic.deb && \ + sudo dpkg -i puppet-tools-release-bionic.deb && \ + sudo apt-get update && \ + sudo apt-get install -y pdk zsh puppet-agent && \ + sudo apt-get clean && \ + sudo rm -rf /var/lib/apt/lists/* +RUN sudo usermod -s $(which zsh) gitpod && \ + sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" && \ + echo "plugins=(git gitignore github gem pip bundler python ruby docker docker-compose)" >> /home/gitpod/.zshrc && \ + echo 'PATH="$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/opt/puppetlabs/bin:/opt/puppetlabs/puppet/bin"' >> /home/gitpod/.zshrc && \ + sudo /opt/puppetlabs/puppet/bin/gem install puppet-debugger hub -N && \ + mkdir -p /home/gitpod/.config/puppet && \ + /opt/puppetlabs/puppet/bin/ruby -r yaml -e "puts ({'disabled' => true}).to_yaml" > /home/gitpod/.config/puppet/analytics.yml +RUN rm -f puppet6-release-bionic.deb puppet-tools-release-bionic.deb +ENTRYPOINT /usr/bin/zsh diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/.gitpod.yml b/modules/utilities/unix/languages/java_stretch_compatible/java/.gitpod.yml new file mode 100644 index 000000000..18406c508 --- /dev/null +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/.gitpod.yml @@ -0,0 +1,9 @@ +image: + file: .gitpod.Dockerfile + +tasks: + - init: pdk bundle install + +vscode: + extensions: + - puppet.puppet-vscode@1.0.0:oSzfTkDf6Cmc1jOjgW33VA== diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/.rubocop_todo.yml b/modules/utilities/unix/languages/java_stretch_compatible/java/.rubocop_todo.yml new file mode 100644 index 000000000..e69de29bb diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/CHANGELOG.md b/modules/utilities/unix/languages/java_stretch_compatible/java/CHANGELOG.md index 7153f3e59..a8dc6b071 100644 --- a/modules/utilities/unix/languages/java_stretch_compatible/java/CHANGELOG.md +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/CHANGELOG.md @@ -2,6 +2,137 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## [v6.5.0](https://github.com/puppetlabs/puppetlabs-java/tree/v6.5.0) (2020-12-16) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-java/compare/v6.4.0...v6.5.0) + +### Added + +- pdksync - \(feat\) Add support for Puppet 7 [\#454](https://github.com/puppetlabs/puppetlabs-java/pull/454) ([daianamezdrea](https://github.com/daianamezdrea)) + +## [v6.4.0](https://github.com/puppetlabs/puppetlabs-java/tree/v6.4.0) (2020-11-09) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-java/compare/v6.3.0...v6.4.0) + +### Added + +- Add support for SAP Java \(sapjvm / sapmachine\) [\#433](https://github.com/puppetlabs/puppetlabs-java/pull/433) ([timdeluxe](https://github.com/timdeluxe)) + +### Fixed + +- \[IAC-1208\] - Add the good links for solving the 404 error and exclude sles [\#443](https://github.com/puppetlabs/puppetlabs-java/pull/443) ([daianamezdrea](https://github.com/daianamezdrea)) +- \(IAC-993\) - Removal of inappropriate terminology [\#439](https://github.com/puppetlabs/puppetlabs-java/pull/439) ([david22swan](https://github.com/david22swan)) + +## [v6.3.0](https://github.com/puppetlabs/puppetlabs-java/tree/v6.3.0) (2020-05-27) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-java/compare/v6.2.0...v6.3.0) + +### Added + +- \(MODULES-10681\) Add option to manage symlink to java::adopt [\#429](https://github.com/puppetlabs/puppetlabs-java/pull/429) ([fraenki](https://github.com/fraenki)) +- \(IAC-746\) - Add ubuntu 20.04 support [\#428](https://github.com/puppetlabs/puppetlabs-java/pull/428) ([david22swan](https://github.com/david22swan)) + +## [v6.2.0](https://github.com/puppetlabs/puppetlabs-java/tree/v6.2.0) (2020-02-18) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-java/compare/v6.1.0...v6.2.0) + +### Added + +- Support AdoptOpenJDK [\#370](https://github.com/puppetlabs/puppetlabs-java/pull/370) ([timdeluxe](https://github.com/timdeluxe)) + +### Fixed + +- Replace legacy facts by modern facts [\#406](https://github.com/puppetlabs/puppetlabs-java/pull/406) ([hdeheer](https://github.com/hdeheer)) + +## [v6.1.0](https://github.com/puppetlabs/puppetlabs-java/tree/v6.1.0) (2020-02-03) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-java/compare/v6.0.0...v6.1.0) + +## [v6.0.0](https://github.com/puppetlabs/puppetlabs-java/tree/v6.0.0) (2019-11-11) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-java/compare/v5.0.1...v6.0.0) + +### Added + +- \(FM-8676\) Add CentOS 8 to supported OS list [\#399](https://github.com/puppetlabs/puppetlabs-java/pull/399) ([david22swan](https://github.com/david22swan)) +- FM-8403 - add support Debain10 [\#387](https://github.com/puppetlabs/puppetlabs-java/pull/387) ([lionce](https://github.com/lionce)) + +### Fixed + +- we need to check if java\_default\_home has a value before we attempt t… [\#391](https://github.com/puppetlabs/puppetlabs-java/pull/391) ([robmbrooks](https://github.com/robmbrooks)) +- Add support for java 11, the default in debian buster 10 [\#386](https://github.com/puppetlabs/puppetlabs-java/pull/386) ([jhooyberghs](https://github.com/jhooyberghs)) + +## [v5.0.1](https://github.com/puppetlabs/puppetlabs-java/tree/v5.0.1) (2019-08-05) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-java/compare/v5.0.0...v5.0.1) + +## [v5.0.0](https://github.com/puppetlabs/puppetlabs-java/tree/v5.0.0) (2019-07-29) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-java/compare/v4.1.0...v5.0.0) + +### Changed + +- \[FM-8320\] Remove Oracle download [\#372](https://github.com/puppetlabs/puppetlabs-java/pull/372) ([carabasdaniel](https://github.com/carabasdaniel)) + +### Added + +- \(FM-8223\) converted to use litmus [\#376](https://github.com/puppetlabs/puppetlabs-java/pull/376) ([tphoney](https://github.com/tphoney)) +- Add buster support, default to 11 [\#369](https://github.com/puppetlabs/puppetlabs-java/pull/369) ([mhjacks](https://github.com/mhjacks)) +- Add support for debian buster [\#364](https://github.com/puppetlabs/puppetlabs-java/pull/364) ([TomRitserveldt](https://github.com/TomRitserveldt)) + +### Fixed + +- \(FM-8343\) use release numbers not lsbdistcodename [\#375](https://github.com/puppetlabs/puppetlabs-java/pull/375) ([tphoney](https://github.com/tphoney)) +- Revert "Add support for debian buster" [\#374](https://github.com/puppetlabs/puppetlabs-java/pull/374) ([tphoney](https://github.com/tphoney)) + +## [v4.1.0](https://github.com/puppetlabs/puppetlabs-java/tree/v4.1.0) (2019-05-29) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-java/compare/v4.0.0...v4.1.0) + +### Added + +- \(FM-8028\) Add RedHat 8 support [\#363](https://github.com/puppetlabs/puppetlabs-java/pull/363) ([eimlav](https://github.com/eimlav)) + +## [v4.0.0](https://github.com/puppetlabs/puppetlabs-java/tree/v4.0.0) (2019-05-20) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-java/compare/3.3.0...v4.0.0) + +### Changed + +- pdksync - \(MODULES-8444\) - Raise lower Puppet bound [\#356](https://github.com/puppetlabs/puppetlabs-java/pull/356) ([david22swan](https://github.com/david22swan)) + +### Added + +- \(FM-7921\) - Implement Puppet Strings [\#353](https://github.com/puppetlabs/puppetlabs-java/pull/353) ([david22swan](https://github.com/david22swan)) +- Update default version & java 8 version from 8u192 to 8u201 [\#347](https://github.com/puppetlabs/puppetlabs-java/pull/347) ([valentinsavenko](https://github.com/valentinsavenko)) +- Add ability to override basedir and package type for oracle java [\#345](https://github.com/puppetlabs/puppetlabs-java/pull/345) ([fraenki](https://github.com/fraenki)) +- MODULES-8613: Add option to set a custom JCE download URL [\#344](https://github.com/puppetlabs/puppetlabs-java/pull/344) ([HielkeJ](https://github.com/HielkeJ)) + +### Fixed + +- MODULES-8698: Fix $install\_path on CentOS with tar.gz package type [\#349](https://github.com/puppetlabs/puppetlabs-java/pull/349) ([fraenki](https://github.com/fraenki)) + +## [3.3.0](https://github.com/puppetlabs/puppetlabs-java/tree/3.3.0) (2019-01-17) + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-java/compare/3.2.0...3.3.0) + +### Added + +- \(MODULES-8234\) - Add SLES 15 support [\#336](https://github.com/puppetlabs/puppetlabs-java/pull/336) ([eimlav](https://github.com/eimlav)) +- \(MODULES-8234\) - Upgrade Oracle Java version to 8u192 [\#334](https://github.com/puppetlabs/puppetlabs-java/pull/334) ([eimlav](https://github.com/eimlav)) +- Support for installing JCE. Fixes MODULES-1681 [\#326](https://github.com/puppetlabs/puppetlabs-java/pull/326) ([dploeger](https://github.com/dploeger)) +- MODULES-8044: upgrade Oracle Java 8 to 181, make it the default release [\#314](https://github.com/puppetlabs/puppetlabs-java/pull/314) ([ojongerius](https://github.com/ojongerius)) + +### Fixed + +- pdksync - \(FM-7655\) Fix rubygems-update for ruby \< 2.3 [\#338](https://github.com/puppetlabs/puppetlabs-java/pull/338) ([tphoney](https://github.com/tphoney)) +- \(FM-7520\) - Removing Solaris from the support matrix [\#335](https://github.com/puppetlabs/puppetlabs-java/pull/335) ([pmcmaw](https://github.com/pmcmaw)) +- Optimized code for making java::oracle atomic. Fixes MODULES-8085 [\#330](https://github.com/puppetlabs/puppetlabs-java/pull/330) ([dploeger](https://github.com/dploeger)) +- Fix OpenJDK paths on Debian based OS with ARM [\#329](https://github.com/puppetlabs/puppetlabs-java/pull/329) ([mmoll](https://github.com/mmoll)) +- \(MODULES-7050\) - Fix OracleJDK reinstalling on Puppet runs [\#323](https://github.com/puppetlabs/puppetlabs-java/pull/323) ([eimlav](https://github.com/eimlav)) +- \(MODULES-8025\) Switch default for Ubuntu 18.04 to 11 [\#322](https://github.com/puppetlabs/puppetlabs-java/pull/322) ([baurmatt](https://github.com/baurmatt)) +- MODULES-7819 fix set JAVA\_HOME environments on FreeBSD platform [\#315](https://github.com/puppetlabs/puppetlabs-java/pull/315) ([olevole](https://github.com/olevole)) + ## [3.2.0](https://github.com/puppetlabs/puppetlabs-java/tree/3.2.0) (2018-09-27) [Full Changelog](https://github.com/puppetlabs/puppetlabs-java/compare/3.1.0...3.2.0) diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/CODEOWNERS b/modules/utilities/unix/languages/java_stretch_compatible/java/CODEOWNERS new file mode 100644 index 000000000..a5d109e99 --- /dev/null +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/CODEOWNERS @@ -0,0 +1,2 @@ +# Setting ownership to the modules team +* @puppetlabs/modules diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/CONTRIBUTING.md b/modules/utilities/unix/languages/java_stretch_compatible/java/CONTRIBUTING.md index 1a9fb3a5c..9c171f994 100644 --- a/modules/utilities/unix/languages/java_stretch_compatible/java/CONTRIBUTING.md +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/CONTRIBUTING.md @@ -108,7 +108,7 @@ process as easy as possible. To submit your changes via a GitHub pull request, we _highly_ recommend that you have them on a topic branch, instead of - directly on "master". + directly on "main". It makes things much easier to keep track of, especially if you decide to work on another thing before your first change is merged in. diff --git a/modules/utilities/unix/logging/elasticsearch/LICENSE b/modules/utilities/unix/languages/java_stretch_compatible/java/LICENSE similarity index 99% rename from modules/utilities/unix/logging/elasticsearch/LICENSE rename to modules/utilities/unix/languages/java_stretch_compatible/java/LICENSE index bd2e60d52..d64569567 100644 --- a/modules/utilities/unix/logging/elasticsearch/LICENSE +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/LICENSE @@ -187,7 +187,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2012-2017 Elasticsearch + Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/README.md b/modules/utilities/unix/languages/java_stretch_compatible/java/README.md new file mode 100644 index 000000000..4d8161979 --- /dev/null +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/README.md @@ -0,0 +1,246 @@ +# java + +#### Table of Contents + +1. [Overview](#overview) +2. [Module Description - What the module does and why it is useful](#module-description) +3. [Setup - The basics of getting started with the java module](#setup) + * [Beginning with the java module](#beginning-with-the-java-module) +4. [Usage - Configuration options and additional functionality](#usage) +5. [Reference - An under-the-hood peek at what the module is doing and how](#reference) +6. [Limitations - OS compatibility, etc.](#limitations) +7. [Development - Guide for contributing to the module](#development) + +## Overview + +Installs the correct Java package on various platforms. + +## Module Description + +The java module can automatically install Java jdk or jre on a wide variety of systems. Java is a base component for many software platforms, but Java system packages don't always follow packaging conventions. The java module simplifies the Java installation process. + +## Setup + +### Beginning with the java module + +To install the correct Java package on your system, include the `java` class: `include java`. + +## Usage + +The java module installs the correct jdk or jre package on a wide variety of systems. By default, the module installs the jdk package, but you can set different installation parameters as needed. For example, to install jre instead of jdk, you would set the distribution parameter: + +```puppet +class { 'java': + distribution => 'jre', +} +``` + +To install the latest patch version of Java 8 on CentOS + +```puppet +class { 'java' : + package => 'java-1.8.0-openjdk-devel', +} +``` + +The defined type `java::download` installs one or more versions of Java SE from a remote url. `java::download` depends on [puppet/archive](https://github.com/voxpupuli/puppet-archive). + +To install Java to a non-default basedir (defaults: /usr/lib/jvm for Debian; /usr/java for RedHat): +```puppet +java::download { 'jdk8' : + ensure => 'present', + java_se => 'jdk', + url => 'http://myjava.repository/java.tgz", + basedir => '/custom/java', +} +``` + +## AdoptOpenJDK + +The defined type `java::adopt` installs one or more versions of AdoptOpenJDK Java. `java::adopt` depends on [puppet/archive](https://github.com/voxpupuli/puppet-archive). + +```puppet +java::adopt { 'jdk8' : + ensure => 'present', + version => '8', + java => 'jdk', +} + +java::adopt { 'jdk11' : + ensure => 'present', + version => '11', + java => 'jdk', +} +``` + +To install a specific release of a AdoptOpenJDK Java version, e.g. 8u202-b08, provide both parameters `version_major` and `version_minor` as follows: + +```puppet +java::adopt { 'jdk8' : + ensure => 'present', + version_major => '8u202', + version_minor => 'b08', + java => 'jdk', +} +``` + +To install AdoptOpenJDK Java to a non-default basedir (defaults: /usr/lib/jvm for Debian; /usr/java for RedHat): +```puppet +java::adopt { 'jdk8' : + ensure => 'present', + version_major => '8u202', + version_minor => 'b08', + java => 'jdk', + basedir => '/custom/java', +} +``` + +To ensure that a custom basedir is a directory before AdoptOpenJDK Java is installed (note: manage separately for custom ownership or perms): +```puppet +java::adopt { 'jdk8' : + ensure => 'present', + version_major => '8u202', + version_minor => 'b08', + java => 'jdk', + manage_basedir => true, + basedir => '/custom/java', +} +``` + +## SAP Java (sapjvm / sapmachine) + +SAP also offers JVM distributions. They are mostly required for their SAP products. In earlier versions it is called "sapjvm", in newer versions they call it "sapmachine". + +The defined type `java::sap` installs one or more versions of sapjvm (if version 7 or 8) or sapmachine (if version > 8) Java. `java::sap` depends on [puppet/archive](https://github.com/voxpupuli/puppet-archive). +By using this defined type with versions 7 or 8 you agree with the EULA presented at https://tools.hana.ondemand.com/developer-license-3_1.txt! + +```puppet +java::sap { 'sapjvm8' : + ensure => 'present', + version => '8', + java => 'jdk', +} + +java::sap { 'sapmachine11' : + ensure => 'present', + version => '11', + java => 'jdk', +} +``` + +To install a specific release of a SAP Java version, e.g. sapjvm 8.1.063, provide parameter `version_full`: + +```puppet +java::sap { 'jdk8' : + ensure => 'present', + version_full => '8.1.063', + java => 'jdk', +} +``` + +To install SAP Java to a non-default basedir (defaults: /usr/lib/jvm for Debian; /usr/java for RedHat): +```puppet +java::adopt { 'sapjvm8' : + ensure => 'present', + version_full => '8.1.063', + java => 'jdk', + basedir => '/custom/java', +} +``` + +To ensure that a custom basedir is a directory before SAP Java is installed (note: manage separately for custom ownership or perms): +```puppet +java::adopt { 'sapjvm8' : + ensure => 'present', + version_full => '8.1.063', + java => 'jdk', + manage_basedir => true, + basedir => '/custom/java', +} +``` + +## Reference + +For information on the classes and types, see the [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-java/blob/main/REFERENCE.md). For information on the facts, see below. + +### Facts + +The java module includes a few facts to describe the version of Java installed on the system: + +* `java_major_version`: The major version of Java. +* `java_patch_level`: The patch level of Java. +* `java_version`: The full Java version string. +* `java_default_home`: The absolute path to the java system home directory (only available on Linux). For instance, the `java` executable's path would be `${::java_default_home}/jre/bin/java`. This is slightly different from the "standard" JAVA_HOME environment variable. +* `java_libjvm_path`: The absolute path to the directory containing the shared library `libjvm.so` (only available on Linux). Useful for setting `LD_LIBRARY_PATH` or configuring the dynamic linker. + +**Note:** The facts return `nil` if Java is not installed on the system. + +## Limitations + +For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-java/blob/main/metadata.json) + +This module cannot guarantee installation of Java versions that are not available on platform repositories. + +This module only manages a singular installation of Java, meaning it is not possible to manage e.g. OpenJDK 7, Oracle Java 7 and Oracle Java 8 in parallel on the same system. + +Oracle Java packages are not included in Debian 7 and Ubuntu 12.04/14.04 repositories. To install Java on those systems, you'll need to package Oracle JDK/JRE, and then the module can install the package. For more information on how to package Oracle JDK/JRE, see the [Debian wiki](http://wiki.debian.org/JavaPackage). + +This module is officially [supported](https://forge.puppetlabs.com/supported) for the following Java versions and platforms: + +OpenJDK is supported on: + +* Red Hat Enterprise Linux (RHEL) 5, 6, 7 +* CentOS 5, 6, 7 +* Oracle Linux 6, 7 +* Scientific Linux 6 +* Debian 8, 9 +* Ubuntu 14.04, 16.04, 18.04, 20.04 +* Solaris 11 +* SLES 11, 12 + +Sun Java is supported on: + +* Debian 6 + +Oracle Java is supported on: + +* CentOS 6 +* CentOS 7 +* Red Hat Enterprise Linux (RHEL) 7 + +AdoptOpenJDK Java is supported on: + +* CentOS +* Red Hat Enterprise Linux (RHEL) +* Amazon Linux +* Debian + +SAP Java 7 and 8 (=sapjvm) are supported (by SAP) on: + +* SLES 12, 15 +* Oracle Linux 7, 8 +* Red Hat Enterprise Linux (RHEL) 7, 8 + +(however installations on other distributions mostly also work well) + +For SAP Java > 8 (=sapmachine) please refer to the OpenJDK list as it is based on OpenJDK and has no special requirements. + + +### Known issues + +Where Oracle change the format of the URLs to different installer packages, the curl to fetch the package may fail with a HTTP/404 error. In this case, passing a full known good URL using the `url` parameter will allow the module to still be able to install specific versions of the JRE/JDK. Note the `version_major` and `version_minor` parameters must be passed and must match the version downloaded using the known URL in the `url` parameter. + +#### OpenBSD + +OpenBSD packages install Java JRE/JDK in a unique directory structure, not linking +the binaries to a standard directory. Because of that, the path to this location +is hardcoded in the `java_version` fact. Whenever you upgrade Java to a newer +version, you have to update the path in this fact. + +## Development + +Puppet modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. To contribute to Puppet projects, see our [module contribution guide.](https://docs.puppetlabs.com/forge/contributing.html) + +## Contributors + +The list of contributors can be found at [https://github.com/puppetlabs/puppetlabs-java/graphs/contributors](https://github.com/puppetlabs/puppetlabs-java/graphs/contributors). diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/REFERENCE.md b/modules/utilities/unix/languages/java_stretch_compatible/java/REFERENCE.md new file mode 100644 index 000000000..a54ce039d --- /dev/null +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/REFERENCE.md @@ -0,0 +1,436 @@ +# Reference + + + +## Table of Contents + +### Classes + +#### Public Classes + +* [`java`](#java): This module manages the Java runtime package + +#### Private Classes + +* `java::config` +* `java::params`: This class builds a hash of JDK/JRE packages and (for Debian) +alternatives. For wheezy/precise, we provide Oracle JDK/JRE +options, even though those are not in the package repositories. + +### Defined types + +* [`java::adopt`](#javaadopt): Install one or more versions of AdoptOpenJDK Java. +* [`java::download`](#javadownload): Installs Java from a url location. +* [`java::sap`](#javasap): Install one or more versions of SAPJVM or Sapmachine + +## Classes + +### `java` + +This module manages the Java runtime package + +#### Parameters + +The following parameters are available in the `java` class. + +##### `distribution` + +Data type: `String` + +The java distribution to install. Can be one of "jdk" or "jre", +or other platform-specific options where there are multiple +implementations available (eg: OpenJDK vs Oracle JDK). + +Default value: `'jdk'` + +##### `version` + +Data type: `Pattern[/present|installed|latest|^[.+_0-9a-zA-Z:~-]+$/]` + +The version of java to install. By default, this module simply ensures +that java is present, and does not require a specific version. + +Default value: `'present'` + +##### `package` + +Data type: `Optional[String]` + +The name of the java package. This is configurable in case a non-standard +java package is desired. + +Default value: ``undef`` + +##### `package_options` + +Data type: `Optional[Array]` + +Array of strings to pass installation options to the 'package' Puppet resource. +Options available depend on the 'package' provider for the target OS. + +Default value: ``undef`` + +##### `java_alternative` + +Data type: `Optional[String]` + +The name of the java alternative to use on Debian systems. +"update-java-alternatives -l" will show which choices are available. +If you specify a particular package, you will almost always also +want to specify which java_alternative to choose. If you set +this, you also need to set the path below. + +Default value: ``undef`` + +##### `java_alternative_path` + +Data type: `Optional[String]` + +The path to the "java" command on Debian systems. Since the +alternatives system makes it difficult to verify which +alternative is actually enabled, this is required to ensure the +correct JVM is enabled. + +Default value: ``undef`` + +##### `java_home` + +Data type: `Optional[String]` + +The path to where the JRE is installed. This will be set as an +environment variable. + +Default value: ``undef`` + +## Defined types + +### `java::adopt` + +Defined Type java::adopt + +#### Parameters + +The following parameters are available in the `java::adopt` defined type. + +##### `ensure` + +Data type: `Any` + +Install or remove the package. + +Default value: `'present'` + +##### `version` + +Data type: `Any` + +Version of Java to install, e.g. '8' or '9'. Default values for major and minor versions will be used. + +Default value: `'8'` + +##### `version_major` + +Data type: `Any` + +Major version which should be installed, e.g. '8u101' or '9.0.4'. Must be used together with version_minor. + +Default value: ``undef`` + +##### `version_minor` + +Data type: `Any` + +Minor version which should be installed, e.g. 'b12' (for version = '8') or '11' (for version != '8'). Must be used together with version_major. + +Default value: ``undef`` + +##### `java` + +Data type: `Any` + +Type of Java Standard Edition to install, jdk or jre. + +Default value: `'jdk'` + +##### `proxy_server` + +Data type: `Any` + +Specify a proxy server, with port number if needed. ie: https://example.com:8080. (passed to archive) + +Default value: ``undef`` + +##### `proxy_type` + +Data type: `Any` + +Proxy server type (none|http|https|ftp). (passed to archive) + +Default value: ``undef`` + +##### `basedir` + +Data type: `Any` + +Directory under which the installation will occur. If not set, defaults to +/usr/lib/jvm for Debian and /usr/java for RedHat. + +Default value: ``undef`` + +##### `manage_basedir` + +Data type: `Any` + +Whether to manage the basedir directory. Defaults to false. +Note: /usr/lib/jvm is managed for Debian by default, separate from this parameter. + +Default value: ``true`` + +##### `package_type` + +Data type: `Any` + +Type of installation package for specified version of java_se. java_se 6 comes +in a few installation package flavors and we need to account for them. +Optional forced package types: rpm, rpmbin, tar.gz + +Default value: ``undef`` + +##### `manage_symlink` + +Data type: `Any` + +Whether to manage a symlink that points to the installation directory. Defaults to false. + +Default value: ``false`` + +##### `symlink_name` + +Data type: `Any` + +The name for the optional symlink in the installation directory. + +Default value: ``undef`` + +### `java::download` + +Defined Type java::download + +#### Parameters + +The following parameters are available in the `java::download` defined type. + +##### `ensure` + +Data type: `Any` + +Install or remove the package. + +Default value: `'present'` + +##### `version` + +Data type: `Any` + +Version of Java to install, e.g. '7' or '8'. Default values for major and minor versions will be used. + +Default value: `'8'` + +##### `version_major` + +Data type: `Any` + +Major version which should be installed, e.g. '8u101'. Must be used together with version_minor. + +Default value: ``undef`` + +##### `version_minor` + +Data type: `Any` + +Minor version which should be installed, e.g. 'b12'. Must be used together with version_major. + +Default value: ``undef`` + +##### `java_se` + +Data type: `Any` + +Type of Java Standard Edition to install, jdk or jre. + +Default value: `'jdk'` + +##### `proxy_server` + +Data type: `Any` + +Specify a proxy server, with port number if needed. ie: https://example.com:8080. (passed to archive) + +Default value: ``undef`` + +##### `proxy_type` + +Data type: `Any` + +Proxy server type (none|http|https|ftp). (passed to archive) + +Default value: ``undef`` + +##### `url` + +Data type: `Any` + +Full URL + +Default value: ``undef`` + +##### `jce` + +Data type: `Any` + +Install Oracles Java Cryptographic Extensions into the JRE or JDK + +Default value: ``false`` + +##### `jce_url` + +Data type: `Any` + +Full URL to the jce zip file + +Default value: ``undef`` + +##### `basedir` + +Data type: `Any` + +Directory under which the installation will occur. If not set, defaults to +/usr/lib/jvm for Debian and /usr/java for RedHat. + +Default value: ``undef`` + +##### `manage_basedir` + +Data type: `Any` + +Whether to manage the basedir directory. Defaults to false. +Note: /usr/lib/jvm is managed for Debian by default, separate from this parameter. + +Default value: ``false`` + +##### `package_type` + +Data type: `Any` + +Type of installation package for specified version of java_se. java_se 6 comes +in a few installation package flavors and we need to account for them. +Optional forced package types: rpm, rpmbin, tar.gz + +Default value: ``undef`` + +##### `manage_symlink` + +Data type: `Any` + +Whether to manage a symlink that points to the installation directory. Defaults to false. + +Default value: ``false`` + +##### `symlink_name` + +Data type: `Any` + +The name for the optional symlink in the installation directory. + +Default value: ``undef`` + +### `java::sap` + +Defined Type java::sap + +#### Parameters + +The following parameters are available in the `java::sap` defined type. + +##### `ensure` + +Data type: `Any` + +Install or remove the package. + +Default value: `'present'` + +##### `version` + +Data type: `Any` + +Version of Java to install, e.g. '8' or '9'. Default values for full versions will be used. + +Default value: `'8'` + +##### `version_full` + +Data type: `Any` + +Major version which should be installed, e.g. '8.1.063' or '11.0.7'. If used, "version" parameter is ignored. + +Default value: ``undef`` + +##### `java` + +Data type: `Any` + +Type of Java Edition to install, jdk or jre. + +Default value: `'jdk'` + +##### `proxy_server` + +Data type: `Any` + +Specify a proxy server, with port number if needed. ie: https://example.com:8080. (passed to archive) + +Default value: ``undef`` + +##### `proxy_type` + +Data type: `Any` + +Proxy server type (none|http|https|ftp). (passed to archive) + +Default value: ``undef`` + +##### `basedir` + +Data type: `Any` + +Directory under which the installation will occur. If not set, defaults to +/usr/lib/jvm for Debian and /usr/java for RedHat. + +Default value: ``undef`` + +##### `manage_basedir` + +Data type: `Any` + +Whether to manage the basedir directory. Defaults to false. +Note: /usr/lib/jvm is managed for Debian by default, separate from this parameter. + +Default value: ``true`` + +##### `manage_symlink` + +Data type: `Any` + +Whether to manage a symlink that points to the installation directory. Defaults to false. + +Default value: ``false`` + +##### `symlink_name` + +Data type: `Any` + +The name for the optional symlink in the installation directory. + +Default value: ``undef`` + diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/data/common.yaml b/modules/utilities/unix/languages/java_stretch_compatible/java/data/common.yaml new file mode 100644 index 000000000..2fbf0ffd7 --- /dev/null +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/data/common.yaml @@ -0,0 +1 @@ +--- {} diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/examples/alternative.pp b/modules/utilities/unix/languages/java_stretch_compatible/java/examples/alternative.pp index f361db6c6..0d0dee874 100644 --- a/modules/utilities/unix/languages/java_stretch_compatible/java/examples/alternative.pp +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/examples/alternative.pp @@ -1,5 +1,5 @@ class { 'java': package => 'jdk-8u25-linux-x64', java_alternative => 'jdk1.8.0_25', - java_alternative_path => '/usr/java/jdk1.8.0_25/jre/bin/java' + java_alternative_path => '/usr/java/jdk1.8.0_25/jre/bin/java', } diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/hiera.yaml b/modules/utilities/unix/languages/java_stretch_compatible/java/hiera.yaml new file mode 100644 index 000000000..545fff327 --- /dev/null +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/hiera.yaml @@ -0,0 +1,21 @@ +--- +version: 5 + +defaults: # Used for any hierarchy level that omits these keys. + datadir: data # This path is relative to hiera.yaml's directory. + data_hash: yaml_data # Use the built-in YAML backend. + +hierarchy: + - name: "osfamily/major release" + paths: + # Used to distinguish between Debian and Ubuntu + - "os/%{facts.os.name}/%{facts.os.release.major}.yaml" + - "os/%{facts.os.family}/%{facts.os.release.major}.yaml" + # Used for Solaris + - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml" + - name: "osfamily" + paths: + - "os/%{facts.os.name}.yaml" + - "os/%{facts.os.family}.yaml" + - name: 'common' + path: 'common.yaml' diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_libjvm_path.rb b/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_libjvm_path.rb index 698a8f036..7ae549f0f 100644 --- a/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_libjvm_path.rb +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_libjvm_path.rb @@ -7,6 +7,7 @@ # # Caveats: # Needs to list files recursively. Returns the first match +# Needs working java_major_version fact # # Notes: # None @@ -14,11 +15,18 @@ Facter.add(:java_libjvm_path) do confine kernel: ['Linux', 'OpenBSD'] setcode do java_default_home = Facter.value(:java_default_home) - java_libjvm_file = Dir.glob("#{java_default_home}/jre/lib/**/libjvm.so") - if java_libjvm_file.nil? || java_libjvm_file.empty? - nil - else - File.dirname(java_libjvm_file[0]) + java_major_version = Facter.value(:java_major_version) + unless java_major_version.nil? + java_libjvm_file = if java_major_version.to_i >= 11 + Dir.glob("#{java_default_home}/lib/**/libjvm.so") + else + Dir.glob("#{java_default_home}/jre/lib/**/libjvm.so") + end + if java_libjvm_file.nil? || java_libjvm_file.empty? + nil + else + File.dirname(java_libjvm_file[0]) + end end end end diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_major_version.rb b/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_major_version.rb index 8fc04e2a9..3afd99490 100644 --- a/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_major_version.rb +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_major_version.rb @@ -16,7 +16,13 @@ Facter.add(:java_major_version) do java_major_version = nil setcode do java_version = Facter.value(:java_version) - java_major_version = java_version.strip.split('_')[0].split('.')[1] unless java_version.nil? + unless java_version.nil? + java_major_version = if java_version.strip[0..1] == '1.' + java_version.strip.split('_')[0].split('.')[1] + else + java_version.strip.split('.')[0] + end + end end java_major_version end diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_patch_level.rb b/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_patch_level.rb index 0c952ec1c..2722d0b02 100644 --- a/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_patch_level.rb +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_patch_level.rb @@ -3,7 +3,7 @@ # Purpose: get Java's patch level # # Resolution: -# Uses java_version fact splits on the patch number (after _) +# Uses java_version fact splits on the patch number (after _ for 1.x and patch number for semver'ed javas) # # Caveats: # none @@ -14,7 +14,13 @@ Facter.add(:java_patch_level) do java_patch_level = nil setcode do java_version = Facter.value(:java_version) - java_patch_level = java_version.strip.split('_')[1] unless java_version.nil? + unless java_version.nil? + if java_version.strip[0..1] == '1.' + java_patch_level = java_version.strip.split('_')[1] unless java_version.nil? + else + java_patch_level = java_version.strip.split('.')[2] unless java_version.nil? + end + end end java_patch_level end diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_version.rb b/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_version.rb index f717f69ca..6de4bb45a 100644 --- a/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_version.rb +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/lib/facter/java_version.rb @@ -4,7 +4,7 @@ # # Resolution: # Tests for presence of java, returns nil if not present -# returns output of "java -version" and splits on \n + '"' +# returns output of "java -version" and splits on '"' # # Caveats: # none @@ -24,7 +24,7 @@ Facter.add(:java_version) do unless ['darwin'].include? Facter.value(:operatingsystem).downcase version = nil if Facter::Util::Resolution.which('java') - Facter::Util::Resolution.exec('java -Xmx12m -version 2>&1').lines.each { |line| version = $LAST_MATCH_INFO[1] if %r{^.+ version \"(.+)\"$} =~ line } + Facter::Util::Resolution.exec('java -Xmx12m -version 2>&1').lines.each { |line| version = Regexp.last_match(1) if %r{^.+ version \"(.+)\"} =~ line } end version end @@ -37,7 +37,7 @@ Facter.add(:java_version) do setcode do unless %r{Unable to find any JVMs matching version} =~ Facter::Util::Resolution.exec('/usr/libexec/java_home --failfast 2>&1') version = nil - Facter::Util::Resolution.exec('java -Xmx12m -version 2>&1').lines.each { |line| version = $LAST_MATCH_INFO[1] if %r{^.+ version \"(.+)\"$} =~ line } + Facter::Util::Resolution.exec('java -Xmx12m -version 2>&1').lines.each { |line| version = Regexp.last_match(1) if %r{^.+ version \"(.+)\"} =~ line } version end end diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/adopt.pp b/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/adopt.pp new file mode 100644 index 000000000..c460069f0 --- /dev/null +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/adopt.pp @@ -0,0 +1,312 @@ +# Defined Type java::adopt +# +# @summary +# Install one or more versions of AdoptOpenJDK Java. +# +# @param ensure +# Install or remove the package. +# +# @param version +# Version of Java to install, e.g. '8' or '9'. Default values for major and minor versions will be used. +# +# @param version_major +# Major version which should be installed, e.g. '8u101' or '9.0.4'. Must be used together with version_minor. +# +# @param version_minor +# Minor version which should be installed, e.g. 'b12' (for version = '8') or '11' (for version != '8'). Must be used together with version_major. +# +# @param java +# Type of Java Standard Edition to install, jdk or jre. +# +# @param proxy_server +# Specify a proxy server, with port number if needed. ie: https://example.com:8080. (passed to archive) +# +# @param proxy_type +# Proxy server type (none|http|https|ftp). (passed to archive) +# +# @param basedir +# Directory under which the installation will occur. If not set, defaults to +# /usr/lib/jvm for Debian and /usr/java for RedHat. +# +# @param manage_basedir +# Whether to manage the basedir directory. Defaults to false. +# Note: /usr/lib/jvm is managed for Debian by default, separate from this parameter. +# +# @param package_type +# Type of installation package for specified version of java_se. java_se 6 comes +# in a few installation package flavors and we need to account for them. +# Optional forced package types: rpm, rpmbin, tar.gz +# +# @param manage_symlink +# Whether to manage a symlink that points to the installation directory. Defaults to false. +# +# @param symlink_name +# The name for the optional symlink in the installation directory. +# +define java::adopt ( + $ensure = 'present', + $version = '8', + $version_major = undef, + $version_minor = undef, + $java = 'jdk', + $proxy_server = undef, + $proxy_type = undef, + $basedir = undef, + $manage_basedir = true, + $package_type = undef, + $manage_symlink = false, + $symlink_name = undef, +) { + + # archive module is used to download the java package + include ::archive + + # validate java Standard Edition to download + if $java !~ /(jre|jdk)/ { + fail('java must be either jre or jdk.') + } + + # determine AdoptOpenJDK Java major and minor version, and installation path + if $version_major and $version_minor { + + $release_major = $version_major + $release_minor = $version_minor + + if ( $version_major[0] == '8' or $version_major[0] == '9' ) { + $_version = $version_major[0] + } else { + $_version = $version_major[0,2] + } + + $_version_int = Numeric($_version) + + if ( $java == 'jre' ) { + $_append_jre = '-jre' + } else { + $_append_jre = '' + } + + # extracted folders look like this: + # jdk8u202-b08 + # jdk-9.0.4+11 + # jdk-10.0.2+13 + # jdk-11.0.2+9 + # jdk-12.0.1+12 + # jdk8u202-b08-jre + # jdk-9.0.4+11-jre + # hence we need to check for the major version and build the install path according to it + if ( $_version_int == 8 ) { + $install_path = "jdk${release_major}-${release_minor}${_append_jre}" + } elsif ( $_version_int > 8 ) { + $install_path = "jdk-${release_major}+${release_minor}${_append_jre}" + } else { + fail ("unsupported version ${_version}") + } + + } else { + $_version = $version + $_version_int = Numeric($_version) + # use default versions if no specific major and minor version parameters are provided + case $version { + '8' : { + $release_major = '8u202' + $release_minor = 'b08' + $install_path = "${java}8u202-b08" + } + '9' : { + $release_major = '9.0.4' + $release_minor = '11' + $install_path = "${java}-9.0.4+11" + } + # minor release is given with +, however package etc. works with underscore, so we use underscore here + '10' : { + $release_major = '10.0.2' + $release_minor = '13' + $install_path = "${java}-10.0.2+13" + } + '11' : { + $release_major = '11.0.2' + $release_minor = '9' + $install_path = "${java}-11.0.2+9" + } + # minor release is given with +, however package etc. works with underscore, so we use underscore here + '12' : { + $release_major = '12.0.1' + $release_minor = '12' + $install_path = "${java}-12.0.1+12" + } + default : { + $release_major = '8u202' + $release_minor = 'b08' + $install_path = "${java}8u202-b08" + } + } + } + + # determine package type (exe/tar/rpm), destination directory based on OS + case $facts['kernel'] { + 'Linux' : { + case $facts['os']['family'] { + 'RedHat', 'Amazon' : { + if $package_type { + $_package_type = $package_type + } else { + $_package_type = 'tar.gz' + } + if $basedir { + $_basedir = $basedir + } else { + $_basedir = '/usr/java' + } + } + 'Debian' : { + if $package_type { + $_package_type = $package_type + } else { + $_package_type = 'tar.gz' + } + if $basedir { + $_basedir = $basedir + } else { + $_basedir = '/usr/lib/jvm' + } + } + default : { + fail ("unsupported platform ${$facts['os']['name']}") } + } + + $creates_path = "${_basedir}/${install_path}" + $os = 'linux' + $destination_dir = '/tmp/' + } + default : { + fail ( "unsupported platform ${$facts['kernel']}" ) } + } + + # set java architecture nomenclature + $os_architecture = $facts['os']['architecture'] ? { + undef => $facts['architecture'], + default => $facts['os']['architecture'] + } + + case $os_architecture { + 'i386' : { $arch = 'x86-32' } + 'x86_64' : { $arch = 'x64' } + 'amd64' : { $arch = 'x64' } + default : { + fail ("unsupported platform ${$os_architecture}") + } + } + + # package name and path for download from github + # + # following are build based on this real life example full URLs: + # + # https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u202-b08/OpenJDK8U-jdk_x64_linux_hotspot_8u202b08.tar.gz + # https://github.com/AdoptOpenJDK/openjdk9-binaries/releases/download/jdk-9.0.4%2B11/OpenJDK9U-jdk_x64_linux_hotspot_9.0.4_11.tar.gz + # https://github.com/AdoptOpenJDK/openjdk10-binaries/releases/download/jdk-10.0.2%2B13/OpenJDK10U-jdk_x64_linux_hotspot_10.0.2_13.tar.gz + # https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.2%2B9/OpenJDK11U-jdk_x64_linux_hotspot_11.0.2_9.tar.gz + # https://github.com/AdoptOpenJDK/openjdk12-binaries/releases/download/jdk-12.0.1%2B12/OpenJDK12U-jdk_x64_linux_hotspot_12.0.1_12.tar.gz + # jre just replaces jdk with jre in the archive name, but not in the path name! + # https://github.com/AdoptOpenJDK/openjdk9-binaries/releases/download/jdk-9.0.4%2B11/OpenJDK9U-jre_x64_linux_hotspot_9.0.4_11.tar.gz + + if ( $_version_int == 8 ) { + $_release_minor_package_name = $release_minor + } else { + $_release_minor_package_name = "_${release_minor}" + } + + case $_package_type { + 'tar.gz': { + $package_name = "OpenJDK${_version}U-${java}_${arch}_${os}_hotspot_${release_major}${_release_minor_package_name}.tar.gz" + } + default: { + $package_name = "OpenJDK${_version}U-${java}_${arch}_${os}_hotspot_${release_major}${_release_minor_package_name}.tar.gz" + } + } + + # naming convention changed after major version 8, setting variables to consider that + # download_folder_prefix always begins with "jdk", even for jre! see comments for package_name above + if ( $_version_int == 8 ) { + $spacer = '-' + $download_folder_prefix = 'jdk' + } else { + $spacer = '%2B' + $download_folder_prefix = 'jdk-' + } + $source = "https://github.com/AdoptOpenJDK/openjdk${_version}-binaries/releases/download/${download_folder_prefix}${release_major}${spacer}${release_minor}/${package_name}" + + # full path to the installer + $destination = "${destination_dir}${package_name}" + notice ("Destination is ${destination}") + + case $_package_type { + 'tar.gz' : { + $install_command = "tar -zxf ${destination} -C ${_basedir}" + } + default : { + $install_command = "tar -zxf ${destination} -C ${_basedir}" + } + } + + case $ensure { + 'present' : { + archive { $destination : + ensure => present, + source => $source, + extract_path => '/tmp', + cleanup => false, + creates => $creates_path, + proxy_server => $proxy_server, + proxy_type => $proxy_type, + } + case $facts['kernel'] { + 'Linux' : { + case $facts['os']['family'] { + 'Debian' : { + ensure_resource('file', $_basedir, { + ensure => directory, + }) + $install_requires = [Archive[$destination], File[$_basedir]] + } + default : { + $install_requires = [Archive[$destination]] + } + } + + if $manage_basedir { + if (!defined(File[$_basedir])) { + file { $_basedir: + ensure => 'directory', + before => Exec["Install AdoptOpenJDK java ${java} ${_version} ${release_major} ${release_minor}"], + } + } + } + + exec { "Install AdoptOpenJDK java ${java} ${_version} ${release_major} ${release_minor}" : + path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin', + command => $install_command, + creates => $creates_path, + require => $install_requires + } + + if ($manage_symlink and $symlink_name) { + file { "${_basedir}/${symlink_name}": + ensure => link, + target => $creates_path, + require => Exec["Install AdoptOpenJDK java ${java} ${_version} ${release_major} ${release_minor}"], + } + } + + } + default : { + fail ("unsupported platform ${$facts['kernel']}") + } + } + } + default : { + notice ("Action ${ensure} not supported.") + } + } + +} diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/config.pp b/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/config.pp index 6237a8b76..fd67fea33 100644 --- a/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/config.pp +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/config.pp @@ -1,6 +1,6 @@ -# On Debian systems, if alternatives are set, manually assign them. +# @api private class java::config ( ) { - case $::osfamily { + case $facts['os']['family'] { 'Debian': { if $java::use_java_alternative != undef and $java::use_java_alternative_path != undef { exec { 'update-java-alternatives': @@ -26,7 +26,7 @@ class java::config ( ) { path => '/usr/bin:/usr/sbin:/bin:/sbin', command => "alternatives --install /usr/bin/java java ${$java::use_java_alternative_path} 20000" , unless => "alternatives --display java | grep -q ${$java::use_java_alternative_path}", - before => Exec['update-java-alternatives'] + before => Exec['update-java-alternatives'], } } @@ -44,7 +44,7 @@ class java::config ( ) { } } } - 'FreeBSD', 'Suse': { + 'Suse': { if $java::use_java_home != undef { file_line { 'java-home-environment': path => '/etc/environment', @@ -53,6 +53,20 @@ class java::config ( ) { } } } + 'FreeBSD': { + if $java::use_java_home != undef { + file_line { 'java-home-environment-profile': + path => '/etc/profile', + line => "JAVA_HOME=${$java::use_java_home}; export JAVA_HOME", + match => 'JAVA_HOME=', + } + file_line { 'java-home-environment-cshrc': + path => '/etc/csh.login', + line => "setenv JAVA_HOME ${$java::use_java_home}", + match => 'setenv JAVA_HOME', + } + } + } 'Solaris': { if $java::use_java_home != undef { file_line { 'java-home-environment': diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/download.pp b/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/download.pp new file mode 100644 index 000000000..9e8f7a8f0 --- /dev/null +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/download.pp @@ -0,0 +1,328 @@ +# Defined Type java::download +# +# @summary +# Installs Java from a url location. +# +# +# @param ensure +# Install or remove the package. +# +# @param version +# Version of Java to install, e.g. '7' or '8'. Default values for major and minor versions will be used. +# +# @param version_major +# Major version which should be installed, e.g. '8u101'. Must be used together with version_minor. +# +# @param version_minor +# Minor version which should be installed, e.g. 'b12'. Must be used together with version_major. +# +# @param java_se +# Type of Java Standard Edition to install, jdk or jre. +# +# @param proxy_server +# Specify a proxy server, with port number if needed. ie: https://example.com:8080. (passed to archive) +# +# @param proxy_type +# Proxy server type (none|http|https|ftp). (passed to archive) +# +# @param url +# Full URL +# +# @param jce +# Install Oracles Java Cryptographic Extensions into the JRE or JDK +# +# @param jce_url +# Full URL to the jce zip file +# +# @param basedir +# Directory under which the installation will occur. If not set, defaults to +# /usr/lib/jvm for Debian and /usr/java for RedHat. +# +# @param manage_basedir +# Whether to manage the basedir directory. Defaults to false. +# Note: /usr/lib/jvm is managed for Debian by default, separate from this parameter. +# +# @param package_type +# Type of installation package for specified version of java_se. java_se 6 comes +# in a few installation package flavors and we need to account for them. +# Optional forced package types: rpm, rpmbin, tar.gz +# +# @param manage_symlink +# Whether to manage a symlink that points to the installation directory. Defaults to false. +# +# @param symlink_name +# The name for the optional symlink in the installation directory. +# +define java::download( + $ensure = 'present', + $version = '8', + $version_major = undef, + $version_minor = undef, + $java_se = 'jdk', + $proxy_server = undef, + $proxy_type = undef, + $url = undef, + $jce = false, + $jce_url = undef, + $basedir = undef, + $manage_basedir = false, + $package_type = undef, + $manage_symlink = false, + $symlink_name = undef, +) { + + # archive module is used to download the java package + include archive + + # validate java Standard Edition to download + if $java_se !~ /(jre|jdk)/ { + fail('Java SE must be either jre or jdk.') + } + + if $jce { + if $jce_url { + $jce_download = $jce_url + } else { + fail('JCE URL must be specified') + } + } + + # determine Java major and minor version, and installation path + if $version_major and $version_minor { + + $label = $version_major + $release_major = $version_major + $release_minor = $version_minor + + if $release_major =~ /(\d+)u(\d+)/ { + # Required for CentOS systems where Java8 update number is >= 171 to ensure + # the package is visible to Puppet. This is only true for installations that + # don't use the tar.gz package type. + if $facts['os']['family'] == 'RedHat' and Numeric($2) >= 171 and $package_type != 'tar.gz' { + $install_path = "${java_se}1.${1}.0_${2}-amd64" + } else { + $install_path = "${java_se}1.${1}.0_${2}" + } + } else { + $install_path = "${java_se}${release_major}${release_minor}" + } + } else { + # use default versions if no specific major and minor version parameters are provided + $label = $version + case $version { + '6' : { + $release_major = '6u45' + $release_minor = 'b06' + $install_path = "${java_se}1.6.0_45" + } + '7' : { + $release_major = '7u80' + $release_minor = 'b15' + $install_path = "${java_se}1.7.0_80" + } + '8' : { + $release_major = '8u201' + $release_minor = 'b09' + $install_path = "${java_se}1.8.0_201" + } + default : { + $release_major = '8u201' + $release_minor = 'b09' + $install_path = "${java_se}1.8.0_201" + } + } + } + + # determine package type (exe/tar/rpm), destination directory based on OS + case $facts['kernel'] { + 'Linux' : { + case $facts['os']['family'] { + 'RedHat', 'Amazon' : { + # Oracle Java 6 comes in a special rpmbin format + if $package_type { + $_package_type = $package_type + } elsif $version == '6' { + $_package_type = 'rpmbin' + } else { + $_package_type = 'rpm' + } + if $basedir { + $_basedir = $basedir + } else { + $_basedir = '/usr/java' + } + } + 'Debian' : { + if $package_type { + $_package_type = $package_type + } else { + $_package_type = 'tar.gz' + } + if $basedir { + $_basedir = $basedir + } else { + $_basedir = '/usr/lib/jvm' + } + } + default : { + fail ("unsupported platform ${$facts['os']['name']}") } + } + + $creates_path = "${_basedir}/${install_path}" + $os = 'linux' + $destination_dir = '/tmp/' + } + default : { + fail ( "unsupported platform ${$facts['kernel']}" ) } + } + + # Install required unzip packages for jce + if $jce { + ensure_resource('package', 'unzip', { 'ensure' => 'present' }) + } + + # set java architecture nomenclature + $os_architecture = $facts['os']['architecture'] ? { + undef => $facts['os']['architecture'], + default => $facts['os']['architecture'] + } + + case $os_architecture { + 'i386' : { $arch = 'i586' } + 'x86_64' : { $arch = 'x64' } + 'amd64' : { $arch = 'x64' } + default : { + fail ("unsupported platform ${$os_architecture}") + } + } + + # following are based on this example: + # http://download.oracle.com/otn-pub/java/jdk/7u80-b15/jre-7u80-linux-i586.rpm + # + # JaveSE 6 distributed in .bin format + # http://download.oracle.com/otn-pub/java/jdk/6u45-b06/jdk-6u45-linux-i586-rpm.bin + # http://download.oracle.com/otn-pub/java/jdk/6u45-b06/jdk-6u45-linux-i586.bin + # package name to use in destination directory for the installer + case $_package_type { + 'bin' : { + $package_name = "${java_se}-${release_major}-${os}-${arch}.bin" + } + 'rpmbin' : { + $package_name = "${java_se}-${release_major}-${os}-${arch}-rpm.bin" + } + 'rpm' : { + $package_name = "${java_se}-${release_major}-${os}-${arch}.rpm" + } + 'tar.gz' : { + $package_name = "${java_se}-${release_major}-${os}-${arch}.tar.gz" + } + default : { + $package_name = "${java_se}-${release_major}-${os}-${arch}.rpm" + } + } + + # if complete URL is provided, use this value for source in archive resource + if $url { + $source = $url + } + else { + fail('Url must be specified') + } + + # full path to the installer + $destination = "${destination_dir}${package_name}" + notice ("Destination is ${destination}") + + case $_package_type { + 'bin' : { + $install_command = "sh ${destination}" + } + 'rpmbin' : { + $install_command = "sh ${destination} -x; rpm --force -iv sun*.rpm; rpm --force -iv ${java_se}*.rpm" + } + 'rpm' : { + $install_command = "rpm --force -iv ${destination}" + } + 'tar.gz' : { + $install_command = "tar -zxf ${destination} -C ${_basedir}" + } + default : { + $install_command = "rpm -iv ${destination}" + } + } + + case $ensure { + 'present' : { + archive { $destination : + ensure => present, + source => $source, + extract_path => '/tmp', + cleanup => false, + creates => $creates_path, + proxy_server => $proxy_server, + proxy_type => $proxy_type, + } + case $facts['kernel'] { + 'Linux' : { + case $facts['os']['family'] { + 'Debian' : { + ensure_resource('file', $_basedir, { + ensure => directory, + }) + $install_requires = [Archive[$destination], File[$_basedir]] + } + default : { + $install_requires = [Archive[$destination]] + } + } + + if $manage_basedir { + ensure_resource('file', $_basedir, {'ensure' => 'directory', 'before' => Exec["Install Oracle java_se ${java_se} ${version} ${release_major} ${release_minor}"]}) + } + + exec { "Install Oracle java_se ${java_se} ${version} ${release_major} ${release_minor}" : + path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin', + command => $install_command, + creates => $creates_path, + require => $install_requires, + } + + if ($manage_symlink and $symlink_name) { + file { "${_basedir}/${symlink_name}": + ensure => link, + target => $creates_path, + require => Exec["Install Oracle java_se ${java_se} ${version} ${release_major} ${release_minor}"], + } + } + + if ($jce and $jce_download != undef) { + $jce_path = $java_se ? { + 'jre' => "${creates_path}/lib/security", + 'jdk' => "${creates_path}/jre/lib/security" + } + archive { "/tmp/jce-${version}.zip": + source => $jce_download, + extract => true, + extract_path => $jce_path, + extract_flags => '-oj', + creates => "${jce_path}/US_export_policy.jar", + cleanup => false, + proxy_server => $proxy_server, + proxy_type => $proxy_type, + require => [ + Package['unzip'], + Exec["Install Oracle java_se ${java_se} ${version} ${release_major} ${release_minor}"] + ], + } + } + } + default : { + fail ("unsupported platform ${$facts['kernel']}") + } + } + } + default : { + notice ("Action ${ensure} not supported.") + } + } +} diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/init.pp b/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/init.pp index 9b45bf339..e17bc004a 100644 --- a/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/init.pp +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/init.pp @@ -1,49 +1,40 @@ -# Class: java +# @summary +# This module manages the Java runtime package # -# This module manages the Java runtime package -# -# Parameters: -# -# [*distribution*] +# @param distribution # The java distribution to install. Can be one of "jdk" or "jre", # or other platform-specific options where there are multiple # implementations available (eg: OpenJDK vs Oracle JDK). # -# [*version*] +# @param version # The version of java to install. By default, this module simply ensures # that java is present, and does not require a specific version. # -# [*package*] +# @param package # The name of the java package. This is configurable in case a non-standard # java package is desired. # -# [*package_options*] +# @param package_options # Array of strings to pass installation options to the 'package' Puppet resource. # Options available depend on the 'package' provider for the target OS. # -# [*java_alternative*] +# @param java_alternative # The name of the java alternative to use on Debian systems. # "update-java-alternatives -l" will show which choices are available. # If you specify a particular package, you will almost always also # want to specify which java_alternative to choose. If you set # this, you also need to set the path below. # -# [*java_alternative_path*] +# @param java_alternative_path # The path to the "java" command on Debian systems. Since the # alternatives system makes it difficult to verify which # alternative is actually enabled, this is required to ensure the # correct JVM is enabled. # -# [*java_home*] +# @param java_home # The path to where the JRE is installed. This will be set as an # environment variable. # -# Actions: -# -# Requires: -# -# Sample Usage: -# class java( String $distribution = 'jdk', Pattern[/present|installed|latest|^[.+_0-9a-zA-Z:~-]+$/] $version = 'present', @@ -110,7 +101,7 @@ class java( $use_java_package_name == undef or $use_java_alternative == undef or $use_java_alternative_path == undef or $use_java_home == undef ) and ( - ! has_key($::java::params::java, $distribution) + ! has_key($java::params::java, $distribution) )) { fail("Java distribution ${distribution} is not supported. Missing default values.") } @@ -120,7 +111,7 @@ class java( default => '--jre' } - if $::osfamily == 'Debian' { + if $facts['os']['family'] == 'Debian' { # Needed for update-java-alternatives package { 'java-common': ensure => present, diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/params.pp b/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/params.pp index e302bcafb..909eb9cf2 100644 --- a/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/params.pp +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/params.pp @@ -1,34 +1,28 @@ -# Class: java::params +# @summary +# This class builds a hash of JDK/JRE packages and (for Debian) +# alternatives. For wheezy/precise, we provide Oracle JDK/JRE +# options, even though those are not in the package repositories. # -# This class builds a hash of JDK/JRE packages and (for Debian) -# alternatives. For wheezy/precise, we provide Oracle JDK/JRE -# options, even though those are not in the package repositories. -# -# For more info on how to package Oracle JDK/JRE, see the Debian wiki: -# http://wiki.debian.org/JavaPackage -# -# Because the alternatives system makes it very difficult to tell -# which Java alternative is enabled, we hard code the path to bin/java -# for the config class to test if it is enabled. +# @api private class java::params { - case $::osfamily { + case $facts['os']['family'] { 'RedHat': { - case $::operatingsystem { + case $facts['os']['name'] { 'RedHat', 'CentOS', 'OracleLinux', 'Scientific', 'OEL', 'SLC', 'CloudLinux': { - if (versioncmp($::operatingsystemrelease, '5.0') < 0) { + if (versioncmp($facts['os']['release']['full'], '5.0') < 0) { $jdk_package = 'java-1.6.0-sun-devel' $jre_package = 'java-1.6.0-sun' $java_home = '/usr/lib/jvm/java-1.6.0-sun/jre/' } # See cde7046 for why >= 5.0 < 6.3 - elsif (versioncmp($::operatingsystemrelease, '6.3') < 0) { + elsif (versioncmp($facts['os']['release']['full'], '6.3') < 0) { $jdk_package = 'java-1.6.0-openjdk-devel' $jre_package = 'java-1.6.0-openjdk' $java_home = '/usr/lib/jvm/java-1.6.0/' } # See PR#160 / c8e46b5 for why >= 6.3 < 7.1 - elsif (versioncmp($::operatingsystemrelease, '7.1') < 0) { + elsif (versioncmp($facts['os']['release']['full'], '7.1') < 0) { $jdk_package = 'java-1.7.0-openjdk-devel' $jre_package = 'java-1.7.0-openjdk' $java_home = '/usr/lib/jvm/java-1.7.0/' @@ -40,23 +34,23 @@ class java::params { } } 'Fedora': { - if (versioncmp($::operatingsystemrelease, '21') < 0) { + if (versioncmp($facts['os']['release']['full'], '21') < 0) { $jdk_package = 'java-1.7.0-openjdk-devel' $jre_package = 'java-1.7.0-openjdk' - $java_home = "/usr/lib/jvm/java-1.7.0-openjdk-${::architecture}/" + $java_home = "/usr/lib/jvm/java-1.7.0-openjdk-${facts['os']['architecture']}/" } else { $jdk_package = 'java-1.8.0-openjdk-devel' $jre_package = 'java-1.8.0-openjdk' - $java_home = "/usr/lib/jvm/java-1.8.0-openjdk-${::architecture}/" + $java_home = "/usr/lib/jvm/java-1.8.0-openjdk-${facts['os']['architecture']}/" } } 'Amazon': { $jdk_package = 'java-1.7.0-openjdk-devel' $jre_package = 'java-1.7.0-openjdk' - $java_home = "/usr/lib/jvm/java-1.7.0-openjdk-${::architecture}/" + $java_home = "/usr/lib/jvm/java-1.7.0-openjdk-${facts['os']['architecture']}/" } - default: { fail("unsupported os ${::operatingsystem}") } + default: { fail("unsupported os ${facts['os']['name']}") } } $java = { 'jdk' => { @@ -70,52 +64,29 @@ class java::params { } } 'Debian': { - $oracle_architecture = $::architecture ? { + $oracle_architecture = $facts['os']['architecture'] ? { 'amd64' => 'x64', - default => $::architecture + default => $facts['os']['architecture'] } - case $::lsbdistcodename { - 'lenny', 'squeeze', 'lucid', 'natty': { - $java = { - 'jdk' => { - 'package' => 'openjdk-6-jdk', - 'alternative' => "java-6-openjdk-${::architecture}", - 'alternative_path' => '/usr/lib/jvm/java-6-openjdk/jre/bin/java', - 'java_home' => '/usr/lib/jvm/java-6-openjdk/jre/', - }, - 'jre' => { - 'package' => 'openjdk-6-jre-headless', - 'alternative' => "java-6-openjdk-${::architecture}", - 'alternative_path' => '/usr/lib/jvm/java-6-openjdk/jre/bin/java', - 'java_home' => '/usr/lib/jvm/java-6-openjdk/jre/', - }, - 'sun-jre' => { - 'package' => 'sun-java6-jre', - 'alternative' => 'java-6-sun', - 'alternative_path' => '/usr/lib/jvm/java-6-sun/jre/bin/java', - 'java_home' => '/usr/lib/jvm/java-6-sun/jre/', - }, - 'sun-jdk' => { - 'package' => 'sun-java6-jdk', - 'alternative' => 'java-6-sun', - 'alternative_path' => '/usr/lib/jvm/java-6-sun/jre/bin/java', - 'java_home' => '/usr/lib/jvm/java-6-sun/jre/', - }, - } - } - 'wheezy', 'jessie', 'precise', 'quantal', 'raring', 'saucy', 'trusty', 'utopic': { + $openjdk_architecture = $facts['os']['architecture'] ? { + 'aarch64' => 'arm64', + 'armv7l' => 'armhf', + default => $facts['os']['architecture'] + } + case $facts['os']['release']['major'] { + '7', '8', '14.04': { $java = { 'jdk' => { 'package' => 'openjdk-7-jdk', - 'alternative' => "java-1.7.0-openjdk-${::architecture}", - 'alternative_path' => "/usr/lib/jvm/java-1.7.0-openjdk-${::architecture}/bin/java", - 'java_home' => "/usr/lib/jvm/java-1.7.0-openjdk-${::architecture}/", + 'alternative' => "java-1.7.0-openjdk-${openjdk_architecture}", + 'alternative_path' => "/usr/lib/jvm/java-1.7.0-openjdk-${openjdk_architecture}/bin/java", + 'java_home' => "/usr/lib/jvm/java-1.7.0-openjdk-${openjdk_architecture}/", }, 'jre' => { 'package' => 'openjdk-7-jre-headless', - 'alternative' => "java-1.7.0-openjdk-${::architecture}", - 'alternative_path' => "/usr/lib/jvm/java-1.7.0-openjdk-${::architecture}/bin/java", - 'java_home' => "/usr/lib/jvm/java-1.7.0-openjdk-${::architecture}/", + 'alternative' => "java-1.7.0-openjdk-${facts['os']['architecture']}", + 'alternative_path' => "/usr/lib/jvm/java-1.7.0-openjdk-${openjdk_architecture}/bin/java", + 'java_home' => "/usr/lib/jvm/java-1.7.0-openjdk-${openjdk_architecture}/", }, 'oracle-jre' => { 'package' => 'oracle-j2re1.7', @@ -155,23 +126,39 @@ class java::params { }, } } - 'stretch', 'vivid', 'wily', 'xenial', 'yakkety', 'zesty', 'artful', 'bionic': { + '9', '15.04', '15.10', '16.04', '16.10', '17.04', '17.10': { $java = { 'jdk' => { 'package' => 'openjdk-8-jdk', - 'alternative' => "java-1.8.0-openjdk-${::architecture}", - 'alternative_path' => "/usr/lib/jvm/java-1.8.0-openjdk-${::architecture}/bin/java", - 'java_home' => "/usr/lib/jvm/java-1.8.0-openjdk-${::architecture}/", + 'alternative' => "java-1.8.0-openjdk-${openjdk_architecture}", + 'alternative_path' => "/usr/lib/jvm/java-1.8.0-openjdk-${openjdk_architecture}/bin/java", + 'java_home' => "/usr/lib/jvm/java-1.8.0-openjdk-${openjdk_architecture}/", }, 'jre' => { 'package' => 'openjdk-8-jre-headless', - 'alternative' => "java-1.8.0-openjdk-${::architecture}", - 'alternative_path' => "/usr/lib/jvm/java-1.8.0-openjdk-${::architecture}/bin/java", - 'java_home' => "/usr/lib/jvm/java-1.8.0-openjdk-${::architecture}/", - } + 'alternative' => "java-1.8.0-openjdk-${openjdk_architecture}", + 'alternative_path' => "/usr/lib/jvm/java-1.8.0-openjdk-${openjdk_architecture}/bin/java", + 'java_home' => "/usr/lib/jvm/java-1.8.0-openjdk-${openjdk_architecture}/", + }, } } - default: { fail("unsupported release ${::lsbdistcodename}") } + '10', '18.04', '18.10', '19.04', '19.10', '20.04': { + $java = { + 'jdk' => { + 'package' => 'openjdk-11-jdk', + 'alternative' => "java-1.11.0-openjdk-${openjdk_architecture}", + 'alternative_path' => "/usr/lib/jvm/java-1.11.0-openjdk-${openjdk_architecture}/bin/java", + 'java_home' => "/usr/lib/jvm/java-1.11.0-openjdk-${openjdk_architecture}/", + }, + 'jre' => { + 'package' => 'openjdk-11-jre-headless', + 'alternative' => "java-1.11.0-openjdk-${openjdk_architecture}", + 'alternative_path' => "/usr/lib/jvm/java-1.11.0-openjdk-${openjdk_architecture}/bin/java", + 'java_home' => "/usr/lib/jvm/java-1.11.0-openjdk-${openjdk_architecture}/", + }, + } + } + default: { fail("unsupported release ${facts['os']['release']['major']}") } } } 'OpenBSD': { @@ -211,17 +198,17 @@ class java::params { } } 'Suse': { - case $::operatingsystem { + case $facts['os']['name'] { 'SLES': { - if (versioncmp($::operatingsystemrelease, '12.1') >= 0) { + if (versioncmp($facts['os']['release']['full'], '12.1') >= 0) { $jdk_package = 'java-1_8_0-openjdk-devel' $jre_package = 'java-1_8_0-openjdk' $java_home = '/usr/lib64/jvm/java-1.8.0-openjdk-1.8.0/' - } elsif (versioncmp($::operatingsystemrelease, '12') >= 0) { + } elsif (versioncmp($facts['os']['release']['full'], '12') >= 0) { $jdk_package = 'java-1_7_0-openjdk-devel' $jre_package = 'java-1_7_0-openjdk' $java_home = '/usr/lib64/jvm/java-1.7.0-openjdk-1.7.0/' - } elsif (versioncmp($::operatingsystemrelease, '11.4') >= 0) { + } elsif (versioncmp($facts['os']['release']['full'], '11.4') >= 0) { $jdk_package = 'java-1_7_1-ibm-devel' $jre_package = 'java-1_7_1-ibm' $java_home = '/usr/lib64/jvm/java-1.7.1-ibm-1.7.1/' @@ -268,6 +255,6 @@ class java::params { }, } } - default: { fail("unsupported platform ${::osfamily}") } + default: { fail("unsupported platform ${facts['os']['family']}") } } } diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/sap.pp b/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/sap.pp new file mode 100644 index 000000000..9cb39eec5 --- /dev/null +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/manifests/sap.pp @@ -0,0 +1,227 @@ +# Defined Type java::sap +# +# @summary +# Install one or more versions of SAPJVM or Sapmachine +# +# @param ensure +# Install or remove the package. +# +# @param version +# Version of Java to install, e.g. '8' or '9'. Default values for full versions will be used. +# +# @param version_full +# Major version which should be installed, e.g. '8.1.063' or '11.0.7'. If used, "version" parameter is ignored. +# +# @param java +# Type of Java Edition to install, jdk or jre. +# +# @param proxy_server +# Specify a proxy server, with port number if needed. ie: https://example.com:8080. (passed to archive) +# +# @param proxy_type +# Proxy server type (none|http|https|ftp). (passed to archive) +# +# @param basedir +# Directory under which the installation will occur. If not set, defaults to +# /usr/lib/jvm for Debian and /usr/java for RedHat. +# +# @param manage_basedir +# Whether to manage the basedir directory. Defaults to false. +# Note: /usr/lib/jvm is managed for Debian by default, separate from this parameter. +# +# @param manage_symlink +# Whether to manage a symlink that points to the installation directory. Defaults to false. +# +# @param symlink_name +# The name for the optional symlink in the installation directory. +# +define java::sap ( + $ensure = 'present', + $version = '8', + $version_full = undef, + $java = 'jdk', + $proxy_server = undef, + $proxy_type = undef, + $basedir = undef, + $manage_basedir = true, + $manage_symlink = false, + $symlink_name = undef, +) { + + # archive module is used to download the java package + include ::archive + + # validate java edition to download + if $java !~ /(jre|jdk)/ { + fail('java must be either jre or jdk.') + } + + # determine version and installation path + if $version_full { + + $_version_array = $version_full.scanf('%i') + $_version_int = $_version_array[0] + + $_version_full = $version_full + + } else { + $_version = $version + $_version_int = Numeric($_version) + # use default versions if full version parameter is not provided + case $version { + '7' : { + $_version_full = '7.1.072' + if ($java != 'jdk') { + fail('java parameter is not jdk. jre is not supported on version 7') + } + } + '8' : { + $_version_full = '8.1.065' + if ($java != 'jdk') { + fail('java parameter is not jdk. jre is not supported on version 8') + } + } + '11' : { + $_version_full = '11.0.7' + } + '14' : { + $_version_full = '14.0.1' + } + default : { + fail("${version} not yet supported by module") + } + } + } + + # extracted folders look like this: + # sapjvm_8 + # sapmachine-jdk-11.0.7 + if ($_version_int == 7 or $_version_int == 8) { + $_creates_folder = "sapjvm_${_version_int}" + } else { + $_creates_folder = "sapmachine-${java}-${_version_full}" + } + + # determine destination directory based on OS + case $facts['kernel'] { + 'Linux' : { + case $facts['os']['family'] { + 'RedHat', 'Amazon' : { + if $basedir { + $_basedir = $basedir + } else { + $_basedir = '/usr/java' + } + } + 'Debian' : { + if $basedir { + $_basedir = $basedir + } else { + $_basedir = '/usr/lib/jvm' + } + } + default : { + fail ("unsupported os family ${$facts['os']['name']}") } + } + + $creates_path = "${_basedir}/${_creates_folder}" + } + default : { + fail ( "unsupported platform ${$facts['kernel']}" ) } + } + + $_os_architecture = $facts['os']['architecture'] ? { + undef => $facts['architecture'], + default => $facts['os']['architecture'] + } + + if ($_os_architecture != 'x86_64' and $_os_architecture != 'amd64') { + fail ("unsupported platform ${_os_architecture}") + } + + # download links look like this (examples): + # https://tools.hana.ondemand.com/additional/sapjvm-8.1.065-linux-x64.zip + # https://github.com/SAP/SapMachine/releases/download/sapmachine-11.0.7/sapmachine-jre-11.0.7_linux-x64_bin.tar.gz + # https://github.com/SAP/SapMachine/releases/download/sapmachine-11.0.7/sapmachine-jdk-11.0.7_linux-x64_bin.tar.gz + # https://github.com/SAP/SapMachine/releases/download/sapmachine-14.0.1/sapmachine-jdk-14.0.1_linux-x64_bin.tar.gz + + # cookie is currently at version 3.1, but may be changed one day. It is only required for download at SAP. + # by using this module you agree with the EULA presented at tools.hana.ondemand.com download page! + # Github does not require it + + if ( $_version_int == 7 or $_version_int == 8 ) { + # sapjvm download + $archive_filename = "sapjvm-${_version_full}-linux-x64.zip" + $source = "https://tools.hana.ondemand.com/additional/${archive_filename}" + $cookie = 'eula_3_1_agreed=tools.hana.ondemand.com/developer-license-3_1.txt' + + if (!defined(Package['unzip'])) { + package { 'unzip': + ensure => 'present', + before => Archive["/tmp/${archive_filename}"], + } + } + } else { + $archive_filename = "sapmachine-${java}-${_version_full}_linux-x64_bin.tar.gz" + $source = "https://github.com/SAP/SapMachine/releases/download/sapmachine-${_version_full}/${archive_filename}" + $cookie = undef + + if (!defined(Package['tar'])) { + package { 'tar': + ensure => 'present', + before => Archive["/tmp/${archive_filename}"], + } + } + if (!defined(Package['gzip'])) { + package { 'gzip': + ensure => 'present', + before => Archive["/tmp/${archive_filename}"], + } + } + } + + case $ensure { + 'present' : { + case $facts['kernel'] { + 'Linux' : { + if ($manage_basedir or $facts['os']['family'] == 'Debian'){ + if (!defined(File[$_basedir])) { + file { $_basedir: + ensure => 'directory', + before => Archive["/tmp/${archive_filename}"], + } + } + } + + archive { "/tmp/${archive_filename}" : + ensure => present, + source => $source, + extract => true, + extract_path => $_basedir, + cleanup => false, + creates => $creates_path, + cookie => $cookie, + proxy_server => $proxy_server, + proxy_type => $proxy_type, + } + + if ($manage_symlink and $symlink_name) { + file { "${_basedir}/${symlink_name}": + ensure => link, + target => $creates_path, + require => Archive["/tmp/${archive_filename}"], + } + } + + } + default : { + fail ("unsupported platform ${$facts['kernel']}") + } + } + } + default : { + notice ("Action ${ensure} not supported.") + } + } + +} diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/metadata.json b/modules/utilities/unix/languages/java_stretch_compatible/java/metadata.json index 0908f9e3e..afbc9f874 100644 --- a/modules/utilities/unix/languages/java_stretch_compatible/java/metadata.json +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-java", - "version": "3.2.0", + "version": "6.5.0", "author": "puppetlabs", "summary": "Installs the correct Java package on various platforms.", "license": "Apache-2.0", @@ -10,21 +10,21 @@ "dependencies": [ { "name": "puppetlabs/stdlib", - "version_requirement": ">= 4.13.1 < 6.0.0" + "version_requirement": ">= 4.13.1 < 7.0.0" }, { "name": "puppet/archive", - "version_requirement": ">= 1.1.0 < 4.0.0" + "version_requirement": ">= 1.1.0 < 5.0.0" } ], - "data_provider": null, "operatingsystem_support": [ { "operatingsystem": "RedHat", "operatingsystemrelease": [ "5", "6", - "7" + "7", + "8" ] }, { @@ -32,7 +32,8 @@ "operatingsystemrelease": [ "5", "6", - "7" + "7", + "8" ] }, { @@ -52,7 +53,8 @@ "operatingsystem": "Debian", "operatingsystemrelease": [ "8", - "9" + "9", + "10" ] }, { @@ -60,35 +62,26 @@ "operatingsystemrelease": [ "14.04", "16.04", - "18.04" + "18.04", + "20.04" ] }, { "operatingsystem": "SLES", "operatingsystemrelease": [ - "11 SP1", - "11 SP2", - "11 SP3", - "11 SP4", + "11", "12", - "12 SP1", - "12 SP2" - ] - }, - { - "operatingsystem": "Solaris", - "operatingsystemrelease": [ - "11" + "15" ] } ], "requirements": [ { "name": "puppet", - "version_requirement": ">= 4.7.0 < 7.0.0" + "version_requirement": ">= 5.5.10 < 8.0.0" } ], - "template-url": "https://github.com/puppetlabs/pdk-templates", - "template-ref": "heads/master-0-g8fc95db", - "pdk-version": "1.7.0" + "template-url": "https://github.com/puppetlabs/pdk-templates#main", + "template-ref": "heads/main-0-g5afcd3d", + "pdk-version": "1.18.1" } diff --git a/modules/utilities/unix/languages/java_stretch_compatible/java/provision.yaml b/modules/utilities/unix/languages/java_stretch_compatible/java/provision.yaml new file mode 100644 index 000000000..7f9ab15aa --- /dev/null +++ b/modules/utilities/unix/languages/java_stretch_compatible/java/provision.yaml @@ -0,0 +1,96 @@ +--- +default: + provisioner: docker + images: + - litmusimage/debian:8 +vagrant: + provisioner: vagrant + images: + - centos/7 + - generic/ubuntu1804 +travis_deb: + provisioner: docker + images: + - litmusimage/debian:8 + - litmusimage/debian:9 + - litmusimage/debian:10 +travis_ub_5: + provisioner: docker + images: + - litmusimage/ubuntu:14.04 + - litmusimage/ubuntu:16.04 + - litmusimage/ubuntu:18.04 +travis_ub_6: + provisioner: docker + images: + - litmusimage/ubuntu:14.04 + - litmusimage/ubuntu:16.04 + - litmusimage/ubuntu:18.04 + - litmusimage/ubuntu:20.04 +travis_el7: + provisioner: docker + images: + - litmusimage/centos:7 + - litmusimage/oraclelinux:7 + - litmusimage/scientificlinux:7 +travis_el8: + provisioner: docker + images: + - litmusimage/centos:8 +release_checks_5: + provisioner: abs + images: + - redhat-6-x86_64 + - redhat-7-x86_64 + - redhat-8-x86_64 + - centos-6-x86_64 + - centos-7-x86_64 + - centos-8-x86_64 + - oracle-6-x86_64 + - oracle-7-x86_64 + - scientific-6-x86_64 + - scientific-7-x86_64 + - debian-8-x86_64 + - debian-9-x86_64 + - debian-10-x86_64 + - ubuntu-1404-x86_64 + - ubuntu-1604-x86_64 + - ubuntu-1804-x86_64 + - sles-12-x86_64 + - sles-15-x86_64 +release_checks_6: + provisioner: abs + images: + - redhat-6-x86_64 + - redhat-7-x86_64 + - redhat-8-x86_64 + - centos-6-x86_64 + - centos-7-x86_64 + - centos-8-x86_64 + - oracle-6-x86_64 + - oracle-7-x86_64 + - scientific-6-x86_64 + - scientific-7-x86_64 + - debian-8-x86_64 + - debian-9-x86_64 + - debian-10-x86_64 + - ubuntu-1404-x86_64 + - ubuntu-1604-x86_64 + - ubuntu-1804-x86_64 + - ubuntu-2004-x86_64 + - sles-12-x86_64 + - sles-15-x86_64 +release_checks_7: + provisioner: abs + images: + - redhat-7-x86_64 + - redhat-8-x86_64 + - centos-7-x86_64 + - centos-8-x86_64 + - oracle-7-x86_64 + - debian-9-x86_64 + - debian-10-x86_64 + - ubuntu-1804-x86_64 + - ubuntu-2004-x86_64 + - sles-12-x86_64 + - sles-15-x86_64 diff --git a/modules/utilities/unix/logging/auditbeat/.puppet-lint.rc b/modules/utilities/unix/logging/auditbeat/.puppet-lint.rc new file mode 100644 index 000000000..cc96ece05 --- /dev/null +++ b/modules/utilities/unix/logging/auditbeat/.puppet-lint.rc @@ -0,0 +1 @@ +--relative diff --git a/modules/utilities/unix/logging/auditbeat/CHANGELOG.md b/modules/utilities/unix/logging/auditbeat/CHANGELOG.md index d6e878d60..d73fcba60 100644 --- a/modules/utilities/unix/logging/auditbeat/CHANGELOG.md +++ b/modules/utilities/unix/logging/auditbeat/CHANGELOG.md @@ -1,28 +1,105 @@ -# Changelog +# Change log -All notable changes to this project will be documented in this file. +All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). -## Release 0.1.2 +## [v0.2.5](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.2.5) (2020-06-07) -**Bugfixes** +[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.2.1...v0.2.5) + +# Added + +- added **update README.md** + +## [v0.2.4](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.2.4) (2020-06-07) + +[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.2.1...v0.2.5) + +# Added + +- added **support for additional configuration keys** +- Puppet version 4 testing removed + +## [v0.2.3](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.2.3) (2020-04-07) + +[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.2.1...v0.2.3 + +## [v0.2.2](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.2.2) (2020-01-24) + +[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.2.1...v0.2.2) + +# Added + +- added **monitoring** Hash for new elastic major version 7 and 8 +- added **$gpg_key_id** to repo.pp variables in case of elastic wants to change the gpg key some time +- added **Puppet version 4 testing** since PDK does not test puppet 4 + +# Fixed + +- fixed typo in **metadata.json** +- improved **dependencies versions** in metadata.json for stdlib and apt + + +## [v0.2.1](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.2.1) (2020-01-10) + +[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.2.0...v0.2.1) + +### Added + +- added possibility to install major version **5** additional to already configured versions **6** and **7** +- changed default major version from **6** to **7** +- added **$apt_repo_url**, **$yum_repo_url** and **$gpg_key_url** variables to enhance repo management +- enhanced repo management itself by better variable management +- updated spec tests to elastic major version **7** instead of major version **6** tests + +### Fixed + +- **.fixtures** updated and yaml structure fixed +- **.vscode** folder readded to repo and removed from **.gitignore** since it is a part of the current pdk +- removed **.project** file since it is a part of **.gitignore** now +- switched from github pdk template to default pdk template + +## [v0.2.0](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.2.0) (2019-12-27) + +[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.1.2...v0.2.0) + +### Added + +- switched to latest Puppet Development Kit **PDK 1.15.0.0** +- added service_provider directive +- Puppet 6 compatibility +- allowed major version 7 to be installed +- execute a *apt update* before installing the package for Debian +- added *setup* in configuration for template setup +- improved the repo management + +### Fixed + +- the repo was replaced with a static URL in a pull request and was replaced with variables afterwards + +## [v0.1.2](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.1.2) (2019-12-27) + +[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.1.1...v0.1.2) + +### Fixed - Modified the allowed values for the parameter *service_provider* - The repo file is created only when *manage_repo* is set to *true* and *ensure* is set to *present*. -## Release 0.1.1 -**Features** +## [v0.1.1](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.1.1) (2018-06-20) + +[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.1.0...v0.1.1) + +### Added - Added support for the configuration of the x-pack monitoring section. -## Release 0.1.0 +## [v0.1.0](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.1.0) (2018-06-11) -**Features** +### Added - First implementation. -**Bugfixes** - -**Known Issues** +### Known issues - Only Linux (Debian, CentOS, SuSE Ubuntu) supported diff --git a/modules/utilities/unix/logging/auditbeat/README.md b/modules/utilities/unix/logging/auditbeat/README.md index e70891ece..f729a0d52 100644 --- a/modules/utilities/unix/logging/auditbeat/README.md +++ b/modules/utilities/unix/logging/auditbeat/README.md @@ -1,21 +1,23 @@ -# auditbeat +# norisnetwork-auditbeat +![Travis (.org)](https://img.shields.io/travis/noris-network/norisnetwork-auditbeat) [![GitHub license](https://img.shields.io/github/license/noris-network/norisnetwork-auditbeat)](https://github.com/noris-network/norisnetwork-auditbeat/blob/master/LICENSE) ![GitHub repo size](https://img.shields.io/github/repo-size/noris-network/norisnetwork-auditbeat) ![Puppet Forge version](https://img.shields.io/puppetforge/v/norisnetwork/auditbeat) ![Puppet Forge – PDK version](https://img.shields.io/puppetforge/pdk-version/norisnetwork/auditbeat) -#### Table of Contents +## Table of Contents 1. [Description](#description) -2. [Setup - The basics of getting started with auditbeat](#setup) +1. [Setup - The basics of getting started with auditbeat](#setup) * [What auditbeat affects](#what-auditbeat-affects) * [Setup requirements](#setup-requirements) * [Beginning with auditbeat](#beginning-with-auditbeat) -3. [Usage - Configuration options and additional functionality](#usage) -4. [Reference - An under-the-hood peek at what the module is doing and how](#reference) -5. [Limitations - OS compatibility, etc.](#limitations) -6. [Development - Guide for contributing to the module](#development) +1. [Usage - Configuration options and additional functionality](#usage) +1. [Reference - An under-the-hood peek at what the module is doing and how](#reference) +1. [Limitations - OS compatibility, etc.](#limitations) +1. [Development - Guide for contributing to the module](#development) ## Description -This module installs and configures the [Auditbeat shipper](https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-overview.html) by Elastic. It has been tested on Puppet 5.x and on the following OSes: Debian 9.1, CentOS 7.3, Ubuntu 16.04 +This is a Puppet module for installing, managing and configuring the [Auditbeat lightweight shipper](https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-overview.html) for audit data by elastic. +It has been tested on Puppet 5.x and on the following OSes: Debian 9.1, CentOS 7.3, Ubuntu 16.04 ## Setup @@ -25,17 +27,17 @@ This module installs and configures the [Auditbeat shipper](https://www.elastic. ### Setup Requirements -`auditbeat` needs `puppetlabs/stdlib`, `puppetlabs/apt` (for Debian and derivatives), `puppet/yum` (for RedHat or RedHat-like systems), `darin-zypprepo` (on SuSE based system) +`auditbeat` needs `puppetlabs/stdlib`, `puppetlabs/apt` (for Debian and derivatives), `puppetlabs-yumrepo_core` (for RedHat or RedHat-like systems), `puppet-zypprepo` (on SuSE based systems) ### Beginning with auditbeat -The module can be installed manually, typing `puppet module install noris-auditbeat`, or by means of an environment manager (r10k, librarian-puppet, ...). +The module can be installed manually, typing `puppet module install norisnetwork-auditbeat`, or by means of an environment manager (r10k, librarian-puppet, ...). -`auditbeat` requires at least the `outputs` and `modules` sections in order to start. Please refer to the software documentation to find out the [available modules] (https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-modules.html) and the [supported outputs] (https://www.elastic.co/guide/en/beats/auditbeat/current/configuring-output.html). On the other hand, the sections [logging] (https://www.elastic.co/guide/en/beats/auditbeat/current/configuration-logging.html) and [queue] (https://www.elastic.co/guide/en/beats/auditbeat/current/configuring-internal-queue.html) already contains meaningful default values. +`auditbeat` requires at least the `outputs` and `modules` sections in order to start. Please refer to the software documentation to find out the [available modules](https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-modules.html) and the [supported outputs](https://www.elastic.co/guide/en/beats/auditbeat/current/configuring-output.html). On the other hand, the sections [logging](https://www.elastic.co/guide/en/beats/auditbeat/current/configuration-logging.html) and [queue](https://www.elastic.co/guide/en/beats/auditbeat/current/configuring-internal-queue.html) already contains meaningful default values. A basic setup configuring the `file_integrity` module to check some paths and writing the results directly in Elasticsearch. -```puppet +``` puppet class{'auditbeat': modules => [ { @@ -54,7 +56,7 @@ class{'auditbeat': The same example using Hiera: -``` +``` yaml classes: include: - 'auditbeat' @@ -82,7 +84,7 @@ The configuration is written to the configuration file `/etc/auditbeat/auditbeat Send data to two Redis servers, loadbalancing between the instances. -```puppet +``` puppet class{'auditbeat': modules => [ { @@ -98,9 +100,10 @@ class{'auditbeat': }, }, ``` + or, using Hiera -``` +``` yaml classes: include: - 'auditbeat' @@ -122,9 +125,10 @@ auditbeat::outputs: - 'itger:redis:6379' index: 'auditbeat' ``` + Add the `auditd` module to the configuration, specifying a rule to detect 32 bit system calls. Output to Elasticsearch. -```puppet +``` puppet class{'auditbeat': modules => [ { @@ -145,9 +149,10 @@ class{'auditbeat': }, }, ``` + In Hiera format it would look like: -``` +``` yaml classes: include: - 'auditbeat' @@ -173,17 +178,23 @@ auditbeat::outputs: index: "auditbeat-%%{}{+YYYY.MM.dd}" ``` +## pass additional options to config like "http endpoint metrics" + +``` yaml +auditbeat::additional_config: + http.enabled: true + http.host: 10.0.0.1 +``` ## Reference * [Public Classes](#public-classes) - * [Class: auditbeat](#class-auditbeat) + * [Class: auditbeat](#class-auditbeat) * [Private Classes](#private-classes) - * [Class: auditbeat::repo](#class-auditbeat-repo) - * [Class: auditbeat::install](#class-auditbeat-install) - * [Class: auditbeat::config](#class-auditbeat-config) - * [Class: auditbeat::service](#class-auditbeat-service) - + * [Class: auditbeat::repo](#class-auditbeat-repo) + * [Class: auditbeat::install](#class-auditbeat-install) + * [Class: auditbeat::config](#class-auditbeat-config) + * [Class: auditbeat::service](#class-auditbeat-service) ### Public Classes @@ -197,59 +208,52 @@ Installation and configuration. * `fields_under_root`: [Boolean] whether to add the custom fields to the root of the document (default is *false*). * `queue`: [Hash] auditbeat's internal queue, before the events publication (default is *4096* events in *memory* with immediate flush). * `logging`: [Hash] the auditbeat's logfile configuration (default: writes to `/var/log/auditbeat/auditbeat`, maximum 7 files, rotated when bigger than 10 MB). -* `outputs`: [Hash] the options of the mandatory [outputs] (https://www.elastic.co/guide/en/beats/auditbeat/current/configuring-output.html) section of the configuration file (default: undef). +* `outputs`: [Hash] the options of the mandatory [outputs](https://www.elastic.co/guide/en/beats/auditbeat/current/configuring-output.html) section of the configuration file (default: undef). * `major_version`: [Enum] the major version of the package to install (default: '6', the only accepted value. Implemented for future reference). * `ensure`: [Enum 'present', 'absent']: whether Puppet should manage `auditbeat` or not (default: 'present'). * `service_provider`: [Enum 'systemd', 'init', 'debian', 'redhat', 'upstart', undef] which boot framework to use to install and manage the service (default: undef). * `service_ensure`: [Enum 'enabled', 'running', 'disabled', 'unmanaged'] the status of the audit service (default 'enabled'). In more details: - * *enabled*: service is running and started at every boot; - * *running*: service is running but not started at boot time; - * *disabled*: service is not running and not started at boot time; - * *unamanged*: Puppet does not manage the service. + * *enabled*: service is running and started at every boot; + * *running*: service is running but not started at boot time; + * *disabled*: service is not running and not started at boot time; + * *unamanged*: Puppet does not manage the service. * `package_ensure`: [String] the package version to install. It could be 'latest' (for the newest release) or a specific version number, in the format *x.y.z*, i.e., *6.2.0* (default: latest). * `manage_repo`: [Boolean] whether to add the elastic upstream repo to the package manager (default: true). * `config_file_mode`: [String] the octal file mode of the configuration file `/etc/auditbeat/auditbeat.yml` (default: 0644). * `disable_configtest`: [Boolean] whether to check if the configuration file is valid before attempting to run the service (default: true). * `tags`: [Array[Strings]]: the tags to add to each document (default: undef). * `fields`: [Hash] the fields to add to each document (default: undef). -* `xpack`: [Hash] the configuration to export internal metrics to an Elasticsearch monitoring instance (default: undef). -* `modules`: [Array[Hash]] the required [modules] (https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-modules.html) to load (default: undef). -* `processors`: [Array[Hash]] the optional [processors] (https://www.elastic.co/guide/en/beats/auditbeat/current/defining-processors.html) for event enhancement (default: undef). +* `xpack`: [Hash] the configuration to export internal metrics to an Elasticsearch monitoring instance (default: undef). +* `monitoring`: [Hash] the configuration to export internal metrics to an Elasticsearch monitoring instance since Version 7.x (default: undef). +* `modules`: [Array[Hash]] the required [modules](https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-modules.html) to load (default: undef). +* `processors`: [Array[Hash]] the optional [processors](https://www.elastic.co/guide/en/beats/auditbeat/current/defining-processors.html) for event enhancement (default: undef). +* `setup`: [Hash] setup the configuration of the setup namespace (kibana, dashboards, template, etc.)(default: undef). +* `additional_config` : [Hash] pass additional options to config like "http endpoint metrics" ### Private Classes #### Class: `auditbeat::repo` + Configuration of the package repository to fetch auditbeat. #### Class: `auditbeat::install` + Installation of the auditbeat package. #### Class: `auditbeat::config` + Configuration of the auditbeat daemon. #### Class: `auditbeat::service` -Management of the auditbeat service. +Management of the auditbeat service. ## Limitations -This module does not load the index template in Elasticsearch nor the auditbeat example dashboards in Kibana. These two tasks should be carried out manually. Please follow the documentation to [manually load the index template in Elasticsearch] (https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-template.html#load-template-manually-alternate) and to [import the auditbeat dashboards in Kibana] (https://www.elastic.co/guide/en/beats/devguide/6.2/import-dashboards.html). +This module does not load the index template in Elasticsearch nor the auditbeat example dashboards in Kibana. These two tasks should be carried out manually. Please follow the documentation to [manually load the index template in Elasticsearch](https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-template.html#load-template-manually-alternate) and to [import the auditbeat dashboards in Kibana](https://www.elastic.co/guide/en/beats/devguide/7.8/import-dashboards.html). The option `manage_repo` does not remove the repo file, even if set to *false*. Please delete it manually. -The module allows to set up the -[x-pack section] (https://www.elastic.co/guide/en/beats/auditbeat/current/monitoring.html) -of the configuration file, in order to set the internal statistics of packetbeat to an Elasticsearch cluster. -In order to do that the parameter `package_ensure` should be set to: - -* `latest` -* `6.1.0` or a higher version - -Unfortunately when `package_ensure` is equal to `installed` or `present`, the `x-pack` section is removed, -beacuse there is no way to know which version of the package is going to be handled (unless a specific fact is -added). - - ## Development Please feel free to report bugs and to open pull requests for new features or to fix a problem. diff --git a/modules/utilities/unix/logging/auditbeat/auditbeat.pp b/modules/utilities/unix/logging/auditbeat/auditbeat.pp index 78dc8ca1a..6ed9e8947 100644 --- a/modules/utilities/unix/logging/auditbeat/auditbeat.pp +++ b/modules/utilities/unix/logging/auditbeat/auditbeat.pp @@ -1,27 +1,20 @@ -$secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) -$logstash_ip = $secgen_parameters['logstash_ip'][0] -$logstash_port = 0 + $secgen_parameters['logstash_port'][0] -$files_to_audit = $secgen_parameters['files_to_audit'] -# TODO - check if we need this (or are account accesses automatically audited)? -# Even if we don't need it - we will need to add the accounts to watch into the 'watchers' section when we reach that point. -# $accounts_to_audit = $secgen_parameters['accounts_to_audit'] +unless defined('analysis_alert_action_client') { + $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) + $logstash_ip = $secgen_parameters['logstash_ip'][0] + $logstash_port = 0 + $secgen_parameters['logstash_port'][0] -class { 'auditbeat': - modules => [ - # { - # 'module' => 'file_integrity', - # 'enabled' => true, - # 'paths' => ['/bin', '/usr/bin', '/sbin', '/usr/sbin', '/etc'], - # }, - { - 'module' => 'auditd', - 'enabled' => true, - 'audit_rules' => template('auditbeat/audit_rules.erb'), + class { 'auditbeat': + modules => [ + { + 'module' => 'auditd', + 'enabled' => true, + 'audit_rule_files' => '${path.config}/audit.rules.d/*.conf', + }, + ], + outputs => { + 'logstash' => { + 'hosts' => ["$logstash_ip:$logstash_port"], + }, }, - ], - outputs => { - 'logstash' => { - 'hosts' => ["$logstash_ip:$logstash_port"], - }, - }, + } } \ No newline at end of file diff --git a/modules/utilities/unix/logging/auditbeat/data/common.yaml b/modules/utilities/unix/logging/auditbeat/data/common.yaml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/modules/utilities/unix/logging/auditbeat/data/common.yaml @@ -0,0 +1 @@ +--- diff --git a/modules/utilities/unix/logging/auditbeat/files/rules/.no_files b/modules/utilities/unix/logging/auditbeat/files/rules/.no_files new file mode 100644 index 000000000..e69de29bb diff --git a/modules/utilities/unix/logging/auditbeat/hiera.yaml b/modules/utilities/unix/logging/auditbeat/hiera.yaml new file mode 100644 index 000000000..2251c236a --- /dev/null +++ b/modules/utilities/unix/logging/auditbeat/hiera.yaml @@ -0,0 +1,21 @@ +--- +version: 5 + +defaults: # Used for any hierarchy level that omits these keys. + datadir: data # This path is relative to hiera.yaml's directory. + data_hash: yaml_data # Use the built-in YAML backend. + +hierarchy: + - name: "osfamily/major release" + paths: + - "os/%{facts.os.family}/%{facts.os.release.major}.yaml" + # Used for Solaris + - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml" + # Used to distinguish between Debian and Ubuntu + - "os/%{facts.os.name}/%{facts.os.release.major}.yaml" + - name: "osfamily" + paths: + - "os/%{facts.os.family}.yaml" + - "os/%{facts.os.name}.yaml" + - name: 'common' + path: 'common.yaml' diff --git a/modules/utilities/unix/logging/auditbeat/manifests/config.pp b/modules/utilities/unix/logging/auditbeat/manifests/config.pp index dd7c2d752..2a2a74396 100644 --- a/modules/utilities/unix/logging/auditbeat/manifests/config.pp +++ b/modules/utilities/unix/logging/auditbeat/manifests/config.pp @@ -6,31 +6,46 @@ class auditbeat::config { $auditbeat_bin = '/usr/share/auditbeat/bin/auditbeat' $validate_cmd = $auditbeat::disable_configtest ? { - true => undef, + true => undef, default => "${auditbeat_bin} test config -c %", } $auditbeat_config = delete_undef_values({ - 'name' => $auditbeat::beat_name , - 'fields_under_root' => $auditbeat::fields_under_root, - 'fields' => $auditbeat::fields, - 'xpack' => $auditbeat::xpack, - 'tags' => $auditbeat::tags, - 'queue' => $auditbeat::queue, - 'logging' => $auditbeat::logging, - 'output' => $auditbeat::outputs, - 'processors' => $auditbeat::processors, - 'auditbeat' => { - 'modules' => $auditbeat::modules, + 'name' => $auditbeat::beat_name, + 'fields_under_root' => $auditbeat::fields_under_root, + 'fields' => $auditbeat::fields, + 'xpack' => $auditbeat::xpack, + 'monitoring' => $auditbeat::monitoring, + 'tags' => $auditbeat::tags, + 'queue' => $auditbeat::queue, + 'logging' => $auditbeat::logging, + 'output' => $auditbeat::outputs, + 'processors' => $auditbeat::processors, + 'setup' => $auditbeat::setup, + 'auditbeat' => { + 'modules' => $auditbeat::modules, }, }) + $merged_config = deep_merge($auditbeat_config, $auditbeat::additional_config) + file { '/etc/auditbeat/auditbeat.yml': ensure => $auditbeat::ensure, owner => 'root', group => 'root', mode => $auditbeat::config_file_mode, - content => inline_template('<%= @auditbeat_config.to_yaml() %>'), + content => inline_template('<%= @merged_config.to_yaml() %>'), validate_cmd => $validate_cmd, + require => Package['auditbeat'], + } + + file { '/etc/auditbeat/audit.rules.d/': # rules must have .conf extension + ensure => directory, + recurse => true, + owner => 'root', + group => 'root', + mode => $auditbeat::config_file_mode, + source => 'puppet:///modules/auditbeat/rules/', + require => Package['auditbeat'], } } diff --git a/modules/utilities/unix/logging/auditbeat/manifests/init.pp b/modules/utilities/unix/logging/auditbeat/manifests/init.pp index e6b29d58c..6bc5a72bf 100644 --- a/modules/utilities/unix/logging/auditbeat/manifests/init.pp +++ b/modules/utilities/unix/logging/auditbeat/manifests/init.pp @@ -42,6 +42,7 @@ # @param xpack the configuration of x-pack monitoring. # @param modules the required modules to load. # @param processors the optional processors for events enhancement. +# @param setup the configuration of the setup namespace (kibana, dashboards, template, etc.) # class auditbeat ( String $beat_name = $::hostname, @@ -75,10 +76,14 @@ class auditbeat ( }, }, Hash $outputs = {}, - Enum['6'] $major_version = '6', + Enum['5', '6', '7'] $major_version = '7', Enum['present', 'absent'] $ensure = 'present', Optional[Enum['systemd', 'init', 'debian', 'redhat', 'upstart']] $service_provider = undef, Boolean $manage_repo = true, + Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]] $apt_repo_url = undef, + Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]] $yum_repo_url = undef, + Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]] $gpg_key_url = undef, + String $gpg_key_id = '', Enum['enabled', 'running', 'disabled', 'unmanaged'] $service_ensure = 'enabled', String $package_ensure = 'latest', String $config_file_mode = '0644', @@ -88,6 +93,9 @@ class auditbeat ( Optional[Array[Hash]] $modules = undef, Optional[Array[Hash]] $processors = undef, Optional[Hash] $xpack = undef, + Optional[Hash] $monitoring = undef, + Optional[Hash] $setup = undef, + Optional[Hash] $additional_config = {}, ) { contain auditbeat::repo diff --git a/modules/utilities/unix/logging/auditbeat/manifests/install.pp b/modules/utilities/unix/logging/auditbeat/manifests/install.pp index 5c5473584..6b1baa899 100644 --- a/modules/utilities/unix/logging/auditbeat/manifests/install.pp +++ b/modules/utilities/unix/logging/auditbeat/manifests/install.pp @@ -13,5 +13,6 @@ class auditbeat::install { } package{'auditbeat': ensure => $package_ensure, + require => Class['auditbeat::repo'] } } diff --git a/modules/utilities/unix/logging/auditbeat/manifests/repo.pp b/modules/utilities/unix/logging/auditbeat/manifests/repo.pp index 634083f2a..4c9ab25f2 100644 --- a/modules/utilities/unix/logging/auditbeat/manifests/repo.pp +++ b/modules/utilities/unix/logging/auditbeat/manifests/repo.pp @@ -1,60 +1,69 @@ # auditbeat::repo # @api private # -# @summary It manages the package repositories to isntall auditbeat -class auditbeat::repo { +# @summary Manages the package repositories on the target nodes to install auditbeat +class auditbeat::repo inherits auditbeat { + $apt_repo_url = $auditbeat::apt_repo_url ? { + undef => "https://artifacts.elastic.co/packages/${auditbeat::major_version}.x/apt", + default => $auditbeat::apt_repo_url, + } + $yum_repo_url = $auditbeat::yum_repo_url ? { + undef => "https://artifacts.elastic.co/packages/${auditbeat::major_version}.x/yum", + default => $auditbeat::yum_repo_url, + } + $gpg_key_url = $auditbeat::gpg_key_url ? { + undef => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch', + default => $auditbeat::gpg_key_url, + } + $gpg_key_id = $auditbeat::gpg_key_id ? { + '' => '46095ACC8548582C1A2699A9D27D666CD88E42B4', + default => $auditbeat::gpg_key_id, + } + if ($auditbeat::manage_repo == true) and ($auditbeat::ensure == 'present') { case $facts['osfamily'] { 'Debian': { include ::apt - - $download_url = 'https://artifacts.elastic.co/packages/6.x/apt' - if !defined(Apt::Source['beats']) { apt::source{'beats': ensure => $auditbeat::ensure, - location => $download_url, + location => $apt_repo_url, release => 'stable', repos => 'main', key => { - id => '46095ACC8548582C1A2699A9D27D666CD88E42B4', - source => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch', + id => $gpg_key_id, + source => $gpg_key_url, }, } + Class['apt::update'] -> Package['auditbeat'] } } 'RedHat': { - - $download_url = 'https://artifacts.elastic.co/packages/6.x/yum' - if !defined(Yumrepo['beats']) { yumrepo{'beats': ensure => $auditbeat::ensure, - descr => 'Elastic repository for 6.x packages', - baseurl => $download_url, + descr => "Elastic repository for ${auditbeat::major_version}.x packages", + baseurl => $yum_repo_url, gpgcheck => 1, - gpgkey => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch', + gpgkey => $gpg_key_url, enabled => 1, } } } 'SuSe': { - - $download_url = 'https://artifacts.elastic.co/packages/6.x/yum' - - exec { 'topbeat_suse_import_gpg': - command => '/usr/bin/rpmkeys --import https://artifacts.elastic.co/GPG-KEY-elasticsearch', - unless => '/usr/bin/test $(rpm -qa gpg-pubkey | grep -i "D88E42B4" | wc -l) -eq 1 ', + exec { 'suse_import_gpg': + command => "/usr/bin/rpmkeys --import ${gpg_key_url}", + unless => "/usr/bin/test $(rpm -qa gpg-pubkey | grep -i \"${gpg_key_id}\" | wc -l) -eq 1", notify => [ Zypprepo['beats'] ], } if !defined (Zypprepo['beats']) { zypprepo{'beats': - baseurl => $download_url, + baseurl => $yum_repo_url, enabled => 1, autorefresh => 1, name => 'beats', gpgcheck => 1, - gpgkey => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch', + gpgkey => $gpg_key_url, type => 'yum', } } diff --git a/modules/utilities/unix/logging/auditbeat/manifests/service.pp b/modules/utilities/unix/logging/auditbeat/manifests/service.pp index c40921c37..1399f2290 100644 --- a/modules/utilities/unix/logging/auditbeat/manifests/service.pp +++ b/modules/utilities/unix/logging/auditbeat/manifests/service.pp @@ -33,5 +33,6 @@ class auditbeat::service { ensure => $service_status, enable => $service_enabled, provider => $auditbeat::service_provider, + require => Package['auditbeat'], } } diff --git a/modules/utilities/unix/logging/auditbeat/metadata.json b/modules/utilities/unix/logging/auditbeat/metadata.json index 413704bba..f72f474d1 100644 --- a/modules/utilities/unix/logging/auditbeat/metadata.json +++ b/modules/utilities/unix/logging/auditbeat/metadata.json @@ -1,27 +1,30 @@ { "name": "norisnetwork-auditbeat", - "version": "0.1.2", + "version": "0.2.5", "author": "norisnetwork", - "summary": "This module installs and configures the Auditbeat shipper by Elastic.", + "summary": "Module for installing, managing and configuring the Auditbeat lightweight shipper for audit data by elastic.", "license": "Apache-2.0", - "source": "https://github.com/noris-network/puppet-auditbeat", + "source": "https://github.com/noris-network/norisnetwork-auditbeat", "project_page": "https://github.com/noris-network/norisnetwork-auditbeat", "issues_url": "https://github.com/noris-network/norisnetwork-auditbeat/issues", "dependencies": [ { "name": "puppetlabs-stdlib", - "version_requirement": ">= 4.13.0 < 5.0.0" + "version_requirement": ">= 4.13.0 < 7.0.0" }, { "name": "puppetlabs-apt", - "version_requirement": ">= 4.0.0 < 5.0.0" + "version_requirement": ">= 2.0.0 < 8.0.0" }, { - "name": "darin-zypprepo", + "name": "puppet-zypprepo", + "version_requirement": ">= 2.0.0 < 3.0.0" + }, + { + "name": "puppetlabs-yumrepo_core", "version_requirement": ">= 1.0.0 < 2.0.0" } ], - "data_provider": null, "operatingsystem_support": [ { "operatingsystem": "CentOS", @@ -44,23 +47,32 @@ { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ - "16.04" + "18.04" ] }, { "operatingsystem": "SLES", "operatingsystemrelease": [ - "12" + "15" ] } ], "requirements": [ { "name": "puppet", - "version_requirement": ">= 4.7.0 < 6.0.0" + "version_requirement": ">= 5.0.0 < 7.0.0" } ], - "pdk-version": "1.5.0", - "template-url": "file:///opt/puppetlabs/pdk/share/cache/pdk-templates.git", - "template-ref": "1.5.0-0-gd1b3eca" + "tags": [ + "auditbeat", + "elasticsearch", + "elastic_stack", + "elastic", + "norisnetwork", + "logstash", + "kibana" + ], + "pdk-version": "1.18.0", + "template-url": "pdk-default#1.18.0", + "template-ref": "tags/1.18.0-0-g095317c" } diff --git a/modules/utilities/unix/logging/auditbeat/secgen_metadata.xml b/modules/utilities/unix/logging/auditbeat/secgen_metadata.xml index 14420750c..8bd878fb1 100644 --- a/modules/utilities/unix/logging/auditbeat/secgen_metadata.xml +++ b/modules/utilities/unix/logging/auditbeat/secgen_metadata.xml @@ -14,7 +14,6 @@ logstash_ip logstash_port - files_to_audit localhost @@ -24,13 +23,13 @@ 5044 - - /etc/shadow - /etc/passwd - - update + + + Filebeat + + diff --git a/modules/utilities/unix/logging/auditbeat/spec/classes/auditbeat_spec.rb b/modules/utilities/unix/logging/auditbeat/spec/classes/auditbeat_spec.rb deleted file mode 100644 index 930406700..000000000 --- a/modules/utilities/unix/logging/auditbeat/spec/classes/auditbeat_spec.rb +++ /dev/null @@ -1,129 +0,0 @@ -require 'spec_helper' - -describe 'auditbeat', 'type' => 'class' do - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) { facts } - - it { is_expected.to compile } - it { is_expected.to create_class('auditbeat') } - it { is_expected.to create_class('auditbeat::install') } - it { is_expected.to create_class('auditbeat::config') } - it { is_expected.to create_class('auditbeat::service') } - describe 'with ensure present' do - let(:params) { { 'ensure' => 'present' } } - - it do - is_expected.to contain_package('auditbeat').with( - 'ensure' => 'latest', - ) - end - end - describe 'with ensure absent' do - let(:params) { { 'ensure' => 'absent' } } - - it do - is_expected.to contain_package('auditbeat').with( - 'ensure' => 'absent', - ) - is_expected.to contain_service('auditbeat').with( - 'ensure' => 'stopped', - 'enable' => false, - ) - end - end - describe 'with version 6.2.0' do - let(:params) { { 'package_ensure' => '6.2.0' } } - - it do - is_expected.to contain_package('auditbeat').with( - 'ensure' => '6.2.0', - ) - end - end - describe 'with disable_configtest false and file permission 0600' do - let(:params) { { 'disable_configtest' => false, 'config_file_mode' => '0600' } } - - it do - is_expected.to contain_file('/etc/auditbeat/auditbeat.yml').with( - 'ensure' => 'present', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0600', - 'validate_cmd' => '/usr/share/auditbeat/bin/auditbeat test config -c %', - ) - end - end - describe 'with disable_configtest true' do - let(:params) { { 'disable_configtest' => true } } - - it do - is_expected.to contain_file('/etc/auditbeat/auditbeat.yml').with( - 'ensure' => 'present', - 'owner' => 'root', - 'group' => 'root', - 'mode' => '0644', - 'validate_cmd' => nil, - ) - end - end - describe 'with service enabled' do - let(:params) { { 'ensure' => 'present', 'service_ensure' => 'enabled' } } - - it do - is_expected.to contain_service('auditbeat').with( - 'ensure' => 'running', - 'enable' => true, - ) - end - end - case os - when %r{centos-7-|redhat-7-} - describe 'with manage_repo true on RedHat family' do - let(:params) { { 'ensure' => 'present', 'manage_repo' => true } } - - it do - is_expected.to contain_yumrepo('beats').with( - 'ensure' => 'present', - 'baseurl' => 'https://artifacts.elastic.co/packages/6.x/yum', - 'gpgkey' => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch', - ) - end - end - when %r{sles-12-} - describe 'with manage_repo true on SLES family' do - let(:params) { { 'ensure' => 'present', 'manage_repo' => true } } - - it do - is_expected.to contain_zypprepo('beats').with( - 'enabled' => 1, - 'autorefresh' => 1, - 'gpgcheck' => 1, - 'name' => 'beats', - 'type' => 'yum', - 'baseurl' => 'https://artifacts.elastic.co/packages/6.x/yum', - 'gpgkey' => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch', - ) - end - end - when %r{debian-9-|ubuntu-16.04-} - describe 'with manage_repo true on Debian family' do - let(:params) { { 'ensure' => 'present', 'manage_repo' => true } } - - it do - is_expected.to contain_apt__source('beats').with( - 'ensure' => 'present', - 'location' => 'https://artifacts.elastic.co/packages/6.x/apt', - 'release' => 'stable', - 'repos' => 'main', - 'key' => { - 'id' => '46095ACC8548582C1A2699A9D27D666CD88E42B4', - 'source' => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch', - }, - ) - end - end - end - end - end -end diff --git a/modules/utilities/unix/logging/auditbeat/spec/default_facts.yml b/modules/utilities/unix/logging/auditbeat/spec/default_facts.yml deleted file mode 100644 index 3248be5aa..000000000 --- a/modules/utilities/unix/logging/auditbeat/spec/default_facts.yml +++ /dev/null @@ -1,8 +0,0 @@ -# Use default_module_facts.yml for module specific facts. -# -# Facts specified here will override the values provided by rspec-puppet-facts. ---- -concat_basedir: "/tmp" -ipaddress: "172.16.254.254" -is_pe: false -macaddress: "AA:AA:AA:AA:AA:AA" diff --git a/modules/utilities/unix/logging/auditbeat/spec/spec_helper.rb b/modules/utilities/unix/logging/auditbeat/spec/spec_helper.rb deleted file mode 100644 index e11719268..000000000 --- a/modules/utilities/unix/logging/auditbeat/spec/spec_helper.rb +++ /dev/null @@ -1,36 +0,0 @@ - -require 'puppetlabs_spec_helper/module_spec_helper' -require 'rspec-puppet-facts' - -begin - require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb')) -rescue LoadError => loaderror - warn "Could not require spec_helper_local: #{loaderror.message}" -end - -include RspecPuppetFacts - -default_facts = { - puppetversion: Puppet.version, - facterversion: Facter.version, -} - -default_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')) -default_module_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')) - -if File.exist?