193 lines
5.6 KiB
YAML
193 lines
5.6 KiB
YAML
---
|
|
- import_tasks: RedHat.yml
|
|
when: ansible_os_family == 'RedHat'
|
|
|
|
- import_tasks: Debian.yml
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Create elasticsearch.service.d folder.
|
|
file: path=/etc/systemd/system/elasticsearch.service.d/ state=directory
|
|
when:
|
|
- ansible_service_mgr == "systemd"
|
|
|
|
- name: Configure Elasticsearch System Resources.
|
|
template:
|
|
src: elasticsearch_systemd.conf.j2
|
|
dest: /etc/systemd/system/elasticsearch.service.d/elasticsearch.conf
|
|
owner: root
|
|
group: elasticsearch
|
|
mode: 0660
|
|
notify: restart elasticsearch
|
|
tags: configure
|
|
when:
|
|
- ansible_service_mgr == "systemd"
|
|
|
|
- name: Debian/Ubuntu | Configure Elasticsearch System Resources.
|
|
template:
|
|
src: elasticsearch_nonsystemd.j2
|
|
dest: /etc/default/elasticsearch
|
|
owner: root
|
|
group: elasticsearch
|
|
mode: 0660
|
|
notify: restart elasticsearch
|
|
tags: configure
|
|
when:
|
|
- ansible_service_mgr != "systemd"
|
|
- ansible_os_family == "Debian"
|
|
|
|
- name: RedHat/CentOS/Fedora | Configure Elasticsearch System Resources.
|
|
template:
|
|
src: elasticsearch_nonsystemd.j2
|
|
dest: /etc/sysconfig/elasticsearch
|
|
owner: root
|
|
group: elasticsearch
|
|
mode: 0660
|
|
notify: restart elasticsearch
|
|
tags: configure
|
|
when:
|
|
- ansible_service_mgr != "systemd"
|
|
- ansible_os_family == "RedHat"
|
|
|
|
- name: Configure Elasticsearch.
|
|
template:
|
|
src: elasticsearch.yml.j2
|
|
dest: /etc/elasticsearch/elasticsearch.yml
|
|
owner: root
|
|
group: elasticsearch
|
|
mode: 0660
|
|
notify: restart elasticsearch
|
|
tags: configure
|
|
|
|
- name: Configure Elasticsearch JVM memmory.
|
|
template:
|
|
src: jvm.options.j2
|
|
dest: /etc/elasticsearch/jvm.options
|
|
owner: root
|
|
group: elasticsearch
|
|
mode: 0660
|
|
notify: restart elasticsearch
|
|
tags: configure
|
|
|
|
# fix in new PR (ignore_errors)
|
|
|
|
- name: Write the instances.yml file in the selected node (force = no)
|
|
template:
|
|
src: instances.yml.j2
|
|
dest: "{{node_certs_source}}/instances.yml"
|
|
force: no
|
|
tags:
|
|
- config
|
|
- xpack-security
|
|
when:
|
|
- node_certs_generator
|
|
- elasticsearch_xpack_security
|
|
|
|
- name: Update instances.yml status after generation
|
|
stat:
|
|
path: "{{node_certs_source}}/instances.yml"
|
|
register: instances_file_exists
|
|
when:
|
|
- node_certs_generator
|
|
- elasticsearch_xpack_security
|
|
|
|
- name: Check if the certificates ZIP file exists
|
|
stat:
|
|
path: "{{node_certs_source}}/certs.zip"
|
|
register: xpack_certs_zip
|
|
when:
|
|
- node_certs_generator
|
|
- elasticsearch_xpack_security
|
|
|
|
- name: Generating certificates for Elasticsearch security
|
|
shell: "/usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in {{node_certs_source}}/instances.yml --out {{node_certs_source}}/certs.zip"
|
|
when:
|
|
- node_certs_generator
|
|
- instances_file_exists.stat.exists
|
|
- elasticsearch_xpack_security
|
|
- not xpack_certs_zip.stat.exists
|
|
tags: xpack-security
|
|
|
|
- name: Unzip generated certs.zip
|
|
unarchive:
|
|
src: "{{node_certs_source}}/certs.zip"
|
|
dest: "{{node_certs_source}}/"
|
|
remote_src: yes
|
|
when:
|
|
- node_certs_generator
|
|
- elasticsearch_xpack_security
|
|
tags: xpack-security
|
|
|
|
- name: Copy key & certificate files in generator node (locally)
|
|
synchronize:
|
|
src: "{{node_certs_source}}/{{elasticsearch_node_name}}/"
|
|
dest: "{{node_certs_destination}}/"
|
|
delegate_to: "{{ node_certs_generator_ip }}"
|
|
when:
|
|
- node_certs_generator
|
|
- elasticsearch_xpack_security
|
|
tags: xpack-security
|
|
|
|
- name: Copy ca certificate file in generator node (locally)
|
|
synchronize:
|
|
src: "{{node_certs_source}}/ca/"
|
|
dest: "{{node_certs_destination}}/"
|
|
delegate_to: "{{ node_certs_generator_ip }}"
|
|
when:
|
|
- node_certs_generator
|
|
- elasticsearch_xpack_security
|
|
tags: xpack-security
|
|
|
|
- name: Remove generated certs file
|
|
shell: /bin/rm -f {{node_certs_source}}/certs.zip*
|
|
when:
|
|
- node_certs_generator
|
|
- elasticsearch_xpack_security
|
|
tags: xpack-security
|
|
|
|
- name: Importing key & certificate files from generator node
|
|
shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{elasticsearch_node_name}}/ {{node_certs_destination}}/"
|
|
when:
|
|
- not node_certs_generator
|
|
- elasticsearch_xpack_security
|
|
tags: xpack-security
|
|
|
|
- name: Importing ca certificate file from generator node
|
|
shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/"
|
|
when:
|
|
- not node_certs_generator
|
|
- elasticsearch_xpack_security
|
|
tags: xpack-security
|
|
|
|
- name: Set elasticsearch bootstrap password
|
|
shell: "echo '{{elasticsearch_xpack_security_password}}' | {{node_certs_source}}/bin/elasticsearch-keystore add -xf 'bootstrap.password'"
|
|
when:
|
|
- elasticsearch_xpack_security
|
|
|
|
- name: Reload systemd
|
|
systemd: daemon_reload=true
|
|
ignore_errors: true
|
|
when:
|
|
- not (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
|
|
- not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('15.04', '<'))
|
|
- not (ansible_distribution == "Debian" and ansible_distribution_version is version('8', '<'))
|
|
|
|
- name: Ensure Elasticsearch started and enabled
|
|
ignore_errors: true
|
|
service:
|
|
name: elasticsearch
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Make sure Elasticsearch is running before proceeding
|
|
wait_for: host={{ elasticsearch_network_host }} port={{ elasticsearch_http_port }} delay=3 timeout=300
|
|
tags:
|
|
- configure
|
|
- init
|
|
|
|
- import_tasks: "RMRedHat.yml"
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
|
|
- import_tasks: "RMDebian.yml"
|
|
when: ansible_os_family == "Debian"
|