-
Notifications
You must be signed in to change notification settings - Fork 8
/
cloud-config-elasticsearch.yml
254 lines (228 loc) · 10.1 KB
/
cloud-config-elasticsearch.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
#cloud-config
ssh_authorized_keys:
- %(LOCAL_SSH_KEY)s
bootcmd:
- set -ex
- cloud-init-per once ssh-users-ca echo "TrustedUserCAKeys /etc/ssh/users_ca.pub" >> /etc/ssh/sshd_config
# - cloud-init-per once accepted-oracle-license-v1-1 echo "oracle-java8-installer shared/accepted-oracle-license-v1-1 select true" | debconf-set-selections
- cloud-init-per once fallocate-swapfile fallocate -l 4G /swapfile
- cloud-init-per once chmod-swapfile chmod 600 /swapfile
- cloud-init-per once mkswap-swapfile mkswap /swapfile
output:
all: '| tee -a /var/log/cloud-init-output.log'
# install_packages_all
runcmd:
- set -ex
- sleep 30
- sudo apt-get update
- sudo apt-get -y install awscli
- sudo apt-get -y install git
- sudo apt-get -y install build-essential
- sudo apt-get -y install unattended-upgrades
- sudo apt-get -y install libbz2-dev
- sudo apt-get -y install libdb-dev
- sudo apt-get -y install libffi-dev
- sudo apt-get -y install libgdbm-dev
- sudo apt-get -y install liblzma-dev
- sudo apt-get -y install libncurses5-dev
- sudo apt-get -y install libnss3-dev
- sudo apt-get -y install libreadline-dev
- sudo apt-get -y install libssl-dev
- sudo apt-get -y install libsqlite3-dev
- sudo apt-get -y install python2
- sudo apt-get -y install python3-dev
- sudo apt-get -y install python3-pip
- sudo apt-get -y install python3-venv
- sudo apt-get -y install python3-testresources
- sudo apt-get -y install zlib1g-dev
- sudo apt-get -y install redis-server
- sudo apt-get -y install nagios-nrpe-plugin
- sudo apt-get -y install monitoring-plugins
- sudo apt-get -y install nagios-nrpe-server
- sudo apt-get -y install libjson-perl
- sudo apt-get -y install libmonitoring-plugin-perl
- sudo apt-get -y install liblwp-useragent-determined-perl
- sudo apt-get -y install sysstat
- sudo apt-get -y install libarchive-tools
# Manually install java
- sudo -u ubuntu aws s3 cp --region=us-west-2 --recursive s3://t2depi-conf-prod/.aws ~ubuntu/.aws
- sudo mkdir -p /usr/lib/jvm
- sudo chmod 777 /usr/lib/jvm
- sudo tar -xzvf /home/ubuntu/.aws/jdk-11.0.3_linux-x64_bin.tar.gz --directory /usr/lib/jvm/
- sudo -u ubuntu rm -r /home/ubuntu/.aws
- sudo chmod 755 /usr/lib/jvm
- sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/jdk-11.0.3/bin/java 100
- sudo -u ubuntu mv /home/ubuntu/.ssh/authorized_keys /home/ubuntu/.ssh/authorized_keys2
- sudo -u ubuntu aws s3 cp --region=us-west-2 s3://t2depi-conf-prod/ssh-keys/prod-authorized_keys/authorized_keys /home/ubuntu/.ssh/authorized_keys
# install_packages_encoded_app
- sudo apt-get -y install apache2
- sudo apt-get -y install apache2-dev
- sudo apt-get -y install apache2-utils
- sudo apt-get -y install debhelper
- sudo apt-get -y install dh-autoreconf
- sudo apt-get -y install ssl-cert
- sudo apt-get -y install libapache2-mod-wsgi-py3
- sudo apt-get -y install w3m
- sudo apt-get -y install libjpeg8-dev
- sudo apt-get -y install libpq-dev
- sudo apt-get -y install graphviz
# install_and_setup_postgres
- sudo wget -qO - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo tee /etc/apt/pg_gpg_key
- sudo apt-key add /etc/apt/pg_gpg_key