(default_facts_path) && File.readable?(default_facts_path) - default_facts.merge!(YAML.safe_load(File.read(default_facts_path))) -end - -if File.exist?(default_module_facts_path) && File.readable?(default_module_facts_path) - default_facts.merge!(YAML.safe_load(File.read(default_module_facts_path))) -end - -RSpec.configure do |c| - c.default_facts = default_facts - c.before :each do - # set to strictest setting for testing - # by default Puppet runs at warning level - Puppet.settings[:strict] = :warning - end -end diff --git a/modules/utilities/unix/logging/auditbeat/templates/audit_rules.erb b/modules/utilities/unix/logging/auditbeat/templates/audit_rules.erb deleted file mode 100644 index d7c4622c2..000000000 --- a/modules/utilities/unix/logging/auditbeat/templates/audit_rules.erb +++ /dev/null @@ -1,7 +0,0 @@ -<% audit_rules = '' - - @files_to_audit.each {|file| - audit_rules << "-w #{file} -p rwa -k identity\n" - } --%> -<%= audit_rules -%> \ No newline at end of file diff --git a/modules/utilities/unix/logging/elastalert/elastalert.pp b/modules/utilities/unix/logging/elastalert/elastalert.pp new file mode 100644 index 000000000..70389d1c3 --- /dev/null +++ b/modules/utilities/unix/logging/elastalert/elastalert.pp @@ -0,0 +1,18 @@ +unless defined('analysis_alert_action_server') { + $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) + $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0] + $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0] + + class { 'elastalert::install': + elasticsearch_ip => $elasticsearch_ip, + elasticsearch_port => $elasticsearch_port, + } ~> + class {'elastalert::config': + elasticsearch_ip => $elasticsearch_ip, + elasticsearch_port => $elasticsearch_port, + }~> + class {'elastalert::service': + elasticsearch_ip => $elasticsearch_ip, + elasticsearch_port => $elasticsearch_port, + } +} \ No newline at end of file diff --git a/modules/utilities/unix/logging/elastalert/files/dev-example-alert.json b/modules/utilities/unix/logging/elastalert/files/dev-example-alert.json new file mode 100644 index 000000000..ffdc902e6 --- /dev/null +++ b/modules/utilities/unix/logging/elastalert/files/dev-example-alert.json @@ -0,0 +1,224 @@ +// This alert was in 1 line and has been formatted + +// cat /home/vagrant/testfile log +[ + { + "_type": "doc", + "_index": "auditbeat-2020.02.25", + "process": { + "exe": "/bin/cat", + "name": "cat", + "title": "cat testfile", + "pid": "3376", + "ppid": "1452", + "cwd": "/home/vagrant" + }, + "num_hits": 1, + "@timestamp": "2020-02-25T17:29:47.360Z", + "tags": [ + "home", + "beats_input_raw_event" + ], + "auditd": { + "paths": [ + { + "nametype": "NORMAL", + "ouid": "1000", + "ogid": "1000", + "rdev": "00:00", + "dev": "08:01", + "item": "0", + "mode": "0100644", + "inode": "1441867", + "name": "testfile" + } + ], + "sequence": 273, + "summary": { + "how": "/bin/cat", + "object": { + "type": "file", + "primary": "testfile" + }, + "actor": { + "primary": "vagrant", + "secondary": "vagrant" + } + }, + "session": "3", + "result": "success", + "data": { + "tty": "pts2", + "syscall": "open", + "a1": "0", + "a0": "7ffcfc836419", + "a3": "69f", + "a2": "fffffffffffe0400", + "exit": "3", + "arch": "x86_64" + } + }, + "beat": { + "hostname": "shaw54-AGT-1-auto-grading-tracer-client-1", + "name": "shaw54-AGT-1-auto-grading-tracer-client-1", + "version": "6.8.6" + }, + "host": { + "name": "shaw54-AGT-1-auto-grading-tracer-client-1" + }, + "user": { + "fsuid": "1000", + "auid": "1000", + "uid": "1000", + "name_map": { + "fsuid": "vagrant", + "auid": "vagrant", + "uid": "vagrant", + "suid": "vagrant", + "fsgid": "vagrant", + "egid": "vagrant", + "euid": "vagrant", + "gid": "vagrant", + "sgid": "vagrant" + }, + "suid": "1000", + "fsgid": "1000", + "egid": "1000", + "euid": "1000", + "gid": "1000", + "sgid": "1000" + }, + "file": { + "group": "vagrant", + "uid": "1000", + "owner": "vagrant", + "gid": "1000", + "mode": "0644", + "device": "00:00", + "path": "testfile", + "inode": "1441867" + }, + "combined_path": "/home/vagrant/testfile", + "num_matches": 1, + "_id": "XA9lfXABD6uZtrW1xuCR", + "@version": "1", + "event": { + "action": "opened-file", + "category": "audit-rule", + "type": "syscall", + "module": "auditd" + } + } +] + + +// cat /etc/shadow log +[ + { + "_type": "doc", + "_index": "auditbeat-2020.02.25", + "process": { + "exe": "/usr/lib/x86_64-linux-gnu/libexec/kcheckpass", + "name": "kcheckpass", + "title": "kcheckpass -m classic -S 19", + "pid": "3684", + "ppid": "3622", + "cwd": "/home/vagrant" + }, + "num_hits": 6, + "@timestamp": "2020-02-25T17:59:21.460Z", + "tags": [ + "etc", + "beats_input_raw_event" + ], + "auditd": { + "paths": [ + { + "nametype": "NORMAL", + "ouid": "0", + "ogid": "42", + "rdev": "00:00", + "dev": "08:01", + "item": "0", + "mode": "0100644", + "inode": "402038", + "name": "/etc/shadow" + } + ], + "sequence": 1167, + "summary": { + "how": "/usr/lib/x86_64-linux-gnu/libexec/kcheckpass", + "object": { + "type": "file", + "primary": "/etc/shadow" + }, + "actor": { + "primary": "vagrant", + "secondary": "vagrant" + } + }, + "session": "3", + "result": "success", + "data": { + "tty": "(none)", + "syscall": "open", + "a1": "80000", + "a0": "7f4bdc9aa7f1", + "a3": "80000", + "a2": "1b6", + "exit": "3", + "arch": "x86_64" + } + }, + "beat": { + "hostname": "shaw54-AGT-1-auto-grading-tracer-client-1", + "name": "shaw54-AGT-1-auto-grading-tracer-client-1", + "version": "6.8.6" + }, + "host": { + "name": "shaw54-AGT-1-auto-grading-tracer-client-1" + }, + "user": { + "fsuid": "1000", + "auid": "1000", + "uid": "1000", + "name_map": { + "fsuid": "vagrant", + "auid": "vagrant", + "uid": "vagrant", + "suid": "vagrant", + "fsgid": "vagrant", + "egid": "vagrant", + "euid": "vagrant", + "gid": "vagrant", + "sgid": "vagrant" + }, + "suid": "1000", + "fsgid": "1000", + "egid": "1000", + "euid": "1000", + "gid": "1000", + "sgid": "1000" + }, + "file": { + "group": "shadow", + "uid": "0", + "owner": "root", + "gid": "42", + "mode": "0644", + "device": "00:00", + "path": "/etc/shadow", + "inode": "402038" + }, + "combined_path": "/home/vagrant//etc/shadow", + "num_matches": 6, + "_id": "Aw-AfXABD6uZtrW12ewa", + "@version": "1", + "event": { + "action": "opened-file", + "category": "audit-rule", + "type": "syscall", + "module": "auditd" + } + } +] diff --git a/modules/utilities/unix/logging/elastalert/files/elastalert-index.rb b/modules/utilities/unix/logging/elastalert/files/elastalert-index.rb new file mode 100644 index 000000000..6192a1c4f --- /dev/null +++ b/modules/utilities/unix/logging/elastalert/files/elastalert-index.rb @@ -0,0 +1,18 @@ +require 'fileutils' +require 'open3' + +@registered_file = '/ea' + +def already_registered? + File.file? @registered_file +end + +until already_registered? + stdout, _, _ = Open3.capture3("/usr/local/bin/elastalert-create-index") + if stdout.include? 'New index elastalert_status created' or stdout.include? 'Index elastalert_status already exists' + FileUtils.touch @registered_file + end + sleep(15) +end + +exit(0) \ No newline at end of file diff --git a/modules/utilities/unix/logging/elastalert/files/elastalert-index.service b/modules/utilities/unix/logging/elastalert/files/elastalert-index.service new file mode 100644 index 000000000..7290aba68 --- /dev/null +++ b/modules/utilities/unix/logging/elastalert/files/elastalert-index.service @@ -0,0 +1,15 @@ +[Unit] +Description=Elastalert index creation + +[Service] +EnvironmentFile=/etc/environment +ExecStart=/usr/bin/ruby /usr/local/bin/elastalert-index.rb +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +WorkingDirectory=/opt/elastalert +Restart=always +User=root +Group=root + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/modules/utilities/unix/logging/elastalert/files/elastalert.diff b/modules/utilities/unix/logging/elastalert/files/elastalert.diff new file mode 100644 index 000000000..4d1ab86cd --- /dev/null +++ b/modules/utilities/unix/logging/elastalert/files/elastalert.diff @@ -0,0 +1,17 @@ +diff --git a/elastalert/alerts.py b/elastalert/alerts.py +index d3ee892d4..84b0ae482 100644 +--- a/elastalert/alerts.py ++++ b/elastalert/alerts.py +@@ -918,10 +918,10 @@ def alert(self, matches): + + if self.rule.get('pipe_match_json'): + match_json = json.dumps(matches, cls=DateTimeEncoder) + '\n' +- stdout, stderr = subp.communicate(input=match_json) ++ stdout, stderr = subp.communicate(input=match_json.encode()) + elif self.rule.get('pipe_alert_text'): + alert_text = self.create_alert_body(matches) +- stdout, stderr = subp.communicate(input=alert_text) ++ stdout, stderr = subp.communicate(input=alert_text.encode()) + if self.rule.get("fail_on_non_zero_exit", False) and subp.wait(): + raise EAException("Non-zero exit code while running command %s" % (' '.join(command))) + except OSError as e: diff --git a/modules/utilities/unix/logging/elastalert/files/elastalert.service b/modules/utilities/unix/logging/elastalert/files/elastalert.service new file mode 100644 index 000000000..1f499fcd2 --- /dev/null +++ b/modules/utilities/unix/logging/elastalert/files/elastalert.service @@ -0,0 +1,12 @@ +[Unit] +Description=Elastalert +After=elasticsearch.service + +[Service] +Type=simple +WorkingDirectory=/opt/elastalert +ExecStart=/usr/bin/python3 -m elastalert.elastalert --verbose --config /opt/elastalert/config.yaml +Restart=always + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/modules/utilities/unix/logging/elastalert/files/exec_alerter.py b/modules/utilities/unix/logging/elastalert/files/exec_alerter.py new file mode 100644 index 000000000..d4e398b88 --- /dev/null +++ b/modules/utilities/unix/logging/elastalert/files/exec_alerter.py @@ -0,0 +1,63 @@ +import copy +import datetime +import json +import logging +import os +import re +import subprocess +import sys +import time +import uuid +import warnings + +from elastalert.alerts import Alerter, BasicMatchString, DateTimeEncoder + +from elastalert.util import EAException +from elastalert.util import elastalert_logger +from elastalert.util import lookup_es_key +from elastalert.util import pretty_ts +from elastalert.util import resolve_string +from elastalert.util import ts_now +from elastalert.util import ts_to_dt + +class ExecAlerter(Alerter): + required_options = set(['command']) + + def __init__(self, *args): + super(ExecAlerter, self).__init__(*args) + + self.last_command = [] + + self.shell = False + if isinstance(self.rule['command'], str): + self.shell = True + if '%' in self.rule['command']: + logging.warning('Warning! You could be vulnerable to shell injection!') + self.rule['command'] = [self.rule['command']] + + self.new_style_string_format = False + if 'new_style_string_format' in self.rule and self.rule['new_style_string_format']: + self.new_style_string_format = True + + def alert(self, matches): + # Format the command and arguments + try: + command = [resolve_string(command_arg, matches[0]) for command_arg in self.rule['command']] + self.last_command = command + except KeyError as e: + raise EAException("Error formatting command: %s" % (e)) + + # Run command and pipe data + try: + subp = subprocess.Popen(command, stdin=subprocess.PIPE, shell=self.shell) + match_json = json.dumps(matches, cls=DateTimeEncoder) + '\n' + input_string = self.rule['name'] + ":||:" + match_json + stdout, stderr = subp.communicate(input=input_string.encode()) + if self.rule.get("fail_on_non_zero_exit", False) and subp.wait(): + raise EAException("Non-zero exit code while running command %s" % (' '.join(command))) + except OSError as e: + raise EAException("Error while running command %s: %s" % (' '.join(command), e)) + + def get_info(self): + return {'type': 'command', + 'command': ' '.join(self.last_command)} \ No newline at end of file diff --git a/modules/utilities/unix/logging/elastalert/files/rules/example-rule.yaml b/modules/utilities/unix/logging/elastalert/files/rules/example-rule.yaml new file mode 100644 index 000000000..53c218a68 --- /dev/null +++ b/modules/utilities/unix/logging/elastalert/files/rules/example-rule.yaml @@ -0,0 +1,13 @@ +name: example-rule +type: any +index: auditbeat-* +filter: + - query: + query_string: + query: "combined_path: \"/home/vagrant/testfile\"" +alert: + - "elastalert.modules.alerter.exec.ExecAlerter" +command: ["/usr/bin/ruby", "/opt/alert_actioner/alert_router.rb"] +pipe_match_json: true +realert: + minutes: 0 \ No newline at end of file diff --git a/modules/utilities/unix/logging/elastalert/manifests/config.pp b/modules/utilities/unix/logging/elastalert/manifests/config.pp new file mode 100644 index 000000000..6a2221b59 --- /dev/null +++ b/modules/utilities/unix/logging/elastalert/manifests/config.pp @@ -0,0 +1,35 @@ +class elastalert::config ($elasticsearch_ip, + $elasticsearch_port, + $installdir = '/opt/elastalert/', + $source='http://github.com/Yelp/elastalert', + $rules_dir = '/opt/elastalert/rules') { + file { '/opt/elastalert/config.yaml': + ensure => file, + content => template('elastalert/config.yaml.erb'), + require => File[$installdir], + } + + file { $rules_dir: + ensure => directory, + recurse => true, + source => 'puppet:///modules/elastalert/rules/', + require => File[$installdir], + } + + # Move the custom alerter (outputs rulename:alert) + file { ['/opt/elastalert/elastalert/', '/opt/elastalert/elastalert/modules/', '/opt/elastalert/elastalert/modules/alerter/']: + ensure => directory, + } + + file { ['/opt/elastalert/elastalert/modules/__init__.py','/opt/elastalert/elastalert/modules/alerter/__init__.py']: + ensure => file, + require => File['/opt/elastalert/elastalert/modules/alerter/'], + } + + file { '/opt/elastalert/elastalert/modules/alerter/exec.py': + ensure => file, + source => 'puppet:///modules/elastalert/exec_alerter.py', + require => File['/opt/elastalert/elastalert/modules/alerter/'], + } + +} \ No newline at end of file diff --git a/modules/utilities/unix/logging/elastalert/manifests/init.pp b/modules/utilities/unix/logging/elastalert/manifests/init.pp new file mode 100644 index 000000000..bef688de6 --- /dev/null +++ b/modules/utilities/unix/logging/elastalert/manifests/init.pp @@ -0,0 +1,15 @@ +class elastalert ($elasticsearch_ip, $elasticsearch_port) { + class { 'elastalert::install': + elasticsearch_ip => $elasticsearch_ip, + elasticsearch_port => $elasticsearch_port, + } + ~> + class {'elastalert::config': + elasticsearch_ip => $elasticsearch_ip, + elasticsearch_port => $elasticsearch_port, + }~> + class {'elastalert::service': + elasticsearch_ip => $elasticsearch_ip, + elasticsearch_port => $elasticsearch_port, + } +} \ No newline at end of file diff --git a/modules/utilities/unix/logging/elastalert/manifests/install.pp b/modules/utilities/unix/logging/elastalert/manifests/install.pp new file mode 100644 index 000000000..cff8fd5da --- /dev/null +++ b/modules/utilities/unix/logging/elastalert/manifests/install.pp @@ -0,0 +1,21 @@ +class elastalert::install ($elasticsearch_ip, $elasticsearch_port,$installdir = '/opt/elastalert/', $source='http://github.com/Yelp/elastalert') { + Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] } + + ensure_packages(['python3-pip','build-essential','libssl-dev','libffi-dev','python-dev', 'supervisor' ]) + ensure_packages(['PyYAML>=5.1','elastalert','urllib3>=1.26.7'], { provider => 'pip3', require => [Package['python3-pip']] }) + + # Create directory to install into TODO: Change this to another variable name. Should put configs in /etc/ probably if we're installing via... + file { $installdir: + ensure => directory, + } + + # Clone elastalert from Github + vcsrepo { 'elastalert': + ensure => present, + provider => git, + path => $installdir, + source => $source, + require => File[$installdir], + } + +} diff --git a/modules/utilities/unix/logging/elastalert/manifests/service.pp b/modules/utilities/unix/logging/elastalert/manifests/service.pp new file mode 100644 index 000000000..b00914f9b --- /dev/null +++ b/modules/utilities/unix/logging/elastalert/manifests/service.pp @@ -0,0 +1,36 @@ +class elastalert::service ($elasticsearch_ip, + $elasticsearch_port, + $ea_service_file = '/etc/systemd/system/elastalert.service'){ + + file { $ea_service_file: + ensure => file, + source => 'puppet:///modules/elastalert/elastalert.service', + } + + service { 'elastalert': + ensure => undef, + enable => true, + provider => 'systemd', + path => '/etc/systemd/system/', + require => File[$ea_service_file], + } + + # Service to automatically create elastalert index, runs after reboot + file { '/etc/systemd/system/elastalert-index.service': + ensure => present, + source => 'puppet:///modules/elastalert/elastalert-index.service' + } + + file { '/usr/local/bin/elastalert-index.rb': + ensure => file, + source => 'puppet:///modules/elastalert/elastalert-index.rb', + } + + service { 'elastalert-index': + ensure => undef, + enable => true, + require => [File['/usr/local/bin/elastalert-index.rb'], File['/etc/systemd/system/elastalert-index.service']], + provider => 'systemd', + path => '/etc/systemd/system/' + } +} \ No newline at end of file diff --git a/modules/utilities/unix/logging/watcher/secgen_metadata.xml b/modules/utilities/unix/logging/elastalert/secgen_metadata.xml similarity index 85% rename from modules/utilities/unix/logging/watcher/secgen_metadata.xml rename to modules/utilities/unix/logging/elastalert/secgen_metadata.xml index fcb8b8106..226ace408 100644 --- a/modules/utilities/unix/logging/watcher/secgen_metadata.xml +++ b/modules/utilities/unix/logging/elastalert/secgen_metadata.xml @@ -3,9 +3,8 @@ - Watcher + Elastalert Thomas Shaw - Elastic Apache v2 TODO @@ -28,6 +27,11 @@ + Git VCS + + + + .*elasticsearch diff --git a/modules/utilities/unix/logging/elastalert/templates/config.yaml.erb b/modules/utilities/unix/logging/elastalert/templates/config.yaml.erb new file mode 100644 index 000000000..781dd24af --- /dev/null +++ b/modules/utilities/unix/logging/elastalert/templates/config.yaml.erb @@ -0,0 +1,115 @@ +# This is the folder that contains the rule yaml files +# Any .yaml file will be loaded as a rule +rules_folder: /opt/elastalert/rules/ + +# How often ElastAlert will query Elasticsearch +# The unit can be anything from weeks to seconds +run_every: + seconds: 1 + +# ElastAlert will buffer results from the most recent +# period of time, in case some log sources are not in real time +buffer_time: + minutes: 15 + +# The Elasticsearch hostname for metadata writeback +# Note that every rule can have its own Elasticsearch host +es_host: <%= @elasticsearch_ip -%> + +# The Elasticsearch port +es_port: <%= @elasticsearch_port -%> + +# The AWS region to use. Set this when using AWS-managed elasticsearch +#aws_region: us-east-1 + +# The AWS profile to use. Use this if you are using an aws-cli profile. +# See http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html +# for details +#profile: test + +# Optional URL prefix for Elasticsearch +#es_url_prefix: elasticsearch + +# Connect with TLS to Elasticsearch +#use_ssl: True + +# Verify TLS certificates +#verify_certs: True + +# GET request with body is the default option for Elasticsearch. +# If it fails for some reason, you can pass 'GET', 'POST' or 'source'. +# See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport +# for details +#es_send_get_body_as: GET + +# Option basic-auth username and password for Elasticsearch +#es_username: someusername +#es_password: somepassword + +# Use SSL authentication with client certificates client_cert must be +# a pem file containing both cert and key for client +#verify_certs: True +#ca_certs: /path/to/cacert.pem +#client_cert: /path/to/client_cert.pem +#client_key: /path/to/client_key.key + +# The index on es_host which is used for metadata storage +# This can be a unmapped index, but it is recommended that you run +# elastalert-create-index to set a mapping +writeback_index: elastalert_status +writeback_alias: elastalert_alerts + +# If an alert fails for some reason, ElastAlert will retry +# sending the alert until this time period has elapsed +alert_time_limit: + days: 2 + +# Custom logging configuration +# If you want to setup your own logging configuration to log into +# files as well or to Logstash and/or modify log levels, use +# the configuration below and adjust to your needs. +# Note: if you run ElastAlert with --verbose/--debug, the log level of +# the "elastalert" logger is changed to INFO, if not already INFO/DEBUG. +#logging: +# version: 1 +# incremental: false +# disable_existing_loggers: false +# formatters: +# logline: +# format: '%(asctime)s %(levelname)+8s %(name)+20s %(message)s' + +# handlers: +# console: +# class: logging.StreamHandler +# formatter: logline +# level: DEBUG +# stream: ext://sys.stderr + +# file: +# class : logging.FileHandler +# formatter: logline +# level: DEBUG +# filename: /var/log/elastalert.log + +# loggers: +# elastalert: +# level: WARN +# handlers: [] +# propagate: true + +# elasticsearch: +# level: WARN +# handlers: [] +# propagate: true + +# elasticsearch.trace: +# level: WARN +# handlers: [] +# propagate: true + +# '': # root logger +# level: WARN +# handlers: +# - console +# - file +# propagate: false \ No newline at end of file diff --git a/modules/utilities/unix/logging/elasticsearch/CHANGELOG.md b/modules/utilities/unix/logging/elasticsearch/CHANGELOG.md deleted file mode 100644 index 34e005e6a..000000000 --- a/modules/utilities/unix/logging/elasticsearch/CHANGELOG.md +++ /dev/null @@ -1,976 +0,0 @@ -## 6.3.3 (September 7, 2018) - -Note that this release includes changes to a default value that may affect users that rely on `curl` or `wget` to retrieve Elasticsearch package files, as now all certificates are validated by default. -To preserve existing behavior, set `$elasticsearch::download_tool_verify_certificates` to `false`. - -#### Fixes -* Update puppetlabs-stdlib dependency to < 6.0.0 -* By default, package files downloaded with tools like wget or curl (i.e., the `$elasticsearch::download_tool` parameter) now verify certificates by default and a new boolean parameter has been added to indicate whether to ignore certificates (`$elasticsearch::download_tool_verify_certificates`). - -## 6.3.2 (August 28, 2018) - -#### Fixes -* Fix an issue with string coercion for certain fields in pipelines. - -## 6.3.1 (August 6, 2018) - -Primarily a bugfix release. - -#### Fixes -* REST-based resources are now coerced to string values to uniformly compare user defined values and Elasticsearch API responses. -* Resolve deprecation warnings related to use of the deprecated is_array() function. -* Fixed an erroneous inclusion of '<' in logging.yml -* Resolve deprecation warnings related to use of the deprecated is_string() function. - -## 6.3.0 (June 18, 2018) - -### Migration Guide - -Elasticsearch 6.3 includes several big changes that are reflected in this module. -When upgrading from module versions prior to 6.3, there are a number of upgrade considerations to take into account: - -* This module defaults to the upstream package repositories, which now include X-Pack bundled by default. To preserve previous behavior which does _not_ include X-Pack, follow the `README` instructions to configure `oss`-only repositories/packages. - * Note that if your system was previously using the `elasticsearch` package and you instead choose to move to the `oss` distribution, the `elasticsearch` and `elasticsearch-oss` packages may conflict. If that occurs, consider ensuring that the `elasticsearch` package is absent before the `::elasticsearch` class runs. This module does not explicitly remove the conflicting package to avoid unexpected package removal. -* Use of the `elastic_stack::repo` class for managing package repositories brings a couple changes: - * All repository-level parameters and settings have been removed from the `::elasticsearch` class. These parameters can now be set on the `elastic_stack::repo` class. - * This may mean that leftover yum/apt/etc. repositories named `elasticsearch` may persist after upgrade. -* Some changes have been made to align this module's file-level permissions with upstream defaults on some configuration, data, and logging directories. Though these have been tested, operators should be aware that some permissions may change on-disk after upgrading to version >= 6.3.x of this module. - -#### Features -* Added support for managing Elasticsearch licenses. -* This module now uses the elastic-stack module to manage package repositories. -* Supports OSS packaging distribution. -* X-Pack bundled with 6.3 support. - -#### Fixes -* Ensure that the stock Elasticsearch service is not running. -* Service files for removed instances were previously set to ensure => absent on removal. Because this limits Puppet's ability to verify that the named service is running or not, these service files are always present now whether an instance is set to present or absent. -* The service defaults file now enforces user/group ownership inline with the service user runtime. -* The `scripts` configuration directory is now recursively copied instead of symlinked to avoid Elasticsearch security manager permission errors. -* X-Pack and other meta-plugins are now properly detected as installed by the native plugin provider. - -## 6.2.2 (March 13, 2018) - -#### Fixes -* Fixed language compatibility errors that could arise when using JRuby 1.7 on Puppet Servers. - -## 6.2.1 (February 14, 2018) - -This is primarily a bugfix release to address an issue when installing Elasticsearch 6.2.x plugins such as X-Pack that use the new meta-plugin architecture. -While the change has been tested with several plugins and versions of Elasticsearch, if any unexpected behavior arises, help is available on the [Elastic forums](https://discuss.elastic.co/) or via [an issue in the puppet-elasticsearch Github repository](https://github.com/elastic/puppet-elasticsearch/issues). - -#### Fixes -* Rewrote the `exists?` logic for the `elasticsearch_plugin` provider. This fundamentally changes how the module detects the presence of plugins but should be backwards compatible. - -## 6.2.0 (February 9, 2018) - -#### Features -* Add support for Amazon Linux 2 -* Add support for managing Elasticsearch Snapshot Repository resources - -#### Fixes -* Fixed an issue when setting `file_rolling_type => file` in Elasticsearch 6. -* Removed ExecStartPre=- from systemd template - -## 6.1.0 (December 18, 2017) - -#### Features -* Removed `tea` module dependency for pre-existing types in `stdlib` module. -* Support `file` as a `file_rolling_type`. -* Added `java_opts` parameter to `elasticsearch::plugin` resource. -* Brought some options in `jvm.options` up-to-date with upstream. -* Plugins can now have their `JAVA_HOME` set through the `java_home` parameter. - -#### Fixes -* Fixed issue with `ES_PATH_CONF` being unset in SysV init files. - -## 6.0.0 (November 14, 2017) - -Major version upgrade with several important deprecations: - -* Puppet version 3 is no longer supported. -* Package pinning is no longer supported. -* Java installation is no longer supported. -* The python and ruby defined types have been removed. -* Repo management through `manage_repo` is now set to `true` by default. -* All `*_hiera_merge` parameters have been removed. - -Minor: - -* elasticsearch::plugin only accepts `present` or `absent` -* Some REST-resource based providers (such as templates and pipelines) now validate parameters (such as numeric port numbers) more rigorously. - -The following migration guide is intended to help aid in upgrading this module. - -### Migration Guide - -#### Puppet 3.x No Longer Supported - -Puppet 4.5.0 is the new minimum required version of Puppet, which offers better safety, module metadata, and Ruby features. -Migrating from Puppet 3 to Puppet 4 is beyond the scope of this guide, but the [official upgrade documentation](https://docs.puppet.com/upgrade/upgrade_steps.html) can help. -As with any version or module upgrade, remember to restart any agents and master servers as needed. - -#### Package Pinning No Longer Supported - -Package pinning caused lots of unexpected behavior and usually caused more problems than solutions. -If you still require package pinning, consider using the [`apt::pin` resource](https://forge.puppet.com/puppetlabs/apt#pin-a-specific-release) on Debian-based systems or a [`yum::versionlock` resource from the yum module](https://forge.puppet.com/puppet/yum#lock-a-package-with-the-versionlock-plugin) for Red Hat-based systems. - -#### Java Installation No Longer Supported - -Java installation was a very simple operation in this module which simply declared an instance of the `java` class but created conflicts for users who managed Java separately. -If you still wish to configure Java alongside this module, consider using the [puppetlabs/java](https://forge.puppet.com/puppetlabs/java) module and installing Java with the following configuration: - -```puppet -class { "java" : distribution => "jre" } -``` - -This will install a version of Java suitable for Elasticsearch in most situations. -Note that in some older distributions, you may need to take extra steps to install a more recent version of Java that supports Elasticsearch. - -#### Removal of Python and Ruby Resources - -These resource types were simple wrappers around `package` resources with their providers set to `pip` and `gem`, respectively. -Simply defining your own resources similarly to: - -```puppet -package { 'elasticsearch' : provider => 'pip' } -``` - -Is sufficient. - -#### Automatic Package Repository Management - -This parameter is now set to `true` by default to automatically manage the Elastic repository. -If you do not wish to configure the repository to automatically retrieve package updates, set this parameter to `false`: - -```puppet -class { 'elasticsearch': manage_repo => false } -``` - -#### Removal of `hiera_merge` Parameters - -Updates to Hiera in later versions of Puppet mean that you can set merging behavior in end-user configuration. -Read [the upstream Hiera documentation regarding `lookup_options`](https://puppet.com/docs/puppet/4.10/hiera_merging.html#configuring-merge-behavior-in-hiera-data) to learn how to configure Hiera appropriately for your needs. - -## 5.5.0 (November 13, 2017) - -#### Features -* Updated puppetlabs/java dependency to `< 5.0.0` - -#### Fixes -* Properly support plugin installation on 6.x series with explicit `ES_PATH_CONF` -* set file ownership of systemd service file to root user/group -* Fix propagating the pid_dir into OpenBSD rcscript - -## 5.4.3 (September 1, 2017) - -#### Features -* Bumped puppet/java dependency to < 3.0.0 - -#### Fixes -* Append `--quiet` flag to >= 5.x versions of Elasticsearch systemd service units -* Disable es_facts collection on SearchGuard nodes with TLS enabled - -## 5.4.2 (August 18, 2017) - -#### Features -* Bumped puppet/yum dependency to < 3.0.0 - -#### Fixes -* Custom facts no longer attempt to connect to SSL/TLS secured ports. - -## 5.4.1 (August 7, 2017) - -Fixed an issue where `logging_yml_ensure` and `log4j2_ensure` would not propagate to `elasticsearch::instance` resources. - -## 5.4.0 (August 3, 2017) - -#### Features -* The `api_timeout` parameter is now passed to the `es_instance_conn_validator` resource for index, pipeline, and template defined types. -* Updated puppetlabs/apt dependency to < 5.0.0. -* Both the `logging.yml` and `log4j2.properties` files can be selectively enabled/disabled with the `logging_yml_ensure` and `log4j2_ensure` parameters on the `elasticsearch` class and `elasticsearch::instance` defined type. -* `jvm_options` are now controllable on a per-instance basis. - -#### Fixes -* Fixed an edge case with `es_instance_validator` in which ruby connection errors were not caught. -* Plugins with colon-delimited names (such as maven plugins) are properly handled now. -* Fixed a bug that would cause dependency cycles when using parameters to create defined types. - -## 5.3.1 (June 14, 2017) - -### Summary -Minor release to fix bugs related to the `elasticsearch_keystore` type and generated docs. - -#### Features -* Moved documentation to Yard for doc auto-generation for all classes/types/etc. - -#### Fixes -* Fixed dependency order bug with the `elasticsearch_keystore` type and augeas defaults resource. - -## 5.3.0 (June 5, 2017) - -### Summary -Minor bugfix release with added support for managing Elasticsearch keystores, custom repository URLs, and more. - -#### Features -* Failures are no longer raised when no instances are defined for a plugin and service restarts are not requested. -* The `datadir` for instances can now be shared among multiple instances by using the `datadir_instance_directories` parameter. -* `repo_baseurl` is now exposed as a top-level parameter for users who wish to control custom repositories. -* `elasticsearch-keystore` values can now be managed via native Puppet resources. - -#### Fixes -* log4j template now properly respects deprecation logging settings. - -## 5.2.0 (May 5, 2017) - -### Summary -Release supporting several new features and bugfixes for 5.4.0 users and users who need the ability to update plugins. - -#### Features -* Support for Shield/X-Pack logging configuration file added. -* The `elasticsearch::script` type now supports recursively managing directories of scripts. -* All module defined types can now be managed as top-level hash parameters to the `elasticsearch` class (primarily for hiera and PE) - -#### Fixes -* Fixed a bug that prevented plugins from being updated properly. -* Fixed deprecated `default.path` options introduced in Elasticsearch 5.4.0. - -## 5.1.1 (April 13, 2017) - -### Summary - -#### Features -* Instance configs now have highest precedence when constructing the final yaml - config file. - -#### Fixes -This is a hotfix release to support users affected by [an upstream Elasticsearch issue](https://github.com/elastic/elasticsearch/issues/6887). -See the [associated issue](https://github.com/elastic/puppet-elasticsearch/issues/802#issuecomment-293295930) for details regarding the workaround. -The change implemented in this release is to place the `elasticsearch::instance` `config` parameter at the highest precedence when merging the final config yaml which permits users manually override `path.data` values. - -## 5.1.0 (February 28, 2017) - -### Summary -Ingest pipeline and index settings support. -Minor bugfixes. - -#### Features -* Ingestion pipelines supported via custom resources. -* Index settings support. - -#### Fixes -* Custom facts no longer fail when trying to read unreadable elasticsearch config files. -* `Accept` and `Content-Type` headers properly set for providers (to support ES 6.x) - -## 5.0.0 (February 9, 2017) - -Going forward, This module will follow Elasticsearch's upstream major version to indicate compatability. -That is, version 5.x of this module supports version 5 of Elasticsearch, and version 6.x of this module will be released once Elasticsearch 6 support is added. - -### Summary -Note that this is a **major version release**! -Please read the release notes carefully before upgrading to avoid downtime/unexpected behavior. -Remember to restart any puppetmaster servers to clear provider caches and pull in updated code. - -### Backwards-Incompatible Changes -* The `elasticsearch::shield::user` and `elasticsearch::shield::role` resources have been renamed to `elasticsearch::user` and `elasticsearch::role` since the resource now handles both Shield and X-Pack. -* Both Shield and X-Pack configuration files are kept in `/etc/elasticsearch/shield` and `/etc/elasticsearch/x-pack`, respectively. If you previously managed Shield resources with version 0.x of this module, you may need to migrate files from `/usr/share/elasticsearch/shield`. -* The default data directory has been changed to `/var/lib/elasticsearch`. If you used the previous default (the Elasticsearch home directory, `/usr/share/elasticsearch/data`), you may need to migrate your data. -* The first changes that may be Elasticsearch 1.x-incompatible have been introduced (see the [elasticsearch support lifecycle](https://www.elastic.co/support/eol)). This only impacts version 1.x running on systemd-based distributions. -* sysctl management has been removed (and the module removed as a dependency for this module), and puppet/yum is used in lieu of ceritsc/yum. - -#### Features -* Support management of the global jvm.options configuration file. -* X-Pack support added. -* Restricted permissions to the elasticsearch.yml file. -* Deprecation log configuration support added. -* Synced systemd service file with upstream. - -#### Bugfixes -* Fixed case in which index template could prepend an additional 'index.' to index settings. -* Fixed a case in which dependency cycles could arise when pinning packages on CentOS. -* No longer recursively change the Elasticsearch home directory's lib/ to the elasticsearch user. -* Unused defaults values now purged from instance init defaults files. - -#### Changes -* Changed default data directory to /var/lib -* sysctl settings are no longer managed by the thias/sysctl module. -* Calls to `elasticsearch -version` in elasticsearch::plugin code replaced with native Puppet code to resolve Elasticsearch package version. Should improve resiliency when managing plugins. -* Shield and X-Pack configuration files are stored in /etc/elasticsearch instead of /usr/share/elasticsearch. -* Removed deprecated ceritsc/yum module in favor of puppet/yum. - -#### Testing changes - -## 0.15.1 (December 1, 2016) - -### Summary -Primarily a bugfix release for Elasticsearch 5.x support-related issues. -Note updated minimum required puppet versions as well. - -#### Features - -#### Bugfixes -* Removed ES_HEAP_SIZE check in init scripts for Elasticsearch 5.x -* Changed sysctl value to a string to avoid type errors for some versions -* Fixed a $LOAD_PATH error that appeared in some cases for puppet_x/elastic/es_versioning - -#### Changes -* Updated minimium required version for Puppet and PE to reflect tested versions and versions supported by Puppet Labs - -#### Testing changes - -## 0.15.0 (November 17, 2016) - -### Summary -* Support for Ubuntu Xenial (16.04) formally declared. -* Initial support for running Elasticsearch 5.x series. - -#### Features -* Support management of 5.x-style Elastic yum/apt package repositories. -* Support service scripts for 5.x series of Elasticsearch - -#### Bugfixes -* Update the apt::source call to not cause deprecation warnings -* Updated module metadata to correctly require puppet-stdlib with validate_integer() - -#### Changes - -#### Testing changes -* Ubuntu Xenial (16.04) added to the test matrix. - -## 0.14.0 (October 12, 2016) - -### Summary -Primarily a bugfix release for issues related to plugin proxy functionality, various system service fixes, and directory permissions. -This release also adds the ability to define logging rolling file settings and a CA file/path for template API access. - -#### Features -* Added 'file_rolling_type' parameter to allow selecting file logging rotation type between "dailyRollingFile" or "rollingFile". Also added 'daily_rolling_date_pattern', 'rolling_file_max_backup_index' and 'rolling_file_max_file_size' for file rolling customization. - -#### Bugfixes -* Permissions on the Elasticsearch plugin directory have been fixed to permit world read rights. -* The service systemd unit now `Wants=` a network target to fix bootup parallelization problems. -* Recursively create the logdir for elasticsearch when creating multiple instances -* Files and directories with root ownership now specify UID/GID 0 instead to improve compatability with *BSDs. -* Elasticsearch Debian init file changed to avoid throwing errors when DATA_DIR, WORK_DIR and/or LOG_DIR were an empty variable. -* Fixed a broken File dependency when a plugin was set to absent and ::elasticsearch set to present. -* Fixed issue when using the `proxy` parameter on plugins in Elasticsearch 2.x. - -#### Changes -* The `api_ca_file` and `api_ca_path` parameters have been added to support custom CA bundles for API access. -* Numerics in elasticsearch.yml will always be properly unquoted. -* puppetlabs/java is now listed as a dependency in metadata.json to avoid unexpected installation problems. - -#### Testing changes - -## 0.13.2 (August 29, 2016) - -### Summary -Primarily a bugfix release to resolve HTTPS use in elasticsearch::template resources, 5.x plugin operations, and plugin file permission enforcement. - -#### Features -* Plugin installation for the 5.x series of Elasticsearch is now properly supported. - -#### Bugfixes -* Recursively enforce correct plugin directory mode to avoid Elasticsearch startup permissions errors. -* Fixed an edge case where dependency cycles could arise when managing absent resources. -* Elasticsearch templates now properly use HTTPS when instructed to do so. - -#### Changes -* Updated the elasticsearch_template type to return more helpful error output. -* Updated the es_instance_conn_validator type to silence deprecation warnings in Puppet >= 4. - -#### Testing changes - -## 0.13.1 (August 8, 2016) - -### Summary -Lingering bugfixes from elasticsearch::template changes. -More robust systemd mask handling. -Updated some upstream module parameters for deprecation warnings. -Support for the Shield `system_key` file. - -#### Features -* Added `system_key` parameter to the `elasticsearch` class and `elasticsearch::instance` type for placing Shield system keys. - -#### Bugfixes -* Fixed systemd elasticsearch.service unit masking to use systemctl rather than raw symlinking to avoid puppet file backup errors. -* Fixed a couple of cases that broke compatability with older versions of puppet (elasticsearch_template types on puppet versions prior to 3.6 and yumrepo parameters on puppet versions prior to 3.5.1) -* Fixed issues that caused templates to be incorrectly detected as out-of-sync and thus always changed on each puppet run. -* Resources are now explicitly ordered to ensure behavior such as plugins being installed before instance start, users managed before templates changed, etc. - -#### Changes -* Updated repository gpg fingerprint key to long form to silence module warnings. - -#### Testing changes - -## 0.13.0 (August 1, 2016) - -### Summary -Rewritten elasticsearch::template using native type and provider. -Fixed and added additional proxy parameters to elasticsearch::plugin instances. -Exposed repo priority parameters for apt and yum repos. - -#### Features -* In addition to better consistency, the `elasticsearch::template` type now also accepts various `api_*` parameters to control how access to the Elasticsearch API is configured (there are top-level parameters that are inherited and can be overwritten in `elasticsearch::api_*`). -* The `elasticsearch::config` parameter now supports deep hiera merging. -* Added the `elasticsearch::repo_priority` parameter to support apt and yum repository priority configuration. -* Added `proxy_username` and `proxy_password` parameters to `elasticsearch::plugin`. - -#### Bugfixes -* Content of templates should now properly trigger new API PUT requests when the index template stored in Elasticsearch differs from the template defined in puppet. -* Installing plugins with proxy parameters now works correctly due to changed Java property flags. -* The `elasticsearch::plugin::module_dir` parameter has been re-implemented to aid in working around plugins with non-standard plugin directories. - -#### Changes -* The `file` parameter on the `elasticsearch::template` defined type has been deprecated to be consistent with usage of the `source` parameter for other types. - -#### Testing changes - -## 0.12.0 (July 20, 2016) - -IMPORTANT! A bug was fixed that mistakenly added /var/lib to the list of DATA_DIR paths on Debian-based systems. This release removes that environment variable, which could potentially change path.data directories for instances of Elasticsearch. Take proper precautions when upgrading to avoid unexpected downtime or data loss (test module upgrades, et cetera). - -### Summary -Rewritten yaml generator, code cleanup, and various bugfixes. Configuration file yaml no longer nested. Service no longer restarts by default, and exposes more granular restart options. - -#### Features -* The additional parameters restart_config_change, restart_package_change, and restart_plugin_change have been added for more granular control over service restarts. - -#### Bugfixes -* Special yaml cases such as arrays of hashes and strings like "::" are properly supported. -* Previous Debian SysV init scripts mistakenly set the `DATA_DIR` environment variable to a non-default value. -* Some plugins failed installation due to capitalization munging, the elasticsearch_plugin provider no longer forces downcasing. - -#### Changes -* The `install_options` parameter on the `elasticsearch::plugin` type has been removed. This was an undocumented parameter that often caused problems for users. -* The `elasticsearch.service` systemd unit is no longer removed but masked by default, effectively hiding it from systemd but retaining the upstream vendor unit on disk for package management consistency. -* `restart_on_change` now defaults to false to reduce unexpected cluster downtime (can be set to true if desired). -* Package pinning is now contained within a separate class, so users can opt to manage package repositories manually and still use this module's pinning feature. -* All configuration hashes are now flattened into dot-notated yaml in the elasticsearch configuration file. This should be fairly transparent in terms of behavior, though the config file formatting will change. - -#### Testing changes -* The acceptance test suite has been dramatically slimmed to cut down on testing time and reduce false positives. - -## 0.11.0 ( May 23, 2016 ) - -### Summary -Shield support, SLES support, and overhauled testing setup. - -#### Features -* Support for shield - * TLS Certificate management - * Users (role and password management for file-based realms) - * Roles (file-based with mapping support) -* Support (repository proxies)[https://github.com/elastic/puppet-elasticsearch/pull/615] -* Support for (SSL auth on API calls)[https://github.com/elastic/puppet-elasticsearch/pull/577] - -#### Bugfixes -* (Fix Facter calls)[https://github.com/elastic/puppet-elasticsearch/pull/590] in custom providers - -#### Changes - -#### Testing changes -* Overhaul testing methodology, see CONTRIBUTING for updates -* Add SLES 12, Oracle 6, and PE 2016.1.1 to testing matrix -* Enforce strict variable checking - -#### Known bugs -* This is the first release with Shield support, some untested edge cases may exist - - -##0.10.3 ( Feb 08, 2016 ) - -###Summary -Adding support for OpenBSD and minor fixes - -####Features -* Add required changes to work with ES 2.2.x plugins -* Support for custom log directory -* Support for OpenBSD - -####Bugfixes -* Add correct relation to file resource and plugin installation -* Notify service when upgrading the package - -####Changes -* Remove plugin dir when upgrading Elasticsearch - -####Testing changes - -####Known bugs -* Possible package conflicts when using ruby/python defines with main package name - - -##0.10.2 ( Jan 19, 2016 ) - -###Summary -Bugfix release and adding Gentoo support - -####Features -* Added Gentoo support - -####Bugfixes -* Create init script when set to unmanaged -* init_template variable was not passed on correctly to other classes / defines -* Fix issue with plugin type that caused run to stall -* Export ES_GC_LOG_FILE in init scripts - -####Changes -* Improve documentation about init_defaults -* Update common files -* Removed recurse option on data directory management -* Add retry functionality to plugin type - -####Testing changes - -####Known bugs -* Possible package conflicts when using ruby/python defines with main package name - - -##0.10.1 ( Dec 17, 2015 ) - -###Summary -Bugfix release for proxy functionality in plugin installation - -####Features - -####Bugfixes -* Proxy settings were not passed on correctly - -####Changes -* Cleanup .pmtignore to exclude more files - -####Testing changes - -####Known bugs -* Possible package conflicts when using ruby/python defines with main package name - - -##0.10.0 ( Dec 14, 2015 ) - -###Summary -Module now works with ES 2.x completely - -####Features -* Work with ES 2.x new plugin system and remain to work with 1.x -* Implemented datacat module from Richard Clamp so other modules can hook into it for adding configuration options -* Fixed init and systemd files to work with 1.x and 2.x -* Made the module work with newer pl-apt module versions -* Export es_include so it is passed on to ES -* Ability to supply long gpg key for apt repo - -####Bugfixes -* Documentation and typographical fixes -* Do not force puppet:/// schema resource -* Use package resource defaults rather than setting provider and source - -####Changes - -####Testing changes -* Improve unit testing and shorten the runtime - -####Known bugs -* Possible package conflicts when using ruby/python defines with main package name - - -##0.9.9 ( Sep 01, 2015 ) - -###Summary -Bugfix release and extra features - -####Features -* Work with ES 2.x -* Add Java 8 detection in debian init script -* Improve offline plugin installation - -####Bugfixes -* Fix a bug with new ruby versions but older puppet versions causing type error -* Fix config tempate to use correct ruby scoping -* Fix regex retrieving proxy port while downloading plugin -* Fix systemd template for better variable handling -* Template define was using wrong pathing for removal - - -####Changes - -####Testing changes - -####Known bugs -* Possible package conflicts when using ruby/python defines with main package name - - -##0.9.8 ( Jul 07, 2015 ) - -###Summary - - -####Features -* Work with ES 2.x - -####Bugfixes -* Fix plugin to maintain backwards compatibility - -####Changes - -####Testing changes -* ensure testing works with Puppet 4.x ( Rspec and Acceptance ) - -####Known bugs -* Possible package conflicts when using ruby/python defines with main package name - - -##0.9.7 ( Jun 24, 2015 ) - -###Summary -This releases adds several important features and fixes an important plugin installation issue with ES 1.6 and higher. - -####Features -* Automate plugin dir extraction -* use init service provider for Amazon Linux -* Add Puppetlabs/apt and ceritsc/yum as required modules -* Added Timeout to fetching facts in case ES does not respond -* Add proxy settings for package download - -####Bugfixes -* Fixed systemd template to fix issue with LimitMEMLOCK setting -* Improve package version handling when specifying a version -* Add tmpfiles.d file to manage sub dir in /var/run path -* Fix plugin installations for ES 1.6 and higher - -####Changes -* Removed Modulefile, only maintaining metadata.json file - -####Testing changes -* Added unit testing for package pinning feature -* Added integration testing with Elasticsearch to find issues earlier -* Fix OpenSuse 13 testing - -####Known bugs -* Possible package conflicts when using ruby/python defines with main package name - - -##0.9.6 ( May 28, 2015 ) - -###Summary -Bugfix release 0.9.6 - -####Features -* Implemented package version pinning to avoid accidental upgrading -* Added support for Debian 8 -* Added support for upgrading plugins -* Managing LimitNOFILE and LimitMEMLOCK settings in systemd - -####Bugfixes - -####Changes -* Dropped official support for PE 3.1.x and 3.2.x - -####Testing changes -* Several testing changes implemented to increase coverage - -####Known bugs -* Possible package conflicts when using ruby/python defines with main package name - - -##0.9.5( Apr 16, 2015 ) - -###Summary -Bugfix release 0.9.5 - -We reverted the change that implemented the full 40 character for the apt repo key. -This caused issues with some older versions of the puppetlabs-apt module - -####Features - -####Bugfixes -* Revert using the full 40 character for the apt repo key. - -####Changes - -####Testing changes - -####Known bugs -* Possible package conflicts when using ruby/python defines with main package name - - -##0.9.4( Apr 14, 2015 ) - -###Summary -Bugfix release 0.9.4 - -####Features -* Add the ability to create and populate scripts - -####Bugfixes -* add support for init_defaults_file to elasticsearch::instance -* Update apt key to full 40characters - -####Changes -* Fix readme regarding module_dir with plugins - -####Testing changes -* Adding staged removal test -* Convert git urls to https -* Add centos7 node config - -####Known bugs -* Possible package conflicts when using ruby/python defines with main package name - - -##0.9.3( Mar 24, 2015 ) - -###Summary -Bugfix release 0.9.3 - -####Features - -####Bugfixes -* Not setting repo_version did not give the correct error -* Systemd file did not contain User/Group values - -####Changes -* Brand rename from Elasticsearch to Elastic - -####Testing changes -* Moved from multiple Gemfiles to single Gemfile - -####Known bugs -* Possible package conflicts when using ruby/python defines with main package name - -##0.9.2( Mar 06, 2015 ) - -###Summary -Bugfix release 0.9.2 - -####Features -* Introducing es_instance_conn_validator resource to verify instance availability - -####Bugfixes -* Fix missing data path when using the path config setting but not setting the data path - -####Changes -None - -####Testing changes -None - -####Known bugs -* Possible package conflicts when using ruby/python defines with main package name - -##0.9.1 ( Feb 23, 2015 ) - -###Summary -This is the first bug fix release for 0.9 version. -A bug was reported with the recursive file management. - -####Features -None - -####Bugfixes -* Fix recursive file management -* Set undefined variables to work with strict_variables - -####Changes -None - -####Testing changes -None - -####Known bugs -* Possible package conflicts when using ruby/python defines with main package name - -##0.9.0 ( Feb 02, 2015 ) - -###Summary -This release is the first one towards 1.0 release. -Our planning is to provide LTS releases with the puppet module - -####Features -* Support for using hiera to define instances and plugins. -* Support for OpenSuSE 13.x -* Custom facts about the installed Elasticsearch instance(s) -* Proxy host/port support for the plugin installation -* Ability to supply a custom logging.yml template - -####Bugfixes -* Ensure file owners are correct accross all related files -* Fix of possible service name conflict -* Empty main config would fail with instances -* Removal of standard files from packages we dont use -* Ensuring correct sequence of plugin and template defines -* Added ES_CLASSPATH export to init scripts - -####Changes -* Java installation to use puppetlabs-java module -* Added Support and testing for Puppet 3.7 and PE 3.7 -* Improve metadata.json based on scoring from Forge - - -####Testing changes -* Added testing against Puppet 3.7 and PE 3.7 -* Using rspec3 -* Using rspec-puppet-facts gem simplifies rspec testing - -####Known Bugs -* Possible package conflicts when using ruby/python defines with main package name - -##0.4.0 ( Jun 18, 2014 ) - Backwards compatible breaking release - -###Summary -This release introduces instances to facilitate the option to have more then a single instance running on the host system. - -####Features -* Rewrite module to incorperate multi instance support -* New readme layout - -####Bugfixes -* None - -####Changes -* Adding ec2-linux osfamily for repo management -* Retry behaviour for plugin installation - -####Testing changes -* Adding Puppet 3.6.x testing -* Ubuntu 14.04 testing -* Using new docker images -* Pin rspec to 2.14.x - -####Known Bugs -* No known bugs - -##0.3.2 ( May 15, 2014 ) -* Add support for SLC/Scientific Linux CERN ( PR #121 ) -* Add support for custom package names ( PR #122 ) -* Fix python and ruby client defines to avoid name clashes. -* Add ability to use stage instead of anchor for repo class -* Minor fixes to system tests - -##0.3.1 ( April 22, 2014 ) -* Ensure we create the plugin directory before installing plugins -* Added Puppet 3.5.x to rspec and system tests - -##0.3.0 ( April 2, 2014 ) -* Fix minor issue with yumrepo in repo class ( PR #92 ) -* Implement OpenSuse support -* Implement Junit reporting for tests -* Adding more system tests and convert to Docker images -* Use Augeas for managing the defaults file -* Add retry to package download exec -* Add management to manage the logging.yml file -* Improve inline documentation -* Improve support for Debian 6 -* Improve augeas for values with spaces -* Run plugin install as ES user ( PR #108 ) -* Fix rights for the plugin directory -* Pin Rake for Ruby 1.8.7 -* Adding new metadata for Forge. -* Increase time for retry to insert the template - -##0.2.4 ( Feb 21, 2014 ) -* Set puppetlabs-stdlib dependency version from 3.0.0 to 3.2.0 to be inline with other modules -* Let puppet run fail when template insert fails -* Documentation improvements ( PR #77, #78, #83 ) -* Added beaker system tests -* Fixed template define after failing system tests -* Some fixes so variables are more inline with intended structure - -##0.2.3 ( Feb 06, 2014 ) -* Add repository management feature -* Improve testing coverage and implement basic resource coverage reporting -* Add puppet 3.4.x testing -* Fix dependency in template define ( PR #72 ) -* For apt repo change from key server to key file - -##0.2.2 ( Jan 23, 2014 ) -* Ensure exec names are unique. This caused issues when using our logstash module -* Add spec tests for plugin define - -##0.2.1 ( Jan 22, 2014 ) -* Simplify the management of the defaults file ( PR #64 ) -* Doc improvements for the plugin define ( PR #66 ) -* Allow creation of data directory ( PR #68 ) -* Fail early when package version and package_url are defined - -##0.2.0 ( Nov 19, 2013 ) -* Large rewrite of the entire module described below -* Make the core more dynamic for different service providers and multi instance capable -* Add better testing and devided into different files -* Fix template function. Replace of template is now only done when the file is changed -* Add different ways to install the package except from the repository ( puppet/http/https/ftp/file ) -* Update java class to install openjdk 1.7 -* Add tests for python function -* Update config file template to fix scoping issue ( from PR #57 ) -* Add validation of templates -* Small changes for preperation for system tests -* Update readme for new functionality -* Added more test scenario's -* Added puppet parser validate task for added checking -* Ensure we don't add stuff when removing the module -* Update python client define -* Add ruby client define -* Add tests for ruby clients and update python client tests - -##0.1.3 ( Sep 06, 2013 ) -* Exec path settings has been updated to fix warnings ( PR #37, #47 ) -* Adding define to install python bindings ( PR #43 ) -* Scope deprecation fixes ( PR #41 ) -* feature to install plugins ( PR #40 ) - -##0.1.2 ( Jun 21, 2013 ) -* Update rake file to ignore the param inherit -* Added missing documentation to the template define -* Fix for template define to allow multiple templates ( PR #36 by Bruce Morrison ) - -##0.1.1 ( Jun 14, 2013 ) -* Add Oracle Linux to the OS list ( PR #25 by Stas Alekseev ) -* Respect the restart_on_change on the defaults ( PR #29 by Simon Effenberg ) -* Make sure the config can be empty as advertised in the readme -* Remove dependency cycle when the defaults file is updated ( PR #31 by Bruce Morrison ) -* Enable retry on the template insert in case ES isn't started yet ( PR #32 by Bruce Morrison ) -* Update templates to avoid deprecation notice with Puppet 3.2.x -* Update template define to avoid auto insert issue with ES -* Update spec tests to reflect changes to template define - -##0.1.0 ( May 09, 2013 ) -* Populate .gitignore ( PR #19 by Igor Galić ) -* Add ability to install initfile ( PR #20 by Justin Lambert ) -* Add ability to manage default file service parameters ( PR #21 by Mathieu Bornoz ) -* Providing complete containment of the module ( PR #24 by Brian Lalor ) -* Add ability to specify package version ( PR #25 by Justin Lambert ) -* Adding license file - -##0.0.7 ( Mar 23, 2013 ) -* Ensure config directory is created and managed ( PR #13 by Martin Seener ) -* Dont backup package if it changes -* Create explicit dependency on template directory ( PR #16 by Igor Galić ) -* Make the config directory variable ( PR #17 by Igor Galić and PR #18 by Vincent Janelle ) -* Fixing template define - -##0.0.6 ( Mar 05, 2013 ) -* Fixing issue with configuration not printing out arrays -* New feature to write the config hash shorter -* Updated readme to reflect the new feature -* Adding spec tests for config file generation - -##0.0.5 ( Mar 03, 2013 ) -* Option to disable restart on config file change ( PR #10 by Chris Boulton ) - -##0.0.4 ( Mar 02, 2013 ) -* Fixed a major issue with the config template ( Issue #9 ) - -##0.0.3 ( Mar 02, 2013 ) -* Adding spec tests -* Fixed init issue on Ubuntu ( Issue #6 by Marcus Furlong ) -* Fixed config template problem ( Issue #8 by surfchris ) -* New feature to manage templates - -##0.0.2 ( Feb 16, 2013 ) -* Feature to supply a package instead of being dependent on the repository -* Feature to install java in case one doesn't manage it externally -* Adding RedHat and Amazon as Operating systems -* fixed a typo - its a shard not a shared :) ( PR #5 by Martin Seener ) - -##0.0.1 ( Jan 13, 2013 ) -* Initial release of the module diff --git a/modules/utilities/unix/logging/elasticsearch/CONTRIBUTING.md b/modules/utilities/unix/logging/elasticsearch/CONTRIBUTING.md deleted file mode 100644 index 8ce533a12..000000000 --- a/modules/utilities/unix/logging/elasticsearch/CONTRIBUTING.md +++ /dev/null @@ -1,69 +0,0 @@ -# Contributing - -If you have a bugfix or new feature that you would like to contribute to this puppet module, please find or open an issue about it first. -Talk about what you would like to do - it may be that somebody is already working on it, or that there are particular issues that you should know about before implementing the change. - -**Note**: If you have support-oriented questions that aren't a bugfix or feature request, please post your questions on the [discussion forums](https://discuss.elastic.co/c/elasticsearch). - -We enjoy working with contributors to get their code accepted. -There are many approaches to fixing a problem and it is important to find the best approach before writing too much code. - -The process for contributing to any of the Elastic repositories is similar. - -## The Contributor License Agreement - -Please make sure you have signed the [Contributor License Agreement](http://www.elastic.co/contributor-agreement/). -We are not asking you to assign copyright to us, but to give us the right to distribute your code without restriction. -We ask this of all contributors in order to assure our users of the origin and continuing existence of the code. -You only need to sign the CLA once. - -## Development Setup - -There are a few testing prerequisites to meet: - -* Ruby. - As long as you have a recent version with `bundler` available, `bundler` will install development dependencies. - -You can then install the necessary gems with: - - bundle install - -This will install the requisite rubygems for testin. - -* Docker. - Note that Docker is used to run tests that require a Linux container/VM - if you only need to run simple rspec/doc tests, this shouldn't be necessary. - If you are developing on a Linux machine with a working Docker instance, this should be sufficient. - On OS X, just use the official [Docker installation method](https://docs.docker.com/engine/installation/mac/) to get a working `docker` setup. - Confirm that you can communicate with the Docker hypervisor with `docker version`. - -## Testing - -Running through the tests on your own machine can get ahead of any problems others (or Jenkins) may run into. - -First, run the intake tests and ensure it completes without errors with your changes. -These are lightweight tests that verify syntax, style, and all other tests that do not require a container to run. - - bundle exec rake intake - -Next, run the more thorough acceptance tests. -For example, to run the acceptance tests against CentOS 7, run the following: - - bundle exec rake beaker:centos-7-x64 - -The final output line will tell you which, if any, tests failed. -Note that you can find all other container acceptance tests with the `bundle exec rake -T` command. - -## Opening Pull Requests - -In summary, to open a new PR: - -* Sign the Contributor License Agreement -* Run the tests to confirm everything works as expected -* Rebase your changes. - Update your local repository with the most recent code from this puppet module repository, and rebase your branch on top of the latest master branch. -* Submit a pull request - Push your local changes to your forked copy of the repository and submit a pull request. - In the pull request, describe what your changes do and mention the number of the issue where discussion has taken place, eg "Closes #123". - -Then sit back and wait! -There will probably be discussion about the pull request and, if any changes are needed, we would love to work with you to get your pull request merged into this puppet module. diff --git a/modules/utilities/unix/logging/elasticsearch/CONTRIBUTORS b/modules/utilities/unix/logging/elasticsearch/CONTRIBUTORS deleted file mode 100644 index 483369729..000000000 --- a/modules/utilities/unix/logging/elasticsearch/CONTRIBUTORS +++ /dev/null @@ -1,33 +0,0 @@ -The following is a list of people who have contributed ideas, code, bug -reports, or in general have helped this puppet module along its way. - -Project Owner -* Elastic (elastic) - -Contributors: -Tyler Langlois (tylerjl) -Richard Pijnenburg (electrical) -Martin Seener (martinseener) -Marcus Furlong (furlongm) -Chris Boulton (chrisboulton) -Igor Galić (igalic) -Vincent Janelle (vjanelle) -Mathieu Bornoz (mbornoz) -Justin Lambert (jlambert121) -Brian Lalor (blalor) -Stas Alekseev (salekseev) -Simon Effenberg (Savar) -Bruce Morrison (brucem) -deanmalmgren -Matteo Sessa (msessa-cotd) -Sebastian Reitenbach (buzzdeee) -Toni Schmidbauer (tosmi) -Dan Sajner (dansajner) -Leo Antunes (costela) -Philip Wigg (philipwigg) -Ian Bissett (bisscuitt) -Fabian M. Krack (onibox) -Rhommel Lamas (rhoml) -Jose Luis Ledesma (sp-joseluis-ledesma) -Matthias Baur (baurmatt) -Gavin Williams (fatmcgav) diff --git a/modules/utilities/unix/logging/elasticsearch/README.md b/modules/utilities/unix/logging/elasticsearch/README.md deleted file mode 100644 index 8f6c36c67..000000000 --- a/modules/utilities/unix/logging/elasticsearch/README.md +++ /dev/null @@ -1,1041 +0,0 @@ -# Elasticsearch Puppet Module - -[![Puppet Forge endorsed](https://img.shields.io/puppetforge/e/elastic/elasticsearch.svg)](https://forge.puppetlabs.com/elastic/elasticsearch) -[![Puppet Forge Version](https://img.shields.io/puppetforge/v/elastic/elasticsearch.svg)](https://forge.puppetlabs.com/elastic/elasticsearch) -[![Puppet Forge Downloads](https://img.shields.io/puppetforge/dt/elastic/elasticsearch.svg)](https://forge.puppetlabs.com/elastic/elasticsearch) - -#### Table of Contents - -1. [Module description - What the module does and why it is useful](#module-description) -2. [Setup - The basics of getting started with Elasticsearch](#setup) - * [The module manages the following](#the-module-manages-the-following) - * [Requirements](#requirements) -3. [Usage - Configuration options and additional functionality](#usage) -4. [Advanced features - Extra information on advanced usage](#advanced-features) -5. [Reference - An under-the-hood peek at what the module is doing and how](#reference) -6. [Limitations - OS compatibility, etc.](#limitations) -7. [Development - Guide for contributing to the module](#development) -8. [Support - When you need help with this module](#support) - -## Module description - -This module sets up [Elasticsearch](https://www.elastic.co/overview/elasticsearch/) instances with additional resource for plugins, templates, and more. - -This module is actively tested against Elasticsearch 2.x, 5.x, and 6.x. - -## Setup - -### The module manages the following - -* Elasticsearch repository files. -* Elasticsearch package. -* Elasticsearch configuration file. -* Elasticsearch service. -* Elasticsearch plugins. -* Elasticsearch snapshot repositories. -* Elasticsearch templates. -* Elasticsearch ingest pipelines. -* Elasticsearch index settings. -* Elasticsearch Shield/X-Pack users, roles, and certificates. -* Elasticsearch licenses. -* Elasticsearch keystores. - -### Requirements - -* The [stdlib](https://forge.puppetlabs.com/puppetlabs/stdlib) Puppet library. -* [richardc/datacat](https://forge.puppetlabs.com/richardc/datacat) -* [Augeas](http://augeas.net/) -* [puppetlabs-java_ks](https://forge.puppetlabs.com/puppetlabs/java_ks) for Shield/X-Pack certificate management (optional). - -In addition, remember that Elasticsearch requires Java to be installed. -We recommend managing your Java installation with the [puppetlabs-java](https://forge.puppetlabs.com/puppetlabs/java) module. - -#### Repository management - -When using the repository management, the following module dependencies are required: - -* General: [Elastic/elastic_stack](https://forge.puppet.com/elastic/elastic_stack) -* Debian/Ubuntu: [Puppetlabs/apt](https://forge.puppetlabs.com/puppetlabs/apt) -* OpenSuSE/SLES: [Darin/zypprepo](https://forge.puppetlabs.com/darin/zypprepo) - -### Beginning with Elasticsearch - -Declare the top-level `elasticsearch` class (managing repositories) and set up an instance: - -```puppet -include ::java - -class { 'elasticsearch': } -elasticsearch::instance { 'es-01': } -``` - -**Note**: Elasticsearch 6.x requires a recent version of the JVM. - -## Usage - -### Main class - -Most top-level parameters in the `elasticsearch` class are set to reasonable defaults. -The following are some parameters that may be useful to override: - -#### Install a specific version - -```puppet -class { 'elasticsearch': - version => '6.0.0' -} -``` - -Note: This will only work when using the repository. - -#### Automatically restarting the service (default set to false) - -By default, the module will not restart Elasticsearch when the configuration file, package, or plugins change. -This can be overridden globally with the following option: - -```puppet -class { 'elasticsearch': - restart_on_change => true -} -``` - -Or controlled with the more granular options: `restart_config_change`, `restart_package_change`, and `restart_plugin_change.` - -#### Automatic upgrades (default set to false) - -```puppet -class { 'elasticsearch': - autoupgrade => true -} -``` - -#### Removal/Decommissioning - -```puppet -class { 'elasticsearch': - ensure => 'absent' -} -``` - -#### Install everything but disable service(s) afterwards - -```puppet -class { 'elasticsearch': - status => 'disabled' -} -``` - -#### API Settings - -Some resources, such as `elasticsearch::template`, require communicating with the Elasticsearch REST API. -By default, these API settings are set to: - -```puppet -class { 'elasticsearch': - api_protocol => 'http', - api_host => 'localhost', - api_port => 9200, - api_timeout => 10, - api_basic_auth_username => undef, - api_basic_auth_password => undef, - api_ca_file => undef, - api_ca_path => undef, - validate_tls => true, -} -``` - -Each of these can be set at the top-level `elasticsearch` class and inherited for each resource or overridden on a per-resource basis. - -#### Dynamically Created Resources - -This module supports managing all of its defined types through top-level parameters to better support Hiera and Puppet Enterprise. -For example, to manage an instance and index template directly from the `elasticsearch` class: - -```puppet -class { 'elasticsearch': - instances => { - 'es-01' => { - 'config' => { - 'network.host' => '0.0.0.0' - } - } - }, - templates => { - 'logstash' => { - 'content' => { - 'template' => 'logstash-*', - 'settings' => { - 'number_of_replicas' => 0 - } - } - } - } -} -``` - -### Instances - -This module works with the concept of instances. For service to start you need to specify at least one instance. - -#### Quick setup - -```puppet -elasticsearch::instance { 'es-01': } -``` - -This will set up its own data directory and set the node name to `$hostname-$instance_name` - -#### Advanced options - -Instance specific options can be given: - -```puppet -elasticsearch::instance { 'es-01': - config => { }, # Configuration hash - init_defaults => { }, # Init defaults hash - datadir => [ ], # Data directory -} -``` - -See [Advanced features](#advanced-features) for more information. - -### Plugins - -This module can help manage [a variety of plugins](http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-plugins.html#known-plugins). -Note that `module_dir` is where the plugin will install itself to and must match that published by the plugin author; it is not where you would like to install it yourself. - -#### From an official repository - -```puppet -elasticsearch::plugin { 'x-pack': - instances => 'instance_name' -} -``` - -#### From a custom url - -```puppet -elasticsearch::plugin { 'jetty': - url => 'https://oss-es-plugins.s3.amazonaws.com/elasticsearch-jetty/elasticsearch-jetty-1.2.1.zip', - instances => 'instance_name' -} -``` - -#### Using a proxy - -You can also use a proxy if required by setting the `proxy_host` and `proxy_port` options: -```puppet -elasticsearch::plugin { 'lmenezes/elasticsearch-kopf', - instances => 'instance_name', - proxy_host => 'proxy.host.com', - proxy_port => 3128 -} -``` - -Proxies that require usernames and passwords are similarly supported with the `proxy_username` and `proxy_password` parameters. - -Plugin name formats that are supported include: - -* `elasticsearch/plugin/version` (for official elasticsearch plugins downloaded from download.elastic.co) -* `groupId/artifactId/version` (for community plugins downloaded from maven central or OSS Sonatype) -* `username/repository` (for site plugins downloaded from github master) - -#### Upgrading plugins - -When you specify a certain plugin version, you can upgrade that plugin by specifying the new version. - -```puppet -elasticsearch::plugin { 'elasticsearch/elasticsearch-cloud-aws/2.1.1': } -``` - -And to upgrade, you would simply change it to - -```puppet -elasticsearch::plugin { 'elasticsearch/elasticsearch-cloud-aws/2.4.1': } -``` - -Please note that this does not work when you specify 'latest' as a version number. - -#### ES 2.x, 5.x, and 6.x official plugins -For the Elasticsearch commercial plugins you can refer them to the simple name. - -See [Plugin installation](https://www.elastic.co/guide/en/elasticsearch/plugins/current/installation.html) for more details. - -### Scripts - -Installs [scripts](http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting.html) to be used by Elasticsearch. -These scripts are shared across all defined instances on the same host. - -```puppet -elasticsearch::script { 'myscript': - ensure => 'present', - source => 'puppet:///path/to/my/script.groovy' -} -``` - -Script directories can also be recursively managed for large collections of scripts: - -```puppet -elasticsearch::script { 'myscripts_dir': - ensure => 'directory, - source => 'puppet:///path/to/myscripts_dir' - recurse => 'remote', -} -``` - -### Templates - -By default templates use the top-level `elasticsearch::api_*` settings to communicate with Elasticsearch. -The following is an example of how to override these settings: - -```puppet -elasticsearch::template { 'templatename': - api_protocol => 'https', - api_host => $::ipaddress, - api_port => 9201, - api_timeout => 60, - api_basic_auth_username => 'admin', - api_basic_auth_password => 'adminpassword', - api_ca_file => '/etc/ssl/certs', - api_ca_path => '/etc/pki/certs', - validate_tls => false, - source => 'puppet:///path/to/template.json', -} -``` - -#### Add a new template using a file - -This will install and/or replace the template in Elasticsearch: - -```puppet -elasticsearch::template { 'templatename': - source => 'puppet:///path/to/template.json', -} -``` - -#### Add a new template using content - -This will install and/or replace the template in Elasticsearch: - -```puppet -elasticsearch::template { 'templatename': - content => { - 'template' => "*", - 'settings' => { - 'number_of_replicas' => 0 - } - } -} -``` - -Plain JSON strings are also supported. - -```puppet -elasticsearch::template { 'templatename': - content => '{"template":"*","settings":{"number_of_replicas":0}}' -} -``` - -#### Delete a template - -```puppet -elasticsearch::template { 'templatename': - ensure => 'absent' -} -``` - -### Ingestion Pipelines - -Pipelines behave similar to templates in that their contents can be controlled -over the Elasticsearch REST API with a custom Puppet resource. -API parameters follow the same rules as templates (those settings can either be -controlled at the top-level in the `elasticsearch` class or set per-resource). - -#### Adding a new pipeline - -This will install and/or replace an ingestion pipeline in Elasticsearch -(ingestion settings are compared against the present configuration): - -```puppet -elasticsearch::pipeline { 'addfoo': - content => { - 'description' => 'Add the foo field', - 'processors' => [{ - 'set' => { - 'field' => 'foo', - 'value' => 'bar' - } - }] - } -} -``` - -#### Delete a pipeline - -```puppet -elasticsearch::pipeline { 'addfoo': - ensure => 'absent' -} -``` - - -### Index Settings - -This module includes basic support for ensuring an index is present or absent -with optional index settings. -API access settings follow the pattern previously mentioned for templates. - -#### Creating an index - -At the time of this writing, only index settings are supported. -Note that some settings (such as `number_of_shards`) can only be set at index -creation time. - -```puppet -elasticsearch::index { 'foo': - settings => { - 'index' => { - 'number_of_replicas' => 0 - } - } -} -``` - -#### Delete an index - -```puppet -elasticsearch::index { 'foo': - ensure => 'absent' -} -``` - -### Snapshot Repositories - -By default snapshot_repositories use the top-level `elasticsearch::api_*` settings to communicate with Elasticsearch. -The following is an example of how to override these settings: - -```puppet -elasticsearch::snapshot_repository { 'backups': - api_protocol => 'https', - api_host => $::ipaddress, - api_port => 9201, - api_timeout => 60, - api_basic_auth_username => 'admin', - api_basic_auth_password => 'adminpassword', - api_ca_file => '/etc/ssl/certs', - api_ca_path => '/etc/pki/certs', - validate_tls => false, - location => '/backups', -} -``` - -#### Delete a snapshot repository - -```puppet -elasticsearch::snapshot_repository { 'backups': - ensure => 'absent', - location => '/backup' -} -``` - -### Connection Validator - -This module offers a way to make sure an instance has been started and is up and running before -doing a next action. This is done via the use of the `es_instance_conn_validator` resource. -```puppet -es_instance_conn_validator { 'myinstance' : - server => 'es.example.com', - port => '9200', -} -``` - -A common use would be for example : - -```puppet -class { 'kibana4' : - require => Es_Instance_Conn_Validator['myinstance'], -} -``` - -### Package installation - -There are two different ways of installing Elasticsearch: - -#### Repository - - -##### Choosing an Elasticsearch major version - -This module uses the `elastic/elastic_stack` module to manage package repositories. Because there is a separate repository for each major version of the Elastic stack, selecting which version to configure is necessary to change the default repository value, like this: - - -```puppet -class { 'elastic_stack::repo': - version => 5, -} - -class { 'elasticsearch': - version => '5.6.4', -} -``` - -This module defaults to the upstream package repositories, which as of Elasticsearch 6.3, includes X-Pack. In order to use the purely OSS (open source) package and repository, the appropriate `oss` flag must be set on the `elastic_stack::repo` and `elasticsearch` classes: - -```puppet -class { 'elastic_stack::repo': - oss => true, -} - -class { 'elasticsearch': - oss => true, -} -``` - -##### Manual repository management - -You may want to manage repositories manually. You can disable automatic repository management like this: - -```puppet -class { 'elasticsearch': - manage_repo => false, -} -``` - -#### Remote package source - -When a repository is not available or preferred you can install the packages from a remote source: - -##### http/https/ftp - -```puppet -class { 'elasticsearch': - package_url => 'https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.2.deb', - proxy_url => 'http://proxy.example.com:8080/', -} -``` - -Setting `proxy_url` to a location will enable download using the provided proxy -server. -This parameter is also used by `elasticsearch::plugin`. -Setting the port in the `proxy_url` is mandatory. -`proxy_url` defaults to `undef` (proxy disabled). - -##### puppet:// -```puppet -class { 'elasticsearch': - package_url => 'puppet:///path/to/elasticsearch-1.4.2.deb' -} -``` - -##### Local file - -```puppet -class { 'elasticsearch': - package_url => 'file:/path/to/elasticsearch-1.4.2.deb' -} -``` - -### JVM Configuration - -When configuring Elasticsearch's memory usage, you can do so by either changing init defaults for Elasticsearch 1.x/2.x (see the [following example](#hash-representation)), or modify it globally in 5.x using `jvm.options`: - -```puppet -class { 'elasticsearch': - jvm_options => [ - '-Xms4g', - '-Xmx4g' - ] -} -``` - -`jvm.options` can also be controlled per-instance: - -```puppet -elasticsearch::instance { 'es-01': - jvm_options => [ - '-Xms4g', - '-Xmx4g' - ] -} -``` - -### Service management - -Currently only the basic SysV-style [init](https://en.wikipedia.org/wiki/Init) and [Systemd](http://en.wikipedia.org/wiki/Systemd) service providers are supported, but other systems could be implemented as necessary (pull requests welcome). - -#### Defaults File - -The *defaults* file (`/etc/defaults/elasticsearch` or `/etc/sysconfig/elasticsearch`) for the Elasticsearch service can be populated as necessary. -This can either be a static file resource or a simple key value-style [hash](http://docs.puppetlabs.com/puppet/latest/reference/lang_datatypes.html#hashes) object, the latter being particularly well-suited to pulling out of a data source such as Hiera. - -##### File source - -```puppet -class { 'elasticsearch': - init_defaults_file => 'puppet:///path/to/defaults' -} -``` -##### Hash representation - -```puppet -$config_hash = { - 'ES_HEAP_SIZE' => '30g', -} - -class { 'elasticsearch': - init_defaults => $config_hash -} -``` - -Note: `init_defaults` hash can be passed to the main class and to the instance. - -## Advanced features - -### X-Pack/Shield - -[X-Pack](https://www.elastic.co/products/x-pack) and [Shield](https://www.elastic.co/products/shield) file-based users, roles, and certificates can be managed by this module. - -**Note**: If you are planning to use these features, it is *highly recommended* you read the following documentation to understand the caveats and extent of the resources available to you. - -#### Getting Started - -Although this module can handle several types of Shield/X-Pack resources, you are expected to manage the plugin installation and versions for your deployment. -For example, the following manifest will install Elasticseach with a single instance running X-Pack: - -```puppet -class { 'elasticsearch': - security_plugin => 'x-pack', -} - -elasticsearch::instance { 'es-01': } -elasticsearch::plugin { 'x-pack': instances => 'es-01' } -``` - -The following manifest will do the same, but with Shield: - -```puppet -class { 'elasticsearch': - security_plugin => 'shield', -} - -elasticsearch::instance { 'es-01': } - -Elasticsearch::Plugin { instances => ['es-01'], } -elasticsearch::plugin { 'license': } -elasticsearch::plugin { 'shield': } -``` - -The following examples will assume the preceding resources are part of your puppet manifest. - -#### Roles - -Roles in the file realm (the `esusers` realm in Shield) can be managed using the `elasticsearch::role` type. -For example, to create a role called `myrole`, you could use the following resource in X-Pack: - -```puppet -elasticsearch::role { 'myrole': - privileges => { - 'cluster' => [ 'monitor' ], - 'indices' => [{ - 'names' => [ '*' ], - 'privileges' => [ 'read' ], - }] - } -} -``` - -And in Shield: - -```puppet -elasticsearch::role { 'myrole': - privileges => { - 'cluster' => 'monitor', - 'indices' => { - '*' => 'read' - } - } -} -``` - -This role would grant users access to cluster monitoring and read access to all indices. -See the [Shield](https://www.elastic.co/guide/en/shield/index.html) or [X-Pack](https://www.elastic.co/guide/en/x-pack/current/xpack-security.html) documentation for your version to determine what `privileges` to use and how to format them (the Puppet hash representation will simply be translated into yaml.) - -**Note**: The Puppet provider for `esusers`/`users` has fine-grained control over the `roles.yml` file and thus will leave the default roles Shield installs in-place. -If you would like to explicitly purge the default roles (leaving only roles managed by puppet), you can do so by including the following in your manifest: - -```puppet -resources { 'elasticsearch_role': - purge => true, -} -``` - -##### Mappings - -Associating mappings with a role for file-based management is done by passing an array of strings to the `mappings` parameter of the `elasticsearch::role` type. -For example, to define a role with mappings: - -```puppet -elasticsearch::role { 'logstash': - mappings => [ - 'cn=group,ou=devteam', - ], - privileges => { - 'cluster' => 'manage_index_templates', - 'indices' => [{ - 'names' => ['logstash-*'], - 'privileges' => [ - 'write', - 'delete', - 'create_index', - ], - }], - }, -} -``` - -**Note**: Observe the brackets around `indices` in the preceding role definition; which is an array of hashes per the format in Shield 2.3.x. Follow the documentation to determine the correct formatting for your version of Shield or X-Pack. - -If you'd like to keep the mappings file purged of entries not under Puppet's control, you should use the following `resources` declaration because mappings are a separate low-level type: - -```puppet -resources { 'elasticsearch_role_mapping': - purge => true, -} -``` - -#### Users - -Users can be managed using the `elasticsearch::user` type. -For example, to create a user `mysuser` with membership in `myrole`: - -```puppet -elasticsearch::user { 'myuser': - password => 'mypassword', - roles => ['myrole'], -} -``` - -The `password` parameter will also accept password hashes generated from the `esusers`/`users` utility and ensure the password is kept in-sync with the Shield `users` file for all Elasticsearch instances. - -```puppet -elasticsearch::user { 'myuser': - password => '$2a$10$IZMnq6DF4DtQ9c4sVovgDubCbdeH62XncmcyD1sZ4WClzFuAdqspy', - roles => ['myrole'], -} -``` - -**Note**: When using the `esusers`/`users` provider (the default for plaintext passwords), Puppet has no way to determine whether the given password is in-sync with the password hashed by Shield/X-Pack. -In order to work around this, the `elasticsearch::user` resource has been designed to accept refresh events in order to update password values. -This is not ideal, but allows you to instruct the resource to change the password when needed. -For example, to update the aforementioned user's password, you could include the following your manifest: - -```puppet -notify { 'update password': } ~> -elasticsearch::user { 'myuser': - password => 'mynewpassword', - roles => ['myrole'], -} -``` - -#### Certificates - -SSL/TLS can be enabled by providing an `elasticsearch::instance` type with paths to the certificate and private key files, and a password for the keystore. - -```puppet -elasticsearch::instance { 'es-01': - ssl => true, - ca_certificate => '/path/to/ca.pem', - certificate => '/path/to/cert.pem', - private_key => '/path/to/key.pem', - keystore_password => 'keystorepassword', -} -``` - -**Note**: Setting up a proper CA and certificate infrastructure is outside the scope of this documentation, see the aforementioned Shield or X-Pack guide for more information regarding the generation of these certificate files. - -The module will set up a keystore file for the node to use and set the relevant options in `elasticsearch.yml` to enable TLS/SSL using the certificates and key provided. - -#### System Keys - -Shield/X-Pack system keys can be passed to the module, where they will be placed into individual instance configuration directories. -This can be set at the `elasticsearch` class and inherited across all instances: - -```puppet -class { 'elasticsearch': - system_key => 'puppet:///path/to/key', -} -``` - -Or set on a per-instance basis: - -```puppet -elasticsearch::instance { 'es-01': - system_key => '/local/path/to/key', -} -``` - -### Licensing - -If you use the aforementioned Shield/X-Pack plugins, you may need to install a user license to leverage particular features outside of a trial license. -This module can handle installation of licenses without the need to write custom `exec` or `curl` code to install license data. - -You may instruct the module to install a license through the `elasticsearch::license` parameter: - -```puppet -class { 'elasticsearch': - license => $license, - security_plugin => 'x-pack', -} -``` - -The `license` parameter will accept either a Puppet hash representation of the license file json or a plain json string that will be parsed into a native Puppet hash. -Although dependencies are automatically created to ensure that any `elasticsearch::instance` resources are listening and ready before API calls are made, you may need to set the appropriate `api_*` parameters to ensure that the module can interact with the Elasticsearch API over the appropriate port, protocol, and with sufficient user rights to install the license. - -The native provider for licenses will _not_ print license signatures as part of Puppet's changelog to ensure that sensitive values are not included in console output or Puppet reports. -Any fields present in the `license` parameter that differ from the license installed in a cluster will trigger a flush of the resource and new `POST` to the Elasticsearch API with the license content, though the sensitive `signature` field is not compared as it is not returned from the Elasticsearch licensing APIs. - -### Data directories - -There are several different ways of setting data directories for Elasticsearch. -In every case the required configuration options are placed in the `elasticsearch.yml` file. - -#### Default - -By default we use: - - /usr/share/elasticsearch/data/$instance_name - -Which provides a data directory per instance. - -#### Single global data directory - -```puppet -class { 'elasticsearch': - datadir => '/var/lib/elasticsearch-data' -} -``` - -Creates the following for each instance: - - /var/lib/elasticsearch-data/$instance_name - -#### Multiple Global data directories - -```puppet -class { 'elasticsearch': - datadir => [ '/var/lib/es-data1', '/var/lib/es-data2'] -} -``` -Creates the following for each instance: -`/var/lib/es-data1/$instance_name` -and -`/var/lib/es-data2/$instance_name`. - -#### Single instance data directory - -```puppet -class { 'elasticsearch': } - -elasticsearch::instance { 'es-01': - datadir => '/var/lib/es-data-es01' -} -``` - -Creates the following for this instance: - - /var/lib/es-data-es01 - -#### Multiple instance data directories - -```puppet -class { 'elasticsearch': } - -elasticsearch::instance { 'es-01': - datadir => ['/var/lib/es-data1-es01', '/var/lib/es-data2-es01'] -} -``` - -Creates the following for this instance: -`/var/lib/es-data1-es01` -and -`/var/lib/es-data2-es01`. - -#### Shared global data directories - -In some cases, you may want to share a top-level data directory among multiple instances. - -```puppet -class { 'elasticsearch': - datadir_instance_directories => false, - config => { - 'node.max_local_storage_nodes' => 2 - } -} - -elasticsearch::instance { 'es-01': } -elasticsearch::instance { 'es-02': } -``` - -Will result in the following directories created by Elasticsearch at runtime: - - /var/lib/elasticsearch/nodes/0 - /var/lib/elasticsearch/nodes/1 - -See [the Elasticsearch documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html#max-local-storage-nodes) for additional information regarding this configuration. - -### Main and instance configurations - -The `config` option in both the main class and the instances can be configured to work together. - -The options in the `instance` config hash will merged with the ones from the main class and override any duplicates. - -#### Simple merging - -```puppet -class { 'elasticsearch': - config => { 'cluster.name' => 'clustername' } -} - -elasticsearch::instance { 'es-01': - config => { 'node.name' => 'nodename' } -} -elasticsearch::instance { 'es-02': - config => { 'node.name' => 'nodename2' } -} -``` - -This example merges the `cluster.name` together with the `node.name` option. - -#### Overriding - -When duplicate options are provided, the option in the instance config overrides the ones from the main class. - -```puppet -class { 'elasticsearch': - config => { 'cluster.name' => 'clustername' } -} - -elasticsearch::instance { 'es-01': - config => { 'node.name' => 'nodename', 'cluster.name' => 'otherclustername' } -} - -elasticsearch::instance { 'es-02': - config => { 'node.name' => 'nodename2' } -} -``` - -This will set the cluster name to `otherclustername` for the instance `es-01` but will keep it to `clustername` for instance `es-02` - -#### Configuration writeup - -The `config` hash can be written in 2 different ways: - -##### Full hash writeup - -Instead of writing the full hash representation: - -```puppet -class { 'elasticsearch': - config => { - 'cluster' => { - 'name' => 'ClusterName', - 'routing' => { - 'allocation' => { - 'awareness' => { - 'attributes' => 'rack' - } - } - } - } - } -} -``` - -##### Short hash writeup - -```puppet -class { 'elasticsearch': - config => { - 'cluster' => { - 'name' => 'ClusterName', - 'routing.allocation.awareness.attributes' => 'rack' - } - } -} -``` - -#### Keystore Settings - -Recent versions of Elasticsearch include the [elasticsearch-keystore](https://www.elastic.co/guide/en/elasticsearch/reference/current/secure-settings.html) utility to create and manage the `elasticsearch.keystore` file which can store sensitive values for certain settings. -The settings and values for this file can be controlled by this module. -Settings follow the behavior of the `config` parameter for the top-level Elasticsearch class and `elasticsearch::instance` defined types. -That is, you may define keystore settings globally, and all values will be merged with instance-specific settings for final inclusion in the `elasticsearch.keystore` file. -Note that each hash key is passed to the `elasticsearch-keystore` utility in a straightforward manner, so you should specify the hash passed to `secrets` in flattened form (that is, without full nested hash representation). - -For example, to define cloud plugin credentials for all instances: - -```puppet -class { 'elasticsearch': - secrets => { - 'cloud.aws.access_key' => 'AKIA....', - 'cloud.aws.secret_key' => 'AKIA....', - } -} -``` - -Or, to instead control these settings for a single instance: - -```puppet -elasticsearch::instance { 'es-01': - secrets => { - 'cloud.aws.access_key' => 'AKIA....', - 'cloud.aws.secret_key' => 'AKIA....', - } -} -``` - -##### Purging Secrets - -By default, if a secret setting exists on-disk that is not present in the `secrets` hash, this module will leave it intact. -If you prefer to keep only secrets in the keystore that are specified in the `secrets` hash, use the `purge_secrets` boolean parameter either on the `elasticsearch` class to set it globally or per-instance. - -##### Notifying Services - -Any changes to keystore secrets will notify running elasticsearch services by respecting the `restart_on_change` and `restart_config_change` parameters. - -## Reference - -Class parameters are available in [the auto-generated documentation -pages](https://elastic.github.io/puppet-elasticsearch/puppet_classes/elasticsearch.html). -Autogenerated documentation for types, providers, and ruby helpers is also -available on the same documentation site. - -## Limitations - -This module is built upon and tested against the versions of Puppet listed in -the metadata.json file (i.e. the listed compatible versions on the Puppet -Forge). - -The module has been tested on: - -* Debian 7/8 -* CentOS 6/7 -* OracleLinux 6/7 -* Ubuntu 14.04, 16.04 -* OpenSuSE 42.x -* SLES 12 - -Other distro's that have been reported to work: - -* RHEL 6 -* Scientific 6 - -Testing on other platforms has been light and cannot be guaranteed. - -## Development - -Please see the [CONTRIBUTING.md](CONTRIBUTING.md) file for instructions regarding development environments and testing. - -## Support - -Need help? Join us in [#elasticsearch](https://webchat.freenode.net?channels=%23elasticsearch) on Freenode IRC or on the [discussion forum](https://discuss.elastic.co/). diff --git a/modules/utilities/unix/logging/elasticsearch/checksums.json b/modules/utilities/unix/logging/elasticsearch/checksums.json deleted file mode 100644 index afa9fe74f..000000000 --- a/modules/utilities/unix/logging/elasticsearch/checksums.json +++ /dev/null @@ -1,119 +0,0 @@ -{ - "CHANGELOG.md": "09c67b158e09c420834199b8c25299e3", - "CONTRIBUTING.md": "ac881e18bfce94783bc02f82d851755d", - "CONTRIBUTORS": "80427ca8994554cb77655031ef906b77", - "LICENSE": "808a3e6960574ced8e69134e5dc1e1aa", - "README.md": "8a98aafd204d7a4a7ece74b6f93715c2", - "data/common.yaml": "e387a054e219f64283c8440b42bba8ed", - "data/distro/Amazon/2.yaml": "55d52592396e067a6053ab96fa8cea6d", - "data/distro/Amazon.yaml": "718442df5418f90c71eb9c3c8f97dbf3", - "data/distro/Debian/7.yaml": "f55b92267bad1da28af91d5dd8ff0992", - "data/distro/Ubuntu/12.04.yaml": "f55b92267bad1da28af91d5dd8ff0992", - "data/distro/Ubuntu/14.04.yaml": "f55b92267bad1da28af91d5dd8ff0992", - "data/kernel/Darwin.yaml": "026fa3c5f0f18592547187af0d24e78e", - "data/kernel/Linux.yaml": "4f83a23fa3660801abb8af3a447d2f58", - "data/kernel/OpenBSD.yaml": "dc438a649dd9f184e87d238a5d13a23b", - "data/os/Debian.yaml": "97acbc38e7da4a863ade17f160234612", - "data/os/Gentoo.yaml": "0ae9cbdc7ca66021856e0fb20e0d7f99", - "data/os/RedHat/5.yaml": "718442df5418f90c71eb9c3c8f97dbf3", - "data/os/RedHat/6.yaml": "718442df5418f90c71eb9c3c8f97dbf3", - "data/os/RedHat.yaml": "32784c1e50140afb691fb7c635253d62", - "data/os/Suse/11.yaml": "daa2d88f8337579f093e6822e7ea0e06", - "data/os/Suse.yaml": "5d99b0ea0526e0d3b46b0aff1ebdbaa2", - "files/etc/init.d/elasticsearch.Debian.erb": "e0f388f267443934e5c41244a3eca971", - "files/etc/init.d/elasticsearch.OpenBSD.erb": "1d6b639dede20a210eb0a7e2e355897e", - "files/etc/init.d/elasticsearch.RedHat.erb": "492b3eec88891c647cb6e029e43689af", - "files/etc/init.d/elasticsearch.SLES.erb": "2b19e699f17ba56e42d360c01a7c9a49", - "files/etc/init.d/elasticsearch.openrc.erb": "d3f30449dd34b4e18d4d082bc2a4efbd", - "files/etc/init.d/elasticsearch.systemd.erb": "dcf74b8c6761acdaf6132d0c9e0b2f0b", - "hiera.yaml": "09acc68ee99728c82a5fc6e09a426e7a", - "lib/facter/es_facts.rb": "20db9d95dbbbc5eba53089c24b63cd27", - "lib/puppet/feature/elasticsearch_shield_users_native.rb": "221c5cbf9e22aa9ad3c5ca522b4452fa", - "lib/puppet/parser/functions/array_suffix.rb": "ed1ea46d820596a292f48b81f9aac47e", - "lib/puppet/parser/functions/concat_merge.rb": "620a89ae34a7a0c1228b742cd5e33dd1", - "lib/puppet/parser/functions/deep_implode.rb": "b23803a221d49f309a3f5a94c1fbce2d", - "lib/puppet/parser/functions/es_plugin_name.rb": "ce0988372280032f6a9e181a04ebbeeb", - "lib/puppet/parser/functions/plugin_dir.rb": "0c1d7cac05f7c6e961578ecf451f7158", - "lib/puppet/provider/elastic_parsedfile.rb": "878e6240d460ea4aa4f744ec054fdfff", - "lib/puppet/provider/elastic_plugin.rb": "cdbaea0c6a6157016d0b3759e14f4025", - "lib/puppet/provider/elastic_rest.rb": "fc8d56650b6235a58a8ce83f12b54d9e", - "lib/puppet/provider/elastic_user_command.rb": "fcc1e8bb7d703631cedfca1b8aeb71d9", - "lib/puppet/provider/elastic_user_roles.rb": "2effdb04460c86c26cb602788dd96cad", - "lib/puppet/provider/elastic_yaml.rb": "fa8eaeb8c746e4994f1928517d7241a0", - "lib/puppet/provider/elasticsearch_index/ruby.rb": "53e411978ca535026fc5abf397051f2e", - "lib/puppet/provider/elasticsearch_keystore/elasticsearch_keystore.rb": "2240a5d9c0460de46e4371fcb2ef72e7", - "lib/puppet/provider/elasticsearch_license/shield.rb": "2dfd3cd546a6e152c9d52c6b74e17ccd", - "lib/puppet/provider/elasticsearch_license/x-pack.rb": "c4f2a8a3b2435444b2021a142dc3259e", - "lib/puppet/provider/elasticsearch_pipeline/ruby.rb": "5effb4b7f733e277db9e249fe56a56c6", - "lib/puppet/provider/elasticsearch_plugin/elasticsearch_plugin.rb": "ad41f6e88b90edd45fa459b84e1776c8", - "lib/puppet/provider/elasticsearch_plugin/plugin.rb": "ddfab6ef97bade9a0c8ac9b2d3a413a8", - "lib/puppet/provider/elasticsearch_role/oss_xpack.rb": "8b5c406c26e76f57f6df8aa276ccf3b2", - "lib/puppet/provider/elasticsearch_role/shield.rb": "1dbf0c6ea787d35751867d6f8cf9426f", - "lib/puppet/provider/elasticsearch_role/xpack.rb": "1a8efd9e11b77df0593a2e8af121a383", - "lib/puppet/provider/elasticsearch_role_mapping/oss_xpack.rb": "22ee6fd12b32c4e1c36782d4d7fc3c82", - "lib/puppet/provider/elasticsearch_role_mapping/shield.rb": "6e7155cf2c1c99134a216e4965dac586", - "lib/puppet/provider/elasticsearch_role_mapping/xpack.rb": "bd68558414444ec787054de6bdd64a18", - "lib/puppet/provider/elasticsearch_service_file/ruby.rb": "d05d392dca22bda460bc3fa38c1d095e", - "lib/puppet/provider/elasticsearch_snapshot_repository/ruby.rb": "8a840af646743bc500341d87a3ba61af", - "lib/puppet/provider/elasticsearch_template/ruby.rb": "d7af9930cb881cfd0153d2e753a09c19", - "lib/puppet/provider/elasticsearch_user/elasticsearch_users.rb": "a1c4dfe6e6b8dc4f2eb99d62295f0138", - "lib/puppet/provider/elasticsearch_user/esusers.rb": "9411db97d5017ce2c443fcc53a7fb35f", - "lib/puppet/provider/elasticsearch_user/users.rb": "448e23f54731dee321e9e3efa41a045e", - "lib/puppet/provider/elasticsearch_user_file/oss_xpack.rb": "cfdce1905c9eb6595202d6a0f5375d42", - "lib/puppet/provider/elasticsearch_user_file/shield.rb": "b8662cd5b24914d557d9906fdb79268d", - "lib/puppet/provider/elasticsearch_user_file/xpack.rb": "9ec2bd5896684515aba2de1204e67b94", - "lib/puppet/provider/elasticsearch_user_roles/oss_xpack.rb": "3bd77aaef148203f4feb2bb5c6e511b5", - "lib/puppet/provider/elasticsearch_user_roles/shield.rb": "d4f54492ffde90973d9baef296bc9593", - "lib/puppet/provider/elasticsearch_user_roles/xpack.rb": "c365dda2a13c5e3583f08ec4da3c3b7e", - "lib/puppet/provider/es_instance_conn_validator/tcp_port.rb": "f2a95de72ca47786942b78fc5bb3b4ba", - "lib/puppet/type/elasticsearch_index.rb": "5f92f552d34b9147d2f01243dee80435", - "lib/puppet/type/elasticsearch_keystore.rb": "001b17da3d74d56fc86bc6b977f59d18", - "lib/puppet/type/elasticsearch_license.rb": "996dcd0df87d257795b406051113b4a2", - "lib/puppet/type/elasticsearch_pipeline.rb": "ea24dd166d5b1b81faaaf6f903df2eec", - "lib/puppet/type/elasticsearch_plugin.rb": "a7f9ec739f7b894e6e0cb45b0f5cf784", - "lib/puppet/type/elasticsearch_role.rb": "054f8b4266c0f93712c0271b2bf9498b", - "lib/puppet/type/elasticsearch_role_mapping.rb": "d68d16bf342727ebc9175f811f0b2e3f", - "lib/puppet/type/elasticsearch_service_file.rb": "9e48d57d58ac9a4d95a1ab2678015b17", - "lib/puppet/type/elasticsearch_snapshot_repository.rb": "c4e4db24912da2a3d9b97cdca45f580a", - "lib/puppet/type/elasticsearch_template.rb": "5f7511c3dd1747003e00545c9d077509", - "lib/puppet/type/elasticsearch_user.rb": "c94462a3accb3d6250a72517d714b321", - "lib/puppet/type/elasticsearch_user_file.rb": "672adac7ddf8f874896db926f7c83544", - "lib/puppet/type/elasticsearch_user_roles.rb": "72f696a159f422aa6d9544e12059def0", - "lib/puppet/type/es_instance_conn_validator.rb": "eedda53737ddd8ee71321957eebfaa0d", - "lib/puppet/util/es_instance_validator.rb": "95e43f998735efb7debf0634e118d8f0", - "lib/puppet_x/elastic/asymmetric_compare.rb": "73d439672f601e185205e4f3aa6e9204", - "lib/puppet_x/elastic/deep_implode.rb": "9f5cef58fe8cf22939fb31b9b7876372", - "lib/puppet_x/elastic/deep_to_i.rb": "5f55013632071f73c2a032b0826f5913", - "lib/puppet_x/elastic/deep_to_s.rb": "40a02a579f4840c9257c3834970ac7b5", - "lib/puppet_x/elastic/elasticsearch_rest_resource.rb": "ddd46dcd93c0451147eb57cdea4fde70", - "lib/puppet_x/elastic/es_versioning.rb": "824fb8c03b1bbdf05ab28de7affdc681", - "lib/puppet_x/elastic/hash.rb": "159abda7275f5bc45f354ce4fc59cce9", - "lib/puppet_x/elastic/plugin_parsing.rb": "a05b54b6741911ab229b4018d57a29d8", - "manifests/config.pp": "4665e7e5f1c38ecc530de71ee9327258", - "manifests/index.pp": "f160e51ed4aa56085fcf117b67cbcbac", - "manifests/init.pp": "86908d9fce0e1637242a6c651cc45dc5", - "manifests/instance.pp": "090f33509d25d991e098c99dec6ac09d", - "manifests/license.pp": "00e6093ec5f6fab3420f174389b2e780", - "manifests/package.pp": "d46a892afefa4e12025574c2c8db307d", - "manifests/pipeline.pp": "bb8b4bc0545f9fc26ece8954fc5a59f9", - "manifests/plugin.pp": "099c5ab1f79771faa6a2f30722018433", - "manifests/role.pp": "96251e74db68c79fa6dea9bc08d23e8d", - "manifests/script.pp": "2bf4770debabd91d5f317fccbc7ee240", - "manifests/service/init.pp": "107d50e8763534ae793cd541619fcfaa", - "manifests/service/openbsd.pp": "02f40db34b1e36100f4dd63aa83bb986", - "manifests/service/openrc.pp": "d6af0dc7a28ba051110503d73300e03e", - "manifests/service/systemd.pp": "40fe7e433dd3c4b0853f9ed244b505bd", - "manifests/service.pp": "bbe277048d0a1d0680353c44fb0f666c", - "manifests/snapshot_repository.pp": "38be54f6efb666486eec851cb0608244", - "manifests/template.pp": "1e7d7f2e2a267770c7e7fa74129d5db8", - "manifests/user.pp": "1590b4a2e09bef01cdf6f958b04021e3", - "metadata.json": "83f8382930b3b34be52a9297a6700488", - "templates/etc/elasticsearch/elasticsearch.yml.erb": "bf9f121f67948daa0910f0a1bb3308a0", - "templates/etc/elasticsearch/jvm.options.erb": "328744eec84a7ebc4ce3f5eeac2bed02", - "templates/etc/elasticsearch/log4j2.properties.erb": "19b082cd2992e634a9bbe86ac9095474", - "templates/etc/elasticsearch/logging.yml.erb": "899045bed82cefc0d4913743d62c7c08", - "templates/etc/sysconfig/defaults.erb": "82cba83107b1b172704283d6fbc17cf5", - "templates/usr/lib/tmpfiles.d/elasticsearch.conf.erb": "c1f7ed94a017e6b919504c904be7d259", - "types/multipath.pp": "9c6ddb33dac43a401925184ad8110a53", - "types/status.pp": "4a1dd3a554d657042ab79ca70b88d2af" -} \ No newline at end of file diff --git a/modules/utilities/unix/logging/elasticsearch/data/common.yaml b/modules/utilities/unix/logging/elasticsearch/data/common.yaml deleted file mode 100644 index 518ebfcf5..