diff --git a/manifests/config.pp b/manifests/config.pp index ecc45943d..245541320 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -181,6 +181,15 @@ mode => '0440', } + file { "${elasticsearch::configdir}/jvm.options": + ensure => 'file', + notify => $elasticsearch::_notify_service, + require => Class['elasticsearch::package'], + owner => $elasticsearch::elasticsearch_user, + group => $elasticsearch::elasticsearch_group, + mode => '0640', + } + if ($elasticsearch::version != false and versioncmp($elasticsearch::version, '7.7.0') >= 0) { # https://www.elastic.co/guide/en/elasticsearch/reference/master/advanced-configuration.html#set-jvm-options # https://github.com/elastic/elasticsearch/pull/51882 @@ -220,7 +229,7 @@ } # Add secrets to keystore - if $elasticsearch::secrets != undef { + if ($elasticsearch::manage_secrets and $elasticsearch::secrets != undef) { elasticsearch_keystore { 'elasticsearch_secrets': configdir => $elasticsearch::configdir, purge => $elasticsearch::purge_secrets, diff --git a/manifests/init.pp b/manifests/init.pp index e97ad1217..3fb45e5d5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -174,6 +174,9 @@ # @param manage_repo # Enable repo management by enabling official Elastic repositories. # +# @param manage_secrets +# Enable secret management through the use of elastic-keystore. +# # @param oss # Whether to use the purely open source Elasticsearch package distribution. # @@ -387,6 +390,7 @@ Boolean $manage_datadir, Boolean $manage_logdir, Boolean $manage_repo, + Boolean $manage_secrets, Boolean $oss, Stdlib::Absolutepath $package_dir, Integer $package_dl_timeout,