- echo "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" | sudo tee -a /etc/apt/sources.list
- sudo apt-get update
- sudo apt-get -y install lzop
- sudo apt-get -y install pv
- sudo apt-get -y install daemontools
- sudo apt-get -y install libicu66
- sudo apt-get -y install postgresql-9.3
# install_and_setup_elasticsearch
# install_and_setup_elasticsearch
- sudo wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo tee /etc/apt/es_gpg_key
- sudo apt-key add /etc/apt/es_gpg_key
- echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list
- sudo apt-get -y install apt-transport-https
- sudo apt update
- yes |sudo apt-get -y install elasticsearch
- sudo systemctl start elasticsearch
- sudo systemctl enable elasticsearch
# install_libmagic_packages
- wget http://archive.ubuntu.com/ubuntu/pool/main/f/file/libmagic-mgc_5.38-4_amd64.deb && sudo dpkg -i libmagic-mgc_5.38-4_amd64.deb && sudo apt-get install -yf
- wget http://archive.ubuntu.com/ubuntu/pool/main/f/file/libmagic1_5.38-4_amd64.deb && sudo dpkg -i libmagic1_5.38-4_amd64.deb && sudo apt-get install -yf
- wget http://archive.ubuntu.com/ubuntu/pool/main/f/file/libmagic-dev_5.38-4_amd64.deb && sudo dpkg -i libmagic-dev_5.38-4_amd64.deb && sudo apt-get install -yf
- sudo apt --fix-broken -y install && sudo apt autoremove -y
# Ideally this would build as a different user so encoded only has read
# permissions
- MEMGIGS=$(awk '/MemTotal/{printf int($2 / 1024**2)}' /proc/meminfo)
- if [ "$MEMGIGS" -gt 12 ];
- then
- echo "-Xms8g" >> /etc/elasticsearch/jvm.options
- echo "-Xmx8g" >> /etc/elasticsearch/jvm.options
- else
- echo "-Xms4g" >> /etc/elasticsearch/jvm.options
- echo "-Xmx4g" >> /etc/elasticsearch/jvm.options
- sysctl "vm.swappiness=1"
- swapon /swapfile
- fi
- update-rc.d elasticsearch defaults
- sudo bash /etc/elasticsearch/cluster.sh %(CLUSTER_NAME)s
- sudo /usr/share/elasticsearch/bin/elasticsearch-plugin install discovery-ec2
- sudo /bin/systemctl enable elasticsearch.service
- sudo systemctl start elasticsearch.service
- mkdir /srv/encoded
- chown encoded:encoded /srv/encoded
- cd /srv/encoded
- sudo DEBIAN_FRONTEND=noninteractive apt install -y postfix
- sudo sed -i -e 's/inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
- PUBLIC_DNS_NAME="$(curl http://169.254.169.254/latest/meta-data/public-hostname)"
- sudo sed -i "/myhostname/c\myhostname = $PUBLIC_DNS_NAME" /etc/postfix/main.cf
- sudo echo "127.0.0.0 $PUBLIC_DNS_NAME" | sudo tee --append /etc/hosts
- sudo mv /etc/mailname /etc/mailname.OLD
- sudo echo "$PUBLIC_DNS_NAME" | sudo tee --append /etc/mailname
- sudo service postfix restart
- yes |sudo apt install software-properties-common
- sudo add-apt-repository -y ppa:deadsnakes/ppa
- sudo apt-get update
- sudo apt-get install -y python3.6 python3.6-dev python3.6-venv
- mkdir /opt/cloudwatchmon
- chown build:build /opt/cloudwatchmon
# - sudo -u build virtualenv --python=python2.7 /opt/cloudwatchmon
# - sudo -u build /opt/cloudwatchmon/bin/pip install -r cloudwatchmon-requirements.txt
- sudo pip install --upgrade botocore==1.12.36
users:
- default
- name: build
gecos: Build user
inactive: true
system: true
- name: encoded
gecos: ENCODE Metadata Database daemon user
inactive: true
system: true
# Specified homedir must exist
# https://github.com/rubygems/rubygems/issues/689
homedir: /srv/encoded
write_files:
- path: /etc/apt/apt.conf.d/20auto-upgrades
content: |
