ptrslvk/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

commit

Browse Source
This commit is contained in:
Petr Slavik
2025-09-02 18:19:14 +02:00
parent c3b393694f
commit 61f680dc97
4 changed files with 282 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
elasticsearch-revert.yml Normal file
View File

@ -0,0 +1,102 @@
---
- name: Uninstall and Revert Elasticsearch Configuration
hosts: elasticsearch_hosts
become: true
vars:
# Set this to 'false' if you want to keep Java (OpenJDK) installed on the system
# because other applications might be using it.
remove_java: true
tasks:
- name: "BLOCK: Stop and Remove Elasticsearch Service"
block:
- name: Stop and disable Elasticsearch service
ansible.builtin.systemd:
name: elasticsearch
state: stopped
enabled: false
ignore_errors: true # Ignore errors if the service doesn't exist
- name: Purge Elasticsearch package and its config files
ansible.builtin.apt:
name: elasticsearch
state: absent
autoremove: true
purge: true
ignore_errors: true # Ignore errors if the package isn't installed
- name: "BLOCK: Clean Up Elasticsearch Files and Directories"
block:
# --- MODIFIED SECTION START ---
- name: Find all contents within the /var/lib/elasticsearch mountpoint
ansible.builtin.find:
paths: /var/lib/elasticsearch
hidden: true
register: contents_to_delete
- name: Delete all contents found within the mountpoint (leaving the mountpoint itself)
ansible.builtin.file:
path: "{{ item.path }}"
state: absent
loop: "{{ contents_to_delete.files | sort(attribute='path', reverse=true) }}"
loop_control:
label: "{{ item.path }}"
# --- MODIFIED SECTION END ---
- name: Remove Elasticsearch log directory
ansible.builtin.file:
path: /var/log/elasticsearch
state: absent
- name: Remove Elasticsearch config directory (just in case purge missed it)
ansible.builtin.file:
path: /etc/elasticsearch
state: absent
- name: "BLOCK: Remove APT Repository and GPG Key"
block:
- name: Remove Elasticsearch APT repository
ansible.builtin.apt_repository:
repo: "deb https://artifacts.elastic.co/packages/9.x/apt stable main"
state: absent
filename: elastic-9.x
- name: Remove Elasticsearch GPG key
ansible.builtin.file:
path: /etc/apt/trusted.gpg.d/elasticsearch.gpg
state: absent
- name: "BLOCK: Revert System Tuning"
block:
- name: Revert vm.max_map_count setting
ansible.posix.sysctl:
name: vm.max_map_count
state: absent
reload: true
- name: Remove Elasticsearch user memory limit
community.general.pam_limits:
domain: "elasticsearch"
limit_type: "-"
limit_item: "memlock"
state: absent
- name: Remove Elasticsearch user file descriptor limit
community.general.pam_limits:
domain: "elasticsearch"
limit_type: "-"
limit_item: "nofile"
state: absent
- name: "BLOCK: (Optional) Uninstall Java"
block:
- name: Uninstall OpenJDK package
ansible.builtin.apt:
name: openjdk-21-jdk
state: absent
autoremove: true
when: remove_java
- name: Final APT cache update
ansible.builtin.apt:
update_cache: true

