From: Dmitry Kalashnik <dkalashnik@mirantis.com>
Date: Fri, 21 Jun 2019 08:52:11 +0000 (+0400)
Subject: Add explicit ES user/group creation and set group for files
X-Git-Url: https://gerrit.mcp.mirantis.com/gitweb?p=salt-formulas%2Felasticsearch.git;a=commitdiff_plain;h=refs%2Fchanges%2F22%2F44422%2F5

Add explicit ES user/group creation and set group for files

Change-Id: I0c829404e31b9bef12ea644686d85a69eefb14e7
PROD-related: PROD-31309
(cherry picked from commit 7a3a659bbe9cd23e542baeb2a9c8820d4b91ec83)
---

diff --git a/elasticsearch/server/init.sls b/elasticsearch/server/init.sls
index e8ae754..3421aea 100644
--- a/elasticsearch/server/init.sls
+++ b/elasticsearch/server/init.sls
@@ -16,21 +16,41 @@ elasticsearch_packages:
   - require:
     - pkg: elasticsearch_dependency_packages
 
+elasticsearch_group:
+  group.present:
+  - name: elasticsearch
+  - require:
+    - pkg: elasticsearch_packages
+
+elasticsearch_user:
+  user.present:
+  - name: elasticsearch
+  - home: /home/elasticsearch
+  - shell: /bin/false
+  - groups:
+    - elasticsearch
+  - require:
+    - group: elasticsearch_group
+
 elasticsearch_default:
   file.managed:
   - name: /etc/default/elasticsearch
   - source: salt://elasticsearch/files/v{{ server.version }}/elasticsearch
+  - group: elasticsearch
   - template: jinja
   - require:
     - pkg: elasticsearch_packages
+    - user: elasticsearch_user
 
 elasticsearch_config:
   file.managed:
   - name: /etc/elasticsearch/elasticsearch.yml
   - source: salt://elasticsearch/files/v{{ server.version }}/elasticsearch.yml
+  - group: elasticsearch
   - template: jinja
   - require:
     - pkg: elasticsearch_packages
+    - user: elasticsearch_user
 
 {%- if server.version == 2 %}
 elasticsearch_logging:
@@ -47,17 +67,21 @@ elasticsearch_logging:
   file.managed:
   - name: /etc/elasticsearch/log4j2.properties
   - source: salt://elasticsearch/files/v{{ server.version }}/log4j2.properties
+  - group: elasticsearch
   - template: jinja
   - require:
     - pkg: elasticsearch_packages
+    - user: elasticsearch_user
 
 elasticsearch_jvm_options:
   file.managed:
   - name: /etc/elasticsearch/jvm.options
   - source: salt://elasticsearch/files/v{{ server.version }}/jvm.options
+  - group: elasticsearch
   - template: jinja
   - require:
     - pkg: elasticsearch_packages
+    - user: elasticsearch_user
 
 {%- if grains.get('init') == 'systemd' %}
 elasticsearch_override_limit_memlock_file: