forked from voxpupuli/puppet-elasticsearch
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathruby.rb
171 lines (148 loc) · 4.45 KB
/
ruby.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
# frozen_string_literal: false
Puppet::Type.type(:elasticsearch_keystore).provide(
:elasticsearch_keystore
) do
desc 'Provider for `elasticsearch-keystore` based secret management.'
def self.defaults_dir
@defaults_dir ||= case Facter.value('osfamily')
when 'RedHat'
'/etc/sysconfig'
else
'/etc/default'
end
end
def self.home_dir
@home_dir ||= case Facter.value('osfamily')
when 'OpenBSD'
'/usr/local/elasticsearch'
else
'/usr/share/elasticsearch'
end
end
attr_accessor :defaults_dir, :home_dir
commands keystore: "#{home_dir}/bin/elasticsearch-keystore"
def self.run_keystore(args, configdir = '/etc/elasticsearch', stdin = nil)
options = {
custom_environment: {
'ES_INCLUDE' => File.join(defaults_dir, "elasticsearch"),
'ES_PATH_CONF' => "#{configdir}"
},
uid: 'elasticsearch',
gid: 'elasticsearch',
failonfail: true
}
unless stdin.nil?
stdinfile = Tempfile.new('elasticsearch-keystore')
stdinfile << stdin
stdinfile.flush
options[:stdinfile] = stdinfile.path
end
begin
stdout = execute([command(:keystore)] + args, options)
ensure
unless stdin.nil?
stdinfile.close
stdinfile.unlink
end
end
stdout.exitstatus.zero? ? stdout : raise(Puppet::Error, stdout)
end
def self.present_keystores
keystores = []
# yeah, it's hardcoded here
if File.exists?('/etc/elasticsearch/elasticsearch.keystore')
keystores.push('/etc/elasticsearch/elasticsearch.keystore')
end
keystores.map do |instance|
# list is for checking if keystore has valid format
settings = run_keystore(['list']).split("\n")
{
name: 'elasticsearch_secrets', # this is hardcoded too
ensure: :present,
provider: name,
settings: settings
}
end
end
def self.instances
present_keystores.map do |keystore|
new keystore
end
end
def self.prefetch(resources)
instances.each do |prov|
if (resource = resources[prov.name])
resource.provider = prov
end
end
end
def initialize(value = {})
super(value)
@property_flush = {}
end
def flush
keystore = File.join([resource[:configdir], 'elasticsearch.keystore'])
case @property_flush[:ensure]
when :present
unless File.exists?(keystore)
debug(self.class.run_keystore(['create'], resource[:configdir]))
end
@property_flush[:settings] = resource[:settings]
when :absent
File.delete(keystore)
end
# Note that since the property is :array_matching => :all, we have to
# expect that the hash is wrapped in an array.
if @property_flush[:settings] && !@property_flush[:settings].first.empty?
# Flush properties that _should_ be present
@property_flush[:settings].first.each_pair do |setting, value|
next unless @property_hash[:settings].nil? \
|| (!@property_hash[:settings].include? setting)
debug(self.class.run_keystore(
['add', '--force', '--stdin', setting], resource[:configdir], value
))
end
# Remove properties that are no longer present
if resource[:purge] && !(@property_hash.nil? || @property_hash[:settings].nil?)
(@property_hash[:settings] - @property_flush[:settings].first.keys).each do |setting|
debug(self.class.run_keystore(
['remove', setting], resource[:configdir]
))
end
end
end
@property_hash = self.class.present_keystores.find do |u|
u[:name] == resource[:name]
end
end
# settings property setter
#
# @return [Hash] settings
def settings=(new_settings)
@property_flush[:settings] = new_settings
end
# settings property getter
#
# @return [Hash] settings
def settings
@property_hash[:settings]
end
# Sets the ensure property in the @property_flush hash.
#
# @return [Symbol] :present
def create
@property_flush[:ensure] = :present
end
# Determine whether this resource is present on the system.
#
# @return [Boolean]
def exists?
@property_hash[:ensure] == :present
end
# Set flushed ensure property to absent.
#
# @return [Symbol] :absent
def destroy
@property_flush[:ensure] = :absent
end
end