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/common.yaml +++ /dev/null @@ -1,66 +0,0 @@ ---- -elasticsearch::ensure: present -elasticsearch::api_basic_auth_password: ~ -elasticsearch::api_basic_auth_username: ~ -elasticsearch::api_ca_file: ~ -elasticsearch::api_ca_path: ~ -elasticsearch::api_host: localhost -elasticsearch::api_port: 9200 -elasticsearch::api_protocol: http -elasticsearch::api_timeout: 10 -elasticsearch::autoupgrade: false -elasticsearch::config: {} -elasticsearch::configdir: /etc/elasticsearch -elasticsearch::daily_rolling_date_pattern: | - "'.'yyyy-MM-dd" -elasticsearch::datadir_instance_directories: true -elasticsearch::default_logging_level: 'INFO' -elasticsearch::defaults_location: ~ -elasticsearch::download_tool: ~ -elasticsearch::download_tool_insecure: ~ -elasticsearch::download_tool_verify_certificates: true -elasticsearch::file_rolling_type: dailyRollingFile -elasticsearch::indices: {} -elasticsearch::init_defaults: {} -elasticsearch::init_defaults_file: ~ -elasticsearch::init_template: "%{module_name}/etc/init.d/elasticsearch.systemd.erb" -elasticsearch::instances: {} -elasticsearch::jvm_options: [] -elasticsearch::license: ~ -elasticsearch::logdir: /var/log/elasticsearch -elasticsearch::logging_config: {} -elasticsearch::logging_file: ~ -elasticsearch::logging_template: ~ -elasticsearch::manage_repo: true -elasticsearch::oss: false -elasticsearch::package_dl_timeout: 600 -elasticsearch::package_name: elasticsearch -elasticsearch::package_provider: package -elasticsearch::package_url: ~ -elasticsearch::pid_dir: /var/run/elasticsearch -elasticsearch::pipelines: {} -elasticsearch::plugindir: "%{hiera('elasticsearch::homedir')}/plugins" -elasticsearch::plugins: {} -elasticsearch::proxy_url: ~ -elasticsearch::purge_configdir: false -elasticsearch::purge_package_dir: false -elasticsearch::purge_secrets: false -elasticsearch::repo_stage: false -elasticsearch::restart_on_change: false -elasticsearch::roles: {} -elasticsearch::rolling_file_max_backup_index: 1 -elasticsearch::rolling_file_max_file_size: 10MB -elasticsearch::scripts: {} -elasticsearch::secrets: ~ -elasticsearch::security_logging_content: ~ -elasticsearch::security_logging_source: ~ -elasticsearch::security_plugin: ~ -elasticsearch::service_provider: systemd -elasticsearch::snapshot_repositories: {} -elasticsearch::status: enabled -elasticsearch::system_key: ~ -elasticsearch::systemd_service_path: /lib/systemd/system -elasticsearch::templates: {} -elasticsearch::users: {} -elasticsearch::validate_tls: true -elasticsearch::version: false diff --git a/modules/utilities/unix/logging/elasticsearch/data/distro/Amazon.yaml b/modules/utilities/unix/logging/elasticsearch/data/distro/Amazon.yaml deleted file mode 100644 index e4cc53a3a..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/distro/Amazon.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -elasticsearch::init_template: "%{module_name}/etc/init.d/elasticsearch.RedHat.erb" -elasticsearch::service_provider: init diff --git a/modules/utilities/unix/logging/elasticsearch/data/distro/Amazon/2.yaml b/modules/utilities/unix/logging/elasticsearch/data/distro/Amazon/2.yaml deleted file mode 100644 index b6c642c97..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/distro/Amazon/2.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -elasticsearch::init_template: "%{module_name}/etc/init.d/elasticsearch.systemd.erb" -elasticsearch::service_provider: systemd diff --git a/modules/utilities/unix/logging/elasticsearch/data/distro/Debian/7.yaml b/modules/utilities/unix/logging/elasticsearch/data/distro/Debian/7.yaml deleted file mode 100644 index e1a576cca..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/distro/Debian/7.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -elasticsearch::init_template: "%{module_name}/etc/init.d/elasticsearch.Debian.erb" -elasticsearch::pid_dir: ~ -elasticsearch::service_provider: init diff --git a/modules/utilities/unix/logging/elasticsearch/data/distro/Ubuntu/12.04.yaml b/modules/utilities/unix/logging/elasticsearch/data/distro/Ubuntu/12.04.yaml deleted file mode 100644 index e1a576cca..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/distro/Ubuntu/12.04.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -elasticsearch::init_template: "%{module_name}/etc/init.d/elasticsearch.Debian.erb" -elasticsearch::pid_dir: ~ -elasticsearch::service_provider: init diff --git a/modules/utilities/unix/logging/elasticsearch/data/distro/Ubuntu/14.04.yaml b/modules/utilities/unix/logging/elasticsearch/data/distro/Ubuntu/14.04.yaml deleted file mode 100644 index e1a576cca..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/distro/Ubuntu/14.04.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -elasticsearch::init_template: "%{module_name}/etc/init.d/elasticsearch.Debian.erb" -elasticsearch::pid_dir: ~ -elasticsearch::service_provider: init diff --git a/modules/utilities/unix/logging/elasticsearch/data/kernel/Darwin.yaml b/modules/utilities/unix/logging/elasticsearch/data/kernel/Darwin.yaml deleted file mode 100644 index 59d4a3b74..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/kernel/Darwin.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -elasticsearch::download_tool: curl -o -elasticsearch::download_tool_insecure: curl --insecure -o -elasticsearch::elasticsearch_user: elasticsearch -elasticsearch::elasticsearch_group: elasticsearch diff --git a/modules/utilities/unix/logging/elasticsearch/data/kernel/Linux.yaml b/modules/utilities/unix/logging/elasticsearch/data/kernel/Linux.yaml deleted file mode 100644 index eed184d5a..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/kernel/Linux.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -elasticsearch::datadir: /var/lib/elasticsearch -elasticsearch::download_tool: wget -O -elasticsearch::download_tool_insecure: wget --no-check-certificate -O -elasticsearch::elasticsearch_user: elasticsearch -elasticsearch::elasticsearch_group: elasticsearch -elasticsearch::homedir: /usr/share/elasticsearch -elasticsearch::package_dir: /opt/elasticsearch/swdl diff --git a/modules/utilities/unix/logging/elasticsearch/data/kernel/OpenBSD.yaml b/modules/utilities/unix/logging/elasticsearch/data/kernel/OpenBSD.yaml deleted file mode 100644 index a0df29523..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/kernel/OpenBSD.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -elasticsearch::datadir: /var/elasticsearch/data -elasticsearch::download_tool: 'ftp -o' -elasticsearch::elasticsearch_user: _elasticsearch -elasticsearch::elasticsearch_group: _elasticsearch -elasticsearch::homedir: /usr/local/elasticsearch -elasticsearch::init_template: "%{module_name}/etc/init.d/elasticsearch.OpenBSD.erb" -elasticsearch::package_dir: /var/cache/elasticsearch -elasticsearch::service_provider: openbsd -elasticsearch::manage_repo: false diff --git a/modules/utilities/unix/logging/elasticsearch/data/os/Debian.yaml b/modules/utilities/unix/logging/elasticsearch/data/os/Debian.yaml deleted file mode 100644 index 7c157d994..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/os/Debian.yaml +++ /dev/null @@ -1,2 +0,0 @@ ---- -elasticsearch::defaults_location: /etc/default diff --git a/modules/utilities/unix/logging/elasticsearch/data/os/Gentoo.yaml b/modules/utilities/unix/logging/elasticsearch/data/os/Gentoo.yaml deleted file mode 100644 index ac36c2a09..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/os/Gentoo.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -elasticsearch::defaults_location: /etc/conf.d -elasticsearch::init_template: "%{module_name}/etc/init.d/elasticsearch.openrc.erb" -elasticsearch::package_name: app-misc/elasticsearch -elasticsearch::pid_dir: /run/elasticsearch -elasticsearch::service_provider: openrc diff --git a/modules/utilities/unix/logging/elasticsearch/data/os/RedHat.yaml b/modules/utilities/unix/logging/elasticsearch/data/os/RedHat.yaml deleted file mode 100644 index d6595d798..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/os/RedHat.yaml +++ /dev/null @@ -1,2 +0,0 @@ ---- -elasticsearch::defaults_location: /etc/sysconfig diff --git a/modules/utilities/unix/logging/elasticsearch/data/os/RedHat/5.yaml b/modules/utilities/unix/logging/elasticsearch/data/os/RedHat/5.yaml deleted file mode 100644 index e4cc53a3a..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/os/RedHat/5.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -elasticsearch::init_template: "%{module_name}/etc/init.d/elasticsearch.RedHat.erb" -elasticsearch::service_provider: init diff --git a/modules/utilities/unix/logging/elasticsearch/data/os/RedHat/6.yaml b/modules/utilities/unix/logging/elasticsearch/data/os/RedHat/6.yaml deleted file mode 100644 index e4cc53a3a..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/os/RedHat/6.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -elasticsearch::init_template: "%{module_name}/etc/init.d/elasticsearch.RedHat.erb" -elasticsearch::service_provider: init diff --git a/modules/utilities/unix/logging/elasticsearch/data/os/Suse.yaml b/modules/utilities/unix/logging/elasticsearch/data/os/Suse.yaml deleted file mode 100644 index 4d6c6fa31..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/os/Suse.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -elasticsearch::defaults_location: /etc/sysconfig -elasticsearch::systemd_service_path: /usr/lib/systemd/system diff --git a/modules/utilities/unix/logging/elasticsearch/data/os/Suse/11.yaml b/modules/utilities/unix/logging/elasticsearch/data/os/Suse/11.yaml deleted file mode 100644 index a89e75324..000000000 --- a/modules/utilities/unix/logging/elasticsearch/data/os/Suse/11.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -elasticsearch::init_template: "%{module_name}/etc/init.d/elasticsearch.SLES.erb" -elasticsearch::pid_dir: ~ -elasticsearch::service_provider: init diff --git a/modules/utilities/unix/logging/elasticsearch/elasticsearch.pp b/modules/utilities/unix/logging/elasticsearch/elasticsearch.pp deleted file mode 100644 index 482ffa5d2..000000000 --- a/modules/utilities/unix/logging/elasticsearch/elasticsearch.pp +++ /dev/null @@ -1,18 +0,0 @@ -$secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) -$elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0] -$elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0] - -include ::java - -class { 'elasticsearch': - api_host => $elasticsearch_ip, - api_port => $elasticsearch_port, -} - -elasticsearch::instance { 'es-01': - config => { - 'network.host' => $elasticsearch_ip, - 'http.port' => $elasticsearch_port, - }, -} - diff --git a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.Debian.erb b/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.Debian.erb deleted file mode 100644 index 6dd1914d2..000000000 --- a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.Debian.erb +++ /dev/null @@ -1,207 +0,0 @@ -#!/bin/bash -# -# /etc/init.d/elasticsearch-<%= @resource[:instance] %> -- startup script for Elasticsearch -# -### BEGIN INIT INFO -# Provides: elasticsearch-<%= @resource[:instance] %> -# Required-Start: $network $remote_fs $named -# Required-Stop: $network $remote_fs $named -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Starts elasticsearch-<%= @resource[:instance] %> -# Description: Starts elasticsearch-<%= @resource[:instance] %> using start-stop-daemon -### END INIT INFO - -PATH=/bin:/usr/bin:/sbin:/usr/sbin -NAME=elasticsearch-<%= @resource[:instance] %> -DESC="Elasticsearch Server <%= @resource[:instance] %>" -DEFAULT=/etc/default/$NAME - -if [ `id -u` -ne 0 ]; then - echo "You need root privileges to run this script" - exit 1 -fi - - -. /lib/lsb/init-functions - -if [ -r /etc/default/rcS ]; then - . /etc/default/rcS -fi - - -# The following variables can be overwritten in $DEFAULT - -# Run Elasticsearch as this user ID and group ID -ES_USER=elasticsearch -ES_GROUP=elasticsearch - -# The first existing directory is used for JAVA_HOME (if JAVA_HOME is not defined in $DEFAULT) -JDK_DIRS="/usr/lib/jvm/java-8-oracle /usr/lib/jvm/java-8-openjdk /usr/lib/jvm/java-8-openjdk-amd64/ /usr/lib/jvm/java-8-openjdk-armhf /usr/lib/jvm/java-8-openjdk-i386/ /usr/lib/jvm/java-7-oracle /usr/lib/jvm/java-7-openjdk /usr/lib/jvm/java-7-openjdk-amd64/ /usr/lib/jvm/java-7-openjdk-armhf /usr/lib/jvm/java-7-openjdk-i386/ /usr/lib/jvm/java-6-sun /usr/lib/jvm/java-6-openjdk /usr/lib/jvm/java-6-openjdk-amd64 /usr/lib/jvm/java-6-openjdk-armhf /usr/lib/jvm/java-6-openjdk-i386 /usr/lib/jvm/default-java" - - -# Look for the right JVM to use -for jdir in $JDK_DIRS; do - if [ -r "$jdir/bin/java" -a -z "${JAVA_HOME}" ]; then - JAVA_HOME="$jdir" - fi -done -export JAVA_HOME - -# Directory where the Elasticsearch binary distribution resides -#ES_HOME=/usr/share/$NAME - -# Additional Java OPTS -#ES_JAVA_OPTS= - -# Maximum number of open files -MAX_OPEN_FILES=65536 - -# Maximum amount of locked memory -#MAX_LOCKED_MEMORY= - -# Elasticsearch log directory -#LOG_DIR=/var/log/$NAME - -# Elasticsearch data directory -#DATA_DIR=/var/lib/$NAME - -# Elasticsearch work directory -WORK_DIR=/tmp/$NAME - -# Elasticsearch configuration directory -#CONF_DIR=/etc/$NAME - -# Maximum number of VMA (Virtual Memory Areas) a process can own -MAX_MAP_COUNT=262144 - -# End of variables that can be overwritten in $DEFAULT - -# overwrite settings from default file -if [ -f "$DEFAULT" ]; then - . "$DEFAULT" -fi - -# Define other required variables -PID_FILE=/var/run/$NAME.pid -DAEMON=$ES_HOME/bin/elasticsearch -DAEMON_OPTS="-d -p $PID_FILE <%= opt_flags.join(' ') %>" - -export ES_HEAP_SIZE -export ES_HEAP_NEWSIZE -export ES_DIRECT_SIZE -export ES_JAVA_OPTS -export ES_JVM_OPTIONS -export ES_CLASSPATH -export ES_INCLUDE -export ES_PATH_CONF -export ES_GC_LOG_FILE - -if [ ! -x "$DAEMON" ]; then - echo "The elasticsearch startup script does not exists or it is not executable, tried: $DAEMON" - exit 1 -fi - -checkJava() { - if [ -x "$JAVA_HOME/bin/java" ]; then - JAVA="$JAVA_HOME/bin/java" - else - JAVA=`which java` - fi - - if [ ! -x "$JAVA" ]; then - echo "Could not find any executable java binary. Please install java in your PATH or set JAVA_HOME" - exit 1 - fi -} - -case "$1" in - start) - checkJava - - log_daemon_msg "Starting $DESC" - - pid=`pidofproc -p $PID_FILE elasticsearch` - if [ -n "$pid" ] ; then - log_begin_msg "Already running." - log_end_msg 0 - exit 0 - fi - - # Prepare environment - for DIR in "$DATA_DIR" "$LOG_DIR" "$WORK_DIR"; do - [ ! -z "$DIR" ] && mkdir -p "$DIR" && chown "$ES_USER":"$ES_GROUP" "$DIR" - done - if [ -n "$PID_FILE" ] && [ ! -e "$PID_FILE" ]; then - touch "$PID_FILE" && chown "$ES_USER":"$ES_GROUP" "$PID_FILE" - fi - - if [ -n "$MAX_OPEN_FILES" ]; then - ulimit -n $MAX_OPEN_FILES - fi - - if [ -n "$MAX_LOCKED_MEMORY" ]; then - ulimit -l $MAX_LOCKED_MEMORY - fi - - if [ -n "$MAX_MAP_COUNT" -a -f /proc/sys/vm/max_map_count ]; then - sysctl -q -w vm.max_map_count=$MAX_MAP_COUNT - fi - - # Start Daemon - start-stop-daemon -d $ES_HOME --start --user "$ES_USER" -c "$ES_USER" --pidfile "$PID_FILE" --exec $DAEMON -- $DAEMON_OPTS - return=$? - if [ $return -eq 0 ]; then - i=0 - timeout=10 - # Wait for the process to be properly started before exiting - until { kill -0 `cat "$PID_FILE"`; } >/dev/null 2>&1 - do - sleep 1 - i=$(($i + 1)) - if [ $i -gt $timeout ]; then - log_end_msg 1 - exit 1 - fi - done - fi - log_end_msg $return - exit $return - ;; - stop) - log_daemon_msg "Stopping $DESC" - - if [ -f "$PID_FILE" ]; then - start-stop-daemon --stop --pidfile "$PID_FILE" \ - --user "$ES_USER" \ - --quiet \ - --retry forever/TERM/20 > /dev/null - if [ $? -eq 1 ]; then - log_progress_msg "$DESC is not running but pid file exists, cleaning up" - elif [ $? -eq 3 ]; then - PID="`cat $PID_FILE`" - log_failure_msg "Failed to stop $DESC (pid $PID)" - exit 1 - fi - rm -f "$PID_FILE" - else - log_progress_msg "(not running)" - fi - log_end_msg 0 - ;; - status) - status_of_proc -p $PID_FILE elasticsearch elasticsearch && exit 0 || exit $? - ;; - restart|force-reload) - if [ -f "$PID_FILE" ]; then - $0 stop - fi - $0 start - ;; - *) - log_success_msg "Usage: $0 {start|stop|restart|force-reload|status}" - exit 1 - ;; -esac - -exit 0 diff --git a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.OpenBSD.erb b/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.OpenBSD.erb deleted file mode 100644 index 886e503da..000000000 --- a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.OpenBSD.erb +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -# -# This file is managed via PUPPET - -daemon="/usr/local/elasticsearch/bin/elasticsearch" -daemon_flags="-d -<%= opt_flag %>default.path.conf=/etc/elasticsearch/<%= @resource[:instance] %> -p <%= @resource[:pid_dir] %>/elasticsearch-<%= @resource[:instance] %>.pid" -daemon_user="_elasticsearch" - -. /etc/rc.d/rc.subr - -pexp="$(/usr/local/bin/javaPathHelper -c elasticsearch) .*org.elasticsearch.bootstrap.Elasticsearch.*" - -rc_reload=NO - -rc_start() { - ${rcexec} \ - "ES_INCLUDE=\"/etc/elasticsearch/elasticsearch.in.sh\" \ - "ES_JVM_OPTIONS=\"/etc/elasticsearch/<%= @resource[:instance] %>/jvm.options\"" \ - JAVA_HOME=\"$(/usr/local/bin/javaPathHelper -h elasticsearch)\" \ - ${daemon} ${daemon_flags}" -} - -rc_pre() { - install -d -o _elasticsearch <%= @resource[:pid_dir] %> -} - -rc_cmd $1 diff --git a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.RedHat.erb b/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.RedHat.erb deleted file mode 100644 index 669617edc..000000000 --- a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.RedHat.erb +++ /dev/null @@ -1,183 +0,0 @@ -#!/bin/bash -# -# elasticsearch<%= @resource[:instance] %> -# -# chkconfig: 2345 80 20 -# description: Starts and stops a single elasticsearch instance on this system -# - -### BEGIN INIT INFO -# Provides: Elasticsearch-<%= @resource[:instance] %> -# Required-Start: $network $named -# Required-Stop: $network $named -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: This service manages the elasticsearch daemon -# Description: Elasticsearch is a very scalable, schema-free and high-performance search solution supporting multi-tenancy and near realtime search. -### END INIT INFO - -# -# init.d / servicectl compatibility (openSUSE) -# -if [ -f /etc/rc.status ]; then - . /etc/rc.status - rc_reset -fi - -# -# Source function library. -# -if [ -f /etc/rc.d/init.d/functions ]; then - . /etc/rc.d/init.d/functions -fi - -# Sets the default values for elasticsearch variables used in this script -ES_USER="elasticsearch" -ES_GROUP="elasticsearch" -ES_HOME="/usr/share/elasticsearch" -MAX_OPEN_FILES=65536 -MAX_MAP_COUNT=262144 - -PID_DIR="/var/run/elasticsearch" - -exec="$ES_HOME/bin/elasticsearch" -prog="elasticsearch-<%= @resource[:instance] %>" -pidfile="$PID_DIR/${prog}.pid" - -[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog - -export ES_HEAP_SIZE -export ES_HEAP_NEWSIZE -export ES_DIRECT_SIZE -export ES_JAVA_OPTS -export ES_JVM_OPTIONS -export JAVA_HOME -export ES_INCLUDE -export ES_PATH_CONF - -lockfile=/var/lock/subsys/$prog - -# backwards compatibility for old config sysconfig files, pre 0.90.1 -if [ -n $USER ] && [ -z $ES_USER ] ; then - ES_USER=$USER -fi - -if [ ! -x "$exec" ]; then - echo "The elasticsearch startup script does not exists or it is not executable, tried: $exec" - exit 1 -fi - -checkJava() { - if [ -x "$JAVA_HOME/bin/java" ]; then - JAVA="$JAVA_HOME/bin/java" - else - JAVA=`which java` - fi - - if [ ! -x "$JAVA" ]; then - echo "Could not find any executable java binary. Please install java in your PATH or set JAVA_HOME" - exit 1 - fi -} - -start() { - checkJava - [ -x $exec ] || exit 5 - [ -f $CONF_FILE ] || exit 6 - if [ -n "$MAX_OPEN_FILES" ]; then - ulimit -n $MAX_OPEN_FILES - fi - if [ -n "$MAX_LOCKED_MEMORY" ]; then - ulimit -l $MAX_LOCKED_MEMORY - fi - if [ -n "$MAX_MAP_COUNT" -a -f /proc/sys/vm/max_map_count ]; then - sysctl -q -w vm.max_map_count=$MAX_MAP_COUNT - fi - - # Ensure that the PID_DIR exists (it is cleaned at OS startup time) - if [ -n "$PID_DIR" ] && [ ! -e "$PID_DIR" ]; then - mkdir -p "$PID_DIR" && chown "$ES_USER":"$ES_GROUP" "$PID_DIR" - fi - if [ -n "$pidfile" ] && [ ! -e "$pidfile" ]; then - touch "$pidfile" && chown "$ES_USER":"$ES_GROUP" "$pidfile" - fi - - if [ -n "$WORK_DIR" ]; then - mkdir -p "$WORK_DIR" - chown "$ES_USER":"$ES_GROUP" "$WORK_DIR" - fi - - cd $ES_HOME - echo -n $"Starting $prog: " - # if not running, start it up here, usually something like "daemon $exec" - daemon --user $ES_USER --pidfile $pidfile $exec -p $pidfile -d <%= opt_flags.join(' ') %> - retval=$? - echo - [ $retval -eq 0 ] && touch $lockfile - return $retval -} - -stop() { - echo -n $"Stopping $prog: " - # stop it here, often "killproc $prog" - killproc -p $pidfile -d 20 $prog - retval=$? - echo - [ $retval -eq 0 ] && rm -f $lockfile - return $retval -} - -restart() { - stop - start -} - -reload() { - restart -} - -force_reload() { - restart -} - -rh_status() { - # run checks to determine if the service is running or use generic status - status -p $pidfile $prog -} - -rh_status_q() { - rh_status >/dev/null 2>&1 -} - - -case "$1" in - start) - rh_status_q && exit 0 - $1 - ;; - stop) - rh_status_q || exit 0 - $1 - ;; - restart) - $1 - ;; - reload) - rh_status_q || exit 7 - $1 - ;; - force-reload) - force_reload - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" - exit 2 -esac -exit $? diff --git a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.SLES.erb b/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.SLES.erb deleted file mode 100755 index f5ac4a102..000000000 --- a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.SLES.erb +++ /dev/null @@ -1,148 +0,0 @@ -#!/bin/sh -# -# elasticsearch <%= @resource[:instance] %> -# -# chkconfig: 2345 80 20 -# description: Starts and stops a single elasticsearch instance on this system -# - -### BEGIN INIT INFO -# Provides: Elasticsearch-<%= @resource[:instance] %> -# Required-Start: $network $named -# Required-Stop: $network $named -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: This service manages the elasticsearch daemon -# Description: Elasticsearch is a very scalable, schema-free and high-performance search solution supporting multi-tenancy and near realtime search. -### END INIT INFO - -# -# init.d / servicectl compatibility (openSUSE) -# -if [ -f /etc/rc.status ]; then - . /etc/rc.status - rc_reset -fi - -# -# Source function library. -# -if [ -f /etc/rc.d/init.d/functions ]; then - . /etc/rc.d/init.d/functions -fi - -EXE="/usr/share/elasticsearch/bin/elasticsearch" -prog="elasticsearch-<%= @resource[:instance] %>" -pidfile=/var/run/elasticsearch/${prog}.pid - -export JAVA_HOME=/usr/java/latest -JAVAPROG=${JAVA_HOME}/bin/java -MAX_MAP_COUNT=262144 - -[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog - -export ES_HEAP_SIZE -export ES_HEAP_NEWSIZE -export ES_DIRECT_SIZE -export ES_JAVA_OPTS -export ES_JVM_OPTIONS - -lockfile=/var/lock/subsys/$prog - -# backwards compatibility for old config sysconfig files, pre 0.90.1 -if [ -n $USER ] && [ -z $ES_USER ] ; then - ES_USER=$USER -fi - -checkJava() { - if [ -x "$JAVA_HOME/bin/java" ]; then - JAVA="$JAVA_HOME/bin/java" - else - JAVA=`which java` - fi - - if [ ! -x "$JAVA" ]; then - echo "Could not find any executable java binary. Please install java in your PATH or set JAVA_HOME" - exit 1 - fi -} - -start() { - checkJava - [ -x $EXE ] || exit 5 - [ -f $CONF_FILE ] || exit 6 - if [ -n "$MAX_OPEN_FILES" ]; then - ulimit -n $MAX_OPEN_FILES - fi - if [ -n "$MAX_LOCKED_MEMORY" ]; then - ulimit -l $MAX_LOCKED_MEMORY - fi - if [ -n "$MAX_MAP_COUNT" -a -f /proc/sys/vm/max_map_count ]; then - sysctl -q -w vm.max_map_count=$MAX_MAP_COUNT - fi - - if [ -n "$WORK_DIR" ]; then - mkdir -p "$WORK_DIR" - chown "$ES_USER":"$ES_GROUP" "$WORK_DIR" - fi - echo -n $"Starting $prog: " - # if not running, start it up here, usually something like "daemon $EXE" - startproc -u $ES_USER $EXE -d -p $pidfile <%= opt_flags.join(' ') %> & - retval=$? - if [ $retval -eq 0 ]; then - touch $lockfile - fi - rc_status -v - return $retval -} - -stop() { - echo -n $"Stopping $prog: " - #ps ax|grep $JAVA|grep `cat $pidfile` - killproc -p $pidfile $JAVAPROG - retval=$? - - if [ $retval -eq 0 ]; then - rm -f $lockfile - fi - rc_status -v - return $retval -} - -restart() { - stop - start -} - -reload() { - restart -} - -status() { - # run checks to determine if the service is running or use generic status - echo "Checking processes for elasticsearch" - checkproc -p $pidfile $JAVAPROG - rc_status -v -} - -case "$1" in - start) - start - ;; - stop) - stop - ;; - restart) - restart - ;; - reload) - reload - ;; - status) - status - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|reload}" - exit 2 -esac -exit $? diff --git a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.openrc.erb b/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.openrc.erb deleted file mode 100644 index 04f442eb2..000000000 --- a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.openrc.erb +++ /dev/null @@ -1,90 +0,0 @@ -#!/sbin/runscript - -name="Elasticsearch" -description="" - -ES_USER=${ES_USER:="elasticsearch"} -ES_INSTANCE=${SVCNAME#*.} - -if [ -n "${ES_INSTANCE}" ] && [ ${SVCNAME} != "elasticsearch" ]; then - PIDFILE="/run/elasticsearch/elasticsearch.${ES_INSTANCE}.pid" - ES_HOME="/var/lib/elasticsearch/${ES_INSTANCE}" - CONF_DIR="/etc/elasticsearch/${ES_INSTANCE}" - LOG_DIR="/var/log/elasticsearch/${ES_INSTANCE}" -else - PIDFILE="/run/elasticsearch/elasticsearch.pid" - ES_HOME="/var/lib/elasticsearch/_default" - CONF_DIR="/etc/elasticsearch" - LOG_DIR="/var/log/elasticsearch/_default" -fi - -DATA_DIR="${ES_HOME}/data" -WORK_DIR="${ES_HOME}/work" -MAX_MAP_COUNT=262144 - -export ES_INCLUDE="/usr/share/elasticsearch/bin/elasticsearch.in.sh" -export JAVA_OPTS -export ES_JAVA_OPTS -export ES_JVM_OPTIONS -export ES_HEAP_SIZE -export ES_HEAP_NEWSIZE -export ES_DIRECT_SIZE -export ES_USE_IPV4 - -server_command="/usr/share/elasticsearch/bin/elasticsearch" -server_args=" -p ${PIDFILE} <%= opt_flags.join(' ') %>" - -depend() { - use net -} - -start() { - [ ! -f "${ES_INCLUDE}" ] && { - eerror "${ES_INCLUDE} must be copied into place" - return 1 - } - - local conf - local conf_file - for conf in elasticsearch.yml logging.yml; do - conf_file="${CONF_DIR}/${conf}" - if [ ! -f "${conf_file}" ]; then - eerror "${conf_file} must be copied into place" - return 1 - fi - done - - ebegin "Starting ${SVCNAME}" - - if [ -n "${ES_MAX_FD}" ]; then - ulimit -n ${ES_MAX_FD} - einfo "Max open filedescriptors : ${ES_MAX_FD}" - fi - - if [ -n "${MAX_MAP_COUNT}" -a -f /proc/sys/vm/max_map_count ]; then - sysctl -q -w vm.max_map_count=$MAX_MAP_COUNT - fi - - checkpath -d -o "${ES_USER}" -m750 "/var/lib/elasticsearch" - checkpath -d -o "${ES_USER}" -m750 "/var/log/elasticsearch" - checkpath -d -o "${ES_USER}" -m750 "$(dirname "${PIDFILE}")" - checkpath -d -o "${ES_USER}" -m750 "${ES_HOME}" - checkpath -d -o "${ES_USER}" -m750 "${LOG_DIR}" - - start-stop-daemon --start \ - --background \ - --chdir "${ES_HOME}" \ - --user="${ES_USER}" \ - --pidfile="${PIDFILE}" \ - --exec ${server_command} -- ${server_args} - eend $? -} - -stop() { - ebegin "Stopping ${SVCNAME}" - start-stop-daemon --stop \ - --pidfile=${PIDFILE} \ - --user="${ES_USER}" \ - --retry=TERM/20/KILL/5 - eend $? -} diff --git a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.systemd.erb b/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.systemd.erb deleted file mode 100644 index ae6820472..000000000 --- a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.systemd.erb +++ /dev/null @@ -1,60 +0,0 @@ -[Unit] -Description=Elasticsearch instance <%= @resource[:instance] %> -Documentation=http://www.elastic.co -Wants=network-online.target -After=network-online.target - -[Service] -EnvironmentFile=<%= @resource[:defaults_location] %>/elasticsearch-<%= @resource[:instance] %> - -WorkingDirectory=<%= @resource[:homedir] %> - -User=<%= @resource[:user] %> -Group=<%= @resource[:group] %> - -ExecStart=/usr/share/elasticsearch/bin/elasticsearch \ - -p <%= @resource[:pid_dir] %>/elasticsearch-<%= @resource[:instance] %>.pid \ - <%= opt_flags.join(' ') %> - -# StandardOutput is configured to redirect to journalctl since -# some error messages may be logged in standard output before -# elasticsearch logging system is initialized. Elasticsearch -# stores its logs in /var/log/elasticsearch and does not use -# journalctl by default. If you also want to enable journalctl -# logging, you can simply remove the "quiet" option from ExecStart. -StandardOutput=journal -StandardError=inherit - -# Specifies the maximum file descriptor number that can be opened by this process -LimitNOFILE=<%= @resource[:nofile] %> - -# Specifies the maximum number of processes -LimitNPROC=<%= @resource[:nproc] %> - -# Specifies the maximum number of bytes of memory that may be locked into RAM -# Set to "infinity" if you use the 'bootstrap.memory_lock: true' option -# in elasticsearch.yml and 'MAX_LOCKED_MEMORY=unlimited' in ${path.env} -#LimitMEMLOCK=infinity -<% if @resource[:memlock] == 'unlimited' %> -LimitMEMLOCK=infinity -<% elsif @resource[:memlock] %> -LimitMEMLOCK=<%= @resource[:memlock] %> -<% end %> - -# Disable timeout logic and wait until process is stopped -TimeoutStopSec=0 - -# SIGTERM signal is used to stop the Java process -KillSignal=SIGTERM - -# Send the signal only to the JVM rather than its control group -KillMode=process - -# Java process is never killed -SendSIGKILL=no - -# When a JVM receives a SIGTERM signal it exits with code 143 -SuccessExitStatus=143 - -[Install] -WantedBy=multi-user.target diff --git a/modules/utilities/unix/logging/elasticsearch/hiera.yaml b/modules/utilities/unix/logging/elasticsearch/hiera.yaml deleted file mode 100644 index 32f7f368f..000000000 --- a/modules/utilities/unix/logging/elasticsearch/hiera.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -version: 4 -datadir: data -hierarchy: - - name: "Distribution major version" - backend: yaml - path: "distro/%{facts.os.name}/%{facts.os.release.major}" - - - name: "Operating system family major version" - backend: yaml - path: "os/%{facts.os.family}/%{facts.os.release.major}" - - - name: "Distribution name" - backend: yaml - path: "distro/%{facts.os.name}" - - - name: "Operating system family" - backend: yaml - path: "os/%{facts.os.family}" - - - name: "System kernel" - backend: yaml - path: "kernel/%{facts.kernel}" - - - name: "Default values" - backend: yaml - path: "common" diff --git a/modules/utilities/unix/logging/elasticsearch/lib/facter/es_facts.rb b/modules/utilities/unix/logging/elasticsearch/lib/facter/es_facts.rb deleted file mode 100644 index d075e611c..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/facter/es_facts.rb +++ /dev/null @@ -1,122 +0,0 @@ -require 'net/http' -require 'json' -require 'yaml' - -# Helper module to encapsulate custom fact injection -module EsFacts - # Add a fact to the catalog of host facts - def self.add_fact(prefix, key, value) - key = "#{prefix}_#{key}".to_sym - ::Facter.add(key) do - setcode { value } - end - end - - def self.ssl?(config) - tls_keys = [ - 'xpack.security.http.ssl.enabled', - 'shield.http.ssl', - 'searchguard.ssl.http.enabled' - ] - - tls_keys.any? { |key| config.key? key and config[key] == true } - end - - # Helper to determine the instance port number - def self.get_port(config) - enabled = 'http.enabled' - port = 'http.port' - - if not config[enabled].nil? and config[enabled] == 'false' - false - elsif not config[port].nil? - { config[port] => ssl?(config) } - else - { '9200' => ssl?(config) } - end - end - - # Entrypoint for custom fact populator - # - # This is a super old function but works; disable a bunch of checks. - # rubocop:disable Lint/HandleExceptions - # rubocop:disable Metrics/CyclomaticComplexity - # rubocop:disable Metrics/PerceivedComplexity - def self.run - dir_prefix = '/etc/elasticsearch' - # Ports is a hash of port_number => ssl? - ports = {} - - # only when the directory exists we need to process the stuff - return unless File.directory?(dir_prefix) - - Dir.foreach(dir_prefix) do |dir| - next if dir == '.' - - if File.readable?("#{dir_prefix}/#{dir}/elasticsearch.yml") - config_data = YAML.load_file("#{dir_prefix}/#{dir}/elasticsearch.yml") - port = get_port(config_data) - next unless port - ports.merge! port - end - end - - begin - if ports.keys.count > 0 - - add_fact('elasticsearch', 'ports', ports.keys.join(',')) - ports.each_pair do |port, ssl| - next if ssl - - key_prefix = "elasticsearch_#{port}" - - uri = URI("http://localhost:#{port}") - http = Net::HTTP.new(uri.host, uri.port) - http.read_timeout = 10 - http.open_timeout = 2 - response = http.get('/') - json_data = JSON.parse(response.body) - next if json_data['status'] && json_data['status'] != 200 - - add_fact(key_prefix, 'name', json_data['name']) - add_fact(key_prefix, 'version', json_data['version']['number']) - - uri2 = URI("http://localhost:#{port}/_nodes/#{json_data['name']}") - http2 = Net::HTTP.new(uri2.host, uri2.port) - http2.read_timeout = 10 - http2.open_timeout = 2 - response2 = http2.get(uri2.path) - json_data_node = JSON.parse(response2.body) - - add_fact(key_prefix, 'cluster_name', json_data_node['cluster_name']) - node_data = json_data_node['nodes'].first - - add_fact(key_prefix, 'node_id', node_data[0]) - - nodes_data = json_data_node['nodes'][node_data[0]] - - process = nodes_data['process'] - add_fact(key_prefix, 'mlockall', process['mlockall']) - - plugins = nodes_data['plugins'] - - plugin_names = [] - plugins.each do |plugin| - plugin_names << plugin['name'] - - plugin.each do |key, value| - prefix = "#{key_prefix}_plugin_#{plugin['name']}" - add_fact(prefix, key, value) unless key == 'name' - end - end - add_fact(key_prefix, 'plugins', plugin_names.join(',')) - end - end - rescue - end - end - # rubocop:enable Metrics/CyclomaticComplexity - # rubocop:enable Metrics/PerceivedComplexity -end - -EsFacts.run diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/feature/elasticsearch_shield_users_native.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/feature/elasticsearch_shield_users_native.rb deleted file mode 100644 index d79e36409..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/feature/elasticsearch_shield_users_native.rb +++ /dev/null @@ -1,16 +0,0 @@ -require 'puppet/util/feature' -require 'puppet/util/package' - -shield_plugin_dir = '/usr/share/elasticsearch/plugins/shield' - -Puppet.features.add(:elasticsearch_shield_users_native) { - File.exist? shield_plugin_dir and - Dir[shield_plugin_dir + '/*.jar'].map do |file| - File.basename(file, '.jar').split('-') - end.select do |parts| - parts.include? 'shield' - end.any? do |parts| - parts.last =~ /^[\d.]+$/ and - Puppet::Util::Package.versioncmp(parts.last, '2.3') >= 0 - end -} diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/array_suffix.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/array_suffix.rb deleted file mode 100644 index 0e4ce3b71..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/array_suffix.rb +++ /dev/null @@ -1,46 +0,0 @@ -# Top-level Puppet functions -module Puppet::Parser::Functions - newfunction( - :array_suffix, - :type => :rvalue, - :doc => <<-EOS -This function applies a suffix to all elements in an array. - -*Examples:* - - array_suffix(['a','b','c'], 'p') - -Will return: ['ap','bp','cp'] - -@return Array - EOS - ) do |arguments| - # Technically we support two arguments but only first is mandatory ... - raise(Puppet::ParseError, 'array_suffix(): Wrong number of arguments ' \ - "given (#{arguments.size} for 1)") if arguments.empty? - - array = arguments[0] - - unless array.is_a?(Array) - raise Puppet::ParseError, "array_suffix(): expected first argument to be an Array, got #{array.inspect}" - end - - suffix = arguments[1] if arguments[1] - - if suffix - unless suffix.is_a? String - raise Puppet::ParseError, "array_suffix(): expected second argument to be a String, got #{suffix.inspect}" - end - end - - # Turn everything into string same as join would do ... - result = array.collect do |i| - i = i.to_s - suffix ? i + suffix : i - end - - return result - end -end - -# vim: set ts=2 sw=2 et : diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/concat_merge.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/concat_merge.rb deleted file mode 100644 index cddb7e212..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/concat_merge.rb +++ /dev/null @@ -1,50 +0,0 @@ -# Top-level Puppet functions -module Puppet::Parser::Functions - newfunction( - :concat_merge, - :type => :rvalue, - :doc => <<-'ENDHEREDOC') do |args| - Merges two or more hashes together concatenating duplicate keys - with array values and returns the resulting hash. - - For example: - - $hash1 = {'a' => [1]} - $hash2 = {'a' => [2]} - concat_merge($hash1, $hash2) - # The resulting hash is equivalent to: - # { 'a' => [1, 2] } - - When there is a duplicate key that is not an array, the key in - the rightmost hash will "win." - - @return String - ENDHEREDOC - - if args.length < 2 - raise Puppet::ParseError, "concat_merge(): wrong number of arguments (#{args.length}; must be at least 2)" - end - - concat_merge = proc do |hash1, hash2| - hash1.merge(hash2) do |_key, old_value, new_value| - if old_value.is_a?(Array) && new_value.is_a?(Array) - old_value + new_value - else - new_value - end - end - end - - result = {} - args.each do |arg| - next if arg.is_a? String and arg.empty? # empty string is synonym for puppet's undef - # If the argument was not a hash, skip it. - unless arg.is_a?(Hash) - raise Puppet::ParseError, "concat_merge: unexpected argument type #{arg.class}, only expects hash arguments" - end - - result = concat_merge.call(result, arg) - end - result - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/deep_implode.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/deep_implode.rb deleted file mode 100644 index 0cba5d679..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/deep_implode.rb +++ /dev/null @@ -1,46 +0,0 @@ -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..', '..')) - -require 'puppet_x/elastic/deep_implode' - -# Top-level Puppet functions -module Puppet::Parser::Functions - newfunction( - :deep_implode, - :type => :rvalue, - :doc => <<-'ENDHEREDOC') do |args| - Recursively flattens all keys of a hash into a dot-notated - hash, deeply merging duplicate key values by natively combining - them and returns the resulting hash. - - That is confusing, look at the examples for more clarity. - - For example: - - $hash = {'top' => {'sub' => [1]}, 'top.sub' => [2] } - $flattened_hash = deep_implode($hash) - # The resulting hash is equivalent to: - # { 'top.sub' => [1, 2] } - - When the function encounters array or hash values, they are - concatenated or merged, respectively. - When duplace paths for a key are generated, the function will prefer - to retain keys with the longest root key. - - @return Hash - ENDHEREDOC - - if args.length != 1 - raise Puppet::ParseError, "deep_implode(): wrong number of arguments (#{args.length}; must be 1)" - end - - arg = args[0] - - unless arg.is_a? Hash - raise Puppet::ParseError, 'deep_implode: unexpected argument type, only expects hashes' - end - - return {} if arg.empty? - - Puppet_X::Elastic.deep_implode arg - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/es_plugin_name.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/es_plugin_name.rb deleted file mode 100644 index 680b943f8..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/es_plugin_name.rb +++ /dev/null @@ -1,42 +0,0 @@ -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..', '..')) - -require 'puppet_x/elastic/plugin_parsing' - -# Top-level Puppet functions -module Puppet::Parser::Functions - newfunction( - :es_plugin_name, - :type => :rvalue, - :doc => <<-'ENDHEREDOC') do |args| - Given a string, return the best guess at what the directory name - will be for the given plugin. Any arguments past the first will - be fallbacks (using the same logic) should the first fail. - - For example, all the following return values are "plug": - - es_plugin_name('plug') - es_plugin_name('foo/plug') - es_plugin_name('foo/plug/1.0.0') - es_plugin_name('foo/elasticsearch-plug') - es_plugin_name('foo/es-plug/1.3.2') - - @return String - ENDHEREDOC - - if args.empty? - raise Puppet::ParseError, - 'wrong number of arguments, at least one value required' - end - - ret = args.select do |arg| - arg.is_a? String and not arg.empty? - end.first - - if ret - Puppet_X::Elastic.plugin_name ret - else - raise Puppet::Error, - 'could not determine plugin name' - end - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/plugin_dir.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/plugin_dir.rb deleted file mode 100644 index aee8174ea..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/plugin_dir.rb +++ /dev/null @@ -1,43 +0,0 @@ -# Top-level Puppet functions -module Puppet::Parser::Functions - newfunction( - :plugin_dir, - :type => :rvalue, - :doc => <<-EOS - Extracts the end plugin directory of the name - - @return String - EOS - ) do |arguments| - if arguments.empty? - raise(Puppet::ParseError, 'plugin_dir(): No arguments given') - elsif arguments.size > 2 - raise(Puppet::ParseError, "plugin_dir(): Too many arguments given (#{arguments.size})") - else - - unless arguments[0].is_a?(String) - raise(Puppet::ParseError, 'plugin_dir(): Requires string as first argument') - end - - plugin_name = arguments[0] - items = plugin_name.split('/') - - return items[0] if items.count == 1 - - plugin = items[1] - endname = if plugin.include?('-') # example elasticsearch-head - if plugin.start_with?('elasticsearch-') - plugin.gsub('elasticsearch-', '') - elsif plugin.start_with?('es-') - plugin.gsub('es-', '') - else - plugin - end - else - plugin - end - - return endname - end - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_parsedfile.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_parsedfile.rb deleted file mode 100644 index e4f73344d..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_parsedfile.rb +++ /dev/null @@ -1,26 +0,0 @@ -require 'puppet/provider/parsedfile' - -# Parent class for Elasticsearch-based providers that need to access -# specific configuration directories. -class Puppet::Provider::ElasticParsedFile < Puppet::Provider::ParsedFile - # Find/set a shield configuration file. - # - # @return String - def self.shield_config(val) - @default_target ||= "/etc/elasticsearch/shield/#{val}" - end - - # Find/set an x-pack configuration file. - # - # @return String - def self.xpack_config(val) - @default_target ||= "/etc/elasticsearch/x-pack/#{val}" - end - - # Find/set an oss x-pack configuration file. - # - # @return String - def self.oss_xpack_config(val) - @default_target ||= "/etc/elasticsearch/#{val}" - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_plugin.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_plugin.rb deleted file mode 100644 index 07fa44e12..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_plugin.rb +++ /dev/null @@ -1,208 +0,0 @@ -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..')) - -require 'uri' -require 'puppet_x/elastic/es_versioning' -require 'puppet_x/elastic/plugin_parsing' - -# Generalized parent class for providers that behave like Elasticsearch's plugin -# command line tool. -# rubocop:disable Metrics/ClassLength -class Puppet::Provider::ElasticPlugin < Puppet::Provider - # Elasticsearch's home directory. - # - # @return String - def homedir - case Facter.value('osfamily') - when 'OpenBSD' - '/usr/local/elasticsearch' - else - '/usr/share/elasticsearch' - end - end - - def exists? - # First, attempt to list whether the named plugin exists by finding a - # plugin descriptor file, which each plugin should have. We must wildcard - # the name to match meta plugins, see upstream issue for this change: - # https://github.com/elastic/elasticsearch/pull/28022 - properties_files = Dir[File.join(@resource[:plugin_dir], plugin_path, '**', '*plugin-descriptor.properties')] - return false if properties_files.empty? - - begin - # Use the basic name format that the plugin tool supports in order to - # determine the version from the resource name. - plugin_version = Puppet_X::Elastic.plugin_version(@resource[:name]) - - # Naively parse the Java .properties file to check version equality. - # Because we don't have the luxury of installing arbitrary gems, perform - # simple parse with a degree of safety checking in the call chain - # - # Note that x-pack installs "meta" plugins which bundle multiple plugins - # in one. Therefore, we need to find the first "sub" plugin that - # indicates which version of x-pack this is. - properties = properties_files.sort.map do |prop_file| - IO.readlines(prop_file).map(&:strip).reject do |line| - line.start_with?('#') or line.empty? - end.map do |property| - property.split('=') - end.reject do |pairs| - pairs.length != 2 - end.to_h - end.find { |prop| prop.key? 'version' } - - if properties and properties['version'] != plugin_version - debug "Elasticsearch plugin #{@resource[:name]} not version #{plugin_version}, reinstalling" - destroy - return false - end - rescue ElasticPluginParseFailure - debug "Failed to parse plugin version for #{@resource[:name]}" - end - - # If there is no version string, we do not check version equality - debug "No version found in #{@resource[:name]}, not enforcing any version" - true - end - - def plugin_path - @resource[:plugin_path] || Puppet_X::Elastic.plugin_name(@resource[:name]) - end - - # Intelligently returns the correct installation arguments for version 1 - # version of Elasticsearch. - # - # @return [Array] - # arguments to pass to the plugin installation utility - def install1x - if !@resource[:url].nil? - [ - Puppet_X::Elastic.plugin_name(@resource[:name]), - '--url', - @resource[:url] - ] - elsif !@resource[:source].nil? - [ - Puppet_X::Elastic.plugin_name(@resource[:name]), - '--url', - "file://#{@resource[:source]}" - ] - else - [@resource[:name]] - end - end - - # Intelligently returns the correct installation arguments for version 2 - # version of Elasticsearch. - # - # @return [Array] - # arguments to pass to the plugin installation utility - def install2x - if !@resource[:url].nil? - [@resource[:url]] - elsif !@resource[:source].nil? - ["file://#{@resource[:source]}"] - else - [@resource[:name]] - end - end - - # Format proxy arguments for consumption by the elasticsearch plugin - # management tool (i.e., Java properties). - # - # @return Array - # of flags for command-line tools - def proxy_args(url) - parsed = URI(url) - %w[http https].map do |schema| - [:host, :port, :user, :password].map do |param| - option = parsed.send(param) - "-D#{schema}.proxy#{param.to_s.capitalize}=#{option}" unless option.nil? - end - end.flatten.compact - end - - # Install this plugin on the host. - # rubocop:disable Metrics/CyclomaticComplexity - def create - commands = [] - commands += proxy_args(@resource[:proxy]) if is2x? and @resource[:proxy] - commands << 'install' - commands << '--batch' if batch_capable? - commands += is1x? ? install1x : install2x - debug("Commands: #{commands.inspect}") - - retry_count = 3 - retry_times = 0 - begin - with_environment do - plugin(commands) - end - rescue Puppet::ExecutionFailure => e - retry_times += 1 - debug("Failed to install plugin. Retrying... #{retry_times} of #{retry_count}") - sleep 2 - retry if retry_times < retry_count - raise "Failed to install plugin. Received error: #{e.inspect}" - end - end - # rubocop:enable Metrics/CyclomaticComplexity - - # Remove this plugin from the host. - def destroy - with_environment do - plugin(['remove', Puppet_X::Elastic.plugin_name(@resource[:name])]) - end - end - - # Determine the installed version of Elasticsearch on this host. - def es_version - Puppet_X::Elastic::EsVersioning.version( - resource[:elasticsearch_package_name], resource.catalog - ) - end - - def is1x? - Puppet::Util::Package.versioncmp(es_version, '2.0.0') < 0 - end - - def is2x? - (Puppet::Util::Package.versioncmp(es_version, '2.0.0') >= 0) && \ - (Puppet::Util::Package.versioncmp(es_version, '3.0.0') < 0) - end - - def batch_capable? - Puppet::Util::Package.versioncmp(es_version, '2.2.0') >= 0 - end - - # Run a command wrapped in necessary env vars - def with_environment(&block) - env_vars = { - 'ES_JAVA_OPTS' => @resource[:java_opts], - 'ES_PATH_CONF' => @resource[:configdir] - } - saved_vars = {} - - unless @resource[:java_home].nil? or @resource[:java_home] == '' - env_vars['JAVA_HOME'] = @resource[:java_home] - end - - if !is2x? and @resource[:proxy] - env_vars['ES_JAVA_OPTS'] += proxy_args(@resource[:proxy]) - end - - env_vars['ES_JAVA_OPTS'] = env_vars['ES_JAVA_OPTS'].join(' ') - - env_vars.each do |env_var, value| - saved_vars[env_var] = ENV[env_var] - ENV[env_var] = value - end - - ret = block.yield - - saved_vars.each do |env_var, value| - ENV[env_var] = value - end - - ret - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_rest.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_rest.rb deleted file mode 100644 index 0b993fb45..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_rest.rb +++ /dev/null @@ -1,303 +0,0 @@ -require 'json' -require 'net/http' -require 'openssl' - -# Parent class encapsulating general-use functions for children REST-based -# providers. -# rubocop:disable Metrics/ClassLength -class Puppet::Provider::ElasticREST < Puppet::Provider - class << self - attr_accessor :api_discovery_uri - attr_accessor :api_resource_style - attr_accessor :api_uri - attr_accessor :discrete_resource_creation - attr_accessor :metadata - attr_accessor :metadata_pipeline - attr_accessor :query_string - end - - # Fetch arbitrary metadata for the class from an instance object. - # - # @return String - def metadata - self.class.metadata - end - - # Retrieve the class query_string variable - # - # @return String - def query_string - self.class.query_string - end - - # Perform a REST API request against the indicated endpoint. - # - # @return Net::HTTPResponse - # rubocop:disable Metrics/CyclomaticComplexity - # rubocop:disable Metrics/PerceivedComplexity - def self.rest(http, \ - req, \ - validate_tls = true, \ - timeout = 10, \ - username = nil, \ - password = nil) - - if username and password - req.basic_auth username, password - elsif username or password - Puppet.warning( - 'username and password must both be defined, skipping basic auth' - ) - end - - req['Accept'] = 'application/json' - - http.read_timeout = timeout - http.open_timeout = timeout - http.verify_mode = OpenSSL::SSL::VERIFY_NONE unless validate_tls - - begin - http.request req - rescue EOFError => e - # Because the provider attempts a best guess at API access, we - # only fail when HTTP operations fail for mutating methods. - unless %w[GET OPTIONS HEAD].include? req.method - raise Puppet::Error, - "Received '#{e}' from the Elasticsearch API. Are your API settings correct?" - end - end - end - # rubocop:enable Metrics/CyclomaticComplexity - # rubocop:enable Metrics/PerceivedComplexity - - # Helper to format a remote URL request for Elasticsearch which takes into - # account path ordering, et cetera. - def self.format_uri(resource_path, property_flush = {}) - return api_uri if resource_path.nil? or api_resource_style == :bare - if discrete_resource_creation and not property_flush[:ensure].nil? - resource_path - else - case api_resource_style - when :prefix - resource_path + '/' + api_uri - else - api_uri + '/' + resource_path - end - end - end - - # Fetch Elasticsearch API objects. Accepts a variety of argument functions - # dictating how to connect to the Elasticsearch API. - # - # @return Array - # an array of Hashes representing the found API objects, whether they be - # templates, pipelines, et cetera. - def self.api_objects(protocol = 'http', \ - validate_tls = true, \ - host = 'localhost', \ - port = 9200, \ - timeout = 10, \ - username = nil, \ - password = nil, \ - ca_file = nil, \ - ca_path = nil) - - uri = URI("#{protocol}://#{host}:#{port}/#{format_uri(api_discovery_uri)}") - http = Net::HTTP.new uri.host, uri.port - req = Net::HTTP::Get.new uri.request_uri - - http.use_ssl = uri.scheme == 'https' - [[ca_file, :ca_file=], [ca_path, :ca_path=]].each do |arg, method| - http.send method, arg if arg and http.respond_to? method - end - - response = rest http, req, validate_tls, timeout, username, password - - results = [] - - if response.respond_to? :code and response.code.to_i == 200 - results = process_body(response.body) - end - - results - end - - # Process the JSON response body - def self.process_body(body) - results = JSON.parse(body).map do |object_name, api_object| - { - :name => object_name, - :ensure => :present, - metadata => process_metadata(api_object), - :provider => name - } - end - - results - end - - # Passes API objects through arbitrary Procs/lambdas in order to postprocess - # API responses. - def self.process_metadata(raw_metadata) - if metadata_pipeline.is_a? Array and !metadata_pipeline.empty? - metadata_pipeline.reduce(raw_metadata) do |md, processor| - processor.call md - end - else - raw_metadata - end - end - - # Fetch an array of provider objects from the Elasticsearch API. - def self.instances - api_objects.map { |resource| new resource } - end - - # Unlike a typical #prefetch, which just ties discovered #instances to the - # correct resources, we need to quantify all the ways the resources in the - # catalog know about Elasticsearch API access and use those settings to - # fetch any templates we can before associating resources and providers. - def self.prefetch(resources) - # Get all relevant API access methods from the resources we know about - resources.map do |_, resource| - p = resource.parameters - [ - p[:protocol].value, - p[:validate_tls].value, - p[:host].value, - p[:port].value, - p[:timeout].value, - (p.key?(:username) ? p[:username].value : nil), - (p.key?(:password) ? p[:password].value : nil), - (p.key?(:ca_file) ? p[:ca_file].value : nil), - (p.key?(:ca_path) ? p[:ca_path].value : nil) - ] - # Deduplicate identical settings, and fetch templates - end.uniq.map do |api| - api_objects(*api) - # Flatten and deduplicate the array, instantiate providers, and do the - # typical association dance - end.flatten.uniq.map { |resource| new resource }.each do |prov| - if (resource = resources[prov.name]) - resource.provider = prov - end - end - end - - def initialize(value = {}) - super(value) - @property_flush = {} - end - - # Generate a request body - def generate_body - JSON.generate( - if metadata != :content and @property_flush[:ensure] == :present - { metadata.to_s => resource[metadata] } - else - resource[metadata] - end - ) - end - - # Call Elasticsearch's REST API to appropriately PUT/DELETE/or otherwise - # update any managed API objects. - # rubocop:disable Metrics/CyclomaticComplexity - # rubocop:disable Metrics/PerceivedComplexity - def flush - Puppet.debug('Got to flush') - uri = URI( - format( - '%s://%s:%d/%s', - resource[:protocol], - resource[:host], - resource[:port], - self.class.format_uri(resource[:name], @property_flush) - ) - ) - uri.query = URI.encode_www_form query_string if query_string - - Puppet.debug("Generated URI = #{uri.inspect}") - - case @property_flush[:ensure] - when :absent - req = Net::HTTP::Delete.new uri.request_uri - else - req = Net::HTTP::Put.new uri.request_uri - req.body = generate_body - Puppet.debug("Generated body looks like: #{req.body.inspect}") - # As of Elasticsearch 6.x, required when requesting with a payload (so we - # set it always to be safe) - req['Content-Type'] = 'application/json' if req['Content-Type'].nil? - end - - http = Net::HTTP.new uri.host, uri.port - http.use_ssl = uri.scheme == 'https' - [:ca_file, :ca_path].each do |arg| - if !resource[arg].nil? and http.respond_to? arg - http.send "#{arg}=".to_sym, resource[arg] - end - end - - response = self.class.rest( - http, - req, - resource[:validate_tls], - resource[:timeout], - resource[:username], - resource[:password] - ) - - # Attempt to return useful error output - unless response.code.to_i == 200 - Puppet.debug("Non-OK reponse: Body = #{response.body.inspect}") - json = JSON.parse(response.body) - - err_msg = if json.key? 'error' - if json['error'].is_a? Hash \ - and json['error'].key? 'root_cause' - # Newer versions have useful output - json['error']['root_cause'].first['reason'] - else - # Otherwise fallback to old-style error messages - json['error'] - end - else - # As a last resort, return the response error code - "HTTP #{response.code}" - end - - raise Puppet::Error, "Elasticsearch API responded with: #{err_msg}" - end - # rubocop:enable Metrics/CyclomaticComplexity - # rubocop:enable Metrics/PerceivedComplexity - - @property_hash = self.class.api_objects( - resource[:protocol], - resource[:validate_tls], - resource[:host], - resource[:port], - resource[:timeout], - resource[:username], - resource[:password], - resource[:ca_file], - resource[:ca_path] - ).detect do |t| - t[:name] == resource[:name] - end - end - - # Set this provider's `:ensure` property to `:present`. - def create - @property_flush[:ensure] = :present - end - - def exists? - @property_hash[:ensure] == :present - end - - # Set this provider's `:ensure` property to `:absent`. - def destroy - @property_flush[:ensure] = :absent - end -end # of class diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_command.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_command.rb deleted file mode 100644 index 35ef51d4a..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_command.rb +++ /dev/null @@ -1,123 +0,0 @@ -# Parent provider for Elasticsearch Shield/X-Pack file-based user management -# tools. -class Puppet::Provider::ElasticUserCommand < Puppet::Provider - attr_accessor :homedir - - # Elasticsearch's home directory. - # - # @return String - def self.homedir - @homedir ||= case Facter.value('osfamily') - when 'OpenBSD' - '/usr/local/elasticsearch' - else - '/usr/share/elasticsearch' - end - end - - # Run the user management command with specified tool arguments. - def self.command_with_path(args, configdir = nil) - options = { - :custom_environment => { - 'ES_PATH_CONF' => configdir || '/etc/elasticsearch' - } - } - - execute( - [command(:users_cli)] + (args.is_a?(Array) ? args : [args]), - options - ) - end - - # Gather local file-based users into an array of Hash objects. - def self.fetch_users - begin - output = command_with_path('list') - rescue Puppet::ExecutionFailure => e - debug("#fetch_users had an error: #{e.inspect}") - return nil - end - - debug("Raw command output: #{output}") - output.split("\n").select { |u| - # Keep only expected "user : role1,role2" formatted lines - u[/^[^:]+:\s+\S+$/] - }.map { |u| - # Break into ["user ", " role1,role2"] - u.split(':').first.strip - }.map do |user| - { - :name => user, - :ensure => :present, - :provider => name - } - end - end - - # Fetch an array of provider objects from the the list of local users. - def self.instances - fetch_users.map do |user| - new user - end - end - - # Generic prefetch boilerplate. - def self.prefetch(resources) - instances.each do |prov| - if (resource = resources[prov.name]) - resource.provider = prov - end - end - end - - def initialize(value = {}) - super(value) - @property_flush = {} - end - - # Enforce the desired state for this user on-disk. - def flush - arguments = [] - - case @property_flush[:ensure] - when :absent - arguments << 'userdel' - arguments << resource[:name] - else - arguments << 'useradd' - arguments << resource[:name] - arguments << '-p' << resource[:password] - end - - self.class.command_with_path(arguments, resource[:configdir]) - @property_hash = self.class.fetch_users.detect do |u| - u[:name] == resource[:name] - end - end - - # Set this provider's `:ensure` property to `:present`. - def create - @property_flush[:ensure] = :present - end - - def exists? - @property_hash[:ensure] == :present - end - - # Set this provider's `:ensure` property to `:absent`. - def destroy - @property_flush[:ensure] = :absent - end - - # Manually set this user's password. - def passwd - self.class.command_with_path( - [ - 'passwd', - resource[:name], - '-p', resource[:password] - ], - resource[:configdir] - ) - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_roles.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_roles.rb deleted file mode 100644 index f7a6a6860..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_roles.rb +++ /dev/null @@ -1,49 +0,0 @@ -require 'puppet/provider/elastic_yaml' - -# Provider to help manage file-based Shield/X-Pack user/role configuration -# files. -class Puppet::Provider::ElasticUserRoles < Puppet::Provider::ElasticYaml - # Override the ancestor `parse` method to process a users/roles file - # managed by the Elasticsearch user tools. - def self.parse(text) - text.split("\n").map(&:strip).select do |line| - # Strip comments - not line.start_with? '#' and not line.empty? - end.map do |line| - # Turn array of roles into array of users that have the role - role, users = line.split(':') - users.split(',').map do |user| - { user => [role] } - end - end.flatten.inject({}) do |hash, user| - # Gather up user => role hashes by append-merging role lists - hash.merge(user) { |_, o, n| o + n } - end.map do |user, roles| - # Map those hashes into what the provider expects - { - :name => user, - :roles => roles - } - end.to_a - end - - # Represent this user/role record as a correctly-formatted config file. - def self.to_file(records) - debug "Flushing: #{records.inspect}" - records.map do |record| - record[:roles].map do |r| - { [record[:name]] => r } - end - end.flatten.map(&:invert).inject({}) do |acc, role| - acc.merge(role) { |_, o, n| o + n } - end.delete_if do |_, users| - users.empty? - end.map do |role, users| - "#{role}:#{users.join(',')}" - end.join("\n") + "\n" - end - - def self.skip_record?(_record) - false - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_yaml.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_yaml.rb deleted file mode 100644 index 0d855fb4a..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_yaml.rb +++ /dev/null @@ -1,58 +0,0 @@ -# -*- coding: utf-8 -*- -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..')) - -require 'puppet/provider/elastic_parsedfile' -require 'puppet/util/package' -require 'puppet_x/elastic/hash' - -# Provider for yaml-based Elasticsearch configuration files. -class Puppet::Provider::ElasticYaml < Puppet::Provider::ElasticParsedFile - class << self - attr_accessor :metadata - end - - # Transform a given string into a Hash-based representation of the - # provider. - def self.parse(text) - yaml = YAML.load text - if yaml - yaml.map do |key, metadata| - { - :name => key, - :ensure => :present, - @metadata => metadata - } - end - else - [] - end - end - - # Transform a given list of provider records into yaml-based - # representation. - def self.to_file(records) - yaml = records.map do |record| - # Convert top-level symbols to strings - Hash[record.map { |k, v| [k.to_s, v] }] - end.inject({}) do |hash, record| - # Flatten array of hashes into single hash - hash.merge(record['name'] => record.delete(@metadata.to_s)) - end.extend(Puppet_X::Elastic::SortedHash).to_yaml.split("\n") - - yaml.shift if yaml.first =~ /---/ - yaml = yaml.join("\n") - - yaml << "\n" - end - - def self.skip_record?(_record) - false - end - - # This is ugly, but it's overridden in ParsedFile with abstract - # functionality we don't need for our simple provider class. - # This has been observed to break in Puppet version 3/4 switches. - def self.valid_attr?(klass, attr_name) - klass.is_a? Class ? klass.parameters.include?(attr_name) : true - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_index/ruby.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_index/ruby.rb deleted file mode 100644 index 0fa171b73..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_index/ruby.rb +++ /dev/null @@ -1,25 +0,0 @@ -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..', '..')) - -require 'puppet/provider/elastic_rest' - -require 'puppet_x/elastic/deep_to_i' -require 'puppet_x/elastic/deep_to_s' - -Puppet::Type.type(:elasticsearch_index).provide( - :ruby, - :parent => Puppet::Provider::ElasticREST, - :metadata => :settings, - :metadata_pipeline => [ - lambda { |data| data['settings'] }, - lambda { |data| Puppet_X::Elastic.deep_to_s data }, - lambda { |data| Puppet_X::Elastic.deep_to_i data } - ], - :api_uri => '_settings', - :api_discovery_uri => '_all', - :api_resource_style => :prefix, - :discrete_resource_creation => true -) do - desc 'A REST API based provider to manage Elasticsearch index settings.' - - mk_resource_methods -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_keystore/elasticsearch_keystore.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_keystore/elasticsearch_keystore.rb deleted file mode 100644 index b21e78efd..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_keystore/elasticsearch_keystore.rb +++ /dev/null @@ -1,166 +0,0 @@ -Puppet::Type.type(:elasticsearch_keystore).provide( - :elasticsearch_keystore -) do - desc 'Provider for `elasticsearch-keystore` based secret management.' - - def self.defaults_dir - @defaults_dir ||= case Facter.value('osfamily') - when 'RedHat' - '/etc/sysconfig' - else - '/etc/default' - end - end - - def self.home_dir - @home_dir ||= case Facter.value('osfamily') - when 'OpenBSD' - '/usr/local/elasticsearch' - else - '/usr/share/elasticsearch' - end - end - - attr_accessor :defaults_dir, :home_dir - - commands :keystore => "#{home_dir}/bin/elasticsearch-keystore" - - def self.run_keystore(args, instance, configdir = '/etc/elasticsearch', stdin = nil) - options = { - :custom_environment => { - 'ES_INCLUDE' => File.join(defaults_dir, "elasticsearch-#{instance}"), - 'ES_PATH_CONF' => "#{configdir}/#{instance}" - }, - :uid => 'elasticsearch', - :gid => 'elasticsearch' - } - - unless stdin.nil? - stdinfile = Tempfile.new('elasticsearch-keystore') - stdinfile << stdin - stdinfile.flush - options[:stdinfile] = stdinfile.path - end - - begin - stdout = execute([command(:keystore)] + args, options) - ensure - unless stdin.nil? - stdinfile.close - stdinfile.unlink - end - end - - stdout.exitstatus.zero? ? stdout : raise(Puppet::Error, stdout) - end - - def self.present_keystores - Dir[File.join(%w[/ etc elasticsearch *])].select do |directory| - File.exist? File.join(directory, 'elasticsearch.keystore') - end.map do |instance| - settings = run_keystore(['list'], File.basename(instance)).split("\n") - { - :name => File.basename(instance), - :ensure => :present, - :provider => name, - :settings => settings - } - end - end - - def self.instances - present_keystores.map do |keystore| - new keystore - end - end - - def self.prefetch(resources) - instances.each do |prov| - if (resource = resources[prov.name]) - resource.provider = prov - end - end - end - - def initialize(value = {}) - super(value) - @property_flush = {} - end - - # rubocop:disable Metrics/CyclomaticComplexity - # rubocop:disable Metrics/PerceivedComplexity - def flush - case @property_flush[:ensure] - when :present - debug(self.class.run_keystore(['create'], resource[:name], resource[:configdir])) - @property_flush[:settings] = resource[:settings] - when :absent - File.delete(File.join([ - '/', 'etc', 'elasticsearch', resource[:instance], 'elasticsearch.keystore' - ])) - end - - # Note that since the property is :array_matching => :all, we have to - # expect that the hash is wrapped in an array. - if @property_flush[:settings] and not @property_flush[:settings].first.empty? - # Flush properties that _should_ be present - @property_flush[:settings].first.each_pair do |setting, value| - next unless @property_hash[:settings].nil? \ - or not @property_hash[:settings].include? setting - debug(self.class.run_keystore( - ['add', '--force', '--stdin', setting], resource[:name], resource[:configdir], value - )) - end - - # Remove properties that are no longer present - if resource[:purge] and not (@property_hash.nil? or @property_hash[:settings].nil?) - (@property_hash[:settings] - @property_flush[:settings].first.keys).each do |setting| - debug(self.class.run_keystore( - ['remove', setting], resource[:name], resource[:configdir] - )) - end - end - end - - @property_hash = self.class.present_keystores.detect do |u| - u[:name] == resource[:name] - end - end - # rubocop:enable Metrics/CyclomaticComplexity - # rubocop:enable Metrics/PerceivedComplexity - - # settings property setter - # - # @return [Hash] settings - def settings=(new_settings) - @property_flush[:settings] = new_settings - end - - # settings property getter - # - # @return [Hash] settings - def settings - @property_hash[:settings] - end - - # Sets the ensure property in the @property_flush hash. - # - # @return [Symbol] :present - def create - @property_flush[:ensure] = :present - end - - # Determine whether this resource is present on the system. - # - # @return [Boolean] - def exists? - @property_hash[:ensure] == :present - end - - # Set flushed ensure property to absent. - # - # @return [Symbol] :absent - def destroy - @property_flush[:ensure] = :absent - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/shield.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/shield.rb deleted file mode 100644 index 19e0bbce9..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/shield.rb +++ /dev/null @@ -1,31 +0,0 @@ -require 'puppet/provider/elastic_rest' - -Puppet::Type.type(:elasticsearch_license).provide( - :shield, - :api_resource_style => :bare, - :parent => Puppet::Provider::ElasticREST, - :metadata => :content, - :metadata_pipeline => [ - lambda { |data| Puppet_X::Elastic.deep_to_s data }, - lambda { |data| Puppet_X::Elastic.deep_to_i data } - ], - :api_uri => '_license', - :query_string => { - 'acknowledge' => 'true' - } -) do - desc 'A REST API based provider to manage Elasticsearch Shield licenses.' - - mk_resource_methods - - def self.process_body(body) - JSON.parse(body).map do |_object_name, api_object| - { - :name => name.to_s, - :ensure => :present, - metadata => { 'license' => process_metadata(api_object) }, - :provider => name - } - end - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/x-pack.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/x-pack.rb deleted file mode 100644 index 27f1fdb7e..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/x-pack.rb +++ /dev/null @@ -1,33 +0,0 @@ -# rubocop:disable Style/FileName -# rubocop:enable Style/FileName -require 'puppet/provider/elastic_rest' - -Puppet::Type.type(:elasticsearch_license).provide( - :xpack, - :api_resource_style => :bare, - :parent => Puppet::Provider::ElasticREST, - :metadata => :content, - :metadata_pipeline => [ - lambda { |data| Puppet_X::Elastic.deep_to_s data }, - lambda { |data| Puppet_X::Elastic.deep_to_i data } - ], - :api_uri => '_xpack/license', - :query_string => { - 'acknowledge' => 'true' - } -) do - desc 'A REST API based provider to manage Elasticsearch X-Pack licenses.' - - mk_resource_methods - - def self.process_body(body) - JSON.parse(body).map do |_object_name, api_object| - { - :name => name.to_s, - :ensure => :present, - metadata => { 'license' => process_metadata(api_object) }, - :provider => name - } - end - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_pipeline/ruby.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_pipeline/ruby.rb deleted file mode 100644 index c277dc8b1..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_pipeline/ruby.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'puppet/provider/elastic_rest' - -Puppet::Type.type(:elasticsearch_pipeline).provide( - :ruby, - :parent => Puppet::Provider::ElasticREST, - :metadata => :content, - :api_uri => '_ingest/pipeline' -) do - desc 'A REST API based provider to manage Elasticsearch ingest pipelines.' - - mk_resource_methods -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/elasticsearch_plugin.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/elasticsearch_plugin.rb deleted file mode 100644 index adf5a73cf..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/elasticsearch_plugin.rb +++ /dev/null @@ -1,21 +0,0 @@ -require 'puppet/provider/elastic_plugin' - -Puppet::Type.type(:elasticsearch_plugin).provide( - :elasticsearch_plugin, - :parent => Puppet::Provider::ElasticPlugin -) do - desc <<-END - Post-5.x provider for Elasticsearch bin/elasticsearch-plugin - command operations.' - END - - case Facter.value('osfamily') - when 'OpenBSD' - commands :plugin => '/usr/local/elasticsearch/bin/elasticsearch-plugin' - commands :es => '/usr/local/elasticsearch/bin/elasticsearch' - commands :javapathhelper => '/usr/local/bin/javaPathHelper' - else - commands :plugin => '/usr/share/elasticsearch/bin/elasticsearch-plugin' - commands :es => '/usr/share/elasticsearch/bin/elasticsearch' - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/plugin.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/plugin.rb deleted file mode 100644 index 33b6c8c64..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/plugin.rb +++ /dev/null @@ -1,18 +0,0 @@ -require 'puppet/provider/elastic_plugin' - -Puppet::Type.type(:elasticsearch_plugin).provide( - :plugin, - :parent => Puppet::Provider::ElasticPlugin -) do - desc 'Pre-5.x provider for Elasticsearch bin/plugin command operations.' - - case Facter.value('osfamily') - when 'OpenBSD' - commands :plugin => '/usr/local/elasticsearch/bin/plugin' - commands :es => '/usr/local/elasticsearch/bin/elasticsearch' - commands :javapathhelper => '/usr/local/bin/javaPathHelper' - else - commands :plugin => '/usr/share/elasticsearch/bin/plugin' - commands :es => '/usr/share/elasticsearch/bin/elasticsearch' - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/oss_xpack.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/oss_xpack.rb deleted file mode 100644 index 6d1ac0d2e..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/oss_xpack.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'puppet/provider/elastic_yaml' - -Puppet::Type.type(:elasticsearch_role).provide( - :oss_xpack, - :parent => Puppet::Provider::ElasticYaml, - :metadata => :privileges -) do - desc 'Provider for OSS X-Pack role resources.' - - oss_xpack_config 'roles.yml' - confine :exists => default_target -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/shield.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/shield.rb deleted file mode 100644 index bd465a0c1..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/shield.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'puppet/provider/elastic_yaml' - -Puppet::Type.type(:elasticsearch_role).provide( - :shield, - :parent => Puppet::Provider::ElasticYaml, - :metadata => :privileges -) do - desc 'Provider for Shield role resources.' - - shield_config 'roles.yml' - confine :exists => default_target -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/xpack.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/xpack.rb deleted file mode 100644 index d6b60d3a8..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/xpack.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'puppet/provider/elastic_yaml' - -Puppet::Type.type(:elasticsearch_role).provide( - :xpack, - :parent => Puppet::Provider::ElasticYaml, - :metadata => :privileges -) do - desc 'Provider for X-Pack role resources.' - - xpack_config 'roles.yml' - confine :exists => default_target -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/oss_xpack.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/oss_xpack.rb deleted file mode 100644 index ff294e6ac..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/oss_xpack.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'puppet/provider/elastic_yaml' - -Puppet::Type.type(:elasticsearch_role_mapping).provide( - :oss_xpack, - :parent => Puppet::Provider::ElasticYaml, - :metadata => :mappings -) do - desc 'Provider for OSS X-Pack role mappings.' - - oss_xpack_config 'role_mapping.yml' - confine :exists => default_target -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/shield.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/shield.rb deleted file mode 100644 index 0a1775eb8..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/shield.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'puppet/provider/elastic_yaml' - -Puppet::Type.type(:elasticsearch_role_mapping).provide( - :shield, - :parent => Puppet::Provider::ElasticYaml, - :metadata => :mappings -) do - desc 'Provider for Shield role mappings.' - - shield_config 'role_mapping.yml' - confine :exists => default_target -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/xpack.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/xpack.rb deleted file mode 100644 index 765c45066..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/xpack.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'puppet/provider/elastic_yaml' - -Puppet::Type.type(:elasticsearch_role_mapping).provide( - :xpack, - :parent => Puppet::Provider::ElasticYaml, - :metadata => :mappings -) do - desc 'Provider for X-Pack role mappings.' - - xpack_config 'role_mapping.yml' - confine :exists => default_target -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_service_file/ruby.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_service_file/ruby.rb deleted file mode 100644 index 52fbe7ee6..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_service_file/ruby.rb +++ /dev/null @@ -1,81 +0,0 @@ -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..', '..')) - -require 'pathname' -require 'puppet/util/filetype' - -require 'puppet_x/elastic/es_versioning' - -Puppet::Type.type(:elasticsearch_service_file).provide(:ruby) do - desc <<-ENDHEREDOC - Provides management of elasticsearch service files. - ENDHEREDOC - - mk_resource_methods - - def initialize(value = {}) - super(value) - @property_flush = {} - end - - def self.services - [ - '/usr/lib/systemd/system/elasticsearch-', - '/lib/systemd/system/elasticsearch-', - '/etc/init.d/elasticsearch.', - '/etc/init.d/elasticsearch-', - '/etc/rc.d/elasticsearch_' - ].map do |path| - Pathname.glob(path + '*').map do |service| - { - :name => service.to_s, - :ensure => :present, - :provider => :ruby, - :content => Puppet::Util::FileType.filetype(:flat).new(service.to_s).read - } - end - end.flatten.compact - end - - def self.instances - services.map do |instance| - new instance - end - end - - def self.prefetch(resources) - instances.each do |prov| - if (resource = resources[prov.name]) - resource.provider = prov - end - end - end - - def create - @property_flush[:ensure] = :present - end - - def exists? - @property_hash[:ensure] == :present - end - - def destroy? - @property_flush[:ensure] = :absent - end - - def flush - opt_flag, opt_flags = Puppet_X::Elastic::EsVersioning.opt_flags( - resource[:package_name], resource.catalog - ) - # This should only be present on systemd systems. - opt_flags.delete('--quiet') unless resource[:name].include?('systemd') - - template = ERB.new(resource[:content], 0, '-') - result = template.result(binding) - - Puppet::Util::FileType.filetype(:flat).new(resource[:name]).write(result) - - @property_hash = self.class.services.detect do |t| - t[:name] == resource[:name] - end - end -end # of .provide diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_snapshot_repository/ruby.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_snapshot_repository/ruby.rb deleted file mode 100644 index 9b5e6e326..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_snapshot_repository/ruby.rb +++ /dev/null @@ -1,52 +0,0 @@ -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..', '..')) - -require 'puppet/provider/elastic_rest' - -Puppet::Type.type(:elasticsearch_snapshot_repository).provide( - :ruby, - :parent => Puppet::Provider::ElasticREST, - :api_uri => '_snapshot' -) do - desc 'A REST API based provider to manage Elasticsearch snapshot repositories.' - - mk_resource_methods - - def self.process_body(body) - Puppet.debug('Got to snapshot_repository.process_body') - - results = JSON.parse(body).map do |object_name, api_object| - { - :name => object_name, - :ensure => :present, - :type => api_object['type'], - :compress => api_object['settings']['compress'], - :location => api_object['settings']['location'], - :chunk_size => api_object['settings']['chunk_size'], - :max_restore_rate => api_object['settings']['max_restore_rate'], - :max_snapshot_rate => api_object['settings']['max_snapshot_rate'], - :provider => name - }.reject { |_k, v| v.nil? } - end - results - end - - def generate_body - Puppet.debug('Got to snapshot_repository.generate_body') - # Build core request body - body = { - 'type' => resource[:type], - 'settings' => { - 'compress' => resource[:compress], - 'location' => resource[:location] - } - } - - # Add optional values - body['settings']['chunk_size'] = resource[:chunk_size] unless resource[:chunk_size].nil? - body['settings']['max_restore_rate'] = resource[:max_restore_rate] unless resource[:max_restore_rate].nil? - body['settings']['max_snapshot_rate'] = resource[:max_snapshot_rate] unless resource[:max_snapshot_rate].nil? - - # Convert to JSON and return - JSON.generate(body) - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_template/ruby.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_template/ruby.rb deleted file mode 100644 index 2512992f9..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_template/ruby.rb +++ /dev/null @@ -1,21 +0,0 @@ -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..', '..')) - -require 'puppet/provider/elastic_rest' - -require 'puppet_x/elastic/deep_to_i' -require 'puppet_x/elastic/deep_to_s' - -Puppet::Type.type(:elasticsearch_template).provide( - :ruby, - :parent => Puppet::Provider::ElasticREST, - :api_uri => '_template', - :metadata => :content, - :metadata_pipeline => [ - lambda { |data| Puppet_X::Elastic.deep_to_s data }, - lambda { |data| Puppet_X::Elastic.deep_to_i data } - ] -) do - desc 'A REST API based provider to manage Elasticsearch templates.' - - mk_resource_methods -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/elasticsearch_users.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/elasticsearch_users.rb deleted file mode 100644 index 2acf87736..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/elasticsearch_users.rb +++ /dev/null @@ -1,15 +0,0 @@ -require 'puppet/provider/elastic_user_command' - -Puppet::Type.type(:elasticsearch_user).provide( - :elasticsearch_users, - :parent => Puppet::Provider::ElasticUserCommand -) do - desc 'Provider for OSS X-Pack user resources.' - - has_feature :manages_plaintext_passwords - - mk_resource_methods - - commands :users_cli => "#{homedir}/bin/elasticsearch-users" - commands :es => "#{homedir}/bin/elasticsearch" -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/esusers.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/esusers.rb deleted file mode 100644 index f900f51cf..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/esusers.rb +++ /dev/null @@ -1,15 +0,0 @@ -require 'puppet/provider/elastic_user_command' - -Puppet::Type.type(:elasticsearch_user).provide( - :esusers, - :parent => Puppet::Provider::ElasticUserCommand -) do - desc 'Provider for Shield file (esusers) user resources.' - - has_feature :manages_plaintext_passwords - - mk_resource_methods - - commands :users_cli => "#{homedir}/bin/shield/esusers" - commands :es => "#{homedir}/bin/elasticsearch" -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/users.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/users.rb deleted file mode 100644 index d078a48ce..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/users.rb +++ /dev/null @@ -1,16 +0,0 @@ -require 'puppet/provider/elastic_user_command' - -Puppet::Type.type(:elasticsearch_user).provide( - :users, - :parent => Puppet::Provider::ElasticUserCommand -) do - desc 'Provider for X-Pack file (users) user resources.' - confine :false => (Puppet::FileSystem.exist? "#{homedir}/bin/elasticsearch-users") - - has_feature :manages_plaintext_passwords - - mk_resource_methods - - commands :users_cli => "#{homedir}/bin/x-pack/users" - commands :es => "#{homedir}/bin/elasticsearch" -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/oss_xpack.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/oss_xpack.rb deleted file mode 100644 index a160bea7d..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/oss_xpack.rb +++ /dev/null @@ -1,29 +0,0 @@ -require 'puppet/provider/elastic_parsedfile' - -Puppet::Type.type(:elasticsearch_user_file).provide( - :oss_xpack, - :parent => Puppet::Provider::ElasticParsedFile -) do - desc 'Provider for OSS X-Pack users using plain files.' - - oss_xpack_config 'users' - confine :exists => default_target - - has_feature :manages_encrypted_passwords - - text_line :comment, - :match => /^\s*#/ - - record_line :oss_xpack, - :fields => %w[name hashed_password], - :separator => ':', - :joiner => ':' - - def self.valid_attr?(klass, attr_name) - if klass.respond_to? :parameters - klass.parameters.include?(attr_name) - else - true - end - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/shield.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/shield.rb deleted file mode 100644 index a6f15f658..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/shield.rb +++ /dev/null @@ -1,29 +0,0 @@ -require 'puppet/provider/elastic_parsedfile' - -Puppet::Type.type(:elasticsearch_user_file).provide( - :shield, - :parent => Puppet::Provider::ElasticParsedFile -) do - desc 'Provider for Shield esusers using plain files.' - - shield_config 'users' - confine :exists => default_target - - has_feature :manages_encrypted_passwords - - text_line :comment, - :match => /^\s*#/ - - record_line :shield, - :fields => %w[name hashed_password], - :separator => ':', - :joiner => ':' - - def self.valid_attr?(klass, attr_name) - if klass.respond_to? :parameters - klass.parameters.include?(attr_name) - else - true - end - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/xpack.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/xpack.rb deleted file mode 100644 index 318ad35bb..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/xpack.rb +++ /dev/null @@ -1,29 +0,0 @@ -require 'puppet/provider/elastic_parsedfile' - -Puppet::Type.type(:elasticsearch_user_file).provide( - :xpack, - :parent => Puppet::Provider::ElasticParsedFile -) do - desc 'Provider for X-Pack esusers using plain files.' - - xpack_config 'users' - confine :exists => default_target - - has_feature :manages_encrypted_passwords - - text_line :comment, - :match => /^\s*#/ - - record_line :xpack, - :fields => %w[name hashed_password], - :separator => ':', - :joiner => ':' - - def self.valid_attr?(klass, attr_name) - if klass.respond_to? :parameters - klass.parameters.include?(attr_name) - else - true - end - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/oss_xpack.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/oss_xpack.rb deleted file mode 100644 index b2357d654..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/oss_xpack.rb +++ /dev/null @@ -1,11 +0,0 @@ -require 'puppet/provider/elastic_user_roles' - -Puppet::Type.type(:elasticsearch_user_roles).provide( - :oss_xpack, - :parent => Puppet::Provider::ElasticUserRoles -) do - desc 'Provider for X-Pack user roles (parsed file.)' - - oss_xpack_config 'users_roles' - confine :exists => default_target -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/shield.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/shield.rb deleted file mode 100644 index 52bd8a079..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/shield.rb +++ /dev/null @@ -1,11 +0,0 @@ -require 'puppet/provider/elastic_user_roles' - -Puppet::Type.type(:elasticsearch_user_roles).provide( - :shield, - :parent => Puppet::Provider::ElasticUserRoles -) do - desc 'Provider for Shield user roles (parsed file.)' - - shield_config 'users_roles' - confine :exists => default_target -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/xpack.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/xpack.rb deleted file mode 100644 index 0b1a082c0..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/xpack.rb +++ /dev/null @@ -1,11 +0,0 @@ -require 'puppet/provider/elastic_user_roles' - -Puppet::Type.type(:elasticsearch_user_roles).provide( - :xpack, - :parent => Puppet::Provider::ElasticUserRoles -) do - desc 'Provider for X-Pack user roles (parsed file.)' - - xpack_config 'users_roles' - confine :exists => default_target -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/es_instance_conn_validator/tcp_port.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/es_instance_conn_validator/tcp_port.rb deleted file mode 100644 index a0b40385f..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/es_instance_conn_validator/tcp_port.rb +++ /dev/null @@ -1,50 +0,0 @@ -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..', '..')) -require 'puppet/util/es_instance_validator' - -# This file contains a provider for the resource type `es_instance_conn_validator`, -# which validates the Elasticsearch instance connection by attempting an https connection. - -Puppet::Type.type(:es_instance_conn_validator).provide(:tcp_port) do - desc "A provider for the resource type `es_instance_conn_validator`, - which validates the connection by attempting an https - connection to the Elasticsearch instance." - - def exists? - start_time = Time.now - timeout = resource[:timeout] - - success = validator.attempt_connection - - while success == false && ((Time.now - start_time) < timeout) - # It can take several seconds for the Elasticsearch instance to start up; - # especially on the first install. Therefore, our first connection attempt - # may fail. Here we have somewhat arbitrarily chosen to retry every 2 - # seconds until the configurable timeout has expired. - Puppet.debug('Failed to connect to the Elasticsearch instance; sleeping 2 seconds before retry') - sleep 2 - success = validator.attempt_connection - end - - if success - Puppet.debug("Connected to the ES instance in #{Time.now - start_time} seconds.") - else - Puppet.notice("Failed to connect to the ES instance within timeout window of #{timeout} seconds; giving up.") - end - - success - end - - def create - # If `#create` is called, that means that `#exists?` returned false, which - # means that the connection could not be established... so we need to - # cause a failure here. - raise Puppet::Error, "Unable to connect to ES instance ! (#{@validator.instance_server}:#{@validator.instance_port})" - end - - private - - # @api private - def validator - @validator ||= Puppet::Util::EsInstanceValidator.new(resource[:server], resource[:port]) - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_index.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_index.rb deleted file mode 100644 index 942ee6a88..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_index.rb +++ /dev/null @@ -1,34 +0,0 @@ -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..')) - -require 'puppet_x/elastic/asymmetric_compare' -require 'puppet_x/elastic/deep_to_i' -require 'puppet_x/elastic/deep_to_s' -require 'puppet_x/elastic/elasticsearch_rest_resource' - -Puppet::Type.newtype(:elasticsearch_index) do - extend ElasticsearchRESTResource - - desc 'Manages Elasticsearch index settings.' - - ensurable - - newparam(:name, :namevar => true) do - desc 'Index name.' - end - - newproperty(:settings) do - desc 'Structured settings for the index in hash form.' - - def insync?(is) - Puppet_X::Elastic.asymmetric_compare(should, is) - end - - munge do |value| - Puppet_X::Elastic.deep_to_i(Puppet_X::Elastic.deep_to_s(value)) - end - - validate do |value| - raise Puppet::Error, 'hash expected' unless value.is_a? Hash - end - end -end # of newtype diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_keystore.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_keystore.rb deleted file mode 100644 index 46f5d7d3e..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_keystore.rb +++ /dev/null @@ -1,64 +0,0 @@ -require 'puppet/parameter/boolean' - -Puppet::Type.newtype(:elasticsearch_keystore) do - desc 'Manages an Elasticsearch keystore settings file.' - - ensurable - - newparam(:instance, :namevar => true) do - desc 'Elasticsearch instance this keystore belongs to.' - end - - newparam(:configdir) do - desc 'Path to the elasticsearch configuration directory (ES_PATH_CONF).' - defaultto '/etc/elasticsearch' - end - - newparam(:purge, :boolean => true, :parent => Puppet::Parameter::Boolean) do - desc <<-EOS - Whether to proactively remove settings that exist in the keystore but - are not present in this resource's settings. - EOS - - defaultto false - end - - newproperty(:settings, :array_matching => :all) do - desc 'A key/value hash of settings names and values.' - - # The keystore utility can only retrieve a list of stored settings, - # so here we only compare the existing settings (sorted) with the - # desired settings' keys - def insync?(is) - if resource[:purge] - is.sort == @should.first.keys.sort - else - (@should.first.keys - is).empty? - end - end - - def change_to_s(currentvalue, newvalue_raw) - ret = '' - - newvalue = newvalue_raw.first.keys - - added_settings = newvalue - currentvalue - ret << "added: #{added_settings.join(', ')} " unless added_settings.empty? - - removed_settings = currentvalue - newvalue - unless removed_settings.empty? - ret << if resource[:purge] - "removed: #{removed_settings.join(', ')}" - else - "would have removed: #{removed_settings.join(', ')}, but purging is disabled" - end - end - - ret - end - end - - autorequire(:augeas) do - "defaults_#{self[:name]}" - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_license.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_license.rb deleted file mode 100644 index 661183681..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_license.rb +++ /dev/null @@ -1,52 +0,0 @@ -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..')) - -require 'puppet_x/elastic/asymmetric_compare' -require 'puppet_x/elastic/deep_to_i' -require 'puppet_x/elastic/deep_to_s' -require 'puppet_x/elastic/elasticsearch_rest_resource' - -Puppet::Type.newtype(:elasticsearch_license) do - extend ElasticsearchRESTResource - - desc 'Manages Elasticsearch licenses.' - - ensurable - - newparam(:name, :namevar => true) do - desc 'Pipeline name.' - end - - newproperty(:content) do - desc 'Structured hash for license content data.' - - def insync?(is) - Puppet_X::Elastic.asymmetric_compare( - should.map { |k, v| [k, v.is_a?(Hash) ? (v.reject { |s, _| s == 'signature' }) : v] }.to_h, - is - ) - end - - def should_to_s(newvalue) - newvalue.map do |license, license_data| - [ - license, - if license_data.is_a? Hash - license_data.map do |field, value| - [field, field == 'signature' ? '[redacted]' : value] - end.to_h - else - v - end - ] - end.to_h.to_s - end - - validate do |value| - raise Puppet::Error, 'hash expected' unless value.is_a? Hash - end - - munge do |value| - Puppet_X::Elastic.deep_to_i(Puppet_X::Elastic.deep_to_s(value)) - end - end -end # of newtype diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_pipeline.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_pipeline.rb deleted file mode 100644 index 993f94f86..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_pipeline.rb +++ /dev/null @@ -1,29 +0,0 @@ -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..')) - -require 'puppet_x/elastic/deep_to_i' -require 'puppet_x/elastic/deep_to_s' -require 'puppet_x/elastic/elasticsearch_rest_resource' - -Puppet::Type.newtype(:elasticsearch_pipeline) do - extend ElasticsearchRESTResource - - desc 'Manages Elasticsearch ingest pipelines.' - - ensurable - - newparam(:name, :namevar => true) do - desc 'Pipeline name.' - end - - newproperty(:content) do - desc 'Structured content of pipeline.' - - validate do |value| - raise Puppet::Error, 'hash expected' unless value.is_a? Hash - end - - munge do |value| - Puppet_X::Elastic.deep_to_i(Puppet_X::Elastic.deep_to_s(value)) - end - end -end # of newtype diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_plugin.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_plugin.rb deleted file mode 100644 index 1b52b507a..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_plugin.rb +++ /dev/null @@ -1,52 +0,0 @@ -Puppet::Type.newtype(:elasticsearch_plugin) do - @doc = 'Plugin installation type' - - ensurable - - newparam(:name, :namevar => true) do - desc 'An arbitrary name used as the identity of the resource.' - end - - newparam(:configdir) do - desc 'Path to the elasticsearch configuration directory (ES_PATH_CONF).' - defaultto '/etc/elasticsearch' - - validate do |value| - raise Puppet::Error, 'path expected' if value.nil? - end - end - - newparam(:elasticsearch_package_name) do - desc 'Name of the system Elasticsearch package.' - end - - newparam(:java_opts) do - desc 'Optional array of Java options for ES_JAVA_OPTS.' - defaultto [] - end - - newparam(:java_home) do - desc 'Optional string to set the environment variable JAVA_HOME.' - end - - newparam(:url) do - desc 'Url of the package' - end - - newparam(:source) do - desc 'Source of the package. puppet:// or file:// resource' - end - - newparam(:proxy) do - desc 'Proxy Host' - end - - newparam(:plugin_dir) do - desc 'Path to the Plugins directory' - defaultto '/usr/share/elasticsearch/plugins' - end - - newparam(:plugin_path) do - desc 'Override name of the directory created for the plugin' - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role.rb deleted file mode 100644 index ae129bbfb..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role.rb +++ /dev/null @@ -1,15 +0,0 @@ -Puppet::Type.newtype(:elasticsearch_role) do - desc 'Type to model Elasticsearch roles.' - - ensurable - - newparam(:name, :namevar => true) do - desc 'Role name.' - - newvalues(/^[a-zA-Z_]{1}[-\w@.$]{0,29}$/) - end - - newproperty(:privileges) do - desc 'Security privileges of the given role.' - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role_mapping.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role_mapping.rb deleted file mode 100644 index 4a52bda0a..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role_mapping.rb +++ /dev/null @@ -1,15 +0,0 @@ -Puppet::Type.newtype(:elasticsearch_role_mapping) do - desc 'Type to model Elasticsearch role mappings.' - - ensurable - - newparam(:name, :namevar => true) do - desc 'Role name.' - - newvalues(/^[a-zA-Z_]{1}[-\w@.$]{0,29}$/) - end - - newproperty(:mappings, :array_matching => :all) do - desc 'List of role mappings.' - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_service_file.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_service_file.rb deleted file mode 100644 index f7a5588e5..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_service_file.rb +++ /dev/null @@ -1,87 +0,0 @@ -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..')) - -require 'puppet/util/checksums' - -require 'puppet_x/elastic/es_versioning' - -Puppet::Type.newtype(:elasticsearch_service_file) do - @doc = 'Manages elasticsearch service files.' - - ensurable - - newparam(:name, :namevar => true) do - desc 'Fully qualified path to the service file.' - end - - newproperty(:content) do - include Puppet::Util::Checksums - - desc 'Service file contents in erb template form.' - - # Interploate the erb source before comparing it to the on-disk - # init script - def insync?(is) - _opt_flag, opt_flags = Puppet_X::Elastic::EsVersioning.opt_flags( - resource[:package_name], resource.catalog - ) - # This should only be present on systemd systems. - opt_flags.delete('--quiet') unless resource[:name].include?('systemd') - - template = ERB.new(should, 0, '-') - is == template.result(binding) - end - - # Represent as a checksum, not the whole file - def change_to_s(currentvalue, newvalue) - algo = Puppet[:digest_algorithm].to_sym - - if currentvalue == :absent - return "defined content as '#{send(algo, newvalue)}'" - elsif newvalue == :absent - return "undefined content from '#{send(algo, currentvalue)}'" - else - return "content changed '#{send(algo, currentvalue)}' to '#{send(algo, newvalue)}'" - end - end - end - - newparam(:defaults_location) do - desc 'File path to defaults file.' - end - - newparam(:group) do - desc 'Group to run service under.' - end - - newparam(:homedir) do - desc 'Elasticsearch home directory.' - end - - newparam(:instance) do - desc 'Elasticsearch instance name.' - end - - newparam(:memlock) do - desc 'Memlock setting for service.' - end - - newparam(:nofile) do - desc 'Service NOFILE ulimit.' - end - - newparam(:nproc) do - desc 'Service NPROC ulimit.' - end - - newparam(:package_name) do - desc 'Name of the system Elasticsearch package.' - end - - newparam(:pid_dir) do - desc 'Directory to use for storing service PID.' - end - - newparam(:user) do - desc 'User to run service under.' - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_snapshot_repository.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_snapshot_repository.rb deleted file mode 100644 index 17357a912..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_snapshot_repository.rb +++ /dev/null @@ -1,51 +0,0 @@ -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..')) - -require 'puppet_x/elastic/elasticsearch_rest_resource' - -Puppet::Type.newtype(:elasticsearch_snapshot_repository) do - extend ElasticsearchRESTResource - - desc 'Manages Elasticsearch snapshot repositories.' - - ensurable - - newparam(:name, :namevar => true) do - desc 'Repository name.' - end - - newparam(:type) do - desc 'Repository type' - defaultto 'fs' - - validate do |value| - raise Puppet::Error, 'string expected' unless value.is_a? String - end - end - - # newproperty(:compress, :boolean => true, :parent => Puppet::Property::Boolean) do - newproperty(:compress, :boolean => true) do - desc 'Compress the repository data' - - defaultto :true - end - - newproperty(:location) do - desc 'Repository location' - end - - newproperty(:chunk_size) do - desc 'File chunk size' - end - - newproperty(:max_restore_rate) do - desc 'Maximum Restore rate' - end - - newproperty(:max_snapshot_rate) do - desc 'Maximum Snapshot rate' - end - - validate do - raise ArgumentError, 'Location is required.' if self[:location].nil? - end -end # of newtype diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_template.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_template.rb deleted file mode 100644 index c44a5bdbc..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_template.rb +++ /dev/null @@ -1,114 +0,0 @@ -$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', '..')) - -require 'puppet/file_serving/content' -require 'puppet/file_serving/metadata' - -require 'puppet_x/elastic/deep_implode' -require 'puppet_x/elastic/deep_to_i' -require 'puppet_x/elastic/deep_to_s' -require 'puppet_x/elastic/elasticsearch_rest_resource' - -Puppet::Type.newtype(:elasticsearch_template) do - extend ElasticsearchRESTResource - - desc 'Manages Elasticsearch index templates.' - - ensurable - - newparam(:name, :namevar => true) do - desc 'Template name.' - end - - newproperty(:content) do - desc 'Structured content of template.' - - validate do |value| - raise Puppet::Error, 'hash expected' unless value.is_a? Hash - end - - munge do |value| - # The Elasticsearch API will return default empty values for - # order, aliases, and mappings if they aren't defined in the - # user mapping, so we need to set defaults here to keep the - # `in` and `should` states consistent if the user hasn't - # provided any. - # - # The value is first stringified, then integers are parse out as - # necessary, since the Elasticsearch API enforces some fields to be - # integers. - # - # We also need to fully qualify index settings, since users - # can define those with the index json key absent, but the API - # always fully qualifies them. - { 'order' => 0, 'aliases' => {}, 'mappings' => {} }.merge( - Puppet_X::Elastic.deep_to_i( - Puppet_X::Elastic.deep_to_s( - value.tap do |val| - if val.key? 'settings' - val['settings']['index'] = {} unless val['settings'].key? 'index' - (val['settings'].keys - ['index']).each do |setting| - new_key = if setting.start_with? 'index.' - setting[6..-1] - else - setting - end - val['settings']['index'][new_key] = \ - val['settings'].delete setting - end - end - end - ) - ) - ) - end - - def insync?(is) - Puppet_X::Elastic.deep_implode(is) == \ - Puppet_X::Elastic.deep_implode(should) - end - end - - newparam(:source) do - desc 'Puppet source to file containing template contents.' - - validate do |value| - raise Puppet::Error, 'string expected' unless value.is_a? String - end - end - - # rubocop:disable Style/SignalException - validate do - # Ensure that at least one source of template content has been provided - if self[:ensure] == :present - fail Puppet::ParseError, '"content" or "source" required' \ - if self[:content].nil? and self[:source].nil? - if !self[:content].nil? and !self[:source].nil? - fail( - Puppet::ParseError, - "'content' and 'source' cannot be simultaneously defined" - ) - end - end - - # If a source was passed, retrieve the source content from Puppet's - # FileServing indirection and set the content property - unless self[:source].nil? - unless Puppet::FileServing::Metadata.indirection.find(self[:source]) - fail(format('Could not retrieve source %s', self[:source])) - end - - tmp = if !catalog.nil? \ - and catalog.respond_to?(:environment_instance) - Puppet::FileServing::Content.indirection.find( - self[:source], - :environment => catalog.environment_instance - ) - else - Puppet::FileServing::Content.indirection.find(self[:source]) - end - - fail(format('Could not find any content at %s', self[:source])) unless tmp - self[:content] = PSON.load(tmp.content) - end - end -end # of newtype diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user.rb deleted file mode 100644 index 01b0a18a2..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user.rb +++ /dev/null @@ -1,51 +0,0 @@ -Puppet::Type.newtype(:elasticsearch_user) do - desc 'Type to model Elasticsearch users.' - - feature :manages_plaintext_passwords, - 'The provider can control the password in plaintext form.' - - ensurable - - newparam(:name, :namevar => true) do - desc 'User name.' - end - - newparam(:configdir) do - desc 'Path to the elasticsearch configuration directory (ES_PATH_CONF).' - - validate do |value| - raise Puppet::Error, 'path expected' if value.nil? - end - end - - newparam( - :password, - :required_features => :manages_plaintext_passwords - ) do - desc 'Plaintext password for user.' - - validate do |value| - if value.length < 6 - raise ArgumentError, 'Password must be at least 6 characters long' - end - end - - # rubocop:disable Style/PredicateName - def is_to_s(_currentvalue) - '[old password hash redacted]' - end - # rubocop:enable Style/PredicateName - - def should_to_s(_newvalue) - '[new password hash redacted]' - end - end - - def refresh - if @parameters[:ensure] - provider.passwd - else - debug 'skipping password set' - end - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_file.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_file.rb deleted file mode 100644 index 250563d2d..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_file.rb +++ /dev/null @@ -1,30 +0,0 @@ -Puppet::Type.newtype(:elasticsearch_user_file) do - desc 'Type to model Elasticsearch users.' - - feature :manages_encrypted_passwords, - 'The provider can control the password hash without a need - to explicitly refresh.' - - ensurable - - newparam(:name, :namevar => true) do - desc 'User name.' - end - - newparam(:configdir) do - desc 'Path to the elasticsearch configuration directory (ES_PATH_CONF).' - - validate do |value| - raise Puppet::Error, 'path expected' if value.nil? - end - end - - newproperty( - :hashed_password, - :required_features => :manages_encrypted_passwords - ) do - desc 'Hashed password for user.' - - newvalues(/^[$]2a[$].{56}$/) - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_roles.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_roles.rb deleted file mode 100644 index fb8a86ae2..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_roles.rb +++ /dev/null @@ -1,20 +0,0 @@ -Puppet::Type.newtype(:elasticsearch_user_roles) do - desc 'Type to model Elasticsearch user roles.' - - ensurable - - newparam(:name, :namevar => true) do - desc 'User name.' - end - - newproperty(:roles, :array_matching => :all) do - desc 'Array of roles that the user should belong to.' - def insync?(is) - is.sort == should.sort - end - end - - autorequire(:elasticsearch_user) do - self[:name] - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/es_instance_conn_validator.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/es_instance_conn_validator.rb deleted file mode 100644 index b4bc92368..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/es_instance_conn_validator.rb +++ /dev/null @@ -1,33 +0,0 @@ -Puppet::Type.newtype(:es_instance_conn_validator) do - @doc = "Verify that a connection can be successfully established between a - node and the Elasticsearch instance. It could potentially be used for other - purposes such as monitoring." - - ensurable - - newparam(:name, :namevar => true) do - desc 'An arbitrary name used as the identity of the resource.' - end - - newparam(:server) do - desc 'DNS name or IP address of the server where Elasticsearch instance should be running.' - defaultto 'localhost' - end - - newparam(:port) do - desc 'The port that the Elasticsearch instance should be listening on.' - defaultto 9200 - end - - newparam(:timeout) do - desc 'The max number of seconds that the validator should wait before giving up and deciding that the Elasticsearch instance is not running; defaults to 60 seconds.' - defaultto 60 - validate do |value| - # This will raise an error if the string is not convertible to an integer - Integer(value) - end - munge do |value| - Integer(value) - end - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/util/es_instance_validator.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet/util/es_instance_validator.rb deleted file mode 100644 index 77f0b3c49..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet/util/es_instance_validator.rb +++ /dev/null @@ -1,44 +0,0 @@ -require 'socket' -require 'timeout' - -module Puppet - # Namespace for miscellaneous tools - module Util - # Helper class to assist with talking to the Elasticsearch service ports. - class EsInstanceValidator - attr_reader :instance_server - attr_reader :instance_port - - def initialize(instance_server, instance_port) - @instance_server = instance_server - @instance_port = instance_port - - # Avoid deprecation warnings in Puppet versions < 4 - @timeout = if Facter.value(:puppetversion).split('.').first.to_i < 4 - Puppet[:configtimeout] - else - Puppet[:http_connect_timeout] - end - end - - # Utility method; attempts to make an https connection to the Elasticsearch instance. - # This is abstracted out into a method so that it can be called multiple times - # for retry attempts. - # - # @return true if the connection is successful, false otherwise. - def attempt_connection - Timeout.timeout(@timeout) do - begin - TCPSocket.new(@instance_server, @instance_port).close - true - rescue Errno::EADDRNOTAVAIL, Errno::ECONNREFUSED, Errno::EHOSTUNREACH => e - Puppet.debug "Unable to connect to Elasticsearch instance (#{@instance_server}:#{@instance_port}): #{e.message}" - false - end - end - rescue Timeout::Error - false - end - end - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/asymmetric_compare.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/asymmetric_compare.rb deleted file mode 100644 index 850d8858d..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/asymmetric_compare.rb +++ /dev/null @@ -1,24 +0,0 @@ -module Puppet_X - # Custom Elastic functions - module Elastic - # Certain Elasticsearch APIs return fields that are present in responses - # but not present when sending API requests such as creation time, and so - # on. When comparing desired settings and extant settings, only indicate - # that a value differs from another when user-desired settings differ from - # existing settings - we ignore keys that exist in the response that aren't - # being explicitly controlled by Puppet. - def self.asymmetric_compare(should_val, is_val) - should_val.reduce(true) do |is_synced, (should_key, should_setting)| - if is_val.key? should_key - if is_val[should_key].is_a? Hash - asymmetric_compare(should_setting, is_val[should_key]) - else - is_synced && is_val[should_key] == should_setting - end - else - is_synced && true - end - end - end - end # of Elastic -end # of Puppet_X diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_implode.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_implode.rb deleted file mode 100644 index 3a5135516..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_implode.rb +++ /dev/null @@ -1,33 +0,0 @@ -module Puppet_X - # Custom ruby for some Elastic utilities. - module Elastic - # Recursively implode a hash into dot-delimited structure of Hash - # keys/values. - def self.deep_implode(hash) - ret = {} - implode ret, hash - ret - end - - # Recursively descend into hash values, flattening the key structure into - # dot-delimited keyed Hash. - def self.implode(new_hash, hash, path = []) - hash.sort_by { |k, _v| k.length }.reverse.each do |key, value| - new_path = path + [key] - case value - when Hash - implode(new_hash, value, new_path) - else - new_key = new_path.join('.') - if value.is_a? Array \ - and new_hash.key? new_key \ - and new_hash[new_key].is_a? Array - new_hash[new_key] += value - else - new_hash[new_key] ||= value - end - end - end - end # of deep_implode - end # of Elastic -end # of Puppet_X diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_i.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_i.rb deleted file mode 100644 index 32f9a1f08..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_i.rb +++ /dev/null @@ -1,20 +0,0 @@ -module Puppet_X - # Custom Elastic functions - module Elastic - # This ugly hack is required due to the fact Puppet passes in the - # puppet-native hash with stringified numerics, which causes the - # decoded JSON from the Elasticsearch API to be seen as out-of-sync - # when the parsed template hash is compared against the puppet hash. - def self.deep_to_i(obj) - if obj.is_a? String and obj =~ /^-?[0-9]+$/ - obj.to_i - elsif obj.is_a? Array - obj.map { |element| deep_to_i(element) } - elsif obj.is_a? Hash - obj.merge(obj) { |_key, val| deep_to_i(val) } - else - obj - end - end - end # of Elastic -end # of Puppet_X diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_s.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_s.rb deleted file mode 100644 index 2d32f17fd..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_s.rb +++ /dev/null @@ -1,20 +0,0 @@ -module Puppet_X - # Custom Elastic functions - module Elastic - # When given a hash, this method recurses deeply into all values to convert - # any that aren't data structures into strings. This is necessary when - # comparing results from Elasticsearch API calls, because values like - # integers and booleans are in string form. - def self.deep_to_s(obj) - if obj.is_a? Array - obj.map { |element| deep_to_s(element) } - elsif obj.is_a? Hash - obj.merge(obj) { |_key, val| deep_to_s(val) } - elsif (not obj.is_a? String) and (not [true, false].include?(obj)) and obj.respond_to? :to_s - obj.to_s - else - obj - end - end - end # of Elastic -end # of Puppet_X diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/elasticsearch_rest_resource.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/elasticsearch_rest_resource.rb deleted file mode 100644 index b00d5c2e3..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/elasticsearch_rest_resource.rb +++ /dev/null @@ -1,93 +0,0 @@ -require 'puppet/parameter/boolean' - -# Provides common properties and parameters for REST-based Elasticsearch types -module ElasticsearchRESTResource - # rubocop:disable Metrics/CyclomaticComplexity - # rubocop:disable Metrics/PerceivedComplexity - def self.extended(extender) - extender.newparam(:ca_file) do - desc 'Absolute path to a CA file to authenticate server certs against.' - end - - extender.newparam(:ca_path) do - desc 'Absolute path to a directory containing CA files.' - end - - extender.newparam(:host) do - desc 'Hostname or address of Elasticsearch instance.' - defaultto 'localhost' - - validate do |value| - unless value.is_a? String - raise Puppet::Error, 'invalid parameter, expected string' - end - end - end - - extender.newparam(:password) do - desc 'Optional HTTP basic auth plaintext password for Elasticsearch.' - end - - extender.newparam(:port) do - desc 'Port to use for Elasticsearch HTTP API operations.' - defaultto 9200 - - munge do |value| - if value.is_a? String - value.to_i - elsif value.is_a? Integer - value - else - raise Puppet::Error, "unknown '#{value}' timeout type #{value.class}" - end - end - - validate do |value| - raise Puppet::Error, "invalid port value '#{value}'" \ - unless value.to_s =~ /^([0-9]+)$/ - raise Puppet::Error, "invalid port value '#{value}'" \ - unless (0 < Regexp.last_match[0].to_i) \ - and (Regexp.last_match[0].to_i < 65_535) - end - end - - extender.newparam(:protocol) do - desc 'Protocol to use for communication with Elasticsearch.' - defaultto 'http' - end - - extender.newparam(:timeout) do - desc 'HTTP timeout for reading/writing content to Elasticsearch.' - defaultto 10 - - munge do |value| - if value.is_a? String - value.to_i - elsif value.is_a? Integer - value - else - raise Puppet::Error, "unknown '#{value}' timeout type #{value.class}" - end - end - - validate do |value| - if value.to_s !~ /^\d+$/ - raise Puppet::Error, 'timeout must be a positive integer' - end - end - end - - extender.newparam(:username) do - desc 'Optional HTTP basic auth username for Elasticsearch.' - end - - extender.newparam( - :validate_tls, - :boolean => true, - :parent => Puppet::Parameter::Boolean - ) do - desc 'Whether to verify TLS/SSL certificates.' - defaultto true - end - end -end # of newtype diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/es_versioning.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/es_versioning.rb deleted file mode 100644 index c3e82490b..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/es_versioning.rb +++ /dev/null @@ -1,61 +0,0 @@ -module Puppet_X - module Elastic - # Assists with discerning the locally installed version of Elasticsearch. - # Implemented in a way to be called from native types and providers in order - # to lazily fetch the package version from various arcane Puppet mechanisms. - class EsVersioning - # All of the default options we'll set for Elasticsearch's command - # invocation. - DEFAULT_OPTS = { - 'home' => 'ES_HOME', - 'logs' => 'LOG_DIR', - 'data' => 'DATA_DIR', - 'work' => 'WORK_DIR', - 'conf' => 'CONF_DIR' - }.freeze - - # Create an array of command-line flags to append to an `elasticsearch` - # startup command. - def self.opt_flags(package_name, catalog, opts = DEFAULT_OPTS.dup) - opt_flag = opt_flag(min_version('5.0.0', package_name, catalog)) - - opts.delete 'work' if min_version '5.0.0', package_name, catalog - opts.delete 'home' if min_version '5.4.0', package_name, catalog - - opt_args = if min_version '6.0.0', package_name, catalog - [] - else - opts.map do |k, v| - "-#{opt_flag}default.path.#{k}=${#{v}}" - end.sort - end - - opt_args << '--quiet' if min_version '5.0.0', package_name, catalog - - [opt_flag, opt_args] - end - - # Get the correct option flag depending on whether Elasticsearch is post - # version 5. - def self.opt_flag(v5_or_later) - v5_or_later ? 'E' : 'Des.' - end - - # Predicate to determine whether a package is at least a certain version. - def self.min_version(ver, package_name, catalog) - Puppet::Util::Package.versioncmp( - version(package_name, catalog), ver - ) >= 0 - end - - # Fetch the package version for a locally installed package. - def self.version(package_name, catalog) - if (es_pkg = catalog.resource("Package[#{package_name}]")) - es_pkg.provider.properties[:version] || es_pkg.provider.properties[:ensure] - else - raise Puppet::Error, "could not find `Package[#{package_name}]` resource" - end - end - end - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/hash.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/hash.rb deleted file mode 100644 index a9f4fc334..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/hash.rb +++ /dev/null @@ -1,73 +0,0 @@ -# Custom extensions namespace -module Puppet_X - # Elastic helpers - module Elastic - # Utility extension for consistent to_yaml behavior. - module SortedHash - # Upon extension, modify the hash appropriately to render - # sorted yaml dependent upon whichever way is supported for - # this version of Puppet/Ruby's yaml implementation. - # rubocop:disable Metrics/CyclomaticComplexity - # rubocop:disable Metrics/PerceivedComplexity - def self.extended(base) - if RUBY_VERSION >= '1.9' - # We can sort the hash in Ruby >= 1.9 by recursively - # re-inserting key/values in sorted order. Native to_yaml will - # call .each and get sorted pairs back. - tmp = base.to_a.sort - base.clear - tmp.each do |key, val| - if val.is_a? base.class - val.extend Puppet_X::Elastic::SortedHash - elsif val.is_a? Array - val.map do |elem| - if elem.is_a? base.class - elem.extend(Puppet_X::Elastic::SortedHash) - else - elem - end - end - end - base[key] = val - end - else - # Otherwise, recurse into the hash to extend all nested - # hashes with the sorted each_pair method. - # - # Ruby < 1.9 doesn't support any notion of sorted hashes, - # so we have to expressly monkey patch each_pair, which is - # called by ZAML (the yaml library used in Puppet < 4; Puppet - # >= 4 deprecates Ruby 1.8) - # - # Note that respond_to? is used here as there were weird - # problems with .class/.is_a? - base.merge! base do |_, ov, _| - if ov.respond_to? :each_pair - ov.extend Puppet_X::Elastic::SortedHash - elsif ov.is_a? Array - ov.map do |elem| - if elem.respond_to? :each_pair - elem.extend Puppet_X::Elastic::SortedHash - else - elem - end - end - else - ov - end - end - end - end - # rubocop:enable Metrics/CyclomaticComplexity - # rubocop:enable Metrics/PerceivedComplexity - - # Override each_pair with a method that yields key/values in - # sorted order. - def each_pair - keys.sort.each do |key| - yield key, self[key] - end - end - end - end -end diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/plugin_parsing.rb b/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/plugin_parsing.rb deleted file mode 100644 index 5e1f98c19..000000000 --- a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/plugin_parsing.rb +++ /dev/null @@ -1,33 +0,0 @@ -class ElasticPluginParseFailure < StandardError; end - -module Puppet_X - # Custom functions for plugin string parsing. - module Elastic - def self.plugin_name(raw_name) - plugin_split(raw_name, 1) - end - - def self.plugin_version(raw_name) - v = plugin_split(raw_name, 2, false).gsub(/^[^0-9]*/, '') - raise ElasticPluginParseFailure, "could not parse version, got '#{v}'" if v.empty? - v - end - - # Attempt to guess at the plugin's final directory name - def self.plugin_split(original_string, position, soft_fail = true) - # Try both colon (maven) and slash-delimited (github/elastic.co) names - %w[/ :].each do |delimiter| - parts = original_string.split(delimiter) - # If the string successfully split, assume we found the right format - return parts[position].gsub(/(elasticsearch-|es-)/, '') unless parts[position].nil? - end - - raise( - ElasticPluginParseFailure, - "could not find element '#{position}' in #{original_string}" - ) unless soft_fail - - original_string - end - end # of Elastic -end # of Puppet_X diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/config.pp b/modules/utilities/unix/logging/elasticsearch/manifests/config.pp deleted file mode 100644 index a6e0ecdd3..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/config.pp +++ /dev/null @@ -1,175 +0,0 @@ -# This class exists to coordinate all configuration related actions, -# functionality and logical units in a central place. -# -# It is not intended to be used directly by external resources like node -# definitions or other modules. -# -# @example importing this class into other classes to use its functionality: -# class { 'elasticsearch::config': } -# -# @author Richard Pijnenburg -# @author Tyler Langlois -# -class elasticsearch::config { - - #### Configuration - - Exec { - path => [ '/bin', '/usr/bin', '/usr/local/bin' ], - cwd => '/', - } - - if ( $elasticsearch::ensure == 'present' ) { - - file { - $elasticsearch::configdir: - ensure => 'directory', - group => $elasticsearch::elasticsearch_group, - owner => 'root', - mode => '2750'; - $elasticsearch::datadir: - ensure => 'directory', - group => $elasticsearch::elasticsearch_group, - owner => $elasticsearch::elasticsearch_user; - $elasticsearch::logdir: - ensure => 'directory', - group => $elasticsearch::elasticsearch_group, - owner => $elasticsearch::elasticsearch_user, - mode => '0750', - recurse => true; - $elasticsearch::plugindir: - ensure => 'directory', - group => $elasticsearch::elasticsearch_group, - owner => $elasticsearch::elasticsearch_user, - mode => 'o+Xr'; - "${elasticsearch::homedir}/lib": - ensure => 'directory', - group => '0', - owner => 'root', - recurse => true; - $elasticsearch::homedir: - ensure => 'directory', - group => $elasticsearch::elasticsearch_group, - owner => $elasticsearch::elasticsearch_user; - "${elasticsearch::homedir}/templates_import": - ensure => 'directory', - group => $elasticsearch::elasticsearch_group, - owner => $elasticsearch::elasticsearch_user, - mode => '0755'; - "${elasticsearch::homedir}/scripts": - ensure => 'directory', - group => $elasticsearch::elasticsearch_group, - owner => $elasticsearch::elasticsearch_user, - mode => '0755'; - "${elasticsearch::configdir}/scripts": - ensure => 'directory', - source => "${elasticsearch::homedir}/scripts", - mode => '0755', - recurse => 'remote', - owner => $elasticsearch::elasticsearch_user, - group => $elasticsearch::elasticsearch_group; - '/etc/elasticsearch/elasticsearch.yml': - ensure => 'absent'; - '/etc/elasticsearch/jvm.options': - ensure => 'absent'; - '/etc/elasticsearch/logging.yml': - ensure => 'absent'; - '/etc/elasticsearch/log4j2.properties': - ensure => 'absent'; - } - - if $elasticsearch::pid_dir { - file { $elasticsearch::pid_dir: - ensure => 'directory', - group => undef, - owner => $elasticsearch::elasticsearch_user, - recurse => true, - } - - if ($elasticsearch::service_provider == 'systemd') { - $group = $elasticsearch::elasticsearch_group - $user = $elasticsearch::elasticsearch_user - $pid_dir = $elasticsearch::pid_dir - - file { '/usr/lib/tmpfiles.d/elasticsearch.conf': - ensure => 'file', - content => template("${module_name}/usr/lib/tmpfiles.d/elasticsearch.conf.erb"), - group => '0', - owner => 'root', - } - } - } - - if ($elasticsearch::service_provider == 'systemd') { - # Mask default unit (from package) - service { 'elasticsearch' : - ensure => false, - enable => 'mask', - } - } else { - service { 'elasticsearch': - ensure => false, - enable => false, - } - } - - if $elasticsearch::defaults_location { - augeas { "${elasticsearch::defaults_location}/elasticsearch": - incl => "${elasticsearch::defaults_location}/elasticsearch", - lens => 'Shellvars.lns', - changes => [ - 'rm CONF_FILE', - 'rm CONF_DIR', - 'rm ES_PATH_CONF', - ], - } - - file { "${elasticsearch::defaults_location}/elasticsearch": - ensure => 'file', - group => $elasticsearch::elasticsearch_group, - owner => $elasticsearch::elasticsearch_user, - mode => '0640'; - } - } - - if $::elasticsearch::security_plugin != undef and ($::elasticsearch::security_plugin in ['shield', 'x-pack']) { - file { "${::elasticsearch::configdir}/${::elasticsearch::security_plugin}" : - ensure => 'directory', - owner => 'root', - group => $elasticsearch::elasticsearch_group, - mode => '0750', - } - } - - # Define logging config file for the in-use security plugin - if $::elasticsearch::security_logging_content != undef or $::elasticsearch::security_logging_source != undef { - if $::elasticsearch::security_plugin == undef or ! ($::elasticsearch::security_plugin in ['shield', 'x-pack']) { - fail("\"${::elasticsearch::security_plugin}\" is not a valid security_plugin parameter value") - } - - $_security_logging_file = $::elasticsearch::security_plugin ? { - 'shield' => 'logging.yml', - default => 'log4j2.properties' - } - - file { "/etc/elasticsearch/${::elasticsearch::security_plugin}/${_security_logging_file}" : - content => $::elasticsearch::security_logging_content, - source => $::elasticsearch::security_logging_source, - } - } - - } elsif ( $elasticsearch::ensure == 'absent' ) { - - file { $elasticsearch::plugindir: - ensure => 'absent', - force => true, - backup => false, - } - - file { "${elasticsearch::configdir}/jvm.options": - ensure => 'absent', - } - - } - -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/index.pp b/modules/utilities/unix/logging/elasticsearch/manifests/index.pp deleted file mode 100644 index 1f58ad59a..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/index.pp +++ /dev/null @@ -1,77 +0,0 @@ -# A defined type to control Elasticsearch index-level settings. -# -# @param ensure -# Controls whether the named pipeline should be present or absent in -# the cluster. -# -# @param api_basic_auth_password -# HTTP basic auth password to use when communicating over the Elasticsearch -# API. -# -# @param api_basic_auth_username -# HTTP basic auth username to use when communicating over the Elasticsearch -# API. -# -# @param api_ca_file -# Path to a CA file which will be used to validate server certs when -# communicating with the Elasticsearch API over HTTPS. -# -# @param api_ca_path -# Path to a directory with CA files which will be used to validate server -# certs when communicating with the Elasticsearch API over HTTPS. -# -# @param api_host -# Host name or IP address of the ES instance to connect to. -# -# @param api_port -# Port number of the ES instance to connect to -# -# @param api_protocol -# Protocol that should be used to connect to the Elasticsearch API. -# -# @param api_timeout -# Timeout period (in seconds) for the Elasticsearch API. -# -# @param settings -# Index settings in hash form (typically nested). -# -# @param validate_tls -# Determines whether the validity of SSL/TLS certificates received from the -# Elasticsearch API should be verified or ignored. -# -# @author Richard Pijnenburg -# @author Tyler Langlois -# -define elasticsearch::index ( - Enum['absent', 'present'] $ensure = 'present', - Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, - Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, - Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, - Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, - String $api_host = $elasticsearch::api_host, - Integer[0, 65535] $api_port = $elasticsearch::api_port, - Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, - Integer $api_timeout = $elasticsearch::api_timeout, - Hash $settings = {}, - Boolean $validate_tls = $elasticsearch::validate_tls, -) { - - es_instance_conn_validator { "${name}-index-conn-validator": - server => $api_host, - port => $api_port, - timeout => $api_timeout, - } - -> elasticsearch_index { $name: - ensure => $ensure, - settings => $settings, - protocol => $api_protocol, - host => $api_host, - port => $api_port, - timeout => $api_timeout, - username => $api_basic_auth_username, - password => $api_basic_auth_password, - ca_file => $api_ca_file, - ca_path => $api_ca_path, - validate_tls => $validate_tls, - } -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/init.pp b/modules/utilities/unix/logging/elasticsearch/manifests/init.pp deleted file mode 100644 index 324eef80f..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/init.pp +++ /dev/null @@ -1,581 +0,0 @@ -# Top-level Elasticsearch class which may manage installation of the -# Elasticsearch package, package repository, and other -# global options and parameters. -# -# @summary Manages the installation of Elasticsearch and related options. -# -# @example install Elasticsearch -# class { 'elasticsearch': } -# -# @example removal and decommissioning -# class { 'elasticsearch': -# ensure => 'absent', -# } -# -# @example install everything but disable service(s) afterwards -# class { 'elasticsearch': -# status => 'disabled', -# } -# -# @param ensure -# Controls if the managed resources shall be `present` or `absent`. -# If set to `absent`, the managed software packages will be uninstalled, and -# any traces of the packages will be purged as well as possible, possibly -# including existing configuration files. -# System modifications (if any) will be reverted as well as possible (e.g. -# removal of created users, services, changed log settings, and so on). -# This is a destructive parameter and should be used with care. -# -# @param api_basic_auth_password -# Defines the default REST basic auth password for API authentication. -# -# @param api_basic_auth_username -# Defines the default REST basic auth username for API authentication. -# -# @param api_ca_file -# Path to a CA file which will be used to validate server certs when -# communicating with the Elasticsearch API over HTTPS. -# -# @param api_ca_path -# Path to a directory with CA files which will be used to validate server -# certs when communicating with the Elasticsearch API over HTTPS. -# -# @param api_host -# Default host to use when accessing Elasticsearch APIs. -# -# @param api_port -# Default port to use when accessing Elasticsearch APIs. -# -# @param api_protocol -# Default protocol to use when accessing Elasticsearch APIs. -# -# @param api_timeout -# Default timeout (in seconds) to use when accessing Elasticsearch APIs. -# -# @param autoupgrade -# If set to `true`, any managed package will be upgraded on each Puppet run -# when the package provider is able to find a newer version than the present -# one. The exact behavior is provider dependent (see -# {package, "upgradeable"}[http://j.mp/xbxmNP] in the Puppet documentation). -# -# @param config -# Elasticsearch configuration hash. -# -# @param configdir -# Directory containing the elasticsearch configuration. -# Use this setting if your packages deviate from the norm (`/etc/elasticsearch`) -# -# @param daily_rolling_date_pattern -# File pattern for the file appender log when file_rolling_type is 'dailyRollingFile'. -# -# @param datadir -# Allows you to set the data directory of Elasticsearch. -# -# @param datadir_instance_directories -# Control whether individual directories for instances will be created within -# each instance's data directory. -# -# @param default_logging_level -# Default logging level for Elasticsearch. -# -# @param defaults_location -# Absolute path to directory containing init defaults file. -# -# @param download_tool -# Command-line invocation with which to retrieve an optional package_url. -# -# @param download_tool_insecure -# Command-line invocation with which to retrieve an optional package_url when -# certificate verification should be ignored. -# -# @param download_tool_verify_certificates -# Whether or not to verify SSL/TLS certificates when retrieving package files -# using a download tool instead of a package management provider. -# -# @param elasticsearch_group -# The group Elasticsearch should run as. This also sets file group -# permissions. -# -# @param elasticsearch_user -# The user Elasticsearch should run as. This also sets file ownership. -# -# @param file_rolling_type -# Configuration for the file appender rotation. It can be 'dailyRollingFile', -# 'rollingFile' or 'file'. The first rotates by name, the second one by size -# or third don't rotate automatically. -# -# @param homedir -# Directory where the elasticsearch installation's files are kept (plugins, etc.) -# -# @param indices -# Define indices via a hash. This is mainly used with Hiera's auto binding. -# -# @param init_defaults -# Defaults file content in hash representation. -# -# @param init_defaults_file -# Defaults file as puppet resource. -# -# @param init_template -# Service file as a template. -# -# @param instances -# Define instances via a hash. This is mainly used with Hiera's auto binding. -# -# @param jvm_options -# Array of options to set in jvm_options. -# -# @param license -# Optional Elasticsearch license in hash or string form. -# -# @param logdir -# Directory that will be used for Elasticsearch logging. -# -# @param logging_config -# Representation of information to be included in the logging.yml file. -# -# @param logging_file -# Instead of a hash, you may supply a `puppet://` file source for the -# logging.yml file. -# -# @param logging_template -# Use a custom logging template - just supply the relative path, i.e. -# `$module/elasticsearch/logging.yml.erb` -# -# @param manage_repo -# Enable repo management by enabling official Elastic repositories. -# -# @param oss -# Whether to use the purely open source Elasticsearch package distribution. -# -# @param package_dir -# Directory where packages are downloaded to. -# -# @param package_dl_timeout -# For http, https, and ftp downloads, you may set how long the exec resource -# may take. -# -# @param package_name -# Name Of the package to install. -# -# @param package_provider -# Method to install the packages, currently only `package` is supported. -# -# @param package_url -# URL of the package to download. -# This can be an http, https, or ftp resource for remote packages, or a -# `puppet://` resource or `file:/` for local packages -# -# @param pid_dir -# Directory where the elasticsearch process should write out its PID. -# -# @param pipelines -# Define pipelines via a hash. This is mainly used with Hiera's auto binding. -# -# @param plugindir -# Directory containing elasticsearch plugins. -# Use this setting if your packages deviate from the norm (/usr/share/elasticsearch/plugins) -# -# @param plugins -# Define plugins via a hash. This is mainly used with Hiera's auto binding. -# -# @param proxy_url -# For http and https downloads, you may set a proxy server to use. By default, -# no proxy is used. -# Format: `proto://[user:pass@]server[:port]/` -# -# @param purge_configdir -# Purge the config directory of any unmanaged files. -# -# @param purge_package_dir -# Purge package directory on removal -# -# @param purge_secrets -# Whether or not keys present in the keystore will be removed if they are not -# present in the specified secrets hash. -# -# @param repo_stage -# Use stdlib stage setup for managing the repo instead of relationship -# ordering. -# -# @param restart_on_change -# Determines if the application should be automatically restarted -# whenever the configuration, package, or plugins change. Enabling this -# setting will cause Elasticsearch to restart whenever there is cause to -# re-read configuration files, load new plugins, or start the service using an -# updated/changed executable. This may be undesireable in highly available -# environments. If all other restart_* parameters are left unset, the value of -# `restart_on_change` is used for all other restart_*_change defaults. -# -# @param restart_config_change -# Determines if the application should be automatically restarted -# whenever the configuration changes. This includes the Elasticsearch -# configuration file, any service files, and defaults files. -# Disabling automatic restarts on config changes may be desired in an -# environment where you need to ensure restarts occur in a controlled/rolling -# manner rather than during a Puppet run. -# -# @param restart_package_change -# Determines if the application should be automatically restarted -# whenever the package (or package version) for Elasticsearch changes. -# Disabling automatic restarts on package changes may be desired in an -# environment where you need to ensure restarts occur in a controlled/rolling -# manner rather than during a Puppet run. -# -# @param restart_plugin_change -# Determines if the application should be automatically restarted whenever -# plugins are installed or removed. -# Disabling automatic restarts on plugin changes may be desired in an -# environment where you need to ensure restarts occur in a controlled/rolling -# manner rather than during a Puppet run. -# -# @param roles -# Define roles via a hash. This is mainly used with Hiera's auto binding. -# -# @param rolling_file_max_backup_index -# Max number of logs to store whern file_rolling_type is 'rollingFile' -# -# @param rolling_file_max_file_size -# Max log file size when file_rolling_type is 'rollingFile' -# -# @param scripts -# Define scripts via a hash. This is mainly used with Hiera's auto binding. -# -# @param secrets -# Optional default configuration hash of key/value pairs to store in the -# Elasticsearch keystore file. If unset, the keystore is left unmanaged. -# -# @param security_logging_content -# File content for shield/x-pack logging configuration file (will be placed -# into logging.yml or log4j2.properties file as appropriate). -# -# @param security_logging_source -# File source for shield/x-pack logging configuration file (will be placed -# into logging.yml or log4j2.properties file as appropriate). -# -# @param security_plugin -# Which security plugin will be used to manage users, roles, and -# certificates. -# -# @param service_provider -# The service resource type provider to use when managing elasticsearch instances. -# -# @param snapshot_repositories -# Define snapshot repositories via a hash. This is mainly used with Hiera's auto binding. -# -# @param status -# To define the status of the service. If set to `enabled`, the service will -# be run and will be started at boot time. If set to `disabled`, the service -# is stopped and will not be started at boot time. If set to `running`, the -# service will be run but will not be started at boot time. You may use this -# to start a service on the first Puppet run instead of the system startup. -# If set to `unmanaged`, the service will not be started at boot time and Puppet -# does not care whether the service is running or not. For example, this may -# be useful if a cluster management software is used to decide when to start -# the service plus assuring it is running on the desired node. -# -# @param system_key -# Source for the Shield/x-pack system key. Valid values are any that are -# supported for the file resource `source` parameter. -# -# @param systemd_service_path -# Path to the directory in which to install systemd service units. -# -# @param templates -# Define templates via a hash. This is mainly used with Hiera's auto binding. -# -# @param users -# Define templates via a hash. This is mainly used with Hiera's auto binding. -# -# @param validate_tls -# Enable TLS/SSL validation on API calls. -# -# @param version -# To set the specific version you want to install. -# -# @author Richard Pijnenburg -# @author Tyler Langlois -# -class elasticsearch ( - Enum['absent', 'present'] $ensure, - Optional[String] $api_basic_auth_password, - Optional[String] $api_basic_auth_username, - Optional[String] $api_ca_file, - Optional[String] $api_ca_path, - String $api_host, - Integer[0, 65535] $api_port, - Enum['http', 'https'] $api_protocol, - Integer $api_timeout, - Boolean $autoupgrade, - Hash $config, - Stdlib::Absolutepath $configdir, - String $daily_rolling_date_pattern, - Elasticsearch::Multipath $datadir, - Boolean $datadir_instance_directories, - String $default_logging_level, - Optional[Stdlib::Absolutepath] $defaults_location, - Optional[String] $download_tool, - Optional[String] $download_tool_insecure, - Boolean $download_tool_verify_certificates, - String $elasticsearch_group, - String $elasticsearch_user, - Enum['dailyRollingFile', 'rollingFile', 'file'] $file_rolling_type, - Stdlib::Absolutepath $homedir, - Hash $indices, - Hash $init_defaults, - Optional[String] $init_defaults_file, - String $init_template, - Hash $instances, - Array[String] $jvm_options, - Optional[Variant[String, Hash]] $license, - Stdlib::Absolutepath $logdir, - Hash $logging_config, - Optional[String] $logging_file, - Optional[String] $logging_template, - Boolean $manage_repo, - Boolean $oss, - Stdlib::Absolutepath $package_dir, - Integer $package_dl_timeout, - String $package_name, - Enum['package'] $package_provider, - Optional[String] $package_url, - Optional[Stdlib::Absolutepath] $pid_dir, - Hash $pipelines, - Stdlib::Absolutepath $plugindir, - Hash $plugins, - Optional[Stdlib::HTTPUrl] $proxy_url, - Boolean $purge_configdir, - Boolean $purge_package_dir, - Boolean $purge_secrets, - Variant[Boolean, String] $repo_stage, - Boolean $restart_on_change, - Hash $roles, - Integer $rolling_file_max_backup_index, - String $rolling_file_max_file_size, - Hash $scripts, - Optional[Hash] $secrets, - Optional[String] $security_logging_content, - Optional[String] $security_logging_source, - Optional[Enum['shield', 'x-pack']] $security_plugin, - Enum['init', 'openbsd', 'openrc', 'systemd'] $service_provider, - Hash $snapshot_repositories, - Elasticsearch::Status $status, - Optional[String] $system_key, - Stdlib::Absolutepath $systemd_service_path, - Hash $templates, - Hash $users, - Boolean $validate_tls, - Variant[String, Boolean] $version, - Boolean $restart_config_change = $restart_on_change, - Boolean $restart_package_change = $restart_on_change, - Boolean $restart_plugin_change = $restart_on_change, -) { - - #### Validate parameters - - if ($package_url != undef and $version != false) { - fail('Unable to set the version number when using package_url option.') - } - - if ($version != false) { - case $facts['os']['family'] { - 'RedHat', 'Linux', 'Suse': { - if ($version =~ /.+-\d/) { - $pkg_version = $version - } else { - $pkg_version = "${version}-1" - } - } - default: { - $pkg_version = $version - } - } - } - - # This value serves as an unchanging default for platforms as a default for - # init scripts to fallback on. - $_datadir_default = $facts['kernel'] ? { - 'Linux' => '/var/lib/elasticsearch', - 'OpenBSD' => '/var/elasticsearch/data', - default => undef, - } - - # The OSS package distribution's package appends `-oss` to the end of the - # canonical package name. - $_package_name = $oss ? { - true => "${package_name}-oss", - default => $package_name, - } - - #### Manage actions - - contain elasticsearch::package - contain elasticsearch::config - - create_resources('elasticsearch::index', $::elasticsearch::indices) - create_resources('elasticsearch::instance', $::elasticsearch::instances) - create_resources('elasticsearch::pipeline', $::elasticsearch::pipelines) - create_resources('elasticsearch::plugin', $::elasticsearch::plugins) - create_resources('elasticsearch::role', $::elasticsearch::roles) - create_resources('elasticsearch::script', $::elasticsearch::scripts) - create_resources('elasticsearch::snapshot_repository', $::elasticsearch::snapshot_repositories) - create_resources('elasticsearch::template', $::elasticsearch::templates) - create_resources('elasticsearch::user', $::elasticsearch::users) - - if ($manage_repo == true) { - if ($repo_stage == false) { - # Use normal relationship ordering - contain elastic_stack::repo - - Class['elastic_stack::repo'] - -> Class['elasticsearch::package'] - - } else { - # Use staging for ordering - if !(defined(Stage[$repo_stage])) { - stage { $repo_stage: before => Stage['main'] } - } - - include elastic_stack::repo - Class<|title == 'elastic_stack::repo'|>{ - stage => $repo_stage, - } - } - } - - if ($license != undef) { - contain elasticsearch::license - } - - #### Manage relationships - # - # Note that many of these overly verbose declarations work around - # https://tickets.puppetlabs.com/browse/PUP-1410 - # which means clean arrow order chaining won't work if someone, say, - # doesn't declare any plugins. - # - # forgive me for what you're about to see - - if defined(Class['java']) { Class['java'] -> Class['elasticsearch::config'] } - - if $ensure == 'present' { - - # Installation and configuration - Class['elasticsearch::package'] - -> Class['elasticsearch::config'] - - # Top-level ordering bindings for resources. - Class['elasticsearch::config'] - -> Elasticsearch::Plugin <| ensure == 'present' or ensure == 'installed' |> - Elasticsearch::Plugin <| ensure == 'absent' |> - -> Class['elasticsearch::config'] - Class['elasticsearch::config'] - -> Elasticsearch::Instance <| |> - Class['elasticsearch::config'] - -> Elasticsearch::User <| |> - Class['elasticsearch::config'] - -> Elasticsearch::Role <| |> - Class['elasticsearch::config'] - -> Elasticsearch::Template <| |> - Class['elasticsearch::config'] - -> Elasticsearch::Pipeline <| |> - Class['elasticsearch::config'] - -> Elasticsearch::Index <| |> - Class['elasticsearch::config'] - -> Elasticsearch::Snapshot_repository <| |> - - } else { - - # Absent; remove configuration before the package. - Class['elasticsearch::config'] - -> Class['elasticsearch::package'] - - # Top-level ordering bindings for resources. - Elasticsearch::Plugin <| |> - -> Class['elasticsearch::config'] - Elasticsearch::Instance <| |> - -> Class['elasticsearch::config'] - Elasticsearch::User <| |> - -> Class['elasticsearch::config'] - Elasticsearch::Role <| |> - -> Class['elasticsearch::config'] - Elasticsearch::Template <| |> - -> Class['elasticsearch::config'] - Elasticsearch::Pipeline <| |> - -> Class['elasticsearch::config'] - Elasticsearch::Index <| |> - -> Class['elasticsearch::config'] - Elasticsearch::Snapshot_repository <| |> - -> Class['elasticsearch::config'] - - } - - # Install plugins before managing instances or users/roles - Elasticsearch::Plugin <| ensure == 'present' or ensure == 'installed' |> - -> Elasticsearch::Instance <| |> - Elasticsearch::Plugin <| ensure == 'present' or ensure == 'installed' |> - -> Elasticsearch::User <| |> - Elasticsearch::Plugin <| ensure == 'present' or ensure == 'installed' |> - -> Elasticsearch::Role <| |> - - # Remove plugins after managing users/roles - Elasticsearch::User <| |> - -> Elasticsearch::Plugin <| ensure == 'absent' |> - Elasticsearch::Role <| |> - -> Elasticsearch::Plugin <| ensure == 'absent' |> - - # Ensure roles are defined before managing users that reference roles - Elasticsearch::Role <| |> - -> Elasticsearch::User <| ensure == 'present' |> - # Ensure users are removed before referenced roles are managed - Elasticsearch::User <| ensure == 'absent' |> - -> Elasticsearch::Role <| |> - - # Ensure users and roles are managed before calling out to REST resources - Elasticsearch::Role <| |> - -> Elasticsearch::Template <| |> - Elasticsearch::User <| |> - -> Elasticsearch::Template <| |> - Elasticsearch::Role <| |> - -> Elasticsearch::Pipeline <| |> - Elasticsearch::User <| |> - -> Elasticsearch::Pipeline <| |> - Elasticsearch::Role <| |> - -> Elasticsearch::Index <| |> - Elasticsearch::User <| |> - -> Elasticsearch::Index <| |> - Elasticsearch::Role <| |> - -> Elasticsearch::Snapshot_repository <| |> - Elasticsearch::User <| |> - -> Elasticsearch::Snapshot_repository <| |> - - # Ensure that any command-line based user changes are performed before the - # file is modified - Elasticsearch_user <| |> - -> Elasticsearch_user_file <| |> - - # Manage users/roles before instances (req'd to keep dir in sync) - Elasticsearch::Role <| |> - -> Elasticsearch::Instance <| |> - Elasticsearch::User <| |> - -> Elasticsearch::Instance <| |> - - # Ensure instances are started before managing REST resources - Elasticsearch::Instance <| ensure == 'present' |> - -> Elasticsearch::Template <| |> - Elasticsearch::Instance <| ensure == 'present' |> - -> Elasticsearch::Pipeline <| |> - Elasticsearch::Instance <| ensure == 'present' |> - -> Elasticsearch::Index <| |> - Elasticsearch::Instance <| ensure == 'present' |> - -> Elasticsearch::Snapshot_repository <| |> - # Ensure instances are stopped after managing REST resources - Elasticsearch::Template <| |> - -> Elasticsearch::Instance <| ensure == 'absent' |> - Elasticsearch::Pipeline <| |> - -> Elasticsearch::Instance <| ensure == 'absent' |> - Elasticsearch::Index <| |> - -> Elasticsearch::Instance <| ensure == 'absent' |> - Elasticsearch::Snapshot_repository <| |> - -> Elasticsearch::Instance <| ensure == 'absent' |> -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/instance.pp b/modules/utilities/unix/logging/elasticsearch/manifests/instance.pp deleted file mode 100644 index 5bdac8646..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/instance.pp +++ /dev/null @@ -1,533 +0,0 @@ -# This define allows you to create or remove an elasticsearch instance -# -# @param ensure -# Controls if the managed resources shall be `present` or `absent`. -# If set to `absent`, the managed software packages will be uninstalled, and -# any traces of the packages will be purged as well as possible, possibly -# including existing configuration files. -# System modifications (if any) will be reverted as well as possible (e.g. -# removal of created users, services, changed log settings, and so on). -# This is a destructive parameter and should be used with care. -# -# @param ca_certificate -# Path to the trusted CA certificate to add to this node's java keystore. -# -# @param certificate -# Path to the certificate for this node signed by the CA listed in -# ca_certificate. -# -# @param config -# Elasticsearch configuration hash. -# -# @param configdir -# Path to directory containing the elasticsearch configuration. -# Use this setting if your packages deviate from the norm (/etc/elasticsearch). -# -# @param daily_rolling_date_pattern -# File pattern for the file appender log when file_rolling_type is `dailyRollingFile` -# -# @param datadir -# Allows you to set the data directory of Elasticsearch -# -# @param datadir_instance_directories -# Control whether individual directories for instances will be created within -# each instance's data directory. -# -# @param deprecation_logging -# Wheter to enable deprecation logging. If enabled, deprecation logs will be -# saved to ${cluster.name}_deprecation.log in the elastic search log folder. -# -# @param deprecation_logging_level -# Default deprecation logging level for Elasticsearch. -# -# @param file_rolling_type -# Configuration for the file appender rotation. It can be `dailyRollingFile` -# or `rollingFile`. The first rotates by name, and the second one by size. -# -# @param init_defaults -# Defaults file content in hash representation. -# -# @param init_defaults_file -# Defaults file as puppet resource. -# -# @param init_template -# Service file as a template -# -# @param jvm_options -# Array of options to set in jvm_options. -# -# @param keystore_password -# Password to encrypt this node's Java keystore. -# -# @param keystore_path -# Custom path to the java keystore file. This parameter is optional. -# -# @param logdir -# Log directory for this instance. -# -# @param logging_config -# Hash representation of information you want in the logging.yml file. -# -# @param logging_file -# Instead of a hash you can supply a puppet:// file source for the logging.yml file -# -# @param logging_level -# Default logging level for Elasticsearch. -# -# @param logging_template -# Use a custom logging template - just supply the reative path, ie -# $module_name/elasticsearch/logging.yml.erb -# -# @param private_key -# Path to the key associated with this node's certificate. -# -# @param purge_secrets -# Whether or not keys present in the keystore will be removed if they are not -# present in the specified secrets hash. -# -# @param rolling_file_max_backup_index -# Max number of logs to store whern file_rolling_type is `rollingFile` -# -# @param rolling_file_max_file_size -# Max log file size when file_rolling_type is `rollingFile` -# -# @param secrets -# Optional configuration hash of key/value pairs to store in the instance's -# Elasticsearch keystore file. If unset, the keystore is left unmanaged. -# -# @param security_plugin -# Which security plugin will be used to manage users, roles, and -# certificates. Inherited from top-level Elasticsearch class. -# -# @param service_flags -# Service flags used for the OpenBSD service configuration, defaults to undef. -# -# @param ssl -# Whether to manage TLS certificates for Shield. Requires the ca_certificate, -# certificate, private_key and keystore_password parameters to be set. -# -# @param status -# To define the status of the service. If set to `enabled`, the service will -# be run and will be started at boot time. If set to `disabled`, the service -# is stopped and will not be started at boot time. If set to `running`, the -# service will be run but will not be started at boot time. You may use this -# to start a service on the first Puppet run instead of the system startup. -# If set to `unmanaged`, the service will not be started at boot time and Puppet -# does not care whether the service is running or not. For example, this may -# be useful if a cluster management software is used to decide when to start -# the service plus assuring it is running on the desired node. -# -# @param system_key -# Source for the Shield system key. Valid values are any that are -# supported for the file resource `source` parameter. -# -# @author Richard Pijnenburg -# @author Tyler Langlois -# -define elasticsearch::instance ( - Enum['absent', 'present'] $ensure = $elasticsearch::ensure, - Optional[Stdlib::Absolutepath] $ca_certificate = undef, - Optional[Stdlib::Absolutepath] $certificate = undef, - Optional[Hash] $config = undef, - Stdlib::Absolutepath $configdir = "${elasticsearch::configdir}/${name}", - String $daily_rolling_date_pattern = $elasticsearch::daily_rolling_date_pattern, - Optional[Elasticsearch::Multipath] $datadir = undef, - Boolean $datadir_instance_directories = $elasticsearch::datadir_instance_directories, - Boolean $deprecation_logging = false, - String $deprecation_logging_level = 'DEBUG', - String $file_rolling_type = $elasticsearch::file_rolling_type, - Hash $init_defaults = {}, - Optional[Stdlib::Absolutepath] $init_defaults_file = undef, - String $init_template = $elasticsearch::init_template, - Array[String] $jvm_options = $elasticsearch::jvm_options, - Optional[String] $keystore_password = undef, - Optional[Stdlib::Absolutepath] $keystore_path = undef, - Stdlib::Absolutepath $logdir = "${elasticsearch::logdir}/${name}", - Hash $logging_config = {}, - Optional[String] $logging_file = undef, - String $logging_level = $elasticsearch::default_logging_level, - Optional[String] $logging_template = undef, - Optional[Stdlib::Absolutepath] $private_key = undef, - Boolean $purge_secrets = $elasticsearch::purge_secrets, - Integer $rolling_file_max_backup_index = $elasticsearch::rolling_file_max_backup_index, - String $rolling_file_max_file_size = $elasticsearch::rolling_file_max_file_size, - Optional[Hash] $secrets = undef, - Optional[Enum['shield', 'x-pack']] $security_plugin = $elasticsearch::security_plugin, - Optional[String] $service_flags = undef, - Boolean $ssl = false, - Elasticsearch::Status $status = $elasticsearch::status, - Optional[String] $system_key = $elasticsearch::system_key, -) { - - File { - owner => $elasticsearch::elasticsearch_user, - group => $elasticsearch::elasticsearch_group, - } - - Exec { - path => [ '/bin', '/usr/bin', '/usr/local/bin' ], - cwd => '/', - } - - # ensure - if ! ($ensure in [ 'present', 'absent' ]) { - fail("\"${ensure}\" is not a valid ensure parameter value") - } - - if $ssl or ($system_key != undef) { - if $security_plugin == undef or ! ($security_plugin in ['shield', 'x-pack']) { - fail("\"${security_plugin}\" is not a valid security_plugin parameter value") - } - } - - $notify_service = $elasticsearch::restart_config_change ? { - true => Elasticsearch::Service[$name], - false => undef, - } - - if ($ensure == 'present') { - - # Configuration hash - if ($config == undef) { - $instance_config = {} - } else { - $instance_config = deep_implode($config) - } - - if(has_key($instance_config, 'node.name')) { - $instance_node_name = {} - } else { - $instance_node_name = { 'node.name' => "${::hostname}-${name}" } - } - - # String or array for data dir(s) - if ($datadir == undef) { - if ($datadir_instance_directories) { - if $elasticsearch::datadir =~ Array { - $instance_datadir = array_suffix($elasticsearch::datadir, "/${name}") - } else { - $instance_datadir = "${elasticsearch::datadir}/${name}" - } - } else { - $instance_datadir = $elasticsearch::datadir - } - } else { - $instance_datadir = $datadir - } - - # Logging file or hash - if ($logging_file != undef) { - $logging_source = $logging_file - $logging_content = undef - $_log4j_content = undef - } elsif ($elasticsearch::logging_file != undef) { - $logging_source = $elasticsearch::logging_file - $logging_content = undef - $_log4j_content = undef - } else { - - $main_logging_config = deep_implode($elasticsearch::logging_config) - $instance_logging_config = deep_implode($logging_config) - - $logging_hash = merge( - # Shipped defaults - { - 'action' => 'DEBUG', - 'com.amazonaws' => 'WARN', - 'index.search.slowlog' => 'TRACE, index_search_slow_log_file', - 'index.indexing.slowlog' => 'TRACE, index_indexing_slow_log_file', - }, - $main_logging_config, - $instance_logging_config - ) - if ($logging_template != undef ) { - $logging_content = template($logging_template) - $_log4j_content = template($logging_template) - } elsif ($elasticsearch::logging_template != undef) { - $logging_content = template($elasticsearch::logging_template) - $_log4j_content = template($elasticsearch::logging_template) - } else { - $logging_content = template("${module_name}/etc/elasticsearch/logging.yml.erb") - $_log4j_content = template("${module_name}/etc/elasticsearch/log4j2.properties.erb") - } - $logging_source = undef - } - - $main_config = deep_implode($elasticsearch::config) - - $instance_datadir_config = { 'path.data' => $instance_datadir } - - if $instance_datadir =~ Array { - $dirs = join($instance_datadir, ' ') - } else { - $dirs = $instance_datadir - } - - if $ssl { - if ($keystore_password == undef) { - fail('keystore_password required') - } - - if ($keystore_path == undef) { - $_keystore_path = "${configdir}/${security_plugin}/${name}.ks" - } else { - validate_absolute_path($keystore_path) - $_keystore_path = $keystore_path - } - - if $security_plugin == 'shield' { - $tls_config = { - 'shield.transport.ssl' => true, - 'shield.http.ssl' => true, - 'shield.ssl.keystore.path' => $_keystore_path, - 'shield.ssl.keystore.password' => $keystore_password, - } - } elsif $security_plugin == 'x-pack' { - $tls_config = { - 'xpack.security.transport.ssl.enabled' => true, - 'xpack.security.http.ssl.enabled' => true, - 'xpack.ssl.keystore.path' => $_keystore_path, - 'xpack.ssl.keystore.password' => $keystore_password, - } - } - - # Trust CA Certificate - java_ks { "elasticsearch_instance_${name}_keystore_ca": - ensure => 'latest', - certificate => $ca_certificate, - target => $_keystore_path, - password => $keystore_password, - trustcacerts => true, - } - - # Load node certificate and private key - java_ks { "elasticsearch_instance_${name}_keystore_node": - ensure => 'latest', - certificate => $certificate, - private_key => $private_key, - target => $_keystore_path, - password => $keystore_password, - } - } else { $tls_config = {} } - - exec { "mkdir_logdir_elasticsearch_${name}": - command => "mkdir -p ${logdir}", - creates => $logdir, - require => Class['elasticsearch::package'], - before => File[$logdir], - } - - file { $logdir: - ensure => 'directory', - group => $elasticsearch::elasticsearch_group, - owner => $elasticsearch::elasticsearch_user, - mode => '0750', - require => Class['elasticsearch::package'], - before => Elasticsearch::Service[$name], - } - - if ($datadir_instance_directories) { - exec { "mkdir_datadir_elasticsearch_${name}": - command => "mkdir -p ${dirs}", - creates => $instance_datadir, - require => Class['elasticsearch::package'], - before => Elasticsearch::Service[$name], - } - -> file { $instance_datadir: - ensure => 'directory', - owner => $elasticsearch::elasticsearch_user, - group => undef, - mode => '0755', - require => Class['elasticsearch::package'], - before => Elasticsearch::Service[$name], - } - } - - exec { "mkdir_configdir_elasticsearch_${name}": - command => "mkdir -p ${configdir}", - creates => $elasticsearch::configdir, - require => Class['elasticsearch::package'], - before => Elasticsearch::Service[$name], - } - -> file { $configdir: - ensure => 'directory', - # Copy files from the stock configuration directory _into_ the instance - # configuration directory. This lets us pull in miscellaneous files that - # utilities may create (like X-Pack user/role files) into instance - # directories without explicitly naming them, since we can't predict all the - # files that plugins may create/manage. - # - # Special care is needed to avoid copying in _some_ directories/files to - # avoid overwriting instance-specific configuration files or other instance - # directories. - ignore => [ - "${elasticsearch::configdir}/elasticsearch.yml", - "${elasticsearch::configdir}/jvm.options", - "${elasticsearch::configdir}/logging.yml", - "${elasticsearch::configdir}/log4j2.properties", - ], - recurse => 'remote', - recurselimit => 1, - source => $elasticsearch::configdir, - purge => $elasticsearch::purge_configdir, - force => $elasticsearch::purge_configdir, - tag => [ - 'elasticsearch_instance_configdir', - ], - require => Class['elasticsearch::package'], - before => Elasticsearch::Service[$name], - notify => $notify_service, - } - - # Do _not_ copy in instance directories. This avoids a) recursing - # indefinitely by copying our own instance directory and b) copying in any - # other potential instance directories. - File <| tag == 'elasticsearch_instance_configdir' |> { - ignore +> $name - } - - file { "${configdir}/jvm.options": - before => Elasticsearch::Service[$name], - content => template("${module_name}/etc/elasticsearch/jvm.options.erb"), - group => $elasticsearch::elasticsearch_group, - notify => $notify_service, - owner => $elasticsearch::elasticsearch_user, - } - - file { - "${configdir}/logging.yml": - ensure => file, - content => $logging_content, - source => $logging_source, - mode => '0644', - notify => $notify_service, - require => Class['elasticsearch::package'], - before => Elasticsearch::Service[$name]; - "${configdir}/log4j2.properties": - ensure => file, - content => $_log4j_content, - source => $logging_source, - mode => '0644', - notify => $notify_service, - require => Class['elasticsearch::package'], - before => Elasticsearch::Service[$name]; - } - - if $security_plugin != undef { - file { "${configdir}/${security_plugin}": - ensure => 'directory', - mode => '0750', - source => "${elasticsearch::configdir}/${security_plugin}", - recurse => 'remote', - owner => 'root', - group => $elasticsearch::elasticsearch_group, - before => Elasticsearch::Service[$name], - notify => $notify_service, - } - } - - if $system_key != undef { - file { "${configdir}/${security_plugin}/system_key": - ensure => 'file', - source => $system_key, - mode => '0400', - before => Elasticsearch::Service[$name], - require => File["${configdir}/${security_plugin}"], - } - } - - # build up new config - $instance_conf = merge( - $main_config, - $instance_node_name, - $instance_datadir_config, - { 'path.logs' => $logdir }, - $tls_config, - $instance_config - ) - - # defaults file content - # ensure user did not provide both init_defaults and init_defaults_file - if ((!empty($init_defaults)) and ($init_defaults_file != undef)) { - fail ('Only one of $init_defaults and $init_defaults_file should be defined') - } - - $init_defaults_new = merge( - { 'DATA_DIR' => $elasticsearch::_datadir_default }, - $elasticsearch::init_defaults, - { - 'CONF_DIR' => $configdir, - 'ES_HOME' => $elasticsearch::homedir, - 'ES_JVM_OPTIONS' => "${configdir}/jvm.options", - 'ES_PATH_CONF' => $configdir, - 'LOG_DIR' => $logdir, - }, - $init_defaults - ) - - $user = $elasticsearch::elasticsearch_user - $group = $elasticsearch::elasticsearch_group - - datacat_fragment { "main_config_${name}": - target => "${configdir}/elasticsearch.yml", - data => $instance_conf, - } - - datacat { "${configdir}/elasticsearch.yml": - template => "${module_name}/etc/elasticsearch/elasticsearch.yml.erb", - notify => $notify_service, - require => Class['elasticsearch::package'], - owner => $elasticsearch::elasticsearch_user, - group => $elasticsearch::elasticsearch_group, - mode => '0440', - } - - if ($elasticsearch::secrets != undef or $secrets != undef) { - if ($elasticsearch::secrets != undef) { - $main_secrets = $elasticsearch::secrets - } else { - $main_secrets = {} - } - - if ($secrets != undef) { - $instance_secrets = $secrets - } else { - $instance_secrets = {} - } - - elasticsearch_keystore { $name : - configdir => $elasticsearch::configdir, - purge => $purge_secrets, - settings => merge($main_secrets, $instance_secrets), - notify => $notify_service, - } - } - - $require_service = Class['elasticsearch::package'] - $before_service = undef - - } else { - - file { $configdir: - ensure => 'absent', - recurse => true, - force => true, - } - - $require_service = undef - $before_service = File[$configdir] - - $init_defaults_new = {} - } - - elasticsearch::service { $name: - ensure => $ensure, - status => $status, - service_flags => $service_flags, - init_defaults => $init_defaults_new, - init_defaults_file => $init_defaults_file, - init_template => $init_template, - require => $require_service, - before => $before_service, - } -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/license.pp b/modules/utilities/unix/logging/elasticsearch/manifests/license.pp deleted file mode 100644 index 320e0c916..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/license.pp +++ /dev/null @@ -1,104 +0,0 @@ -# A defined type to control Elasticsearch licenses. -# -# @param ensure -# Controls whether the named pipeline should be present or absent in -# the cluster. -# -# @param api_basic_auth_password -# HTTP basic auth password to use when communicating over the Elasticsearch -# API. -# -# @param api_basic_auth_username -# HTTP basic auth username to use when communicating over the Elasticsearch -# API. -# -# @param api_ca_file -# Path to a CA file which will be used to validate server certs when -# communicating with the Elasticsearch API over HTTPS. -# -# @param api_ca_path -# Path to a directory with CA files which will be used to validate server -# certs when communicating with the Elasticsearch API over HTTPS. -# -# @param api_host -# Host name or IP address of the ES instance to connect to. -# -# @param api_port -# Port number of the ES instance to connect to -# -# @param api_protocol -# Protocol that should be used to connect to the Elasticsearch API. -# -# @param api_timeout -# Timeout period (in seconds) for the Elasticsearch API. -# -# @param content -# License content in hash or string form. -# -# @param security_plugin -# Which security plugin will be used to manage users, roles, and -# certificates. -# -# @param validate_tls -# Determines whether the validity of SSL/TLS certificates received from the -# Elasticsearch API should be verified or ignored. -# -# @author Tyler Langlois -# -class elasticsearch::license ( - Enum['absent', 'present'] $ensure = 'present', - Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, - Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, - Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, - Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, - String $api_host = $elasticsearch::api_host, - Integer[0, 65535] $api_port = $elasticsearch::api_port, - Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, - Integer $api_timeout = $elasticsearch::api_timeout, - Variant[String, Hash] $content = $elasticsearch::license, - Optional[Enum['shield', 'x-pack']] $security_plugin = $elasticsearch::security_plugin, - Boolean $validate_tls = $elasticsearch::validate_tls, -) { - if $content =~ String { - $_content = parsejson($content) - } else { - $_content = $content - } - - $_security_plugin = regsubst($security_plugin, '-', '') - - if $ensure == 'present' { - Elasticsearch::Instance <| ensure == 'present' |> - -> Class['elasticsearch::license'] - Class['elasticsearch::license'] - -> Elasticsearch::Instance <| ensure == 'absent' |> - - Elasticsearch::Role <| |> - -> Class['elasticsearch::license'] - Elasticsearch::User <| |> - -> Class['elasticsearch::license'] - } else { - Class['elasticsearch::license'] - -> Elasticsearch::Instance <| |> - } - - es_instance_conn_validator { 'license-conn-validator': - server => $api_host, - port => $api_port, - timeout => $api_timeout, - } - -> elasticsearch_license { $_security_plugin: - ensure => $ensure, - content => $_content, - protocol => $api_protocol, - host => $api_host, - port => $api_port, - timeout => $api_timeout, - username => $api_basic_auth_username, - password => $api_basic_auth_password, - ca_file => $api_ca_file, - ca_path => $api_ca_path, - validate_tls => $validate_tls, - provider => $_security_plugin, - } -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/package.pp b/modules/utilities/unix/logging/elasticsearch/manifests/package.pp deleted file mode 100644 index ce4298adc..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/package.pp +++ /dev/null @@ -1,193 +0,0 @@ -# This class exists to coordinate all software package management related -# actions, functionality and logical units in a central place. -# -# It is not intended to be used directly by external resources like node -# definitions or other modules. -# -# @example importing this class by other classes to use its functionality: -# class { 'elasticsearch::package': } -# -# @author Richard Pijnenburg -# @author Tyler Langlois -# -class elasticsearch::package { - - Exec { - path => [ '/bin', '/usr/bin', '/usr/local/bin' ], - cwd => '/', - tries => 3, - try_sleep => 10, - } - - if $elasticsearch::ensure == 'present' { - - if $elasticsearch::restart_package_change { - Package['elasticsearch'] ~> Elasticsearch::Service <| |> - } - Package['elasticsearch'] ~> Exec['remove_plugin_dir'] - - # Create directory to place the package file - $package_dir = $elasticsearch::package_dir - exec { 'create_package_dir_elasticsearch': - cwd => '/', - path => ['/usr/bin', '/bin'], - command => "mkdir -p ${package_dir}", - creates => $package_dir, - } - - file { $package_dir: - ensure => 'directory', - purge => $elasticsearch::purge_package_dir, - force => $elasticsearch::purge_package_dir, - backup => false, - require => Exec['create_package_dir_elasticsearch'], - } - - # Check if we want to install a specific version or not - if $elasticsearch::version == false { - - $package_ensure = $elasticsearch::autoupgrade ? { - true => 'latest', - false => 'present', - } - - } else { - - # install specific version - $package_ensure = $elasticsearch::pkg_version - - } - - # action - if ($elasticsearch::package_url != undef) { - - case $elasticsearch::package_provider { - 'package': { $before = Package['elasticsearch'] } - default: { fail("software provider \"${elasticsearch::package_provider}\".") } - } - - - $filename_array = split($elasticsearch::package_url, '/') - $basefilename = $filename_array[-1] - - $source_array = split($elasticsearch::package_url, ':') - $protocol_type = $source_array[0] - - $ext_array = split($basefilename, '\.') - $ext = $ext_array[-1] - - $pkg_source = "${package_dir}/${basefilename}" - - case $protocol_type { - - 'puppet': { - - file { $pkg_source: - ensure => file, - source => $elasticsearch::package_url, - require => File[$package_dir], - backup => false, - before => $before, - } - - } - 'ftp', 'https', 'http': { - - if $elasticsearch::proxy_url != undef { - $exec_environment = [ - 'use_proxy=yes', - "http_proxy=${elasticsearch::proxy_url}", - "https_proxy=${elasticsearch::proxy_url}", - ] - } else { - $exec_environment = [] - } - - case $elasticsearch::download_tool { - String: { - $_download_command = if $elasticsearch::download_tool_verify_certificates { - $elasticsearch::download_tool - } else { - $elasticsearch::download_tool_insecure - } - - exec { 'download_package_elasticsearch': - command => "${_download_command} ${pkg_source} ${elasticsearch::package_url} 2> /dev/null", - creates => $pkg_source, - environment => $exec_environment, - timeout => $elasticsearch::package_dl_timeout, - require => File[$package_dir], - before => $before, - } - } - default: { - fail("no \$elasticsearch::download_tool defined for ${facts['os']['family']}") - } - } - - } - 'file': { - - $source_path = $source_array[1] - file { $pkg_source: - ensure => file, - source => $source_path, - require => File[$package_dir], - backup => false, - before => $before, - } - - } - default: { - fail("Protocol must be puppet, file, http, https, or ftp. You have given \"${protocol_type}\"") - } - } - - if ($elasticsearch::package_provider == 'package') { - - case $ext { - 'deb': { Package { provider => 'dpkg', source => $pkg_source } } - 'rpm': { Package { provider => 'rpm', source => $pkg_source } } - default: { fail("Unknown file extention \"${ext}\".") } - } - - } - - } else { - if ($facts['os']['family'] == 'Debian') { - Class['apt::update'] -> Package['elasticsearch'] - } - } - - # Package removal - } else { - - if ($facts['os']['family'] == 'Suse') { - Package { - provider => 'rpm', - } - $package_ensure = 'absent' - } else { - $package_ensure = 'purged' - } - - } - - if ($elasticsearch::package_provider == 'package') { - - package { 'elasticsearch': - ensure => $package_ensure, - name => $elasticsearch::_package_name, - } - - exec { 'remove_plugin_dir': - refreshonly => true, - command => "rm -rf ${elasticsearch::plugindir}", - } - - - } else { - fail("\"${elasticsearch::package_provider}\" is not supported") - } - -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/pipeline.pp b/modules/utilities/unix/logging/elasticsearch/manifests/pipeline.pp deleted file mode 100644 index 4571ba89d..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/pipeline.pp +++ /dev/null @@ -1,79 +0,0 @@ -# This define allows you to insert, update or delete Elasticsearch index -# ingestion pipelines. -# -# Pipeline content should be defined through the `content` parameter. -# -# @param ensure -# Controls whether the named pipeline should be present or absent in -# the cluster. -# -# @param content -# Contents of the pipeline in hash form. -# -# @param api_basic_auth_password -# HTTP basic auth password to use when communicating over the Elasticsearch -# API. -# -# @param api_basic_auth_username -# HTTP basic auth username to use when communicating over the Elasticsearch -# API. -# -# @param api_ca_file -# Path to a CA file which will be used to validate server certs when -# communicating with the Elasticsearch API over HTTPS. -# -# @param api_ca_path -# Path to a directory with CA files which will be used to validate server -# certs when communicating with the Elasticsearch API over HTTPS. -# -# @param api_host -# Host name or IP address of the ES instance to connect to. -# -# @param api_port -# Port number of the ES instance to connect to -# -# @param api_protocol -# Protocol that should be used to connect to the Elasticsearch API. -# -# @param api_timeout -# Timeout period (in seconds) for the Elasticsearch API. -# -# @param validate_tls -# Determines whether the validity of SSL/TLS certificates received from the -# Elasticsearch API should be verified or ignored. -# -# @author Tyler Langlois -# -define elasticsearch::pipeline ( - Enum['absent', 'present'] $ensure = 'present', - Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, - Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, - Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, - Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, - String $api_host = $elasticsearch::api_host, - Integer[0, 65535] $api_port = $elasticsearch::api_port, - Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, - Integer $api_timeout = $elasticsearch::api_timeout, - Hash $content = {}, - Boolean $validate_tls = $elasticsearch::validate_tls, -) { - - es_instance_conn_validator { "${name}-ingest-pipeline": - server => $api_host, - port => $api_port, - timeout => $api_timeout, - } - -> elasticsearch_pipeline { $name: - ensure => $ensure, - content => $content, - protocol => $api_protocol, - host => $api_host, - port => $api_port, - timeout => $api_timeout, - username => $api_basic_auth_username, - password => $api_basic_auth_password, - ca_file => $api_ca_file, - ca_path => $api_ca_path, - validate_tls => $validate_tls, - } -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/plugin.pp b/modules/utilities/unix/logging/elasticsearch/manifests/plugin.pp deleted file mode 100644 index d0f87d467..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/plugin.pp +++ /dev/null @@ -1,152 +0,0 @@ -# This define allows you to install arbitrary Elasticsearch plugins -# either by using the default repositories or by specifying an URL -# -# @example install from official repository -# elasticsearch::plugin {'mobz/elasticsearch-head': module_dir => 'head'} -# -# @example installation using a custom URL -# elasticsearch::plugin { 'elasticsearch-jetty': -# module_dir => 'elasticsearch-jetty', -# url => 'https://oss-es-plugins.s3.amazonaws.com/elasticsearch-jetty/elasticsearch-jetty-0.90.0.zip', -# } -# -# @param ensure -# Whether the plugin will be installed or removed. -# Set to 'absent' to ensure a plugin is not installed -# -# @param configdir -# Path to the elasticsearch configuration directory (ES_PATH_CONF) -# to which the plugin should be installed. -# -# @param instances -# Specify all the instances related -# -# @param java_opts -# Array of Java options to be passed to `ES_JAVA_OPTS` -# -# @param java_home -# Path to JAVA_HOME, if Java is installed in a non-standard location. -# -# @param module_dir -# Directory name where the module has been installed -# This is automatically generated based on the module name -# Specify a value here to override the auto generated value -# -# @param proxy_host -# Proxy host to use when installing the plugin -# -# @param proxy_password -# Proxy auth password to use when installing the plugin -# -# @param proxy_port -# Proxy port to use when installing the plugin -# -# @param proxy_username -# Proxy auth username to use when installing the plugin -# -# @param source -# Specify the source of the plugin. -# This will copy over the plugin to the node and use it for installation. -# Useful for offline installation -# -# @param url -# Specify an URL where to download the plugin from. -# -# @author Richard Pijnenburg -# @author Matteo Sessa -# @author Dennis Konert -# @author Tyler Langlois -# -define elasticsearch::plugin ( - Enum['absent', 'present'] $ensure = 'present', - Stdlib::Absolutepath $configdir = $elasticsearch::configdir, - Variant[String, Array[String]] $instances = [], - Array[String] $java_opts = [], - Optional[Stdlib::Absolutepath] $java_home = undef, - Optional[String] $module_dir = undef, - Optional[String] $proxy_host = undef, - Optional[String] $proxy_password = undef, - Optional[Integer[0, 65535]] $proxy_port = undef, - Optional[String] $proxy_username = undef, - Optional[String] $source = undef, - Optional[Stdlib::HTTPUrl] $url = undef, -) { - - include elasticsearch - - case $ensure { - 'present': { - if empty($instances) and $elasticsearch::restart_plugin_change { - fail('no $instances defined, even though `restart_plugin_change` is set!') - } - - $_file_ensure = 'directory' - $_file_before = [] - } - 'absent': { - $_file_ensure = $ensure - $_file_before = File[$elasticsearch::plugindir] - } - default: { } - } - - if ! empty($instances) and $elasticsearch::restart_plugin_change { - Elasticsearch_plugin[$name] { - notify +> Elasticsearch::Instance[$instances], - } - } - - # set proxy by override or parse and use proxy_url from - # elasticsearch::proxy_url or use no proxy at all - - if ($proxy_host != undef and $proxy_port != undef) { - if ($proxy_username != undef and $proxy_password != undef) { - $_proxy_auth = "${proxy_username}:${proxy_password}@" - } else { - $_proxy_auth = undef - } - $_proxy = "http://${_proxy_auth}${proxy_host}:${proxy_port}" - } elsif ($elasticsearch::proxy_url != undef) { - $_proxy = $elasticsearch::proxy_url - } else { - $_proxy = undef - } - - if ($source != undef) { - - $filename_array = split($source, '/') - $basefilename = $filename_array[-1] - - $file_source = "${elasticsearch::package_dir}/${basefilename}" - - file { $file_source: - ensure => 'file', - source => $source, - before => Elasticsearch_plugin[$name], - } - - } else { - $file_source = undef - } - - $_module_dir = es_plugin_name($module_dir, $name) - - elasticsearch_plugin { $name: - ensure => $ensure, - configdir => $configdir, - elasticsearch_package_name => 'elasticsearch', - java_opts => $java_opts, - java_home => $java_home, - source => $file_source, - url => $url, - proxy => $_proxy, - plugin_dir => $::elasticsearch::plugindir, - plugin_path => $module_dir, - } - -> file { "${elasticsearch::plugindir}/${_module_dir}": - ensure => $_file_ensure, - mode => 'o+Xr', - recurse => true, - before => $_file_before, - } -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/role.pp b/modules/utilities/unix/logging/elasticsearch/manifests/role.pp deleted file mode 100644 index f9a458bb4..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/role.pp +++ /dev/null @@ -1,60 +0,0 @@ -# Manage shield/x-pack roles. -# -# @param ensure -# Whether the role should be present or not. -# Set to 'absent' to ensure a role is not present. -# -# @param mappings -# A list of optional mappings defined for this role. -# -# @param privileges -# A hash of permissions defined for the role. Valid privilege settings can -# be found in the Shield/x-pack documentation. -# -# @example create and manage the role 'power_user' mapped to an LDAP group. -# elasticsearch::role { 'power_user': -# privileges => { -# 'cluster' => 'monitor', -# 'indices' => { -# '*' => 'all', -# }, -# }, -# mappings => [ -# "cn=users,dc=example,dc=com", -# ], -# } -# -# @author Tyler Langlois -# -define elasticsearch::role ( - Enum['absent', 'present'] $ensure = 'present', - Array $mappings = [], - Hash $privileges = {}, -) { - validate_slength($name, 30, 1) - if $elasticsearch::security_plugin == undef { - fail("\"${elasticsearch::security_plugin}\" required") - } - - if empty($privileges) or $ensure == 'absent' { - $_role_ensure = 'absent' - } else { - $_role_ensure = $ensure - } - - if empty($mappings) or $ensure == 'absent' { - $_mapping_ensure = 'absent' - } else { - $_mapping_ensure = $ensure - } - - elasticsearch_role { $name : - ensure => $_role_ensure, - privileges => $privileges, - } - - elasticsearch_role_mapping { $name : - ensure => $_mapping_ensure, - mappings => $mappings, - } -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/script.pp b/modules/utilities/unix/logging/elasticsearch/manifests/script.pp deleted file mode 100644 index c3614864c..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/script.pp +++ /dev/null @@ -1,37 +0,0 @@ -# This define allows you to insert, update or delete scripts that are used -# within Elasticsearch. -# -# @param ensure -# Controls the state of the script file resource to manage. -# Values are simply passed through to the `file` resource. -# -# @param recurse -# Will be passed through to the script file resource. -# -# @param source -# Puppet source of the script -# -# @author Richard Pijnenburg -# @author Tyler Langlois -# -define elasticsearch::script ( - String $source, - String $ensure = 'present', - Optional[Variant[Boolean, Enum['remote']]] $recurse = undef, -) { - if ! defined(Class['elasticsearch']) { - fail('You must include the elasticsearch base class before using defined resources') - } - - $filename_array = split($source, '/') - $basefilename = $filename_array[-1] - - file { "${elasticsearch::homedir}/scripts/${basefilename}": - ensure => $ensure, - source => $source, - owner => $elasticsearch::elasticsearch_user, - group => $elasticsearch::elasticsearch_group, - recurse => $recurse, - mode => '0644', - } -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/service.pp b/modules/utilities/unix/logging/elasticsearch/manifests/service.pp deleted file mode 100644 index bf773083c..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/service.pp +++ /dev/null @@ -1,93 +0,0 @@ -# This class exists to coordinate all service management related actions, -# functionality and logical units in a central place. -# -# *Note*: "service" is the Puppet term and type for background processes -# in general and is used in a platform-independent way. E.g. "service" means -# "daemon" in relation to Unix-like systems. -# -# @param ensure -# Controls if the managed resources shall be `present` or `absent`. -# If set to `absent`, the managed software packages will be uninstalled, and -# any traces of the packages will be purged as well as possible, possibly -# including existing configuration files. -# System modifications (if any) will be reverted as well as possible (e.g. -# removal of created users, services, changed log settings, and so on). -# This is a destructive parameter and should be used with care. -# -# @param init_defaults -# Defaults file content in hash representation -# -# @param init_defaults_file -# Defaults file as puppet resource -# -# @param init_template -# Service file as a template -# -# @param service_flags -# Flags to pass to the service. -# -# @param status -# Defines the status of the service. If set to `enabled`, the service is -# started and will be enabled at boot time. If set to `disabled`, the -# service is stopped and will not be started at boot time. If set to `running`, -# the service is started but will not be enabled at boot time. You may use -# this to start a service on the first Puppet run instead of the system startup. -# If set to `unmanaged`, the service will not be started at boot time and Puppet -# does not care whether the service is running or not. For example, this may -# be useful if a cluster management software is used to decide when to start -# the service plus assuring it is running on the desired node. -# -# @author Richard Pijnenburg -# @author Tyler Langlois -# -define elasticsearch::service ( - Enum['absent', 'present'] $ensure = $elasticsearch::ensure, - Hash $init_defaults = {}, - Optional[String] $init_defaults_file = undef, - Optional[String] $init_template = undef, - Optional[String] $service_flags = undef, - Elasticsearch::Status $status = $elasticsearch::status, -) { - - case $elasticsearch::service_provider { - - 'init': { - elasticsearch::service::init { $name: - ensure => $ensure, - status => $status, - init_defaults_file => $init_defaults_file, - init_defaults => $init_defaults, - init_template => $init_template, - } - } - 'openbsd': { - elasticsearch::service::openbsd { $name: - ensure => $ensure, - status => $status, - init_template => $init_template, - service_flags => $service_flags, - } - } - 'systemd': { - elasticsearch::service::systemd { $name: - ensure => $ensure, - status => $status, - init_defaults_file => $init_defaults_file, - init_defaults => $init_defaults, - init_template => $init_template, - } - } - 'openrc': { - elasticsearch::service::openrc { $name: - ensure => $ensure, - status => $status, - init_defaults_file => $init_defaults_file, - init_defaults => $init_defaults, - init_template => $init_template, - } - } - default: { - fail("Unknown service provider ${elasticsearch::service_provider}") - } - } -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/service/init.pp b/modules/utilities/unix/logging/elasticsearch/manifests/service/init.pp deleted file mode 100644 index 98611f242..