Each item of the list has the following attributes:
|name||yes||The logical name given to this server|
|relay_host||yes||From which host are the HTTP requests to elasticsearch server issued.|
|url||yes||The base part of the url of the server. Typically:
|when||no||Boolean. Allow conditional deployment of this item.
|username||no||The user name to log on this elasticsearch server. Must have enough rights to perform intended operations.|
|password||no||The password associated with the
|validate_certs||no||Useful if the connection is using SSL. If no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.
|ca_bundle_relay_file||no||Useful if the connection is using SSL. Allow to specify a CA_BUNDLE file, a file that contains root and intermediate certificates to validate the elasticsearch server certificate in .pem format.
This file will be looked up on the relay host system, on which this module will be executed.
|ca_bundle_local_file||no||Same as above, except this file will be looked up locally, relative to the main file. It will be copied on the relay host at the location defined by
The simplest case:
elasticsearch_servers: - name: elastic1 relay_host: en1 url: http://elastic1.myserver.mydomain.com:9200/
For a secured elasticsearch cluster:
elasticsearch_servers: - name: elastic2 relay_host: en1 url: https://elastic2.myserver.mydomain.com:9200/ validate_certs: false username: elastic password: changeme
Internally, HADeploy use the python
requests API to access elasticsearch. The provided
ca_bundle_relay_file will be used as the
verify parameter of all HTTP requests. More info here.
If, for encrypting communication with elasticsearch you have generated a Certificate authority with
as described in the elastic documentation, the following python code will allow you to generate a CA_BUNDE file
# Need: # sudo yum install pyOpenSSL from OpenSSL import crypto # Accept "" for empty password. with open("elastic-stack-ca.p12", "rb") as file: p12 = crypto.load_pkcs12(file.read(), "capassword") # PEM formatted certificate cert = crypto.dump_certificate(crypto.FILETYPE_PEM, p12.get_certificate()) print cert f = open("elastic-stack-ca.crt.pem", "w") f.write(cert) f.close()