At $WORK I have been tasked with building a centralized logging infrastructure. After researching theĀ availableĀ options I came across the following blog: edgeofsanity.net. The author is implementing centralized logging with Kibana and Logstash.
So I am following along, but since we only have 200 servers I am only building 2 servers, one to host Kibana and one running elasticsearch.
I spent most of today configuring puppet to install, configure, and start elasticsearch. I started with this module, but heavily modified it. I added directives for es_mem_size, cluster_name, and cluster_nodes as well as an init script. Since the new module is in my work repository I will need to clean it up before it is released. Below is the puppet node definition:
node es01 inherits default { include rootkey, iptables ipt_fragment { "ssh" : ensure => present } ipt_fragment { "http_es" : ensure => present } ipt_fragment { "snmp" : ensure => present } class { "snmp": syslocation => 'VM Tier2', syscontact => 'email@example.com', rocommunity => "not_public", } class { "elasticsearch" : version => "0.20.6", install_root => "/opt", es_mem_size => "2g", cluster_name => "logging", #cluster_nodes => ['node1.fqdn', 'node2.fqdn'], # module always adds current node to this list } } |