alex-zel/gist:7ef3001bef7aebd8f411df044948e220 Secret

## gistfile1.txt
##### configure apt #####
{% set repos = ['/etc/apt/sources.list.d/elasticsearch-2.x.list', '/etc/apt/sources.list.d/kibana-4.5.list', '/etc/apt/sources.list.d/logstash-2.3.list'] %}

{% for repo in repos %}
{{ repo }}:
  file.absent
{% endfor %}

'download key':
  cmd.run:
    - name: 'wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -'
    - require:
      {% for repo in repos %}
      - {{ repo }}
      {% endfor %}

'add elastic 5.x repo':
  file.managed:
    - name: '/etc/apt/sources.list.d/elastic-5.x.list'
    - source: 'salt://elk/config_files/sources/elastic-5.x.list'
    - require:
      - 'download key'

'apt-get update':
  cmd.run:
    - require:
      - 'add elastic 5.x repo'

##### end #####

##### configure kibana #####
'unhold kibana':
  cmd.run:
    - name: 'apt-mark unhold kibana'
    - require:
      - 'apt-get update'

kibana:
  pkg.installed:
    - version: 5.0.1
    - hold: True
    - require:
      - 'unhold kibana'

'/etc/kibana/kibana.yml':
  file.managed:
    - source: 'salt://elk/config_files/kibana/kibana.yml'
    - require:
      - kibana

'install kibana x-pack':
  cmd.run:
    - name: '/usr/share/kibana/bin/kibana-plugin install x-pack'
    - require:
      - '/etc/kibana/kibana.yml'
    - unless:
      - 'ls /usr/share/kibana/plugins/x-pack'

##### end #####

##### elasticsearch config #####
{% set remove = ['/etc/elasticsearch/logging.yml', '/etc/elasticsearch/shield'] %}
{% set old_plugins = ['license', 'shield', 'watcher', 'elasticsearch-migration'] %}
{% set elastic_user = salt['pillar.get']('elastic:username') %}
{% set elastic_password = salt['pillar.get']('elastic:password') %}
{% set kibana_user = salt['pillar.get']('kibana:username') %}
{% set kibana_password = salt['pillar.get']('kibana:password') %}

'unhold elasticsearch':
  cmd.run:
    - name: 'apt-mark unhold elasticsearch'
    - require:
      - 'install kibana x-pack'

'install elasticsearch':
  pkg.installed:
    - name: 'elasticsearch'
    - version: 5.0.1
    - hold: True
    - require:
      - 'unhold elasticsearch'

{% for rem in remove %}
{{ rem }}:
  cmd.run:
    - name: 'rm -rf {{ rem }}'
    - require:
      - 'install elasticsearch'
{% endfor %}

'/etc/elasticsearch/elasticsearch.yml':
  file.managed:
    - source: 'salt://elk/config_files/elasticsearch/elasticsearch.yml'
    - require:
      {% for rem in remove %}
      - {{ rem }}
      {% endfor %}

{% for plugin in old_plugins %}
{{ plugin }}:
  cmd.run:
    - name: '/usr/share/elasticsearch/bin/elasticsearch-plugin remove {{ plugin }}'
    - onlyif:
      - 'ls /usr/share/elasticsearch/plugins/{{ plugin }}'
    - require:
      - '/etc/elasticsearch/elasticsearch.yml'
{% endfor %}

'install x-pack plugin':
  cmd.run:
    - name: '/usr/share/elasticsearch/bin/elasticsearch-plugin install --batch x-pack'
    - unless:
      - 'ls /usr/share/elasticsearch/plugins/x-pack'
    - require:
      {% for plugin in old_plugins %}
      - {{ plugin }}
      {% endfor %}

'/etc/elasticsearch/x-pack':
  file.recurse:
    - source: 'salt://elk/config_files/x-pack'
    - require:
      - 'install x-pack plugin'

'restart elasticsearch':
  service.running:
    - name: elasticsearch
    - enable: True
    - reload: True
    - require:
      - '/etc/elasticsearch/x-pack'

'set elastic user password':
  cmd.run:
    - name: >-
        curl -XPUT --user '{{ elastic_user }}':'changeme' "localhost:9200/_xpack/security/user/elastic/_password" -d '{ "password" : "{{ elastic_password }}" }'
    - require:
      - 'restart elasticsearch'

'set kibana user password':
  cmd.run:
    - name: >-
        curl -XPUT --user '{{ elastic_user }}':'{{ elastic_password }}' 'localhost:9200/_xpack/security/user/kibana/_password' -d '{ "password" : "{{ kibana_password }}" }'
    - require:
      - 'set elastic user password'

'/usr/share/elasticsearch/config':
  file.symlink:
    - target: '/etc/elasticsearch'
    - require:
      - 'set kibana user password'

'migrate roles':
  cmd.run:
    - name: "/usr/share/elasticsearch/bin/x-pack/migrate native -U http://localhost:9200 -u '{{ elastic_user }}' -p '{{ elastic_password }}'"
    - require:
      - '/usr/share/elasticsearch/config'

'logstash_writer role':
  cmd.run:
    - name: >-
        curl -XPUT --user '{{ elastic_user }}':'{{ elastic_password }}' 'localhost:9200/_xpack/security/role/logstash_writer' -d '{"cluster": ["manage_index_templates", "monitor"], "indices": [{"names": [ "logstash-*" ], "privileges": ["write","delete","create_index"]}]}'
    - require:
      - 'migrate roles'

'logstash_internal user':
  cmd.run:
    - name: >-
        curl -XPUT --user '{{ elastic_user }}':'{{ elastic_password }}' 'localhost:9200/_xpack/security/user/logstash_internal' -d '{"password" : "secret", "roles" : [ "logstash_writer"], "full_name" : "Internal Logstash User"}'
    - require:
      - 'logstash_writer role'

##### end #####


##### logstash config ######
'unhold logstash':
  cmd.run:
    - name: 'apt-mark unhold logstash'
    - require:
      - 'logstash_internal user'

logstash:
  pkg.installed:
    - version: 1:5.0.1-1
    - hold: True
    - require:
      - 'unhold logstash'

'/usr/share/logstash/config':
  file.symlink:
    - target: '/etc/logstash'
    - require:
      - logstash

'install translate plugin':
  cmd.run:
    - name: '/usr/share/logstash/bin/logstash-plugin install logstash-filter-translate'
    - require:
      - '/usr/share/logstash/config'

'install aggregate plugin':
  cmd.run:
    - name: '/usr/share/logstash/bin/logstash-plugin install logstash-filter-aggregate'
    - require:
      - 'install translate plugin'

'/etc/logstash/data/GeoLite2-City.mmdb':
  file.managed:
    - source: 'salt://elk/config_files/logstash/data/GeoLite2-City.mmdb'
    - require:
      - 'install aggregate plugin'

'/etc/logstash/conf.d':
  file.recurse:
    - source: 'salt://elk/config_files/logstash/conf.d'
    - require:
      - '/etc/logstash/data/GeoLite2-City.mmdb'

##### end #####
	##### configure apt #####
	{% set repos = ['/etc/apt/sources.list.d/elasticsearch-2.x.list', '/etc/apt/sources.list.d/kibana-4.5.list', '/etc/apt/sources.list.d/logstash-2.3.list'] %}

	{% for repo in repos %}
	{{ repo }}:
	file.absent
	{% endfor %}

	'download key':
	cmd.run:
	- name: 'wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch \| sudo apt-key add -'
	- require:
	{% for repo in repos %}
	- {{ repo }}
	{% endfor %}

	'add elastic 5.x repo':
	file.managed:
	- name: '/etc/apt/sources.list.d/elastic-5.x.list'
	- source: 'salt://elk/config_files/sources/elastic-5.x.list'
	- require:
	- 'download key'

	'apt-get update':
	cmd.run:
	- require:
	- 'add elastic 5.x repo'

	##### end #####

	##### configure kibana #####
	'unhold kibana':
	cmd.run:
	- name: 'apt-mark unhold kibana'
	- require:
	- 'apt-get update'

	kibana:
	pkg.installed:
	- version: 5.0.1
	- hold: True
	- require:
	- 'unhold kibana'

	'/etc/kibana/kibana.yml':
	file.managed:
	- source: 'salt://elk/config_files/kibana/kibana.yml'
	- require:
	- kibana

	'install kibana x-pack':
	cmd.run:
	- name: '/usr/share/kibana/bin/kibana-plugin install x-pack'
	- require:
	- '/etc/kibana/kibana.yml'
	- unless:
	- 'ls /usr/share/kibana/plugins/x-pack'

	##### end #####

	##### elasticsearch config #####
	{% set remove = ['/etc/elasticsearch/logging.yml', '/etc/elasticsearch/shield'] %}
	{% set old_plugins = ['license', 'shield', 'watcher', 'elasticsearch-migration'] %}
	{% set elastic_user = salt['pillar.get']('elastic:username') %}
	{% set elastic_password = salt['pillar.get']('elastic:password') %}
	{% set kibana_user = salt['pillar.get']('kibana:username') %}
	{% set kibana_password = salt['pillar.get']('kibana:password') %}

	'unhold elasticsearch':
	cmd.run:
	- name: 'apt-mark unhold elasticsearch'
	- require:
	- 'install kibana x-pack'