128
elasticsearch.yml Normal file
View File

@ -0,0 +1,128 @@
---
- name: Install and Configure Elasticsearch 9
hosts: elasticsearch # Target your hosts here (e.g., from your inventory file)
become: true
vars:
# UPDATED: Set to a specific version 9 release for predictable deployments.
es_version: "9.0.0" # Change to the specific ES9 version you want to deploy
es_cluster_name: "cluster-v9"
es_node_name: "{{ ansible_hostname }}"
es_network_host: "{{ ansible_default_ipv4.address }}" # Binds to the primary private IP
es_heap_size: "{{ (ansible_memtotal_mb * 0.5) | int }}m" # Use 50% of total RAM. For 32GB RAM, this sets ~16GB.
# --- For multi-node clusters, override these in your inventory ---
es_seed_hosts: ["{{ es_network_host }}"]
es_initial_master_nodes: ["{{ es_node_name }}"]
tasks:
- name: "BLOCK: System Preparation"
block:
- name: Update APT package cache
ansible.builtin.apt:
update_cache: true
cache_valid_time: 3600
- name: Install prerequisite packages
ansible.builtin.apt:
name:
- apt-transport-https
- ca-certificates
- gnupg
# UPDATED: Elasticsearch 9 requires Java 21+
- openjdk-21-jdk
state: present
- name: "BLOCK: System Tuning for Elasticsearch"
block:
- name: Set vm.max_map_count for Elasticsearch
ansible.posix.sysctl:
name: vm.max_map_count
value: "262144"
state: present
reload: true
- name: Set Elasticsearch user memory limit
community.general.pam_limits:
domain: "elasticsearch"
limit_type: "-"
limit_item: "memlock"
value: "unlimited"
comment: "Allow memory locking"
- name: Set Elasticsearch user file descriptor limit
community.general.pam_limits:
domain: "elasticsearch"
limit_type: "-"
limit_item: "nofile"
value: "65536"
comment: "Set max open files"
- name: "BLOCK: Install Elasticsearch"
block:
- name: Download Elasticsearch GPG key
ansible.builtin.get_url:
url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
dest: "/tmp/GPG-KEY-elasticsearch"
mode: '0644'
- name: De-armor the GPG key
ansible.builtin.command:
cmd: "gpg --dearmor -o /etc/apt/trusted.gpg.d/elasticsearch.gpg /tmp/GPG-KEY-elasticsearch"
creates: "/etc/apt/trusted.gpg.d/elasticsearch.gpg"
- name: Add Elasticsearch 9.x APT repository
# UPDATED: Repository path changed from 8.x to 9.x
ansible.builtin.apt_repository:
repo: "deb https://artifacts.elastic.co/packages/9.x/apt stable main"
state: present
filename: elastic-9.x
- name: Install Elasticsearch package
ansible.builtin.apt:
name: "elasticsearch={{ es_version }}"
state: present
update_cache: true
- name: "BLOCK: Configure Elasticsearch"
block:
- name: Configure elasticsearch.yml
ansible.builtin.template:
src: templates/elasticsearch.yml.j2
dest: /etc/elasticsearch/elasticsearch.yml
owner: root
group: elasticsearch
mode: '0660'
notify: Restart Elasticsearch
- name: Configure JVM heap size
ansible.builtin.template:
src: templates/jvm.options.j2
dest: /etc/elasticsearch/jvm.options.d/heap_size.options
owner: root
group: root
mode: '0644'
notify: Restart Elasticsearch
- name: Flush handlers to apply config changes before starting the service
ansible.builtin.meta: flush_handlers
- name: Enable and ensure Elasticsearch service is started
ansible.builtin.systemd:
name: elasticsearch
state: started
enabled: true
daemon_reload: true
- name: Wait for Elasticsearch to start up on port 9200
ansible.builtin.wait_for:
host: "{{ es_network_host }}"
port: 9200
delay: 10
timeout: 120
delegate_to: localhost
handlers:
- name: Restart Elasticsearch
ansible.builtin.systemd:
name: elasticsearch
state: restarted

47
templates/elasticsearch.yml.j2 Normal file
View File

@ -0,0 +1,47 @@
# ======================== Elasticsearch Configuration =========================
# ANSIBLE MANAGED FILE: Do not edit directly. Changes will be overwritten.
#
# ---------------------------------- Cluster -----------------------------------
cluster.name: "{{ es_cluster_name }}"
# ------------------------------------ Node ------------------------------------
node.name: "{{ es_node_name }}"
# ----------------------------------- Paths ------------------------------------
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
# ----------------------------------- Memory -----------------------------------
# Lock the memory on startup to prevent the OS from swapping it out.
bootstrap.memory_lock: true
# ---------------------------------- Network -----------------------------------
# Bind to the host's private IP address for cluster communication.
network.host: "{{ es_network_host }}"
http.port: 9200
# --------------------------------- Discovery ----------------------------------
# A list of hosts to contact to discover the cluster.
discovery.seed_hosts: {{ es_seed_hosts | to_json }}
# Bootstrap the cluster using an initial set of master-eligible nodes.
cluster.initial_master_nodes: {{ es_initial_master_nodes | to_json }}
# ---------------------------------- Security ----------------------------------
# Security features are enabled by default on Elasticsearch 8.0+
# On first start, a password for the 'elastic' user and a Kibana enrollment
# token will be generated in the output of the 'elasticsearch' service.
# You can also generate them manually later.
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# These settings configure TLS for HTTP and transport (inter-node) layers.
# Elasticsearch automatically generates these certificates on first startup.
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12

5
templates/jvm.options.j2 Normal file
View File

@ -0,0 +1,5 @@
# ANSIBLE MANAGED FILE: Sets the JVM heap size for Elasticsearch.
# Set initial and maximum heap size to the same value to avoid
# pauses due to heap resizing at runtime.
-Xms{{ es_heap_size }}
-Xmx{{ es_heap_size }}