Revision 909c5b469173873a51e30ab564d67badf6795ec8 authored by jenjou on 17 June 2019, 20:49:28 UTC, committed by Casey Litton on 17 June 2019, 20:49:28 UTC
1 parent 3fd7ac7
cloud-config-elasticsearch.yml
#cloud-config
ssh_authorized_keys:
- %(LOCAL_SSH_KEY)s
apt_sources:
- source: "ppa:linuxuprising/java"
- source: "deb https://artifacts.elastic.co/packages/5.x/apt stable main"
key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)
mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBD
A+bGFOwyhbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9
CUliQe324qvObU2QRtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZ
j3SF1SPO+TB5QrHkrQHBsmX+Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd
1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD
2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEBAAG0RUVsYXN0aWNzZWFyY2gg
KEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3BzQGVsYXN0aWNzZWFy
Y2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgEC
F4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75
nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/
7C2GuGCOlbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKm
TxcDTFrV7SmVPxCBcQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe
8d7sw+XvxB2aN4gnTlRzjL1nTRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/
eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUl
zcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNMKGTABFG1yRx9r+wa/fvqP6OT
RzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hplnpU+PBQZJ5XJ2I+
1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA07xx7Bj+
Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt
KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0Kww
EwSk/UDuToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0
c3MIAIE9hAR20mqJWLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12J
TavnJ5MLaETlggXY+zDef9syTPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j
6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZEyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7
vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWgR7U2r+a210W6vnUxU4oN0PmM
cursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNtfllxIu9XYmiBERQ/
qPDlGRlOgVTd9xUfHFkzB52c70E=
=92oX
-----END PGP PUBLIC KEY BLOCK-----
bootcmd:
- set -ex
- cloud-init-per once accepted-oracle-license-v1-2 echo "oracle-java11-installer shared/accepted-oracle-license-v1-2 select true" | debconf-set-selections
- cloud-init-per once fallocate-swapfile fallocate -l 4G /swapfile
- cloud-init-per once chmod-swapfile chmod 600 /swapfile
- cloud-init-per once mkswap-swapfile mkswap /swapfile
package_upgrade: true
packages:
- awscli
- build-essential
- elasticsearch
- libssl-dev
- oracle-java11-installer
- oracle-java11-set-default
- python2.7-dev
- python3.4-dev
- python-software-properties
- python-virtualenv
- unattended-upgrades
- bsd-mailx
power_state:
mode: reboot
output:
all: '| tee -a /var/log/cloud-init-output.log'
runcmd:
- sudo -u ubuntu mv /home/ubuntu/.ssh/authorized_keys /home/ubuntu/.ssh/authorized_keys2
- sudo -u ubuntu aws s3 cp --region=us-west-2 %(S3_AUTH_KEYS)s /home/ubuntu/.ssh/authorized_keys
- MEMGIGS=$(awk '/MemTotal/{printf int($2 / 1024**2)}' /proc/meminfo)
- if test "%(ES_MASTER)s" = "true"
- then
- if [ "$MEMGIGS" -gt 32 ]
- then
- echo "-Xms16g" >> /etc/elasticsearch/jvm.options
- echo "-Xmx16g" >> /etc/elasticsearch/jvm.options
- else
- if [ "$MEMGIGS" -gt 12 ]
- then
- echo "-Xms8g" >> /etc/elasticsearch/jvm.options
- echo "-Xmx8g" >> /etc/elasticsearch/jvm.options
- else
- echo "-Xms4g" >> /etc/elasticsearch/jvm.options
- echo "-Xmx4g" >> /etc/elasticsearch/jvm.options
- sysctl "vm.swappiness=1"
- swapon /swapfile
- fi
- fi
- else
- if [ "$MEMGIGS" -gt 12 ]
- then
- echo "-Xms8g" >> /etc/elasticsearch/jvm.options
- echo "-Xmx8g" >> /etc/elasticsearch/jvm.options
- else
- echo "-Xms4g" >> /etc/elasticsearch/jvm.options
- echo "-Xmx4g" >> /etc/elasticsearch/jvm.options
- sysctl "vm.swappiness=1"
- swapon /swapfile
- fi
- fi
- set -ex
- update-rc.d elasticsearch defaults
- sudo bash /etc/elasticsearch/cluster.sh %(CLUSTER_NAME)s
- sudo /usr/share/elasticsearch/bin/elasticsearch-plugin install discovery-ec2
- service elasticsearch restart
- mkdir /srv/encoded
- chown encoded:encoded /srv/encoded
- cd /srv/encoded
- curl https://raw.githubusercontent.com/ENCODE-DCC/encoded/master/cloudwatchmon-requirements.txt > cloudwatchmon-requirements.txt
- sudo sed -i -e 's/inet_interfaces = all/inet_interfaces = loopback-only/g' /etc/postfix/main.cf
- PUBLIC_DNS_NAME="$(curl http://169.254.169.254/latest/meta-data/public-hostname)"
- sudo sed -i "/myhostname/c\myhostname = $PUBLIC_DNS_NAME" /etc/postfix/main.cf
- sudo echo "127.0.0.0 $PUBLIC_DNS_NAME" | sudo tee --append /etc/hosts
- sudo mv /etc/mailname /etc/mailname.OLD
- sudo echo "$PUBLIC_DNS_NAME" | sudo tee --append /etc/mailname
- sudo service postfix restart
- mkdir /opt/cloudwatchmon
- chown build:build /opt/cloudwatchmon
- sudo -u build virtualenv --python=python2.7 /opt/cloudwatchmon
- sudo -u build /opt/cloudwatchmon/bin/pip install -r cloudwatchmon-requirements.txt
users:
- default
- name: build
gecos: Build user
inactive: true
system: true
- name: encoded
gecos: ENCODE Metadata Database daemon user
inactive: true
system: true
homedir: /srv/encoded
write_files:
- path: /etc/apt/apt.conf.d/20auto-upgrades
content: |
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
- path: /etc/apt/apt.conf.d/50unattended-upgrades
content: |
Unattended-Upgrade::Allowed-Origins {
"${distro_id} ${distro_codename}-security";
};
Unattended-Upgrade::Mail "encode-devops@lists.stanford.edu";
Unattended-Upgrade::Automatic-Reboot "false";
- path: /etc/cron.d/cloudwatchmon
content: |
*/5 * * * * nobody /opt/cloudwatchmon/bin/mon-put-instance-stats.py --mem-util --swap-util --disk-space-util --disk-path=/ --from-cron
- path: /etc/elasticsearch/elasticsearch.yml
content: |
network.host: 0.0.0.0
http.port: 9201
transport.tcp.port: 9299
node.master: %(ES_MASTER)s
node.data: %(ES_DATA)s
discovery.zen.minimum_master_nodes: %(MIN_MASTER_NODES)s
discovery.type: ec2
cloud.aws.region: us-west-2
discovery.ec2.groups: elasticsearch-https, ssh-http-https
indices.query.bool.max_clause_count: 8192
- path: /etc/elasticsearch/cluster.sh
content: |
#!/bin/bash
name=$1
if [[ -n "$name" ]]; then
echo "cluster.name: $name" >> /etc/elasticsearch/elasticsearch.yml
else
echo "argument error"
fi
- path: /etc/elasticsearch/jvm.options
content: |
-XX:+UseConcMarkSweepGC
-XX:CMSInitiatingOccupancyFraction=75
-XX:+UseCMSInitiatingOccupancyOnly
-XX:+DisableExplicitGC
-XX:+AlwaysPreTouch
-server
-Xss1m
-Djava.awt.headless=true
-Dfile.encoding=UTF-8
-Djna.nosys=true
-Djdk.io.permissionsUseCanonicalPath=true
-Dio.netty.noUnsafe=true
-Dio.netty.noKeySetOptimization=true
-Dio.netty.recycler.maxCapacityPerThread=0
-Dlog4j.shutdownHookEnabled=false
-Dlog4j2.disable.jmx=true
-Dlog4j.skipJansi=true
-XX:+HeapDumpOnOutOfMemoryError
Computing file changes ...