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/service/init.pp +++ /dev/null @@ -1,161 +0,0 @@ -# This class exists to coordinate all service management related actions, -# functionality and logical units in a central place. -# -# *Note*: "service" is the Puppet term and type for background processes -# in general and is used in a platform-independent way. E.g. "service" means -# "daemon" in relation to Unix-like systems. -# -# @param ensure -# Controls if the managed resources shall be `present` or -# `absent`. If set to `absent`, the managed software packages will being -# uninstalled and any traces of the packages will be purged as well as -# possible. This may include existing configuration files (the exact -# behavior is provider). This is thus destructive and should be used with -# care. -# -# @param init_defaults -# Defaults file content in hash representation -# -# @param init_defaults_file -# Defaults file as puppet resource -# -# @param init_template -# Service file as a template -# -# @param status -# Defines the status of the service. If set to `enabled`, the service is -# started and will be enabled at boot time. If set to `disabled`, the -# service is stopped and will not be started at boot time. If set to `running`, -# the service is started but will not be enabled at boot time. You may use -# this to start a service on the first Puppet run instead of the system startup. -# If set to `unmanaged`, the service will not be started at boot time and Puppet -# does not care whether the service is running or not. For example, this may -# be useful if a cluster management software is used to decide when to start -# the service plus assuring it is running on the desired node. -# -# @author Richard Pijnenburg -# @author Tyler Langlois -# -define elasticsearch::service::init ( - Enum['absent', 'present'] $ensure = $elasticsearch::ensure, - Hash $init_defaults = {}, - Optional[String] $init_defaults_file = undef, - Optional[String] $init_template = undef, - Elasticsearch::Status $status = $elasticsearch::status, -) { - - #### Service management - - if $ensure == 'present' { - - case $status { - # make sure service is currently running, start it on boot - 'enabled': { - $service_ensure = 'running' - $service_enable = true - } - # make sure service is currently stopped, do not start it on boot - 'disabled': { - $service_ensure = 'stopped' - $service_enable = false - } - # make sure service is currently running, do not start it on boot - 'running': { - $service_ensure = 'running' - $service_enable = false - } - # do not start service on boot, do not care whether currently running - # or not - 'unmanaged': { - $service_ensure = undef - $service_enable = false - } - default: { } - } - } else { - - # make sure the service is stopped and disabled (the removal itself will be - # done by package.pp) - $service_ensure = 'stopped' - $service_enable = false - - } - - if(has_key($init_defaults, 'ES_USER') and $init_defaults['ES_USER'] != $elasticsearch::elasticsearch_user) { - fail('Found ES_USER setting for init_defaults but is not same as elasticsearch_user setting. Please use elasticsearch_user setting.') - } - - $new_init_defaults = merge( - { - 'ES_USER' => $elasticsearch::elasticsearch_user, - 'ES_GROUP' => $elasticsearch::elasticsearch_group, - 'MAX_OPEN_FILES' => '65536', - }, - $init_defaults - ) - - $notify_service = $elasticsearch::restart_config_change ? { - true => Service["elasticsearch-instance-${name}"], - false => undef, - } - - if ($ensure == 'present') { - - # Defaults file, either from file source or from hash to augeas commands - if ($init_defaults_file != undef) { - file { "${elasticsearch::defaults_location}/elasticsearch-${name}": - ensure => $ensure, - source => $init_defaults_file, - owner => 'root', - group => '0', - mode => '0644', - before => Service["elasticsearch-instance-${name}"], - notify => $notify_service, - } - } else { - augeas { "defaults_${name}": - incl => "${elasticsearch::defaults_location}/elasticsearch-${name}", - lens => 'Shellvars.lns', - changes => template("${module_name}/etc/sysconfig/defaults.erb"), - before => Service["elasticsearch-instance-${name}"], - notify => $notify_service, - } - } - - } else { # absent - - file { "${elasticsearch::defaults_location}/elasticsearch-${name}": - ensure => 'absent', - subscribe => Service["elasticsearch-${$name}"], - } - - } - - # Note that service files are persisted even in the case of absent instances. - # This is to ensure that manifest can remain idempotent and have the service - # file available in order to permit Puppet to introspect system state. - # init file from template - if ($init_template != undef) { - elasticsearch_service_file { "/etc/init.d/elasticsearch-${name}": - ensure => 'present', - content => file($init_template), - instance => $name, - notify => $notify_service, - package_name => $elasticsearch::package_name, - } - -> file { "/etc/init.d/elasticsearch-${name}": - ensure => 'file', - owner => 'root', - group => '0', - mode => '0755', - before => Service["elasticsearch-instance-${name}"], - notify => $notify_service, - } - } - - service { "elasticsearch-instance-${name}": - ensure => $service_ensure, - enable => $service_enable, - name => "elasticsearch-${name}", - } -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/service/openbsd.pp b/modules/utilities/unix/logging/elasticsearch/manifests/service/openbsd.pp deleted file mode 100644 index ae1b5862e..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/service/openbsd.pp +++ /dev/null @@ -1,121 +0,0 @@ -# This class exists to coordinate all service management related actions, -# functionality and logical units in a central place. -# -# *Note*: "service" is the Puppet term and type for background processes -# in general and is used in a platform-independent way. E.g. "service" means -# "daemon" in relation to Unix-like systems. -# -# @param ensure -# Controls if the managed resources shall be `present` or -# `absent`. If set to `absent`, the managed software packages will being -# uninstalled and any traces of the packages will be purged as well as -# possible. This may include existing configuration files (the exact -# behavior is provider). This is thus destructive and should be used with -# care. -# -# @param init_template -# Service file as a template -# -# @param pid_dir -# Directory where to store the serice pid file. -# -# @param service_flags -# Flags to pass to the service. -# -# @param status -# Defines the status of the service. If set to `enabled`, the service is -# started and will be enabled at boot time. If set to `disabled`, the -# service is stopped and will not be started at boot time. If set to `running`, -# the service is started but will not be enabled at boot time. You may use -# this to start a service on the first Puppet run instead of the system startup. -# If set to `unmanaged`, the service will not be started at boot time and Puppet -# does not care whether the service is running or not. For example, this may -# be useful if a cluster management software is used to decide when to start -# the service plus assuring it is running on the desired node. -# -# @author Richard Pijnenburg -# @author Tyler Langlois -# -define elasticsearch::service::openbsd ( - Enum['absent', 'present'] $ensure = $elasticsearch::ensure, - Optional[String] $init_template = $elasticsearch::init_template, - Optional[String] $pid_dir = $elasticsearch::pid_dir, - Optional[String] $service_flags = undef, - Elasticsearch::Status $status = $elasticsearch::status, -) { - - #### Service management - - if $ensure == 'present' { - - case $status { - # make sure service is currently running, start it on boot - 'enabled': { - $service_ensure = 'running' - $service_enable = true - } - # make sure service is currently stopped, do not start it on boot - 'disabled': { - $service_ensure = 'stopped' - $service_enable = false - } - # make sure service is currently running, do not start it on boot - 'running': { - $service_ensure = 'running' - $service_enable = false - } - # do not start service on boot, do not care whether currently running - # or not - 'unmanaged': { - $service_ensure = undef - $service_enable = false - } - default: { } - } - } else { - - # make sure the service is stopped and disabled (the removal itself will be - # done by package.pp) - $service_ensure = 'stopped' - $service_enable = false - - } - - $notify_service = $elasticsearch::restart_config_change ? { - true => Service["elasticsearch-instance-${name}"], - false => undef, - } - - if ($status != 'unmanaged') { - # Note that service files are persisted even in the case of absent instances. - # This is to ensure that manifest can remain idempotent and have the service - # file available in order to permit Puppet to introspect system state. - # init file from template - if ($init_template != undef) { - elasticsearch_service_file { "/etc/rc.d/elasticsearch_${name}": - ensure => 'present', - content => file($init_template), - instance => $name, - pid_dir => $pid_dir, - notify => $notify_service, - package_name => 'elasticsearch', - } - -> file { "/etc/rc.d/elasticsearch_${name}": - ensure => 'file', - owner => 'root', - group => '0', - mode => '0555', - before => Service["elasticsearch-instance-${name}"], - notify => $notify_service, - } - } - - # action - service { "elasticsearch-instance-${name}": - ensure => $service_ensure, - enable => $service_enable, - name => "elasticsearch_${name}", - flags => $service_flags, - } - } -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/service/openrc.pp b/modules/utilities/unix/logging/elasticsearch/manifests/service/openrc.pp deleted file mode 100644 index 446d2605e..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/service/openrc.pp +++ /dev/null @@ -1,166 +0,0 @@ -# This class exists to coordinate all service management related actions, -# functionality and logical units in a central place. -# -# *Note*: "service" is the Puppet term and type for background processes -# in general and is used in a platform-independent way. E.g. "service" means -# "daemon" in relation to Unix-like systems. -# -# @param ensure -# Controls if the managed resources shall be `present` or -# `absent`. If set to `absent`, the managed software packages will being -# uninstalled and any traces of the packages will be purged as well as -# possible. This may include existing configuration files (the exact -# behavior is provider). This is thus destructive and should be used with -# care. -# -# @param init_defaults -# Defaults file content in hash representation -# -# @param init_defaults_file -# Defaults file as puppet resource -# -# @param init_template -# Service file as a template -# -# @param status -# Defines the status of the service. If set to `enabled`, the service is -# started and will be enabled at boot time. If set to `disabled`, the -# service is stopped and will not be started at boot time. If set to `running`, -# the service is started but will not be enabled at boot time. You may use -# this to start a service on the first Puppet run instead of the system startup. -# If set to `unmanaged`, the service will not be started at boot time and Puppet -# does not care whether the service is running or not. For example, this may -# be useful if a cluster management software is used to decide when to start -# the service plus assuring it is running on the desired node. -# -# @author Richard Pijnenburg -# @author Tyler Langlois -# -define elasticsearch::service::openrc ( - Enum['absent', 'present'] $ensure = $elasticsearch::ensure, - Hash $init_defaults = {}, - Optional[String] $init_defaults_file = undef, - Optional[String] $init_template = undef, - Elasticsearch::Status $status = $elasticsearch::status, -) { - - #### Service management - - if $ensure == 'present' { - - case $status { - # make sure service is currently running, start it on boot - 'enabled': { - $service_ensure = 'running' - $service_enable = true - } - # make sure service is currently stopped, do not start it on boot - 'disabled': { - $service_ensure = 'stopped' - $service_enable = false - } - # make sure service is currently running, do not start it on boot - 'running': { - $service_ensure = 'running' - $service_enable = false - } - # do not start service on boot, do not care whether currently running - # or not - 'unmanaged': { - $service_ensure = undef - $service_enable = false - } - default: { } - } - } else { - - # make sure the service is stopped and disabled (the removal itself will be - # done by package.pp) - $service_ensure = 'stopped' - $service_enable = false - - } - - if(has_key($init_defaults, 'ES_USER') and $init_defaults['ES_USER'] != $elasticsearch::elasticsearch_user) { - fail('Found ES_USER setting for init_defaults but is not same as elasticsearch_user setting. Please use elasticsearch_user setting.') - } - - $new_init_defaults = merge( - { - 'ES_USER' => $elasticsearch::elasticsearch_user, - 'ES_GROUP' => $elasticsearch::elasticsearch_group, - 'MAX_OPEN_FILES' => '65536', - }, - $init_defaults - ) - - $notify_service = $elasticsearch::restart_config_change ? { - true => Service["elasticsearch-instance-${name}"], - false => undef, - } - - - if ( $status != 'unmanaged' and $ensure == 'present' ) { - - # defaults file content. Either from a hash or file - if ($init_defaults_file != undef) { - file { "${elasticsearch::defaults_location}/elasticsearch.${name}": - ensure => $ensure, - source => $init_defaults_file, - owner => 'root', - group => '0', - mode => '0644', - before => Service["elasticsearch-instance-${name}"], - notify => $notify_service, - } - } else { - augeas { "defaults_${name}": - incl => "${elasticsearch::defaults_location}/elasticsearch.${name}", - lens => 'Shellvars.lns', - changes => template("${module_name}/etc/sysconfig/defaults.erb"), - before => Service["elasticsearch-instance-${name}"], - notify => $notify_service, - } - } - - } elsif ($status != 'unmanaged') { - - file { "${elasticsearch::defaults_location}/elasticsearch.${name}": - ensure => 'absent', - subscribe => Service["elasticsearch.${$name}"], - } - - } - - - if ($status != 'unmanaged') { - # Note that service files are persisted even in the case of absent instances. - # This is to ensure that manifest can remain idempotent and have the service - # file available in order to permit Puppet to introspect system state. - # init file from template - if ($init_template != undef) { - elasticsearch_service_file { "/etc/init.d/elasticsearch.${name}": - ensure => 'present', - content => file($init_template), - instance => $name, - notify => $notify_service, - package_name => 'elasticsearch', - } - -> file { "/etc/init.d/elasticsearch.${name}": - ensure => 'file', - owner => 'root', - group => '0', - mode => '0755', - before => Service["elasticsearch-instance-${name}"], - notify => $notify_service, - } - } - - # action - service { "elasticsearch-instance-${name}": - ensure => $service_ensure, - enable => $service_enable, - name => "elasticsearch.${name}", - } - } -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/service/systemd.pp b/modules/utilities/unix/logging/elasticsearch/manifests/service/systemd.pp deleted file mode 100644 index 413f4605d..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/service/systemd.pp +++ /dev/null @@ -1,194 +0,0 @@ -# This class exists to coordinate all service management related actions, -# functionality and logical units in a central place. -# -# *Note*: "service" is the Puppet term and type for background processes -# in general and is used in a platform-independent way. E.g. "service" means -# "daemon" in relation to Unix-like systems. -# -# @param ensure -# Controls if the managed resources shall be `present` or -# `absent`. If set to `absent`, the managed software packages will being -# uninstalled and any traces of the packages will be purged as well as -# possible. This may include existing configuration files (the exact -# behavior is provider). This is thus destructive and should be used with -# care. -# -# @param init_defaults -# Defaults file content in hash representation -# -# @param init_defaults_file -# Defaults file as puppet resource -# -# @param init_template -# Service file as a template -# -# @param status -# Defines the status of the service. If set to `enabled`, the service is -# started and will be enabled at boot time. If set to `disabled`, the -# service is stopped and will not be started at boot time. If set to `running`, -# the service is started but will not be enabled at boot time. You may use -# this to start a service on the first Puppet run instead of the system startup. -# If set to `unmanaged`, the service will not be started at boot time and Puppet -# does not care whether the service is running or not. For example, this may -# be useful if a cluster management software is used to decide when to start -# the service plus assuring it is running on the desired node. -# -# @author Richard Pijnenburg -# @author Tyler Langlois -# -define elasticsearch::service::systemd ( - Enum['absent', 'present'] $ensure = $elasticsearch::ensure, - Hash $init_defaults = {}, - Optional[String] $init_defaults_file = undef, - Optional[String] $init_template = undef, - Elasticsearch::Status $status = $elasticsearch::status, -) { - - #### Service management - - if $ensure == 'present' { - - case $status { - # make sure service is currently running, start it on boot - 'enabled': { - $service_ensure = 'running' - $service_enable = true - } - # make sure service is currently stopped, do not start it on boot - 'disabled': { - $service_ensure = 'stopped' - $service_enable = false - } - # make sure service is currently running, do not start it on boot - 'running': { - $service_ensure = 'running' - $service_enable = false - } - # do not start service on boot, do not care whether currently running - # or not - 'unmanaged': { - $service_ensure = undef - $service_enable = false - } - default: { } - } - } else { - # make sure the service is stopped and disabled (the removal itself will be - # done by package.pp) - $service_ensure = 'stopped' - $service_enable = false - } - - if(has_key($init_defaults, 'ES_USER') and $init_defaults['ES_USER'] != $elasticsearch::elasticsearch_user) { - fail('Found ES_USER setting for init_defaults but is not same as elasticsearch_user setting. Please use elasticsearch_user setting.') - } - - $new_init_defaults = merge( - { - 'ES_USER' => $elasticsearch::elasticsearch_user, - 'ES_GROUP' => $elasticsearch::elasticsearch_group, - 'MAX_OPEN_FILES' => '65536', - 'MAX_THREADS' => '4096', - }, - $init_defaults - ) - - $notify_service = $elasticsearch::restart_config_change ? { - true => [ Exec["systemd_reload_${name}"], Service["elasticsearch-instance-${name}"] ], - false => Exec["systemd_reload_${name}"] - } - - if ($ensure == 'present') { - - # Defaults file, either from file source or from hash to augeas commands - if ($init_defaults_file != undef) { - file { "${elasticsearch::defaults_location}/elasticsearch-${name}": - ensure => $ensure, - source => $init_defaults_file, - owner => 'root', - group => '0', - mode => '0644', - before => Service["elasticsearch-instance-${name}"], - notify => $notify_service, - } - } else { - augeas { "defaults_${name}": - incl => "${elasticsearch::defaults_location}/elasticsearch-${name}", - lens => 'Shellvars.lns', - changes => template("${module_name}/etc/sysconfig/defaults.erb"), - before => Service["elasticsearch-instance-${name}"], - notify => $notify_service, - } - } - - $service_require = Exec["systemd_reload_${name}"] - - } else { # absent - - file { "${elasticsearch::defaults_location}/elasticsearch-${name}": - ensure => 'absent', - subscribe => Service["elasticsearch-instance-${name}"], - notify => Exec["systemd_reload_${name}"], - } - - $service_require = undef - } - - exec { "systemd_reload_${name}": - command => '/bin/systemctl daemon-reload', - refreshonly => true, - } - - # init file from template - if ($init_template != undef) { - # Check for values in init defaults we may want to set in the init template - if (has_key($new_init_defaults, 'MAX_OPEN_FILES')) { - $nofile = $new_init_defaults['MAX_OPEN_FILES'] - } else { - $nofile = '65536' - } - - if (has_key($new_init_defaults, 'MAX_LOCKED_MEMORY')) { - $memlock = $new_init_defaults['MAX_LOCKED_MEMORY'] - } else { - $memlock = undef - } - - if (has_key($new_init_defaults, 'MAX_THREADS')) { - $nproc = $new_init_defaults['MAX_THREADS'] - } else { - $nproc = '4096' - } - - elasticsearch_service_file { "${elasticsearch::systemd_service_path}/elasticsearch-${name}.service": - ensure => 'present', - content => file($init_template), - defaults_location => $elasticsearch::defaults_location, - group => $elasticsearch::elasticsearch_group, - homedir => $elasticsearch::homedir, - instance => $name, - memlock => $memlock, - nofile => $nofile, - nproc => $nproc, - package_name => 'elasticsearch', - pid_dir => $elasticsearch::pid_dir, - user => $elasticsearch::elasticsearch_user, - notify => $notify_service, - } - -> file { "${elasticsearch::systemd_service_path}/elasticsearch-${name}.service": - ensure => 'file', - owner => 'root', - group => 'root', - before => Service["elasticsearch-instance-${name}"], - notify => $notify_service, - } - } - - service { "elasticsearch-instance-${name}": - ensure => $service_ensure, - enable => $service_enable, - name => "elasticsearch-${name}.service", - provider => 'systemd', - require => $service_require, - } -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/snapshot_repository.pp b/modules/utilities/unix/logging/elasticsearch/manifests/snapshot_repository.pp deleted file mode 100644 index 1906194ea..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/snapshot_repository.pp +++ /dev/null @@ -1,104 +0,0 @@ -# This define allows you to insert, update or delete Elasticsearch snapshot -# repositories. -# -# @param ensure -# Controls whether the named index template should be present or absent in -# the cluster. -# -# @param api_basic_auth_password -# HTTP basic auth password to use when communicating over the Elasticsearch -# API. -# -# @param api_basic_auth_username -# HTTP basic auth username to use when communicating over the Elasticsearch -# API. -# -# @param api_ca_file -# Path to a CA file which will be used to validate server certs when -# communicating with the Elasticsearch API over HTTPS. -# -# @param api_ca_path -# Path to a directory with CA files which will be used to validate server -# certs when communicating with the Elasticsearch API over HTTPS. -# -# @param api_host -# Host name or IP address of the ES instance to connect to. -# -# @param api_port -# Port number of the ES instance to connect to -# -# @param api_protocol -# Protocol that should be used to connect to the Elasticsearch API. -# -# @param api_timeout -# Timeout period (in seconds) for the Elasticsearch API. -# -# @param repository_type -# Snapshot repository type. -# -# @param location -# Location of snapshots. Mandatory -# -# @param compress -# Compress the snapshot metadata files? -# -# @param chunk_size -# Chunk size to break big files down into. -# -# @param max_restore_rate -# Throttle value for node restore rate. -# -# @param max_snapshot_rate -# Throttle value for node snapshot rate. -# -# @param validate_tls -# Determines whether the validity of SSL/TLS certificates received from the -# Elasticsearch API should be verified or ignored. -# -# @author Gavin Williams -# @author Richard Pijnenburg -# @author Tyler Langlois -# -define elasticsearch::snapshot_repository ( - String $location, - Enum['absent', 'present'] $ensure = 'present', - Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, - Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, - Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, - Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, - String $api_host = $elasticsearch::api_host, - Integer[0, 65535] $api_port = $elasticsearch::api_port, - Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, - Integer $api_timeout = $elasticsearch::api_timeout, - Boolean $compress = true, - Optional[String] $chunk_size = undef, - Optional[String] $max_restore_rate = undef, - Optional[String] $max_snapshot_rate = undef, - Optional[String] $repository_type = undef, - Boolean $validate_tls = $elasticsearch::validate_tls, -) { - - es_instance_conn_validator { "${name}-snapshot": - server => $api_host, - port => $api_port, - timeout => $api_timeout, - } - -> elasticsearch_snapshot_repository { $name: - ensure => $ensure, - chunk_size => $chunk_size, - compress => $compress, - location => $location, - max_restore_rate => $max_restore_rate, - max_snapshot_rate => $max_snapshot_rate, - type => $repository_type, - protocol => $api_protocol, - host => $api_host, - port => $api_port, - timeout => $api_timeout, - username => $api_basic_auth_username, - password => $api_basic_auth_password, - ca_file => $api_ca_file, - ca_path => $api_ca_path, - validate_tls => $validate_tls, - } -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/template.pp b/modules/utilities/unix/logging/elasticsearch/manifests/template.pp deleted file mode 100644 index 3f1e07232..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/template.pp +++ /dev/null @@ -1,100 +0,0 @@ -# This define allows you to insert, update or delete Elasticsearch index -# templates. -# -# Template content should be defined through either the `content` parameter -# (when passing a hash or json string) or the `source` parameter (when passing -# the puppet file URI to a template json file). -# -# @param ensure -# Controls whether the named index template should be present or absent in -# the cluster. -# -# @param api_basic_auth_password -# HTTP basic auth password to use when communicating over the Elasticsearch -# API. -# -# @param api_basic_auth_username -# HTTP basic auth username to use when communicating over the Elasticsearch -# API. -# -# @param api_ca_file -# Path to a CA file which will be used to validate server certs when -# communicating with the Elasticsearch API over HTTPS. -# -# @param api_ca_path -# Path to a directory with CA files which will be used to validate server -# certs when communicating with the Elasticsearch API over HTTPS. -# -# @param api_host -# Host name or IP address of the ES instance to connect to. -# -# @param api_port -# Port number of the ES instance to connect to -# -# @param api_protocol -# Protocol that should be used to connect to the Elasticsearch API. -# -# @param api_timeout -# Timeout period (in seconds) for the Elasticsearch API. -# -# @param content -# Contents of the template. Can be either a puppet hash or a string -# containing JSON. -# -# @param source -# Source path for the template file. Can be any value similar to `source` -# values for `file` resources. -# -# @param validate_tls -# Determines whether the validity of SSL/TLS certificates received from the -# Elasticsearch API should be verified or ignored. -# -# @author Richard Pijnenburg -# @author Tyler Langlois -# -define elasticsearch::template ( - Enum['absent', 'present'] $ensure = 'present', - Optional[String] $api_basic_auth_password = $elasticsearch::api_basic_auth_password, - Optional[String] $api_basic_auth_username = $elasticsearch::api_basic_auth_username, - Optional[Stdlib::Absolutepath] $api_ca_file = $elasticsearch::api_ca_file, - Optional[Stdlib::Absolutepath] $api_ca_path = $elasticsearch::api_ca_path, - String $api_host = $elasticsearch::api_host, - Integer[0, 65535] $api_port = $elasticsearch::api_port, - Enum['http', 'https'] $api_protocol = $elasticsearch::api_protocol, - Integer $api_timeout = $elasticsearch::api_timeout, - Optional[Variant[String, Hash]] $content = undef, - Optional[String] $source = undef, - Boolean $validate_tls = $elasticsearch::validate_tls, -) { - if $content =~ String { - $_content = parsejson($content) - } else { - $_content = $content - } - - if $ensure == 'present' and $source == undef and $_content == undef { - fail('one of "file" or "content" required.') - } elsif $source != undef and $_content != undef { - fail('"file" and "content" cannot be simultaneously defined.') - } - - es_instance_conn_validator { "${name}-template": - server => $api_host, - port => $api_port, - timeout => $api_timeout, - } - -> elasticsearch_template { $name: - ensure => $ensure, - content => $_content, - source => $source, - protocol => $api_protocol, - host => $api_host, - port => $api_port, - timeout => $api_timeout, - username => $api_basic_auth_username, - password => $api_basic_auth_password, - ca_file => $api_ca_file, - ca_path => $api_ca_path, - validate_tls => $validate_tls, - } -} diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/user.pp b/modules/utilities/unix/logging/elasticsearch/manifests/user.pp deleted file mode 100644 index e22a16a31..000000000 --- a/modules/utilities/unix/logging/elasticsearch/manifests/user.pp +++ /dev/null @@ -1,51 +0,0 @@ -# Manages shield/x-pack users. -# -# @example creates and manage a user with membership in the 'logstash' and 'kibana4' roles. -# elasticsearch::user { 'bob': -# password => 'foobar', -# roles => ['logstash', 'kibana4'], -# } -# -# @param ensure -# Whether the user should be present or not. -# Set to `absent` to ensure a user is not installed -# -# @param password -# Password for the given user. A plaintext password will be managed -# with the esusers utility and requires a refresh to update, while -# a hashed password from the esusers utility will be managed manually -# in the uses file. -# -# @param roles -# A list of roles to which the user should belong. -# -# @author Tyler Langlois -# -define elasticsearch::user ( - String $password, - Enum['absent', 'present'] $ensure = 'present', - Array $roles = [], -) { - if $elasticsearch::security_plugin == undef { - fail("\"${elasticsearch::security_plugin}\" required") - } - - if $password =~ /^\$2a\$/ { - elasticsearch_user_file { $name: - ensure => $ensure, - configdir => $elasticsearch::configdir, - hashed_password => $password, - } - } else { - elasticsearch_user { $name: - ensure => $ensure, - configdir => $elasticsearch::configdir, - password => $password, - } - } - - elasticsearch_user_roles { $name: - ensure => $ensure, - roles => $roles, - } -} diff --git a/modules/utilities/unix/logging/elasticsearch/metadata.json b/modules/utilities/unix/logging/elasticsearch/metadata.json deleted file mode 100644 index 2b4637e6d..000000000 --- a/modules/utilities/unix/logging/elasticsearch/metadata.json +++ /dev/null @@ -1,84 +0,0 @@ -{ - "name": "elastic-elasticsearch", - "version": "6.3.3", - "author": "elastic", - "summary": "Module for managing and configuring Elasticsearch nodes", - "license": "Apache-2.0", - "source": "https://github.com/elastic/puppet-elasticsearch", - "project_page": "https://github.com/elastic/puppet-elasticsearch", - "issues_url": "https://github.com/elastic/puppet-elasticsearch/issues", - "dependencies": [ - {"name":"elastic/elastic_stack","version_requirement":">= 6.1.0 < 7.0.0"}, - {"name":"richardc/datacat","version_requirement":">= 0.6.2 < 1.0.0"}, - {"name":"puppetlabs/stdlib","version_requirement":">= 4.13.0 < 6.0.0"} - ], - "data_provider": "hiera", - "description": "Module for managing and configuring Elasticsearch nodes", - "operatingsystem_support": [ - { - "operatingsystem": "RedHat", - "operatingsystemrelease": [ - "5", - "6", - "7" - ] - }, - { - "operatingsystem": "CentOS", - "operatingsystemrelease": [ - "5", - "6", - "7" - ] - }, - { - "operatingsystem": "OracleLinux", - "operatingsystemrelease": [ - "5", - "6", - "7" - ] - }, - { - "operatingsystem": "Scientific", - "operatingsystemrelease": [ - "5", - "6", - "7" - ] - }, - { - "operatingsystem": "Debian", - "operatingsystemrelease": [ - "7", - "8" - ] - }, - { - "operatingsystem": "Ubuntu", - "operatingsystemrelease": [ - "14.04", - "16.04" - ] - }, - { - "operatingsystem": "OpenSuSE", - "operatingsystemrelease": [ - "42.2" - ] - }, - { - "operatingsystem": "SLES", - "operatingsystemrelease": [ - "12.1", - "12.2" - ] - } - ], - "requirements": [ - { - "name": "puppet", - "version_requirement": ">= 4.5.0 < 6.0.0" - } - ] -} diff --git a/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/elasticsearch.yml.erb b/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/elasticsearch.yml.erb deleted file mode 100644 index 3cfe921c7..000000000 --- a/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/elasticsearch.yml.erb +++ /dev/null @@ -1,19 +0,0 @@ -### MANAGED BY PUPPET ### -<%- - $LOAD_PATH.unshift(File.join(File.dirname(__FILE__),"..","..","..","lib")) - require 'puppet_x/elastic/deep_to_i' - require 'puppet_x/elastic/hash' - - @yml_string = '' - - if !@data.empty? - - # Sort Hash and transform it into yaml - @yml_string += Puppet_X::Elastic::deep_to_i( - @data - ).extend( - Puppet_X::Elastic::SortedHash - ).to_yaml - end --%> -<%= @yml_string %> diff --git a/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/jvm.options.erb b/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/jvm.options.erb deleted file mode 100644 index 384d7a2b3..000000000 --- a/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/jvm.options.erb +++ /dev/null @@ -1,43 +0,0 @@ -# This file is managed by Puppet -- <%= @name %> -# -# Set the 'jvm_options' parameter on the elasticsearch class to change this file. -<% -def set_default(options, match_string, default) - options.detect {|o| o.include?(match_string)} || options.push(default) -end - -defaults = { - '-Xms' => '-Xms2g', - '-Xmx' => '-Xmx2g', - 'UseConcMarkSweepGC' => '-XX:+UseConcMarkSweepGC', - 'CMSInitiatingOccupancyFraction=' => '-XX:CMSInitiatingOccupancyFraction=75', - 'UseCMSInitiatingOccupancyOnly' => '-XX:+UseCMSInitiatingOccupancyOnly', - 'AlwaysPreTouch' => '-XX:+AlwaysPreTouch', - 'server' => '-server', - '-Xss' => '-Xss1m', - '-Djava.awt.headless=' => '-Djava.awt.headless=true', - '-Dfile.encoding=' => '-Dfile.encoding=UTF-8', - '-Djna.nosys=' => '-Djna.nosys=true', - 'OmitStackTraceInFastThrow' => '-XX:-OmitStackTraceInFastThrow', - '-Dio.netty.noUnsafe' => '-Dio.netty.noUnsafe=true', - '-Dio.netty.noKeySetOptimization' => '-Dio.netty.noKeySetOptimization=true', - '-Dio.netty.recycler.maxCapacityPerThread' => '-Dio.netty.recycler.maxCapacityPerThread=0', - '-Dlog4j.shutdownHookEnabled' => '-Dlog4j.shutdownHookEnabled=false', - '-Dlog4j2.disable.jmx' => '-Dlog4j2.disable.jmx=true', - 'HeapDumpOnOutOfMemoryError' => '-XX:+HeapDumpOnOutOfMemoryError', - 'PrintGCDetails' => '-XX:+PrintGCDetails', - 'PrintGCDateStamps' => '-XX:+PrintGCDateStamps', - 'PrintTenuringDistribution' => '-XX:+PrintTenuringDistribution', - 'PrintGCApplicationStoppedTime' => '-XX:+PrintGCApplicationStoppedTime', - 'Xloggc' => "-Xloggc:#{@logdir}/gc.log", - 'UseGCLogFileRotation' => '-XX:+UseGCLogFileRotation', - 'NumberOfGCLogFiles' => '-XX:NumberOfGCLogFiles=32', - 'GCLogFileSize' => '-XX:GCLogFileSize=64m', -} -defaults.each {|k,v| set_default(@jvm_options, k, v)} - --%> - -<% @jvm_options.sort.each do |line| -%> -<%= line %> -<% end -%> diff --git a/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/log4j2.properties.erb b/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/log4j2.properties.erb deleted file mode 100644 index 4e4d831f7..000000000 --- a/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/log4j2.properties.erb +++ /dev/null @@ -1,99 +0,0 @@ -status = <%= @logging_level.downcase %> - -# log action execution errors for easier debugging -logger.action.name = org.elasticsearch.action -logger.action.level = debug - -appender.console.type = Console -appender.console.name = console -appender.console.layout.type = PatternLayout -appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n - -<%- if @file_rolling_type == 'file' -%> -appender.fixed.type = File -appender.fixed.name = fixed -appender.fixed.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log -appender.fixed.layout.type = PatternLayout -appender.fixed.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.-10000m%n -<%- else -%> -appender.rolling.type = RollingFile -appender.rolling.name = rolling -appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log -appender.rolling.layout.type = PatternLayout -appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.-10000m%n -<%- if @file_rolling_type == 'dailyRollingFile' -%> -appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz -appender.rolling.policies.type = Policies -appender.rolling.policies.time.type = TimeBasedTriggeringPolicy -appender.rolling.policies.time.interval = 1 -appender.rolling.policies.time.modulate = true -<%- elsif @file_rolling_type == 'rollingFile' -%> -appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%i.log.gz -appender.rolling.policies.type = Policies -appender.rolling.policies.size.type = SizeBasedTriggeringPolicy -appender.rolling.policies.size.size = <%= @rolling_file_max_file_size %> -appender.rolling.strategy.type = DefaultRolloverStrategy -appender.rolling.strategy.max = <%= @rolling_file_max_backup_index %> -<%- end -%> -<%- end -%> - -rootLogger.level = <%= @logging_level.downcase %> -rootLogger.appenderRef.console.ref = console -<%- if @file_rolling_type == 'file' -%> -rootLogger.appenderRef.fixed.ref = fixed -<%- else -%> -rootLogger.appenderRef.rolling.ref = rolling -<%- end -%> - -appender.deprecation_rolling.type = RollingFile -appender.deprecation_rolling.name = deprecation_rolling -appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.log -appender.deprecation_rolling.layout.type = PatternLayout -appender.deprecation_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.-10000m%n -appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation-%i.log.gz -appender.deprecation_rolling.policies.type = Policies -appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy -appender.deprecation_rolling.policies.size.size = 1GB -appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy -appender.deprecation_rolling.strategy.max = 4 - -logger.deprecation.name = org.elasticsearch.deprecation -<%- if @deprecation_logging -%> -logger.deprecation.level = <%= @deprecation_logging_level.downcase %> -<%- else -%> -logger.deprecation.level = warn -<%- end -%> -logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling -logger.deprecation.additivity = false - -appender.index_search_slowlog_rolling.type = RollingFile -appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling -appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_search_slowlog.log -appender.index_search_slowlog_rolling.layout.type = PatternLayout -appender.index_search_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.-10000m%n -appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_search_slowlog-%d{yyyy-MM-dd}.log -appender.index_search_slowlog_rolling.policies.type = Policies -appender.index_search_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy -appender.index_search_slowlog_rolling.policies.time.interval = 1 -appender.index_search_slowlog_rolling.policies.time.modulate = true - -logger.index_search_slowlog_rolling.name = index.search.slowlog -logger.index_search_slowlog_rolling.level = trace -logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling -logger.index_search_slowlog_rolling.additivity = false - -appender.index_indexing_slowlog_rolling.type = RollingFile -appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling -appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_indexing_slowlog.log -appender.index_indexing_slowlog_rolling.layout.type = PatternLayout -appender.index_indexing_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.-10000m%n -appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_indexing_slowlog-%d{yyyy-MM-dd}.log -appender.index_indexing_slowlog_rolling.policies.type = Policies -appender.index_indexing_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy -appender.index_indexing_slowlog_rolling.policies.time.interval = 1 -appender.index_indexing_slowlog_rolling.policies.time.modulate = true - -logger.index_indexing_slowlog.name = index.indexing.slowlog.index -logger.index_indexing_slowlog.level = trace -logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling -logger.index_indexing_slowlog.additivity = false diff --git a/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/logging.yml.erb b/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/logging.yml.erb deleted file mode 100644 index 795fa78ab..000000000 --- a/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/logging.yml.erb +++ /dev/null @@ -1,71 +0,0 @@ -# This file is managed by Puppet, do not edit manually, your changes *will* be overwritten! -# -# Please see the source file for context and more information: -# -# https://github.com/elasticsearch/elasticsearch/blob/master/config/logging.yml -# - -es.logger.level: <%= @logging_level %> -rootLogger: <%= @logging_level %>, console, file - -# ----- Configuration set by Puppet --------------------------------------------- - -<% @logging_hash.sort.each do |key,value| %> -logger.<%= key %>: <%= value %> -<% end %> - -<% if @deprecation_logging -%> -logger.deprecation: <%= @deprecation_logging_level %>, deprecation_log_file -<% end -%> - -# ------------------------------------------------------------------------------- - -additivity: - index.search.slowlog: false - index.indexing.slowlog: false - -appender: - console: - type: console - layout: - type: consolePattern - conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" - - file: - type: <%= @file_rolling_type %> - file: ${path.logs}/${cluster.name}.log - <%- if @file_rolling_type == 'dailyRollingFile' -%> - datePattern: <%= @daily_rolling_date_pattern %> - <%- elsif @file_rolling_type == 'rollingFile' -%> - maxBackupIndex: <%= @rolling_file_max_backup_index %> - maxFileSize: <%= @rolling_file_max_file_size %> - <%- end -%> - layout: - type: pattern - conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" - - index_search_slow_log_file: - type: dailyRollingFile - file: ${path.logs}/${cluster.name}_index_search_slowlog.log - datePattern: "'.'yyyy-MM-dd" - layout: - type: pattern - conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" - - index_indexing_slow_log_file: - type: dailyRollingFile - file: ${path.logs}/${cluster.name}_index_indexing_slowlog.log - datePattern: "'.'yyyy-MM-dd" - layout: - type: pattern - conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" - -<% if @deprecation_logging -%> - deprecation_log_file: - type: dailyRollingFile - file: ${path.logs}/${cluster.name}_deprecation.log - datePattern: "'.'yyyy-MM-dd" - layout: - type: pattern - conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" -<% end %> diff --git a/modules/utilities/unix/logging/elasticsearch/templates/etc/sysconfig/defaults.erb b/modules/utilities/unix/logging/elasticsearch/templates/etc/sysconfig/defaults.erb deleted file mode 100644 index 0f16a8884..000000000 --- a/modules/utilities/unix/logging/elasticsearch/templates/etc/sysconfig/defaults.erb +++ /dev/null @@ -1,6 +0,0 @@ -<%- unless @new_init_defaults.key? 'CONF_FILE' -%> -rm CONF_FILE -<%- end -%> -<% @new_init_defaults.sort.map do |key, value| -%> -set <%= key %> '<%= value %>' -<% end -%> diff --git a/modules/utilities/unix/logging/elasticsearch/templates/usr/lib/tmpfiles.d/elasticsearch.conf.erb b/modules/utilities/unix/logging/elasticsearch/templates/usr/lib/tmpfiles.d/elasticsearch.conf.erb deleted file mode 100644 index ec6197d40..000000000 --- a/modules/utilities/unix/logging/elasticsearch/templates/usr/lib/tmpfiles.d/elasticsearch.conf.erb +++ /dev/null @@ -1 +0,0 @@ -d <%= @pid_dir %> 0755 <%= @user %> <%= @group %> - - diff --git a/modules/utilities/unix/logging/elasticsearch/types/multipath.pp b/modules/utilities/unix/logging/elasticsearch/types/multipath.pp deleted file mode 100644 index 63dea224d..000000000 --- a/modules/utilities/unix/logging/elasticsearch/types/multipath.pp +++ /dev/null @@ -1 +0,0 @@ -type Elasticsearch::Multipath = Variant[Array[Stdlib::Absolutepath], Stdlib::Absolutepath] diff --git a/modules/utilities/unix/logging/elasticsearch/types/status.pp b/modules/utilities/unix/logging/elasticsearch/types/status.pp deleted file mode 100644 index e31498bdb..000000000 --- a/modules/utilities/unix/logging/elasticsearch/types/status.pp +++ /dev/null @@ -1 +0,0 @@ -type Elasticsearch::Status = Enum['enabled', 'disabled', 'running', 'unmanaged'] diff --git a/modules/utilities/unix/logging/filebeat/.pmtignore b/modules/utilities/unix/logging/filebeat/.pmtignore new file mode 100644 index 000000000..fb5895753 --- /dev/null +++ b/modules/utilities/unix/logging/filebeat/.pmtignore @@ -0,0 +1,20 @@ +docs/ +pkg/ +Gemfile.lock +Gemfile.local +vendor/ +.vendor/ +spec/fixtures/manifests/ +spec/fixtures/modules/ +.vagrant/ +.bundle/ +.ruby-version +coverage/ +log/ +.idea/ +.dependencies/ +.librarian/ +Puppetfile.lock +*.iml +.*.sw? +.yardoc/ diff --git a/modules/utilities/unix/logging/filebeat/.puppet-lint.rc b/modules/utilities/unix/logging/filebeat/.puppet-lint.rc new file mode 100644 index 000000000..cc96ece05 --- /dev/null +++ b/modules/utilities/unix/logging/filebeat/.puppet-lint.rc @@ -0,0 +1 @@ +--relative diff --git a/modules/utilities/unix/logging/filebeat/.sync.yml b/modules/utilities/unix/logging/filebeat/.sync.yml new file mode 100644 index 000000000..d466c65f6 --- /dev/null +++ b/modules/utilities/unix/logging/filebeat/.sync.yml @@ -0,0 +1,5 @@ +mock_with: ':mocha' + +.travis.yml: + user: pcfens + secure: "z1SbP/Hisr5k66XL/ACLsZ/fG7cCpwl8apjZzt/YciWizwReioU2EkLr5tvXdUC10aIH6H7XBdA9XwPqwXa81cIqcdIHlRMIbosMUGYaXcUm1xhctB3GvEDqsxFqdZSHYXax+IR6Wt507Eop+iU3S5pf/zJcp4uSKQVapCMoeVCEQYLRwllgeaqtEUZwqOUwPk31C4YZxwrzmgbIVyXmPrp3SDToXaQm4S4RkayOqHH2lYi8isz3IPPQvDZY5681TBpo35AbsIRbhiLzGlBHbgRaE2dz7J1Gs8MBGFyrtDaPtc9UpbgEmyxgmaPs3NIeZkmfVoosjt2AHRsoMZB7ntaPAQ20mk44ugMhxd5HX8t7QdLPiYQqgA3O4QfKraxPzdEjYVs9Pf7BBgY4JpGSOAD3dlWNK0U40MzKe74cj6dshg9SfIdyf3M3MmI0KIIvdKhpgl8mSIL8MCWjnYYNpQMQDFgyrXvePnkPVlt7zlBxn+LJFFx3VLGNfSWbKavITM/nrvjpFkQZ34mPHTtTUYnT6HVehtwPd5x6ILqYcppEeeiloa4uLWhW/vg0wAOdOBv2IALdAqRMC56ODPK33gFRkX+CclsegtOh2In407njbXXZBQrY5h3SXuEVxZcFhGVTxJIV29viuWFSm7VF0a7IUmEbVrM23bqeaM+aOgs=" diff --git a/modules/utilities/unix/logging/filebeat/CHANGELOG.md b/modules/utilities/unix/logging/filebeat/CHANGELOG.md index bdc70944b..e50528feb 100644 --- a/modules/utilities/unix/logging/filebeat/CHANGELOG.md +++ b/modules/utilities/unix/logging/filebeat/CHANGELOG.md @@ -2,7 +2,152 @@ Changelog ========= ## Unreleased -[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.2.2...HEAD) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.7.1...HEAD) + +## [v4.8.0](https://github.com/pcfens/puppet-filebeat/tree/v4.8.0) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.7.0...v4.8.0) + +- Update powershell dependency constraints [\#268](https://github.com/pcfens/puppet-filebeat/pull/268) +- Support ES cloud credentials [\267](https://github.com/pcfens/puppet-filebeat/pull/267) + +## [v4.7.0](https://github.com/pcfens/puppet-filebeat/tree/v4.7.0) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.6.0...v4.7.0) + +- Add `extra_validation_options` when validating the config [\#265](https://github.com/pcfens/puppet-filebeat/pull/265) + +## [v4.6.0](https://github.com/pcfens/puppet-filebeat/tree/v4.6.0) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.5.0...v4.6.0) + +- Allow processors to be applied to all inputs, and consolidated common configuration [\#260](https://github.com/pcfens/puppet-filebeat/pull/260) + +## [v4.5.0](https://github.com/pcfens/puppet-filebeat/tree/v4.5.0) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.4.2...v4.5.0) + +- Restart filebeat when config files are removed [\#258](https://github.com/pcfens/puppet-filebeat/pull/258) +- Support TCP and UDP input plugins [\#259](https://github.com/pcfens/puppet-filebeat/pull/259) + +## [v4.4.2](https://github.com/pcfens/puppet-filebeat/tree/v4.4.2) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.4.1...v4.4.2) + +- Fix empty monitoring parameter [\#257](https://github.com/pcfens/puppet-filebeat/issues/257) + +## [v4.4.1](https://github.com/pcfens/puppet-filebeat/tree/v4.4.1) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.4.0...v4.4.1) + +- Fix powershell module version dependency [\#256](https://github.com/pcfens/puppet-filebeat/pull/256 + +## [v4.4.0](https://github.com/pcfens/puppet-filebeat/tree/v4.4.0) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.3.1...v4.4.0) + +- Add the ability to supply the monitoring.* of the config file [\#252](https://github.com/pcfens/puppet-filebeat/issues/252) +- Add support for Windows Server 2016 and 2019 Core editions [\#255](https://github.com/pcfens/puppet-filebeat/pull/255) + +## [v4.3.1](https://github.com/pcfens/puppet-filebeat/tree/v4.3.1) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.3.0...v4.3.1) + +- Allow fields and tags to be defined for any input type [\#249](https://github.com/pcfens/puppet-filebeat/pull/249) + +## [v4.3.0](https://github.com/pcfens/puppet-filebeat/tree/v4.3.0) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.2.0...v4.3.0) + +- Support setting index index lifecycle policy [\#238](https://github.com/pcfens/puppet-filebeat/pull/238) +- Support logging overrides with Puppet older than 6.1 [\#241](https://github.com/pcfens/puppet-filebeat/pull/241) +- Allow inputs to be defined using just a hash (supports open ended inputs) [\#236](https://github.com/pcfens/puppet-filebeat/pull/236) + + +## [v4.2.0](https://github.com/pcfens/puppet-filebeat/tree/v4.2.0) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.1.2...v4.2.0) + +- Fix regression of processors type +- Add support for syslog inputs [\#232](https://github.com/pcfens/puppet-filebeat/pull/233) +- Upgrade PDK to 1.15.0 + +## [v4.1.2](https://github.com/pcfens/puppet-filebeat/tree/v4.1.2) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.1.1...v4.1.2) + +- Fix hardocded path to yum [\#229](https://github.com/pcfens/puppet-filebeat/pull/229) + +## [v4.1.1](https://github.com/pcfens/puppet-filebeat/tree/v4.1.1) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.1.0...v4.1.1) + +- Support old versions of filebeat for a version fact only [\#227](https://github.com/pcfens/puppet-filebeat/pull/227) +- Fix the processor input data type [\#228](https://github.com/pcfens/puppet-filebeat/issues/228) + +## [v4.1.0](https://github.com/pcfens/puppet-filebeat/tree/v4.1.0) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.0.5...v4.1.0) + +- Allow for override of the default systemd logging options [\#223](https://github.com/pcfens/puppet-filebeat/pull/223) + +## [v4.0.5](https://github.com/pcfens/puppet-filebeat/tree/v4.0.5) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.0.4...v4.0.5) + +- Update metadata for apt and stdlib modules [\#220](https://github.com/pcfens/puppet-filebeat/pull/220) +- Fix README typo [\#221](https://github.com/pcfens/puppet-filebeat/pull/221) + + +## [v4.0.4](https://github.com/pcfens/puppet-filebeat/tree/v4.0.4) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.0.3...v4.0.4) + +- Validate configuration in Windows [\#219](https://github.com/pcfens/puppet-filebeat/pull/219) + +## [v4.0.3](https://github.com/pcfens/puppet-filebeat/tree/v4.0.3) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.0.2...v4.0.3) + +- Fix `filebeat_version` fact on Windows [\#218](https://github.com/pcfens/puppet-filebeat/pull/218) + +## [v4.0.2](https://github.com/pcfens/puppet-filebeat/tree/v4.0.2) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.0.1...v4.0.2) + +- Clear the yum cache whenever we modify the yum repo config [\#217](https://github.com/pcfens/puppet-filebeat/issues/217) + +## [v4.0.1](https://github.com/pcfens/puppet-filebeat/tree/v4.0.1) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.0.0...v4.0.1) + +- Fix unit tests [\#216](https://github.com/pcfens/puppet-filebeat/pull/213) +- Fix fresh install regression [\#217](https://github.com/pcfens/puppet-filebeat/pull/216) + + +## [v4.0.0](https://github.com/pcfens/puppet-filebeat/tree/v4.0.0) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.4.0...v4.0.0) + +- Switch from `filebeat::prospector` to `filebeat::input` to reflect the changes + in the upstream filebeat configuration. +- Add support for Filebeat 7 +- Remove support for `registry_file` and `registry_flush` settings (removed in 7.x) +- Remove `queue_size` parameter + +## [v3.4.0](https://github.com/pcfens/puppet-filebeat/tree/v3.4.0) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.3.3...v3.4.0) + +- Add filebeat.config.modules section [\#204](https://github.com/pcfens/puppet-filebeat/pull/204) +- Fix filebeat::prospector::fields_under_root [\#205](https://github.com/pcfens/puppet-filebeat/pull/205) + +## [v3.3.3](https://github.com/pcfens/puppet-filebeat/tree/v3.3.3) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.3.2...v3.3.3) + +- Add a harvester limit [\#196](https://github.com/pcfens/puppet-filebeat/pull/196) +- Fix documentaion error [\#198](https://github.com/pcfens/puppet-filebeat/issues/198) +- Fix Puppet 4.10 undefined method error [\#199](https://github.com/pcfens/puppet-filebeat/pull/199) + +## [v3.3.2](https://github.com/pcfens/puppet-filebeat/tree/v3.3.2) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.3.1...v3.3.2) + +- Produce valid YAML for prospectors [\#193](https://github.com/pcfens/puppet-filebeat/pull/193) +- Upgrade to PDK 1.7.1 +- Add tests for Puppet 6 +- Add Puppet 6 support to metadata + +## [v3.3.1](https://github.com/pcfens/puppet-filebeat/tree/v3.3.1) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.3.0...v3.3.1) + +- Add a new `manage_apt` flag for disabling the inclusion of puppetlabs/apt [\#185](https://github.com/pcfens/puppet-filebeat/pull/185) + +## [v3.3.0](https://github.com/pcfens/puppet-filebeat/tree/v3.3.0) +[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.2.2...v3.3.0) + +- Allow use of puppet/archive 3.x [\#190](https://github.com/pcfens/puppet-filebeat/pull/190) +- Add support for Docker inputs [\#191](https://github.com/pcfens/puppet-filebeat/pull/191) +- Support puppetlabs/stdlib 5.x ## [v3.2.2](https://github.com/pcfens/puppet-filebeat/tree/v3.2.2) [Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.2.1...v3.2.2) diff --git a/modules/utilities/unix/logging/filebeat/README.md b/modules/utilities/unix/logging/filebeat/README.md index beb52d8e1..cea94faff 100644 --- a/modules/utilities/unix/logging/filebeat/README.md +++ b/modules/utilities/unix/logging/filebeat/README.md @@ -10,12 +10,13 @@ - [Setup requirements](#setup-requirements) - [Beginning with filebeat](#beginning-with-filebeat) 3. [Usage - Configuration options and additional functionality](#usage) - - [Adding a prospector](#adding-a-prospector) + - [Adding an Input](#adding-an-input) - [Multiline Logs](#multiline-logs) - [JSON logs](#json-logs) - - [Prospectors in hiera](#prospectors-in-hiera) + - [Inputs in hiera](#inputs-in-hiera) - [Usage on Windows](#usage-on-windows) - [Processors](#processors) + - [Index Lifecycle Management](#index-lifecycle-management) 4. [Reference](#reference) - [Public Classes](#public-classes) - [Private Classes](#private-classes) @@ -36,9 +37,12 @@ The `filebeat` module installs and configures the [filebeat log shipper](https:/ By default `filebeat` adds a software repository to your system, and installs filebeat along with required configurations. -### Upgrading to Filebeat 6.x +### Upgrading to Filebeat 7.x -To upgrade to Filebeat 6.x, simply set `$filebeat::major_version` to `6` and `$filebeat::package_ensure` to `latest` (or whichever version of 6.x you want, just not present). +To upgrade to Filebeat 7.x, simply set `$filebeat::major_version` to `7` and `$filebeat::package_ensure` to `latest` (or whichever version of 7.x you want, just not present). + +You'll also need to change instances of `filebeat::prospector` to `filebeat::input` when upgrading to version 4.x of +this module. ### Setup Requirements @@ -66,7 +70,6 @@ class { 'filebeat': 'http://anotherserver:9200' ], 'loadbalance' => true, - 'index' => 'packetbeat', 'cas' => [ '/etc/pki/root/ca.pem', ], @@ -96,18 +99,18 @@ class { 'filebeat': [logging](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-configuration-details.html#configuration-logging) options can be configured the same way, and are documented on the [elastic website](https://www.elastic.co/guide/en/beats/filebeat/current/index.html). -### Adding a prospector +### Adding an Input -Prospectors are processes that ship log files to elasticsearch or logstash. They can +Inputs are processes that ship log files to elasticsearch or logstash. They can be defined as a hash added to the class declaration (also used for automatically creating -prospectors using hiera), or as their own defined resources. +input using hiera), or as their own defined resources. At a minimum, the `paths` parameter must be set to an array of files or blobs that should be shipped. `doc_type` is what logstash views as the type parameter if you'd like to apply conditional filters. ```puppet -filebeat::prospector { 'syslogs': +filebeat::input { 'syslogs': paths => [ '/var/log/auth.log', '/var/log/syslog', @@ -118,23 +121,26 @@ filebeat::prospector { 'syslogs': #### Multiline Logs -Filebeat prospectors can handle multiline log entries. The `multiline` +Filebeat inputs can handle multiline log entries. The `multiline` parameter accepts a hash containing `pattern`, `negate`, `match`, `max_lines`, and `timeout` as documented in the filebeat [configuration documentation](https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html). #### JSON Logs -Filebeat prospectors (versions >= 5.0) can natively decode JSON objects if they are stored one per line. The `json` +Filebeat inputs (versions >= 5.0) can natively decode JSON objects if they are stored one per line. The `json` parameter accepts a hash containing `message_key`, `keys_under_root`, `overwrite_keys`, and `add_error_key` as documented in the filebeat [configuration documentation](https://www.elastic.co/guide/en/beats/filebeat/5.5/configuration-filebeat-options.html#config-json). -### Prospectors in Hiera +### Inputs in Hiera -Prospectors can be defined in hiera using the `prospectors` parameter. By default, hiera will not merge -prospector declarations down the hiera hierarchy. That behavior can be changed by configuring the +Inputs can be defined in hiera using the `inputs` parameter. By default, hiera will not merge +input declarations down the hiera hierarchy. That behavior can be changed by configuring the [lookup_options](https://docs.puppet.com/puppet/latest/reference/lookup_quick.html#setting-lookupoptions-in-data) flag. +`inputs` can be a Hash that will follow all the parameters listed on this documentation or an +Array that will output as is to the input config file. + ### Usage on Windows When installing on Windows, this module will download the windows version of Filebeat from @@ -152,41 +158,49 @@ processors using hiera), or as their own defined resources. To drop the offset and input_type fields from all events: ```puppet -class{"filebeat": - processors => { - "drop_fields" => { - "params" => {"fields" => ["input_type", "offset"]} - }, - }, +class {'filebeat': + processors => [ + { + 'drop_fields' => { + 'fields' => ['input_type', 'offset'], + } + } + ], } ``` To drop all events that have the http response code equal to 200: - +input ```puppet -class{"filebeat": - processors => { - "drop_event" => { - "when" => {"equals" => {"http.code" => 200}} - }, - }, +class {'filebeat': + processors => [ + { + 'drop_event' => { + 'when' => {'equals' => {'http.code' => 200}} + } + } + ], } ``` Now to combine these examples into a single definition: ```puppet -class{"filebeat": - processors => { - "drop_fields" => { - "params" => {"fields" => ["input_type", "offset"]}, - "priority" => 1, +class {'filebeat': + processors => [ + { + 'drop_fields' => { + 'params' => {'fields' => ['input_type', 'offset']}, + 'priority' => 1, + } }, - "drop_event" => { - "when" => {"equals" => {"http.code" => 200}}, - "priority: => 2, - }, - }, + { + 'drop_event' => { + 'when' => {'equals' => {'http.code' => 200}}, + 'priority' => 2, + } + } + ], } ``` @@ -199,6 +213,22 @@ processor declarations down the hiera hierarchy. That behavior can be changed by [lookup_options](https://docs.puppet.com/puppet/latest/reference/lookup_quick.html#setting-lookupoptions-in-data) flag. +### Index Lifecycle Management + +You can override the default filebeat ILM policy by specifying `ilm.policy` hash in `filebeat::setup` parameter: + +``` +filebeat::setup: + ilm.policy: + phases: + hot: + min_age: "0ms" + actions: + rollover: + max_size: "10gb" + max_age: "1d" +``` + ## Reference - [**Public Classes**](#public-classes) - [Class: filebeat](#class-filebeat) @@ -211,7 +241,7 @@ flag. - [Class: filebeat::install::linux](#class-filebeatinstalllinux) - [Class: filebeat::install::windows](#class-filebeatinstallwindows) - [**Public Defines**](#public-defines) - - [Define: filebeat::prospector](#define-filebeatprospector) + - [Define: filebeat::input](#define-filebeatinput) - [Define: filebeat::processors](#define-filebeatprocessor) ### Public Classes @@ -222,32 +252,36 @@ Installs and configures filebeat. **Parameters within `filebeat`** - `package_ensure`: [String] The ensure parameter for the filebeat package If set to absent, - prospectors and processors passed as parameters are ignored and everything managed by + inputs and processors passed as parameters are ignored and everything managed by puppet will be removed. (default: present) - `manage_repo`: [Boolean] Whether or not the upstream (elastic) repo should be configured or not (default: true) -- `major_version`: [Enum] The major version of Filebeat to install. Should be either `5` or `6`. The default value is `5`. +- `major_version`: [Enum] The major version of Filebeat to install. Should be either `'5'` or `'6'`. The default value is `'6'`, except + for OpenBSD 6.3 and earlier, which has a default value of `'5'`. - `service_ensure`: [String] The ensure parameter on the filebeat service (default: running) - `service_enable`: [String] The enable parameter on the filebeat service (default: true) - `param repo_priority`: [Integer] Repository priority. yum and apt supported (default: undef) - `service_provider`: [String] The provider parameter on the filebeat service (default: on RedHat based systems use redhat, otherwise undefined) - `spool_size`: [Integer] How large the spool should grow before being flushed to the network (default: 2048) - `idle_timeout`: [String] How often the spooler should be flushed even if spool size isn't reached (default: 5s) -- `publish_async`: [Boolean] If set to true filebeat will publish while preparing the next batch of lines to transmit (defualt: false) -- `registry_file`: [String] The registry file used to store positions, must be an absolute path (default is OS dependent - see params.pp) +- `publish_async`: [Boolean] If set to true filebeat will publish while preparing the next batch of lines to transmit (default: false) - `config_file`: [String] Where the configuration file managed by this module should be placed. If you think you might want to use this, read the [limitations](#using-config_file) first. Defaults to the location that filebeat expects for your operating system. -- `config_dir`: [String] The directory where prospectors should be defined (default: /etc/filebeat/conf.d) +- `config_dir`: [String] The directory where inputs should be defined (default: /etc/filebeat/conf.d) - `config_dir_mode`: [String] The permissions mode set on the configuration directory (default: 0755) - `config_dir_owner`: [String] The owner of the configuration directory (default: root). Linux only. - `config_dir_group`: [String] The group of the configuration directory (default: root). Linux only. - `config_file_mode`: [String] The permissions mode set on configuration files (default: 0644) -- `config_file_owner`: [String] The owner of the configuration files, including prospectors (default: root). Linux only. -- `config_file_group`: [String] The group of the configuration files, including prospectors (default: root). Linux only. -- `purge_conf_dir`: [Boolean] Should files in the prospector configuration directory not managed by puppet be automatically purged +- `config_file_owner`: [String] The owner of the configuration files, including inputs (default: root). Linux only. +- `config_file_group`: [String] The group of the configuration files, including inputs (default: root). Linux only. +- `purge_conf_dir`: [Boolean] Should files in the input configuration directory not managed by puppet be automatically purged +- `enable_conf_modules`: [Boolean] Should filebeat.config.modules be enabled +- `modules_dir`: [String] The directory where module configurations should be defined (default: /etc/filebeat/modules.d) +- `cloud`: [Hash] Will be converted to YAML for the optional cloud.id and cloud.auth of the configuration (see documentation, and above) - `outputs`: [Hash] Will be converted to YAML for the required outputs section of the configuration (see documentation, and above) - `shipper`: [Hash] Will be converted to YAML to create the optional shipper section of the filebeat config (see documentation) - `logging`: [Hash] Will be converted to YAML to create the optional logging section of the filebeat config (see documentation) +- `systemd_beat_log_opts_override`: [String] Will overide the default `BEAT_LOG_OPTS=-e`. Required if using `logging` hash on systems running with systemd. required: Puppet 6.1+, Filebeat 7+, - `modules`: [Array] Will be converted to YAML to create the optional modules section of the filebeat config (see documentation) - `conf_template`: [String] The configuration template to use to generate the main filebeat.yml config file. - `download_url`: [String] The URL of the zip file that should be downloaded to install filebeat (windows only) @@ -256,21 +290,22 @@ Installs and configures filebeat. - `shutdown_timeout`: [String] How long filebeat waits on shutdown for the publisher to finish sending events - `beat_name`: [String] The name of the beat shipper (default: hostname) - `tags`: [Array] A list of tags that will be included with each published transaction -- `queue_size`: [String] The internal queue size for events in the pipeline - `max_procs`: [Number] The maximum number of CPUs that can be simultaneously used - `fields`: [Hash] Optional fields that should be added to each event output - `fields_under_root`: [Boolean] If set to true, custom fields are stored in the top level instead of under fields - `disable_config_test`: [Boolean] If set to true, configuration tests won't be run on config files before writing them. -- `processors`: [Hash] Processors that should be configured. -- `prospectors`: [Hash] Prospectors that will be created. Commonly used to create prospectors using hiera +- `processors`: [Array] Processors that should be configured. +- `monitoring`: [Hash] The monitoring.* components of the filebeat configuration. +- `inputs`: [Hash] or [Array] Inputs that will be created. Commonly used to create inputs using hiera - `setup`: [Hash] Setup that will be created. Commonly used to create setup using hiera - `xpack`: [Hash] XPack configuration to pass to filebeat +- `extra_validate_options`: [String] Extra command line options to pass to the configuration validation command. ### Private Classes #### Class: `filebeat::config` -Creates the configuration files required for filebeat (but not the prospectors) +Creates the configuration files required for filebeat (but not the inputs) #### Class: `filebeat::install` @@ -298,19 +333,26 @@ Downloads, extracts, and installs the filebeat zip file in Windows. ### Public Defines -#### Define: `filebeat::prospector` +#### Define: `filebeat::input` -Installs a configuration file for a prospector. +Installs a configuration file for a input. Be sure to read the [filebeat configuration details](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-configuration-details.html) to fully understand what these parameters do. -**Parameters for `filebeat::prospector`** - - `ensure`: The ensure parameter on the prospector configuration file. (default: present) - - `paths`: [Array] The paths, or blobs that should be handled by the prospector. (required) +**Parameters for `filebeat::input`** + - `ensure`: The ensure parameter on the input configuration file. (default: present) + - `paths`: [Array] The paths, or blobs that should be handled by the input. (required if input_type is _log_) + - `containers_ids`: [Array] If input_type is _docker_, the list of Docker container ids to read the logs from. (default: '*') + - `containers_path`: [String] If input_type is _docker_, the path from where the logs should be read from. (default: /var/log/docker/containers) + - `containers_stream`: [String] If input_type is _docker_, read from the specified stream only. (default: all) + - `combine_partial`: [Boolean] If input_type is _docker_, enable partial messages joining. (default: false) + - `cri_parse_flags`: [Boolean] If input_type is _docker_, enable CRI flags parsing from the log file. (default: false) + - `syslog_protocol`: [Enum tcp,udp] Syslog protocol (default: udp) + - `syslog_host`: [String] Host to listen for syslog messages (default: localhost:5140) - `exclude_files`: [Array] Files that match any regex in the list are excluded from filebeat (default: []) - `encoding`: [String] The file encoding. (default: plain) - - `input_type`: [String] log or stdin - where filebeat reads the log from (default:log) + - `input_type`: [String] where filebeat reads the log from (default:log) - `fields`: [Hash] Optional fields to add information to the output (default: {}) - `fields_under_root`: [Boolean] Should the `fields` parameter fields be stored at the top level of indexed documents. - `ignore_older`: [String] Files older than this field will be ignored by filebeat (default: ignore nothing) @@ -319,7 +361,7 @@ to fully understand what these parameters do. - `log_type`: [String] \(Deprecated - use `doc_type`\) The document_type setting (optional - default: log) - `doc_type`: [String] The event type to used for published lines, used as type field in logstash and elasticsearch (optional - default: log) - - `scan_frequency`: [String] How often should the prospector check for new files (default: 10s) + - `scan_frequency`: [String] How often should the input check for new files (default: 10s) - `harvester_buffer_size`: [Integer] The buffer size the harvester uses when fetching the file (default: 16384) - `tail_files`: [Boolean] If true, filebeat starts reading new files at the end instead of the beginning (default: false) - `backoff`: [String] How long filebeat should wait between scanning a file after reaching EOF (default: 1s) @@ -327,16 +369,19 @@ to fully understand what these parameters do. - `backoff_factor`: [Integer] `backoff` is multiplied by this parameter until `max_backoff` is reached to determine the actual backoff (default: 2) - `force_close_files`: [Boolean] Should filebeat forcibly close a file when renamed (default: false) - - `pipeline`: [String] Filebeat can be configured for a different ingest pipeline for each prospector (default: undef) + - `pipeline`: [String] Filebeat can be configured for a different ingest pipeline for each input (default: undef) - `include_lines`: [Array] A list of regular expressions to match the lines that you want to include. Ignored if empty (default: []) - `exclude_lines`: [Array] A list of regular expressions to match the files that you want to exclude. Ignored if empty (default: []) - `max_bytes`: [Integer] The maximum number of bytes that a single log message can have (default: 10485760) + - `tags`: [Array] A list of tags to send along with the log data. - `json`: [Hash] Options that control how filebeat handles decoding of log messages in JSON format [See above](#json-logs). (default: {}) - `multiline`: [Hash] Options that control how Filebeat handles log messages that span multiple lines. [See above](#multiline-logs). (default: {}) + - `host`: [String] Host and port used to read events for TCP or UDP plugin (default: localhost:9000) + - `max_message_size`: [String] The maximum size of the message received over TCP or UDP (default: undef) ## Limitations This module doesn't load the [elasticsearch index template](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html#filebeat-template) into elasticsearch (required when shipping @@ -352,15 +397,6 @@ By default, a generic, open ended template is used that simply converts your con a hash that is produced as YAML on the system. To use a template that is more strict, but possibly incomplete, set `conf_template` to `filebeat/filebeat.yml.erb`. -### Registry Path - -The default registry file in this module doesn't match the filebeat default, but moving the file -while the filbeat service is running can cause data duplication or data loss. If you're installing -filebeat for the first time you should consider setting `registry_file` to match the -[default](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-global-options.html#_registry_file). - -Be sure to include a path or the file will be put at the root of your filesystem. - ### Debian Systems Filebeat 5.x and newer requires apt-transport-https, but this module won't install it for you. @@ -384,6 +420,45 @@ file { '/etc/filebeat/filebeat.yml': ``` to ensure that services are managed like you might expect. +### Logging on systems with Systemd and with version filebeat 7.0+ installed +With filebeat version 7+ running on systems with systemd, the filebeat systemd service file contains a default that will ignore the logging hash parameter + +``` +Environment="BEAT_LOG_OPTS=-e` +``` +to overide this default, you will need to set the systemd_beat_log_opts_override parameter to empty string + +example: +```puppet +class {'filebeat': + logging => { + 'level' => 'debug', + 'to_syslog' => false, + 'to_files' => true, + 'files' => { + 'path' => '/var/log/filebeat', + 'name' => 'filebeat', + 'keepfiles' => '7', + 'permissions' => '0644' + }, + systemd_beat_log_opts_override => "", +} +``` + +this will only work on systems with puppet version 6.1+. On systems with puppet version < 6.1 you will need to `systemctl daemon-reload`. This can be achived by using the [camptocamp-systemd](https://forge.puppet.com/camptocamp/systemd) + +```puppet +include systemd::systemctl::daemon_reload + +class {'filebeat': + logging => { +... + }, + systemd_beat_log_opts_override => "", + notify => Class['systemd::systemctl::daemon_reload'], +} +``` + ## Development Pull requests and bug reports are welcome. If you're sending a pull request, please consider diff --git a/modules/utilities/unix/logging/filebeat/filebeat.pp b/modules/utilities/unix/logging/filebeat/filebeat.pp index 6fb36cf13..ffb59e3db 100644 --- a/modules/utilities/unix/logging/filebeat/filebeat.pp +++ b/modules/utilities/unix/logging/filebeat/filebeat.pp @@ -1,22 +1,25 @@ -$secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) -$logstash_ip = $secgen_parameters['logstash_ip'][0] -$logstash_port = 0 + $secgen_parameters['logstash_port'][0] +unless defined('analysis_alert_action_client') { + $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) + $logstash_ip = $secgen_parameters['logstash_ip'][0] + $logstash_port = 0 + $secgen_parameters['logstash_port'][0] -class { 'filebeat': - outputs => { - 'logstash' => { - 'hosts' => [ - "$logstash_ip:$logstash_port", - ], - 'index' => 'filebeat', + class { 'filebeat': + major_version => '7', + outputs => { + 'logstash' => { + 'hosts' => [ + "$logstash_ip:$logstash_port", + ], + 'index' => 'filebeat', + }, }, - }, -} + } -filebeat::prospector { 'syslogs': - paths => [ - '/var/log/auth.log', - '/var/log/syslog', - ], - doc_type => 'syslog-beat', + filebeat::prospector { 'syslogs': + paths => [ + '/var/log/auth.log', + '/var/log/syslog', + ], + doc_type => 'syslog-beat', + } } \ No newline at end of file diff --git a/modules/utilities/unix/logging/filebeat/lib/facter/filebeat_version.rb b/modules/utilities/unix/logging/filebeat/lib/facter/filebeat_version.rb index db45f8035..9a5f5bfa6 100644 --- a/modules/utilities/unix/logging/filebeat/lib/facter/filebeat_version.rb +++ b/modules/utilities/unix/logging/filebeat/lib/facter/filebeat_version.rb @@ -3,14 +3,23 @@ Facter.add('filebeat_version') do confine 'kernel' => ['FreeBSD', 'OpenBSD', 'Linux', 'Windows'] if File.executable?('/usr/bin/filebeat') filebeat_version = Facter::Util::Resolution.exec('/usr/bin/filebeat version') + if filebeat_version.empty? + filebeat_version = Facter::Util::Resolution.exec('/usr/bin/filebeat --version') + end elsif File.executable?('/usr/local/bin/filebeat') - filebeat_version = Facter::Util::Resolution.exec('/usr/local/bin/filebeat --version') + filebeat_version = Facter::Util::Resolution.exec('/usr/local/bin/filebeat version') + if filebeat_version.empty? + filebeat_version = Facter::Util::Resolution.exec('/usr/local/bin/filebeat --version') + end elsif File.executable?('/usr/share/filebeat/bin/filebeat') filebeat_version = Facter::Util::Resolution.exec('/usr/share/filebeat/bin/filebeat --version') elsif File.executable?('/usr/local/sbin/filebeat') filebeat_version = Facter::Util::Resolution.exec('/usr/local/sbin/filebeat --version') elsif File.exist?('c:\Program Files\Filebeat\filebeat.exe') - filebeat_version = Facter::Util::Resolution.exec('"c:\Program Files\Filebeat\filebeat.exe" --version') + filebeat_version = Facter::Util::Resolution.exec('"c:\Program Files\Filebeat\filebeat.exe" version') + if filebeat_version.empty? + filebeat_version = Facter::Util::Resolution.exec('"c:\Program Files\Filebeat\filebeat.exe" --version') + end end setcode do filebeat_version.nil? ? false : %r{^filebeat version ([^\s]+)?}.match(filebeat_version)[1] diff --git a/modules/utilities/unix/logging/filebeat/manifests/config.pp b/modules/utilities/unix/logging/filebeat/manifests/config.pp index 4a4676e26..fa0d67149 100644 --- a/modules/utilities/unix/logging/filebeat/manifests/config.pp +++ b/modules/utilities/unix/logging/filebeat/manifests/config.pp @@ -6,6 +6,17 @@ class filebeat::config { $major_version = $filebeat::major_version + if has_key($filebeat::setup, 'ilm.policy') { + file {"${filebeat::config_dir}/ilm_policy.json": + content => to_json({'policy' => $filebeat::setup['ilm.policy']}), + notify => Service['filebeat'], + require => File['filebeat-config-dir'], + } + $setup = $filebeat::setup - 'ilm.policy' + {'ilm.policy_file' => "${filebeat::config_dir}/ilm_policy.json"} + } else { + $setup = $filebeat::setup + } + if versioncmp($major_version, '6') >= 0 { $filebeat_config_temp = delete_undef_values({ 'shutdown_timeout' => $filebeat::shutdown_timeout, @@ -15,20 +26,26 @@ class filebeat::config { 'fields' => $filebeat::fields, 'fields_under_root' => $filebeat::fields_under_root, 'filebeat' => { - 'registry_file' => $filebeat::registry_file, - 'config.prospectors' => { + 'config.inputs' => { 'enabled' => true, 'path' => "${filebeat::config_dir}/*.yml", }, + 'config.modules' => { + 'enabled' => $filebeat::enable_conf_modules, + 'path' => "${filebeat::modules_dir}/*.yml", + }, 'shutdown_timeout' => $filebeat::shutdown_timeout, 'modules' => $filebeat::modules, }, + 'http' => $filebeat::http, + 'cloud' => $filebeat::cloud, 'output' => $filebeat::outputs, 'shipper' => $filebeat::shipper, 'logging' => $filebeat::logging, 'runoptions' => $filebeat::run_options, 'processors' => $filebeat::processors, - 'setup' => $filebeat::setup, + 'monitoring' => $filebeat::monitoring, + 'setup' => $setup, }) # Add the 'xpack' section if supported (version >= 6.1.0) and not undef if $filebeat::xpack and versioncmp($filebeat::package_ensure, '6.1.0') >= 0 { @@ -69,8 +86,8 @@ class filebeat::config { } } - if $::filebeat_version { - $skip_validation = versioncmp($::filebeat_version, $filebeat::major_version) ? { + if 'filebeat_version' in $facts and $facts['filebeat_version'] != false { + $skip_validation = versioncmp($facts['filebeat_version'], $filebeat::major_version) ? { -1 => true, default => false, } @@ -78,15 +95,13 @@ class filebeat::config { $skip_validation = false } - Filebeat::Prospector <| |> -> File['filebeat.yml'] - case $::kernel { 'Linux' : { $validate_cmd = ($filebeat::disable_config_test or $skip_validation) ? { true => undef, default => $major_version ? { - '5' => "${filebeat::filebeat_path} -N -configtest -c %", - default => "${filebeat::filebeat_path} -c % test config", + '5' => "${filebeat::filebeat_path} ${filebeat::extra_validate_options} -N -configtest -c %", + default => "${filebeat::filebeat_path} ${filebeat::extra_validate_options} -c % test config", }, } @@ -111,13 +126,14 @@ class filebeat::config { recurse => $filebeat::purge_conf_dir, purge => $filebeat::purge_conf_dir, force => true, + notify => Service['filebeat'], } } # end Linux 'FreeBSD' : { $validate_cmd = ($filebeat::disable_config_test or $skip_validation) ? { true => undef, - default => '/usr/local/sbin/filebeat -N -configtest -c %', + default => '/usr/local/sbin/filebeat ${filebeat::extra_validate_options} -N -configtest -c %', } file {'filebeat.yml': @@ -141,6 +157,7 @@ class filebeat::config { recurse => $filebeat::purge_conf_dir, purge => $filebeat::purge_conf_dir, force => true, + notify => Service['filebeat'], } } # end FreeBSD @@ -148,8 +165,8 @@ class filebeat::config { $validate_cmd = ($filebeat::disable_config_test or $skip_validation) ? { true => undef, default => $major_version ? { - '5' => "${filebeat::filebeat_path} -N -configtest -c %", - default => "${filebeat::filebeat_path} -c % test config", + '5' => "${filebeat::filebeat_path} ${filebeat::extra_validate_options} -N -configtest -c %", + default => "${filebeat::filebeat_path} ${filebeat::extra_validate_options} -c % test config", }, } @@ -174,6 +191,7 @@ class filebeat::config { recurse => $filebeat::purge_conf_dir, purge => $filebeat::purge_conf_dir, force => true, + notify => Service['filebeat'], } } # end OpenBSD @@ -183,7 +201,10 @@ class filebeat::config { $validate_cmd = ($filebeat::disable_config_test or $skip_validation) ? { true => undef, - default => "\"${filebeat_path}\" -N -configtest -c \"%\"", + default => $major_version ? { + '7' => "\"${filebeat_path}\" ${filebeat::extra_validate_options} test config -c \"%\"", + default => "\"${filebeat_path}\" ${filebeat::extra_validate_options} -N -configtest -c \"%\"", + } } file {'filebeat.yml': diff --git a/modules/utilities/unix/logging/filebeat/manifests/init.pp b/modules/utilities/unix/logging/filebeat/manifests/init.pp index eea536adf..d1efd42c4 100644 --- a/modules/utilities/unix/logging/filebeat/manifests/init.pp +++ b/modules/utilities/unix/logging/filebeat/manifests/init.pp @@ -14,6 +14,7 @@ # # @param package_ensure [String] The ensure parameter for the filebeat package (default: present) # @param manage_repo [Boolean] Whether or not the upstream (elastic) repo should be configured or not (default: true) +# @param manage_apt [Boolean] Whether or not the apt class should be explicitly called or not (default: true) # @param major_version [Enum] The major version of Filebeat to be installed. # @param service_ensure [String] The ensure parameter on the filebeat service (default: running) # @param service_enable [String] The enable parameter on the filebeat service (default: true) @@ -21,11 +22,12 @@ # @param spool_size [Integer] How large the spool should grow before being flushed to the network (default: 2048) # @param idle_timeout [String] How often the spooler should be flushed even if spool size isn't reached (default: 5s) # @param publish_async [Boolean] If set to true filebeat will publish while preparing the next batch of lines to send (defualt: false) -# @param registry_file [String] The registry file used to store positions, absolute or relative to working directory (default .filebeat) -# @param config_dir [String] The directory where prospectors should be defined (default: /etc/filebeat/conf.d) +# @param config_dir [String] The directory where inputs should be defined (default: /etc/filebeat/conf.d) # @param config_dir_mode [String] The unix permissions mode set on the configuration directory (default: 0755) # @param config_file_mode [String] The unix permissions mode set on configuration files (default: 0644) -# @param purge_conf_dir [Boolean] Should files in the prospector configuration directory not managed by puppet be automatically purged +# @param purge_conf_dir [Boolean] Should files in the input configuration directory not managed by puppet be automatically purged +# @param http [Hash] A hash of the http section of configuration +# @param cloud [Hash] Will be converted to YAML for the optional cloud of the configuration (see documentation, and above) # @param outputs [Hash] Will be converted to YAML for the required outputs section of the configuration (see documentation, and above) # @param shipper [Hash] Will be converted to YAML to create the optional shipper section of the filebeat config (see documentation) # @param logging [Hash] Will be converted to YAML to create the optional logging section of the filebeat config (see documentation) @@ -37,20 +39,22 @@ # @param shutdown_timeout [String] How long filebeat waits on shutdown for the publisher to finish sending events # @param beat_name [String] The name of the beat shipper (default: hostname) # @param tags [Array] A list of tags that will be included with each published transaction -# @param queue_size [String] The internal queue size for events in the pipeline # @param max_procs [Integer] The maximum number of CPUs that can be simultaneously used # @param fields [Hash] Optional fields that should be added to each event output # @param fields_under_root [Boolean] If set to true, custom fields are stored in the top level instead of under fields # @param processors [Array] Processors that will be added. Commonly used to create processors using hiera. -# @param prospectors [Hash] Prospectors that will be created. Commonly used to create prospectors using hiera +# @param monitoring [Hash] The monitoring section of the configuration file. +# @param inputs [Hash] or [Array] Inputs that will be created. Commonly used to create inputs using hiera # @param setup [Hash] setup that will be created. Commonly used to create setup using hiera -# @param prospectors_merge [Boolean] Whether $prospectors should merge all hiera sources, or use simple automatic parameter lookup +# @param inputs_merge [Boolean] Whether $inputs should merge all hiera sources, or use simple automatic parameter lookup # proxy_address [String] Proxy server to use for downloading files # @param xpack [Hash] Configuration items to export internal stats to a monitoring Elasticsearch cluster +# @param extra_validate_options [String] Extra command line options to pass to the configuration validation command class filebeat ( String $package_ensure = $filebeat::params::package_ensure, Boolean $manage_repo = $filebeat::params::manage_repo, - Enum['5','6'] $major_version = $filebeat::params::major_version, + Boolean $manage_apt = $filebeat::params::manage_apt, + Enum['5','6', '7'] $major_version = $filebeat::params::major_version, Variant[Boolean, Enum['stopped', 'running']] $service_ensure = $filebeat::params::service_ensure, Boolean $service_enable = $filebeat::params::service_enable, Optional[String] $service_provider = $filebeat::params::service_provider, @@ -58,7 +62,6 @@ class filebeat ( Integer $spool_size = $filebeat::params::spool_size, String $idle_timeout = $filebeat::params::idle_timeout, Boolean $publish_async = $filebeat::params::publish_async, - String $registry_file = $filebeat::params::registry_file, String $config_file = $filebeat::params::config_file, Optional[String] $config_file_owner = $filebeat::params::config_file_owner, Optional[String] $config_file_group = $filebeat::params::config_file_group, @@ -68,6 +71,10 @@ class filebeat ( Optional[String] $config_dir_owner = $filebeat::params::config_dir_owner, Optional[String] $config_dir_group = $filebeat::params::config_dir_group, Boolean $purge_conf_dir = $filebeat::params::purge_conf_dir, + String $modules_dir = $filebeat::params::modules_dir, + Boolean $enable_conf_modules = $filebeat::params::enable_conf_modules, + Hash $http = $filebeat::params::http, + Hash $cloud = $filebeat::params::cloud, Hash $outputs = $filebeat::params::outputs, Hash $shipper = $filebeat::params::shipper, Hash $logging = $filebeat::params::logging, @@ -79,18 +86,27 @@ class filebeat ( String $shutdown_timeout = $filebeat::params::shutdown_timeout, String $beat_name = $filebeat::params::beat_name, Array $tags = $filebeat::params::tags, - Integer $queue_size = $filebeat::params::queue_size, Optional[Integer] $max_procs = $filebeat::params::max_procs, Hash $fields = $filebeat::params::fields, Boolean $fields_under_root = $filebeat::params::fields_under_root, Boolean $disable_config_test = $filebeat::params::disable_config_test, Array $processors = [], - Hash $prospectors = {}, + Optional[Hash] $monitoring = undef, + Variant[Hash, Array] $inputs = {}, Hash $setup = {}, Array $modules = [], Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]] $proxy_address = undef, # lint:ignore:140chars Stdlib::Absolutepath $filebeat_path = $filebeat::params::filebeat_path, Optional[Hash] $xpack = $filebeat::params::xpack, + + Integer $queue_size = 4096, + String $registry_file = 'filebeat.yml', + + Optional[String] $systemd_beat_log_opts_override = undef, + String $systemd_beat_log_opts_template = $filebeat::params::systemd_beat_log_opts_template, + String $systemd_override_dir = $filebeat::params::systemd_override_dir, + Optional[String] $extra_validate_options = undef, + ) inherits filebeat::params { include ::stdlib @@ -109,11 +125,13 @@ class filebeat ( $real_service_ensure = 'stopped' $file_ensure = 'absent' $directory_ensure = 'absent' + $real_service_enable = false } else { $alternate_ensure = 'present' $file_ensure = 'file' $directory_ensure = 'directory' $real_service_ensure = $service_ensure + $real_service_enable = $service_enable } # If we're removing filebeat, do things in a different order to make sure @@ -133,8 +151,12 @@ class filebeat ( } if $package_ensure != 'absent' { - if !empty($prospectors) { - create_resources('filebeat::prospector', $prospectors) + if !empty($inputs) { + if $inputs =~ Array { + create_resources('filebeat::input', { 'inputs' => { pure_array => true } }) + } else { + create_resources('filebeat::input', $inputs) + } } } } diff --git a/modules/utilities/unix/logging/filebeat/manifests/input.pp b/modules/utilities/unix/logging/filebeat/manifests/input.pp new file mode 100644 index 000000000..f3484b87f --- /dev/null +++ b/modules/utilities/unix/logging/filebeat/manifests/input.pp @@ -0,0 +1,137 @@ +# filebeat::input +# +# A description of what this defined type does +# +# @summary A short summary of the purpose of this defined type. +# +# @example +# filebeat::input { 'namevar': } +define filebeat::input ( + Enum['absent', 'present'] $ensure = present, + Array[String] $paths = [], + Array[String] $exclude_files = [], + Array[String] $containers_ids = ['\'*\''], + String $containers_path = '/var/lib/docker/containers', + String $containers_stream = 'all', + Boolean $combine_partial = false, + Enum['tcp', 'udp'] $syslog_protocol = 'udp', + String $syslog_host = 'localhost:5140', + Boolean $cri_parse_flags = false, + String $encoding = 'plain', + String $input_type = 'log', + Hash $fields = {}, + Boolean $fields_under_root = $filebeat::fields_under_root, + Optional[String] $ignore_older = undef, + Optional[String] $close_older = undef, + String $doc_type = 'log', + String $scan_frequency = '10s', + Integer $harvester_buffer_size = 16384, + Optional[Integer] $harvester_limit = undef, + Boolean $tail_files = false, + String $backoff = '1s', + String $max_backoff = '10s', + Integer $backoff_factor = 2, + String $close_inactive = '5m', + Boolean $close_renamed = false, + Boolean $close_removed = true, + Boolean $close_eof = false, + Variant[String, Integer] $clean_inactive = 0, + Boolean $clean_removed = true, + Integer $close_timeout = 0, + Boolean $force_close_files = false, + Array[String] $include_lines = [], + Array[String] $exclude_lines = [], + String $max_bytes = '10485760', + Hash $multiline = {}, + Hash $json = {}, + Array[String] $tags = [], + Boolean $symlinks = false, + Optional[String] $pipeline = undef, + Array $processors = [], + Boolean $pure_array = false, + String $host = 'localhost:9000', + Optional[String] $max_message_size = undef, +) { + + $input_template = $filebeat::major_version ? { + '5' => 'prospector.yml.erb', + default => 'input.yml.erb', + } + + if 'filebeat_version' in $facts and $facts['filebeat_version'] != false { + $skip_validation = versioncmp($facts['filebeat_version'], $filebeat::major_version) ? { + -1 => true, + default => false, + } + } else { + $skip_validation = false + } + + case $::kernel { + 'Linux', 'OpenBSD' : { + $validate_cmd = ($filebeat::disable_config_test or $skip_validation) ? { + true => undef, + default => $filebeat::major_version ? { + '5' => "\"${filebeat::filebeat_path}\" -N -configtest -c \"%\"", + default => "\"${filebeat::filebeat_path}\" -c \"${filebeat::config_file}\" test config", + }, + } + file { "filebeat-${name}": + ensure => $ensure, + path => "${filebeat::config_dir}/${name}.yml", + owner => 'root', + group => '0', + mode => $::filebeat::config_file_mode, + content => template("${module_name}/${input_template}"), + validate_cmd => $validate_cmd, + notify => Service['filebeat'], + require => File['filebeat.yml'], + } + } + + 'FreeBSD' : { + $validate_cmd = ($filebeat::disable_config_test or $skip_validation) ? { + true => undef, + default => '/usr/local/sbin/filebeat -N -configtest -c %', + } + file { "filebeat-${name}": + ensure => $ensure, + path => "${filebeat::config_dir}/${name}.yml", + owner => 'root', + group => 'wheel', + mode => $::filebeat::config_file_mode, + content => template("${module_name}/${input_template}"), + validate_cmd => $validate_cmd, + notify => Service['filebeat'], + require => File['filebeat.yml'], + } + } + + 'Windows' : { + $cmd_install_dir = regsubst($filebeat::install_dir, '/', '\\', 'G') + $filebeat_path = join([$cmd_install_dir, 'Filebeat', 'filebeat.exe'], '\\') + + $validate_cmd = ($filebeat::disable_config_test or $skip_validation) ? { + true => undef, + default => $facts['filebeat_version'] ? { + '5' => "\"${filebeat_path}\" -N -configtest -c \"%\"", + default => "\"${filebeat_path}\" -c \"${filebeat::config_file}\" test config", + }, + } + + file { "filebeat-${name}": + ensure => $ensure, + path => "${filebeat::config_dir}/${name}.yml", + content => template("${module_name}/${input_template}"), + validate_cmd => $validate_cmd, + notify => Service['filebeat'], + require => File['filebeat.yml'], + } + } + + default : { + fail($filebeat::kernel_fail_message) + } + + } +} diff --git a/modules/utilities/unix/logging/filebeat/manifests/install/windows.pp b/modules/utilities/unix/logging/filebeat/manifests/install/windows.pp index 7b8314550..0740309bc 100644 --- a/modules/utilities/unix/logging/filebeat/manifests/install/windows.pp +++ b/modules/utilities/unix/logging/filebeat/manifests/install/windows.pp @@ -37,8 +37,20 @@ class filebeat::install::windows { proxy_server => $filebeat::proxy_address, } + # Core editions of Windows Server do not have a shell as such, so use the Shell.Application COM object doesn't work. + # Expand-Archive is a native powershell cmdlet which ships with Powershell 5, which in turn ships with Windows 10 and + # Windows Server 2016 and newer. + if ((versioncmp($::operatingsystemrelease, '2016') > 0) or (versioncmp($::operatingsystemrelease, '10') == 0)) + { + $unzip_command = "Expand-Archive ${zip_file} \"${filebeat::install_dir}\"" + } + else + { + $unzip_command = "\$sh=New-Object -COM Shell.Application;\$sh.namespace((Convert-Path '${filebeat::install_dir}')).Copyhere(\$sh.namespace((Convert-Path '${zip_file}')).items(), 16)" # lint:ignore:140chars + } + exec { "unzip ${filename}": - command => "\$sh=New-Object -COM Shell.Application;\$sh.namespace((Convert-Path '${filebeat::install_dir}')).Copyhere(\$sh.namespace((Convert-Path '${zip_file}')).items(), 16)", # lint:ignore:140chars + command => $unzip_command, creates => $version_file, require => [ File[$filebeat::install_dir], diff --git a/modules/utilities/unix/logging/filebeat/manifests/params.pp b/modules/utilities/unix/logging/filebeat/manifests/params.pp index 65b547e81..fbd6957fd 100644 --- a/modules/utilities/unix/logging/filebeat/manifests/params.pp +++ b/modules/utilities/unix/logging/filebeat/manifests/params.pp @@ -4,31 +4,35 @@ # # @summary Set a bunch of default parameters class filebeat::params { - $service_ensure = running - $service_enable = true - $spool_size = 2048 - $idle_timeout = '5s' - $publish_async = false - $shutdown_timeout = '0' - $beat_name = $::fqdn - $tags = [] - $queue_size = 1000 - $max_procs = undef - $config_file_mode = '0644' - $config_dir_mode = '0755' - $purge_conf_dir = true - $fields = {} - $fields_under_root = false - $outputs = {} - $shipper = {} - $logging = {} - $run_options = {} - $modules = [] - $kernel_fail_message = "${::kernel} is not supported by filebeat." - $osfamily_fail_message = "${::osfamily} is not supported by filebeat." - $conf_template = "${module_name}/pure_hash.yml.erb" - $disable_config_test = false - $xpack = undef + $service_ensure = running + $service_enable = true + $spool_size = 2048 + $idle_timeout = '5s' + $publish_async = false + $shutdown_timeout = '0' + $beat_name = $::fqdn + $tags = [] + $max_procs = undef + $config_file_mode = '0644' + $config_dir_mode = '0755' + $purge_conf_dir = true + $enable_conf_modules = false + $fields = {} + $fields_under_root = false + $http = {} + $cloud = {} + $outputs = {} + $shipper = {} + $logging = {} + $run_options = {} + $modules = [] + $kernel_fail_message = "${::kernel} is not supported by filebeat." + $osfamily_fail_message = "${::osfamily} is not supported by filebeat." + $conf_template = "${module_name}/pure_hash.yml.erb" + $disable_config_test = false + $xpack = undef + $systemd_override_dir = '/etc/systemd/system/filebeat.service.d' + $systemd_beat_log_opts_template = "${module_name}/systemd/logging.conf.erb" # These are irrelevant as long as the template is set based on the major_version parameter # if versioncmp('1.9.1', $::rubyversion) > 0 { @@ -43,11 +47,13 @@ class filebeat::params { case $facts['os']['family'] { 'Archlinux': { $manage_repo = false + $manage_apt = false $filebeat_path = '/usr/bin/filebeat' - $major_version = '6' + $major_version = '7' } 'OpenBSD': { $manage_repo = false + $manage_apt = false $filebeat_path = '/usr/local/bin/filebeat' # lint:ignore:only_variable_string $major_version = versioncmp('6.3', $::kernelversion) < 0 ? { @@ -58,8 +64,9 @@ class filebeat::params { } default: { $manage_repo = true + $manage_apt = true $filebeat_path = '/usr/share/filebeat/bin/filebeat' - $major_version = '6' + $major_version = '7' } } case $::kernel { @@ -71,7 +78,7 @@ class filebeat::params { $config_file_group = 'root' $config_dir_owner = 'root' $config_dir_group = 'root' - $registry_file = '/var/lib/filebeat/registry' + $modules_dir = '/etc/filebeat/modules.d' # These parameters are ignored if/until tarball installs are supported in Linux $tmp_dir = '/tmp' $install_dir = undef @@ -94,7 +101,7 @@ class filebeat::params { $config_file_group = 'wheel' $config_dir_owner = 'root' $config_dir_group = 'wheel' - $registry_file = '/var/lib/filebeat/registry' + $modules_dir = '/usr/local/etc/filebeat.modules.d' $tmp_dir = '/tmp' $service_provider = undef $install_dir = undef @@ -109,7 +116,7 @@ class filebeat::params { $config_file_group = 'wheel' $config_dir_owner = 'root' $config_dir_group = 'wheel' - $registry_file = '/var/db/filebeat/.filebeat' + $modules_dir = '/etc/filebeat/modules.d' $tmp_dir = '/tmp' $service_provider = undef $install_dir = undef @@ -117,14 +124,14 @@ class filebeat::params { } 'Windows' : { - $package_ensure = '5.6.2' + $package_ensure = '7.1.0' $config_file_owner = 'Administrator' $config_file_group = undef $config_dir_owner = 'Administrator' $config_dir_group = undef $config_file = 'C:/Program Files/Filebeat/filebeat.yml' $config_dir = 'C:/Program Files/Filebeat/conf.d' - $registry_file = 'C:/ProgramData/filebeat/registry' + $modules_dir = 'C:/Program Files/Filebeat/modules.d' $install_dir = 'C:/Program Files' $tmp_dir = 'C:/Windows/Temp' $service_provider = undef diff --git a/modules/utilities/unix/logging/filebeat/manifests/repo.pp b/modules/utilities/unix/logging/filebeat/manifests/repo.pp index 4a3ed3437..1ebd75d51 100644 --- a/modules/utilities/unix/logging/filebeat/manifests/repo.pp +++ b/modules/utilities/unix/logging/filebeat/manifests/repo.pp @@ -9,7 +9,9 @@ class filebeat::repo { case $::osfamily { 'Debian': { - include ::apt + if $::filebeat::manage_apt == true { + include ::apt + } Class['apt::update'] -> Package['filebeat'] @@ -37,8 +39,15 @@ class filebeat::repo { gpgkey => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch', priority => $::filebeat::repo_priority, enabled => 1, + notify => Exec['flush-yum-cache'], } } + + exec { 'flush-yum-cache': + command => 'yum clean all', + refreshonly => true, + path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'], + } } 'Suse': { exec { 'topbeat_suse_import_gpg': diff --git a/modules/utilities/unix/logging/filebeat/manifests/service.pp b/modules/utilities/unix/logging/filebeat/manifests/service.pp index 80afd08fd..4bc01b7c1 100644 --- a/modules/utilities/unix/logging/filebeat/manifests/service.pp +++ b/modules/utilities/unix/logging/filebeat/manifests/service.pp @@ -6,7 +6,64 @@ class filebeat::service { service { 'filebeat': ensure => $filebeat::real_service_ensure, - enable => $filebeat::service_enable, + enable => $filebeat::real_service_enable, provider => $filebeat::service_provider, } + + $major_version = $filebeat::major_version + $systemd_beat_log_opts_override = $filebeat::systemd_beat_log_opts_override + + #make sure puppet client version 6.1+ with filebeat version 7+, running on systemd + if ( versioncmp( $major_version, '7' ) >= 0 and + $::service_provider == 'systemd' ) { + + if ( versioncmp( $::clientversion, '6.1' ) >= 0 ) { + + unless $systemd_beat_log_opts_override == undef { + $ensure_overide = 'present' + } else { + $ensure_overide = 'absent' + } + + ensure_resource('file', + $filebeat::systemd_override_dir, + { + ensure => 'directory', + } + ) + + file { "${filebeat::systemd_override_dir}/logging.conf": + ensure => $ensure_overide, + content => template($filebeat::systemd_beat_log_opts_template), + require => File[$filebeat::systemd_override_dir], + notify => Service['filebeat'], + } + + } else { + + unless $systemd_beat_log_opts_override == undef { + $ensure_overide = 'present' + } else { + $ensure_overide = 'absent' + } + + if !defined(File[$filebeat::systemd_override_dir]) { + file{$filebeat::systemd_override_dir: + ensure => 'directory', + } + } + + file { "${filebeat::systemd_override_dir}/logging.conf": + ensure => $ensure_overide, + content => template($filebeat::systemd_beat_log_opts_template), + require => File[$filebeat::systemd_override_dir], + notify => Service['filebeat'], + } + + unless defined('systemd') { + warning('You\'ve specified an $systemd_beat_log_opts_override varible on a system running puppet version < 6.1 and not declared "systemd" resource See README.md for more information') # lint:ignore:140chars + } + } + } + } diff --git a/modules/utilities/unix/logging/filebeat/metadata.json b/modules/utilities/unix/logging/filebeat/metadata.json index 4d39b5bdf..f2fa1d870 100644 --- a/modules/utilities/unix/logging/filebeat/metadata.json +++ b/modules/utilities/unix/logging/filebeat/metadata.json @@ -1,6 +1,6 @@ { "name": "pcfens-filebeat", - "version": "3.2.2", + "version": "4.8.0", "author": "pcfens", "summary": "A module to install and manage the filebeat log shipper", "license": "Apache-2.0", @@ -10,22 +10,25 @@ "dependencies": [ { "name": "puppetlabs/stdlib", - "version_requirement": ">=4.13.0 <5.0.0" + "version_requirement": ">=4.13.0 < 7.0.0" }, { "name": "puppetlabs/apt", - "version_requirement": ">=2.0.0 <7.0.0" + "version_requirement": ">=2.0.0 < 8.0.0" }, { "name": "puppetlabs/powershell", - "version_requirement": ">= 1.0.1 < 3.0.0" + "version_requirement": ">= 1.0.1 < 5.0.0" }, { "name": "puppet/archive", - "version_requirement": ">= 0.5.0 < 3.0.0" + "version_requirement": ">= 0.5.0 < 5.0.0" + }, + { + "name": "puppetlabs/yumrepo_core", + "version_requirement": ">= 1.0.0 < 2.0.0" } ], - "data_provider": null, "operatingsystem_support": [ { "operatingsystem": "CentOS", @@ -77,14 +80,17 @@ "operatingsystemrelease": [ "14.04", "16.04", - "18.04" + "18.04", + "20.04" ] }, { "operatingsystem": "windows", "operatingsystemrelease": [ "2012", - "2012 R2" + "2012 R2", + "2016", + "2019" ] }, { @@ -94,7 +100,7 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">= 4.0.0 < 6.0.0" + "version_requirement": ">= 4.0.0 < 7.0.0" } ], "tags": [ @@ -103,7 +109,7 @@ "elasticsearch", "elastic" ], - "pdk-version": "1.7.0", - "template-url": "file:///opt/puppetlabs/pdk/share/cache/pdk-templates.git", - "template-ref": "1.7.0-0-g57412ed" + "pdk-version": "1.18.1", + "template-url": "pdk-default#1.18.1", + "template-ref": "tags/1.18.1-0-g3d2e75c" } diff --git a/modules/utilities/unix/logging/filebeat/templates/filebeat.yml.erb b/modules/utilities/unix/logging/filebeat/templates/filebeat.yml.erb index b063c27d4..c0c60a675 100644 --- a/modules/utilities/unix/logging/filebeat/templates/filebeat.yml.erb +++ b/modules/utilities/unix/logging/filebeat/templates/filebeat.yml.erb @@ -5,7 +5,6 @@ filebeat.spool_size: <%= @filebeat_config['filebeat']['spool_size'] %> filebeat.publish_async: <%= @filebeat_config['filebeat']['publish_async'] %> filebeat.idle_timeout: <%= @filebeat_config['filebeat']['idle_timeout'] %> <% end -%> -filebeat.registry_file: <%= @filebeat_config['filebeat']['registry_file'] %> filebeat.config_dir: <%= @filebeat_config['filebeat']['config_dir'] %> filebeat.shutdown_timeout: <%= @filebeat_config['filebeat']['shutdown_timeout'] %> diff --git a/modules/utilities/unix/logging/filebeat/templates/input.yml.erb b/modules/utilities/unix/logging/filebeat/templates/input.yml.erb new file mode 100644 index 000000000..c41e0ed12 --- /dev/null +++ b/modules/utilities/unix/logging/filebeat/templates/input.yml.erb @@ -0,0 +1,211 @@ +<%- if @pure_array -%> +<%= scope['filebeat::inputs'].to_yaml() %> +<%- else -%> +--- +- type: <%= @input_type %> + <%- if @input_type =~ /(tcp|udp)/ -%> + host: <%= @host %> + <%- if @max_message_size -%> + max_message_size: <%= @max_message_size %> + <%- end -%> + <%- elsif @input_type == 'docker' -%> + containers: + ids: + <%- @containers_ids.each do |id| -%> + - <%= id %> + <%- end -%> + path: <%= @containers_path %> + stream: <%= @containers_stream %> + combine_partial: <%= @combine_partial %> + cri.parse_flags: <%= @cri_parse_flags %> + <%- elsif @input_type == 'syslog' -%> + protocol.