|
|
|
|
@ -1,101 +1,10 @@ |
|
|
|
|
--- |
|
|
|
|
|
|
|
|
|
- name: Install needed packages |
|
|
|
|
yum: |
|
|
|
|
name: |
|
|
|
|
- elasticsearch-oss |
|
|
|
|
- java-1.8.0-openjdk-headless |
|
|
|
|
tags: es |
|
|
|
|
|
|
|
|
|
- name: Deploy configuration |
|
|
|
|
template: src={{ item }}.j2 dest=/etc/elasticsearch/{{ item }} group=elasticsearch mode=660 |
|
|
|
|
loop: |
|
|
|
|
- elasticsearch.yml |
|
|
|
|
- log4j2.properties |
|
|
|
|
notify: restart elasticsearch |
|
|
|
|
tags: es |
|
|
|
|
|
|
|
|
|
- name: Ensure the data dir exists |
|
|
|
|
file: path={{ es_data_dir }} state=directory |
|
|
|
|
tags: es |
|
|
|
|
|
|
|
|
|
# We do it in two steps, so that parent dirs aren't created with restrictive permissions |
|
|
|
|
- name: Restrict permissions on data dir |
|
|
|
|
file: path={{ es_data_dir }} state=directory owner=elasticsearch group=elasticsearch mode=750 |
|
|
|
|
tags: es |
|
|
|
|
|
|
|
|
|
- name: Handle Elasticsearch port |
|
|
|
|
iptables_raw: |
|
|
|
|
name: "{{ item.name }}" |
|
|
|
|
state: "{{ (item.src_ip | length > 0) | ternary('present','absent') }}" |
|
|
|
|
rules: "-A INPUT -m state --state NEW -p tcp --dport {{ item.port }} -s {{ item.src_ip | join(',') }} -j ACCEPT" |
|
|
|
|
- include: install.yml |
|
|
|
|
- include: directories.yml |
|
|
|
|
- include: conf.yml |
|
|
|
|
- include: iptables.yml |
|
|
|
|
when: iptables_manage | default(True) |
|
|
|
|
loop: |
|
|
|
|
- port: "{{ es_port }}" |
|
|
|
|
name: es_port |
|
|
|
|
src_ip: "{{ es_src_ip }}" |
|
|
|
|
tags: firewall,es |
|
|
|
|
|
|
|
|
|
- name: Create pre/post backup dir |
|
|
|
|
file: path=/etc/backup/{{ item }}.d state=directory |
|
|
|
|
loop: |
|
|
|
|
- pre |
|
|
|
|
- post |
|
|
|
|
tags: es |
|
|
|
|
|
|
|
|
|
- name: Deploy pre and post backup script |
|
|
|
|
template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/es mode=750 |
|
|
|
|
loop: |
|
|
|
|
- pre |
|
|
|
|
- post |
|
|
|
|
tags: es |
|
|
|
|
|
|
|
|
|
- name: Create backup dir |
|
|
|
|
file: path={{ es_backup_dir }} state=directory owner=elasticsearch group=elasticsearch mode=700 |
|
|
|
|
tags: es |
|
|
|
|
|
|
|
|
|
- name: Create systemd unit snippet dir |
|
|
|
|
file: path=/etc/systemd/system/elasticsearch.service.d state=directory |
|
|
|
|
tags: es |
|
|
|
|
|
|
|
|
|
- name: Customize systemd unit |
|
|
|
|
copy: |
|
|
|
|
content: | |
|
|
|
|
[Service] |
|
|
|
|
ProtectSystem=full |
|
|
|
|
PrivateDevices=yes |
|
|
|
|
ProtectHome=yes |
|
|
|
|
NoNewPrivileges=yes |
|
|
|
|
SyslogIdentifier=elasticsearch |
|
|
|
|
Restart=on-failure |
|
|
|
|
ExecStart= |
|
|
|
|
ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid |
|
|
|
|
dest: /etc/systemd/system/elasticsearch.service.d/ansible.conf |
|
|
|
|
register: es_unit |
|
|
|
|
notify: restart elasticsearch |
|
|
|
|
tags: es |
|
|
|
|
|
|
|
|
|
- name: Reload systemd |
|
|
|
|
systemd: daemon_reload=True |
|
|
|
|
when: es_unit.changed |
|
|
|
|
tags: es |
|
|
|
|
|
|
|
|
|
- name: Start and enable the service |
|
|
|
|
service: name=elasticsearch state=started enabled=True |
|
|
|
|
tags: es |
|
|
|
|
- include: services.yml |
|
|
|
|
- include: backup.yml |
|
|
|
|
|
|
|
|
|
- name: Declare repo in ElasticSearch |
|
|
|
|
uri: |
|
|
|
|
url: http://localhost:{{ es_port }}/_snapshot/lbkp |
|
|
|
|
method: PUT |
|
|
|
|
body: |
|
|
|
|
type: fs |
|
|
|
|
settings: |
|
|
|
|
compress: True |
|
|
|
|
location: "{{ es_backup_dir }}" |
|
|
|
|
body_format: json |
|
|
|
|
register: es_lbkp |
|
|
|
|
until: es_lbkp.failed == False |
|
|
|
|
retries: 10 |
|
|
|
|
delay: 10 |
|
|
|
|
tags: es |
|
|
|
|
|
Daniel Berteaud
3 years ago