188 lines
5.0 KiB
YAML
Executable File
188 lines
5.0 KiB
YAML
Executable File
---
|
|
- import_tasks: RedHat.yml
|
|
when: ansible_os_family == 'RedHat'
|
|
|
|
- import_tasks: Debian.yml
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Create elasticsearch.service.d folder.
|
|
file:
|
|
path: /etc/systemd/system/elasticsearch.service.d
|
|
state: directory
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
when:
|
|
- ansible_service_mgr == "systemd"
|
|
|
|
- name: Configure Elasticsearch System Resources.
|
|
template:
|
|
src: elasticsearch_systemd.conf.j2
|
|
dest: /etc/systemd/system/elasticsearch.service.d/elasticsearch.conf
|
|
owner: root
|
|
group: elasticsearch
|
|
mode: 0660
|
|
notify: restart elasticsearch
|
|
tags: configure
|
|
when:
|
|
- ansible_service_mgr == "systemd"
|
|
|
|
- name: Debian/Ubuntu | Configure Elasticsearch System Resources.
|
|
template:
|
|
src: elasticsearch_nonsystemd.j2
|
|
dest: /etc/default/elasticsearch
|
|
owner: root
|
|
group: elasticsearch
|
|
mode: 0660
|
|
notify: restart elasticsearch
|
|
tags: configure
|
|
when:
|
|
- ansible_service_mgr != "systemd"
|
|
- ansible_os_family == "Debian"
|
|
|
|
- name: RedHat/CentOS/Fedora | Configure Elasticsearch System Resources.
|
|
template:
|
|
src: elasticsearch_nonsystemd.j2
|
|
dest: /etc/sysconfig/elasticsearch
|
|
owner: root
|
|
group: elasticsearch
|
|
mode: 0660
|
|
notify: restart elasticsearch
|
|
tags: configure
|
|
when:
|
|
- ansible_service_mgr != "systemd"
|
|
- ansible_os_family == "RedHat"
|
|
|
|
- name: Configure Elasticsearch JVM memmory.
|
|
template:
|
|
src: jvm.options.j2
|
|
dest: /etc/elasticsearch/jvm.options
|
|
owner: root
|
|
group: elasticsearch
|
|
mode: 0660
|
|
notify: restart elasticsearch
|
|
tags: configure
|
|
|
|
- name: Configure disabled log4j.
|
|
template:
|
|
src: "templates/disabledlog4j.options.j2"
|
|
dest: /etc/elasticsearch/jvm.options.d/disabledlog4j.options
|
|
owner: root
|
|
group: elasticsearch
|
|
mode: 0644
|
|
force: yes
|
|
notify: restart elasticsearch
|
|
tags: install
|
|
|
|
# fix in new PR (ignore_errors)
|
|
|
|
- import_tasks: "RMRedHat.yml"
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
- import_tasks: "xpack_security.yml"
|
|
when:
|
|
- elasticsearch_xpack_security
|
|
|
|
- name: Configure Elasticsearch.
|
|
template:
|
|
src: elasticsearch.yml.j2
|
|
dest: /etc/elasticsearch/elasticsearch.yml
|
|
owner: root
|
|
group: elasticsearch
|
|
mode: 0660
|
|
notify: restart elasticsearch
|
|
tags: configure
|
|
|
|
- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf
|
|
lineinfile: # noqa 208
|
|
path: /etc/security/limits.conf
|
|
line: elasticsearch - memlock unlimited
|
|
create: yes
|
|
become: true
|
|
when:
|
|
- ansible_distribution == "Ubuntu"
|
|
- ansible_distribution_major_version | int == 14
|
|
changed_when: false
|
|
|
|
- name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.d/elasticsearch.conf
|
|
lineinfile:
|
|
path: /etc/security/limits.d/elasticsearch.conf
|
|
line: elasticsearch - memlock unlimited
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
create: yes
|
|
become: true
|
|
changed_when: false
|
|
when:
|
|
- ansible_distribution == "Ubuntu"
|
|
- ansible_distribution_major_version | int == 14
|
|
|
|
- name: Ensure extra time for Elasticsearch to start on reboots
|
|
lineinfile:
|
|
path: /usr/lib/systemd/system/elasticsearch.service
|
|
regexp: '^TimeoutStartSec='
|
|
line: "TimeoutStartSec={{ elasticsearch_start_timeout }}"
|
|
become: yes
|
|
tags: configure
|
|
|
|
- name: Ensure Elasticsearch started and enabled
|
|
service:
|
|
name: elasticsearch
|
|
enabled: true
|
|
state: started
|
|
tags:
|
|
- configure
|
|
- init
|
|
|
|
- name: Make sure Elasticsearch is running before proceeding
|
|
wait_for: host={{ elasticsearch_reachable_host }} port={{ elasticsearch_http_port }} delay=3 timeout=400
|
|
tags:
|
|
- configure
|
|
- init
|
|
|
|
- import_tasks: "RMRedHat.yml"
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
- import_tasks: "RMDebian.yml"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Wait for Elasticsearch API
|
|
uri:
|
|
url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_cluster/health/"
|
|
user: "elastic" # Default Elasticsearch user is always "elastic"
|
|
password: "{{ elasticsearch_xpack_security_password }}"
|
|
validate_certs: no
|
|
status_code: 200,401
|
|
return_content: yes
|
|
force_basic_auth: yes
|
|
timeout: 4
|
|
register: _result
|
|
until: ( _result.json is defined) and (_result.json.status == "green")
|
|
retries: 24
|
|
delay: 5
|
|
when:
|
|
- elasticsearch_xpack_users is defined
|
|
|
|
- name: Create elasticsearch users
|
|
uri:
|
|
url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_security/user/{{ item.key }}"
|
|
method: POST
|
|
body_format: json
|
|
user: "elastic"
|
|
password: "{{ elasticsearch_xpack_security_password }}"
|
|
body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }'
|
|
validate_certs: no
|
|
force_basic_auth: yes
|
|
loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}"
|
|
register: http_response
|
|
failed_when: http_response.status != 200
|
|
when:
|
|
- elasticsearch_xpack_users is defined
|
|
|
|
- name: Reload systemd configuration
|
|
systemd:
|
|
daemon_reload: true
|
|
become: yes
|
|
notify: restart elasticsearch
|