<%= @syslog_protocol %>: + host: <%= @syslog_host %> + <%- else -%> + paths: + <%- @paths.each do |log_path| -%> + - <%= log_path %> + <%- end -%> + <%- if @encoding -%> + encoding: <%= @encoding %> + <%- end -%> + <%- if @include_lines.length > 0 -%> + include_lines: + <%- @include_lines.each do |include_line| -%> + - '<%= include_line %>' + <%- end -%> + <%- end -%> + <%- if @exclude_lines.length > 0 -%> + exclude_lines: + <%- @exclude_lines.each do |exclude_line| -%> + - '<%= exclude_line %>' + <%- end -%> + <%- end -%> + <%- if @exclude_files.length > 0 -%> + exclude_files: + <%- @exclude_files.each do |exclude_file| -%> + - <%= exclude_file %> + <%- end -%> + <%- end -%> + <%- if @ignore_older -%> + ignore_older: <%= @ignore_older %> + <%- end -%> + <%- if @doc_type -%> + document_type: <%= @doc_type %> + <%- end -%> + <%- if @scan_frequency -%> + scan_frequency: <%= @scan_frequency %> + <%- end -%> + <%- if @harvester_buffer_size -%> + harvester_buffer_size: <%= @harvester_buffer_size %> + <%- end -%> + <%- if @max_bytes -%> + max_bytes: <%= @max_bytes %> + <%- end -%> + <%- if @symlinks -%> + symlinks: <%= @symlinks %> + <%- end -%> + <%- if @close_older -%> + close_older: <%= @close_older %> + <%- end -%> + <%- if @force_close_files -%> + force_close_files: <%= @force_close_files %> + <%- end -%> + <%- if @pipeline -%> + pipeline: <%= @pipeline %> + <%- end -%> + + <%- if @json.length > 0 -%> + ### JSON configuration + json: + # Decode JSON options. Enable this if your logs are structured in JSON. + # JSON key on which to apply the line filtering and multiline settings. This key + # must be top level and its value must be string, otherwise it is ignored. If + # no text key is defined, the line filtering and multiline features cannot be used. + <%- if @json['message_key'] != nil-%> + message_key: '<%= @json['message_key'] %>' + <%- end -%> + + # By default, the decoded JSON is placed under a "json" key in the output document. + # If you enable this setting, the keys are copied top level in the output document. + <%- if @json['keys_under_root'] != nil -%> + keys_under_root: <%= @json['keys_under_root'] %> + <%- end -%> + + # If keys_under_root and this setting are enabled, then the values from the decoded + # JSON object overwrite the fields that Filebeat normally adds (type, source, offset, etc.) + # in case of conflicts. + <%- if @json['overwrite_keys'] != nil -%> + overwrite_keys: <%= @json['overwrite_keys'] %> + <%- end -%> + + # If this setting is enabled, Filebeat adds a "json_error" key in case of JSON + # unmarshaling errors or when a text key is defined in the configuration but cannot + # be used. + <%- if @json['add_error_key'] != nil -%> + add_error_key: <%= @json['add_error_key'] %> + <%- end -%> + <%- end -%> + + <%- if @multiline.length > 0 -%> + multiline: + <%- if @multiline['pattern'] -%> + pattern: '<%= @multiline['pattern'] %>' + <%- end -%> + <%- if @multiline['negate'] -%> + negate: <%= @multiline['negate'] %> + <%- end -%> + <%- if @multiline['match'] -%> + match: <%= @multiline['match'] %> + <%- end -%> + <%- if @multiline['max_lines'] -%> + max_lines: <%= @multiline['max_lines'] %> + <%- end -%> + <%- if @multiline['timeout'] -%> + timeout: <%= @multiline['timeout'] %> + <%- end -%> + <%- end -%> + tail_files: <%= @tail_files %> + + # Experimental: If symlinks is enabled, symlinks are opened and harvested. The harvester is openening the + # original for harvesting but will report the symlink name as source. + #symlinks: false + + <%- if @backoff -%> + backoff: <%= @backoff %> + <%- end -%> + <%- if @max_backoff -%> + max_backoff: <%= @max_backoff %> + <%- end -%> + <%- if @backoff_factor -%> + backoff_factor: <%= @backoff_factor %> + <%- end -%> + + # Experimental: Max number of harvesters that are started in parallel. + # Default is 0 which means unlimited + <%- if @harvester_limit -%> + harvester_limit: <%= @harvester_limit %> + <%- end -%> + + ### Harvester closing options + + # Close inactive closes the file handler after the predefined period. + # The period starts when the last line of the file was, not the file ModTime. + # Time strings like 2h (2 hours), 5m (5 minutes) can be used. + <%- if @close_inactive -%> + close_inactive: <%= @close_inactive %> + <%- end -%> + + # Close renamed closes a file handler when the file is renamed or rotated. + # Note: Potential data loss. Make sure to read and understand the docs for this option. + close_renamed: <%= @close_renamed %> + + # When enabling this option, a file handler is closed immediately in case a file can't be found + # any more. In case the file shows up again later, harvesting will continue at the last known position + # after scan_frequency. + close_removed: <%= @close_removed %> + + # Closes the file handler as soon as the harvesters reaches the end of the file. + # By default this option is disabled. + # Note: Potential data loss. Make sure to read and understand the docs for this option. + close_eof: <%= @close_eof %> + + ### State options + + # Files for the modification data is older then clean_inactive the state from the registry is removed + # By default this is disabled. + <%- if @clean_inactive -%> + clean_inactive: <%= @clean_inactive %> + <%- end -%> + + # Removes the state for file which cannot be found on disk anymore immediately + clean_removed: <%= @clean_removed %> + + # Close timeout closes the harvester after the predefined time. + # This is independent if the harvester did finish reading the file or not. + # By default this option is disabled. + # Note: Potential data loss. Make sure to read and understand the docs for this option. + <%- if @close_timeout -%> + close_timeout: <%= @close_timeout %> + <%- end -%> + <%- end -%> + <%- # Everything below this can be applied to any input. %> + <%- # https://www.elastic.co/guide/en/beats/filebeat/current/configuration-general-options.html#configuration-general %> + <%- if @fields.length > 0 -%> + fields: + <%- @fields.each_pair do |k, v| -%> + <%= k %>: <%= v %> + <%- end -%> + <%- end -%> + fields_under_root: <%= @fields_under_root %> + <%- if @tags.length > 0 -%> + tags: + <%- @tags.each do |tag| -%> + - <%= tag %> + <%- end -%> + <%- end -%> + <%- if @processors.length > 0 -%> + processors: + <%- %><%= @processors.to_yaml.lines.drop(1).join.gsub(/^/, ' ') -%> + <%- end -%> +<%- end %> diff --git a/modules/utilities/unix/logging/filebeat/templates/prospector.yml.erb b/modules/utilities/unix/logging/filebeat/templates/prospector.yml.erb index fa3b4ccbb..bd11358a2 100644 --- a/modules/utilities/unix/logging/filebeat/templates/prospector.yml.erb +++ b/modules/utilities/unix/logging/filebeat/templates/prospector.yml.erb @@ -1,189 +1,183 @@ --- -- type: <%= @input_type %> - paths: - <%- @paths.each do |log_path| -%> - - <%= log_path %> - <%- end -%> - <%- if @encoding -%> - encoding: <%= @encoding %> - <%- end -%> - <%- if @include_lines.length > 0 -%> - include_lines: - <%- @include_lines.each do |include_line| -%> - - '<%= include_line %>' - <%- end -%> - <%- end -%> - <%- if @exclude_lines.length > 0 -%> - exclude_lines: - <%- @exclude_lines.each do |exclude_line| -%> - - '<%= exclude_line %>' - <%- end -%> - <%- end -%> - <%- if @exclude_files.length > 0 -%> - exclude_files: - <%- @exclude_files.each do |exclude_file| -%> - - <%= exclude_file %> - <%- end -%> - <%- end -%> - <%- if @fields.length > 0 -%> - fields: - <%- @fields.each_pair do |k, v| -%> - <%= k %>: <%= v %> - <%- end -%> - <%- end -%> - fields_under_root: <%= @fields_under_root %> - <%- if @tags.length > 0 -%> - tags: - <%- @tags.each do |tag| -%> - - <%= tag %> - <%- end -%> - <%- end -%> - <%- if @ignore_older -%> - ignore_older: <%= @ignore_older %> - <%- end -%> - <%- if @doc_type -%> - document_type: <%= @doc_type %> - <%- end -%> - <%- if @scan_frequency -%> - scan_frequency: <%= @scan_frequency %> - <%- end -%> - <%- if @harvester_buffer_size -%> - harvester_buffer_size: <%= @harvester_buffer_size %> - <%- end -%> - <%- if @max_bytes -%> - max_bytes: <%= @max_bytes %> - <%- end -%> - <%- if @symlinks -%> - symlinks: <%= @symlinks %> - <%- end -%> - <%- if @close_older -%> - close_older: <%= @close_older %> - <%- end -%> - <%- if @force_close_files -%> - force_close_files: <%= @force_close_files %> - <%- end -%> - <%- if @pipeline -%> - pipeline: <%= @pipeline %> - <%- end -%> - - <%- if @json.length > 0 -%> - ### JSON configuration - json: - # Decode JSON options. Enable this if your logs are structured in JSON. - # JSON key on which to apply the line filtering and multiline settings. This key - # must be top level and its value must be string, otherwise it is ignored. If - # no text key is defined, the line filtering and multiline features cannot be used. - <%- if @json['message_key'] != nil-%> - message_key: '<%= @json['message_key'] %>' +filebeat: + prospectors: + - <% if scope.function_versioncmp([scope.lookupvar('filebeat::major_version'), '6']) >= 0 %>type<% else %>input_type<% end %>: <%= @input_type %> + paths: + <%- @paths.each do |log_path| -%> + - <%= log_path %> + <%- end -%> + <%- if @encoding -%> + encoding: <%= @encoding %> + <%- end -%> + <%- if @include_lines.length > 0 -%> + include_lines: + <%- @include_lines.each do |include_line| -%> + - '<%= include_line %>' + <%- end -%> + <%- end -%> + <%- if @exclude_lines.length > 0 -%> + exclude_lines: + <%- @exclude_lines.each do |exclude_line| -%> + - '<%= exclude_line %>' + <%- end -%> + <%- end -%> + <%- if @exclude_files.length > 0 -%> + exclude_files: + <%- @exclude_files.each do |exclude_file| -%> + - <%= exclude_file %> + <%- end -%> + <%- end -%> + <%- if @fields.length > 0 -%> + fields: + <%- @fields.each_pair do |k, v| -%> + <%= k %>: <%= v %> + <%- end -%> + <%- end -%> + fields_under_root: <%= @fields_under_root %> + <%- if @tags.length > 0 -%> + tags: + <%- @tags.each do |tag| -%> + - <%= tag %> + <%- end -%> + <%- end -%> + <%- if @ignore_older -%> + ignore_older: <%= @ignore_older %> + <%- end -%> + <%- if @doc_type -%> + document_type: <%= @doc_type %> + <%- end -%> + <%- if @scan_frequency -%> + scan_frequency: <%= @scan_frequency %> + <%- end -%> + <%- if @harvester_buffer_size -%> + harvester_buffer_size: <%= @harvester_buffer_size %> + <%- end -%> + <%- if @max_bytes -%> + max_bytes: <%= @max_bytes %> + <%- end -%> + <%- if @symlinks -%> + symlinks: <%= @symlinks %> + <%- end -%> + <%- if @close_older -%> + close_older: <%= @close_older %> + <%- end -%> + <%- if @force_close_files -%> + force_close_files: <%= @force_close_files %> + <%- end -%> + <%- if @pipeline -%> + pipeline: <%= @pipeline %> <%- end -%> - # By default, the decoded JSON is placed under a "json" key in the output document. - # If you enable this setting, the keys are copied top level in the output document. - <%- if @json['keys_under_root'] != nil -%> - keys_under_root: <%= @json['keys_under_root'] %> + <%- if @json.length > 0 -%> + ### JSON configuration + json: + # Decode JSON options. Enable this if your logs are structured in JSON. + # JSON key on which to apply the line filtering and multiline settings. This key + # must be top level and its value must be string, otherwise it is ignored. If + # no text key is defined, the line filtering and multiline features cannot be used. + <%- if @json['message_key'] != nil-%> + message_key: '<%= @json['message_key'] %>' + <%- end -%> + + # By default, the decoded JSON is placed under a "json" key in the output document. + # If you enable this setting, the keys are copied top level in the output document. + <%- if @json['keys_under_root'] != nil -%> + keys_under_root: <%= @json['keys_under_root'] %> + <%- end -%> + + # If keys_under_root and this setting are enabled, then the values from the decoded + # JSON object overwrite the fields that Filebeat normally adds (type, source, offset, etc.) + # in case of conflicts. + <%- if @json['overwrite_keys'] != nil -%> + overwrite_keys: <%= @json['overwrite_keys'] %> + <%- end -%> + + # If this setting is enabled, Filebeat adds a "json_error" key in case of JSON + # unmarshaling errors or when a text key is defined in the configuration but cannot + # be used. + <%- if @json['add_error_key'] != nil -%> + add_error_key: <%= @json['add_error_key'] %> + <%- end -%> <%- end -%> - # If keys_under_root and this setting are enabled, then the values from the decoded - # JSON object overwrite the fields that Filebeat normally adds (type, source, offset, etc.) - # in case of conflicts. - <%- if @json['overwrite_keys'] != nil -%> - overwrite_keys: <%= @json['overwrite_keys'] %> + <%- if @multiline.length > 0 -%> + multiline: + <%- if @multiline['pattern'] -%> + pattern: '<%= @multiline['pattern'] %>' + <%- end -%> + <%- if @multiline['negate'] -%> + negate: <%= @multiline['negate'] %> + <%- end -%> + <%- if @multiline['match'] -%> + match: <%= @multiline['match'] %> + <%- end -%> + <%- if @multiline['max_lines'] -%> + max_lines: <%= @multiline['max_lines'] %> + <%- end -%> + <%- if @multiline['timeout'] -%> + timeout: <%= @multiline['timeout'] %> + <%- end -%> + <%- end -%> + tail_files: <%= @tail_files %> + + # Experimental: If symlinks is enabled, symlinks are opened and harvested. The harvester is openening the + # original for harvesting but will report the symlink name as source. + #symlinks: false + + <%- if @backoff -%> + backoff: <%= @backoff %> + <%- end -%> + <%- if @max_backoff -%> + max_backoff: <%= @max_backoff %> + <%- end -%> + <%- if @backoff_factor -%> + backoff_factor: <%= @backoff_factor %> <%- end -%> - # If this setting is enabled, Filebeat adds a "json_error" key in case of JSON - # unmarshaling errors or when a text key is defined in the configuration but cannot - # be used. - <%- if @json['add_error_key'] != nil -%> - add_error_key: <%= @json['add_error_key'] %> + # Experimental: Max number of harvesters that are started in parallel. + # Default is 0 which means unlimited + <%- if @harvester_limit -%> + harvester_limit: <%= @harvester_limit %> <%- end -%> - <%- end -%> - <%- if @multiline.length > 0 -%> - multiline: - <%- if @multiline['pattern'] -%> - pattern: '<%= @multiline['pattern'] %>' - <%- end -%> - <%- if @multiline['negate'] -%> - negate: <%= @multiline['negate'] %> - <%- end -%> - <%- if @multiline['match'] -%> - match: <%= @multiline['match'] %> - <%- end -%> - <%- if @multiline['max_lines'] -%> - max_lines: <%= @multiline['max_lines'] %> - <%- end -%> - <%- if @multiline['timeout'] -%> - timeout: <%= @multiline['timeout'] %> - <%- end -%> - <%- end -%> - tail_files: <%= @tail_files %> + ### Harvester closing options - # Experimental: If symlinks is enabled, symlinks are opened and harvested. The harvester is openening the - # original for harvesting but will report the symlink name as source. - #symlinks: false - - <%- if @backoff -%> - backoff: <%= @backoff %> - <%- end -%> - <%- if @max_backoff -%> - max_backoff: <%= @max_backoff %> - <%- end -%> - <%- if @backoff_factor -%> - backoff_factor: <%= @backoff_factor %> - <%- end -%> - - # Experimental: Max number of harvesters that are started in parallel. - # Default is 0 which means unlimited - #harvester_limit: 0 - - ### Harvester closing options - - # Close inactive closes the file handler after the predefined period. - # The period starts when the last line of the file was, not the file ModTime. - # Time strings like 2h (2 hours), 5m (5 minutes) can be used. - <%- if @close_inactive -%> - close_inactive: <%= @close_inactive %> - <%- end -%> - - # Close renamed closes a file handler when the file is renamed or rotated. - # Note: Potential data loss. Make sure to read and understand the docs for this option. - close_renamed: <%= @close_renamed %> - - # When enabling this option, a file handler is closed immediately in case a file can't be found - # any more. In case the file shows up again later, harvesting will continue at the last known position - # after scan_frequency. - close_removed: <%= @close_removed %> - - # Closes the file handler as soon as the harvesters reaches the end of the file. - # By default this option is disabled. - # Note: Potential data loss. Make sure to read and understand the docs for this option. - close_eof: <%= @close_eof %> - - ### State options - - # Files for the modification data is older then clean_inactive the state from the registry is removed - # By default this is disabled. - <%- if @clean_inactive -%> - clean_inactive: <%= @clean_inactive %> - <%- end -%> - - # Removes the state for file which cannot be found on disk anymore immediately - clean_removed: <%= @clean_removed %> - - # Close timeout closes the harvester after the predefined time. - # This is independent if the harvester did finish reading the file or not. - # By default this option is disabled. - # Note: Potential data loss. Make sure to read and understand the docs for this option. - <%- if @close_timeout -%> - close_timeout: <%= @close_timeout %> - <%- end -%> - <%- if @processors.length > 0 -%> - # Managing processors releated only for specified prospector - processors: - <%- @processors.each do |proc| -%> - - <%= proc.keys[0] %>: - <%- proc[proc.keys[0]].each do |k, v| -%> - <%= k %>: <%= v %> + # Close inactive closes the file handler after the predefined period. + # The period starts when the last line of the file was, not the file ModTime. + # Time strings like 2h (2 hours), 5m (5 minutes) can be used. + <%- if @close_inactive -%> + close_inactive: <%= @close_inactive %> + <%- end -%> + + # Close renamed closes a file handler when the file is renamed or rotated. + # Note: Potential data loss. Make sure to read and understand the docs for this option. + close_renamed: <%= @close_renamed %> + + # When enabling this option, a file handler is closed immediately in case a file can't be found + # any more. In case the file shows up again later, harvesting will continue at the last known position + # after scan_frequency. + close_removed: <%= @close_removed %> + + # Closes the file handler as soon as the harvesters reaches the end of the file. + # By default this option is disabled. + # Note: Potential data loss. Make sure to read and understand the docs for this option. + close_eof: <%= @close_eof %> + + ### State options + + # Files for the modification data is older then clean_inactive the state from the registry is removed + # By default this is disabled. + <%- if @clean_inactive -%> + clean_inactive: <%= @clean_inactive %> + <%- end -%> + + # Removes the state for file which cannot be found on disk anymore immediately + clean_removed: <%= @clean_removed %> + + # Close timeout closes the harvester after the predefined time. + # This is independent if the harvester did finish reading the file or not. + # By default this option is disabled. + # Note: Potential data loss. Make sure to read and understand the docs for this option. + <%- if @close_timeout -%> + close_timeout: <%= @close_timeout %> <%- end -%> - <%- end -%> - <%- end -%> diff --git a/modules/utilities/unix/logging/filebeat/templates/systemd/logging.conf.erb b/modules/utilities/unix/logging/filebeat/templates/systemd/logging.conf.erb new file mode 100644 index 000000000..42762f98a --- /dev/null +++ b/modules/utilities/unix/logging/filebeat/templates/systemd/logging.conf.erb @@ -0,0 +1,2 @@ +[Service] +Environment="BEAT_LOG_OPTS=<%= @systemd_beat_log_opts_override %>" \ No newline at end of file diff --git a/modules/utilities/unix/logging/kibana/CHANGELOG.md b/modules/utilities/unix/logging/kibana/CHANGELOG.md deleted file mode 100644 index 7ff9c5e56..000000000 --- a/modules/utilities/unix/logging/kibana/CHANGELOG.md +++ /dev/null @@ -1,109 +0,0 @@ -## 6.3.0 (June 18, 2018) - -This release deprecates Kibana 4.x, which is end-of-life. - -### Migration Guide - -* Support for 4.x has been deprecated, so consider upgrading to Kibana 5 or later before upgrading this module since only versions 5 and later are supported. -* The module defaults to the upstream package repositories, which now include X-Pack bundled by default. To preserve previous behavior which does _not_ include X-Pack, follow the `README` instructions to configure `oss`-only repositories/packages. -* Use of the `elastic_stack::repo` class for managing package repositories may mean that leftover yum/apt/etc. repositories named `kibana` may persist after upgrade. - -#### Features -* Support for 6.3 style repositories using elastic_stack module - -#### Fixes - -## 6.0.1 (March 13, 2018) - -#### Fixes -* Fixed language compatibility errors that could arise when using JRuby 1.7 on Puppet Servers. - -## 6.0.0 (November 14, 2017) - -Major version upgrade with important deprecations: - -* Puppet version 3 is no longer supported. - -The following migration guide is intended to help aid in upgrading this module. - -### Migration Guide - -#### Puppet 3.x No Longer Supported - -Puppet 4.5.0 is the new minimum required version of Puppet, which offers better safety, module metadata, and Ruby features. -Migrating from Puppet 3 to Puppet 4 is beyond the scope of this guide, but the [official upgrade documentation](https://docs.puppet.com/upgrade/upgrade_steps.html) can help. -As with any version or module upgrade, remember to restart any agents and master servers as needed. - -## 5.2.0 (November 13, 2017) - -#### Features -* Added support for service status - -## 5.1.0 (August 18, 2017) - -#### Features -* Installation via package files (`.deb`/`.rpm`) now supported. See documentation for the `package_source` parameter for usage. -* Updated puppetlabs/apt dependency to reflect support for 4.x versions. - -## 5.0.1 (July 19, 2017) - -This is a bugfix release to properly contain classes within the `kibana` class so that relationship ordering is respected correctly. - -## 5.0.0 (May 10, 2017) - -### Summary -Formally release major version 5.0 of the module. - -#### Fixes -* metadata.json dependencies now compatible with Puppet 3.x. - -## 0.3.0 (April 26, 2017) - -### Summary -This release backports support for Puppet 3.8. - -## 0.2.1 (April 10, 2017) - -### Summary -Bugfix release resolving several minor issues. - -#### Features -* Package revisions now supported for ensure values. - -#### Fixes -* The `url` parameter for 4.x plugins is now properly passed to the plugin install command. -* Nonzero plugin commmands now properly raise errors during catalog runs. -* Boolean values allowed in config hash. -* apt-transport-https package no longer managed by this module. - -## 0.2.0 (March 20, 2017) - -### Summary -Minor fixes and full 4.x support. - -#### Features -* Feature parity when managing plugins on Kibana 4.x. - -#### Fixes -* Removed potential conflict with previously-defined apt-transport-https packages. -* Permit boolean values in configuration hashes. - -## 0.1.1 (March 11, 2017) - -### Summary -Small bugfix release. - -#### Fixes -* Actually aknowledge and use the manage_repo class flag. - -## 0.1.0 (March 8, 2017) - -### Summary -Initial release. - -#### Features -* Support for installing, removing, and updating Kibana and the Kibana service. -* Plugin support. -* Initial support for version 4.x management. - -#### Fixes diff --git a/modules/utilities/unix/logging/kibana/CONTRIBUTING.md b/modules/utilities/unix/logging/kibana/CONTRIBUTING.md deleted file mode 100644 index 9e30a52b3..000000000 --- a/modules/utilities/unix/logging/kibana/CONTRIBUTING.md +++ /dev/null @@ -1,113 +0,0 @@ -# Contributing - -Thank you for considering contributing to this module! -Community contributions are greatly appreciated and eagerly accepted. -Before putting in the work to contribute to the module, please first: - -* Ensure your feature or fix hasn't already been added or fixed by searching - the GitHub issues and pull requests. -* Consider posting your concern on the - [discussion forums](https://discuss.elastic.co/c/elasticsearch) if you have - a question or support request rather than a confirmed bug or feature. - -## The Contributor License Agreement - -Please make sure you have signed the -[Contributor License Agreement](http://www.elastic.co/contributor-agreement/) -before contributing to this (or any other) Elastic-supported repository. -Note that you only need to sign the CLA once. - -## Generalized Process - -1. Fork the repo. - -2. Run the tests. We only take pull requests with passing tests, and - it's great to know that you have a clean slate. - -3. Add a test for your change. Only refactoring and documentation - changes require no new tests. If you are adding functionality - or fixing a bug, please add a test. - -4. Make the test pass. - -5. Push to your fork and submit a pull request. - -## Dependencies - -The testing and development tools have a bunch of dependencies, -all managed by [Bundler](http://bundler.io/) according to the -[Puppet support matrix](http://docs.puppetlabs.com/guides/platforms.html#ruby-versions). - -By default the tests use a baseline version of Puppet. - -If you have Ruby 2.x or want a specific version of Puppet, -you must set an environment variable such as: - - export PUPPET_VERSION="~> 3.2.0" - -Install the dependencies like so... - - bundle install - -If you want to run the acceptance tests, `docker` will need to be functional on -your development machine as well. - -## Syntax and style - -The test suite will run [Puppet Lint](http://puppet-lint.com/) and -[Puppet Syntax](https://github.com/gds-operations/puppet-syntax) to -check various syntax and style things. You can run these locally with: - - bundle exec rake lint - bundle exec rake syntax - -## Running the unit tests - -The unit test suite covers most of the code, as mentioned above please -add tests if you're adding new functionality. If you've not used -[rspec-puppet](http://rspec-puppet.com/) before then feel free to ask -about how best to test your new feature. -Running the test suite is done with: - - bundle exec rake spec - -Note also you can run the syntax, style and unit tests in one go with: - - bundle exec rake test - -### Automatically run the tests - -During development of your puppet module you might want to run your unit -tests a couple of times. -You can use the following command to automate running the unit tests on -every change made in the manifests folder. - - bundle exec guard - -## Integration tests - -The unit tests just check the code runs, not that it does exactly what -we want on a real machine. -For that we're using [Beaker](https://github.com/puppetlabs/beaker). - -Beaker fires up a new virtual machine (using Docker) and runs a series of -simple tests against it after applying the module. You can run our -Beaker tests with: - - bundle exec rake acceptance - -This will use the host described in `spec/acceptance/nodeset/default.yml` -by default. -To run against another host, you may either set the `BEAKER_set` environment -variable to the name of a host described by a `.yml` file in the `nodeset` -directory or call a rake task with that node's name. -For example, to run against CentOS 7: - - bundle exec rake beaker:centos-7-x64 - # or - BEAKER_set=centos-7-x64 bundle exec rake beaker - -If you don't want to have to recreate the virtual machine every time you -can use `BEAKER_destroy=no` and `BEAKER_provision=no`. -On the first run you will at least need `BEAKER_provision` set to yes (the -default). diff --git a/modules/utilities/unix/logging/kibana/CONTRIBUTORS b/modules/utilities/unix/logging/kibana/CONTRIBUTORS deleted file mode 100644 index 34bb3a968..000000000 --- a/modules/utilities/unix/logging/kibana/CONTRIBUTORS +++ /dev/null @@ -1,9 +0,0 @@ -The following is a list of people who have contributed ideas, code, bug -reports, or in general have helped this puppet module along its way. - -Project Owner -* Elastic (elastic) - -Contributors: -Tyler Langlois (tylerjl) -Simon Oxwell (soxwellfb) diff --git a/modules/utilities/unix/logging/kibana/Gemfile b/modules/utilities/unix/logging/kibana/Gemfile deleted file mode 100644 index de050be8a..000000000 --- a/modules/utilities/unix/logging/kibana/Gemfile +++ /dev/null @@ -1,56 +0,0 @@ -# frozen_string_literal: true - -source ENV['GEM_SOURCE'] || 'https://rubygems.org' - -group :test do - puppetversion = ENV['PUPPET_VERSION'] || '~> 4.9' - - gem 'puppet', puppetversion - gem 'rake' - - install_if(Gem::Version.new(puppetversion.split(' ').last) < Gem::Version.new(4.9)) do - gem 'semantic_puppet' - end - - gem 'infrataster' - gem 'metadata-json-lint' - gem 'puppet-strings' - gem 'puppetlabs_spec_helper', '>= 2.7.0' - gem 'rspec', '~> 3.5' - gem 'rspec-puppet', '>=2.3.0' - gem 'rspec-puppet-facts' - gem 'rspec-puppet-utils' - gem 'rspec-retry' - # Required to test against Ruby 1.9 - gem 'rubocop', '~> 0.41.2' - gem 'safe_yaml', '~> 1.0.4' - gem 'simplecov', '>= 0.11.0' - gem 'simplecov-console' - gem 'xmlrpc' - - gem 'puppet-lint-absolute_classname-check' - gem 'puppet-lint-classes_and_types_beginning_with_digits-check' - gem 'puppet-lint-leading_zero-check' - gem 'puppet-lint-param-docs' - gem 'puppet-lint-resource_reference_syntax' - gem 'puppet-lint-trailing_comma-check' - gem 'puppet-lint-unquoted_string-check' - gem 'puppet-lint-version_comparison-check' - - gem 'json_pure', '<= 2.0.1' if RUBY_VERSION < '2.0.0' -end - -group :development do - gem 'guard-bundler', require: false - gem 'guard-rake' if RUBY_VERSION >= '2.2.5' # per dependency https://rubygems.org/gems/ruby_dep - gem 'guard-rspec', require: false - gem 'puppet-blacksmith' - gem 'travis' if RUBY_VERSION >= '2.1.0' - gem 'travis-lint' if RUBY_VERSION >= '2.1.0' -end - -group :system_tests do - gem 'beaker' - gem 'beaker-puppet_install_helper', '0.6.0' - gem 'beaker-rspec' -end diff --git a/modules/utilities/unix/logging/kibana/Gemfile.lock b/modules/utilities/unix/logging/kibana/Gemfile.lock deleted file mode 100644 index 615b39d4b..000000000 --- a/modules/utilities/unix/logging/kibana/Gemfile.lock +++ /dev/null @@ -1,482 +0,0 @@ -GEM - remote: https://rubygems.org/ - specs: - CFPropertyList (2.3.6) - addressable (2.5.2) - public_suffix (>= 2.0.2, < 4.0) - ansi (1.5.0) - ast (2.4.0) - aws-sdk-v1 (1.67.0) - json (~> 1.4) - nokogiri (~> 1) - backports (3.11.2) - beaker (3.34.0) - beaker-abs (~> 0.4) - beaker-aws (~> 0.1) - beaker-docker (~> 0.1) - beaker-google (~> 0.1) - beaker-hiera (~> 0.0) - beaker-hostgenerator - beaker-openstack (~> 0.1) - beaker-puppet (~> 0.0) - beaker-vagrant (~> 0.1) - beaker-vcloud (~> 0.1) - beaker-vmpooler (~> 1.0) - beaker-vmware (~> 0.1) - hocon (~> 1.0) - in-parallel (~> 0.1) - inifile (~> 3.0) - minitar (~> 0.6) - minitest (~> 5.4) - net-scp (~> 1.2) - net-ssh (~> 4.0) - open_uri_redirections (~> 0.2.1) - pry-byebug (~> 3.4.2) - rb-readline (~> 0.5.3) - rsync (~> 1.0.9) - stringify-hash (~> 0.0) - thor (~> 0.19) - beaker-abs (0.5.0) - beaker-aws (0.4.0) - aws-sdk-v1 (~> 1.57) - stringify-hash (~> 0.0.0) - beaker-docker (0.3.2) - docker-api - stringify-hash (~> 0.0.0) - beaker-google (0.1.0) - google-api-client (~> 0.9) - stringify-hash (~> 0.0.0) - beaker-hiera (0.1.1) - stringify-hash (~> 0.0.0) - beaker-hostgenerator (1.1.10) - deep_merge (~> 1.0) - stringify-hash (~> 0.0.0) - beaker-openstack (0.2.0) - fog-openstack - stringify-hash (~> 0.0.0) - beaker-puppet (0.13.2) - in-parallel (~> 0.1) - oga - stringify-hash (~> 0.0.0) - beaker-puppet_install_helper (0.6.0) - beaker (>= 2.0) - beaker-rspec (6.2.3) - beaker (~> 3.0) - rspec (~> 3.0) - serverspec (~> 2) - specinfra (~> 2) - beaker-vagrant (0.4.0) - stringify-hash (~> 0.0.0) - beaker-vcloud (0.2.0) - beaker-vmpooler - beaker-vmware - rbvmomi (~> 1.9) - stringify-hash (~> 0.0.0) - beaker-vmpooler (1.2.0) - stringify-hash (~> 0.0.0) - beaker-vmware (0.2.0) - fission (~> 0.4) - rbvmomi (~> 1.9) - stringify-hash (~> 0.0.0) - builder (3.2.3) - byebug (9.0.6) - capybara (2.18.0) - addressable - mini_mime (>= 0.1.3) - nokogiri (>= 1.3.3) - rack (>= 1.0.0) - rack-test (>= 0.5.4) - xpath (>= 2.0, < 4.0) - cliver (0.3.2) - coderay (1.1.2) - connection_pool (2.2.1) - declarative (0.0.10) - declarative-option (0.1.0) - deep_merge (1.2.1) - diff-lcs (1.3) - docile (1.3.0) - docker-api (1.34.2) - excon (>= 0.47.0) - multi_json - domain_name (0.5.20170404) - unf (>= 0.0.5, < 1.0.0) - ethon (0.11.0) - ffi (>= 1.3.0) - excon (0.62.0) - facter (2.5.1) - facterdb (0.5.1) - facter - jgrep - faraday (0.14.0) - multipart-post (>= 1.2, < 3) - faraday_middleware (0.12.2) - faraday (>= 0.7.4, < 1.0) - fast_gettext (1.1.2) - ffi (1.9.23) - fission (0.5.0) - CFPropertyList (~> 2.2) - fog-core (1.45.0) - builder - excon (~> 0.58) - formatador (~> 0.2) - fog-json (1.0.2) - fog-core (~> 1.0) - multi_json (~> 1.10) - fog-openstack (0.1.25) - fog-core (~> 1.40) - fog-json (>= 1.0) - ipaddress (>= 0.8) - formatador (0.2.5) - gettext (3.2.9) - locale (>= 2.0.5) - text (>= 1.3.0) - gettext-setup (0.30) - fast_gettext (~> 1.1.0) - gettext (>= 3.0.2) - locale - gh (0.14.0) - addressable - backports - faraday (~> 0.8) - multi_json (~> 1.0) - net-http-persistent (>= 2.7) - net-http-pipeline - google-api-client (0.20.1) - addressable (~> 2.5, >= 2.5.1) - googleauth (>= 0.5, < 0.7.0) - httpclient (>= 2.8.1, < 3.0) - mime-types (~> 3.0) - representable (~> 3.0) - retriable (>= 2.0, < 4.0) - googleauth (0.6.2) - faraday (~> 0.12) - jwt (>= 1.4, < 3.0) - logging (~> 2.0) - memoist (~> 0.12) - multi_json (~> 1.11) - os (~> 0.9) - signet (~> 0.7) - guard (2.14.2) - formatador (>= 0.2.4) - listen (>= 2.7, < 4.0) - lumberjack (>= 1.0.12, < 2.0) - nenv (~> 0.1) - notiffany (~> 0.0) - pry (>= 0.9.12) - shellany (~> 0.0) - thor (>= 0.18.1) - guard-bundler (2.1.0) - bundler (~> 1.0) - guard (~> 2.2) - guard-compat (~> 1.1) - guard-compat (1.2.1) - guard-rake (1.0.0) - guard - rake - guard-rspec (4.7.3) - guard (~> 2.1) - guard-compat (~> 1.1) - rspec (>= 2.99.0, < 4.0) - hiera (3.4.2) - highline (1.7.10) - hirb (0.7.3) - hocon (1.2.5) - http-cookie (1.0.3) - domain_name (~> 0.5) - httpclient (2.8.3) - in-parallel (0.1.17) - infrataster (0.3.2) - capybara - faraday - faraday_middleware (>= 0.10.0) - net-ssh - net-ssh-gateway - poltergeist - rspec (>= 2.0, < 4.0) - thor - inifile (3.0.0) - ipaddress (0.8.3) - jgrep (1.5.0) - json (1.8.6) - json-schema (2.8.0) - addressable (>= 2.4) - json_pure (1.8.6) - jwt (2.1.0) - launchy (2.4.3) - addressable (~> 2.3) - listen (3.1.5) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - ruby_dep (~> 1.2) - little-plugger (1.1.4) - locale (2.1.2) - logging (2.2.2) - little-plugger (~> 1.1) - multi_json (~> 1.10) - lumberjack (1.0.13) - mcollective-client (2.12.0) - json - stomp - systemu - memoist (0.16.0) - metaclass (0.0.4) - metadata-json-lint (2.1.0) - json-schema (~> 2.8) - spdx-licenses (~> 1.0) - method_source (0.9.0) - mime-types (3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2016.0521) - mini_mime (1.0.0) - mini_portile2 (2.3.0) - minitar (0.6.1) - minitest (5.11.3) - mocha (1.5.0) - metaclass (~> 0.0.1) - multi_json (1.13.1) - multipart-post (2.0.0) - nenv (0.3.0) - net-http-persistent (3.0.0) - connection_pool (~> 2.2) - net-http-pipeline (1.0.1) - net-scp (1.2.1) - net-ssh (>= 2.6.5) - net-ssh (4.2.0) - net-ssh-gateway (2.0.0) - net-ssh (>= 4.0.0) - net-telnet (0.1.1) - netrc (0.11.0) - nokogiri (1.8.2) - mini_portile2 (~> 2.3.0) - notiffany (0.1.1) - nenv (~> 0.1) - shellany (~> 0.0) - oga (2.15) - ast - ruby-ll (~> 2.1) - open_uri_redirections (0.2.1) - os (0.9.6) - parser (2.5.1.0) - ast (~> 2.4.0) - poltergeist (1.17.0) - capybara (~> 2.1) - cliver (~> 0.3.1) - websocket-driver (>= 0.2.0) - powerpack (0.1.1) - pry (0.11.3) - coderay (~> 1.1.0) - method_source (~> 0.9.0) - pry-byebug (3.4.3) - byebug (>= 9.0, < 9.1) - pry (~> 0.10) - public_suffix (3.0.2) - puppet (4.10.10) - facter (> 2.0, < 4) - gettext-setup (>= 0.10, < 1) - hiera (>= 2.0, < 4) - json_pure (~> 1.8) - locale (~> 2.1) - puppet-blacksmith (4.1.2) - rest-client (~> 2.0) - puppet-lint (2.3.5) - puppet-lint-absolute_classname-check (0.2.5) - puppet-lint (>= 1.0, < 3.0) - puppet-lint-classes_and_types_beginning_with_digits-check (0.1.2) - puppet-lint (>= 1.0, < 3.0) - puppet-lint-leading_zero-check (0.1.1) - puppet-lint (>= 1.0, < 3.0) - puppet-lint-param-docs (1.4.2) - puppet-lint (>= 1.1, < 3.0) - puppet-lint-resource_reference_syntax (1.0.14) - puppet-lint (>= 1.0, < 3.0) - puppet-lint-trailing_comma-check (0.3.2) - puppet-lint (>= 1.0, < 3.0) - puppet-lint-unquoted_string-check (0.3.0) - puppet-lint (>= 1.0, < 3.0) - puppet-lint-version_comparison-check (0.2.1) - puppet-lint (>= 1.0, < 3.0) - puppet-strings (1.2.1) - rgen - yard (~> 0.9.5) - puppet-syntax (2.4.1) - rake - puppetlabs_spec_helper (2.7.0) - mocha (~> 1.0) - puppet-lint (~> 2.0) - puppet-syntax (~> 2.0) - rspec-puppet (~> 2.0) - pusher-client (0.6.2) - json - websocket (~> 1.0) - rack (2.0.4) - rack-test (1.0.0) - rack (>= 1.0, < 3) - rainbow (2.2.2) - rake - rake (12.3.1) - rb-fsevent (0.10.3) - rb-inotify (0.9.10) - ffi (>= 0.5.0, < 2) - rb-readline (0.5.5) - rbvmomi (1.11.7) - builder (~> 3.0) - json (>= 1.8) - nokogiri (~> 1.5) - trollop (~> 2.1) - representable (3.0.4) - declarative (< 0.1.0) - declarative-option (< 0.2.0) - uber (< 0.2.0) - rest-client (2.0.2) - http-cookie (>= 1.0.2, < 2.0) - mime-types (>= 1.16, < 4.0) - netrc (~> 0.8) - retriable (3.1.1) - rgen (0.8.2) - rspec (3.7.0) - rspec-core (~> 3.7.0) - rspec-expectations (~> 3.7.0) - rspec-mocks (~> 3.7.0) - rspec-core (3.7.1) - rspec-support (~> 3.7.0) - rspec-expectations (3.7.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-its (1.2.0) - rspec-core (>= 3.0.0) - rspec-expectations (>= 3.0.0) - rspec-mocks (3.7.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-puppet (2.6.11) - rspec - rspec-puppet-facts (1.9.0) - facter - facterdb (>= 0.5.0) - json - mcollective-client - puppet - rspec-puppet-utils (3.4.0) - mocha - puppet - puppetlabs_spec_helper - rspec - rspec-puppet - rspec-retry (0.5.7) - rspec-core (> 3.3) - rspec-support (3.7.1) - rsync (1.0.9) - rubocop (0.41.2) - parser (>= 2.3.1.1, < 3.0) - powerpack (~> 0.1) - rainbow (>= 1.99.1, < 3.0) - ruby-progressbar (~> 1.7) - unicode-display_width (~> 1.0, >= 1.0.1) - ruby-ll (2.1.2) - ansi - ast - ruby-progressbar (1.9.0) - ruby_dep (1.5.0) - safe_yaml (1.0.4) - semantic_puppet (1.0.2) - serverspec (2.41.3) - multi_json - rspec (~> 3.0) - rspec-its - specinfra (~> 2.72) - sfl (2.3) - shellany (0.0.1) - signet (0.8.1) - addressable (~> 2.3) - faraday (~> 0.9) - jwt (>= 1.5, < 3.0) - multi_json (~> 1.10) - simplecov (0.16.1) - docile (~> 1.1) - json (>= 1.8, < 3) - simplecov-html (~> 0.10.0) - simplecov-console (0.4.2) - ansi - hirb - simplecov - simplecov-html (0.10.2) - spdx-licenses (1.1.0) - specinfra (2.73.3) - net-scp - net-ssh (>= 2.7, < 5.0) - net-telnet - sfl - stomp (1.4.4) - stringify-hash (0.0.2) - systemu (2.6.5) - text (1.3.1) - thor (0.20.0) - travis (1.8.8) - backports - faraday (~> 0.9) - faraday_middleware (~> 0.9, >= 0.9.1) - gh (~> 0.13) - highline (~> 1.6) - launchy (~> 2.1) - pusher-client (~> 0.4) - typhoeus (~> 0.6, >= 0.6.8) - travis-lint (2.0.0) - json - trollop (2.1.2) - typhoeus (0.8.0) - ethon (>= 0.8.0) - uber (0.1.0) - unf (0.1.4) - unf_ext - unf_ext (0.0.7.5) - unicode-display_width (1.3.0) - websocket (1.2.5) - websocket-driver (0.7.0) - websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.3) - xmlrpc (0.3.0) - xpath (3.0.0) - nokogiri (~> 1.8) - yard (0.9.12) - -PLATFORMS - ruby - -DEPENDENCIES - beaker - beaker-puppet_install_helper (= 0.6.0) - beaker-rspec - guard-bundler - guard-rake - guard-rspec - infrataster - metadata-json-lint - puppet (~> 4.9) - puppet-blacksmith - puppet-lint-absolute_classname-check - puppet-lint-classes_and_types_beginning_with_digits-check - puppet-lint-leading_zero-check - puppet-lint-param-docs - puppet-lint-resource_reference_syntax - puppet-lint-trailing_comma-check - puppet-lint-unquoted_string-check - puppet-lint-version_comparison-check - puppet-strings - puppetlabs_spec_helper (>= 2.7.0) - rake - rspec (~> 3.5) - rspec-puppet (>= 2.3.0) - rspec-puppet-facts - rspec-puppet-utils - rspec-retry - rubocop (~> 0.41.2) - safe_yaml (~> 1.0.4) - semantic_puppet - simplecov (>= 0.11.0) - simplecov-console - travis - travis-lint - xmlrpc - -BUNDLED WITH - 1.16.1 diff --git a/modules/utilities/unix/logging/kibana/LICENSE b/modules/utilities/unix/logging/kibana/LICENSE deleted file mode 100644 index bd2e60d52..000000000 --- a/modules/utilities/unix/logging/kibana/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2012-2017 Elasticsearch - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/modules/utilities/unix/logging/kibana/Makefile b/modules/utilities/unix/logging/kibana/Makefile deleted file mode 100644 index b67f3ad00..000000000 --- a/modules/utilities/unix/logging/kibana/Makefile +++ /dev/null @@ -1,5 +0,0 @@ -.DEFAULT_GOAL := vendor/bundle - -vendor/bundle: Gemfile - bundle install --path vendor/bundle - touch vendor/bundle diff --git a/modules/utilities/unix/logging/kibana/README.markdown b/modules/utilities/unix/logging/kibana/README.markdown deleted file mode 100644 index 323b4f3fe..000000000 --- a/modules/utilities/unix/logging/kibana/README.markdown +++ /dev/null @@ -1,220 +0,0 @@ -# Kibana Puppet Module - -[![Puppet Forge Endorsed](https://img.shields.io/puppetforge/e/elastic/kibana.svg)](https://forge.puppetlabs.com/elastic/kibana) -[![Puppet Forge Version](https://img.shields.io/puppetforge/v/elastic/kibana.svg)](https://forge.puppetlabs.com/elastic/kibana) -[![Puppet Forge Downloads](https://img.shields.io/puppetforge/dt/elastic/kibana.svg)](https://forge.puppetlabs.com/elastic/kibana) -[![Build Status](https://travis-ci.org/elastic/puppet-kibana.svg?branch=master)](https://travis-ci.org/elastic/puppet-kibana) - -#### Table of Contents - -1. [Overview](#overview) -2. [Module Description - What the module does and why it is useful](#module-description) -3. [Setup - The basics of getting started with Kibana](#setup) - * [What Kibana affects](#what-kibana-affects) - * [Setup requirements](#setup-requirements) - * [Beginning with Kibana](#beginning-with-kibana) -4. [Usage - Configuration options and additional functionality](#usage) -5. [Reference - An under-the-hood peek at what the module is doing and how](#reference) -5. [Limitations - OS compatibility, etc.](#limitations) -6. [Development - Guide for contributing to the module](#development) - -## Overview - -This module manages Kibana for use with Elasticsearch. - -## Module Description - -In addition to managing the Kibana system package and service, this module also -exposes options to control the configuration file for Kibana. -Kibana plugins are also supported via a native type and provider. - -Dependencies are fairly standard (stdlib and apt for Debian-based -distributions). - -## Setup - -### What Kibana affects - -* The `kibana` system package and service -* `/etc/kibana/kibana.yml` -* `/usr/share/kibana/plugins/*` - -### Setup Requirements - -In addition to basic puppet settings (such as pluginsync), ensure that the -required dependencies for the module are met (these are listed in -`metadata.json` and listed in the Puppet Forge). - -### Beginning with kibana - -Quick start: - -```puppet -class { 'kibana' : } -``` - -## Usage - -In order to control Kibana's configuration file, use the `config` parameter: - -```puppet -class { 'kibana': - config => { - 'server.port' => '8080', - } -} -``` - -The `kibana` class also supports additional values for the `ensure` parameter -that will be passed along to the `package` resource for Kibana. -For example, to ensure the latest version of Kibana is always installed: - -```puppet -class { 'kibana': ensure => latest } -``` - -In order to explicitly ensure that version 5.2.0 of Kibana is installed: - -```puppet -class { 'kibana': ensure => '5.2.0' } -``` - -Package revisions are supported too: - -```puppet -class { 'kibana': ensure => '5.2.2-1' } -``` - -The `kibana` class also supports removal through use of `ensure => absent`: - -```puppet -class { 'kibana': ensure => absent } -``` - -### OSS Packages and Repository Management - -This module uses the [elastic/elastic_stack](https://forge.puppet.com/elastic/elastic_stack) module to manage the elastic package repositories. -In order to control which major version of package repository to manage, declare the associated repository version in the `elastic_stack::repo` class. -For example, to explicitly set the repository version to 5 instead of the default (which, at the time of this writing, is 6): - -```puppet -class { 'elastic_stack::repo': - version => 5, -} - -class { 'kibana': - ensure => latest -} -``` - -This module defaults to the upstream package repositories, which as of 6.3, includes X-Pack. In order to use the purely OSS (open source) package and repository, the appropriate `oss` flag must be set on the `elastic_stack::repo` and `kibana` classes: - -```puppet -class { 'elastic_stack::repo': - oss => true, -} - -class { 'kibana': - oss => true, -} -``` - -### Plugins - -Kibana plugins can be managed by this module. - -#### Kibana 5.x & 6.x - -In the most basic form, official plugins (provided by Elastic) can simply be -specified by name alone: - -```puppet -kibana_plugin { 'x-pack': } -``` - -The type also supports installing third-party plugins from a remote URL: - -```puppet -kibana_plugin { 'health_metric_vis': - url => 'https://github.com/DeanF/health_metric_vis/releases/download/v0.3.4/health_metric_vis-5.2.0.zip', -} -``` - -When updating plugins, it is important to specify the version of the plugin -that should be installed. -For example, the preceding block of code installed version 0.3.4 of the -`health_metric_vis` plugin. In order to update that plugin to version 0.3.5, -you could use a resource such as the following: - -```puppet -kibana_plugin { 'health_metric_vis': - url => 'https://github.com/DeanF/health_metric_vis/releases/download/v0.3.5/health_metric_vis-5.2.0.zip', - version => '0.3.5', -} -``` - -Plugins can also be removed: - -```puppet -kibana_plugin { 'x-pack': ensure => absent } -``` - -#### Kibana 4.x - -Plugin operations are similar to 6.x resources, but in keeping with the -`kibana` command-line utility, an organization and version _must_ be specified: - -```puppet -kibana_plugin { 'marvel': - version => '2.4.4', - organization => 'elasticsearch', -} -``` - -The `version` and `organization` parameters correspond to the same values for a -given plugin in the plugin's documentation, and the provider assembles the -correct name on the backend on your behalf. -For instance, the previous example will be translated to - -```shell -kibana plugin --install elasticsearch/marvel/2.4.4 -``` - -For you. -Removal through the use of `ensure => absent` is the same as for 5.x plugins. - -## Reference - -Class parameters are available in [the auto-generated documentation -pages](https://elastic.github.io/puppet-kibana/puppet_classes/kibana.html). -Autogenerated documentation for types, providers, and ruby helpers is also -available on the same documentation site. - -## Limitations - -This module is actively tested against the versions and distributions listed in -`metadata.json`. - -## Development - -See CONTRIBUTING.md with help to get started. - -### Quickstart - -Install gem dependencies: - -```shell -$ bundle install -``` - -Run the test suite (without acceptance tests): - -```shell -$ bundle exec rake test -``` - -Run acceptance tests against a platform (requires Docker): - -```shell -$ bundle exec rake beaker:centos-7-x64 -``` diff --git a/modules/utilities/unix/logging/kibana/Rakefile b/modules/utilities/unix/logging/kibana/Rakefile deleted file mode 100644 index 1f3ca3997..000000000 --- a/modules/utilities/unix/logging/kibana/Rakefile +++ /dev/null @@ -1,184 +0,0 @@ -# frozen_string_literal: true - -require 'rubygems' -require 'bundler/setup' - -require 'puppetlabs_spec_helper/rake_tasks' -require 'puppet/version' -require 'puppet-lint/tasks/puppet-lint' -require 'puppet-syntax/tasks/puppet-syntax' -require 'metadata-json-lint/rake_task' -require 'rubocop/rake_task' -require 'puppet-strings' -require 'puppet-strings/tasks' -require_relative 'spec/spec_utilities' -require 'nokogiri' -require 'open-uri' - -oss_package = ENV['OSS_PACKAGE'] and ENV['OSS_PACKAGE'] == 'true' - -def v(ver) - Gem::Version.new(ver) -end - -if v(Puppet.version) >= v('4.9') - require 'semantic_puppet' -elsif v(Puppet.version) >= v('3.6') && v(Puppet.version) < v('4.9') - require 'puppet/vendor/semantic/lib/semantic' -end - -# These gems aren't always present, for instance -# on Travis with --without development -begin - require 'puppet_blacksmith/rake_tasks' -rescue LoadError # rubocop:disable Lint/HandleExceptions -end - -exclude_paths = [ - 'coverage/**/*', - 'doc/**/*', - 'pkg/**/*', - 'vendor/**/*', - 'spec/**/*' -] - -Rake::Task[:lint].clear - -PuppetLint.configuration.relative = true -PuppetLint.configuration.disable_80chars -PuppetLint.configuration.disable_class_inherits_from_params_class -PuppetLint.configuration.disable_class_parameter_defaults -PuppetLint.configuration.fail_on_warnings = true - -PuppetLint::RakeTask.new :lint do |config| - config.ignore_paths = exclude_paths -end - -PuppetSyntax.exclude_paths = exclude_paths - -task :beaker => :spec_prep - -desc 'Run all non-acceptance rspec tests.' -RSpec::Core::RakeTask.new(:spec_unit) do |t| - t.pattern = 'spec/{classes,templates,unit}/**/*_spec.rb' -end -task :spec_unit => :spec_prep - -desc 'Run syntax, lint, and spec tests.' -task :test => [ - :lint, - :rubocop, - :validate, - :spec_unit -] - -desc 'remove outdated module fixtures' -task :spec_prune do - mods = 'spec/fixtures/modules' - fixtures = YAML.load_file '.fixtures.yml' - fixtures['fixtures']['forge_modules'].each do |mod, params| - next unless params.is_a? Hash \ - and params.key? 'ref' \ - and File.exist? "#{mods}/#{mod}" - - metadata = JSON.parse(File.read("#{mods}/#{mod}/metadata.json")) - FileUtils.rm_rf "#{mods}/#{mod}" unless metadata['version'] == params['ref'] - end -end -task :spec_prep => [:spec_prune] - -# Plumbing for snapshot tests -desc 'Run the snapshot tests' -RSpec::Core::RakeTask.new('beaker:snapshot') do |task| - task.rspec_opts = ['--color'] - task.pattern = 'spec/acceptance/tests/snapshot.rb' - - if Rake::Task.task_defined? 'artifact:snapshot:not_found' - puts 'No snapshot artifacts found, skipping snapshot tests.' - exit(0) - end -end - -beaker_node_sets.each do |node| - desc "Run the snapshot tests against the #{node} nodeset" - task "beaker:#{node}:snapshot" => %w[ - spec_prep - artifact:snapshot:deb - artifact:snapshot:rpm - ] do - ENV['BEAKER_set'] = node - Rake::Task['beaker:snapshot'].reenable - Rake::Task['beaker:snapshot'].invoke - end -end - -namespace :artifact do - desc 'Fetch specific installation artifacts' - task :fetch, [:version] do |_t, args| - [ - "https://artifacts.elastic.co/downloads/kibana/kibana-#{args[:version]}.rpm", - "https://artifacts.elastic.co/downloads/kibana/kibana-#{args[:version]}.deb" - ].each do |package| - get package, artifact(package) - end - end - - namespace :snapshot do - catalog = JSON.parse( - open('https://artifacts-api.elastic.co/v1/branches/6.x').read - )['latest'] - ENV['snapshot_version'] = catalog['version'] - - downloads = catalog['projects']['kibana']['packages'].select do |pkg, _| - pkg =~ /(?:deb|rpm)/ and (oss_package ? pkg =~ /oss/ : pkg !~ /oss/) - end.map do |package, urls| - [package.split('.').last, urls] - end.to_h - - # We end up with something like: - # { - # 'rpm' => {'url' => 'https://...', 'sha_url' => 'https://...'}, - # 'deb' => {'url' => 'https://...', 'sha_url' => 'https://...'} - # } - # Note that checksums are currently broken on the Elastic unified release - # side; once they start working we can verify them. - - if downloads.empty? - puts 'No snapshot release available; skipping snapshot download' - %w[deb rpm].each { |ext| task ext } - task 'not_found' - else - # Download snapshot files - downloads.each_pair do |extension, urls| - filename = artifact urls['url'] - checksum = artifact urls['sha_url'] - link = artifact "kibana-snapshot.#{extension}" - FileUtils.rm link if File.exist? link - - task extension => link - file link => filename do - unless File.exist?(link) and File.symlink?(link) \ - and File.readlink(link) == filename - File.delete link if File.exist? link - File.symlink File.basename(filename), link - end - end - - # file filename => checksum do - file filename do - get urls['url'], filename - end - - task checksum do - File.delete checksum if File.exist? checksum - get urls['sha_url'], checksum - end - end - end - end - - desc 'Purge fetched artifacts' - task :clean do - FileUtils.rm_rf(Dir.glob('spec/fixtures/artifacts/*')) - end -end diff --git a/modules/utilities/unix/logging/kibana/checksums.json b/modules/utilities/unix/logging/kibana/checksums.json deleted file mode 100644 index d437c0c9b..000000000 --- a/modules/utilities/unix/logging/kibana/checksums.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "CHANGELOG.md": "dabf74c43391d27f38662f6809916543", - "CONTRIBUTING.md": "f067723f28f0e55e878fe3718c5a8813", - "CONTRIBUTORS": "1a11b11df09e38865fd76b1e98d502da", - "Gemfile": "ccb152404502835c9e841f7cd8da0dbf", - "Gemfile.lock": "5ea7e1a73e1261c311fc0216088ed933", - "LICENSE": "808a3e6960574ced8e69134e5dc1e1aa", - "Makefile": "205b5c9df2923a68d651fca0e58e03fa", - "README.markdown": "d77b334ee0fb29859b3902baeb54334d", - "Rakefile": "16da8b30ac27ea6264bb27ae04677ade", - "data/common.yaml": "44c877ee62af9afa6be0d64cc08854f7", - "hiera.yaml": "00ba6ca9d1955e61441defc18d4e9b05", - "lib/puppet/provider/elastic_kibana.rb": "97e0bbbfcc21335174ab7d745731217f", - "lib/puppet/provider/kibana_plugin/kibana.rb": "f90e06422cc68c2638a3d53a97c5527e", - "lib/puppet/provider/kibana_plugin/kibana_plugin.rb": "2fa2044cdf469902b91178223b779966", - "lib/puppet/type/kibana_plugin.rb": "0531eb39689acf19a68130b9db93f0a5", - "lib/puppet_x/elastic/hash.rb": "159abda7275f5bc45f354ce4fc59cce9", - "manifests/config.pp": "b868f40424a426513c965004f59a74fd", - "manifests/init.pp": "0a4f14713322d83a8e67a12ec13d821d", - "manifests/install.pp": "14dddb6f1c7e7e9faa93881b8bb384fc", - "manifests/service.pp": "cc5cd3be78ab3ea8de4ff11ff97982eb", - "metadata.json": "e77fd61f2115401c333f9b9a0dce577c", - "templates/etc/kibana/kibana.yml.erb": "5504c33d3f079ec3f77ed1f2955956cb", - "tests/init.pp": "c9adfb8594175295d6aeb76840fb3443", - "types/status.pp": "586e69d5dd844fe93416c528ba410dcd" -} \ No newline at end of file diff --git a/modules/utilities/unix/logging/kibana/data/common.yaml b/modules/utilities/unix/logging/kibana/data/common.yaml deleted file mode 100644 index f57857ab1..000000000 --- a/modules/utilities/unix/logging/kibana/data/common.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -kibana::ensure: present -kibana::config: {} -kibana::manage_repo: true -kibana::oss: false -kibana::package_source: ~ -kibana::status: enabled diff --git a/modules/utilities/unix/logging/kibana/hiera.yaml b/modules/utilities/unix/logging/kibana/hiera.yaml deleted file mode 100644 index 0e7264c33..000000000 --- a/modules/utilities/unix/logging/kibana/hiera.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -version: 4 -datadir: data -hierarchy: - - name: "Default values" - backend: yaml - path: "common" diff --git a/modules/utilities/unix/logging/kibana/kibana.pp b/modules/utilities/unix/logging/kibana/kibana.pp deleted file mode 100644 index bf02c29cf..000000000 --- a/modules/utilities/unix/logging/kibana/kibana.pp +++ /dev/null @@ -1,15 +0,0 @@ -$secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) - -$kibana_ip = $secgen_parameters['kibana_ip'][0] -$kibana_port = 0 + $secgen_parameters['kibana_port'][0] - -$elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0] # TODO: Which IP address? how do we do this with two servers? -$elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0] # TODO: Which IP address? how do we do this with two servers? - -class { 'kibana': - config => { - 'server.host' => $kibana_ip, - 'elasticsearch.url' => "http://$elasticsearch_ip:$elasticsearch_port", - 'server.port' => $kibana_port, - } -} \ No newline at end of file diff --git a/modules/utilities/unix/logging/kibana/lib/puppet/provider/elastic_kibana.rb b/modules/utilities/unix/logging/kibana/lib/puppet/provider/elastic_kibana.rb deleted file mode 100644 index e8867024f..000000000 --- a/modules/utilities/unix/logging/kibana/lib/puppet/provider/elastic_kibana.rb +++ /dev/null @@ -1,155 +0,0 @@ -require 'json' - -# Parent class for Kibana plugin providers. -class Puppet::Provider::ElasticKibana < Puppet::Provider - class << self - attr_accessor :home_path - attr_accessor :install_args - attr_accessor :plugin_directory - attr_accessor :remove_args - attr_accessor :format_url - end - - # Formats a url for the plugin command-line argument. - # Necessary since different versions of the Kibana plugin CLI tool accept URL - # arguments in differing ways. - # - # @return [Proc] a lambda that accepts the URL and scope binding and returns - # the formatted URL. - def format_url - self.class.format_url ||= lambda { |url, _| [url] } - end - - # Discovers plugins present on the system. - # This is essentially the same way that the node code does it, so we do it - # in native ruby to speed up the process and grab arbitrary metadata from the - # plugin json (which _should_ always be present). - # - # @return [Array] array of discovered providers on the host. - def self.present_plugins - Dir[File.join(home_path, plugin_directory, '*')].select do |directory| - not File.basename(directory).start_with? '.' \ - and File.exist? File.join(directory, 'package.json') - end.map do |plugin| - j = JSON.parse(File.read(File.join(plugin, 'package.json'))) - { - :name => File.basename(plugin), - :ensure => :present, - :provider => name, - :version => j['version'] - } - end - end - - # Enforce the desired state dictated by the properties to flush from the - # provider. - # - # @return nil - def flush - if @property_flush[:ensure] == :absent - # Simply remove the plugin if it should be gone - run_plugin self.class.remove_args + [resource[:name]] - else - unless @property_flush[:version].nil? - run_plugin self.class.remove_args + [resource[:name]] - end - run_plugin self.class.install_args + plugin_url - end - - set_property_hash - end - - # Wrap the plugin command in some helper functionality to set the right - # uid/gid. - # - # @return [String] debugging command output. - def run_plugin(args) - stdout = execute([command(:plugin)] + args, :uid => 'kibana', :gid => 'kibana') - stdout.exitstatus.zero? ? debug(stdout) : raise(Puppet::Error, stdout) - end - - # Helps to format the plugin name for installation. - # That is, if we have a URL, pass it in correctly to the CLI tool. - # - # @return [Array] array of name elements suitable for use in a - # Puppet::Provider#execute call. - def plugin_url - if not resource[:url].nil? - format_url.call resource[:url], binding - elsif not resource[:organization].nil? - [[resource[:organization], resource[:name], resource[:version]].join('/')] - else - [resource[:name]] - end - end - - # The rest is normal provider boilerplate. - - # version property setter - # - # @return [String] version - def version=(new_version) - @property_flush[:version] = new_version - end - - # version property getter - # - # @return [String] version - def version - @property_hash[:version] - end - - # Sets the ensure property in the @property_flush hash. - # - # @return [Symbol] :present - def create - @property_flush[:ensure] = :present - end - - # Determine whether this resource is present on the system. - # - # @return [Boolean] - def exists? - @property_hash[:ensure] == :present - end - - # Set flushed ensure property to absent. - # - # @return [Symbol] :absent - def destroy - @property_flush[:ensure] = :absent - end - - # Repopulates the @property_hash to the on-system state for the provider. - def set_property_hash - @property_hash = self.class.present_plugins.detect do |p| - p[:name] == resource[:name] - end - end - - # Finds and returns all present resources on the host. - # - # @return [Array] array of providers - def self.instances - present_plugins.map do |plugin| - new plugin - end - end - - # Puppet prefetch boilerplate. - # - # @param resources [Hash] collection of resources extant on the system - def self.prefetch(resources) - instances.each do |prov| - if (resource = resources[prov.name]) - resource.provider = prov - end - end - end - - # Provider constructor - def initialize(value = {}) - super(value) - @property_flush = {} - end -end diff --git a/modules/utilities/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana.rb b/modules/utilities/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana.rb deleted file mode 100644 index 374b0e97c..000000000 --- a/modules/utilities/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana.rb +++ /dev/null @@ -1,15 +0,0 @@ -require 'puppet/provider/elastic_kibana' - -Puppet::Type.type(:kibana_plugin).provide( - :kibana, - :parent => Puppet::Provider::ElasticKibana, - :format_url => lambda { |url, b| [b.eval('resource[:name]'), '--url', url] }, - :home_path => File.join(%w[/ opt kibana]), - :install_args => ['plugin', '--install'], - :plugin_directory => 'installedPlugins', - :remove_args => ['plugin', '--remove'] -) do - desc 'Native command-line provider for Kibana v4 plugins.' - - commands :plugin => File.join(home_path, 'bin', 'kibana') -end diff --git a/modules/utilities/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana_plugin.rb b/modules/utilities/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana_plugin.rb deleted file mode 100644 index 60f773e94..000000000 --- a/modules/utilities/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana_plugin.rb +++ /dev/null @@ -1,14 +0,0 @@ -require 'puppet/provider/elastic_kibana' - -Puppet::Type.type(:kibana_plugin).provide( - :kibana_plugin, - :parent => Puppet::Provider::ElasticKibana, - :home_path => File.join(%w[/ usr share kibana]), - :install_args => ['install'], - :plugin_directory => 'plugins', - :remove_args => ['remove'] -) do - desc 'Native command-line provider for Kibana v5 plugins.' - - commands :plugin => File.join(home_path, 'bin', 'kibana-plugin') -end diff --git a/modules/utilities/unix/logging/kibana/lib/puppet/type/kibana_plugin.rb b/modules/utilities/unix/logging/kibana/lib/puppet/type/kibana_plugin.rb deleted file mode 100644 index 9dabdd9d3..000000000 --- a/modules/utilities/unix/logging/kibana/lib/puppet/type/kibana_plugin.rb +++ /dev/null @@ -1,36 +0,0 @@ -Puppet::Type.newtype(:kibana_plugin) do - @doc = 'Manages Kibana plugins.' - - ensurable do - desc 'Whether the plugin should be present or absent.' - - defaultvalues - defaultto :present - end - - newparam(:name, :namevar => true) do - desc 'Simple name of the Kibana plugin (not a URL or file path).' - end - - newparam(:organization) do - desc 'Plugin organization to use when installing 4.x-style plugins.' - end - - newparam(:url) do - desc 'URL to use when fetching plugin for installation.' - end - - newproperty(:version) do - desc 'Installed plugin version.' - end - - autorequire(:package) do - self[:ensure] != :absent ? 'kibana' : [] - end - - validate do - if self[:ensure] != :absent and !self[:organization].nil? and self[:version].nil? - raise Puppet::Error, 'version must be set if organization is set' - end - end -end diff --git a/modules/utilities/unix/logging/kibana/lib/puppet_x/elastic/hash.rb b/modules/utilities/unix/logging/kibana/lib/puppet_x/elastic/hash.rb deleted file mode 100644 index a9f4fc334..000000000 --- a/modules/utilities/unix/logging/kibana/lib/puppet_x/elastic/hash.rb +++ /dev/null @@ -1,73 +0,0 @@ -# Custom extensions namespace -module Puppet_X - # Elastic helpers - module Elastic - # Utility extension for consistent to_yaml behavior. - module SortedHash - # Upon extension, modify the hash appropriately to render - # sorted yaml dependent upon whichever way is supported for - # this version of Puppet/Ruby's yaml implementation. - # rubocop:disable Metrics/CyclomaticComplexity - # rubocop:disable Metrics/PerceivedComplexity - def self.extended(base) - if RUBY_VERSION >= '1.9' - # We can sort the hash in Ruby >= 1.9 by recursively - # re-inserting key/values in sorted order. Native to_yaml will - # call .each and get sorted pairs back. - tmp = base.to_a.sort - base.clear - tmp.each do |key, val| - if val.is_a? base.class - val.extend Puppet_X::Elastic::SortedHash - elsif val.is_a? Array - val.map do |elem| - if elem.is_a? base.class - elem.extend(Puppet_X::Elastic::SortedHash) - else - elem - end - end - end - base[key] = val - end - else - # Otherwise, recurse into the hash to extend all nested - # hashes with the sorted each_pair method. - # - # Ruby < 1.9 doesn't support any notion of sorted hashes, - # so we have to expressly monkey patch each_pair, which is - # called by ZAML (the yaml library used in Puppet < 4; Puppet - # >= 4 deprecates Ruby 1.8) - # - # Note that respond_to? is used here as there were weird - # problems with .class/.is_a? - base.merge! base do |_, ov, _| - if ov.respond_to? :each_pair - ov.extend Puppet_X::Elastic::SortedHash - elsif ov.is_a? Array - ov.map do |elem| - if elem.respond_to? :each_pair - elem.extend Puppet_X::Elastic::SortedHash - else - elem - end - end - else - ov - end - end - end - end - # rubocop:enable Metrics/CyclomaticComplexity - # rubocop:enable Metrics/PerceivedComplexity - - # Override each_pair with a method that yields key/values in - # sorted order. - def each_pair - keys.sort.each do |key| - yield key, self[key] - end - end - end - end -end diff --git a/modules/utilities/unix/logging/kibana/manifests/config.pp b/modules/utilities/unix/logging/kibana/manifests/config.pp deleted file mode 100644 index 2e620c1a6..000000000 --- a/modules/utilities/unix/logging/kibana/manifests/config.pp +++ /dev/null @@ -1,22 +0,0 @@ -# This class is called from kibana to configure the daemon's configuration -# file. -# It is not meant to be called directly. -# -# @author Tyler Langlois -# -class kibana::config { - - $_ensure = $::kibana::ensure ? { - 'absent' => $::kibana::ensure, - default => 'file', - } - $config = $::kibana::config - - file { '/etc/kibana/kibana.yml': - ensure => $_ensure, - content => template("${module_name}/etc/kibana/kibana.yml.erb"), - owner => 'kibana', - group => 'kibana', - mode => '0660', - } -} diff --git a/modules/utilities/unix/logging/kibana/manifests/init.pp b/modules/utilities/unix/logging/kibana/manifests/init.pp deleted file mode 100644 index 53a1c4466..000000000 --- a/modules/utilities/unix/logging/kibana/manifests/init.pp +++ /dev/null @@ -1,61 +0,0 @@ -# @summary The top-level kibana class that declares child classes for managing kibana. -# -# @example Basic installation -# class { 'kibana' : } -# -# @example Module removal -# class { 'kibana' : ensure => absent } -# -# @example Installing a specific version -# class { 'kibana' : ensure => '5.2.1' } -# -# @example Keep latest version of Kibana installed -# class { 'kibana' : ensure => 'latest' } -# -# @example Setting a configuration file value -# class { 'kibana' : config => { 'server.port' => 5602 } } -# -# @param ensure State of Kibana on the system (simple present/absent/latest -# or version number). -# @param config Hash of key-value pairs for Kibana's configuration file -# @param oss whether to manage OSS packages -# @param package_source Local path to package file for file (not repo) based installation -# @param manage_repo Whether to manage the package manager repository -# @param status Service status -# -# @author Tyler Langlois -# -class kibana ( - Variant[Enum['present', 'absent', 'latest'], Pattern[/^\d([.]\d+)*(-[\d\w]+)?$/]] $ensure, - Hash[String[1], Variant[String[1], Integer, Boolean, Array]] $config, - Boolean $manage_repo, - Boolean $oss, - Optional[String] $package_source, - Kibana::Status $status, -) { - - contain ::kibana::install - contain ::kibana::config - contain ::kibana::service - - if $manage_repo { - contain ::elastic_stack::repo - - Class['::elastic_stack::repo'] - -> Class['::kibana::install'] - } - - # Catch absent values, otherwise default to present/installed ordering - case $ensure { - 'absent': { - Class['::kibana::service'] - -> Class['::kibana::config'] - -> Class['::kibana::install'] - } - default: { - Class['::kibana::install'] - -> Class['::kibana::config'] - ~> Class['::kibana::service'] - } - } -} diff --git a/modules/utilities/unix/logging/kibana/manifests/install.pp b/modules/utilities/unix/logging/kibana/manifests/install.pp deleted file mode 100644 index e60e34473..000000000 --- a/modules/utilities/unix/logging/kibana/manifests/install.pp +++ /dev/null @@ -1,33 +0,0 @@ -# This class is called from the kibana class to manage installation. -# It is not meant to be called directly. -# -# @author Tyler Langlois -# -class kibana::install { - - if $::kibana::manage_repo { - if $facts['os']['family'] == 'Debian' { - include ::apt - Class['apt::update'] -> Package['kibana'] - } - } - - if $::kibana::package_source != undef { - case $facts['os']['family'] { - 'Debian': { Package['kibana'] { provider => 'dpkg' } } - 'RedHat': { Package['kibana'] { provider => 'rpm' } } - default: { fail("unsupported parameter 'source' set for osfamily ${facts['os']['family']}") } - } - } - - $_package_name = $::kibana::oss ? { - true => 'kibana-oss', - default => 'kibana', - } - - package { 'kibana': - ensure => $::kibana::ensure, - name => $_package_name, - source => $::kibana::package_source, - } -} diff --git a/modules/utilities/unix/logging/kibana/manifests/service.pp b/modules/utilities/unix/logging/kibana/manifests/service.pp deleted file mode 100644 index 860f513ca..000000000 --- a/modules/utilities/unix/logging/kibana/manifests/service.pp +++ /dev/null @@ -1,46 +0,0 @@ -# This class is meant to be called from kibana. -# It ensure the service is running. -# It is not meant to be called directly. -# -# @author Tyler Langlois -# -class kibana::service { - - if $::kibana::ensure != 'absent' { - case $::kibana::status { - # Stop service and disable on boot - 'disabled': { - $_ensure = false - $_enable = false - } - # Start service and enable on boot - 'enabled': { - $_ensure = true - $_enable = true - } - # Start service and disable on boot - 'running': { - $_ensure = true - $_enable = false - } - # Ignore current state and disable on boot - 'unmanaged': { - $_ensure = undef - $_enable = false - } - # Unknown status - default: { - fail('Invalid value for status') - } - } - } else { - # The package will be removed - $_ensure = false - $_enable = false - } - - service { 'kibana': - ensure => $_ensure, - enable => $_enable, - } -} diff --git a/modules/utilities/unix/logging/kibana/metadata.json b/modules/utilities/unix/logging/kibana/metadata.json deleted file mode 100644 index 240e56e30..000000000 --- a/modules/utilities/unix/logging/kibana/metadata.json +++ /dev/null @@ -1,64 +0,0 @@ -{ - "name": "elastic-kibana", - "version": "6.3.0", - "author": "elastic", - "summary": "Module for installing, configuring, and managing Kibana.", - "license": "Apache-2.0", - "source": "https://github.com/elastic/puppet-kibana", - "project_page": "https://github.com/elastic/puppet-kibana", - "issues_url": "https://github.com/elastic/puppet-kibana/issues", - "dependencies": [ - {"name":"elastic/elastic_stack","version_requirement":">= 6.1.0 < 7.0.0"}, - {"name":"puppetlabs/apt","version_requirement":">= 2.0.0 < 5.0.0"} - ], - "data_provider": "hiera", - "operatingsystem_support": [ - { - "operatingsystem": "Debian", - "operatingsystemrelease": [ - "7", - "8" - ] - }, - { - "operatingsystem": "CentOS", - "operatingsystemrelease": [ - "6", - "7" - ] - }, - { - "operatingsystem": "RedHat", - "operatingsystemrelease": [ - "6", - "7" - ] - }, - { - "operatingsystem": "Fedora", - "operatingsystemrelease": [ - "24", - "25" - ] - }, - { - "operatingsystem": "Ubuntu", - "operatingsystemrelease": [ - "14.04", - "16.04" - ] - }, - { - "operatingsystem": "Amazon", - "operatingsystemrelease": [ - "2017.03" - ] - } - ], - "requirements": [ - { - "name": "puppet", - "version_requirement": ">= 4.5.0 < 6.0.0" - } - ] -} diff --git a/modules/utilities/unix/logging/kibana/templates/etc/kibana/kibana.yml.erb b/modules/utilities/unix/logging/kibana/templates/etc/kibana/kibana.yml.erb deleted file mode 100644 index b23854709..000000000 --- a/modules/utilities/unix/logging/kibana/templates/etc/kibana/kibana.yml.erb +++ /dev/null @@ -1,7 +0,0 @@ -# File managed by Puppet. -<%= - $LOAD_PATH.unshift(File.join(File.dirname(__FILE__),'..','..','..','lib')) - require 'puppet_x/elastic/hash' - - @config.extend(Puppet_X::Elastic::SortedHash).to_yaml --%> diff --git a/modules/utilities/unix/logging/kibana/tests/init.pp b/modules/utilities/unix/logging/kibana/tests/init.pp deleted file mode 100644 index 4dbf6d4b3..000000000 --- a/modules/utilities/unix/logging/kibana/tests/init.pp +++ /dev/null @@ -1,12 +0,0 @@ -# The baseline for module testing used by Puppet Labs is that each manifest -# should have a corresponding test manifest that declares that class or defined -# type. -# -# Tests are then run by using puppet apply --noop (to check for compilation -# errors and view a log of events) or by fully applying the test in a virtual -# environment (to compare the resulting system state to the desired state). -# -# Learn more about module testing here: -# http://docs.puppetlabs.com/guides/tests_smoke.html -# -include ::kibana diff --git a/modules/utilities/unix/logging/kibana/types/status.pp b/modules/utilities/unix/logging/kibana/types/status.pp deleted file mode 100644 index c379810c8..000000000 --- a/modules/utilities/unix/logging/kibana/types/status.pp +++ /dev/null @@ -1 +0,0 @@ -type Kibana::Status = Enum['disabled', 'enabled', 'running', 'unmanaged'] diff --git a/modules/utilities/unix/logging/logstash/CHANGELOG b/modules/utilities/unix/logging/logstash/CHANGELOG deleted file mode 100644 index b79e06422..000000000 --- a/modules/utilities/unix/logging/logstash/CHANGELOG +++ /dev/null @@ -1,198 +0,0 @@ -6.1.3 - Set cwd to "/tmp" during plugin execs. - -6.1.1 - Update init system handling. - -6.1.0 - Support centralized pipeline management. - -6.0.1 - Fix explicit versions like "5.6.2-1.noarch" #353 - -6.0.0 - Puppet 3 support removed. Minimum Puppet version is now 4.6.1. - Puppet 5 supported. - Logstash 6.x (and 5.x) supported. - File permissions for config files now match those from the Logstash package. - elastic/elastic_stack module is now used to manage repositories. - Logstash multiple pipelines supported. - Config files resources accept an explicit target path. - -5.3.0 - Allow setting environment for plugin resources - -5.2.0 - Allow 'http(s):// URLs for plugin install. - -5.1.0 - Make config files be owned by root. - Allow 'file://' URLs for plugin install. - Sort lines in jvm.options for file. - -5.0.4 - Expose $logstash::home_dir - -5.0.3 - Sort startup_options to prevent triggering unneeded restarts. - -5.0.2 - Do not autmatically add ".conf" to pipeline config filesnames. - -5.0.1 - Trivial README update. - -5.0.0 - Major re-write for Logstash 5.x. - Drop support for Logstash <5.0.0. - -0.6.4 - Puppet 4 support. - -0.6.3 - Documentation updates only. Functionally identical to 0.6.2. - -0.6.2 - Allow electrical/file_concat version 1.x. - -0.6.1 - Restart service on pattern file change. - Remove dependency on external PGP server. - Fix circular dependency on plugin installation. -0.6.0 - Deprecates the logstash-contrib package. - Supports Gem-based Logstash plugins. - Not compatible with Logstash versions < 1.5.0. - -0.5.1 - Updated system tests to work with LS 1.4.1 - Increase package download timeout - Add option to use stages for the repo setup instead anchors - -0.5.0 - Move beaker testing to use docker - Large module update to work with the contrib package - Refactored rspec testing - Fix inline docs - Added Puppet 3.5.0 testing - Fix typo in group name variable ( PR #147 ) - Improve puppet module removal ( PR #149 ) - Reverted PR #149. Caused issues with package removal. - added lsbdistid = Debian to rspec facts ( PR #146 ) - match other config perms with patterns ( PR #151 ) - -0.4.3 - Lower puppetlabs-stdlib depdency from 4.0.0 to 3.2.0 - Documentation improvements ( PR #132 #137 ) - Fixed yumrepo call to include description ( PR #138 ) - Added beaker testing - Fixed bug that sometimes LS starts before all configs are processed. - Ensure java is installed before installing the package when using package_url - Fail fast when using package_url and repo config - -0.4.2 - Fix config directory for config files to be inline with the init file of the packages - Update readme ( thanks to PR #130 from phrawzty ) - Added repo management ( based on work of PR #121 from pcfens ) - -0.4.1 - ** Important Update ** - Ensure exec names are unique. This caused an issue when using the Elasticsearch Puppet module - Removed a part in the package.pp that should have been removed ( missed with the rewrite ) - Missed a few bits of the rewrite. - Updated readme to reflect reality regarding configfile define. - -0.4.0 - ** NOTE: This is a backwards compability breaking release !! ** - Large rewrite of the entire module described below - Make the core more dynamic for different service providers - Add better testing and devided into different files - Add different ways to install the package except from the repository ( puppet/http/https/ftp/file ) - Update java class to install openjdk 1.7 - Add validation of templates - Added more test scenario's - Added puppet parser validate task for added checking - Improve module removing when set to absent - Updated readme - Doc improvements by dan ( phrawzty ) - Added define for managing pattern files - Added define for managing plugins - -0.3.4 - Fixing purging of created directories ( PR #61, #64 by Kayla Green and Jason Koppe ) - Documentation fixes ( PR #65, #67 by Kristian Glass and Andreas Paul ) - Making config dir configurable ( PR #70 by Justin Lambert ) - Permit HTTP(s) for downloading logstash ( PR #71 by Phil Fenstermacher ) - Ensure user/group is passed in the debian init file - Spec cleanup ( PR #75 by Justin Lambert ) - set logstash logdir perms when using custom jar provider ( PR #74 by Justin Lambert ) - clean up installpath when updating jars ( PR #72 by Justin Lambert ) - fix wrong creates path at jar custom provider ( PR #83 by Daniel Werdermann ) - added 'in progress' for logstash version 1.2.x ( PR #87 by rtoma ) - Add small input/output examples ( PR #89 by Andreas Paul ) - Solving defaults file not being installed in some cases - http download of jar should require $jardir ( PR #90 by Max Griffiths ) - add ability to install a logstash config file ( PR #93 by Justin Lambert ) - -0.3.3 - Enable puppet 3.2.x testing - Fix issue that the config dir was missing in the init files - Fix variable access deprecation warning ( PR #56 by Richard Peng ) - -0.3.2 - Fixing issue when using jar file without multi-instance feature - Added rspec tests to cover this issue - -0.3.1 - Missed changes for enabling/disabling multi-instance feature - Adding a few spec tests for the multi-instance feature - -0.3.0 - Update defines for Logstash 1.1.12 - Adding license file - Deleted old init file removal to avoid issues. ( Issue #50 ) - Allow file owner/group to be variable ( Issue/PR #47 ) - Ensure log directory exists before starting ( PR #53 by Brian Lalor ) - Provide complete containment of the class ( PR #53 by Brian Lalor ) - Update rspec tests for new defines - -0.2.0 - Update defines for logstash 1.1.10 - New feature for plugins to automatically transfer files ( Issue #24 ) - Create correct tmp dir ( Issue #35 ) - Change file modes to be more secure ( Issue #36 ) - Update defines for better input validation ( Issue #43 ) - Adding rspec tests for plugin defines - Fix tmp dir Debian init script ( PR #44 by Dan Carley ) - -0.1.0 - Don't backup the Jar file or the symlink ( Issue #25 by Garth Kidd ) - First implementation of the multi-instance feature. This will break certain functionality. - -0.0.6 - Fix issue that the init file was overwritten - Ensure we install java first before starting logstash if enabled - -0.0.5 - Adding spec tests - Update Readme ( PR #20 by rjw1 ) - New feature to install java - -0.0.4 - Rename Redhat to RedHat for init file ( PR #12 by pkubat ) - Adding Amazon as Operating system ( PR #12 by pkubat ) - Symlinking Jar file to generic name ( PR #12 by pkubat ) - Correting symlink ( PR #14 by Jeff Wong ) - -0.0.3 - Clarify jarfile usage and validation ( PR #6 by Garth Kidd ) - Add default Debian Init script when non provided and using custom source ( PR #7 by Garth Kidd ) - Add RedHat as OS type ( PR #8 by Dan ) - Skip init script when status = unmanaged ( PR #9 by Tavis Aitken ) - Refactored the custom provider part ( With help of Garth Kidd ) - -0.0.2 - Adding a way to provide jar and init file instead of depending on a package - -0.0.1 - Initial release of the module diff --git a/modules/utilities/unix/logging/logstash/CONTRIBUTING.md b/modules/utilities/unix/logging/logstash/CONTRIBUTING.md deleted file mode 100644 index f3bbfc618..000000000 --- a/modules/utilities/unix/logging/logstash/CONTRIBUTING.md +++ /dev/null @@ -1,60 +0,0 @@ -# Contributing - -If you have a bugfix or new feature that you would like to contribute to this puppet module, please find or open an issue about it first. Talk about what you would like to do. It may be that somebody is already working on it, or that there are particular issues that you should know about before implementing the change. - -We enjoy working with contributors to get their code accepted. There are many approaches to fixing a problem and it is important to find the best approach before writing too much code. - -The process for contributing to any of the Elasticsearch repositories is similar. - -1. Sign the contributor license agreement -Please make sure you have signed the [Contributor License Agreement](http://www.elasticsearch.org/contributor-agreement/). We are not asking you to assign copyright to us, but to give us the right to distribute your code without restriction. We ask this of all contributors in order to assure our users of the origin and continuing existence of the code. You only need to sign the CLA once. - -2. Run the rspec tests and ensure it completes without errors with your changes. - -3. Rebase your changes -Update your local repository with the most recent code from the main this puppet module repository, and rebase your branch on top of the latest master branch. We prefer your changes to be squashed into a single commit. - -4. Submit a pull request -Push your local changes to your forked copy of the repository and submit a pull request. In the pull request, describe what your changes do and mention the number of the issue where discussion has taken place, eg “Closes #123″. - -Then sit back and wait. There will probably be discussion about the pull request and, if any changes are needed, we would love to work with you to get your pull request merged into this puppet module. - - -## Development Setup - -There are a few testing prerequisites to meet: - -* Ruby -* [Bundler](http://bundler.io/) -* Puppet (You should be able to run `puppet module install` -* Docker or Vagrant/Virtualbox for the acceptance tests - -You can then set up the test enviroment with: -```bash -make -``` - -## Testing - -### Unit Tests -Run the unit tests with: - -``` -make test-unit -``` - -## Acceptance Tests -Acceptance tests are implemented with Beaker, RSpec and Serverspec. - -You can run them for a particular operating system and a particular Logstash version like this: - -``` -BEAKER_set=debian-8 LOGSTASH_VERSION=1.4.5 bundle exec rake beaker -``` - -That invocation requires that you have Docker installed on your development system. -If you'd prefer to use Vagrant and Virtualbox, you can: - -``` -BEAKER_set=debian-8-vagrant LOGSTASH_VERSION=1.4.5 bundle exec rake beaker -``` diff --git a/modules/utilities/unix/logging/logstash/CONTRIBUTORS b/modules/utilities/unix/logging/logstash/CONTRIBUTORS deleted file mode 100644 index e8f7c8b48..000000000 --- a/modules/utilities/unix/logging/logstash/CONTRIBUTORS +++ /dev/null @@ -1,19 +0,0 @@ -The following is a list of people who have contributed ideas, code, bug -reports, or in general have helped this puppet module along its way. - -Project Owner -* Richard Pijnenburg (electrical) - -Contributors: -* Jordan Sissel (jordansissel) -* Dan (phrawzty) -* Garth Kidd (garthk) -* Tavis Aitken (tavisto) -* pkubat -* Jeff Wong (awole20) -* Bob (rjw1) -* Dan Carley (dcarley) -* Brian Lalor (blalor) -* Justin Lambert (jlambert) -* Richard Peng (richardpeng) -* Matthias Baur (baurmatt) diff --git a/modules/utilities/unix/logging/logstash/LICENSE b/modules/utilities/unix/logging/logstash/LICENSE deleted file mode 100644 index 0455cacdf..000000000 --- a/modules/utilities/unix/logging/logstash/LICENSE +++ /dev/null @@ -1,13 +0,0 @@ -Copyright (c) 2012-2016 Elasticsearch - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/modules/utilities/unix/logging/logstash/Makefile b/modules/utilities/unix/logging/logstash/Makefile deleted file mode 100644 index 8a9c678ec..000000000 --- a/modules/utilities/unix/logging/logstash/Makefile +++ /dev/null @@ -1,52 +0,0 @@ -# opensuse-121 \ -# sles-11sp3 \ - -default: deps lint docs - -distros = \ - centos-6 \ - centos-7 \ - debian-7 \ - debian-8 \ - opensuse-13 \ - ubuntu-1204 \ - ubuntu-1404 - -deps: bundle-install puppet-module-deps - -bundle-install: - bundle install --path .vendor - -puppet-module-deps: - for m in puppetlabs/apt puppetlabs/stdlib darin/zypprepo ; do \ - bundle exec puppet module install --target-dir spec/fixtures/modules --force $$m ; \ - done - touch spec/fixtures/manifests/site.pp - -docs: - bundle exec puppet strings - -lint: - bundle exec rake lint - bundle exec rake validate - # bundle exec rubocop spec Rakefile - -test-unit: deps lint - bundle exec rake spec_verbose - -test-acceptance: $(distros) - -$(distros): - BEAKER_set=$@ bundle exec rake beaker - -clean: - rm -f spec/fixtures/artifacts/logstash* - rm -f spec/fixtures/artifacts/puppet-enterprise* - rm -f files/*.deb - rm -f files/*.gem - rm -f files/*.rpm - rm -rf log - rm -rf package - -release: clean docs - puppet module build diff --git a/modules/utilities/unix/logging/logstash/README.md b/modules/utilities/unix/logging/logstash/README.md deleted file mode 100644 index 3df851bde..000000000 --- a/modules/utilities/unix/logging/logstash/README.md +++ /dev/null @@ -1,325 +0,0 @@ -# elastic/logstash - -A Puppet module for managing and configuring [Logstash](http://logstash.net/). - -[![Build Status](https://travis-ci.org/elastic/puppet-logstash.png?branch=master)](https://travis-ci.org/elastic/puppet-logstash) - -## Logstash Versions - -This module, "elastic/logstash" supports only Logstash 5.x and 6.x. For earlier -Logstash versions, support is provided by the legacy module -"elasticsearch/logstash". - -## Requirements - -* Puppet 4.6.1 or better. -* The [stdlib](https://forge.puppetlabs.com/puppetlabs/stdlib) module. -* Logstash itself requires Java 8. The "puppetlabs/java" module is recommended - for installing Java. This module will not install Java. - -Optional: -* The [elastic_stack](https://forge.puppetlabs.com/elastic/elastic_stack) module - when using automatic repository management. -* The [apt](https://forge.puppetlabs.com/puppetlabs/apt) (>= 2.0.0) module when - using repo management on Debian/Ubuntu. -* The [zypprepo](https://forge.puppetlabs.com/darin/zypprepo) module when using - repo management on SLES/SuSE. - -## Quick Start - -This minimum viable configuration ensures that Logstash is installed, enabled, and running: - -``` puppet -include logstash - -# You must provide a valid pipeline configuration for the service to start. -logstash::configfile { 'my_ls_config': - content => template('path/to/config.file'), -} -``` - -## Package and service options -### Choosing a Logstash minor version -``` puppet -class { 'logstash': - version => '6.0.0', -} -``` - -### Choosing a Logstash major version - -This module uses the related "elastic/elastic_stack" module to manage package -repositories. Since there is a separate repository for each major version of -the Elastic stack, if you don't want the default version (6), it's necessary -to select which version to configure, like this: -``` puppet -class { 'elastic_stack::repo': - version => 5, -} - -class { 'logstash': - version => '5.6.4', -} -``` - -### Manual repository management -You may want to manage repositories manually. You can disable -automatic repository management like this: - -``` puppet -class { 'logstash': - manage_repo => false, -} -``` - -### Using an explicit package source -Rather than use your distribution's repository system, you can specify an -explicit package to fetch and install. - -#### From an HTTP/HTTPS/FTP URL -``` puppet -class { 'logstash': - package_url => 'https://artifacts.elastic.co/downloads/logstash/logstash-5.1.1.rpm', -} -``` - -#### From a 'puppet://' URL -``` puppet -class { 'logstash': - package_url => 'puppet:///modules/my_module/logstash-5.1.1.rpm', -} -``` - -#### From a local file on the agent -``` puppet -class { 'logstash': - package_url => 'file:///tmp/logstash-5.1.1.rpm', -} -``` - -### Allow automatic point-release upgrades -``` puppet -class { 'logstash': - auto_upgrade => true, -} -``` - -### Do not run as a service -``` puppet -class { 'logstash': - status => 'disabled', -} -``` - -### Disable automatic restarts -Under normal circumstances, changing a configuration will trigger a restart of -the service. This behaviour can be disabled: -``` puppet -class { 'logstash': - restart_on_change => false, -} -``` - -### Disable and remove Logstash -``` puppet -class { 'logstash': - ensure => 'absent', -} -``` - -## Logstash config files - -### Settings - -Logstash uses several files to define settings for the service and associated -Java runtime. The settings files can be configured with class parameters. - -#### `logstash.yml` with flat keys -``` puppet -class { 'logstash': - settings => { - 'pipeline.batch.size' => 25, - 'pipeline.batch.delay' => 5, - } -} -``` - -#### `logstash.yml` with nested keys -``` puppet -class { 'logstash': - settings => { - 'pipeline' => { - 'batch' => { - 'size' => 25, - 'delay' => 5, - } - } - } -} -``` - -#### `jvm.options` -``` puppet -class { 'logstash': - jvm_options => [ - '-Xms1g', - '-Xmx1g', - ] -} -``` - -#### `startup.options` - -``` puppet -class { 'logstash': - startup_options => { - 'LS_NICE' => '10', - } -} -``` - -#### `pipelines.yml` - -``` puppet -class { 'logstash': - pipelines => [ - { - "pipeline.id" => "pipeline_one", - "path.config" => "/usr/local/etc/logstash/pipeline-1/one.conf", - }, - { - "pipeline.id" => "pipeline_two", - "path.config" => "/usr/local/etc/logstash/pipeline-2/two.conf", - } - ] -} -``` - -Note that specifying `pipelines` will automatically remove the default -`path.config` setting from `logstash.yml`, since this is incompatible with -`pipelines.yml`. - -Enabling centralized pipeline management with `xpack.management.enabled` will -also remove the default `path.config`. - -### Pipeline Configuration -Pipeline configuration files can be declared with the `logstash::configfile` -type. - -``` puppet -logstash::configfile { 'inputs': - content => template('path/to/input.conf.erb'), -} -``` -or -``` puppet -logstash::configfile { 'filters': - source => 'puppet:///path/to/filter.conf', -} -``` - -For simple cases, it's possible to provide your Logstash config as an -inline string: - -``` puppet -logstash::configfile { 'basic_ls_config': - content => 'input { heartbeat {} } output { null {} }', -} -``` - -You can also specify the exact path for the config file, which is -particularly useful with multiple pipelines: - -``` puppet -logstash::configfile { 'config_for_pipeline_two': - content => 'input { heartbeat {} } output { null {} }', - path => '/usr/local/etc/logstash/pipeline-2/two.conf', -} -``` - -If you want to use Hiera to specify your configs, include the following -create_resources call in your manifest: - -``` puppet -create_resources('logstash::configfile', hiera('my_logstash_configs')) -``` -...and then create a data structure like this in Hiera: -``` yaml ---- -my_logstash_configs: - nginx: - template: site_logstash/nginx.conf.erb - syslog: - template: site_logstash/syslog.conf.erb -``` - -In this example, templates for the config files are stored in the custom, -site-specific module "`site_logstash`". - -### Patterns -Many plugins (notably [Grok](http://logstash.net/docs/latest/filters/grok)) use *patterns*. While many are included in Logstash already, additional site-specific patterns can be managed as well. - -``` puppet -logstash::patternfile { 'extra_patterns': - source => 'puppet:///path/to/extra_pattern', -} -``` - -By default the resulting filename of the pattern will match that of the source. This can be over-ridden: -``` puppet -logstash::patternfile { 'extra_patterns_firewall': - source => 'puppet:///path/to/extra_patterns_firewall_v1', - filename => 'extra_patterns_firewall', -} -``` - -**IMPORTANT NOTE**: Using logstash::patternfile places new patterns in the correct directory, however, it does NOT cause the path to be included automatically for filters (example: grok filter). You will still need to include this path (by default, /etc/logstash/patterns/) explicitly in your configurations. - -Example: If using 'grok' in one of your configurations, you must include the pattern path in each filter like this: - -``` -# Note: this example is Logstash configuration, not a Puppet resource. -# Logstash and Puppet look very similar! -grok { - patterns_dir => "/etc/logstash/patterns/" - ... -} -``` - -## Plugin management - -### Installing by name (from RubyGems.org) -``` puppet -logstash::plugin { 'logstash-input-beats': } -``` - -### Installing from a local Gem -``` puppet -logstash::plugin { 'logstash-input-custom': - source => '/tmp/logstash-input-custom-0.1.0.gem', -} -``` - -### Installing from a 'puppet://' URL -``` puppet -logstash::plugin { 'logstash-filter-custom': - source => 'puppet:///modules/my_ls_module/logstash-filter-custom-0.1.0.gem', -} -``` - -### Installing from an 'http(s)://' URL -``` puppet -logstash::plugin { 'x-pack': - source => 'https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.3.0.zip', -} -``` - -### Controling the environment for the `logstash-plugin` command -``` puppet -logstash::plugin { 'logstash-input-websocket': - environment => 'LS_JVM_OPTS="-Xms1g -Xmx1g"', -} -``` - -## Support -Need help? Join us in [#logstash](https://webchat.freenode.net?channels=%23logstash) on Freenode IRC or on the https://discuss.elastic.co/c/logstash discussion forum. diff --git a/modules/utilities/unix/logging/logstash/Vagrantfile b/modules/utilities/unix/logging/logstash/Vagrantfile deleted file mode 100644 index 17e757059..000000000 --- a/modules/utilities/unix/logging/logstash/Vagrantfile +++ /dev/null @@ -1,29 +0,0 @@ -# This Vagrant file is provided as a convenience for development and -# exploratory testing of puppet-logstash. It's not used by the formal -# testing framwork, it's just for hacking. -# -# See `CONTRIBUTING.md` for details on formal testing. -puppet_code_root = '/etc/puppetlabs/code/environments/production' -module_root = "#{puppet_code_root}/modules/logstash" -manifest_dir = "#{puppet_code_root}/manifests" - -Vagrant.configure(2) do |config| - # config.vm.box = 'puppetlabs/debian-8.2-64-puppet' - config.vm.box = 'bento/centos-7.3' - config.vm.provider 'virtualbox' do |vm| - vm.memory = 4 * 1024 - end - - # Make the Logstash module available. - %w(manifests templates files).each do |dir| - config.vm.synced_folder(dir, "#{module_root}/#{dir}") - end - - # Map in a Puppet manifest that can be used for experiments. - config.vm.synced_folder('Vagrantfile.d/manifests', "#{puppet_code_root}/manifests") - - # Prepare a puppetserver install so we can test the module in a realistic - # way. 'puppet apply' is cool, but in reality, most people need this to work - # in a master/agent configuration. - config.vm.provision('shell', path: 'Vagrantfile.d/server.sh') -end diff --git a/modules/utilities/unix/logging/logstash/Vagrantfile.d/manifests/site.pp b/modules/utilities/unix/logging/logstash/Vagrantfile.d/manifests/site.pp deleted file mode 100644 index cca4138a9..000000000 --- a/modules/utilities/unix/logging/logstash/Vagrantfile.d/manifests/site.pp +++ /dev/null @@ -1,34 +0,0 @@ -$pipelines = [ - { - 'pipeline.id' => 'pipeline_zero', - 'path.config' => '/tmp/pipeline_zero.conf', - }, - { - 'pipeline.id' => 'pipeline_one', - 'path.config' => '/tmp/pipeline_one.conf', - }, -] - -class { 'elastic_stack::repo': - version => 6, - prerelease => false, -} - -class { 'logstash': - manage_repo => true, - version => '1:6.2.1-1', - pipelines => $pipelines, - startup_options => { 'LS_USER' => 'root' }, -} - -logstash::configfile { 'pipeline_zero': - content => 'input { heartbeat{} } output { null {} }', - path => '/tmp/pipeline_zero.conf', -} - -logstash::configfile { 'pipeline_one': - content => 'input { tcp { port => 2002 } } output { null {} }', - path => '/tmp/pipeline_one.conf', -} - -logstash::plugin { 'logstash-input-mysql': } diff --git a/modules/utilities/unix/logging/logstash/Vagrantfile.d/server.sh b/modules/utilities/unix/logging/logstash/Vagrantfile.d/server.sh deleted file mode 100644 index 69b4c8d21..000000000 --- a/modules/utilities/unix/logging/logstash/Vagrantfile.d/server.sh +++ /dev/null @@ -1,27 +0,0 @@ -set -euo pipefail - -# Install and configure puppetserver. -rpm -Uvh https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm -yum install -y puppetserver puppet-agent -ln -sf /opt/puppetlabs/bin/* /usr/bin - -# REF: https://tickets.puppetlabs.com/browse/SERVER-528 -systemctl stop puppet -systemctl stop puppetserver -rm -rf /etc/puppetlabs/puppet/ssl/private_keys/* -rm -rf /etc/puppetlabs/puppet/ssl/certs/* -echo 'autosign = true' >> /etc/puppetlabs/puppet/puppet.conf -systemctl start puppetserver - -# Puppet agent looks for the server called "puppet" by default. -# In this case, we want that to be us (the loopback address). -echo '127.0.0.1 localhost puppet' > /etc/hosts - -# Install puppet-logstash dependencies. -/opt/puppetlabs/bin/puppet module install \ - --target-dir=/etc/puppetlabs/code/environments/production/modules \ - elastic-elastic_stack - -# Install Java 8 for Logstash. -yum install -y java-1.8.0-openjdk-devel -java -version 2>&1 diff --git a/modules/utilities/unix/logging/logstash/checksums.json b/modules/utilities/unix/logging/logstash/checksums.json deleted file mode 100644 index 06f234581..000000000 --- a/modules/utilities/unix/logging/logstash/checksums.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "CHANGELOG": "cadc97c1e60d1d9ce8ba9004205e781d", - "CONTRIBUTING.md": "e165c224f5cf18e14c5bcb1d24f23d75", - "CONTRIBUTORS": "ccd05b41a94ee89f67cc20f3d3b0a6d3", - "LICENSE": "320a45413b8e94d84ec24e1084c8b5bf", - "Makefile": "90797d753ef0dfe00759c723153ccbcd", - "README.md": "05d6bbf223f63a29e49a8be0e7939456", - "Vagrantfile": "7d1ad3b3f7d66b49c12eb85cc93e9306", - "Vagrantfile.d/manifests/site.pp": "144c37c326bb5b50407bc1f4c30dcd88", - "Vagrantfile.d/server.sh": "b8e187fdeeb70d8e4948a38a37604506", - "doc/_index.html": "3f0d370c84824527bde826f00922045b", - "doc/css/common.css": "e19d0e0e1d66eae21212f0de39c4c7cf", - "doc/css/full_list.css": "e1ec5115f4678514de990e9796ce3734", - "doc/css/style.css": "1b1db11f3336690389b9d490a2ac0495", - "doc/file.README.html": "b20a25daeecf6779f99ec8c32027f2d7", - "doc/frames.html": "d5b498156ffef0d5731567ac0539d175", - "doc/index.html": "e21c5a50088b5ecf00e08a3858247e1d", - "doc/js/app.js": "054fce4b001f25f37d818ab0852036ba", - "doc/js/full_list.js": "3ce34d62498c53ac637516bf4bf2afab", - "doc/js/jquery.js": "ddb84c1587287b2df08966081ef063bf", - "doc/puppet_class_list.html": "45db721d39f2b5fb795dbf5e96ab053f", - "doc/puppet_classes/logstash.html": "0fbd8dd72b1b0ddb2964997ca4bfa099", - "doc/puppet_classes/logstash_3A_3Aconfig.html": "30ee081896c3284733b5a1ec5af293a9", - "doc/puppet_classes/logstash_3A_3Apackage.html": "5e641aa6f49b1f4e1d6536940eb7987d", - "doc/puppet_classes/logstash_3A_3Aservice.html": "e3c149b962099d750332943e13f79695", - "doc/puppet_defined_type_list.html": "e36f7ed94cec5dabb9dee27afa6e41d0", - "doc/puppet_defined_types/logstash_3A_3Aconfigfile.html": "f1b926922e15cec462406beecbd61dfc", - "doc/puppet_defined_types/logstash_3A_3Apatternfile.html": "411baf05645d11127d0ed1fefba2dd8d", - "doc/puppet_defined_types/logstash_3A_3Aplugin.html": "23285f634452c6fcb4855bf36f00a029", - "doc/top-level-namespace.html": "34672247a69df22e8b93b8ad257a5900", - "files/grok-pattern-0": "419f29f042455c0074f0b8ba544a82f8", - "files/grok-pattern-1": "bcbfca663965c78d248802492aa75f59", - "files/logstash-output-cowsay-5.0.0.zip": "4714feef2b951352fdbcf2c3093478cf", - "files/null-output.conf": "da6c9eb239e0bb8775c03cb2e1e8258e", - "manifests/config.pp": "210582722c2b2d50f0607442ddb9f952", - "manifests/configfile.pp": "c2a88c662c57c3cecac0939700c29a7c", - "manifests/init.pp": "8d78e551c2ad6419f91589d50e4d4abb", - "manifests/package/install.pp": "87dd3c706a6cb9c635ab328477dc3fc1", - "manifests/package.pp": "779d3ad4eefe1ef72cf0df3a8cacf30f", - "manifests/patternfile.pp": "12b5e2b8bc2fc3c79e02dfa9b85c6275", - "manifests/plugin.pp": "ceb28c140d7128fc81863445eb4610f3", - "manifests/service.pp": "785b5a7549976c5de34d8736c2c307ee", - "metadata.json": "c72fcb287154032de565c03360e04e6f", - "templates/configfile-template.erb": "2814d2f5ccd0556a0c5c53af4d613050", - "templates/jvm.options.erb": "01aee9a94bda5500caf76a09d4d899b9", - "templates/logstash.yml.erb": "c78e60b55e6d7259e90831ea2f3ed398", - "templates/pipelines.yml.erb": "5e68d74b7a3c8c93f841891988ac117a", - "templates/startup.options.erb": "12c180798e5b0d487f554082248dc2f2" -} \ No newline at end of file diff --git a/modules/utilities/unix/logging/logstash/doc/_index.html b/modules/utilities/unix/logging/logstash/doc/_index.html deleted file mode 100644 index 17d1f96fb..000000000 --- a/modules/utilities/unix/logging/logstash/doc/_index.html +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - Documentation by YARD 0.9.13 - - - - - - - - - - - - - - - - - -
- -
-
- -
- - -

