diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index 4d5d5b2e4..0f5e9e59f 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -5,6 +5,7 @@ {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername', '') %} {%- endif %} {%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%} +{% set FEATURES = salt['pillar.get']('elastic:features', False) %} cluster.name: "{{ ESCLUSTERNAME }}" network.host: 0.0.0.0 @@ -22,6 +23,17 @@ cluster.routing.allocation.disk.threshold_enabled: true cluster.routing.allocation.disk.watermark.low: 95% cluster.routing.allocation.disk.watermark.high: 98% cluster.routing.allocation.disk.watermark.flood_stage: 98% +{%- if FEATURES is sameas true %} +xpack.security.enabled: true +xpack.security.http.ssl.enabled: true +xpack.security.transport.ssl.enabled: true +xpack.security.http.ssl.key: /ca/elasticsearch.key +xpack.security.http.ssl.certificate: /ca/elasticsearch.crt +xpack.security.http.ssl.certificate_authorities: /ca/ca.crt +xpack.security.transport.ssl.key: /ca/elasticsearch.key +xpack.security.transport.ssl.certificate: /ca/elasticsearch.crt +xpack.security.transport.ssl.certificate_authorities: /ca/ca.crt +{%- endif %} node.attr.box_type: {{ NODE_ROUTE_TYPE }} node.name: {{ ESCLUSTERNAME }} script.max_compilations_rate: 1000/1m diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 2a675cc45..d343f19c1 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -192,6 +192,11 @@ so-elasticsearch: - /nsm/elasticsearch:/usr/share/elasticsearch/data:rw - /opt/so/log/elasticsearch:/var/log/elasticsearch:rw - /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro + {%- if FEATURES is sameas true %} + - /etc/pki/ca.crt:/ca/ca.cert:ro + - /etc/pki/elasticsearch.key:/ca/elasticsearch.key:ro + - /etc/pki/elasticsearch.crt:/ca/elasticsearch.crt:ro + {%- endif %} - watch: - file: cacertz