From 690d0a7863ea7805db556344b5040d859928b05b Mon Sep 17 00:00:00 2001 From: Oleksandr Kuzminskyi Date: Fri, 6 Mar 2026 13:40:15 -0800 Subject: [PATCH] Enable bootstrap.memory_lock for Elasticsearch nodes (development) (#255) Gate on $facts['elasticsearch']['memory_lock'] so existing nodes without the fact are unaffected. When enabled: - Set bootstrap.memory_lock: true in elasticsearch.yml - Add systemd override with LimitMEMLOCK=infinity - Set vm.swappiness=1 via sysctl --- debian/changelog | 6 +++++ .../profile/manifests/elastic/config.pp | 24 +++++++++++++++++++ .../profile/templates/elasticsearch.yml.erb | 4 ++++ 3 files changed, 34 insertions(+) diff --git a/debian/changelog b/debian/changelog index 0d93bb0..d898551 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +puppet-code (0.1.0-1build291) noble; urgency=medium + + * commit event. see changes history in git log + + -- root Fri, 06 Mar 2026 21:40:17 +0000 + puppet-code (0.1.0-1build290) noble; urgency=medium * commit event. see changes history in git log diff --git a/environments/development/modules/profile/manifests/elastic/config.pp b/environments/development/modules/profile/manifests/elastic/config.pp index 74736a1..81811d2 100644 --- a/environments/development/modules/profile/manifests/elastic/config.pp +++ b/environments/development/modules/profile/manifests/elastic/config.pp @@ -37,4 +37,28 @@ ], } + if $facts.dig('elasticsearch', 'memory_lock') { + file { '/etc/systemd/system/elasticsearch.service.d': + ensure => directory, + } + + file { '/etc/systemd/system/elasticsearch.service.d/override.conf': + ensure => file, + content => "[Service]\nLimitMEMLOCK=infinity\n", + notify => Exec['reload-systemd-for-elastic'], + require => File['/etc/systemd/system/elasticsearch.service.d'], + } + + file { '/etc/sysctl.d/99-elasticsearch.conf': + ensure => file, + content => "vm.swappiness = 1\n", + notify => Exec['apply-elasticsearch-sysctl'], + } + + exec { 'apply-elasticsearch-sysctl': + command => '/sbin/sysctl -p /etc/sysctl.d/99-elasticsearch.conf', + refreshonly => true, + } + } + } diff --git a/environments/development/modules/profile/templates/elasticsearch.yml.erb b/environments/development/modules/profile/templates/elasticsearch.yml.erb index c35e567..3bbddfc 100644 --- a/environments/development/modules/profile/templates/elasticsearch.yml.erb +++ b/environments/development/modules/profile/templates/elasticsearch.yml.erb @@ -37,4 +37,8 @@ xpack.security.authc: roles: <%= @elastic_monitoring_role_name %> authz_exception: true +<% if @facts.dig('elasticsearch', 'memory_lock') -%> +bootstrap.memory_lock: true + +<% end -%> logger.org.elasticsearch.discovery.ec2: "INFO"