Documentation by YARD 0.9.13

-
-

Alphabetic Index

- -

Puppet Class Listing A-Z

- - - - - - -
- - - - -
- - -

Defined Type Listing A-Z

- - - - - - -
- - - - -
- - - - - - - -

File Listing

- - -
- - -
- -
- - - -
- - \ No newline at end of file diff --git a/modules/utilities/unix/logging/logstash/doc/css/common.css b/modules/utilities/unix/logging/logstash/doc/css/common.css deleted file mode 100644 index d28b0936e..000000000 --- a/modules/utilities/unix/logging/logstash/doc/css/common.css +++ /dev/null @@ -1,8 +0,0 @@ -/* Ensure the search bar doesn't overlap with links */ -.fixed_header { - padding-bottom: 25px; -} - -#full_list { - padding-top: 15px; -} diff --git a/modules/utilities/unix/logging/logstash/doc/css/full_list.css b/modules/utilities/unix/logging/logstash/doc/css/full_list.css deleted file mode 100644 index fa3598242..000000000 --- a/modules/utilities/unix/logging/logstash/doc/css/full_list.css +++ /dev/null @@ -1,58 +0,0 @@ -body { - margin: 0; - font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif; - font-size: 13px; - height: 101%; - overflow-x: hidden; - background: #fafafa; -} - -h1 { padding: 12px 10px; padding-bottom: 0; margin: 0; font-size: 1.4em; } -.clear { clear: both; } -.fixed_header { position: fixed; background: #fff; width: 100%; padding-bottom: 10px; margin-top: 0; top: 0; z-index: 9999; height: 70px; } -#search { position: absolute; right: 5px; top: 9px; padding-left: 24px; } -#content.insearch #search, #content.insearch #noresults { background: url(data:image/gif;base64,R0lGODlhEAAQAPYAAP///wAAAPr6+pKSkoiIiO7u7sjIyNjY2J6engAAAI6OjsbGxjIyMlJSUuzs7KamppSUlPLy8oKCghwcHLKysqSkpJqamvT09Pj4+KioqM7OzkRERAwMDGBgYN7e3ujo6Ly8vCoqKjY2NkZGRtTU1MTExDw8PE5OTj4+PkhISNDQ0MrKylpaWrS0tOrq6nBwcKysrLi4uLq6ul5eXlxcXGJiYoaGhuDg4H5+fvz8/KKiohgYGCwsLFZWVgQEBFBQUMzMzDg4OFhYWBoaGvDw8NbW1pycnOLi4ubm5kBAQKqqqiQkJCAgIK6urnJyckpKSjQ0NGpqatLS0sDAwCYmJnx8fEJCQlRUVAoKCggICLCwsOTk5ExMTPb29ra2tmZmZmhoaNzc3KCgoBISEiIiIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh/hpDcmVhdGVkIHdpdGggYWpheGxvYWQuaW5mbwAh+QQJCAAAACwAAAAAEAAQAAAHaIAAgoMgIiYlg4kACxIaACEJCSiKggYMCRselwkpghGJBJEcFgsjJyoAGBmfggcNEx0flBiKDhQFlIoCCA+5lAORFb4AJIihCRbDxQAFChAXw9HSqb60iREZ1omqrIPdJCTe0SWI09GBACH5BAkIAAAALAAAAAAQABAAAAdrgACCgwc0NTeDiYozCQkvOTo9GTmDKy8aFy+NOBA7CTswgywJDTIuEjYFIY0JNYMtKTEFiRU8Pjwygy4ws4owPyCKwsMAJSTEgiQlgsbIAMrO0dKDGMTViREZ14kYGRGK38nHguHEJcvTyIEAIfkECQgAAAAsAAAAABAAEAAAB2iAAIKDAggPg4iJAAMJCRUAJRIqiRGCBI0WQEEJJkWDERkYAAUKEBc4Po1GiKKJHkJDNEeKig4URLS0ICImJZAkuQAhjSi/wQyNKcGDCyMnk8u5rYrTgqDVghgZlYjcACTA1sslvtHRgQAh+QQJCAAAACwAAAAAEAAQAAAHZ4AAgoOEhYaCJSWHgxGDJCQARAtOUoQRGRiFD0kJUYWZhUhKT1OLhR8wBaaFBzQ1NwAlkIszCQkvsbOHL7Y4q4IuEjaqq0ZQD5+GEEsJTDCMmIUhtgk1lo6QFUwJVDKLiYJNUd6/hoEAIfkECQgAAAAsAAAAABAAEAAAB2iAAIKDhIWGgiUlh4MRgyQkjIURGRiGGBmNhJWHm4uen4ICCA+IkIsDCQkVACWmhwSpFqAABQoQF6ALTkWFnYMrVlhWvIKTlSAiJiVVPqlGhJkhqShHV1lCW4cMqSkAR1ofiwsjJyqGgQAh+QQJCAAAACwAAAAAEAAQAAAHZ4AAgoOEhYaCJSWHgxGDJCSMhREZGIYYGY2ElYebi56fhyWQniSKAKKfpaCLFlAPhl0gXYNGEwkhGYREUywag1wJwSkHNDU3D0kJYIMZQwk8MjPBLx9eXwuETVEyAC/BOKsuEjYFhoEAIfkECQgAAAAsAAAAABAAEAAAB2eAAIKDhIWGgiUlh4MRgyQkjIURGRiGGBmNhJWHm4ueICImip6CIQkJKJ4kigynKaqKCyMnKqSEK05StgAGQRxPYZaENqccFgIID4KXmQBhXFkzDgOnFYLNgltaSAAEpxa7BQoQF4aBACH5BAkIAAAALAAAAAAQABAAAAdogACCg4SFggJiPUqCJSWGgkZjCUwZACQkgxGEXAmdT4UYGZqCGWQ+IjKGGIUwPzGPhAc0NTewhDOdL7Ykji+dOLuOLhI2BbaFETICx4MlQitdqoUsCQ2vhKGjglNfU0SWmILaj43M5oEAOwAAAAAAAAAAAA==) no-repeat center left; } -#full_list { padding: 0; list-style: none; margin-left: 0; margin-top: 80px; font-size: 1.1em; } -#full_list ul { padding: 0; } -#full_list li { padding: 0; margin: 0; list-style: none; } -#full_list li .item { padding: 5px 5px 5px 12px; } -#noresults { padding: 7px 12px; background: #fff; } -#content.insearch #noresults { margin-left: 7px; } -li.collapsed ul { display: none; } -li a.toggle { cursor: default; position: relative; left: -5px; top: 4px; text-indent: -999px; width: 10px; height: 9px; margin-left: -10px; display: block; float: left; background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAASCAYAAABb0P4QAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAK8AAACvABQqw0mAAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIENTM5jWRgMAAAAVdEVYdENyZWF0aW9uIFRpbWUAMy8xNC8wOeNZPpQAAAE2SURBVDiNrZTBccIwEEXfelIAHUA6CZ24BGaWO+FuzZAK4k6gg5QAdGAq+Bxs2Yqx7BzyL7Llp/VfzZeQhCTc/ezuGzKKnKSzpCxXJM8fwNXda3df5RZETlIt6YUzSQDs93sl8w3wBZxCCE10GM1OcWbWjB2mWgEH4Mfdyxm3PSepBHibgQE2wLe7r4HjEidpnXMYdQPKEMJcsZ4zs2POYQOcaPfwMVOo58zsAdMt18BuoVDPxUJRacELbXv3hUIX2vYmOUvi8C8ydz/ThjXrqKqqLbDIAdsCKBd+Wo7GWa7o9qzOQHVVVXeAbs+yHHCH4aTsaCOQqunmUy1yBUAXkdMIfMlgF5EXLo2OpV/c/Up7jG4hhHcYLgWzAZXUc2b2ixsfvc/RmNNfOXD3Q/oeL9axJE1yT9IOoUu6MGUkAAAAAElFTkSuQmCC) no-repeat bottom left; } -li.collapsed a.toggle { opacity: 0.5; cursor: default; background-position: top left; } -li { color: #888; cursor: pointer; } -li.deprecated { text-decoration: line-through; font-style: italic; } -li.odd { background: #f0f0f0; } -li.even { background: #fafafa; } -.item:hover { background: #ddd; } -li small:before { content: "("; } -li small:after { content: ")"; } -li small.search_info { display: none; } -a, a:visited { text-decoration: none; color: #05a; } -li.clicked > .item { background: #05a; color: #ccc; } -li.clicked > .item a, li.clicked > .item a:visited { color: #eee; } -li.clicked > .item a.toggle { opacity: 0.5; background-position: bottom right; } -li.collapsed.clicked a.toggle { background-position: top right; } -#search input { border: 1px solid #bbb; border-radius: 3px; } -#full_list_nav { margin-left: 10px; font-size: 0.9em; display: block; color: #aaa; } -#full_list_nav a, #nav a:visited { color: #358; } -#full_list_nav a:hover { background: transparent; color: #5af; } -#full_list_nav span:after { content: ' | '; } -#full_list_nav span:last-child:after { content: ''; } - -#content h1 { margin-top: 0; } -li { white-space: nowrap; cursor: normal; } -li small { display: block; font-size: 0.8em; } -li small:before { content: ""; } -li small:after { content: ""; } -li small.search_info { display: none; } -#search { width: 170px; position: static; margin: 3px; margin-left: 10px; font-size: 0.9em; color: #888; padding-left: 0; padding-right: 24px; } -#content.insearch #search { background-position: center right; } -#search input { width: 110px; } - -#full_list.insearch ul { display: block; } -#full_list.insearch .item { display: none; } -#full_list.insearch .found { display: block; padding-left: 11px !important; } -#full_list.insearch li a.toggle { display: none; } -#full_list.insearch li small.search_info { display: block; } diff --git a/modules/utilities/unix/logging/logstash/doc/css/style.css b/modules/utilities/unix/logging/logstash/doc/css/style.css deleted file mode 100644 index 0bf7e2c73..000000000 --- a/modules/utilities/unix/logging/logstash/doc/css/style.css +++ /dev/null @@ -1,496 +0,0 @@ -html { - width: 100%; - height: 100%; -} -body { - font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif; - font-size: 13px; - width: 100%; - margin: 0; - padding: 0; - display: flex; - display: -webkit-flex; - display: -ms-flexbox; -} - -#nav { - position: relative; - width: 100%; - height: 100%; - border: 0; - border-right: 1px dotted #eee; - overflow: auto; -} -.nav_wrap { - margin: 0; - padding: 0; - width: 20%; - height: 100%; - position: relative; - display: flex; - display: -webkit-flex; - display: -ms-flexbox; - flex-shrink: 0; - -webkit-flex-shrink: 0; - -ms-flex: 1 0; -} -#resizer { - position: absolute; - right: -5px; - top: 0; - width: 10px; - height: 100%; - cursor: col-resize; - z-index: 9999; -} -#main { - flex: 5 1; - -webkit-flex: 5 1; - -ms-flex: 5 1; - outline: none; - position: relative; - background: #fff; - padding: 1.2em; - padding-top: 0.2em; -} - -@media (max-width: 920px) { - .nav_wrap { width: 100%; top: 0; right: 0; overflow: visible; position: absolute; } - #resizer { display: none; } - #nav { - z-index: 9999; - background: #fff; - display: none; - position: absolute; - top: 40px; - right: 12px; - width: 500px; - max-width: 80%; - height: 80%; - overflow-y: scroll; - border: 1px solid #999; - border-collapse: collapse; - box-shadow: -7px 5px 25px #aaa; - border-radius: 2px; - } -} - -@media (min-width: 920px) { - body { height: 100%; overflow: hidden; } - #main { height: 100%; overflow: auto; } - #search { display: none; } -} - -#main img { max-width: 100%; } -h1 { font-size: 25px; margin: 1em 0 0.5em; padding-top: 4px; border-top: 1px dotted #d5d5d5; } -h1.noborder { border-top: 0px; margin-top: 0; padding-top: 4px; } -h1.title { margin-bottom: 10px; } -h1.alphaindex { margin-top: 0; font-size: 22px; } -h2 { - padding: 0; - padding-bottom: 3px; - border-bottom: 1px #aaa solid; - font-size: 1.4em; - margin: 1.8em 0 0.5em; - position: relative; -} -h2 small { font-weight: normal; font-size: 0.7em; display: inline; position: absolute; right: 0; } -h2 small a { - display: block; - height: 20px; - border: 1px solid #aaa; - border-bottom: 0; - border-top-left-radius: 5px; - background: #f8f8f8; - position: relative; - padding: 2px 7px; -} -.clear { clear: both; } -.inline { display: inline; } -.inline p:first-child { display: inline; } -.docstring, .tags, #filecontents { font-size: 15px; line-height: 1.5145em; } -.docstring p > code, .docstring p > tt, .tags p > code, .tags p > tt { - color: #c7254e; background: #f9f2f4; padding: 2px 4px; font-size: 1em; - border-radius: 4px; -} -.docstring h1, .docstring h2, .docstring h3, .docstring h4 { padding: 0; border: 0; border-bottom: 1px dotted #bbb; } -.docstring h1 { font-size: 1.2em; } -.docstring h2 { font-size: 1.1em; } -.docstring h3, .docstring h4 { font-size: 1em; border-bottom: 0; padding-top: 10px; } -.summary_desc .object_link a, .docstring .object_link a { - font-family: monospace; font-size: 1.05em; - color: #05a; background: #EDF4FA; padding: 2px 4px; font-size: 1em; - border-radius: 4px; -} -.rdoc-term { padding-right: 25px; font-weight: bold; } -.rdoc-list p { margin: 0; padding: 0; margin-bottom: 4px; } -.summary_desc pre.code .object_link a, .docstring pre.code .object_link a { - padding: 0px; background: inherit; color: inherit; border-radius: inherit; -} - -/* style for */ -#filecontents table, .docstring table { border-collapse: collapse; } -#filecontents table th, #filecontents table td, -.docstring table th, .docstring table td { border: 1px solid #ccc; padding: 8px; padding-right: 17px; } -#filecontents table tr:nth-child(odd), -.docstring table tr:nth-child(odd) { background: #eee; } -#filecontents table tr:nth-child(even), -.docstring table tr:nth-child(even) { background: #fff; } -#filecontents table th, .docstring table th { background: #fff; } - -/* style for
    */ -#filecontents li > p, .docstring li > p { margin: 0px; } -#filecontents ul, .docstring ul { padding-left: 20px; } -/* style for
    */ -#filecontents dl, .docstring dl { border: 1px solid #ccc; } -#filecontents dt, .docstring dt { background: #ddd; font-weight: bold; padding: 3px 5px; } -#filecontents dd, .docstring dd { padding: 5px 0px; margin-left: 18px; } -#filecontents dd > p, .docstring dd > p { margin: 0px; } - -.note { - color: #222; - margin: 20px 0; - padding: 10px; - border: 1px solid #eee; - border-radius: 3px; - display: block; -} -.docstring .note { - border-left-color: #ccc; - border-left-width: 5px; -} -.note.todo { background: #ffffc5; border-color: #ececaa; } -.note.returns_void { background: #efefef; } -.note.deprecated { background: #ffe5e5; border-color: #e9dada; } -.note.title.deprecated { background: #ffe5e5; border-color: #e9dada; } -.note.private { background: #ffffc5; border-color: #ececaa; } -.note.title { padding: 3px 6px; font-size: 0.9em; font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif; display: inline; } -.summary_signature + .note.title { margin-left: 7px; } -h1 .note.title { font-size: 0.5em; font-weight: normal; padding: 3px 5px; position: relative; top: -3px; text-transform: capitalize; } -.note.title { background: #efefef; } -.note.title.constructor { color: #fff; background: #6a98d6; border-color: #6689d6; } -.note.title.writeonly { color: #fff; background: #45a638; border-color: #2da31d; } -.note.title.readonly { color: #fff; background: #6a98d6; border-color: #6689d6; } -.note.title.private { background: #d5d5d5; border-color: #c5c5c5; } -.note.title.not_defined_here { background: transparent; border: none; font-style: italic; } -.discussion .note { margin-top: 6px; } -.discussion .note:first-child { margin-top: 0; } - -h3.inherited { - font-style: italic; - font-family: "Lucida Sans", "Lucida Grande", Verdana, Arial, sans-serif; - font-weight: normal; - padding: 0; - margin: 0; - margin-top: 12px; - margin-bottom: 3px; - font-size: 13px; -} -p.inherited { - padding: 0; - margin: 0; - margin-left: 25px; -} - -.box_info dl { - margin: 0; - border: 0; - width: 100%; - font-size: 1em; - display: flex; - display: -webkit-flex; - display: -ms-flexbox; -} -.box_info dl dt { - flex-shrink: 0; - -webkit-flex-shrink: 1; - -ms-flex-shrink: 1; - width: 100px; - text-align: right; - font-weight: bold; - border: 1px solid #aaa; - border-width: 1px 0px 0px 1px; - padding: 6px 0; - padding-right: 10px; -} -.box_info dl dd { - flex-grow: 1; - -webkit-flex-grow: 1; - -ms-flex: 1; - max-width: 420px; - padding: 6px 0; - padding-right: 20px; - border: 1px solid #aaa; - border-width: 1px 1px 0 0; - overflow: hidden; - position: relative; -} -.box_info dl:last-child > * { - border-bottom: 1px solid #aaa; -} -.box_info dl:nth-child(odd) > * { background: #eee; } -.box_info dl:nth-child(even) > * { background: #fff; } -.box_info dl > * { margin: 0; } - -ul.toplevel { list-style: none; padding-left: 0; font-size: 1.1em; } -.index_inline_list { padding-left: 0; font-size: 1.1em; } - -.index_inline_list li { - list-style: none; - display: inline-block; - padding: 0 12px; - line-height: 30px; - margin-bottom: 5px; -} - -dl.constants { margin-left: 10px; } -dl.constants dt { font-weight: bold; font-size: 1.1em; margin-bottom: 5px; } -dl.constants.compact dt { display: inline-block; font-weight: normal } -dl.constants dd { width: 75%; white-space: pre; font-family: monospace; margin-bottom: 18px; } -dl.constants .docstring .note:first-child { margin-top: 5px; } - -.summary_desc { - margin-left: 32px; - display: block; - font-family: sans-serif; - font-size: 1.1em; - margin-top: 8px; - line-height: 1.5145em; - margin-bottom: 0.8em; -} -.summary_desc tt { font-size: 0.9em; } -dl.constants .note { padding: 2px 6px; padding-right: 12px; margin-top: 6px; } -dl.constants .docstring { margin-left: 32px; font-size: 0.9em; font-weight: normal; } -dl.constants .tags { padding-left: 32px; font-size: 0.9em; line-height: 0.8em; } -dl.constants .discussion *:first-child { margin-top: 0; } -dl.constants .discussion *:last-child { margin-bottom: 0; } - -.method_details { border-top: 1px dotted #ccc; margin-top: 25px; padding-top: 0; } -.method_details.first { border: 0; margin-top: 5px; } -.method_details.first h3.signature { margin-top: 1em; } -p.signature, h3.signature { - font-size: 1.1em; font-weight: normal; font-family: Monaco, Consolas, Courier, monospace; - padding: 6px 10px; margin-top: 1em; - background: #E8F4FF; border: 1px solid #d8d8e5; border-radius: 5px; -} -p.signature tt, -h3.signature tt { font-family: Monaco, Consolas, Courier, monospace; } -p.signature .overload, -h3.signature .overload { display: block; } -p.signature .extras, -h3.signature .extras { font-weight: normal; font-family: sans-serif; color: #444; font-size: 1em; } -p.signature .not_defined_here, -h3.signature .not_defined_here, -p.signature .aliases, -h3.signature .aliases { display: block; font-weight: normal; font-size: 0.9em; font-family: sans-serif; margin-top: 0px; color: #555; } -p.signature .aliases .names, -h3.signature .aliases .names { font-family: Monaco, Consolas, Courier, monospace; font-weight: bold; color: #000; font-size: 1.2em; } - -.tags .tag_title { font-size: 1.05em; margin-bottom: 0; font-weight: bold; } -.tags .tag_title tt { color: initial; padding: initial; background: initial; } -.tags ul { margin-top: 5px; padding-left: 30px; list-style: square; } -.tags ul li { margin-bottom: 3px; } -.tags ul .name { font-family: monospace; font-weight: bold; } -.tags ul .note { padding: 3px 6px; } -.tags { margin-bottom: 12px; } - -.tags .examples .tag_title { margin-bottom: 10px; font-weight: bold; } -.tags .examples .inline p { padding: 0; margin: 0; font-weight: bold; font-size: 1em; } -.tags .examples .inline p:before { content: "â–¸"; font-size: 1em; margin-right: 5px; } - -.tags .overload .overload_item { list-style: none; margin-bottom: 25px; } -.tags .overload .overload_item .signature { - padding: 2px 8px; - background: #F1F8FF; border: 1px solid #d8d8e5; border-radius: 3px; -} -.tags .overload .signature { margin-left: -15px; font-family: monospace; display: block; font-size: 1.1em; } -.tags .overload .docstring { margin-top: 15px; } - -.defines { display: none; } - -#method_missing_details .notice.this { position: relative; top: -8px; color: #888; padding: 0; margin: 0; } - -.showSource { font-size: 0.9em; } -.showSource a, .showSource a:visited { text-decoration: none; color: #666; } - -#content a, #content a:visited { text-decoration: none; color: #05a; } -#content a:hover { background: #ffffa5; } - -ul.summary { - list-style: none; - font-family: monospace; - font-size: 1em; - line-height: 1.5em; - padding-left: 0px; -} -ul.summary a, ul.summary a:visited { - text-decoration: none; font-size: 1.1em; -} -ul.summary li { margin-bottom: 5px; } -.summary_signature { padding: 4px 8px; background: #f8f8f8; border: 1px solid #f0f0f0; border-radius: 5px; } -.summary_signature:hover { background: #CFEBFF; border-color: #A4CCDA; cursor: pointer; } -.summary_signature.deprecated { background: #ffe5e5; border-color: #e9dada; } -ul.summary.compact li { display: inline-block; margin: 0px 5px 0px 0px; line-height: 2.6em;} -ul.summary.compact .summary_signature { padding: 5px 7px; padding-right: 4px; } -#content .summary_signature:hover a, -#content .summary_signature:hover a:visited { - background: transparent; - color: #049; -} - -p.inherited a { font-family: monospace; font-size: 0.9em; } -p.inherited { word-spacing: 5px; font-size: 1.2em; } - -p.children { font-size: 1.2em; } -p.children a { font-size: 0.9em; } -p.children strong { font-size: 0.8em; } -p.children strong.modules { padding-left: 5px; } - -ul.fullTree { display: none; padding-left: 0; list-style: none; margin-left: 0; margin-bottom: 10px; } -ul.fullTree ul { margin-left: 0; padding-left: 0; list-style: none; } -ul.fullTree li { text-align: center; padding-top: 18px; padding-bottom: 12px; background: url(data:image/gif;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAHtJREFUeNqMzrEJAkEURdGzuhgZbSoYWcAWoBVsB4JgZAGmphsZCZYzTQgWNCYrDN9RvMmHx+X916SUBFbo8CzD1idXrLErw1mQttgXtyrOcQ/Ny5p4Qh+2XqLYYazsPWNTiuMkRxa4vcV+evuNAUOLIx5+c2hyzv7hNQC67Q+/HHmlEwAAAABJRU5ErkJggg==) no-repeat top center; } -ul.fullTree li:first-child { padding-top: 0; background: transparent; } -ul.fullTree li:last-child { padding-bottom: 0; } -.showAll ul.fullTree { display: block; } -.showAll .inheritName { display: none; } - -#search { position: absolute; right: 12px; top: 0px; z-index: 9000; } -#search a { - display: block; float: left; - padding: 4px 8px; text-decoration: none; color: #05a; fill: #05a; - border: 1px solid #d8d8e5; - border-bottom-left-radius: 3px; border-bottom-right-radius: 3px; - background: #F1F8FF; - box-shadow: -1px 1px 3px #ddd; -} -#search a:hover { background: #f5faff; color: #06b; fill: #06b; } -#search a.active { - background: #568; padding-bottom: 20px; color: #fff; fill: #fff; - border: 1px solid #457; - border-top-left-radius: 5px; border-top-right-radius: 5px; -} -#search a.inactive { color: #999; fill: #999; } -.inheritanceTree, .toggleDefines { - float: right; - border-left: 1px solid #aaa; - position: absolute; top: 0; right: 0; - height: 100%; - background: #f6f6f6; - padding: 5px; - min-width: 55px; - text-align: center; -} - -#menu { font-size: 1.3em; color: #bbb; } -#menu .title, #menu a { font-size: 0.7em; } -#menu .title a { font-size: 1em; } -#menu .title { color: #555; } -#menu a, #menu a:visited { color: #333; text-decoration: none; border-bottom: 1px dotted #bbd; } -#menu a:hover { color: #05a; } - -#footer { margin-top: 15px; border-top: 1px solid #ccc; text-align: center; padding: 7px 0; color: #999; } -#footer a, #footer a:visited { color: #444; text-decoration: none; border-bottom: 1px dotted #bbd; } -#footer a:hover { color: #05a; } - -#listing ul.alpha { font-size: 1.1em; } -#listing ul.alpha { margin: 0; padding: 0; padding-bottom: 10px; list-style: none; } -#listing ul.alpha li.letter { font-size: 1.4em; padding-bottom: 10px; } -#listing ul.alpha ul { margin: 0; padding-left: 15px; } -#listing ul small { color: #666; font-size: 0.7em; } - -li.r1 { background: #f0f0f0; } -li.r2 { background: #fafafa; } - -#content ul.summary li.deprecated .summary_signature a, -#content ul.summary li.deprecated .summary_signature a:visited { text-decoration: line-through; font-style: italic; } - -#toc { - position: relative; - float: right; - overflow-x: auto; - right: -3px; - margin-left: 20px; - margin-bottom: 20px; - padding: 20px; padding-right: 30px; - max-width: 300px; - z-index: 5000; - background: #fefefe; - border: 1px solid #ddd; - box-shadow: -2px 2px 6px #bbb; -} -#toc .title { margin: 0; } -#toc ol { padding-left: 1.8em; } -#toc li { font-size: 1.1em; line-height: 1.7em; } -#toc > ol > li { font-size: 1.1em; font-weight: bold; } -#toc ol > ol { font-size: 0.9em; } -#toc ol ol > ol { padding-left: 2.3em; } -#toc ol + li { margin-top: 0.3em; } -#toc.hidden { padding: 10px; background: #fefefe; box-shadow: none; } -#toc.hidden:hover { background: #fafafa; } -#filecontents h1 + #toc.nofloat { margin-top: 0; } -@media (max-width: 560px) { - #toc { - margin-left: 0; - margin-top: 16px; - float: none; - max-width: none; - } -} - -/* syntax highlighting */ -.source_code { display: none; padding: 3px 8px; border-left: 8px solid #ddd; margin-top: 5px; } -#filecontents pre.code, .docstring pre.code, .source_code pre { font-family: monospace; } -#filecontents pre.code, .docstring pre.code { display: block; } -.source_code .lines { padding-right: 12px; color: #555; text-align: right; } -#filecontents pre.code, .docstring pre.code, -.tags pre.example { - padding: 9px 14px; - margin-top: 4px; - border: 1px solid #e1e1e8; - background: #f7f7f9; - border-radius: 4px; - font-size: 1em; - overflow-x: auto; - line-height: 1.2em; -} -pre.code { color: #000; tab-size: 2; } -pre.code .info.file { color: #555; } -pre.code .val { color: #036A07; } -pre.code .tstring_content, -pre.code .heredoc_beg, pre.code .heredoc_end, -pre.code .qwords_beg, pre.code .qwords_end, pre.code .qwords_sep, -pre.code .words_beg, pre.code .words_end, pre.code .words_sep, -pre.code .qsymbols_beg, pre.code .qsymbols_end, pre.code .qsymbols_sep, -pre.code .symbols_beg, pre.code .symbols_end, pre.code .symbols_sep, -pre.code .tstring, pre.code .dstring { color: #036A07; } -pre.code .fid, pre.code .rubyid_new, pre.code .rubyid_to_s, -pre.code .rubyid_to_sym, pre.code .rubyid_to_f, -pre.code .dot + pre.code .id, -pre.code .rubyid_to_i pre.code .rubyid_each { color: #0085FF; } -pre.code .comment { color: #0066FF; } -pre.code .const, pre.code .constant { color: #585CF6; } -pre.code .label, -pre.code .symbol { color: #C5060B; } -pre.code .kw, -pre.code .rubyid_require, -pre.code .rubyid_extend, -pre.code .rubyid_include { color: #0000FF; } -pre.code .ivar { color: #318495; } -pre.code .gvar, -pre.code .rubyid_backref, -pre.code .rubyid_nth_ref { color: #6D79DE; } -pre.code .regexp, .dregexp { color: #036A07; } -pre.code a { border-bottom: 1px dotted #bbf; } -/* inline code */ -*:not(pre) > code { - padding: 1px 3px 1px 3px; - border: 1px solid #E1E1E8; - background: #F7F7F9; - border-radius: 4px; -} - -/* Color fix for links */ -#content .summary_desc pre.code .id > .object_link a, /* identifier */ -#content .docstring pre.code .id > .object_link a { color: #0085FF; } -#content .summary_desc pre.code .const > .object_link a, /* constant */ -#content .docstring pre.code .const > .object_link a { color: #585CF6; } diff --git a/modules/utilities/unix/logging/logstash/doc/file.README.html b/modules/utilities/unix/logging/logstash/doc/file.README.html deleted file mode 100644 index 0a15d32ea..000000000 --- a/modules/utilities/unix/logging/logstash/doc/file.README.html +++ /dev/null @@ -1,397 +0,0 @@ - - - - - - - File: README - - — Documentation by YARD 0.9.13 - - - - - - - - - - - - - - - - - -
    - -
    -
    - -
    - - -

    elastic/logstash

    - -

    A Puppet module for managing and configuring Logstash.

    - -

    Build Status

    - -

    Logstash Versions

    - -

    This module, "elastic/logstash" supports only Logstash 5.x and 6.x. For earlier -Logstash versions, support is provided by the legacy module -"elasticsearch/logstash".

    - -

    Requirements

    - -
      -
    • Puppet 4.6.1 or better.
      • -
    • The stdlib module.
      • -
    • Logstash itself requires Java 8. The "puppetlabs/java" module is recommended -for installing Java. This module will not install Java.
      • -
    - -

    Optional:

    - -
      -
    • The elastic_stack module -when using automatic repository management.
      • -
    • The apt (>= 2.0.0) module when -using repo management on Debian/Ubuntu.
      • -
    • The zypprepo module when using -repo management on SLES/SuSE.
      • -
    - -

    Quick Start

    - -

    This minimum viable configuration ensures that Logstash is installed, enabled, and running:

    - -
    include logstash
-
-# You must provide a valid pipeline configuration for the service to start.
-logstash::configfile { 'my_ls_config':
-  content => template('path/to/config.file'),
-}
-
    - -

    Package and service options

    - -

    Choosing a Logstash minor version

    - -
    class { 'logstash':
-  version => '6.0.0',
-}
-
    - -

    Choosing a Logstash major version

    - -

    This module uses the related "elastic/elastic_stack" module to manage package -repositories. Since there is a separate repository for each major version of -the Elastic stack, if you don't want the default version (6), it's necessary -to select which version to configure, like this:

    - -
    class { 'elastic_stack::repo':
-  version => 5,
-}
-
-class { 'logstash':
-  version => '5.6.4',
-}
-
    - -

    Manual repository management

    - -

    You may want to manage repositories manually. You can disable -automatic repository management like this:

    - -
    class { 'logstash':
-  manage_repo => false,
-}
-
    - -

    Using an explicit package source

    - -

    Rather than use your distribution's repository system, you can specify an -explicit package to fetch and install.

    - -

    From an HTTP/HTTPS/FTP URL

    - -
    class { 'logstash':
-  package_url => 'https://artifacts.elastic.co/downloads/logstash/logstash-5.1.1.rpm',
-}
-
    - -

    From a 'puppet://' URL

    - -
    class { 'logstash':
-  package_url => 'puppet:///modules/my_module/logstash-5.1.1.rpm',
-}
-
    - -

    From a local file on the agent

    - -
    class { 'logstash':
-  package_url => 'file:///tmp/logstash-5.1.1.rpm',
-}
-
    - -

    Allow automatic point-release upgrades

    - -
    class { 'logstash':
-  auto_upgrade => true,
-}
-
    - -

    Do not run as a service

    - -
    class { 'logstash':
-  status => 'disabled',
-}
-
    - -

    Disable automatic restarts

    - -

    Under normal circumstances, changing a configuration will trigger a restart of -the service. This behaviour can be disabled:

    - -
    class { 'logstash':
-  restart_on_change => false,
-}
-
    - -

    Disable and remove Logstash

    - -
    class { 'logstash':
-  ensure => 'absent',
-}
-
    - -

    Logstash config files

    - -

    Settings

    - -

    Logstash uses several files to define settings for the service and associated -Java runtime. The settings files can be configured with class parameters.

    - -

    logstash.yml with flat keys

    - -
    class { 'logstash':
-  settings => {
-    'pipeline.batch.size'  => 25,
-    'pipeline.batch.delay' => 5,
-  }
-}
-
    - -

    logstash.yml with nested keys

    - -
    class { 'logstash':
-  settings => {
-    'pipeline' => {
-      'batch' => {
-        'size'  => 25,
-        'delay' => 5,
-      }
-    }
-  }
-}
-
    - -

    jvm.options

    - -
    class { 'logstash':
-  jvm_options => [
-    '-Xms1g',
-    '-Xmx1g',
-  ]
-}
-
    - -

    startup.options

    - -
    class { 'logstash':
-  startup_options => {
-    'LS_NICE' => '10',
-  }
-}
-
    - -

    pipelines.yml

    - -
    class { 'logstash':
-  pipelines => [
-    {
-      "pipeline.id" => "pipeline_one",
-      "path.config" =>  "/usr/local/etc/logstash/pipeline-1/one.conf",
-    },
-    {
-      "pipeline.id" => "pipeline_two",
-      "path.config" =>  "/usr/local/etc/logstash/pipeline-2/two.conf",
-    }
-  ]
-}
-
    - -

    Note that specifying pipelines will automatically remove the default -path.config setting from logstash.yml, since this is incompatible with -pipelines.yml.

    - -

    Enabling centralized pipeline management with xpack.management.enabled will -also remove the default path.config.

    - -

    Pipeline Configuration

    - -

    Pipeline configuration files can be declared with the logstash::configfile -type.

    - -
    logstash::configfile { 'inputs':
-  content => template('path/to/input.conf.erb'),
-}
-
    - -

    or

    - -
    logstash::configfile { 'filters':
-  source => 'puppet:///path/to/filter.conf',
-}
-
    - -

    For simple cases, it's possible to provide your Logstash config as an -inline string:

    - -
    logstash::configfile { 'basic_ls_config':
-  content => 'input { heartbeat {} } output { null {} }',
-}
-
    - -

    You can also specify the exact path for the config file, which is -particularly useful with multiple pipelines:

    - -
    logstash::configfile { 'config_for_pipeline_two':
-  content => 'input { heartbeat {} } output { null {} }',
-  path    => '/usr/local/etc/logstash/pipeline-2/two.conf',
-}
-
    - -

    If you want to use Hiera to specify your configs, include the following -create_resources call in your manifest:

    - -
    create_resources('logstash::configfile', hiera('my_logstash_configs'))
-
    - -

    ...and then create a data structure like this in Hiera:

    - -
    ---
-my_logstash_configs:
-  nginx:
-    template: site_logstash/nginx.conf.erb
-  syslog:
-    template: site_logstash/syslog.conf.erb
-
    - -

    In this example, templates for the config files are stored in the custom, -site-specific module "site_logstash".

    - -

    Patterns

    - -

    Many plugins (notably Grok) use patterns. While many are included in Logstash already, additional site-specific patterns can be managed as well.

    - -
    logstash::patternfile { 'extra_patterns':
-  source => 'puppet:///path/to/extra_pattern',
-}
-
    - -

    By default the resulting filename of the pattern will match that of the source. This can be over-ridden:

    - -
    logstash::patternfile { 'extra_patterns_firewall':
-  source   => 'puppet:///path/to/extra_patterns_firewall_v1',
-  filename => 'extra_patterns_firewall',
-}
-
    - -

    IMPORTANT NOTE: Using logstash::patternfile places new patterns in the correct directory, however, it does NOT cause the path to be included automatically for filters (example: grok filter). You will still need to include this path (by default, /etc/logstash/patterns/) explicitly in your configurations.

    - -

    Example: If using 'grok' in one of your configurations, you must include the pattern path in each filter like this:

    - -
    # Note: this example is Logstash configuration, not a Puppet resource.
-# Logstash and Puppet look very similar!
-grok {
-  patterns_dir => "/etc/logstash/patterns/"
-  ...
-}
-
    - -

    Plugin management

    - -

    Installing by name (from RubyGems.org)

    - -
    logstash::plugin { 'logstash-input-beats': }
-
    - -

    Installing from a local Gem

    - -
    logstash::plugin { 'logstash-input-custom':
-  source => '/tmp/logstash-input-custom-0.1.0.gem',
-}
-
    - -

    Installing from a 'puppet://' URL

    - -
    logstash::plugin { 'logstash-filter-custom':
-  source => 'puppet:///modules/my_ls_module/logstash-filter-custom-0.1.0.gem',
-}
-
    - -

    Installing from an 'http(s)://' URL

    - -
    logstash::plugin { 'x-pack':
-  source => 'https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.3.0.zip',
-}
-
    - -

    Controling the environment for the logstash-plugin command

    - -
    logstash::plugin { 'logstash-input-websocket':
-  environment => 'LS_JVM_OPTS="-Xms1g -Xmx1g"',
-}
-
    - -

    Support

    - -

    Need help? Join us in #logstash on Freenode IRC or on the https://discuss.elastic.co/c/logstash discussion forum.

    -
    - - - -
    - - \ No newline at end of file diff --git a/modules/utilities/unix/logging/logstash/doc/frames.html b/modules/utilities/unix/logging/logstash/doc/frames.html deleted file mode 100644 index 7b6374380..000000000 --- a/modules/utilities/unix/logging/logstash/doc/frames.html +++ /dev/null @@ -1,17 +0,0 @@ - - - - - Documentation by YARD 0.9.13 - - - - diff --git a/modules/utilities/unix/logging/logstash/doc/index.html b/modules/utilities/unix/logging/logstash/doc/index.html deleted file mode 100644 index 9d13acf3c..000000000 --- a/modules/utilities/unix/logging/logstash/doc/index.html +++ /dev/null @@ -1,397 +0,0 @@ - - - - - - - File: README - - — Documentation by YARD 0.9.13 - - - - - - - - - - - - - - - - - -
    - -
    -
    - -
    - - -

    elastic/logstash

    - -

    A Puppet module for managing and configuring Logstash.

    - -

    Build Status

    - -

    Logstash Versions

    - -

    This module, "elastic/logstash" supports only Logstash 5.x and 6.x. For earlier -Logstash versions, support is provided by the legacy module -"elasticsearch/logstash".

    - -

    Requirements

    - -
      -
    • Puppet 4.6.1 or better.
      • -
    • The stdlib module.
      • -
    • Logstash itself requires Java 8. The "puppetlabs/java" module is recommended -for installing Java. This module will not install Java.
      • -
    - -

    Optional:

    - -
      -
    • The elastic_stack module -when using automatic repository management.
      • -
    • The apt (>= 2.0.0) module when -using repo management on Debian/Ubuntu.
      • -
    • The zypprepo module when using -repo management on SLES/SuSE.
      • -
    - -

    Quick Start

    - -

    This minimum viable configuration ensures that Logstash is installed, enabled, and running:

    - -
    include logstash
-
-# You must provide a valid pipeline configuration for the service to start.
-logstash::configfile { 'my_ls_config':
-  content => template('path/to/config.file'),
-}
-
    - -

    Package and service options

    - -

    Choosing a Logstash minor version

    - -
    class { 'logstash':
-  version => '6.0.0',
-}
-
    - -

    Choosing a Logstash major version

    - -

    This module uses the related "elastic/elastic_stack" module to manage package -repositories. Since there is a separate repository for each major version of -the Elastic stack, if you don't want the default version (6), it's necessary -to select which version to configure, like this:

    - -
    class { 'elastic_stack::repo':
-  version => 5,
-}
-
-class { 'logstash':
-  version => '5.6.4',
-}
-
    - -

    Manual repository management

    - -

    You may want to manage repositories manually. You can disable -automatic repository management like this:

    - -
    class { 'logstash':
-  manage_repo => false,
-}
-
    - -

    Using an explicit package source

    - -

    Rather than use your distribution's repository system, you can specify an -explicit package to fetch and install.

    - -

    From an HTTP/HTTPS/FTP URL

    - -
    class { 'logstash':
-  package_url => 'https://artifacts.elastic.co/downloads/logstash/logstash-5.1.1.rpm',
-}
-
    - -

    From a 'puppet://' URL

    - -
    class { 'logstash':
-  package_url => 'puppet:///modules/my_module/logstash-5.1.1.rpm',
-}
-
    - -

    From a local file on the agent

    - -
    class { 'logstash':
-  package_url => 'file:///tmp/logstash-5.1.1.rpm',
-}
-
    - -

    Allow automatic point-release upgrades

    - -
    class { 'logstash':
-  auto_upgrade => true,
-}
-
    - -

    Do not run as a service

    - -
    class { 'logstash':
-  status => 'disabled',
-}
-
    - -

    Disable automatic restarts

    - -

    Under normal circumstances, changing a configuration will trigger a restart of -the service. This behaviour can be disabled:

    - -
    class { 'logstash':
-  restart_on_change => false,
-}
-
    - -

    Disable and remove Logstash

    - -
    class { 'logstash':
-  ensure => 'absent',
-}
-
    - -

    Logstash config files

    - -

    Settings

    - -

    Logstash uses several files to define settings for the service and associated -Java runtime. The settings files can be configured with class parameters.

    - -

    logstash.yml with flat keys

    - -
    class { 'logstash':
-  settings => {
-    'pipeline.batch.size'  => 25,
-    'pipeline.batch.delay' => 5,
-  }
-}
-
    - -

    logstash.yml with nested keys

    - -
    class { 'logstash':
-  settings => {
-    'pipeline' => {
-      'batch' => {
-        'size'  => 25,
-        'delay' => 5,
-      }
-    }
-  }
-}
-
    - -

    jvm.options

    - -
    class { 'logstash':
-  jvm_options => [
-    '-Xms1g',
-    '-Xmx1g',
-  ]
-}
-
    - -

    startup.options

    - -
    class { 'logstash':
-  startup_options => {
-    'LS_NICE' => '10',
-  }
-}
-
    - -

    pipelines.yml

    - -
    class { 'logstash':
-  pipelines => [
-    {
-      "pipeline.id" => "pipeline_one",
-      "path.config" =>  "/usr/local/etc/logstash/pipeline-1/one.conf",
-    },
-    {
-      "pipeline.id" => "pipeline_two",
-      "path.config" =>  "/usr/local/etc/logstash/pipeline-2/two.conf",
-    }
-  ]
-}
-
    - -

    Note that specifying pipelines will automatically remove the default -path.config setting from logstash.yml, since this is incompatible with -pipelines.yml.

    - -

    Enabling centralized pipeline management with xpack.management.enabled will -also remove the default path.config.

    - -

    Pipeline Configuration

    - -

    Pipeline configuration files can be declared with the logstash::configfile -type.

    - -
    logstash::configfile { 'inputs':
-  content => template('path/to/input.conf.erb'),
-}
-
    - -

    or

    - -
    logstash::configfile { 'filters':
-  source => 'puppet:///path/to/filter.conf',
-}
-
    - -

    For simple cases, it's possible to provide your Logstash config as an -inline string:

    - -
    logstash::configfile { 'basic_ls_config':
-  content => 'input { heartbeat {} } output { null {} }',
-}
-
    - -

    You can also specify the exact path for the config file, which is -particularly useful with multiple pipelines:

    - -
    logstash::configfile { 'config_for_pipeline_two':
-  content => 'input { heartbeat {} } output { null {} }',
-  path    => '/usr/local/etc/logstash/pipeline-2/two.conf',
-}
-
    - -

    If you want to use Hiera to specify your configs, include the following -create_resources call in your manifest:

    - -
    create_resources('logstash::configfile', hiera('my_logstash_configs'))
-
    - -

    ...and then create a data structure like this in Hiera:

    - -
    ---
-my_logstash_configs:
-  nginx:
-    template: site_logstash/nginx.conf.erb
-  syslog:
-    template: site_logstash/syslog.conf.erb
-
    - -

    In this example, templates for the config files are stored in the custom, -site-specific module "site_logstash".

    - -

    Patterns

    - -

    Many plugins (notably Grok) use patterns. While many are included in Logstash already, additional site-specific patterns can be managed as well.

    - -
    logstash::patternfile { 'extra_patterns':
-  source => 'puppet:///path/to/extra_pattern',
-}
-
    - -

    By default the resulting filename of the pattern will match that of the source. This can be over-ridden:

    - -
    logstash::patternfile { 'extra_patterns_firewall':
-  source   => 'puppet:///path/to/extra_patterns_firewall_v1',
-  filename => 'extra_patterns_firewall',
-}
-
    - -

    IMPORTANT NOTE: Using logstash::patternfile places new patterns in the correct directory, however, it does NOT cause the path to be included automatically for filters (example: grok filter). You will still need to include this path (by default, /etc/logstash/patterns/) explicitly in your configurations.

    - -

    Example: If using 'grok' in one of your configurations, you must include the pattern path in each filter like this:

    - -
    # Note: this example is Logstash configuration, not a Puppet resource.
-# Logstash and Puppet look very similar!
-grok {
-  patterns_dir => "/etc/logstash/patterns/"
-  ...
-}
-
    - -

    Plugin management

    - -

    Installing by name (from RubyGems.org)

    - -
    logstash::plugin { 'logstash-input-beats': }
-
    - -

    Installing from a local Gem

    - -
    logstash::plugin { 'logstash-input-custom':
-  source => '/tmp/logstash-input-custom-0.1.0.gem',
-}
-
    - -

    Installing from a 'puppet://' URL

    - -
    logstash::plugin { 'logstash-filter-custom':
-  source => 'puppet:///modules/my_ls_module/logstash-filter-custom-0.1.0.gem',
-}
-
    - -

    Installing from an 'http(s)://' URL

    - -
    logstash::plugin { 'x-pack':
-  source => 'https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.3.0.zip',
-}
-
    - -

    Controling the environment for the logstash-plugin command

    - -
    logstash::plugin { 'logstash-input-websocket':
-  environment => 'LS_JVM_OPTS="-Xms1g -Xmx1g"',
-}
-
    - -

    Support

    - -

    Need help? Join us in #logstash on Freenode IRC or on the https://discuss.elastic.co/c/logstash discussion forum.

    -
    - - - -
    - - \ No newline at end of file diff --git a/modules/utilities/unix/logging/logstash/doc/js/app.js b/modules/utilities/unix/logging/logstash/doc/js/app.js deleted file mode 100644 index fecf69db3..000000000 --- a/modules/utilities/unix/logging/logstash/doc/js/app.js +++ /dev/null @@ -1,292 +0,0 @@ -(function() { - -var localStorage = {}, sessionStorage = {}; -try { localStorage = window.localStorage; } catch (e) { } -try { sessionStorage = window.sessionStorage; } catch (e) { } - -function createSourceLinks() { - $('.method_details_list .source_code'). - before("[View source]"); - $('.toggleSource').toggle(function() { - $(this).parent().nextAll('.source_code').slideDown(100); - $(this).text("Hide source"); - }, - function() { - $(this).parent().nextAll('.source_code').slideUp(100); - $(this).text("View source"); - }); -} - -function createDefineLinks() { - var tHeight = 0; - $('.defines').after(" more..."); - $('.toggleDefines').toggle(function() { - tHeight = $(this).parent().prev().height(); - $(this).prev().css('display', 'inline'); - $(this).parent().prev().height($(this).parent().height()); - $(this).text("(less)"); - }, - function() { - $(this).prev().hide(); - $(this).parent().prev().height(tHeight); - $(this).text("more..."); - }); -} - -function createFullTreeLinks() { - var tHeight = 0; - $('.inheritanceTree').toggle(function() { - tHeight = $(this).parent().prev().height(); - $(this).parent().toggleClass('showAll'); - $(this).text("(hide)"); - $(this).parent().prev().height($(this).parent().height()); - }, - function() { - $(this).parent().toggleClass('showAll'); - $(this).parent().prev().height(tHeight); - $(this).text("show all"); - }); -} - -function searchFrameButtons() { - $('.full_list_link').click(function() { - toggleSearchFrame(this, $(this).attr('href')); - return false; - }); - window.addEventListener('message', function(e) { - if (e.data === 'navEscape') { - $('#nav').slideUp(100); - $('#search a').removeClass('active inactive'); - $(window).focus(); - } - }); - - $(window).resize(function() { - if ($('#search:visible').length === 0) { - $('#nav').removeAttr('style'); - $('#search a').removeClass('active inactive'); - $(window).focus(); - } - }); -} - -function toggleSearchFrame(id, link) { - var frame = $('#nav'); - $('#search a').removeClass('active').addClass('inactive'); - if (frame.attr('src') === link && frame.css('display') !== "none") { - frame.slideUp(100); - $('#search a').removeClass('active inactive'); - } - else { - $(id).addClass('active').removeClass('inactive'); - if (frame.attr('src') !== link) frame.attr('src', link); - frame.slideDown(100); - } -} - -function linkSummaries() { - $('.summary_signature').click(function() { - document.location = $(this).find('a').attr('href'); - }); -} - -function summaryToggle() { - $('.summary_toggle').click(function(e) { - e.preventDefault(); - localStorage.summaryCollapsed = $(this).text(); - $('.summary_toggle').each(function() { - $(this).text($(this).text() == "collapse" ? "expand" : "collapse"); - var next = $(this).parent().parent().nextAll('ul.summary').first(); - if (next.hasClass('compact')) { - next.toggle(); - next.nextAll('ul.summary').first().toggle(); - } - else if (next.hasClass('summary')) { - var list = $('
      '); - list.html(next.html()); - list.find('.summary_desc, .note').remove(); - list.find('a').each(function() { - $(this).html($(this).find('strong').html()); - $(this).parent().html($(this)[0].outerHTML); - }); - next.before(list); - next.toggle(); - } - }); - return false; - }); - if (localStorage.summaryCollapsed == "collapse") { - $('.summary_toggle').first().click(); - } else { localStorage.summaryCollapsed = "expand"; } -} - -function constantSummaryToggle() { - $('.constants_summary_toggle').click(function(e) { - e.preventDefault(); - localStorage.summaryCollapsed = $(this).text(); - $('.constants_summary_toggle').each(function() { - $(this).text($(this).text() == "collapse" ? "expand" : "collapse"); - var next = $(this).parent().parent().nextAll('dl.constants').first(); - if (next.hasClass('compact')) { - next.toggle(); - next.nextAll('dl.constants').first().toggle(); - } - else if (next.hasClass('constants')) { - var list = $('
      '); - list.html(next.html()); - list.find('dt').each(function() { - $(this).addClass('summary_signature'); - $(this).text( $(this).text().split('=')[0]); - if ($(this).has(".deprecated").length) { - $(this).addClass('deprecated'); - }; - }); - // Add the value of the constant as "Tooltip" to the summary object - list.find('pre.code').each(function() { - console.log($(this).parent()); - var dt_element = $(this).parent().prev(); - var tooltip = $(this).text(); - if (dt_element.hasClass("deprecated")) { - tooltip = 'Deprecated. ' + tooltip; - }; - dt_element.attr('title', tooltip); - }); - list.find('.docstring, .tags, dd').remove(); - next.before(list); - next.toggle(); - } - }); - return false; - }); - if (localStorage.summaryCollapsed == "collapse") { - $('.constants_summary_toggle').first().click(); - } else { localStorage.summaryCollapsed = "expand"; } -} - -function generateTOC() { - if ($('#filecontents').length === 0) return; - var _toc = $('
        '); - var show = false; - var toc = _toc; - var counter = 0; - var tags = ['h2', 'h3', 'h4', 'h5', 'h6']; - var i; - if ($('#filecontents h1').length > 1) tags.unshift('h1'); - for (i = 0; i < tags.length; i++) { tags[i] = '#filecontents ' + tags[i]; } - var lastTag = parseInt(tags[0][1], 10); - $(tags.join(', ')).each(function() { - if ($(this).parents('.method_details .docstring').length != 0) return; - if (this.id == "filecontents") return; - show = true; - var thisTag = parseInt(this.tagName[1], 10); - if (this.id.length === 0) { - var proposedId = $(this).attr('toc-id'); - if (typeof(proposedId) != "undefined") this.id = proposedId; - else { - var proposedId = $(this).text().replace(/[^a-z0-9-]/ig, '_'); - if ($('#' + proposedId).length > 0) { proposedId += counter; counter++; } - this.id = proposedId; - } - } - if (thisTag > lastTag) { - for (i = 0; i < thisTag - lastTag; i++) { - var tmp = $('
          '); toc.append(tmp); toc = tmp; - } - } - if (thisTag < lastTag) { - for (i = 0; i < lastTag - thisTag; i++) toc = toc.parent(); - } - var title = $(this).attr('toc-title'); - if (typeof(title) == "undefined") title = $(this).text(); - toc.append('
        1. ' + title + '
          2. '); - lastTag = thisTag; - }); - if (!show) return; - html = ''; - $('#content').prepend(html); - $('#toc').append(_toc); - $('#toc .hide_toc').toggle(function() { - $('#toc .top').slideUp('fast'); - $('#toc').toggleClass('hidden'); - $('#toc .title small').toggle(); - }, function() { - $('#toc .top').slideDown('fast'); - $('#toc').toggleClass('hidden'); - $('#toc .title small').toggle(); - }); -} - -function navResizeFn(e) { - if (e.which !== 1) { - navResizeFnStop(); - return; - } - - sessionStorage.navWidth = e.pageX.toString(); - $('.nav_wrap').css('width', e.pageX); - $('.nav_wrap').css('-ms-flex', 'inherit'); -} - -function navResizeFnStop() { - $(window).unbind('mousemove', navResizeFn); - window.removeEventListener('message', navMessageFn, false); -} - -function navMessageFn(e) { - if (e.data.action === 'mousemove') navResizeFn(e.data.event); - if (e.data.action === 'mouseup') navResizeFnStop(); -} - -function navResizer() { - $('#resizer').mousedown(function(e) { - e.preventDefault(); - $(window).mousemove(navResizeFn); - window.addEventListener('message', navMessageFn, false); - }); - $(window).mouseup(navResizeFnStop); - - if (sessionStorage.navWidth) { - navResizeFn({which: 1, pageX: parseInt(sessionStorage.navWidth, 10)}); - } -} - -function navExpander() { - var done = false, timer = setTimeout(postMessage, 500); - function postMessage() { - if (done) return; - clearTimeout(timer); - var opts = { action: 'expand', path: pathId }; - document.getElementById('nav').contentWindow.postMessage(opts, '*'); - done = true; - } - - window.addEventListener('message', function(event) { - if (event.data === 'navReady') postMessage(); - return false; - }, false); -} - -function mainFocus() { - var hash = window.location.hash; - if (hash !== '' && $(hash)[0]) { - $(hash)[0].scrollIntoView(); - } - - setTimeout(function() { $('#main').focus(); }, 10); -} - -$(document).ready(function() { - navResizer(); - navExpander(); - createSourceLinks(); - createDefineLinks(); - createFullTreeLinks(); - searchFrameButtons(); - linkSummaries(); - summaryToggle(); - constantSummaryToggle(); - generateTOC(); - mainFocus(); -}); - -})(); diff --git a/modules/utilities/unix/logging/logstash/doc/js/full_list.js b/modules/utilities/unix/logging/logstash/doc/js/full_list.js deleted file mode 100644 index 59069c5e2..000000000 --- a/modules/utilities/unix/logging/logstash/doc/js/full_list.js +++ /dev/null @@ -1,216 +0,0 @@ -(function() { - -var $clicked = $(null); -var searchTimeout = null; -var searchCache = []; -var caseSensitiveMatch = false; -var ignoreKeyCodeMin = 8; -var ignoreKeyCodeMax = 46; -var commandKey = 91; - -RegExp.escape = function(text) { - return text.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&"); -} - -function escapeShortcut() { - $(document).keydown(function(evt) { - if (evt.which == 27) { - window.parent.postMessage('navEscape', '*'); - } - }); -} - -function navResizer() { - $(window).mousemove(function(e) { - window.parent.postMessage({ - action: 'mousemove', event: {pageX: e.pageX, which: e.which} - }, '*'); - }).mouseup(function(e) { - window.parent.postMessage({action: 'mouseup'}, '*'); - }); - window.parent.postMessage("navReady", "*"); -} - -function clearSearchTimeout() { - clearTimeout(searchTimeout); - searchTimeout = null; -} - -function enableLinks() { - // load the target page in the parent window - $('#full_list li').on('click', function(evt) { - $('#full_list li').removeClass('clicked'); - $clicked = $(this); - $clicked.addClass('clicked'); - evt.stopPropagation(); - - if (evt.target.tagName === 'A') return true; - - var elem = $clicked.find('> .item .object_link a')[0]; - var e = evt.originalEvent; - var newEvent = new MouseEvent(evt.originalEvent.type); - newEvent.initMouseEvent(e.type, e.canBubble, e.cancelable, e.view, e.detail, e.screenX, e.screenY, e.clientX, e.clientY, e.ctrlKey, e.altKey, e.shiftKey, e.metaKey, e.button, e.relatedTarget); - elem.dispatchEvent(newEvent); - evt.preventDefault(); - return false; - }); -} - -function enableToggles() { - // show/hide nested classes on toggle click - $('#full_list a.toggle').on('click', function(evt) { - evt.stopPropagation(); - evt.preventDefault(); - $(this).parent().parent().toggleClass('collapsed'); - highlight(); - }); -} - -function populateSearchCache() { - $('#full_list li .item').each(function() { - var $node = $(this); - var $link = $node.find('.object_link a'); - if ($link.length > 0) { - searchCache.push({ - node: $node, - link: $link, - name: $link.text(), - fullName: $link.attr('title').split(' ')[0] - }); - } - }); -} - -function enableSearch() { - $('#search input').keyup(function(event) { - if (ignoredKeyPress(event)) return; - if (this.value === "") { - clearSearch(); - } else { - performSearch(this.value); - } - }); - - $('#full_list').after(""); -} - -function ignoredKeyPress(event) { - if ( - (event.keyCode > ignoreKeyCodeMin && event.keyCode < ignoreKeyCodeMax) || - (event.keyCode == commandKey) - ) { - return true; - } else { - return false; - } -} - -function clearSearch() { - clearSearchTimeout(); - $('#full_list .found').removeClass('found').each(function() { - var $link = $(this).find('.object_link a'); - $link.text($link.text()); - }); - $('#full_list, #content').removeClass('insearch'); - $clicked.parents().removeClass('collapsed'); - highlight(); -} - -function performSearch(searchString) { - clearSearchTimeout(); - $('#full_list, #content').addClass('insearch'); - $('#noresults').text('').hide(); - partialSearch(searchString, 0); -} - -function partialSearch(searchString, offset) { - var lastRowClass = ''; - var i = null; - for (i = offset; i < Math.min(offset + 50, searchCache.length); i++) { - var item = searchCache[i]; - var searchName = (searchString.indexOf('::') != -1 ? item.fullName : item.name); - var matchString = buildMatchString(searchString); - var matchRegexp = new RegExp(matchString, caseSensitiveMatch ? "" : "i"); - if (searchName.match(matchRegexp) == null) { - item.node.removeClass('found'); - item.link.text(item.link.text()); - } - else { - item.node.addClass('found'); - item.node.removeClass(lastRowClass).addClass(lastRowClass == 'r1' ? 'r2' : 'r1'); - lastRowClass = item.node.hasClass('r1') ? 'r1' : 'r2'; - item.link.html(item.name.replace(matchRegexp, "$&")); - } - } - if(i == searchCache.length) { - searchDone(); - } else { - searchTimeout = setTimeout(function() { - partialSearch(searchString, i); - }, 0); - } -} - -function searchDone() { - searchTimeout = null; - highlight(); - if ($('#full_list li:visible').size() === 0) { - $('#noresults').text('No results were found.').hide().fadeIn(); - } else { - $('#noresults').text('').hide(); - } - $('#content').removeClass('insearch'); -} - -function buildMatchString(searchString, event) { - caseSensitiveMatch = searchString.match(/[A-Z]/) != null; - var regexSearchString = RegExp.escape(searchString); - if (caseSensitiveMatch) { - regexSearchString += "|" + - $.map(searchString.split(''), function(e) { return RegExp.escape(e); }). - join('.+?'); - } - return regexSearchString; -} - -function highlight() { - $('#full_list li:visible').each(function(n) { - $(this).removeClass('even odd').addClass(n % 2 == 0 ? 'odd' : 'even'); - }); -} - -/** - * Expands the tree to the target element and its immediate - * children. - */ -function expandTo(path) { - var $target = $(document.getElementById('object_' + path)); - $target.addClass('clicked'); - $target.removeClass('collapsed'); - $target.parentsUntil('#full_list', 'li').removeClass('collapsed'); - if($target[0]) { - window.scrollTo(window.scrollX, $target.offset().top - 250); - highlight(); - } -} - -function windowEvents(event) { - var msg = event.data; - if (msg.action === "expand") { - expandTo(msg.path); - } - return false; -} - -window.addEventListener("message", windowEvents, false); - -$(document).ready(function() { - escapeShortcut(); - navResizer(); - enableLinks(); - enableToggles(); - populateSearchCache(); - enableSearch(); -}); - -})(); diff --git a/modules/utilities/unix/logging/logstash/doc/js/jquery.js b/modules/utilities/unix/logging/logstash/doc/js/jquery.js deleted file mode 100644 index 198b3ff07..000000000 --- a/modules/utilities/unix/logging/logstash/doc/js/jquery.js +++ /dev/null @@ -1,4 +0,0 @@ -/*! jQuery v1.7.1 jquery.com | jquery.org/license */ -(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cl||(cl=c.createElement("iframe"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl.createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.write((c.compatMode==="CSS1Compat"?"":"")+""),cm.close();d=cm.createElement(a),cm.body.appendChild(d),e=f.css(d,"display"),b.removeChild(cl)}ck[a]=e}return ck[a]}function cu(a,b){var c={};f.each(cq.concat.apply([],cq.slice(0,b)),function(){c[this]=a});return c}function ct(){cr=b}function cs(){setTimeout(ct,0);return cr=f.now()}function cj(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ci(){try{return new a.XMLHttpRequest}catch(b){}}function cc(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g0){if(c!=="border")for(;g=0===c})}function S(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function K(){return!0}function J(){return!1}function n(a,b,c){var d=b+"defer",e=b+"queue",g=b+"mark",h=f._data(a,d);h&&(c==="queue"||!f._data(a,e))&&(c==="mark"||!f._data(a,g))&&setTimeout(function(){!f._data(a,e)&&!f._data(a,g)&&(f.removeData(a,d,!0),h.fire())},0)}function m(a){for(var b in a){if(b==="data"&&f.isEmptyObject(a[b]))continue;if(b!=="toJSON")return!1}return!0}function l(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(k,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNumeric(d)?parseFloat(d):j.test(d)?f.parseJSON(d):d}catch(g){}f.data(a,c,d)}else d=b}return d}function h(a){var b=g[a]={},c,d;a=a.split(/\s+/);for(c=0,d=a.length;c)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,n=/^[\],:{}\s]*$/,o=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,p=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,q=/(?:^|:|,)(?:\s*\[)+/g,r=/(webkit)[ \/]([\w.]+)/,s=/(opera)(?:.*version)?[ \/]([\w.]+)/,t=/(msie) ([\w.]+)/,u=/(mozilla)(?:.*? rv:([\w.]+))?/,v=/-([a-z]|[0-9])/ig,w=/^-ms-/,x=function(a,b){return(b+"").toUpperCase()},y=d.userAgent,z,A,B,C=Object.prototype.toString,D=Object.prototype.hasOwnProperty,E=Array.prototype.push,F=Array.prototype.slice,G=String.prototype.trim,H=Array.prototype.indexOf,I={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=m.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.7.1",length:0,size:function(){return this.length},toArray:function(){return F.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?E.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),A.add(a);return this},eq:function(a){a=+a;return a===-1?this.slice(a):this.slice(a,a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(F.apply(this,arguments),"slice",F.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:E,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j0)return;A.fireWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").off("ready")}},bindReady:function(){if(!A){A=e.Callbacks("once memory");if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",B,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",B),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&J()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a&&typeof a=="object"&&"setInterval"in a},isNumeric:function(a){return!isNaN(parseFloat(a))&&isFinite(a)},type:function(a){return a==null?String(a):I[C.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!D.call(a,"constructor")&&!D.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||D.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw new Error(a)},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(n.test(b.replace(o,"@").replace(p,"]").replace(q,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(w,"ms-").replace(v,x)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i1?i.call(arguments,0):b,j.notifyWith(k,e)}}function l(a){return function(c){b[a]=arguments.length>1?i.call(arguments,0):c,--g||j.resolveWith(j,b)}}var b=i.call(arguments,0),c=0,d=b.length,e=Array(d),g=d,h=d,j=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred(),k=j.promise();if(d>1){for(;c
    a",d=q.getElementsByTagName("*"),e=q.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=q.getElementsByTagName("input")[0],b={leadingWhitespace:q.firstChild.nodeType===3,tbody:!q.getElementsByTagName("tbody").length,htmlSerialize:!!q.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:q.className!=="t",enctype:!!c.createElement("form").enctype,html5Clone:c.createElement("nav").cloneNode(!0).outerHTML!=="<:nav>",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,b.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,b.optDisabled=!h.disabled;try{delete q.test}catch(s){b.deleteExpando=!1}!q.addEventListener&&q.attachEvent&&q.fireEvent&&(q.attachEvent("onclick",function(){b.noCloneEvent=!1}),q.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),b.radioValue=i.value==="t",i.setAttribute("checked","checked"),q.appendChild(i),k=c.createDocumentFragment(),k.appendChild(q.lastChild),b.checkClone=k.cloneNode(!0).cloneNode(!0).lastChild.checked,b.appendChecked=i.checked,k.removeChild(i),k.appendChild(q),q.innerHTML="",a.getComputedStyle&&(j=c.createElement("div"),j.style.width="0",j.style.marginRight="0",q.style.width="2px",q.appendChild(j),b.reliableMarginRight=(parseInt((a.getComputedStyle(j,null)||{marginRight:0}).marginRight,10)||0)===0);if(q.attachEvent)for(o in{submit:1,change:1,focusin:1})n="on"+o,p=n in q,p||(q.setAttribute(n,"return;"),p=typeof q[n]=="function"),b[o+"Bubbles"]=p;k.removeChild(q),k=g=h=j=q=i=null,f(function(){var a,d,e,g,h,i,j,k,m,n,o,r=c.getElementsByTagName("body")[0];!r||(j=1,k="position:absolute;top:0;left:0;width:1px;height:1px;margin:0;",m="visibility:hidden;border:0;",n="style='"+k+"border:5px solid #000;padding:0;'",o="
    "+""+"
    ",a=c.createElement("div"),a.style.cssText=m+"width:0;height:0;position:static;top:0;margin-top:"+j+"px",r.insertBefore(a,r.firstChild),q=c.createElement("div"),a.appendChild(q),q.innerHTML="
    t
    ",l=q.getElementsByTagName("td"),p=l[0].offsetHeight===0,l[0].style.display="",l[1].style.display="none",b.reliableHiddenOffsets=p&&l[0].offsetHeight===0,q.innerHTML="",q.style.width=q.style.paddingLeft="1px",f.boxModel=b.boxModel=q.offsetWidth===2,typeof q.style.zoom!="undefined"&&(q.style.display="inline",q.style.zoom=1,b.inlineBlockNeedsLayout=q.offsetWidth===2,q.style.display="",q.innerHTML="
    ",b.shrinkWrapBlocks=q.offsetWidth!==2),q.style.cssText=k+m,q.innerHTML=o,d=q.firstChild,e=d.firstChild,h=d.nextSibling.firstChild.firstChild,i={doesNotAddBorder:e.offsetTop!==5,doesAddBorderForTableAndCells:h.offsetTop===5},e.style.position="fixed",e.style.top="20px",i.fixedPosition=e.offsetTop===20||e.offsetTop===15,e.style.position=e.style.top="",d.style.overflow="hidden",d.style.position="relative",i.subtractsBorderForOverflowNotVisible=e.offsetTop===-5,i.doesNotIncludeMarginInBodyOffset=r.offsetTop!==j,r.removeChild(a),q=a=null,f.extend(b,i))});return b}();var j=/^(?:\{.*\}|\[.*\])$/,k=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!m(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i,j=f.expando,k=typeof c=="string",l=a.nodeType,m=l?f.cache:a,n=l?a[j]:a[j]&&j,o=c==="events";if((!n||!m[n]||!o&&!e&&!m[n].data)&&k&&d===b)return;n||(l?a[j]=n=++f.uuid:n=j),m[n]||(m[n]={},l||(m[n].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?m[n]=f.extend(m[n],c):m[n].data=f.extend(m[n].data,c);g=h=m[n],e||(h.data||(h.data={}),h=h.data),d!==b&&(h[f.camelCase(c)]=d);if(o&&!h[c])return g.events;k?(i=h[c],i==null&&(i=h[f.camelCase(c)])):i=h;return i}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e,g,h=f.expando,i=a.nodeType,j=i?f.cache:a,k=i?a[h]:h;if(!j[k])return;if(b){d=c?j[k]:j[k].data;if(d){f.isArray(b)||(b in d?b=[b]:(b=f.camelCase(b),b in d?b=[b]:b=b.split(" ")));for(e=0,g=b.length;e-1)return!0;return!1},val:function(a){var c,d,e,g=this[0];{if(!!arguments.length){e=f.isFunction(a);return this.each(function(d){var g=f(this),h;if(this.nodeType===1){e?h=a.call(this,d,g.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.nodeName.toLowerCase()]||f.valHooks[this.type];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}if(g){c=f.valHooks[g.nodeName.toLowerCase()]||f.valHooks[g.type];if(c&&"get"in c&&(d=c.get(g,"value"))!==b)return d;d=g.value;return typeof d=="string"?d.replace(q,""):d==null?"":d}}}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c,d,e,g=a.selectedIndex,h=[],i=a.options,j=a.type==="select-one";if(g<0)return null;c=j?g:0,d=j?g+1:i.length;for(;c=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attr:function(a,c,d,e){var g,h,i,j=a.nodeType;if(!!a&&j!==3&&j!==8&&j!==2){if(e&&c in f.attrFn)return f(a)[c](d);if(typeof a.getAttribute=="undefined")return f.prop(a,c,d);i=j!==1||!f.isXMLDoc(a),i&&(c=c.toLowerCase(),h=f.attrHooks[c]||(u.test(c)?x:w));if(d!==b){if(d===null){f.removeAttr(a,c);return}if(h&&"set"in h&&i&&(g=h.set(a,d,c))!==b)return g;a.setAttribute(c,""+d);return d}if(h&&"get"in h&&i&&(g=h.get(a,c))!==null)return g;g=a.getAttribute(c);return g===null?b:g}},removeAttr:function(a,b){var c,d,e,g,h=0;if(b&&a.nodeType===1){d=b.toLowerCase().split(p),g=d.length;for(;h=0}})});var z=/^(?:textarea|input|select)$/i,A=/^([^\.]*)?(?:\.(.+))?$/,B=/\bhover(\.\S+)?\b/,C=/^key/,D=/^(?:mouse|contextmenu)|click/,E=/^(?:focusinfocus|focusoutblur)$/,F=/^(\w*)(?:#([\w\-]+))?(?:\.([\w\-]+))?$/,G=function(a){var b=F.exec(a);b&&(b[1]=(b[1]||"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^|\\s)"+b[3]+"(?:\\s|$)"));return b},H=function(a,b){var c=a.attributes||{};return(!b[1]||a.nodeName.toLowerCase()===b[1])&&(!b[2]||(c.id||{}).value===b[2])&&(!b[3]||b[3].test((c["class"]||{}).value))},I=function(a){return f.event.special.hover?a:a.replace(B,"mouseenter$1 mouseleave$1")}; -f.event={add:function(a,c,d,e,g){var h,i,j,k,l,m,n,o,p,q,r,s;if(!(a.nodeType===3||a.nodeType===8||!c||!d||!(h=f._data(a)))){d.handler&&(p=d,d=p.handler),d.guid||(d.guid=f.guid++),j=h.events,j||(h.events=j={}),i=h.handle,i||(h.handle=i=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.dispatch.apply(i.elem,arguments):b},i.elem=a),c=f.trim(I(c)).split(" ");for(k=0;k=0&&(h=h.slice(0,-1),k=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.shift(),i.sort());if((!e||f.event.customEvent[h])&&!f.event.global[h])return;c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.isTrigger=!0,c.exclusive=k,c.namespace=i.join("."),c.namespace_re=c.namespace?new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)"):null,o=h.indexOf(":")<0?"on"+h:"";if(!e){j=f.cache;for(l in j)j[l].events&&j[l].events[h]&&f.event.trigger(c,d,j[l].handle.elem,!0);return}c.result=b,c.target||(c.target=e),d=d!=null?f.makeArray(d):[],d.unshift(c),p=f.event.special[h]||{};if(p.trigger&&p.trigger.apply(e,d)===!1)return;r=[[e,p.bindType||h]];if(!g&&!p.noBubble&&!f.isWindow(e)){s=p.delegateType||h,m=E.test(s+h)?e:e.parentNode,n=null;for(;m;m=m.parentNode)r.push([m,s]),n=m;n&&n===e.ownerDocument&&r.push([n.defaultView||n.parentWindow||a,s])}for(l=0;le&&i.push({elem:this,matches:d.slice(e)});for(j=0;j0?this.on(b,null,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0),C.test(b)&&(f.event.fixHooks[b]=f.event.keyHooks),D.test(b)&&(f.event.fixHooks[b]=f.event.mouseHooks)}),function(){function x(a,b,c,e,f,g){for(var h=0,i=e.length;h0){k=j;break}}j=j[a]}e[h]=k}}}function w(a,b,c,e,f,g){for(var h=0,i=e.length;h+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d="sizcache"+(Math.random()+"").replace(".",""),e=0,g=Object.prototype.toString,h=!1,i=!0,j=/\\/g,k=/\r\n/g,l=/\W/;[0,0].sort(function(){i=!1;return 0});var m=function(b,d,e,f){e=e||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return e;var i,j,k,l,n,q,r,t,u=!0,v=m.isXML(d),w=[],x=b;do{a.exec(""),i=a.exec(x);if(i){x=i[3],w.push(i[1]);if(i[2]){l=i[3];break}}}while(i);if(w.length>1&&p.exec(b))if(w.length===2&&o.relative[w[0]])j=y(w[0]+w[1],d,f);else{j=o.relative[w[0]]?[d]:m(w.shift(),d);while(w.length)b=w.shift(),o.relative[b]&&(b+=w.shift()),j=y(b,j,f)}else{!f&&w.length>1&&d.nodeType===9&&!v&&o.match.ID.test(w[0])&&!o.match.ID.test(w[w.length-1])&&(n=m.find(w.shift(),d,v),d=n.expr?m.filter(n.expr,n.set)[0]:n.set[0]);if(d){n=f?{expr:w.pop(),set:s(f)}:m.find(w.pop(),w.length===1&&(w[0]==="~"||w[0]==="+")&&d.parentNode?d.parentNode:d,v),j=n.expr?m.filter(n.expr,n.set):n.set,w.length>0?k=s(j):u=!1;while(w.length)q=w.pop(),r=q,o.relative[q]?r=w.pop():q="",r==null&&(r=d),o.relative[q](k,r,v)}else k=w=[]}k||(k=j),k||m.error(q||b);if(g.call(k)==="[object Array]")if(!u)e.push.apply(e,k);else if(d&&d.nodeType===1)for(t=0;k[t]!=null;t++)k[t]&&(k[t]===!0||k[t].nodeType===1&&m.contains(d,k[t]))&&e.push(j[t]);else for(t=0;k[t]!=null;t++)k[t]&&k[t].nodeType===1&&e.push(j[t]);else s(k,e);l&&(m(l,h,e,f),m.uniqueSort(e));return e};m.uniqueSort=function(a){if(u){h=i,a.sort(u);if(h)for(var b=1;b0},m.find=function(a,b,c){var d,e,f,g,h,i;if(!a)return[];for(e=0,f=o.order.length;e":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!l.test(b)){b=b.toLowerCase();for(;e=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(j,"")},TAG:function(a,b){return a[1].replace(j,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||m.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&m.error(a[0]);a[0]=e++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(j,"");!f&&o.attrMap[g]&&(a[1]=o.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(j,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=m(b[3],null,null,c);else{var g=m.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(o.match.POS.test(b[0])||o.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!m(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return bc[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=o.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||n([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||!!a.nodeName&&a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=m.attr?m.attr(a,c):o.attrHandle[c]?o.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":!f&&m.attr?d!=null:f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=o.setFilters[e];if(f)return f(a,c,b,d)}}},p=o.match.POS,q=function(a,b){return"\\"+(b-0+1)};for(var r in o.match)o.match[r]=new RegExp(o.match[r].source+/(?![^\[]*\])(?![^\(]*\))/.source),o.leftMatch[r]=new RegExp(/(^(?:.|\r|\n)*?)/.source+o.match[r].source.replace(/\\(\d+)/g,q));var s=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(t){s=function(a,b){var c=0,d=b||[];if(g.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var e=a.length;c",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(o.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},o.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(o.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(o.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=m,b=c.createElement("div"),d="__sizzle__";b.innerHTML="

    ";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){m=function(b,e,f,g){e=e||c;if(!g&&!m.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return s(e.getElementsByTagName(b),f);if(h[2]&&o.find.CLASS&&e.getElementsByClassName)return s(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return s([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return s([],f);if(i.id===h[3])return s([i],f)}try{return s(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var k=e,l=e.getAttribute("id"),n=l||d,p=e.parentNode,q=/^\s*[+~]/.test(b);l?n=n.replace(/'/g,"\\$&"):e.setAttribute("id",n),q&&p&&(e=e.parentNode);try{if(!q||p)return s(e.querySelectorAll("[id='"+n+"'] "+b),f)}catch(r){}finally{l||k.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)m[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}m.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!m.isXML(a))try{if(e||!o.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return m(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="
    ";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;o.order.splice(1,0,"CLASS"),o.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?m.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?m.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:m.contains=function(){return!1},m.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var y=function(a,b,c){var d,e=[],f="",g=b.nodeType?[b]:b;while(d=o.match.PSEUDO.exec(a))f+=d[0],a=a.replace(o.match.PSEUDO,"");a=o.relative[a]?a+"*":a;for(var h=0,i=g.length;h0)for(h=g;h=0:f.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h=1;while(g&&g.ownerDocument&&g!==b){for(d=0;d-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a=="string")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(S(c[0])||S(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling(a.parentNode.firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c);L.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!R[a]?f.unique(e):e,(this.length>1||N.test(d))&&M.test(a)&&(e=e.reverse());return this.pushStack(e,a,P.call(arguments).join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var V="abbr|article|aside|audio|canvas|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",W=/ jQuery\d+="(?:\d+|null)"/g,X=/^\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,Z=/<([\w:]+)/,$=/",""],legend:[1,"
    ","
    "],thead:[1,"","
    "],tr:[2,"","
    "],td:[3,"","
    "],col:[2,"","
    "],area:[1,"",""],_default:[0,"",""]},bh=U(c);bg.optgroup=bg.option,bg.tbody=bg.tfoot=bg.colgroup=bg.caption=bg.thead,bg.th=bg.td,f.support.htmlSerialize||(bg._default=[1,"div
    ","
    "]),f.fn.extend({text:function(a){if(f.isFunction(a))return this.each(function(b){var c=f(this);c.text(a.call(this,b,c.text()))});if(typeof a!="object"&&a!==b)return this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a));return f.text(this)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=f.isFunction(a);return this.each(function(c){f(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f.clean(arguments);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f.clean(arguments));return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function() -{for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){if(a===b)return this[0]&&this[0].nodeType===1?this[0].innerHTML.replace(W,""):null;if(typeof a=="string"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!bg[(Z.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Y,"<$1>");try{for(var c=0,d=this.length;c1&&l0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d,e,g,h=f.support.html5Clone||!bc.test("<"+a.nodeName)?a.cloneNode(!0):bo(a);if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bk(a,h),d=bl(a),e=bl(h);for(g=0;d[g];++g)e[g]&&bk(d[g],e[g])}if(b){bj(a,h);if(c){d=bl(a),e=bl(h);for(g=0;d[g];++g)bj(d[g],e[g])}}d=e=null;return h},clean:function(a,b,d,e){var g;b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);var h=[],i;for(var j=0,k;(k=a[j])!=null;j++){typeof k=="number"&&(k+="");if(!k)continue;if(typeof k=="string")if(!_.test(k))k=b.createTextNode(k);else{k=k.replace(Y,"<$1>");var l=(Z.exec(k)||["",""])[1].toLowerCase(),m=bg[l]||bg._default,n=m[0],o=b.createElement("div");b===c?bh.appendChild(o):U(b).appendChild(o),o.innerHTML=m[1]+k+m[2];while(n--)o=o.lastChild;if(!f.support.tbody){var p=$.test(k),q=l==="table"&&!p?o.firstChild&&o.firstChild.childNodes:m[1]===""&&!p?o.childNodes:[];for(i=q.length-1;i>=0;--i)f.nodeName(q[i],"tbody")&&!q[i].childNodes.length&&q[i].parentNode.removeChild(q[i])}!f.support.leadingWhitespace&&X.test(k)&&o.insertBefore(b.createTextNode(X.exec(k)[0]),o.firstChild),k=o.childNodes}var r;if(!f.support.appendChecked)if(k[0]&&typeof (r=k.length)=="number")for(i=0;i=0)return b+"px"}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return br.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNumeric(b)?"alpha(opacity="+b*100+")":"",g=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&f.trim(g.replace(bq,""))===""){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bq.test(g)?g.replace(bq,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){var c;f.swap(a,{display:"inline-block"},function(){b?c=bz(a,"margin-right","marginRight"):c=a.style.marginRight});return c}})}),c.defaultView&&c.defaultView.getComputedStyle&&(bA=function(a,b){var c,d,e;b=b.replace(bs,"-$1").toLowerCase(),(d=a.ownerDocument.defaultView)&&(e=d.getComputedStyle(a,null))&&(c=e.getPropertyValue(b),c===""&&!f.contains(a.ownerDocument.documentElement,a)&&(c=f.style(a,b)));return c}),c.documentElement.currentStyle&&(bB=function(a,b){var c,d,e,f=a.currentStyle&&a.currentStyle[b],g=a.style;f===null&&g&&(e=g[b])&&(f=e),!bt.test(f)&&bu.test(f)&&(c=g.left,d=a.runtimeStyle&&a.runtimeStyle.left,d&&(a.runtimeStyle.left=a.currentStyle.left),g.left=b==="fontSize"?"1em":f||0,f=g.pixelLeft+"px",g.left=c,d&&(a.runtimeStyle.left=d));return f===""?"auto":f}),bz=bA||bB,f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style&&a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)});var bD=/%20/g,bE=/\[\]$/,bF=/\r?\n/g,bG=/#.*$/,bH=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bI=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bJ=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,bK=/^(?:GET|HEAD)$/,bL=/^\/\//,bM=/\?/,bN=/)<[^<]*)*<\/script>/gi,bO=/^(?:select|textarea)/i,bP=/\s+/,bQ=/([?&])_=[^&]*/,bR=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bS=f.fn.load,bT={},bU={},bV,bW,bX=["*/"]+["*"];try{bV=e.href}catch(bY){bV=c.createElement("a"),bV.href="",bV=bV.href}bW=bR.exec(bV.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bS)return bS.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("
    ").append(c.replace(bN,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bO.test(this.nodeName)||bI.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bF,"\r\n")}}):{name:b.name,value:c.replace(bF,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.on(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?b_(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),b_(a,b);return a},ajaxSettings:{url:bV,isLocal:bJ.test(bW[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bX},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bZ(bT),ajaxTransport:bZ(bU),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?cb(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=cc(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.fireWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f.Callbacks("once memory"),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bH.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.add,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bG,"").replace(bL,bW[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bP),d.crossDomain==null&&(r=bR.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bW[1]&&r[2]==bW[2]&&(r[3]||(r[1]==="http:"?80:443))==(bW[3]||(bW[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),b$(bT,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bK.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bM.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bQ,"$1_="+x);d.url=y+(y===d.url?(bM.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bX+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=b$(bU,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){if(s<2)w(-1,z);else throw z}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)ca(g,a[g],c,e);return d.join("&").replace(bD,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var cd=f.now(),ce=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+cd++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=b.contentType==="application/x-www-form-urlencoded"&&typeof b.data=="string";if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(ce.test(b.url)||e&&ce.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(ce,l),b.url===j&&(e&&(k=k.replace(ce,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var cf=a.ActiveXObject?function(){for(var a in ch)ch[a](0,1)}:!1,cg=0,ch;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ci()||cj()}:ci,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,cf&&delete ch[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n),m.text=h.responseText;try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cg,cf&&(ch||(ch={},f(a).unload(cf)),ch[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var ck={},cl,cm,cn=/^(?:toggle|show|hide)$/,co=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,cp,cq=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cr;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(cu("show",3),a,b,c);for(var g=0,h=this.length;g=i.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),i.animatedProperties[this.prop]=!0;for(b in i.animatedProperties)i.animatedProperties[b]!==!0&&(g=!1);if(g){i.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){h.style["overflow"+b]=i.overflow[a]}),i.hide&&f(h).hide();if(i.hide||i.show)for(b in i.animatedProperties)f.style(h,b,i.orig[b]),f.removeData(h,"fxshow"+b,!0),f.removeData(h,"toggle"+b,!0);d=i.complete,d&&(i.complete=!1,d.call(h))}return!1}i.duration==Infinity?this.now=e:(c=e-this.startTime,this.state=c/i.duration,this.pos=f.easing[i.animatedProperties[this.prop]](this.state,c,0,1,i.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){var a,b=f.timers,c=0;for(;c-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=cx.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!cx.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each(["Left","Top"],function(a,c){var d="scroll"+c;f.fn[d]=function(c){var e,g;if(c===b){e=this[0];if(!e)return null;g=cy(e);return g?"pageXOffset"in g?g[a?"pageYOffset":"pageXOffset"]:f.support.boxModel&&g.document.documentElement[d]||g.document.body[d]:e[d]}return this.each(function(){g=cy(this),g?g.scrollTo(a?f(g).scrollLeft():c,a?c:f(g).scrollTop()):this[d]=c})}}),f.each(["Height","Width"],function(a,c){var d=c.toLowerCase();f.fn["inner"+c]=function(){var a=this[0];return a?a.style?parseFloat(f.css(a,d,"padding")):this[d]():null},f.fn["outer"+c]=function(a){var b=this[0];return b?b.style?parseFloat(f.css(b,d,a?"margin":"border")):this[d]():null},f.fn[d]=function(a){var e=this[0];if(!e)return a==null?null:this;if(f.isFunction(a))return this.each(function(b){var c=f(this);c[d](a.call(this,b,c[d]()))});if(f.isWindow(e)){var g=e.document.documentElement["client"+c],h=e.document.body;return e.document.compatMode==="CSS1Compat"&&g||h&&h["client"+c]||g}if(e.nodeType===9)return Math.max(e.documentElement["client"+c],e.body["scroll"+c],e.documentElement["scroll"+c],e.body["offset"+c],e.documentElement["offset"+c]);if(a===b){var i=f.css(e,d),j=parseFloat(i);return f.isNumeric(j)?j:i}return this.css(d,typeof a=="string"?a:a+"px")}}),a.jQuery=a.$=f,typeof define=="function"&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return f})})(window); \ No newline at end of file diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_class_list.html b/modules/utilities/unix/logging/logstash/doc/puppet_class_list.html deleted file mode 100644 index 8037df91f..000000000 --- a/modules/utilities/unix/logging/logstash/doc/puppet_class_list.html +++ /dev/null @@ -1,75 +0,0 @@ - - - - - - - - - - - - - - - - - - Puppet Class List - - - -
    -
    -

    Puppet Class List

    - - - -
    - - -
    - - diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash.html b/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash.html deleted file mode 100644 index 07cdfd94d..000000000 --- a/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash.html +++ /dev/null @@ -1,617 +0,0 @@ - - - - - - - Puppet Class: logstash - - — Documentation by YARD 0.9.13 - - - - - - - - - - - - - - - - - -
    - -
    -
    - -
    - - -

    Puppet Class: logstash

    -
    - - -
    -
    Defined in:
    -
    - manifests/init.pp -
    -
    -
    - -

    Overview

    -
    -
    -

    This class manages installation, configuration and execution of Logstash 5.x.

