Add explicit ES user/group creation and set group for files
Change-Id: I0c829404e31b9bef12ea644686d85a69eefb14e7
PROD-related: PROD-31309
diff --git a/elasticsearch/server/init.sls b/elasticsearch/server/init.sls
index 273e214..8fac2b2 100644
--- a/elasticsearch/server/init.sls
+++ b/elasticsearch/server/init.sls
@@ -16,21 +16,41 @@
- require:
- pkg: elasticsearch_dependency_packages
+elasticsearch_group:
+ group.present:
+ - name: elasticsearch
+ - require:
+ - pkg: elasticsearch_packages
+
+elasticsearch_user:
+ user.present:
+ - name: elasticsearch
+ - home: /home/elasticsearch
+ - shell: /bin/false
+ - groups:
+ - elasticsearch
+ - require:
+ - group: elasticsearch_group
+
elasticsearch_default:
file.managed:
- name: /etc/default/elasticsearch
- source: salt://elasticsearch/files/v{{ server.version }}/elasticsearch
+ - group: elasticsearch
- template: jinja
- require:
- pkg: elasticsearch_packages
+ - user: elasticsearch_user
elasticsearch_config:
file.managed:
- name: /etc/elasticsearch/elasticsearch.yml
- source: salt://elasticsearch/files/v{{ server.version }}/elasticsearch.yml
+ - group: elasticsearch
- template: jinja
- require:
- pkg: elasticsearch_packages
+ - user: elasticsearch_user
{%- if server.version == 2 %}
elasticsearch_logging:
@@ -56,17 +76,21 @@
file.managed:
- name: /etc/elasticsearch/log4j2.properties
- source: salt://elasticsearch/files/v{{ server.version }}/log4j2.properties
+ - group: elasticsearch
- template: jinja
- require:
- pkg: elasticsearch_packages
+ - user: elasticsearch_user
elasticsearch_jvm_options:
file.managed:
- name: /etc/elasticsearch/jvm.options
- source: salt://elasticsearch/files/v{{ server.version }}/jvm.options
+ - group: elasticsearch
- template: jinja
- require:
- pkg: elasticsearch_packages
+ - user: elasticsearch_user
{%- if grains.get('init') == 'systemd' %}
elasticsearch_override_limit_memlock_file: