This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################### INSTALL PREREQUISITIES ##################### | |
sudo apt update | |
sudo apt -y install default-jre curl jq | |
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - | |
sudo apt -y install apt-transport-https | |
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list | |
sudo apt -y install elasticsearch |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
####### APPEND TO ELASTICSEARCH CONFIGURATION FILE ######## | |
echo "node.name: ${node_name}" >> /etc/elasticsearch/elasticsearch.yml | |
echo "network.host : 0.0.0.0" >> /etc/elasticsearch/elasticsearch.yml | |
echo "discovery.seed_hosts:" >> /etc/elasticsearch/elasticsearch.yml | |
echo " - ${elastic_host_1}" >> /etc/elasticsearch/elasticsearch.yml | |
echo " - ${elastic_host_2}" >> /etc/elasticsearch/elasticsearch.yml | |
echo " - ${elastic_host_3}" >> /etc/elasticsearch/elasticsearch.yml | |
echo "cluster.name: elasticsearch" >> /etc/elasticsearch/elasticsearch.yml | |
echo "cluster.initial_master_nodes:" >> /etc/elasticsearch/elasticsearch.yml | |
echo " - ${master_node}" >> /etc/elasticsearch/elasticsearch.yml |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
node_name = var.master_node, | |
network_host = var.node_ips[0], | |
elastic_host_1 = var.node_ips[0], | |
elastic_host_2 = var.node_ips[1], | |
elastic_host_3 = var.node_ips[2], | |
master_node = var.master_node, | |
ca_bucket = var.ca_bucket_location, | |
backup_bucket = var.backup_bucket, | |
gcp_sa = google_service_account_key.mykey.private_key, | |
elastic_pw = var.elastic_pw, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############# APPEND TO JVM CONFIGURATION FILE #################### | |
echo "-Xms4g" >> /etc/elasticsearch/jvm.options | |
echo "-Xmx4g" >> /etc/elasticsearch/jvm.options |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
####### PLUGIN, SERVICE-ACCOUNT AND RESTART ELASTICSEARCH ######## | |
systemctl enable elasticsearch.service | |
cd /usr/share/elasticsearch | |
sudo ./bin/elasticsearch-plugin install repository-gcs -b | |
echo ${gcp_sa} | base64 -d > credentials.json | |
sudo ./bin/elasticsearch-keystore add-file gcs.client.default.credentials_file credentials.json -s | |
systemctl restart elasticsearch.service |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################### ENABLE X-PAC MONITORING #################### | |
curl -X PUT "0.0.0.0:9200/_cluster/settings?pretty" -H 'Content-Type: application/json' -d' {"persistent": {"xpack.monitoring.collection.enabled": true}}' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################### X-PAC SECURITY FEATURES ####################### | |
gsutil cp "my-gcs-bucket-with-elastic-certificates" /etc/elasticsearch | |
gsutil cp "${ca_bucket}http.p12" /etc/elasticsearch | |
chmod 777 /etc/elasticsearch | |
cat <<EOT >> /etc/elasticsearch/elasticsearch.yml | |
xpack.security.http.ssl.enabled: true | |
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/http.p12 | |
xpack.security.http.ssl.keystore.secure_password: '' | |
xpack.security.enabled: true | |
xpack.security.transport.ssl.enabled: true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
################### X-PAC SECURITY FEATURES ####################### | |
gsutil cp "my-gcs-bucket-with-elastic-certificates" /etc/elasticsearch | |
gsutil cp "${ca_bucket}http.p12" /etc/elasticsearch | |
chmod 777 /etc/elasticsearch | |
cat <<EOT >> /etc/elasticsearch/elasticsearch.yml | |
xpack.security.http.ssl.enabled: true | |
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/http.p12 | |
xpack.security.http.ssl.keystore.secure_password: '' | |
xpack.security.enabled: true | |
xpack.security.transport.ssl.enabled: true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform apply -var 'elastic_pw={pw_elastic}' -var-file=env/test.tfvars -auto-approve |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform apply -var 'elastic_pw={pw_elastic}' -var-file=env/prod.tfvars -auto-approve |