From 61f680dc97f48b7c4b3755e191fa26c266dbb0f3 Mon Sep 17 00:00:00 2001 From: Petr Slavik Date: Tue, 2 Sep 2025 18:19:14 +0200 Subject: [PATCH] commit --- elasticsearch-revert.yml | 102 ++++++++++++++++++++++++++ elasticsearch.yml | 128 +++++++++++++++++++++++++++++++++ templates/elasticsearch.yml.j2 | 47 ++++++++++++ templates/jvm.options.j2 | 5 ++ 4 files changed, 282 insertions(+) create mode 100644 elasticsearch-revert.yml create mode 100644 elasticsearch.yml create mode 100644 templates/elasticsearch.yml.j2 create mode 100644 templates/jvm.options.j2 diff --git a/elasticsearch-revert.yml b/elasticsearch-revert.yml new file mode 100644 index 0000000..f751c1f --- /dev/null +++ b/elasticsearch-revert.yml @@ -0,0 +1,102 @@ +--- +- name: Uninstall and Revert Elasticsearch Configuration + hosts: elasticsearch_hosts + become: true + vars: + # Set this to 'false' if you want to keep Java (OpenJDK) installed on the system + # because other applications might be using it. + remove_java: true + + tasks: + - name: "BLOCK: Stop and Remove Elasticsearch Service" + block: + - name: Stop and disable Elasticsearch service + ansible.builtin.systemd: + name: elasticsearch + state: stopped + enabled: false + ignore_errors: true # Ignore errors if the service doesn't exist + + - name: Purge Elasticsearch package and its config files + ansible.builtin.apt: + name: elasticsearch + state: absent + autoremove: true + purge: true + ignore_errors: true # Ignore errors if the package isn't installed + + - name: "BLOCK: Clean Up Elasticsearch Files and Directories" + block: + # --- MODIFIED SECTION START --- + - name: Find all contents within the /var/lib/elasticsearch mountpoint + ansible.builtin.find: + paths: /var/lib/elasticsearch + hidden: true + register: contents_to_delete + + - name: Delete all contents found within the mountpoint (leaving the mountpoint itself) + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + loop: "{{ contents_to_delete.files | sort(attribute='path', reverse=true) }}" + loop_control: + label: "{{ item.path }}" + # --- MODIFIED SECTION END --- + + - name: Remove Elasticsearch log directory + ansible.builtin.file: + path: /var/log/elasticsearch + state: absent + + - name: Remove Elasticsearch config directory (just in case purge missed it) + ansible.builtin.file: + path: /etc/elasticsearch + state: absent + + - name: "BLOCK: Remove APT Repository and GPG Key" + block: + - name: Remove Elasticsearch APT repository + ansible.builtin.apt_repository: + repo: "deb https://artifacts.elastic.co/packages/9.x/apt stable main" + state: absent + filename: elastic-9.x + + - name: Remove Elasticsearch GPG key + ansible.builtin.file: + path: /etc/apt/trusted.gpg.d/elasticsearch.gpg + state: absent + + - name: "BLOCK: Revert System Tuning" + block: + - name: Revert vm.max_map_count setting + ansible.posix.sysctl: + name: vm.max_map_count + state: absent + reload: true + + - name: Remove Elasticsearch user memory limit + community.general.pam_limits: + domain: "elasticsearch" + limit_type: "-" + limit_item: "memlock" + state: absent + + - name: Remove Elasticsearch user file descriptor limit + community.general.pam_limits: + domain: "elasticsearch" + limit_type: "-" + limit_item: "nofile" + state: absent + + - name: "BLOCK: (Optional) Uninstall Java" + block: + - name: Uninstall OpenJDK package + ansible.builtin.apt: + name: openjdk-21-jdk + state: absent + autoremove: true + when: remove_java + + - name: Final APT cache update + ansible.builtin.apt: + update_cache: true diff --git a/elasticsearch.yml b/elasticsearch.yml new file mode 100644 index 0000000..aace698 --- /dev/null +++ b/elasticsearch.yml @@ -0,0 +1,128 @@ +--- +- name: Install and Configure Elasticsearch 9 + hosts: elasticsearch # Target your hosts here (e.g., from your inventory file) + become: true + vars: + # UPDATED: Set to a specific version 9 release for predictable deployments. + es_version: "9.0.0" # Change to the specific ES9 version you want to deploy + es_cluster_name: "cluster-v9" + es_node_name: "{{ ansible_hostname }}" + es_network_host: "{{ ansible_default_ipv4.address }}" # Binds to the primary private IP + es_heap_size: "{{ (ansible_memtotal_mb * 0.5) | int }}m" # Use 50% of total RAM. For 32GB RAM, this sets ~16GB. + + # --- For multi-node clusters, override these in your inventory --- + es_seed_hosts: ["{{ es_network_host }}"] + es_initial_master_nodes: ["{{ es_node_name }}"] + + tasks: + - name: "BLOCK: System Preparation" + block: + - name: Update APT package cache + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 + + - name: Install prerequisite packages + ansible.builtin.apt: + name: + - apt-transport-https + - ca-certificates + - gnupg + # UPDATED: Elasticsearch 9 requires Java 21+ + - openjdk-21-jdk + state: present + + - name: "BLOCK: System Tuning for Elasticsearch" + block: + - name: Set vm.max_map_count for Elasticsearch + ansible.posix.sysctl: + name: vm.max_map_count + value: "262144" + state: present + reload: true + + - name: Set Elasticsearch user memory limit + community.general.pam_limits: + domain: "elasticsearch" + limit_type: "-" + limit_item: "memlock" + value: "unlimited" + comment: "Allow memory locking" + + - name: Set Elasticsearch user file descriptor limit + community.general.pam_limits: + domain: "elasticsearch" + limit_type: "-" + limit_item: "nofile" + value: "65536" + comment: "Set max open files" + + - name: "BLOCK: Install Elasticsearch" + block: + - name: Download Elasticsearch GPG key + ansible.builtin.get_url: + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + dest: "/tmp/GPG-KEY-elasticsearch" + mode: '0644' + + - name: De-armor the GPG key + ansible.builtin.command: + cmd: "gpg --dearmor -o /etc/apt/trusted.gpg.d/elasticsearch.gpg /tmp/GPG-KEY-elasticsearch" + creates: "/etc/apt/trusted.gpg.d/elasticsearch.gpg" + + - name: Add Elasticsearch 9.x APT repository + # UPDATED: Repository path changed from 8.x to 9.x + ansible.builtin.apt_repository: + repo: "deb https://artifacts.elastic.co/packages/9.x/apt stable main" + state: present + filename: elastic-9.x + + - name: Install Elasticsearch package + ansible.builtin.apt: + name: "elasticsearch={{ es_version }}" + state: present + update_cache: true + + - name: "BLOCK: Configure Elasticsearch" + block: + - name: Configure elasticsearch.yml + ansible.builtin.template: + src: templates/elasticsearch.yml.j2 + dest: /etc/elasticsearch/elasticsearch.yml + owner: root + group: elasticsearch + mode: '0660' + notify: Restart Elasticsearch + + - name: Configure JVM heap size + ansible.builtin.template: + src: templates/jvm.options.j2 + dest: /etc/elasticsearch/jvm.options.d/heap_size.options + owner: root + group: root + mode: '0644' + notify: Restart Elasticsearch + + - name: Flush handlers to apply config changes before starting the service + ansible.builtin.meta: flush_handlers + + - name: Enable and ensure Elasticsearch service is started + ansible.builtin.systemd: + name: elasticsearch + state: started + enabled: true + daemon_reload: true + + - name: Wait for Elasticsearch to start up on port 9200 + ansible.builtin.wait_for: + host: "{{ es_network_host }}" + port: 9200 + delay: 10 + timeout: 120 + delegate_to: localhost + + handlers: + - name: Restart Elasticsearch + ansible.builtin.systemd: + name: elasticsearch + state: restarted diff --git a/templates/elasticsearch.yml.j2 b/templates/elasticsearch.yml.j2 new file mode 100644 index 0000000..e4ca61c --- /dev/null +++ b/templates/elasticsearch.yml.j2 @@ -0,0 +1,47 @@ +# ======================== Elasticsearch Configuration ========================= +# ANSIBLE MANAGED FILE: Do not edit directly. Changes will be overwritten. +# +# ---------------------------------- Cluster ----------------------------------- +cluster.name: "{{ es_cluster_name }}" + +# ------------------------------------ Node ------------------------------------ +node.name: "{{ es_node_name }}" + +# ----------------------------------- Paths ------------------------------------ +path.data: /var/lib/elasticsearch +path.logs: /var/log/elasticsearch + +# ----------------------------------- Memory ----------------------------------- +# Lock the memory on startup to prevent the OS from swapping it out. +bootstrap.memory_lock: true + +# ---------------------------------- Network ----------------------------------- +# Bind to the host's private IP address for cluster communication. +network.host: "{{ es_network_host }}" +http.port: 9200 + +# --------------------------------- Discovery ---------------------------------- +# A list of hosts to contact to discover the cluster. +discovery.seed_hosts: {{ es_seed_hosts | to_json }} + +# Bootstrap the cluster using an initial set of master-eligible nodes. +cluster.initial_master_nodes: {{ es_initial_master_nodes | to_json }} + +# ---------------------------------- Security ---------------------------------- +# Security features are enabled by default on Elasticsearch 8.0+ +# On first start, a password for the 'elastic' user and a Kibana enrollment +# token will be generated in the output of the 'elasticsearch' service. +# You can also generate them manually later. +xpack.security.enabled: true +xpack.security.enrollment.enabled: true + +# These settings configure TLS for HTTP and transport (inter-node) layers. +# Elasticsearch automatically generates these certificates on first startup. +xpack.security.http.ssl: + enabled: true + keystore.path: certs/http.p12 +xpack.security.transport.ssl: + enabled: true + verification_mode: certificate + keystore.path: certs/transport.p12 + truststore.path: certs/transport.p12 diff --git a/templates/jvm.options.j2 b/templates/jvm.options.j2 new file mode 100644 index 0000000..e735bf1 --- /dev/null +++ b/templates/jvm.options.j2 @@ -0,0 +1,5 @@ +# ANSIBLE MANAGED FILE: Sets the JVM heap size for Elasticsearch. +# Set initial and maximum heap size to the same value to avoid +# pauses due to heap resizing at runtime. +-Xms{{ es_heap_size }} +-Xmx{{ es_heap_size }}