	'install elasticsearch':
	pkg.installed:
	- name: 'elasticsearch'
	- version: 5.0.1
	- hold: True
	- require:
	- 'unhold elasticsearch'

	{% for rem in remove %}
	{{ rem }}:
	cmd.run:
	- name: 'rm -rf {{ rem }}'
	- require:
	- 'install elasticsearch'
	{% endfor %}

	'/etc/elasticsearch/elasticsearch.yml':
	file.managed:
	- source: 'salt://elk/config_files/elasticsearch/elasticsearch.yml'
	- require:
	{% for rem in remove %}
	- {{ rem }}
	{% endfor %}

	{% for plugin in old_plugins %}
	{{ plugin }}:
	cmd.run:
	- name: '/usr/share/elasticsearch/bin/elasticsearch-plugin remove {{ plugin }}'
	- onlyif:
	- 'ls /usr/share/elasticsearch/plugins/{{ plugin }}'
	- require:
	- '/etc/elasticsearch/elasticsearch.yml'
	{% endfor %}

	'install x-pack plugin':
	cmd.run:
	- name: '/usr/share/elasticsearch/bin/elasticsearch-plugin install --batch x-pack'
	- unless:
	- 'ls /usr/share/elasticsearch/plugins/x-pack'
	- require:
	{% for plugin in old_plugins %}
	- {{ plugin }}
	{% endfor %}

	'/etc/elasticsearch/x-pack':
	file.recurse:
	- source: 'salt://elk/config_files/x-pack'
	- require:
	- 'install x-pack plugin'

	'restart elasticsearch':
	service.running:
	- name: elasticsearch
	- enable: True
	- reload: True
	- require:
	- '/etc/elasticsearch/x-pack'

	'set elastic user password':
	cmd.run:
	- name: >-
	curl -XPUT --user '{{ elastic_user }}':'changeme' "localhost:9200/_xpack/security/user/elastic/_password" -d '{ "password" : "{{ elastic_password }}" }'
	- require:
	- 'restart elasticsearch'

	'set kibana user password':
	cmd.run:
	- name: >-
	curl -XPUT --user '{{ elastic_user }}':'{{ elastic_password }}' 'localhost:9200/_xpack/security/user/kibana/_password' -d '{ "password" : "{{ kibana_password }}" }'
	- require:
	- 'set elastic user password'

	'/usr/share/elasticsearch/config':
	file.symlink:
	- target: '/etc/elasticsearch'
	- require:
	- 'set kibana user password'

	'migrate roles':
	cmd.run:
	- name: "/usr/share/elasticsearch/bin/x-pack/migrate native -U http://localhost:9200 -u '{{ elastic_user }}' -p '{{ elastic_password }}'"
	- require:
	- '/usr/share/elasticsearch/config'

	'logstash_writer role':
	cmd.run:
	- name: >-
	curl -XPUT --user '{{ elastic_user }}':'{{ elastic_password }}' 'localhost:9200/_xpack/security/role/logstash_writer' -d '{"cluster": ["manage_index_templates", "monitor"], "indices": [{"names": [ "logstash-*" ], "privileges": ["write","delete","create_index"]}]}'
	- require:
	- 'migrate roles'

	'logstash_internal user':
	cmd.run:
	- name: >-
	curl -XPUT --user '{{ elastic_user }}':'{{ elastic_password }}' 'localhost:9200/_xpack/security/user/logstash_internal' -d '{"password" : "secret", "roles" : [ "logstash_writer"], "full_name" : "Internal Logstash User"}'
	- require:
	- 'logstash_writer role'

	##### end #####


	##### logstash config ######
	'unhold logstash':
	cmd.run:
	- name: 'apt-mark unhold logstash'
	- require:
	- 'logstash_internal user'

	logstash:
	pkg.installed:
	- version: 1:5.0.1-1
	- hold: True
	- require:
	- 'unhold logstash'

	'/usr/share/logstash/config':
	file.symlink:
	- target: '/etc/logstash'
	- require:
	- logstash

	'install translate plugin':
	cmd.run:
	- name: '/usr/share/logstash/bin/logstash-plugin install logstash-filter-translate'
	- require:
	- '/usr/share/logstash/config'

	'install aggregate plugin':
	cmd.run:
	- name: '/usr/share/logstash/bin/logstash-plugin install logstash-filter-aggregate'
	- require:
	- 'install translate plugin'

	'/etc/logstash/data/GeoLite2-City.mmdb':
	file.managed:
	- source: 'salt://elk/config_files/logstash/data/GeoLite2-City.mmdb'
	- require:
	- 'install aggregate plugin'

	'/etc/logstash/conf.d':
	file.recurse:
	- source: 'salt://elk/config_files/logstash/conf.d'
	- require:
	- '/etc/logstash/data/GeoLite2-City.mmdb'

	##### end #####