    - -
    -
    -
    - -
    -

    Examples:

    - - -

    Install Logstash, ensure the service is running and enabled.

    -

    - - 
    class { 'logstash': }
    - - -

    Remove Logstash.

    -

    - - 
    class { 'logstash':
-  ensure => 'absent',
-}
    - - -

    Install everything but disable the service.

    -

    - - 
    class { 'logstash':
-  status => 'disabled',
-}
    - - -

    Configure Logstash settings.

    -

    - - 
    class { 'logstash':
-  settings => {
-    'http.port' => '9700',
-  }
-}
    - - -

    Configure Logstash startup options.

    -

    - - 
    class { 'logstash':
-  startup_options => {
-    'LS_USER' => 'root',
-  }
-}
    - - -

    Set JVM memory options.

    -

    - - 
    class { 'logstash':
-  jvm_options => [
-    '-Xms1g',
-    '-Xmx1g',
-  ]
-}
    - - -

    Configure multiple pipelines.

    -

    - - 
    class { 'logstash':
-  pipelines => [
-    {
-      "pipeline.id" => "my-pipeline_1",
-      "path.config" =>  "/etc/path/to/p1.config",
-    },
-    {
-      "pipeline.id" => "my-other-pipeline",
-      "path.config" =>  "/etc/different/path/p2.cfg",
-    }
-  ]
-}
    - -
    -

    Parameters:

    -
      - -
    • - - ensure - - - (String) - - - (defaults to: 'present') - - - — -

      Controls if Logstash should be present or absent.

      - -

      If set to absent, the Logstash package will be -uninstalled. Related files will be purged as much as possible. The -exact behavior is dependant on the service provider, specifically its -support for the 'purgable' property.

      -
      - -
      • - -
    • - - auto_upgrade - - - (Boolean) - - - (defaults to: false) - - - — -

      If set to true, Logstash will be upgraded if the package provider is -able to find a newer version. The exact behavior is dependant on the -service provider, specifically its support for the 'upgradeable' property.

      -
      - -
      • - -
    • - - status - - - (String) - - - (defaults to: 'enabled') - - - — -

      The desired state of the Logstash service. Possible values:

      - -
        -
      • enabled: Service running and started at boot time.
        • -
      • disabled: Service stopped and not started at boot time.
        • -
      • running: Service running but not be started at boot time.
        • -
      • unmanaged: Service will not be started at boot time. Puppet -will neither stop nor start the service.
        • -
      -
      - -
      • - -
    • - - version - - - (String) - - - (defaults to: undef) - - - — -

      The specific version to install, if desired.

      -
      - -
      • - -
    • - - restart_on_change - - - (Boolean) - - - (defaults to: true) - - - — -

      Restart the service whenever the configuration changes.

      - -

      Disabling automatic restarts on config changes may be desired in an -environment where you need to ensure restarts occur in a -controlled/rolling manner rather than during a Puppet run.

      -
      - -
      • - -
    • - - package_url - - - (String) - - - (defaults to: undef) - - - — -

      Explict Logstash package URL to download.

      - -

      Valid URL types are:

      - -
        -
      • http://
        • -
      • https://
        • -
      • ftp://
        • -
      • puppet://
        • -
      • file:/
        • -
      -
      - -
      • - -
    • - - package_name - - - (String) - - - (defaults to: 'logstash') - - - — -

      The name of the Logstash package in the package manager.

      -
      - -
      • - -
    • - - download_timeout - - - (Integer) - - - (defaults to: 600) - - - — -

      Timeout, in seconds, for http, https, and ftp downloads.

      -
      - -
      • - -
    • - - logstash_user - - - (String) - - - (defaults to: 'logstash') - - - — -

      The user that Logstash should run as. This also controls file ownership.

      -
      - -
      • - -
    • - - logstash_group - - - (String) - - - (defaults to: 'logstash') - - - — -

      The group that Logstash should run as. This also controls file group ownership.

      -
      - -
      • - -
    • - - purge_config - - - (Boolean) - - - (defaults to: true) - - - — -

      Purge the config directory of any unmanaged files,

      -
      - -
      • - -
    • - - service_provider - - - (String) - - - (defaults to: undef) - - - — -

      Service provider (init system) to use. By Default, the module will try to -choose the 'standard' provider for the current distribution.

      -
      - -
      • - -
    • - - settings - - - (Hash) - - - (defaults to: {}) - - - — -

      A collection of settings to be defined in logstash.yml.

      - -

      See: https://www.elastic.co/guide/en/logstash/current/logstash-settings-file.html

      -
      - -
      • - -
    • - - startup_options - - - (Hash) - - - (defaults to: {}) - - - — -

      A collection of settings to be defined in startup.options.

      - -

      See: https://www.elastic.co/guide/en/logstash/current/config-setting-files.html

      -
      - -
      • - -
    • - - jvm_options - - - (Array) - - - (defaults to: []) - - - — -

      A collection of settings to be defined in jvm.options.

      -
      - -
      • - -
    • - - pipelines - - - (Array) - - - (defaults to: []) - - - — -

      A collection of settings to be defined in pipelines.yml.

      -
      - -
      • - -
    • - - manage_repo - - - (Boolean) - - - (defaults to: true) - - - — -

      Enable repository management. Configure the official repositories.

      -
      - -
      • - -
    • - - config_dir - - - (String) - - - (defaults to: '/etc/logstash') - - - — -

      Path containing the Logstash configuration.

      -
      - -
      • - -
    - -

    Author:

    - - -
    -
    - - - - -
    - 
    -
-
-137
-138
-139
-140
-141
-142
-143
-144
-145
-146
-147
-148
-149
-150
-151
-152
-153
-154
-155
-156
-157
-158
-159
-160
-161
-162
-163
-164
-165
-166
-167
-168
-169
-170
-171
-172
-173
-174
    -     		- 
    # File 'manifests/init.pp', line 137
-
-class logstash(
-  $ensure            = 'present',
-  $status            = 'enabled',
-  Boolean $restart_on_change = true,
-  Boolean $auto_upgrade       = false,
-  $version           = undef,
-  $package_url       = undef,
-  $package_name      = 'logstash',
-  Integer $download_timeout  = 600,
-  $logstash_user     = 'logstash',
-  $logstash_group    = 'logstash',
-  $config_dir         = '/etc/logstash',
-  Boolean $purge_config = true,
-  $service_provider  = undef,
-  $settings          = {},
-  $startup_options   = {},
-  $jvm_options       = [],
-  Array $pipelines   = [],
-  Boolean $manage_repo   = true,
-)
-{
-  $home_dir = '/usr/share/logstash'
-
-  if ! ($ensure in [ 'present', 'absent' ]) {
-    fail("\"${ensure}\" is not a valid ensure parameter value")
-  }
-
-  if ! ($status in [ 'enabled', 'disabled', 'running', 'unmanaged' ]) {
-    fail("\"${status}\" is not a valid status parameter value")
-  }
-
-  if ($manage_repo == true) {
-    include elastic_stack::repo
-  }
-  include logstash::package
-  include logstash::config
-  include logstash::service
-}
    -
    - - - - - - - - \ No newline at end of file diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aconfig.html b/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aconfig.html deleted file mode 100644 index 76ec79652..000000000 --- a/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aconfig.html +++ /dev/null @@ -1,219 +0,0 @@ - - - - - - - Puppet Class: logstash::config - - — Documentation by YARD 0.9.13 - - - - - - - - - - - - - - - - - -
    - -
    -
    - -
    - - -

    Puppet Class: logstash::config

    -
    - - -
    -
    Defined in:
    -
    - manifests/config.pp -
    -
    -
    - -

    Overview

    -
    -
    -

    This class manages configuration directories for Logstash.

    - -
    -
    -
    - -
    -

    Examples:

    - - -

    Include this class to ensure its resources are available.

    -

    - - 
    include logstash::config
    - -
    - -

    Author:

    - - -
    - - - - - -
    - 
    -
-
-8
-9
-10
-11
-12
-13
-14
-15
-16
-17
-18
-19
-20
-21
-22
-23
-24
-25
-26
-27
-28
-29
-30
-31
-32
-33
-34
-35
-36
-37
-38
-39
-40
-41
-42
-43
-44
-45
-46
-47
-48
-49
-50
    -     		- 
    # File 'manifests/config.pp', line 8
-
-class logstash::config {
-  require logstash::package
-
-  File {
-    owner => 'root',
-    group => 'root',
-  }
-
-  # Configuration "fragment" directories for pipeline config and pattern files.
-  # We'll keep these seperate since we may want to "purge" them. It's easy to
-  # end up with orphan files when managing config fragments with Puppet.
-  # Purging the directories resolves the problem.
-
-  if($logstash::ensure == 'present') {
-    file { $logstash::config_dir:
-      ensure => directory,
-      mode   => '0755',
-    }
-
-    file { "${logstash::config_dir}/conf.d":
-      ensure  => directory,
-      purge   => $logstash::purge_config,
-      recurse => $logstash::purge_config,
-      mode    => '0775',
-      notify  => Service['logstash'],
-    }
-
-    file {     "${logstash::config_dir}/patterns":
-      ensure  => directory,
-      purge   => $logstash::purge_config,
-      recurse => $logstash::purge_config,
-      mode    => '0755',
-    }
-  }
-  elsif($logstash::ensure == 'absent') {
-    # Completely remove the config directory. ie. 'rm -rf /etc/logstash'
-    file { $logstash::config_dir:
-      ensure  => 'absent',
-      recurse => true,
-      force   => true,
-    }
-  }
-}
    -
    -
    -
    - - - -
    - - \ No newline at end of file diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Apackage.html b/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Apackage.html deleted file mode 100644 index af71ffad9..000000000 --- a/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Apackage.html +++ /dev/null @@ -1,417 +0,0 @@ - - - - - - - Puppet Class: logstash::package - - — Documentation by YARD 0.9.13 - - - - - - - - - - - - - - - - - -
    - -
    -
    - -
    - - -

    Puppet Class: logstash::package

    -
    - - -
    -
    Defined in:
    -
    - manifests/package.pp -
    -
    -
    - -

    Overview

    -
    -
    -

    This class manages the Logstash package.

    - -

    It is usually used only by the top-level logstash class. It's unlikely -that you will need to declare this class yourself.

    - -
    -
    -
    - -
    -

    Examples:

    - - -

    Include this class to ensure its resources are available.

    -

    - - 
    include logstash::package
    - -
    -

    Parameters:

    -
      - -
    • - - package_name - - - (String) - - - (defaults to: $logstash::package_name) - - - — -

      The name of the Logstash package in the package manager.

      -
      - -
      • - -
    • - - version - - - (String) - - - (defaults to: $logstash::version) - - - — -

      Install precisely this version from the package manager.

      -
      - -
      • - -
    • - - package_url - - - (String) - - - (defaults to: $logstash::package_url) - - - — -

      Get the package from this URL, not from the package manager.

      -
      - -
      • - -
    - -

    Author:

    - - -
    - - - - - -
    - 
    -
-
-20
-21
-22
-23
-24
-25
-26
-27
-28
-29
-30
-31
-32
-33
-34
-35
-36
-37
-38
-39
-40
-41
-42
-43
-44
-45
-46
-47
-48
-49
-50
-51
-52
-53
-54
-55
-56
-57
-58
-59
-60
-61
-62
-63
-64
-65
-66
-67
-68
-69
-70
-71
-72
-73
-74
-75
-76
-77
-78
-79
-80
-81
-82
-83
-84
-85
-86
-87
-88
-89
-90
-91
-92
-93
-94
-95
-96
-97
-98
-99
-100
-101
-102
-103
-104
-105
-106
-107
-108
-109
-110
-111
-112
-113
-114
-115
-116
-117
-118
-119
-120
-121
-122
-123
-124
-125
-126
-127
-128
-129
-130
-131
-132
    -     		- 
    # File 'manifests/package.pp', line 20
-
-class logstash::package(
-  $package_url = $logstash::package_url,
-  $version = $logstash::version,
-  $package_name = $logstash::package_name,
-)
-{
-  Exec {
-    path      => [ '/bin', '/usr/bin', '/usr/local/bin' ],
-    cwd       => '/',
-    tries     => 3,
-    try_sleep => 10,
-  }
-
-  File {
-    ensure => file,
-    backup => false,
-  }
-
-  if $logstash::ensure == 'present' {
-    # Check if we want to install a specific version.
-    if $version {
-      if $::osfamily == 'redhat' {
-        # Prerelease RPM packages have tildes ("~") in their version strings,
-        # which can be quite surprising to the user. Let them say:
-        #   6.0.0-rc2
-        # not:
-        #   6.0.0~rc2
-        $package_ensure = regsubst($version, '(\d+)-(alpha|beta|rc)(\d+)$', '\1~\2\3')
-      }
-      else {
-        $package_ensure = $version
-      }
-    }
-    else {
-      $package_ensure = $logstash::auto_upgrade ? {
-        true  => 'latest',
-        false => 'present',
-      }
-    }
-
-    if ($package_url) {
-      $filename = basename($package_url)
-      $extension = regsubst($filename, '.*\.', '')
-      $protocol = regsubst($package_url, ':.*', '')
-      $package_local_file = "/tmp/${filename}"
-
-      case $protocol {
-        'puppet': {
-          file { $package_local_file:
-            source => $package_url,
-          }
-        }
-        'ftp', 'https', 'http': {
-          exec { "download_package_logstash_${name}":
-            command => "wget -O ${package_local_file} ${package_url} 2> /dev/null",
-            path    => ['/usr/bin', '/bin'],
-            creates => $package_local_file,
-            timeout => $logstash::download_timeout,
-          }
-        }
-        'file': {
-          file { $package_local_file:
-            source => $package_url,
-          }
-        }
-        default: {
-          fail("Protocol must be puppet, file, http, https, or ftp. Not '${protocol}'")
-        }
-      }
-
-      case $extension {
-        'deb':   { $package_provider = 'dpkg'  }
-        'rpm':   { $package_provider = 'rpm'   }
-        default: { fail("Unknown file extension '${extension}'.") }
-      }
-
-      $package_require = undef
-    }
-    else {
-      # Use the OS packaging system to locate the package.
-      $package_local_file = undef
-      $package_provider = undef
-      if $::osfamily == 'Debian' {
-        $package_require = $logstash::manage_repo ? {
-          true  => Class['apt::update'],
-          false => undef,
-        }
-      } else {
-        $package_require = undef
-      }
-    }
-  }
-  else { # Package removal
-    $package_local_file = undef
-    $package_require = undef
-    if ($::osfamily == 'Suse') {
-      $package_provider = 'rpm'
-      $package_ensure = 'absent' # "purged" not supported by provider
-    }
-    else {
-      $package_provider = undef # ie. automatic
-      $package_ensure = 'purged'
-    }
-  }
-
-  package { 'logstash':
-    ensure   => $package_ensure,
-    name     => $package_name,
-    source   => $package_local_file, # undef if using package manager.
-    provider => $package_provider, # undef if using package manager.
-    require  => $package_require,
-  }
-}
    -
    -
    -
    - - - -
    - - \ No newline at end of file diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aservice.html b/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aservice.html deleted file mode 100644 index 221c55cee..000000000 --- a/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aservice.html +++ /dev/null @@ -1,462 +0,0 @@ - - - - - - - Puppet Class: logstash::service - - — Documentation by YARD 0.9.13 - - - - - - - - - - - - - - - - - -
    - -
    -
    - -
    - - -

    Puppet Class: logstash::service

    -
    - - -
    -
    Defined in:
    -
    - manifests/service.pp -
    -
    -
    - -

    Overview

    -
    -
    -

    This mangages the system service for Logstash.

    - -

    It is usually used only by the top-level logstash class. It's unlikely -that you will need to declare this class yourself.

    - -
    -
    -
    - -
    -

    Examples:

    - - -

    Include this class to ensure its resources are available.

    -

    - - 
    include logstash::service
    - -
    - -

    Author:

    - - -
    - - - - - -
    - 
    -
-
-11
-12
-13
-14
-15
-16
-17
-18
-19
-20
-21
-22
-23
-24
-25
-26
-27
-28
-29
-30
-31
-32
-33
-34
-35
-36
-37
-38
-39
-40
-41
-42
-43
-44
-45
-46
-47
-48
-49
-50
-51
-52
-53
-54
-55
-56
-57
-58
-59
-60
-61
-62
-63
-64
-65
-66
-67
-68
-69
-70
-71
-72
-73
-74
-75
-76
-77
-78
-79
-80
-81
-82
-83
-84
-85
-86
-87
-88
-89
-90
-91
-92
-93
-94
-95
-96
-97
-98
-99
-100
-101
-102
-103
-104
-105
-106
-107
-108
-109
-110
-111
-112
-113
-114
-115
-116
-117
-118
-119
-120
-121
-122
-123
-124
-125
-126
-127
-128
-129
-130
-131
-132
-133
-134
-135
-136
-137
-138
-139
-140
-141
-142
-143
-144
-145
-146
-147
-148
-149
-150
-151
-152
-153
-154
-155
-156
-157
-158
-159
-160
-161
-162
-163
-164
-165
-166
-167
-168
-169
-170
-171
-172
-173
    -     		- 
    # File 'manifests/service.pp', line 11
-
-class logstash::service {
-  $default_settings = {
-    'path.data'   => '/var/lib/logstash',
-    'path.config' => '/etc/logstash/conf.d',
-    'path.logs'   => '/var/log/logstash',
-  }
-
-  $default_startup_options = {
-    'JAVACMD'             => '/usr/bin/java',
-    'LS_HOME'             => $logstash::home_dir,
-    'LS_SETTINGS_DIR'     => $logstash::config_dir,
-    'LS_OPTS'             => "--path.settings=${logstash::config_dir}",
-    'LS_JAVA_OPTS'        => '""',
-    'LS_PIDFILE'          => '/var/run/logstash.pid',
-    'LS_USER'             => $logstash::logstash_user,
-    'LS_GROUP'            => $logstash::logstash_group,
-    'LS_GC_LOG_FILE'      => '/var/log/logstash/gc.log',
-    'LS_OPEN_FILES'       => '16384',
-    'LS_NICE'             => '19',
-    'SERVICE_NAME'        => '"logstash"',
-    'SERVICE_DESCRIPTION' => '"logstash"',
-  }
-
-  $default_jvm_options = [
-    '-Dfile.encoding=UTF-8',
-    '-Djava.awt.headless=true',
-    '-Xms256m',
-    '-Xmx1g',
-    '-XX:CMSInitiatingOccupancyFraction=75',
-    '-XX:+DisableExplicitGC',
-    '-XX:+HeapDumpOnOutOfMemoryError',
-    '-XX:+UseCMSInitiatingOccupancyOnly',
-    '-XX:+UseConcMarkSweepGC',
-    '-XX:+UseParNewGC',
-  ]
-
-  $settings = merge($default_settings, $logstash::settings)
-  $startup_options = merge($default_startup_options, $logstash::startup_options)
-  $jvm_options = $logstash::jvm_options
-  $pipelines = $logstash::pipelines
-
-  File {
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0644',
-    notify => Exec['logstash-system-install'],
-  }
-
-  if $logstash::ensure == 'present' {
-    case $logstash::status {
-      'enabled': {
-        $service_ensure = 'running'
-        $service_enable = true
-      }
-      'disabled': {
-        $service_ensure = 'stopped'
-        $service_enable = false
-      }
-      'running': {
-        $service_ensure = 'running'
-        $service_enable = false
-      }
-      default: {
-        fail("\"${logstash::status}\" is an unknown service status value")
-      }
-    }
-  } else {
-    $service_ensure = 'stopped'
-    $service_enable = false
-  }
-
-  if $service_ensure == 'running' {
-    # Then make sure the Logstash startup options are up to date.
-    file {'/etc/logstash/startup.options':
-      content => template('logstash/startup.options.erb'),
-    }
-
-    # ..and make sure the JVM options are up to date.
-    file {'/etc/logstash/jvm.options':
-      content => template('logstash/jvm.options.erb'),
-    }
-
-    # ..and pipelines.yml, if the user provided such. If they didn't, zero out
-    # the file, which will default Logstash to traditional single-pipeline
-    # behaviour.
-    if(empty($pipelines)) {
-      file {'/etc/logstash/pipelines.yml':
-        content => '',
-      }
-    }
-    else {
-      file {'/etc/logstash/pipelines.yml':
-        content => template('logstash/pipelines.yml.erb'),
-      }
-    }
-
-    # ..and the Logstash internal settings too.
-    file {'/etc/logstash/logstash.yml':
-      content => template('logstash/logstash.yml.erb'),
-    }
-
-    # Invoke 'system-install', which generates startup scripts based on the
-    # contents of the 'startup.options' file.
-    exec { 'logstash-system-install':
-      command     => "${logstash::home_dir}/bin/system-install",
-      refreshonly => true,
-      notify      => Service['logstash'],
-    }
-  }
-
-  # Figure out which service provider (init system) we should be using.
-  # In general, we'll try to guess based on the operating system.
-  $os = downcase($::operatingsystem)
-  $release = $::operatingsystemmajrelease
-  # However, the operator may have explicitly defined the service provider.
-  if($logstash::service_provider) {
-    $service_provider = $logstash::service_provider
-  }
-  # In the absence of an explicit choice, we'll try to figure out a sensible
-  # default.
-  # Puppet 3 doesn't know that Debian 8 uses systemd, not SysV init, so we'll
-  # help it out with our knowledge from the future.
-  elsif($os == 'debian' and $release == '8') {
-    $service_provider = 'systemd'
-  }
-  # Centos 6 uses Upstart by default, but Puppet can get confused about this too.
-  elsif($os =~ /(redhat|centos)/ and $release == '6') {
-    $service_provider = 'upstart'
-  }
-  elsif($os =~ /ubuntu/ and $release == '12.04') {
-    $service_provider = 'upstart'
-  }
-  elsif($os =~ /opensuse/ and $release == '13') {
-    $service_provider = 'systemd'
-  }
-  #Older Amazon Linux AMIs has its release based on the year
-  #it came out (2010 and up); the provider needed to be set explicitly;
-  #New Amazon Linux 2 AMIs has the release set to 2, Puppet can handle it 
-  elsif($os =~ /amazon/ and versioncmp($release, '2000') > 0) {
-    $service_provider = 'upstart'
-  }
-  else {
-    # In most cases, Puppet(4) can figure out the correct service
-    # provider on its own, so we'll just say 'undef', and let it do
-    # whatever it thinks is best.
-    $service_provider = undef
-  }
-
-  service { 'logstash':
-    ensure     => $service_ensure,
-    enable     => $service_enable,
-    hasstatus  => true,
-    hasrestart => true,
-    provider   => $service_provider,
-  }
-
-  # If any files tagged as config files for the service are changed, notify
-  # the service so it restarts.
-  if $::logstash::restart_on_change {
-    File<| tag == 'logstash_config' |> ~> Service['logstash']
-    Logstash::Plugin<| |> ~> Service['logstash']
-  }
-}
    -
    -
    -
    - - - -
    - - \ No newline at end of file diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_defined_type_list.html b/modules/utilities/unix/logging/logstash/doc/puppet_defined_type_list.html deleted file mode 100644 index 89c651bdc..000000000 --- a/modules/utilities/unix/logging/logstash/doc/puppet_defined_type_list.html +++ /dev/null @@ -1,68 +0,0 @@ - - - - - - - - - - - - - - - - - - Defined Type List - - - -
    -
    -

    Defined Type List

    - - - -
    - - -
    - - diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aconfigfile.html b/modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aconfigfile.html deleted file mode 100644 index b7886cef8..000000000 --- a/modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aconfigfile.html +++ /dev/null @@ -1,322 +0,0 @@ - - - - - - - Defined Type: logstash::configfile - - — Documentation by YARD 0.9.13 - - - - - - - - - - - - - - - - - -
    - -
    -
    - -
    - - -

    Defined Type: logstash::configfile

    -
    -
    -
    Defined in:
    -
    - manifests/configfile.pp -
    -
    -
    - -

    Overview

    -
    -
    -

    This type represents a Logstash pipeline configuration file.

    - -

    Parameters are mutually exclusive. Only one should be specified.

    - -
    -
    -
    - -
    -

    Examples:

    - - -

    Create a config file content with literal content.

    -

    - - 
    
-logstash::configfile { 'heartbeat':
-  content => 'input { heartbeat {} }',
-}
    - - -

    Render a config file from a template.

    -

    - - 
    
-logstash::configfile { 'from-template':
-  template => 'site-logstash-module/pipeline-config.erb',
-}
    - - -

    Copy the config from a file source.

    -

    - - 
    
-logstash::configfile { 'apache':
-  source => 'puppet://path/to/apache.conf',
-}
    - - -

    Create a config at specific location. Good for multiple pipelines.

    -

    - - 
    
-logstash::configfile { 'heartbeat-2':
-  content => 'input { heartbeat {} }',
-  path    => '/usr/local/etc/logstash/pipeline-2/heartbeat.conf'
-}
    - -
    -

    Parameters:

    -
      - -
    • - - content - - - (String) - - - (defaults to: undef) - - - — -

      Literal content to be placed in the file.

      -
      - -
      • - -
    • - - template - - - (String) - - - (defaults to: undef) - - - — -

      A template from which to render the file.

      -
      - -
      • - -
    • - - source - - - (String) - - - (defaults to: undef) - - - — -

      A file resource to be used for the file.

      -
      - -
      • - -
    • - - path - - - (String) - - - (defaults to: undef) - - - — -

      An optional full path at which to create the file.

      -
      - -
      • - -
    - -

    Author:

    - - -
    - - - - - -
    - 
    -
-
-44
-45
-46
-47
-48
-49
-50
-51
-52
-53
-54
-55
-56
-57
-58
-59
-60
-61
-62
-63
-64
-65
-66
-67
-68
-69
-70
-71
-72
-73
-74
-75
-76
-77
-78
-79
-80
-81
-82
-83
-84
-85
-86
    -     		- 
    # File 'manifests/configfile.pp', line 44
-
-define logstash::configfile(
-  $content = undef,
-  $source = undef,
-  $template = undef,
-  $path = undef,
-)
-{
-  include logstash
-
-  $owner = 'root'
-  $group = $logstash::logstash_group
-  $mode  = '0640'
-  $require = Package['logstash'] # So that we have '/etc/logstash/conf.d'.
-  $tag = [ 'logstash_config' ] # So that we notify the service.
-
-  if($template)   { $config = template($template) }
-  elsif($content) { $config = $content }
-  else            { $config = undef }
-
-  if($path) { $config_file = $path }
-  else      { $config_file = "${logstash::config_dir}/conf.d/${name}" }
-
-  if($config) {
-    file { $config_file:
-      content => $config,
-      owner   => $owner,
-      group   => $group,
-      mode    => $mode,
-      require => $require,
-      tag     => $tag,
-    }
-  }
-  elsif($source) {
-    file { $config_file:
-      source  => $source,
-      owner   => $owner,
-      group   => $group,
-      mode    => $mode,
-      require => $require,
-      tag     => $tag,
-    }
-  }
-}
    -
    -
    -
    - - - -
    - - \ No newline at end of file diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Apatternfile.html b/modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Apatternfile.html deleted file mode 100644 index 797312af7..000000000 --- a/modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Apatternfile.html +++ /dev/null @@ -1,218 +0,0 @@ - - - - - - - Defined Type: logstash::patternfile - - — Documentation by YARD 0.9.13 - - - - - - - - - - - - - - - - - -
    - -
    -
    - -
    - - -

    Defined Type: logstash::patternfile

    -
    -
    -
    Defined in:
    -
    - manifests/patternfile.pp -
    -
    -
    - -

    Overview

    -
    -
    -

    This type represents a Grok pattern file for Logstash.

    - -
    -
    -
    - -
    -

    Examples:

    - - -

    Define a pattern file.

    -

    - - 
    logstash::patternfile { 'mypattern':
-  source => 'puppet:///path/to/my/custom/pattern'
-}
    - - -

    Define a pattern file with an explicit destination filename.

    -

    - - 
    logstash::patternfile { 'mypattern':
-  source   => 'puppet:///path/to/my/custom/pattern',
-  filename => 'custom-pattern-name'
-}
    - -
    -

    Parameters:

    -
      - -
    • - - source - - - (String) - - - (defaults to: undef) - - - — -

      File source for the pattern file. eg. puppet://[...] or file://[...]

      -
      - -
      • - -
    • - - filename - - - (String) - - - (defaults to: undef) - - - — -

      Optionally set the destination filename.

      -
      - -
      • - -
    - -

    Author:

    - - -
    - - - - - -
    - 
    -
-
-22
-23
-24
-25
-26
-27
-28
-29
-30
-31
-32
-33
-34
-35
-36
-37
-38
-39
-40
    -     		- 
    # File 'manifests/patternfile.pp', line 22
-
-define logstash::patternfile ($source = undef, $filename = undef) {
-  require logstash::config
-
-  validate_re($source, '^(puppet|file)://',
-    'Source must begin with "puppet://" or "file://")'
-  )
-
-  if($filename) { $destination = $filename }
-  else          { $destination = basename($source) }
-
-  file { "${logstash::config_dir}/patterns/${destination}":
-    ensure => file,
-    source => $source,
-    owner  => 'root',
-    group  => $logstash::logstash_group,
-    mode   => '0640',
-    tag    => ['logstash_config'],
-  }
-}
    -
    -
    -
    - - - -
    - - \ No newline at end of file diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aplugin.html b/modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aplugin.html deleted file mode 100644 index 5f026fe6c..000000000 --- a/modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aplugin.html +++ /dev/null @@ -1,390 +0,0 @@ - - - - - - - Defined Type: logstash::plugin - - — Documentation by YARD 0.9.13 - - - - - - - - - - - - - - - - - -
    - -
    -
    - -
    - - -

    Defined Type: logstash::plugin

    -
    -
    -
    Defined in:
    -
    - manifests/plugin.pp -
    -
    -
    - -

    Overview

    -
    -
    -

    Manage the installation of a Logstash plugin.

    - -

    By default, plugins are downloaded from RubyGems, but it is also possible -to install from a local Gem, or one stored in Puppet.

    - -
    -
    -
    - -
    -

    Examples:

    - - -

    Install a plugin.

    -

    - - 
    logstash::plugin { 'logstash-input-stdin': }
    - - -

    Remove a plugin.

    -

    - - 
    logstash::plugin { 'logstash-input-stout':
-  ensure => absent,
-}
    - - -

    Install a plugin from a local file.

    -

    - - 
    logstash::plugin { 'logstash-input-custom':
-  source => 'file:///tmp/logstash-input-custom.gem',
-}
    - - -

    Install a plugin from a Puppet module.

    -

    - - 
    logstash::plugin { 'logstash-input-custom':
-  source => 'puppet:///modules/logstash-site-plugins/logstash-input-custom.gem',
-}
    - - -

    Install X-Pack.

    -

    - - 
    logstash::plugin { 'x-pack':
-  source => 'https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.3.0.zip',
-}
    - - -

    Install a plugin, overriding JVM options via the environment.

    -

    - - 
    logstash::plugin { 'logstash-input-jmx':
-  environment => ['LS_JVM_OPTIONS="-Xms1g -Xmx1g"']
-}
    - -
    -

    Parameters:

    -
      - -
    • - - ensure - - - (String) - - - (defaults to: present) - - - — -

      Install or remove with present or absent.

      -
      - -
      • - -
    • - - source - - - (String) - - - (defaults to: undef) - - - — -

      Install from this file, not from RubyGems.

      -
      - -
      • - -
    • - - environment - - - (String) - - - (defaults to: []) - - - — -

      Environment used when running 'logstash-plugin'

      -
      - -
      • - -
    - - -
    - - - - - -
    - 
    -
-
-40
-41
-42
-43
-44
-45
-46
-47
-48
-49
-50
-51
-52
-53
-54
-55
-56
-57
-58
-59
-60
-61
-62
-63
-64
-65
-66
-67
-68
-69
-70
-71
-72
-73
-74
-75
-76
-77
-78
-79
-80
-81
-82
-83
-84
-85
-86
-87
-88
-89
-90
-91
-92
-93
-94
-95
-96
-97
-98
-99
-100
-101
-102
-103
-104
-105
-106
-107
-108
-109
-110
-111
-112
-113
-114
-115
-116
-117
-118
-119
-120
-121
-122
-123
-124
-125
-126
-127
    -     		- 
    # File 'manifests/plugin.pp', line 40
-
-define logstash::plugin (
-  $source = undef,
-  $ensure = present,
-  $environment = [],
-)
-{
-  require logstash::package
-  $exe = "${logstash::home_dir}/bin/logstash-plugin"
-
-  Exec {
-    path        => '/bin:/usr/bin',
-    cwd         => '/tmp',
-    user        => $logstash::logstash_user,
-    timeout     => 1800,
-    environment => $environment,
-  }
-
-  case $source { # Where should we get the plugin from?
-    undef: {
-      # No explict source, so search Rubygems for the plugin, by name.
-      # ie. "logstash-plugin install logstash-output-elasticsearch"
-      $plugin = $name
-    }
-
-    /^(\/|file:)/: {
-      # A gem file that is already available on the local filesystem.
-      # Install from the local path.
-      # ie. "logstash-plugin install /tmp/logtash-filter-custom.gem" or
-      # "logstash-plugin install file:///tmp/logtash-filter-custom.gem" or
-      $plugin = $source
-    }
-
-    /^puppet:/: {
-      # A 'puppet:///' URL. Download the gem from Puppet, then install
-      # the plugin from the downloaded file.
-      $downloaded_file = sprintf('/tmp/%s', basename($source))
-      file { $downloaded_file:
-        source => $source,
-        before => Exec["install-${name}"],
-      }
-
-      case $source {
-        /\.zip$/: {
-          $plugin = "file://${downloaded_file}"
-        }
-        default: {
-          $plugin = $downloaded_file
-        }
-      }
-    }
-
-    /^https?:/: {
-      # An 'http(s):///' URL.
-      $plugin = $source
-    }
-
-    default: {
-      fail('"source" should be a local path, a "puppet:///" url, or undef.')
-    }
-  }
-
-  case $ensure {
-    'present': {
-      exec { "install-${name}":
-        command => "${exe} install ${plugin}",
-        unless  => "${exe} list ^${name}$",
-      }
-    }
-
-    /^\d+\.\d+\.\d+/: {
-      exec { "install-${name}":
-        command => "${exe} install --version ${ensure} ${plugin}",
-        unless  => "${exe} list --verbose ^${name}$ | grep --fixed-strings --quiet '(${ensure})'",
-      }
-    }
-
-    'absent': {
-      exec { "remove-${name}":
-        command => "${exe} remove ${name}",
-        onlyif  => "${exe} list | grep -q ^${name}$",
-      }
-    }
-
-    default: {
-      fail "'ensure' should be 'present', 'absent', or a version like '1.3.4'."
-    }
-  }
-}
    -
    -
    -
    - - - -
    - - \ No newline at end of file diff --git a/modules/utilities/unix/logging/logstash/doc/top-level-namespace.html b/modules/utilities/unix/logging/logstash/doc/top-level-namespace.html deleted file mode 100644 index 873bf3937..000000000 --- a/modules/utilities/unix/logging/logstash/doc/top-level-namespace.html +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - - Top Level Namespace - - — Documentation by YARD 0.9.13 - - - - - - - - - - - - - - - - - -
    - -
    -
    - -
    - - -

    Top Level Namespace - - - -

    -
    - - - - - - - - - - - -
    - - - - - - - - - - -
    - - - -
    - - \ No newline at end of file diff --git a/modules/utilities/unix/logging/logstash/files/grok-pattern-0 b/modules/utilities/unix/logging/logstash/files/grok-pattern-0 deleted file mode 100644 index 83c8d577e..000000000 --- a/modules/utilities/unix/logging/logstash/files/grok-pattern-0 +++ /dev/null @@ -1 +0,0 @@ -GROK_PATTERN_0 . diff --git a/modules/utilities/unix/logging/logstash/files/grok-pattern-1 b/modules/utilities/unix/logging/logstash/files/grok-pattern-1 deleted file mode 100644 index 78812d8d1..000000000 --- a/modules/utilities/unix/logging/logstash/files/grok-pattern-1 +++ /dev/null @@ -1 +0,0 @@ -GROK_PATTERN_1 . diff --git a/modules/utilities/unix/logging/logstash/files/logstash-output-cowsay-5.0.0.zip b/modules/utilities/unix/logging/logstash/files/logstash-output-cowsay-5.0.0.zip deleted file mode 100644 index 4b7a043857f5f79c9cfe1e4d9d6834510d947312..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12518 zcmZ{LbCf1cpKRN%D@?Qh&->aRYrK_8Xs}-~If5Bk>6Sf=T21|qT_c;Lw z2l!d3VrM1BYBCn)|%K;Z+3 z`XG0QBLSk-ADHWdW%EA`3M%>DIN#j*X4uB? z5+Cc@P6bZwZ1p2MAU}tMWC!1UGW7MLU}1e~y$=(UOMF9!fes2DCMh(AIm~lMDQCfm z8io5@-~$rByaD_D1DerxFL!sJdKW*+-ieu?10hl&&;;H#I;mRkMq``YQv1}m(nhYZ zW`1c4AY`$j;3!nur5<(c9@v#o+iaDoLmLpYxss2Mv+wKOtTiHILNsI5P{py( z?)XC?4?AhL9uRUi@N*Md?JvAN9Vu7t;B$)erhz>-UaYp>&x+vt)+0?3LU?$xrxuv5 za<;^@x;$nLti!}#3iMb@?+yL5Dqj2OYHEYUff8ptSXG;TU{O8zd{t=@P{Gw8N7Opw zJqa1A&vy=vjJ6lrCK&E7%VCs1QuWEfTNrq&+)rgIQ#O447T}$yw;}|J#*p7Rr6$O@ zJ zYMQzZVgE~xozvrFJ7tNokfLM9hOUZ_U_zYEy}Il{nMJ2?uhndb{cd-6OT#R%rJRx_ zB87929F~w4q@0^#mecGMNU^s)G{53;bCtoi&T_+%Thuz3RjK)r4q;jk%HWu;lAyEG;)mYU&WAAQS1hb3$sN$rJH@kWrUue3Dy8Q30J| z3(ENkyI@b_C_?{ar=m-7B?lq9H|x)zt8X<4=Pg!5qMyLpB`Udi1!>q103$SM2+aoV zA|lVlcgLmju|c-2Nq_&AIpidRcB?tN?^?{9wiS}CbDK1Ic`}kG6y8{d~#@g>(4e)e%j2aR6)}R6;IsyBx!;DP3 zMpvG;a(LGAp;?uGtf+fV(!LH$#3R&NRfjK=i^p&+n37DwgPliIIi!@vLUB*~wuGndvsS@4ba5yVpy)%4{Uau}1ffTtNITIn3qJDxqQ|hkz5k10fk=|+8biA!V ztp%dRKZ-f&s&0Q?RK=uH$KjOchLw%&olV_}OrH-+J+F1%v^LF+r%o_Cr{Gqq7;Q8_ zBI%lQ{8XK7n(3%Jf~&rhv&*_~M07rs1n&zXwyp89$o(K?H*k>erz{X6mr^a5G6mNZ zYDfZzf?OipIjC6u`%cSBc z@0cltD0NWcgm~^u1ERoKyTBR3<8p^pu8B7jsluNxo!icxmF(C;Vbr#zzU*!+!76N7 zNnCrHPX+iMfX}KhkWEG|(knf6%%DP*)~>Jv&#a!~2zFC@5xgx9#J;CZ*Yjk#ZL)GZ z%$W9<>x=ladP5OnAG(`Z^t!vMb9+CcD3ABWg`0Qe=k1s<*V?lb)!$fb!pSdcg2F10 zv&B!iw%Uq0Zf_OVN%{Zeb#O7m0#cXQ?S6lr9gK@!U;lhvEFfZ9cL&StUP!mM%xEG2 zOo5ra!{bC*_V^RGJ_|0=bG%s3g}q8@e-ysLFda7dlEAj|g&!%3@6;P$%hGyEg!O%c zVX>vNpx$DaxabS9n)I%Tz`QA@6WkODIVM!(cNwUlBC4cQ*X)5m3Oo=R6}c zN+p5#^OEd2F4K}4uDQqfW8LzJ?^%SH&_5;^<%#>w2Iyvus7sR}%udV20e${06P{Pe<+|9xjWW3xW9apo(3 zCPYVpkKQ!p>Md4-7{Ut&DbnZo$4rH4>%1jmI1+WFC5iRdCo3wKNd?|*n8D}Kk%XSQ zu_E6Q%PhM%6Tt=hyy&w4QS;)8^Y3&t6ME=2Esb)I(a97JB;_>qa*w2Piy(Mh{#`uM z%wel_reoHw>Agj;@{XG(*9X&)`7jAdg29GHEdzddwLgIlbEw15F!}W{p|rNw@(j*; zVg3jL6I$ZsH$@$00XBpB$$*l}yUp213+`MS$mx!q7N+g>rg#>GR4|w^jzpYGI0{BR zH-eUK(C@t{oJ-~<);hlxWO4P)1d;cribyjZR>mV$GbdQ0+2oGjq5Ve}pyh5=7NNNZ z*N2(9m&vRkUW>bRXxRHT6qza?e_T^^jSOCtxTwr2-rMY;91>X2qUb%Kq?-YqD|f#9 zWu4Gb&e!&0D!_bRbAidwgCEn}8a(Mi4BQ-QQeYtv<)gS`}Z_x&^H{AvDW~+<{MD(0tKlsBnvwv0Kdgk5!jd&^ABX8b1gml`FF(4UuNPY) zIJQS$Y|M*^h={CA!l6|1|3Jt3p!=V`uy^;PY4!5CITj0`fBRT;y~yE8d&G%k`S?>M z1kPJXFBGNH5hgu6+(LGH1~(pw#MnX40+B0*ys{`8fcQPx!bJJrqUlZFw%h0WWlzz> zJKF$9bNG2ZtjB2My;bboY1;zWx9+F?*?r zcv~|Y`g$#rWjc9Sb!F&@t$eo%I5jiU$3VXRq|9EwwkN4uN5$)=D^|jqW{m?!v2KDR zkVALcdkSoS_7DE#1>`C|**DR4rlF&qO@&BUbP^5VbwP7~1zUY*1+FR_PpHC8jyl z>YNR6STT96XuNC$SRHuvC`Ofcjm12B$DrYe! zm$joyuj4Vk4_I;V=N%0dr@*$z)KRK1hqfXO*-<(V9iWfKW^eSwmdhNzvRpR@swJ{5 zn4{f5+)o&jY1rGXXeFV7j^D?GOZT4%cu!Ht!BFy7T&zUoxS7c?f)i=60^!5{0Qn&! zExhFz!@es`n>7(7KNCMph*5P6ENst z)lPnr!}kRYiQr{~2*S%tA*?eDNj%L9&gq%-R{8jH-k43&isnaCMN*)?6yrx6l63T( zu`nB^_`?nRUs&%tAP--_I@BsN8FITUA$|)xm8@TtMF=Udp*chEDTwG;)3VpNgc&5A zw^BJ2`8?1yiS-+vUYNowwbP7WNAGmJ$=g#N7rdv>V-g&+c?UDEbxy1wdgJcqIkDDv z{5U#y-CUeipCmXUom_A3$PbMtf>X+34hA_8zUNp#UDh^}xNhHmCoGn(zG$k?xqGoA zntzAmRki72@f8~U6&>|ry8ja+4E36!hL-cCq4;H&PzbBlLuq~Omo0yIY8oZqbIIsq*J>m~;dixV!E3}_nhng{p4=%rXsYyj`~e2N z27s$|o`ptnI6&&9|+GsGPf5|EEft2gC>QZx%hpsG$|jrMWH__(z|=g2l2dYDsv?b{As z*t|~gWn{ey3VMhbiIzF#yA}K)%DEbL)(c_BXaLF&882zUE(=e1*=^~H3jWF&+uZ{? z38Q#L1G()I6HzOla#nrRdHHyq+_M?t9>}=Q zLm)&{opQu2FyHI;)#~a|=evJ#a}5s{+}ZiT%XBOJB3#FE82_pCvU1k?^+x~F`sMm9 z#i}HcT;?PVipUj{LeI@nEvhaoo>gaQ*50sX>BcbtvD@3t52fQR zszj>=(5x~P6BL|YYa{4oFeGI#ume>Xu2 zW#`ZNl@fOc!-%4C4CX&9Mn`>P=5R1s;v}NHjCReIA6T`kRdGg#mVe#Ghx~kz%b}6K z0VhKChq#qO(p7)<8%GI|)`(iUM7V#Rk+Pq}ORe4_k&ob~OZmR( zNx6D)#LCA~NEaXLcQcfrKk2yBb4sWBX5^3&F-Xk>4rya7@nex~Eqy>IjZ z_gOpd$IM5)p#Rtn|Gz7N_22CVGjk_%2QzaAQ)_eA|6x%$N#^MMAo>fY0|DXqx19gu zSC~4QnVT{?*_l{7FtY#kD%k(it;lqjCzx5k@pLY0W4s>T>Ta`lW@Na&#-LYp_LOyw zQpzArc}o6e1!81>NoidcVB9LV$8?el^5=B6kUPlMn@# z?Auz}Up;)KKMTix-5-An2LZ|PK;FwOB0!85T|GW#KF*Ie5eC%Pu^H`XLKP62B0R_R ztmfGQ!juIn^s(hO(w#J2*L{B(`EUtk`>oUtwVZDxbGl?jQji<`nl{6G1>#bk9LPKG z2Ppo+d&}AbbE*LF^Kx<-grHioRj$lmHcC+ZrrL{Tc-csOOYL#g=9;I;`c89)-NjO^ z)BsNNM*Co-r@KEZ7H$LUVyA;zGDgZFuQ7hLDIkukc}(>iS6Fgl+DG+%I03@cX`6Jq z-4#Bqhtdw7w5B9rjQ54&J|rAjJ8KDcyT)=c+WL_b_PK-8{W3v$wZ!eqhY8H@wQ;HW zD58c|Cf&0KID$kZ`}@UeO6!YF7*{vpX7r@e9DY}i>X#&IKSj1=KOo3u$oWMF{KH^E zb${^;o{rR8xw43_trtB-_$W({zUFjcZ`FC+um1s=Zd9HAVdB?Ky2|}nlmc}_Bk%;3 zV4sCv*08XrL81A50y|~plcLkIR!(nnZm2feyRbpke@ETHOba)t$wDOhb$7USV!T-R z_Wau(KHuTK+J;gWKfprPnK7{+2EtIkw_$BIcxlr>-gvfEJY~yxWnaL+!=3^gPdb50 zPe_Z!*9dH%RSTK1rBv4-8S@J5hH55FZZ&tsS0(}2WFndm?N~sy;-TDP!AlITG|lg~ zlN5PuAl%=tAiRwl*_EL0Lo_jvYv_^}m*=lCK+vgj?R{$UPGm>Rbh21IeW7BR#wE{9 z-g>vKLW}5$qdaMtPH4KqUmjQA1X9=MPHVl;Q3! z8`GuTK~cZ1<|i2)`A2dUs`nn-BNY8(mT)UuCob!I74i}a@dgL0>=mDVOkt^VyxO3BHhfN;+64!55kmMeU&f47o zoQ|@HsTf+mKUT^e&e!~^5fQSA{L_NUHE9Xwj_^cgH+G6xxEAt0CcHWJbiNdsLA9u3?cxMM${~y+z)Xj1~fM zzve!BF>Zy+z69Qb1>V1^zWjm(0x!OLL%x;+(<6(Z!y2UbJe0HN8Hmve9(uaG5E6fE z{xqY2r8E;MoP}<0f`H67SkfPG=1|z8$=oN@RigP=fHMZDwMW zvgjy_mfEsKdPf>>t8YF4a;`)Z>|Ym$_obKW&)zfMwr>tMtTKl6=I8fYD71)pkqd=w zxb%fCa9O}E7SSK)PTXfq#Zd}R%Gi`u#e9cScN`X#@k72Cd`;pHn_uJKy**H(ml&7y zoXTJr|HYfOyp!wrPQDr{%-GXnr_#^Iv7@*@v~A|h7M+Gb!2GYpe9_) z#^nUgMdP#wEv}z|g)`q=rQ(;fxRUoZvIv*t7ne#FfxTmq1`Xda?2>2Fk$Ya^A~K89 z!GJOqsko)6ffkOcE*cc2QEH`hpB?f{+ zk<%r!l1?4ItN;>_UlSaenm(EG&wx?w$=|nQ{$q*u>5t65+M|gAvI*z3$TNDQXn{Wj z`zgLek4{8O1Kdk;B6TQ&{fK3LrdR3YJXJGd13=J^PSqxvY06Q@{+JB{ySXug0yYnO z9nmoh2R+-7_KX~eB6c@y343?#weE!FORxU8w;S*(^9%z`^^gsZk#is%w79{bHWf@! z>_jOS9pw4-oyWmM{QD*JAgwfS>2bdc7f!u92Rq|`&RNqfZ*;-O9N$k`6e8_8jekG;^)A= zlbaTA5OP?HP#VTnH!CubU~X zyHHicrNR4p)6ch%yM2&u(ZpgoC^BFbq)Iqgk9wJOP{>6pH!9H@@C-vvQh~K)puG0? zObUHlutOso&Rkon%GjuFfrsO9F4*@aa!gJ;UZyA6oHC5xyeskiZE^Mvd(Cjodh>^m zw-6NKj7Q2|lQ`iC$CU^~Nf@oiXhzs}^}Lf1RR?uQ<&psB_wFAR`9EgiSN=Tewj;rT zYv=`|?X?xA+*~zj7}(U$aG}?S?G7J!ae=^GKPX!k)H=!>MPYP!{Eg4LcN*eIE)Qyop*-0(okMZNfwVgG7sf|;Abf8D6@%n5f(cDSD^E18cV_FWF3-4j4^OrBUAY|_=qd<8Ne?o9Zh`pcKi2$sXel98}| z={_6B=~Q$A)r7bX*7-_=scW7bAdsi1qN&z-MWx)S2?o}{FX9+lpZL@3wkEwOjze}c{d`Hu3eUi~i;c0AKOLT+Z9mHAZUf(@jd zmFsnLi1T&^m_c>hDo^~|SbW>OZ%$jCIQ$6JDcR^HuZPb4gKw1ihmoGK+Q{DZW0S~s zjVA_BDQ7u3C>emPG4tkbB)IbE6)d|7RVHCI2U=9e_^zaG&|s8ef%4NT^bf&?Jq*iN zkLNjxgRMUoYHBbu$2`^hh{eXVx(hbpgrge-?<)+V<357q2 ziQKvhi-Bw1Z$=kLutsF}FMU#q``aQIa=+P-sSoz2_8jiFdGLJ~#O-uJv-L$QvMNuP z0@KPpa>7ny+DKw;`{I@5DUKHw;t{(lQ%mQoyI@q06~!OOP0dSzM&Tg>O+c*;V3Cpq z6!Zt5qhfJPn#!Euko?%L%jE%7RxsGU5-nO z+5>_#6muSK2~J{asimq_)C9>Z1+?K%9jnteDl~r?Ez75TL=K*ea;um5n+#ax35?YV zBdYqd_^8EeJ*$XkYRdpNpp?fz|E4@w2i8!f>C@F!T%QOd^d@F4ke8$#G>U3YKv#p* z_217-R)lqv)yj0N6skW`e>QC8W9Elgyq0CTfN{C1Vy9A$pkoc{?6xzcl->9<9%=+n zRbS9W*D;2jnv=2Kjw;v$)>x9Yh`D~SsXxG%+H zV$(>7%f6M@wlyO`B7P$S*@nHr=Q53gRR&nWGbp$?Z)2Fqc*aw9>^D4<+KRW=!>I^g zUO(rX`I1t#bj*aM1eilvCoL8prqJ*0fskdXYMy0)i^x=J5%#X9q1k*h1a}zk36m{B zn_l6_Fl+R3T(Fao@e9oD)SQI zb+9RFXSxH2a)6W*2JCEW#eiAN@Hw-qQ8cNk74J|Y?!ZOpFHLOCw#poI^mAW(3{!LP z9uF9BWMPi>evZ~#+cX-nmSe5mOK!(Q)9~fCqTz!Ek6b#KMTtHmY$48nN(rx~-%<-2DVTNg?KL8nO?y*SZI9(ah=&WNCEBFR%~4p+$v+ zx62gnTTE>ZUzlQ=Wdm~8W$Z~=;?%a1Yr#&G9*h7PlVmnV9ed(xu8857svDXqy>4|2CPkzK^oW3^|BC6n0 zKS$KO!C0#_FPe>|F%m4s*%RbLw6Ag9Tbmcfj{(6>W>@c(J{J zymeKtST>?essOQ9{E|j9xj(F{o*usJPLaW0k71hfIE!tV1b;f!TpbxDjbsr#d{A+a zf{df9=pp=_?-u+!N4og9VY&sHW+Lb6YM9*B+j((+I^H5 zhMI{St|RpG>@vh$l>xEM$Zyi6)#({wbCZ5yC5;n)XTdH*UikWXtM6%eDRbrMGItP~2NPHegdXiP>ZvllU zCFiXz84RQq3vW_I%GvCvF3RxXx`9TxNlLuPIXlD1&q&Ses^6)9d(yv0SWEiptOk;e zscrAFeCfP0;?X_hy9TcFnR7sNTnU#Nm@G$RTU9QS{m3rlc?vg?v*1HuDYsDRf^~hB zFeZ&V=;64;G||GFV z9t27*>+Z4>F${~>Q*_9qID+)*Q5jQ78=LqB^nTwZ&`&%K$#U6lY-ldMZLbDhzSY~5 zE@r4Niphw+9l20D%C@0h(#c~;7bzQVk|jRNMfv3C>zFEQoNro}s+6qmP+nWpr5CN{ zlWq@do%s2?q_3S{W2>}k0;(MlUJsD!VZ)R|f4;Lb)YVggeY46m;;_o?z|*Gn!vFDE z_4HwJWk7Hzh%ND|Nv!(FM57@-%WAS&UPPYUW=dWsy`s_12dv^Fj6lDl6{8P@#?VI-vo?o6xqz#S&6TfUi)~Uf7Z?sGD8woDy_0 zWDAk?KlbyW{o`7X6+|(@9|J!H(@GRF8^kgFtxw+cL&8v6Zo7eL#e`^sI^G0ngDKub z(_%dPCnx6y7jqtsf~nqy9aIeLC%`h#`Q+C4KtsoI;VGs*W9qIJ*x?e5gsJxHX^ZMa zT{|9=G{t+woLb1*8O&ajkt;$-`!qbdf(ew#NF%xYKv&2_R@Sqt%zA;&-50fm1`$P$ z+G{eBW+ivyQO$+5e59r$vl-8p3$^(+LGgppw;=sn*=@-MOJtZijPyzw5<3D!gMF`m z>znlEcM~_G@HY1d#+!h52W4>*1}Cxt!s-pdnU6jGxO6(V5tb5?BR(!~=p`ZH_hO;9 zBAP!&3J|oE;W<`}#k*ey+uuCBLQNLglEhU{xr$1Vc=^z*Z4XKgdHMXTk(PBWZIHfS zfW~+y)2*xF?9yW1suQFqBAhumfGS15|3;(n&*0)8%&QyJXCRKbQ_r-3b`=m}Wdmlw zDbR6>8M#FS@tDGq31}=ID$b@QMptl!OUc@P?a*OEMpX{`=p;pbsp~{h3|Dp)@x*^| z$igrj3bXIVZmP(Odf_QZC;br-T^R0^%UFp|sODB^i;_qH%413~?oBzR0T=^y*v9!J zLU5);f+@nbnY`JS_A!U*t@AUX`U2@VFOuy6a#v%L33w}PiY20q6HhHT{->!}2bM#< z3~QzE>78@+`J3l}9X}^2?*@3G5ilreV*;W%eZc6sPBxlOuRgZlqjW+PI5&Ml)K8VK zqII}@8ICjFN0Y@a-cV0hd4$tGW5#`M{wTpvJ)ODY6<4(JaNO}BQUo1+P@-)2bHxSQz&(}7_r~b7^`s9R zht?gxtKCNy+>Aj;8`>a=UZb_ImhA;ou;HGLij~lr=-u8;-1IqUD1YQMz!8X~ShB6{ zwhNj6Gsiji3LCfP4J{!}%-SI5ea6posC@O!dI@dc_Zml6`K^9EOh!RW1}b*88wtWM zhbSGc?N5q)Ilk4v8~X=J{TP&nezFO1-S>7WolZU1M2A`7Ssc!1h+aQW0RK%;YnmWdtXy>>+<$&z=TlMXf^&G3R`3Lp-QX~Xr>8l2^;6b!1clMOIhZ{vMiZcApm5TBW%e^XT_T01e-X3*gCTRK-vddz11fFSPZ;$l@N8B2H{Oq4C4Ffk&Tr^uz^5T7YL=(U8Z-_YMJ(RB`E z2ujayRp6iOuKPj^N*YC9$~xB$>mhm%=@&xm)b@TRA1B_xx}vN`><3Rl~)ESxjPK=Y9i>)XWerxayKwV!(x& z1cGRx_I?ub+}SA1sIk8OmouU*Itw8Lceyk2g2Ci|nUCmq902^-Nd%a2=*=$*H%dV8 zi+zxVu#a;~ZbD3aHzH zW(9)J$4oOxzja402R9afS@nL1bXkh=SS1B=W-cKpOsp4W+d#OZ8U9@7$l9a6sbJR_ z>pOH7W5-IeKx!otPMRtewwGlmuqpiP%l!VViIub8g9Zw|F48GKD>RrDB`wL_h);(d zpD7@n&cv+h8_(Vhmn%B^7>vHB8oOiqMQOkSpwTR0z(UIq#*xNV>h9@jkAAhGzW0ja+#FIBb z2`5m0lA8}1sql(%ePHNZVF08Si@zP)OeZ0s#AW5uR=+#H!}$Xyz6@=hj!C3AtXx7= ziPKx5ZUASRjM5&Gp+{BsQky!usZ`cC3wSU`i~TN3cesc3$p(0HGkY4?vn^-_^FkQ? zmBBn0*%L$X_F2AH#IQ6mm+E^biPf9W=fJOcq-XM59MLv6|EuAHk@qRar~{q%7`mSF zC5Psbt@1~1fl5*&BENbNxE$|Xuu)6@{&-le+%Ft1!19NDxBoRluPvv4kIPKO8iEIsO;iotL#xVa3Q3+2~3kR)kwU=>yGY-Pn-TIj*`a>Dm>|7ytu=)Al_ z+xTtw5_S(RcwgB72cMnz&--ja3@IS8jXF0(l(z4&z+{0W?@daji9bSN=iM(rv|m*}}hIN*;LH0oYuKFOA>ykoG zJBIw**1}lg;}4T?AV|4>w|{I5XPaN5S5s1QX_P9k(8+c8WX|)`DL*9vP0fENWVkoLD%c*YV#7K_pGP=v=SKGP3=^%w|ogXYpBZN3Kf$oFo)Iv&MfdsSj5 z_x?u;tzG`cGw)7P6Aw>fFbEJ3Cmyn0KL~zg(iz1sJnY-R zm#_ZmS@K(@PvTw@?wy^_oxf?!(^pmUnl5aK(YWA>HjK;3O8dE-1TsgU7fK%v2|iyv zvjmyUhH<%(P`8iaO7A^7a}r-+aaUXC-@i$!Y*BkPrqYWjN5~0B@&!s&^C_W$hM}&0 z`u1@9R!!|8=Mr8|cBGf{?uFeh6*ir;OU+~e;+L1rK4_iifo<{v0T>EMAEe#RpSfoTq_%rcf~xT9_94NCjPC)KgxeM7yK`oy|Nr6)W1|9{x*)kUzyGPue<*M#pvcx diff --git a/modules/utilities/unix/logging/logstash/files/null-output.conf b/modules/utilities/unix/logging/logstash/files/null-output.conf deleted file mode 100644 index f92ce9475..000000000 --- a/modules/utilities/unix/logging/logstash/files/null-output.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Test output configuration with null output. -output { - null {} -} diff --git a/modules/utilities/unix/logging/logstash/logstash.pp b/modules/utilities/unix/logging/logstash/logstash.pp deleted file mode 100644 index c0762071e..000000000 --- a/modules/utilities/unix/logging/logstash/logstash.pp +++ /dev/null @@ -1,10 +0,0 @@ -$secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) -$logstash_port = 0 + $secgen_parameters['logstash_port'][0] -$elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0] -$elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0] - -include logstash - -logstash::configfile { 'my_ls_config': - content => template('logstash/configfile-template.erb'), -} \ No newline at end of file diff --git a/modules/utilities/unix/logging/logstash/manifests/config.pp b/modules/utilities/unix/logging/logstash/manifests/config.pp deleted file mode 100644 index 606e021a1..000000000 --- a/modules/utilities/unix/logging/logstash/manifests/config.pp +++ /dev/null @@ -1,50 +0,0 @@ -# This class manages configuration directories for Logstash. -# -# @example Include this class to ensure its resources are available. -# include logstash::config -# -# @author https://github.com/elastic/puppet-logstash/graphs/contributors -# -class logstash::config { - require logstash::package - - File { - owner => 'root', - group => 'root', - } - - # Configuration "fragment" directories for pipeline config and pattern files. - # We'll keep these seperate since we may want to "purge" them. It's easy to - # end up with orphan files when managing config fragments with Puppet. - # Purging the directories resolves the problem. - - if($logstash::ensure == 'present') { - file { $logstash::config_dir: - ensure => directory, - mode => '0755', - } - - file { "${logstash::config_dir}/conf.d": - ensure => directory, - purge => $logstash::purge_config, - recurse => $logstash::purge_config, - mode => '0775', - notify => Service['logstash'], - } - - file { "${logstash::config_dir}/patterns": - ensure => directory, - purge => $logstash::purge_config, - recurse => $logstash::purge_config, - mode => '0755', - } - } - elsif($logstash::ensure == 'absent') { - # Completely remove the config directory. ie. 'rm -rf /etc/logstash' - file { $logstash::config_dir: - ensure => 'absent', - recurse => true, - force => true, - } - } -} diff --git a/modules/utilities/unix/logging/logstash/manifests/configfile.pp b/modules/utilities/unix/logging/logstash/manifests/configfile.pp deleted file mode 100644 index df3484dc7..000000000 --- a/modules/utilities/unix/logging/logstash/manifests/configfile.pp +++ /dev/null @@ -1,86 +0,0 @@ -# This type represents a Logstash pipeline configuration file. -# -# Parameters are mutually exclusive. Only one should be specified. -# -# @param [String] content -# Literal content to be placed in the file. -# -# @param [String] template -# A template from which to render the file. -# -# @param [String] source -# A file resource to be used for the file. -# -# @param [String] path -# An optional full path at which to create the file. -# -# @example Create a config file content with literal content. -# -# logstash::configfile { 'heartbeat': -# content => 'input { heartbeat {} }', -# } -# -# @example Render a config file from a template. -# -# logstash::configfile { 'from-template': -# template => 'site-logstash-module/pipeline-config.erb', -# } -# -# @example Copy the config from a file source. -# -# logstash::configfile { 'apache': -# source => 'puppet://path/to/apache.conf', -# } -# -# @example Create a config at specific location. Good for multiple pipelines. -# -# logstash::configfile { 'heartbeat-2': -# content => 'input { heartbeat {} }', -# path => '/usr/local/etc/logstash/pipeline-2/heartbeat.conf' -# } -# -# @author https://github.com/elastic/puppet-logstash/graphs/contributors -# -define logstash::configfile( - $content = undef, - $source = undef, - $template = undef, - $path = undef, -) -{ - include logstash - - $owner = 'root' - $group = $logstash::logstash_group - $mode = '0640' - $require = Package['logstash'] # So that we have '/etc/logstash/conf.d'. - $tag = [ 'logstash_config' ] # So that we notify the service. - - if($template) { $config = template($template) } - elsif($content) { $config = $content } - else { $config = undef } - - if($path) { $config_file = $path } - else { $config_file = "${logstash::config_dir}/conf.d/${name}" } - - if($config) { - file { $config_file: - content => $config, - owner => $owner, - group => $group, - mode => $mode, - require => $require, - tag => $tag, - } - } - elsif($source) { - file { $config_file: - source => $source, - owner => $owner, - group => $group, - mode => $mode, - require => $require, - tag => $tag, - } - } -} diff --git a/modules/utilities/unix/logging/logstash/manifests/init.pp b/modules/utilities/unix/logging/logstash/manifests/init.pp deleted file mode 100644 index c63a60685..000000000 --- a/modules/utilities/unix/logging/logstash/manifests/init.pp +++ /dev/null @@ -1,174 +0,0 @@ -# This class manages installation, configuration and execution of Logstash 5.x. -# -# @param [String] ensure -# Controls if Logstash should be `present` or `absent`. -# -# If set to `absent`, the Logstash package will be -# uninstalled. Related files will be purged as much as possible. The -# exact behavior is dependant on the service provider, specifically its -# support for the 'purgable' property. -# -# @param [Boolean] auto_upgrade -# If set to `true`, Logstash will be upgraded if the package provider is -# able to find a newer version. The exact behavior is dependant on the -# service provider, specifically its support for the 'upgradeable' property. -# -# @param [String] status -# The desired state of the Logstash service. Possible values: -# -# - `enabled`: Service running and started at boot time. -# - `disabled`: Service stopped and not started at boot time. -# - `running`: Service running but not be started at boot time. -# - `unmanaged`: Service will not be started at boot time. Puppet -# will neither stop nor start the service. -# -# @param [String] version -# The specific version to install, if desired. -# -# @param [Boolean] restart_on_change -# Restart the service whenever the configuration changes. -# -# Disabling automatic restarts on config changes may be desired in an -# environment where you need to ensure restarts occur in a -# controlled/rolling manner rather than during a Puppet run. -# -# @param [String] package_url -# Explict Logstash package URL to download. -# -# Valid URL types are: -# - `http://` -# - `https://` -# - `ftp://` -# - `puppet://` -# - `file:/` -# -# @param [String] package_name -# The name of the Logstash package in the package manager. -# -# @param [Integer] download_timeout -# Timeout, in seconds, for http, https, and ftp downloads. -# -# @param [String] logstash_user -# The user that Logstash should run as. This also controls file ownership. -# -# @param [String] logstash_group -# The group that Logstash should run as. This also controls file group ownership. -# -# @param [Boolean] purge_config -# Purge the config directory of any unmanaged files, -# -# @param [String] service_provider -# Service provider (init system) to use. By Default, the module will try to -# choose the 'standard' provider for the current distribution. -# -# @param [Hash] settings -# A collection of settings to be defined in `logstash.yml`. -# -# See: https://www.elastic.co/guide/en/logstash/current/logstash-settings-file.html -# -# @param [Hash] startup_options -# A collection of settings to be defined in `startup.options`. -# -# See: https://www.elastic.co/guide/en/logstash/current/config-setting-files.html -# -# @param [Array] jvm_options -# A collection of settings to be defined in `jvm.options`. -# -# @param [Array] pipelines -# A collection of settings to be defined in `pipelines.yml`. -# -# @param [Boolean] manage_repo -# Enable repository management. Configure the official repositories. -# -# @param [String] config_dir -# Path containing the Logstash configuration. -# -# @example Install Logstash, ensure the service is running and enabled. -# class { 'logstash': } -# -# @example Remove Logstash. -# class { 'logstash': -# ensure => 'absent', -# } -# -# @example Install everything but disable the service. -# class { 'logstash': -# status => 'disabled', -# } -# -# @example Configure Logstash settings. -# class { 'logstash': -# settings => { -# 'http.port' => '9700', -# } -# } -# -# @example Configure Logstash startup options. -# class { 'logstash': -# startup_options => { -# 'LS_USER' => 'root', -# } -# } -# -# @example Set JVM memory options. -# class { 'logstash': -# jvm_options => [ -# '-Xms1g', -# '-Xmx1g', -# ] -# } -# -# @example Configure multiple pipelines. -# class { 'logstash': -# pipelines => [ -# { -# "pipeline.id" => "my-pipeline_1", -# "path.config" => "/etc/path/to/p1.config", -# }, -# { -# "pipeline.id" => "my-other-pipeline", -# "path.config" => "/etc/different/path/p2.cfg", -# } -# ] -# } -# -# @author https://github.com/elastic/puppet-logstash/graphs/contributors -# -class logstash( - $ensure = 'present', - $status = 'enabled', - Boolean $restart_on_change = true, - Boolean $auto_upgrade = false, - $version = undef, - $package_url = undef, - $package_name = 'logstash', - Integer $download_timeout = 600, - $logstash_user = 'logstash', - $logstash_group = 'logstash', - $config_dir = '/etc/logstash', - Boolean $purge_config = true, - $service_provider = undef, - $settings = {}, - $startup_options = {}, - $jvm_options = [], - Array $pipelines = [], - Boolean $manage_repo = true, -) -{ - $home_dir = '/usr/share/logstash' - - if ! ($ensure in [ 'present', 'absent' ]) { - fail("\"${ensure}\" is not a valid ensure parameter value") - } - - if ! ($status in [ 'enabled', 'disabled', 'running', 'unmanaged' ]) { - fail("\"${status}\" is not a valid status parameter value") - } - - if ($manage_repo == true) { - include elastic_stack::repo - } - include logstash::package - include logstash::config - include logstash::service -} diff --git a/modules/utilities/unix/logging/logstash/manifests/package.pp b/modules/utilities/unix/logging/logstash/manifests/package.pp deleted file mode 100644 index ce07c0bf1..000000000 --- a/modules/utilities/unix/logging/logstash/manifests/package.pp +++ /dev/null @@ -1,132 +0,0 @@ -# This class manages the Logstash package. -# -# It is usually used only by the top-level `logstash` class. It's unlikely -# that you will need to declare this class yourself. -# -# @param [String] package_name -# The name of the Logstash package in the package manager. -# -# @param [String] version -# Install precisely this version from the package manager. -# -# @param [String] package_url -# Get the package from this URL, not from the package manager. -# -# @example Include this class to ensure its resources are available. -# include logstash::package -# -# @author https://github.com/elastic/puppet-logstash/graphs/contributors -# -class logstash::package( - $package_url = $logstash::package_url, - $version = $logstash::version, - $package_name = $logstash::package_name, -) -{ - Exec { - path => [ '/bin', '/usr/bin', '/usr/local/bin' ], - cwd => '/', - tries => 3, - try_sleep => 10, - } - - File { - ensure => file, - backup => false, - } - - if $logstash::ensure == 'present' { - # Check if we want to install a specific version. - if $version { - if $::osfamily == 'redhat' { - # Prerelease RPM packages have tildes ("~") in their version strings, - # which can be quite surprising to the user. Let them say: - # 6.0.0-rc2 - # not: - # 6.0.0~rc2 - $package_ensure = regsubst($version, '(\d+)-(alpha|beta|rc)(\d+)$', '\1~\2\3') - } - else { - $package_ensure = $version - } - } - else { - $package_ensure = $logstash::auto_upgrade ? { - true => 'latest', - false => 'present', - } - } - - if ($package_url) { - $filename = basename($package_url) - $extension = regsubst($filename, '.*\.', '') - $protocol = regsubst($package_url, ':.*', '') - $package_local_file = "/tmp/${filename}" - - case $protocol { - 'puppet': { - file { $package_local_file: - source => $package_url, - } - } - 'ftp', 'https', 'http': { - exec { "download_package_logstash_${name}": - command => "wget -O ${package_local_file} ${package_url} 2> /dev/null", - path => ['/usr/bin', '/bin'], - creates => $package_local_file, - timeout => $logstash::download_timeout, - } - } - 'file': { - file { $package_local_file: - source => $package_url, - } - } - default: { - fail("Protocol must be puppet, file, http, https, or ftp. Not '${protocol}'") - } - } - - case $extension { - 'deb': { $package_provider = 'dpkg' } - 'rpm': { $package_provider = 'rpm' } - default: { fail("Unknown file extension '${extension}'.") } - } - - $package_require = undef - } - else { - # Use the OS packaging system to locate the package. - $package_local_file = undef - $package_provider = undef - if $::osfamily == 'Debian' { - $package_require = $logstash::manage_repo ? { - true => Class['apt::update'], - false => undef, - } - } else { - $package_require = undef - } - } - } - else { # Package removal - $package_local_file = undef - $package_require = undef - if ($::osfamily == 'Suse') { - $package_provider = 'rpm' - $package_ensure = 'absent' # "purged" not supported by provider - } - else { - $package_provider = undef # ie. automatic - $package_ensure = 'purged' - } - } - - package { 'logstash': - ensure => $package_ensure, - name => $package_name, - source => $package_local_file, # undef if using package manager. - provider => $package_provider, # undef if using package manager. - require => $package_require, - } -} diff --git a/modules/utilities/unix/logging/logstash/manifests/package/install.pp b/modules/utilities/unix/logging/logstash/manifests/package/install.pp deleted file mode 100644 index 22b576ad0..000000000 --- a/modules/utilities/unix/logging/logstash/manifests/package/install.pp +++ /dev/null @@ -1,29 +0,0 @@ -# == Define: logstash::package::install -# -# This class exists to coordinate all software package management related -# actions, functionality and logical units in a central place. -# -# -# === Parameters -# -# [*package_url*] -# Url to the contrib package to download. -# This can be a http,https or ftp resource for remote packages -# puppet:// resource or file:/ for local packages -# -# [*version*] -# Version of package to install -# -# === Examples -# -# This class may be imported by other classes to use its functionality: -# class { 'logstash::package': } -# -# It is not intended to be used directly by external resources like node -# definitions or other modules. -# -# -# === Authors -# -# * Richard Pijnenburg -# diff --git a/modules/utilities/unix/logging/logstash/manifests/patternfile.pp b/modules/utilities/unix/logging/logstash/manifests/patternfile.pp deleted file mode 100644 index 46c8265f4..000000000 --- a/modules/utilities/unix/logging/logstash/manifests/patternfile.pp +++ /dev/null @@ -1,40 +0,0 @@ -# This type represents a Grok pattern file for Logstash. -# -# @param [String] source -# File source for the pattern file. eg. `puppet://[...]` or `file://[...]` -# -# @param [String] filename -# Optionally set the destination filename. -# -# @example Define a pattern file. -# logstash::patternfile { 'mypattern': -# source => 'puppet:///path/to/my/custom/pattern' -# } -# -# @example Define a pattern file with an explicit destination filename. -# logstash::patternfile { 'mypattern': -# source => 'puppet:///path/to/my/custom/pattern', -# filename => 'custom-pattern-name' -# } -# -# @author https://github.com/elastic/puppet-logstash/graphs/contributors -# -define logstash::patternfile ($source = undef, $filename = undef) { - require logstash::config - - validate_re($source, '^(puppet|file)://', - 'Source must begin with "puppet://" or "file://")' - ) - - if($filename) { $destination = $filename } - else { $destination = basename($source) } - - file { "${logstash::config_dir}/patterns/${destination}": - ensure => file, - source => $source, - owner => 'root', - group => $logstash::logstash_group, - mode => '0640', - tag => ['logstash_config'], - } -} diff --git a/modules/utilities/unix/logging/logstash/manifests/plugin.pp b/modules/utilities/unix/logging/logstash/manifests/plugin.pp deleted file mode 100644 index 5b1be9de0..000000000 --- a/modules/utilities/unix/logging/logstash/manifests/plugin.pp +++ /dev/null @@ -1,127 +0,0 @@ -# Manage the installation of a Logstash plugin. -# -# By default, plugins are downloaded from RubyGems, but it is also possible -# to install from a local Gem, or one stored in Puppet. -# -# @example Install a plugin. -# logstash::plugin { 'logstash-input-stdin': } -# -# @example Remove a plugin. -# logstash::plugin { 'logstash-input-stout': -# ensure => absent, -# } -# -# @example Install a plugin from a local file. -# logstash::plugin { 'logstash-input-custom': -# source => 'file:///tmp/logstash-input-custom.gem', -# } -# -# @example Install a plugin from a Puppet module. -# logstash::plugin { 'logstash-input-custom': -# source => 'puppet:///modules/logstash-site-plugins/logstash-input-custom.gem', -# } -# -# @example Install X-Pack. -# logstash::plugin { 'x-pack': -# source => 'https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.3.0.zip', -# } -# -# @example Install a plugin, overriding JVM options via the environment. -# logstash::plugin { 'logstash-input-jmx': -# environment => ['LS_JVM_OPTIONS="-Xms1g -Xmx1g"'] -# } -# -# @param ensure [String] Install or remove with `present` or `absent`. -# -# @param source [String] Install from this file, not from RubyGems. -# -# @param environment [String] Environment used when running 'logstash-plugin' -# -define logstash::plugin ( - $source = undef, - $ensure = present, - $environment = [], -) -{ - require logstash::package - $exe = "${logstash::home_dir}/bin/logstash-plugin" - - Exec { - path => '/bin:/usr/bin', - cwd => '/tmp', - user => $logstash::logstash_user, - timeout => 1800, - environment => $environment, - } - - case $source { # Where should we get the plugin from? - undef: { - # No explict source, so search Rubygems for the plugin, by name. - # ie. "logstash-plugin install logstash-output-elasticsearch" - $plugin = $name - } - - /^(\/|file:)/: { - # A gem file that is already available on the local filesystem. - # Install from the local path. - # ie. "logstash-plugin install /tmp/logtash-filter-custom.gem" or - # "logstash-plugin install file:///tmp/logtash-filter-custom.gem" or - $plugin = $source - } - - /^puppet:/: { - # A 'puppet:///' URL. Download the gem from Puppet, then install - # the plugin from the downloaded file. - $downloaded_file = sprintf('/tmp/%s', basename($source)) - file { $downloaded_file: - source => $source, - before => Exec["install-${name}"], - } - - case $source { - /\.zip$/: { - $plugin = "file://${downloaded_file}" - } - default: { - $plugin = $downloaded_file - } - } - } - - /^https?:/: { - # An 'http(s):///' URL. - $plugin = $source - } - - default: { - fail('"source" should be a local path, a "puppet:///" url, or undef.') - } - } - - case $ensure { - 'present': { - exec { "install-${name}": - command => "${exe} install ${plugin}", - unless => "${exe} list ^${name}$", - } - } - - /^\d+\.\d+\.\d+/: { - exec { "install-${name}": - command => "${exe} install --version ${ensure} ${plugin}", - unless => "${exe} list --verbose ^${name}$ | grep --fixed-strings --quiet '(${ensure})'", - } - } - - 'absent': { - exec { "remove-${name}": - command => "${exe} remove ${name}", - onlyif => "${exe} list | grep -q ^${name}$", - } - } - - default: { - fail "'ensure' should be 'present', 'absent', or a version like '1.3.4'." - } - } -} diff --git a/modules/utilities/unix/logging/logstash/manifests/service.pp b/modules/utilities/unix/logging/logstash/manifests/service.pp deleted file mode 100644 index 05122da2b..000000000 --- a/modules/utilities/unix/logging/logstash/manifests/service.pp +++ /dev/null @@ -1,173 +0,0 @@ -# This mangages the system service for Logstash. -# -# It is usually used only by the top-level `logstash` class. It's unlikely -# that you will need to declare this class yourself. -# -# @example Include this class to ensure its resources are available. -# include logstash::service -# -# @author https://github.com/elastic/puppet-logstash/graphs/contributors -# -class logstash::service { - $default_settings = { - 'path.data' => '/var/lib/logstash', - 'path.config' => '/etc/logstash/conf.d', - 'path.logs' => '/var/log/logstash', - } - - $default_startup_options = { - 'JAVACMD' => '/usr/bin/java', - 'LS_HOME' => $logstash::home_dir, - 'LS_SETTINGS_DIR' => $logstash::config_dir, - 'LS_OPTS' => "--path.settings=${logstash::config_dir}", - 'LS_JAVA_OPTS' => '""', - 'LS_PIDFILE' => '/var/run/logstash.pid', - 'LS_USER' => $logstash::logstash_user, - 'LS_GROUP' => $logstash::logstash_group, - 'LS_GC_LOG_FILE' => '/var/log/logstash/gc.log', - 'LS_OPEN_FILES' => '16384', - 'LS_NICE' => '19', - 'SERVICE_NAME' => '"logstash"', - 'SERVICE_DESCRIPTION' => '"logstash"', - } - - $default_jvm_options = [ - '-Dfile.encoding=UTF-8', - '-Djava.awt.headless=true', - '-Xms256m', - '-Xmx1g', - '-XX:CMSInitiatingOccupancyFraction=75', - '-XX:+DisableExplicitGC', - '-XX:+HeapDumpOnOutOfMemoryError', - '-XX:+UseCMSInitiatingOccupancyOnly', - '-XX:+UseConcMarkSweepGC', - '-XX:+UseParNewGC', - ] - - $settings = merge($default_settings, $logstash::settings) - $startup_options = merge($default_startup_options, $logstash::startup_options) - $jvm_options = $logstash::jvm_options - $pipelines = $logstash::pipelines - - File { - owner => 'root', - group => 'root', - mode => '0644', - notify => Exec['logstash-system-install'], - } - - if $logstash::ensure == 'present' { - case $logstash::status { - 'enabled': { - $service_ensure = 'running' - $service_enable = true - } - 'disabled': { - $service_ensure = 'stopped' - $service_enable = false - } - 'running': { - $service_ensure = 'running' - $service_enable = false - } - default: { - fail("\"${logstash::status}\" is an unknown service status value") - } - } - } else { - $service_ensure = 'stopped' - $service_enable = false - } - - if $service_ensure == 'running' { - # Then make sure the Logstash startup options are up to date. - file {'/etc/logstash/startup.options': - content => template('logstash/startup.options.erb'), - } - - # ..and make sure the JVM options are up to date. - file {'/etc/logstash/jvm.options': - content => template('logstash/jvm.options.erb'), - } - - # ..and pipelines.yml, if the user provided such. If they didn't, zero out - # the file, which will default Logstash to traditional single-pipeline - # behaviour. - if(empty($pipelines)) { - file {'/etc/logstash/pipelines.yml': - content => '', - } - } - else { - file {'/etc/logstash/pipelines.yml': - content => template('logstash/pipelines.yml.erb'), - } - } - - # ..and the Logstash internal settings too. - file {'/etc/logstash/logstash.yml': - content => template('logstash/logstash.yml.erb'), - } - - # Invoke 'system-install', which generates startup scripts based on the - # contents of the 'startup.options' file. - exec { 'logstash-system-install': - command => "${logstash::home_dir}/bin/system-install", - refreshonly => true, - notify => Service['logstash'], - } - } - - # Figure out which service provider (init system) we should be using. - # In general, we'll try to guess based on the operating system. - $os = downcase($::operatingsystem) - $release = $::operatingsystemmajrelease - # However, the operator may have explicitly defined the service provider. - if($logstash::service_provider) { - $service_provider = $logstash::service_provider - } - # In the absence of an explicit choice, we'll try to figure out a sensible - # default. - # Puppet 3 doesn't know that Debian 8 uses systemd, not SysV init, so we'll - # help it out with our knowledge from the future. - elsif($os == 'debian' and $release == '8') { - $service_provider = 'systemd' - } - # Centos 6 uses Upstart by default, but Puppet can get confused about this too. - elsif($os =~ /(redhat|centos)/ and $release == '6') { - $service_provider = 'upstart' - } - elsif($os =~ /ubuntu/ and $release == '12.04') { - $service_provider = 'upstart' - } - elsif($os =~ /opensuse/ and $release == '13') { - $service_provider = 'systemd' - } - #Older Amazon Linux AMIs has its release based on the year - #it came out (2010 and up); the provider needed to be set explicitly; - #New Amazon Linux 2 AMIs has the release set to 2, Puppet can handle it - elsif($os =~ /amazon/ and versioncmp($release, '2000') > 0) { - $service_provider = 'upstart' - } - else { - # In most cases, Puppet(4) can figure out the correct service - # provider on its own, so we'll just say 'undef', and let it do - # whatever it thinks is best. - $service_provider = undef - } - - service { 'logstash': - ensure => $service_ensure, - enable => $service_enable, - hasstatus => true, - hasrestart => true, - provider => $service_provider, - } - - # If any files tagged as config files for the service are changed, notify - # the service so it restarts. - if $::logstash::restart_on_change { - File<| tag == 'logstash_config' |> ~> Service['logstash'] - Logstash::Plugin<| |> ~> Service['logstash'] - } -} diff --git a/modules/utilities/unix/logging/logstash/metadata.json b/modules/utilities/unix/logging/logstash/metadata.json deleted file mode 100644 index 00eff21b8..000000000 --- a/modules/utilities/unix/logging/logstash/metadata.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "name": "elastic-logstash", - "version": "6.1.2", - "author": "elastic", - "summary": "Module for managing and configuring Logstash", - "license": "Apache-2.0", - "source": "https://github.com/elastic/puppet-logstash", - "project_page": "https://github.com/elastic/puppet-logstash", - "issues_url": "https://github.com/elastic/puppet-logstash/issues", - "dependencies": [ - {"name":"puppetlabs/stdlib","version_requirement":">=3.2.0 <5.0.0"}, - {"name":"elastic/elastic_stack","version_requirement":">=6.0.0 <7.0.0"} - ], - "data_provider": null, - "description": "Module for managing and configuring Logstash", - "operatingsystem_support": [ - { - "operatingsystem": "RedHat", - "operatingsystemrelease": [ - "6", - "7" - ] - }, - { - "operatingsystem": "CentOS", - "operatingsystemrelease": [ - "6", - "7" - ] - }, - { - "operatingsystem": "OracleLinux", - "operatingsystemrelease": [ - "6", - "7" - ] - }, - { - "operatingsystem": "Scientific", - "operatingsystemrelease": [ - "6", - "7" - ] - }, - { - "operatingsystem": "Debian", - "operatingsystemrelease": [ - "7", - "8" - ] - }, - { - "operatingsystem": "Ubuntu", - "operatingsystemrelease": [ - "14.04", - "16.04" - ] - }, - { - "operatingsystem": "OpenSuSE", - "operatingsystemrelease": [ - "13.x" - ] - } - ], - "requirements": [ - { - "name": "puppet", - "version_requirement": ">=4.6.1 <6.0.0" - } - ] -} diff --git a/modules/utilities/unix/logging/logstash/templates/configfile-template.erb b/modules/utilities/unix/logging/logstash/templates/configfile-template.erb deleted file mode 100644 index df430a635..000000000 --- a/modules/utilities/unix/logging/logstash/templates/configfile-template.erb +++ /dev/null @@ -1,14 +0,0 @@ -input { - beats { - port => <%= @logstash_port-%> - } -} -output { - elasticsearch { - hosts => "<%= @elasticsearch_ip-%>:<%= @elasticsearch_port-%>" - manage_template => false - index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" - document_type => "%{[@metadata][type]}" - } - stdout { codec => rubydebug } -} \ No newline at end of file diff --git a/modules/utilities/unix/logging/logstash/templates/jvm.options.erb b/modules/utilities/unix/logging/logstash/templates/jvm.options.erb deleted file mode 100644 index c16ebeb11..000000000 --- a/modules/utilities/unix/logging/logstash/templates/jvm.options.erb +++ /dev/null @@ -1,27 +0,0 @@ -# This file is managed by Puppet -- <%= @name %> -# -# Set the 'jvm_options' parameter on the logstash class to change this file. -<% -def set_default(options, match_string, default) - options.detect {|o| o.include?(match_string)} || options.push(default) -end - -defaults = { - '-Xms' => '-Xms256m', - '-Xmx' => '-Xmx1g', - 'UseParNewGC' => '-XX:+UseParNewGC', - 'UseConcmarksweepgc' => '-XX:+UseConcMarkSweepGC', - 'CMSInitiatingOccupancyFraction=' => '-XX:CMSInitiatingOccupancyFraction=75', - 'UseCMSInitiatingOccupancyOnly' => '-XX:+UseCMSInitiatingOccupancyOnly', - 'DisableExplicitGC' => '-XX:+DisableExplicitGC', - '-Djava.aws.headless=' => '-Djava.awt.headless=true', - '-Dfile.encoding=' => '-Dfile.encoding=UTF-8', - 'HeapDumpOnOutOfMemoryError' => '-XX:+HeapDumpOnOutOfMemoryError', -} - -defaults.each {|k,v| set_default(@jvm_options, k, v)} --%> - -<% @jvm_options.sort.each do |line| -%> -<%= line %> -<% end -%> diff --git a/modules/utilities/unix/logging/logstash/templates/logstash.yml.erb b/modules/utilities/unix/logging/logstash/templates/logstash.yml.erb deleted file mode 100644 index 5bafdaf39..000000000 --- a/modules/utilities/unix/logging/logstash/templates/logstash.yml.erb +++ /dev/null @@ -1,18 +0,0 @@ -<%# By default, Logstash sets 'path.config' in 'logstash.yml', however -%> -<%# when that setting is present, 'pipelines.yml' is ignored. If the user -%> -<%# specified their own piplines, we'll make sure they are honoured by -%> -<%# removing the 'path.config' setting. -%> -<%# -%> -<%# REF: https://github.com/elastic/logstash/issues/8420 -%> -<% @settings.delete('path.config') unless @pipelines.empty? -%> -<%# -%> -<%# Similiarly, when using centralized pipeline management, path.config -%> -<%# is an invalid setting, and should be removed. -%> -<%# REF: https://github.com/elastic/puppet-logstash/issues/357 -%> -<% @settings.delete('path.config') if @settings['xpack.management.enabled'] -%> -<% begin -%> -<% @settings.delete('path.config') if @settings['xpack']['management']['enabled'] -%> -<% rescue NoMethodError -%> -<% end -%> -<%# -%> -<%= @settings.to_yaml %> diff --git a/modules/utilities/unix/logging/logstash/templates/pipelines.yml.erb b/modules/utilities/unix/logging/logstash/templates/pipelines.yml.erb deleted file mode 100644 index 11ae3759d..000000000 --- a/modules/utilities/unix/logging/logstash/templates/pipelines.yml.erb +++ /dev/null @@ -1 +0,0 @@ -<%= @pipelines.to_yaml %> diff --git a/modules/utilities/unix/logging/logstash/templates/startup.options.erb b/modules/utilities/unix/logging/logstash/templates/startup.options.erb deleted file mode 100644 index ca1a13650..000000000 --- a/modules/utilities/unix/logging/logstash/templates/startup.options.erb +++ /dev/null @@ -1,14 +0,0 @@ -# This file is managed by Puppet -- <%= @name %> - -############################################################################### -# These settings are ONLY used by $LS_HOME/bin/system-install to create a custom -# startup script for Logstash. It should automagically use the init system -# (systemd, upstart, sysv, etc.) that your Linux distribution uses. -# -# After changing anything here, you need to re-run $LS_HOME/bin/system-install -# as root to push the changes to the init script. -################################################################################ - -<% @startup_options.sort.each do |k,v| -%> -<%= k %>=<%= v %> -<% end -%> diff --git a/modules/utilities/unix/logging/watcher/manifests/configure.pp b/modules/utilities/unix/logging/watcher/manifests/configure.pp deleted file mode 100644 index 4d667d64d..000000000 --- a/modules/utilities/unix/logging/watcher/manifests/configure.pp +++ /dev/null @@ -1,23 +0,0 @@ -class watcher::configure { - - $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) - $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0] - $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0] - - # Search string within kibana for a successful login on account: 'test' - # "event.category : user-login and event.type : user_login and auditd.result : success and user.name_map.auid : test" - - - # TODO: Need some automated curl script that utilises a template to generate "create watcher" request - - # Need to send a request to: "172.16.0.2":9200 [ $elasticsearch_ip:$elasticsearch_port ] - # PUT _xpack/watcher/watch/my-watch - # templates('watcher/watch.json.erb') - - # First: Get it working within Kibana, there is a testing tool within 'Dev tools' section - # Second: Create a way to detect whether the watcher is registered correctly, we can GET the watcher endpoint in kibana to check - # Third: Implement functionality so the watcher fires a HTTP request to 172.16.0.2:8080 - # Fourth: Implement a dummy webserver running on 8080 that can recieve requests + displays their contents on the screen. - # Fifth: Look into adding SSL to this whole process. - -} \ No newline at end of file diff --git a/modules/utilities/unix/logging/watcher/templates/watch.json.erb b/modules/utilities/unix/logging/watcher/templates/watch.json.erb deleted file mode 100644 index 223755142..000000000 --- a/modules/utilities/unix/logging/watcher/templates/watch.json.erb +++ /dev/null @@ -1,50 +0,0 @@ -{ - "trigger": { - "schedule": { - "cron": "0 0/1 * * * ?" - } - }, - "input": { - "search": { - "request": { - "indices": [ - "logstash*" - ], - "body": { - "query": { - "bool": { - "must": { - "match": { - "response": 404 - } - }, - "filter": { - "range": { - "@timestamp": { - "from": "{{ctx.trigger.scheduled_time}}||-5m", - "to": "{{ctx.trigger.triggered_time}}" - } - } - } - } - } - } - } - } - }, - "condition": { - "compare": { - "ctx.payload.hits.total": { - "gt": 0 - } - } - }, - "actions": { - "email_admin": { - "email": { - "to": "admin@domain.host.com", - "subject": "404 recently encountered" - } - } - } -} \ No newline at end of file diff --git a/modules/utilities/unix/logging/watcher/watcher.pp b/modules/utilities/unix/logging/watcher/watcher.pp deleted file mode 100644 index 812b7ba24..000000000 --- a/modules/utilities/unix/logging/watcher/watcher.pp +++ /dev/null @@ -1 +0,0 @@ -include watcher::configure \ No newline at end of file diff --git a/scenarios/examples/elkstack.xml b/scenarios/examples/elkstack.xml index f7d92eebb..25a7fccb8 100644 --- a/scenarios/examples/elkstack.xml +++ b/scenarios/examples/elkstack.xml @@ -1,20 +1,18 @@ + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario"> - + elk - + - + 172.16.0.2 + 172.16.0.3 @@ -29,45 +27,45 @@ 5601 - + - IP_address + IP_addresses elasticsearch_port - + - + logstash_port - IP_address + IP_addresses elasticsearch_port - + - + - IP_address + IP_addresses kibana_port - IP_address + IP_addresses elasticsearch_port - + - IP_address + IP_addresses logstash_port @@ -76,60 +74,67 @@ - IP_address + IP_addresses logstash_port + + - IP_address + IP_addresses + + + + + dev + + + + + + auditpusher + + + + + IP_addresses + + + logstash_port + + + + + + + + test + + + test + + + + + + + + + true + + + + + + + + IP_addresses - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/secgen.rb b/secgen.rb index bd40ec5a6..122e18e28 100644 --- a/secgen.rb +++ b/secgen.rb @@ -80,7 +80,7 @@ def build_config(scenario, out_dir, options) Print.info 'Reading configuration file for virtual machines you want to create...' # read the scenario file describing the systems, which contain vulnerabilities, services, etc # this returns an array/hashes structure - systems = SystemReader.read_scenario(scenario) + systems = SystemReader.read_scenario(scenario, options) Print.std "#{systems.size} system(s) specified" all_available_modules = ModuleReader.get_all_available_modules