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
- path: /etc/apt/apt.conf.d/50unattended-upgrades
content: |
Unattended-Upgrade::Allowed-Origins {
"${distro_id} ${distro_codename}-security";
};
Unattended-Upgrade::Mail "encode-devops@lists.stanford.edu";
Unattended-Upgrade::Automatic-Reboot "false";
- path: /etc/cron.d/cloudwatchmon
content: |
*/5 * * * * nobody /opt/cloudwatchmon/bin/mon-put-instance-stats.py --mem-util --swap-util --disk-space-util --disk-path=/ --from-cron
- path: /etc/elasticsearch/elasticsearch.yml
content: |
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9299
node.master: false
node.data: true
# We can only use 4 or 5 node clusters since this is hard coded
discovery.zen.minimum_master_nodes: 3
discovery.type: ec2
cloud.aws.region: us-west-2
discovery.ec2.groups: test-elasticsearch, ssh-http-https
indices.query.bool.max_clause_count: 8192
- path: /etc/elasticsearch/cluster.sh
content: |
#!/bin/bash
name=$1
if [[ -n "$name" ]]; then
echo "cluster.name: $name" >> /etc/elasticsearch/elasticsearch.yml
echo "network.host: 0.0.0.0" >> /etc/elasticsearch/elasticsearch.yml
echo "http.port: 9200" >> /etc/elasticsearch/elasticsearch.yml
echo "transport.tcp.port: 9299" >> /etc/elasticsearch/elasticsearch.yml
echo "discovery.type: ec2" >> /etc/elasticsearch/elasticsearch.yml
echo "cloud.aws.region: us-west-2" >> /etc/elasticsearch/elasticsearch.yml
echo "node.master: false" >> /etc/elasticsearch/elasticsearch.yml
echo "node.data: true" >> /etc/elasticsearch/elasticsearch.yml
echo "discovery.zen.minimum_master_nodes: 1" >> /etc/elasticsearch/elasticsearch.yml
echo "discovery.ec2.groups: test-elasticsearch, ssh-http-https" >> /etc/elasticsearch/elasticsearch.yml
echo "indices.query.bool.max_clause_count: 8192" >> /etc/elasticsearch/elasticsearch.yml
else
echo "argument error"
fi
- path: /etc/elasticsearch/jvm.options
content: |
## GC configuration
-XX:+UseConcMarkSweepGC
-XX:CMSInitiatingOccupancyFraction=75
-XX:+UseCMSInitiatingOccupancyOnly
# disable calls to System#gc
-XX:+DisableExplicitGC
# pre-touch memory pages used by the JVM during initialization
-XX:+AlwaysPreTouch
# force the server VM (remove on 32-bit client JVMs)
-server
# explicitly set the stack size (reduce to 320k on 32-bit client JVMs)
-Xss1m
# set to headless, just in case
-Djava.awt.headless=true
# ensure UTF-8 encoding by default (e.g. filenames)
-Dfile.encoding=UTF-8
# use our provided JNA always versus the system one
-Djna.nosys=true
# use old-style file permissions on JDK9
-Djdk.io.permissionsUseCanonicalPath=true
# flags to configure Netty
-Dio.netty.noUnsafe=true
-Dio.netty.noKeySetOptimization=true
-Dio.netty.recycler.maxCapacityPerThread=0
# log4j 2
-Dlog4j.shutdownHookEnabled=false
-Dlog4j2.disable.jmx=true
-Dlog4j.skipJansi=true
# generate a heap dump when an allocation from the Java heap fails
# heap dumps are created in the working directory of the JVM
-XX:+HeapDumpOnOutOfMemoryError
- path: /etc/ssh/users_ca.pub
content: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAv/ymOcnN4LhM4NACc3Or116XXJ6KytuOgB/+1qNkOFBqBosrn7cmJ35rsoNHRgYNrCsRE9ch74RKsN6H72FtSJgBhGh/9oUK7Os6Fqt3/ZZXxgxIx6ubs/MTgrxrAnujiBxUXMXQhLKMriNMpo8mt4nGYVtLk9PBjiyfncaS8H9ZKoNio9dhP8bmTuYvioAI35dqKdSlVLyzr/XkZxia8Ki+pQ0N6uuiEwMR3ToM+LSp8wpFOOAiu4PEAujRW7us/+1hlpKWfn0J7/V3826joHE+I967Vg/+ikcVhF77J
power_state:
mode: reboot