Callonski

################### INSTALL PREREQUISITIES  #####################
sudo apt update
sudo apt -y install default-jre curl jq
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt -y install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list
sudo apt -y install elasticsearch

Callonski

####### APPEND TO ELASTICSEARCH CONFIGURATION FILE  ########
echo "node.name: ${node_name}" >> /etc/elasticsearch/elasticsearch.yml
echo "network.host : 0.0.0.0" >> /etc/elasticsearch/elasticsearch.yml
echo "discovery.seed_hosts:" >> /etc/elasticsearch/elasticsearch.yml
echo " - ${elastic_host_1}" >> /etc/elasticsearch/elasticsearch.yml
echo " - ${elastic_host_2}" >> /etc/elasticsearch/elasticsearch.yml
echo " - ${elastic_host_3}" >> /etc/elasticsearch/elasticsearch.yml
echo "cluster.name: elasticsearch" >> /etc/elasticsearch/elasticsearch.yml
echo "cluster.initial_master_nodes:" >> /etc/elasticsearch/elasticsearch.yml
echo " - ${master_node}" >> /etc/elasticsearch/elasticsearch.yml

Callonski

node_name = var.master_node,
network_host = var.node_ips[0],
elastic_host_1 = var.node_ips[0],
elastic_host_2 = var.node_ips[1],
elastic_host_3 = var.node_ips[2],
master_node = var.master_node,
ca_bucket = var.ca_bucket_location,
backup_bucket = var.backup_bucket,
gcp_sa = google_service_account_key.mykey.private_key,
elastic_pw = var.elastic_pw,

Callonski

############# APPEND TO JVM CONFIGURATION FILE ####################
echo "-Xms4g" >> /etc/elasticsearch/jvm.options
echo "-Xmx4g" >> /etc/elasticsearch/jvm.options

Callonski

####### PLUGIN, SERVICE-ACCOUNT AND RESTART ELASTICSEARCH ########
systemctl enable elasticsearch.service
cd /usr/share/elasticsearch
sudo ./bin/elasticsearch-plugin install repository-gcs -b
echo ${gcp_sa} | base64 -d > credentials.json
sudo ./bin/elasticsearch-keystore add-file gcs.client.default.credentials_file credentials.json -s
systemctl restart elasticsearch.service

Callonski

################### ENABLE X-PAC MONITORING ####################
curl -X PUT "0.0.0.0:9200/_cluster/settings?pretty" -H 'Content-Type: application/json' -d' {"persistent": {"xpack.monitoring.collection.enabled": true}}'

Callonski

################### X-PAC SECURITY FEATURES #######################
gsutil cp "my-gcs-bucket-with-elastic-certificates" /etc/elasticsearch
gsutil cp "${ca_bucket}http.p12" /etc/elasticsearch
chmod 777 /etc/elasticsearch
cat <<EOT >> /etc/elasticsearch/elasticsearch.yml
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/http.p12
xpack.security.http.ssl.keystore.secure_password: ''
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

Callonski

################### X-PAC SECURITY FEATURES #######################
gsutil cp "my-gcs-bucket-with-elastic-certificates" /etc/elasticsearch
gsutil cp "${ca_bucket}http.p12" /etc/elasticsearch
chmod 777 /etc/elasticsearch
cat <<EOT >> /etc/elasticsearch/elasticsearch.yml
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/http.p12
xpack.security.http.ssl.keystore.secure_password: ''
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

Callonski

terraform apply -var 'elastic_pw={pw_elastic}' -var-file=env/test.tfvars -auto-approve

Callonski

terraform apply -var 'elastic_pw={pw_elastic}' -var-file=env/prod.tfvars -auto-approve