First setup of elasticsearch

2025-02-05 21:28:30 +01:00 · 2025-02-05 21:28:30 +01:00 · 7ebfc3bf72
commit 7ebfc3bf72
parent 61053dd38d
8 changed files with 407 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,15 @@
 ---
 cloud_apps: /opt
 cloud_storage: /opt/storage
 cloud_stage: prod
 cloud_update: false
 elastic_data_location: "{{ cloud_storage }}/elastic-data"
 elastic_logs_location: "{{ cloud_storage }}/elastic-logs"
 elastic_version: 8.17.1
 elastic_platform_suffix: linux-x86_64
 elastic_source: "https://artifacts.elastic.co/downloads/elasticsearch"
 elastic_cluster_size: 3
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,5 @@
 ---
 - name: restart elasticsearch
  systemd:
    name: elasticsearch
    state: restarted
--- a/meta/main.yml
+++ b/meta/main.yml
@ -0,0 +1,15 @@
 ---
 galaxy_info:
  role_name: elasticsearch
  namespace: hahn-cloud
  author: Lars Hahn
  company: OpenDevChain
  license: MIT
  description: Role to setup elasticsearch node/cluster
  min_ansible_version: 2.7
  platforms:
    - name: Debian
      versions:
        - 11
  galaxy_tags:
    - elasticsearch
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,72 @@
 ---
 - name: setup elastic group
  group:
    name: "{{ elastic_grp }}"
    state: "present"
 - name: setup elastic user
  user:
    name: "{{ elastic_usr }}"
    home: "{{ elastic_home }}"
    group: "{{ elastic_grp }}"
    groups:
      - "{{ elastic_grp }}"
    comment: Virtual Elastic User
    shell: /bin/bash
    state: present
    system: yes
 - name: setup ElasticSearch directories
  file:
    state: directory
    path: "{{ item }}"
    owner: "{{ elastic_usr }}"
    group: "{{ elastic_grp }}"
    mode: 0750
  loop:
    - "{{ elastic_path }}"
    - "{{ elastic_home }}"
    - "{{ elastic_conf }}"
    - "{{ elastic_data_location }}"
    - "{{ elastic_logs_location }}"
 - name: download ElasticSearch
  unarchive:
    src: "{{ elastic_source }}/elasticsearch-{{ elastic_version }}-{{ elastic_platform_suffix }}.tar.gz"
    dest: "{{ elastic_path }}"
    creates: "{{ elastic_inst }}"
    remote_src: true
    owner: "{{ elastic_usr }}"
    group: "{{ elastic_grp }}"
    mode: 0755
 - name: configure ElasticSearch
  template:
    src: "opt/elastic/home/config/{{ item }}.j2"
    dest: "{{ elastic_conf }}/{{ item }}"
    owner: "{{ elastic_usr }}"
    group: "{{ elastic_grp }}"
    mode: 0644
  loop:
    - elasticsearch.yml
    - jvm.options
 - name: setup generic ElasticSearch link
  file:
    state: link
    src: "{{ elastic_inst }}"
    dest: "{{ elastic_link }}"
 - name: setup ElasticSearch systemd unit
  template:
    src: etc/systemd/system/elasticsearch.service.j2
    dest: /etc/systemd/system/elasticsearch.service
  notify: restart elasticsearch
 - name: enable elasticsearch systemd unit
  systemd:
    name: elasticsearch
    enabled: yes
    daemon_reload: yes
    state: started
--- a/templates/etc/systemd/system/elasticsearch.service.j2
+++ b/templates/etc/systemd/system/elasticsearch.service.j2
@ -0,0 +1,68 @@
 [Unit]
 Description=Elasticsearch
 Documentation=https://www.elastic.co
 Wants=network-online.target
 After=network-online.target
 [Service]
 Type=notify
 # the elasticsearch process currently sends the notifications back to systemd
 # and for some reason exec does not work (even though it is a child). We should change
 # this notify access back to main (the default), see https://github.com/elastic/elasticsearch/issues/86475
 NotifyAccess=all
 RuntimeDirectory=elasticsearch
 PrivateTmp=true
 Environment=ES_HOME={{ elastic_home }}
 Environment=ES_PATH_CONF={{ elastic_conf }}
 Environment=PID_DIR={{ elastic_home }}
 Environment=ES_SD_NOTIFY=true
 EnvironmentFile=-@path.env@
 WorkingDirectory={{ elastic_home }}
 User={{ elastic_usr }}
 Group={{ elastic_grp }}
 ExecStart={{ elastic_link }}/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet
 # StandardOutput is configured to redirect to journalctl since
 # some error messages may be logged in standard output before
 # elasticsearch logging system is initialized. Elasticsearch
 # stores its logs in /var/log/elasticsearch and does not use
 # journalctl by default. If you also want to enable journalctl
 # logging, you can simply remove the "quiet" option from ExecStart.
 StandardOutput=journal
 StandardError=inherit
 # Specifies the maximum file descriptor number that can be opened by this process
 LimitNOFILE=65535
 # Specifies the maximum number of processes
 LimitNPROC=4096
 # Specifies the maximum size of virtual memory
 LimitAS=infinity
 # Specifies the maximum file size
 LimitFSIZE=infinity
 # Disable timeout logic and wait until process is stopped
 TimeoutStopSec=0
 # SIGTERM signal is used to stop the Java process
 KillSignal=SIGTERM
 # Send the signal only to the JVM rather than its control group
 KillMode=process
 # Java process is never killed
 SendSIGKILL=no
 # When a JVM receives a SIGTERM signal it exits with code 143
 SuccessExitStatus=143
 # Allow a slow startup before the systemd notifier module kicks in to extend the timeout
 TimeoutStartSec=900
 [Install]
 WantedBy=multi-user.target
--- a/templates/opt/elastic/home/config/elasticsearch.yml.j2
+++ b/templates/opt/elastic/home/config/elasticsearch.yml.j2
@ -0,0 +1,140 @@
 ---
 # ======================== Elasticsearch Configuration =========================
 #
 # NOTE: Elasticsearch comes with reasonable defaults for most settings.
 #       Before you set out to tweak and tune the configuration, make sure you
 #       understand what are you trying to accomplish and the consequences.
 #
 # The primary way of configuring a node is via this file. This template lists
 # the most important settings you may want to configure for a production cluster.
 #
 # Please consult the documentation for further information on configuration options:
 # https://www.elastic.co/guide/en/elasticsearch/reference/index.html
 #
 # ---------------------------------- Cluster -----------------------------------
 #
 # Use a descriptive name for your cluster:
 #
 cluster:
    name: {{ cloud_name | default('elasticsearch') }}.{{ cloud_stage }}
 #
 # ------------------------------------ Node ------------------------------------
 #
 # Use a descriptive name for the node:
 #
 node:
    name: {{ ansible_hostname }}
 #
 # Add custom attributes to the node:
 #
 #node.attr.rack: r1
 #
 # ----------------------------------- Paths ------------------------------------
 #
 # Path to directory where to store the data (separate multiple locations by comma):
 #
 path:
    data: {{ elastic_data_location }}
    logs: {{ elastic_logs_location }}
 #
 # ----------------------------------- Memory -----------------------------------
 #
 # Lock the memory on startup:
 #
 #bootstrap.memory_lock: true
 #
 # Make sure that the heap size is set to about half the memory available
 # on the system and that the owner of the process is allowed to use this
 # limit.
 #
 # Elasticsearch performs poorly when the system is swapping the memory.
 #
 # ---------------------------------- Network -----------------------------------
 #
 # By default Elasticsearch is only accessible on localhost. Set a different
 # address here to expose this node on the network:
 #
 network:
    host: {{ ansible_default_ipv4.address }}
 #
 # By default Elasticsearch listens for HTTP traffic on the first free port it
 # finds starting at 9200. Set a specific HTTP port here:
 #
 http:
    port: 9200
 # Allow HTTP API connections from anywhere
 # Connections are encrypted and require user authentication
    host: 0.0.0.0
 #
 # For more information, consult the network module documentation.
 #
 # --------------------------------- Discovery ----------------------------------
 #
 # Pass an initial list of hosts to perform discovery when this node is started:
 # The default list of hosts is ["127.0.0.1", "[::1]"]
 #
 discovery:
    seed_hosts:
 {%- for node in ansible_hostname.split('-')[:-1] | join('-') | split('\n') | product(range(elastic_cluster_size)) | map('join', '-') %}
        - {{ node }}.hnw
 {% endfor -%}
 #
 # Bootstrap the cluster using an initial set of master-eligible nodes:
 #
 cluster:
    initial_master_nodes:
 {%- for node in ansible_hostname.split('-')[:-1] | join('-') | split('\n') | product(range(elastic_cluster_size)) | map('join', '-') %}
        - {{ node }}
 {% endfor %}
 #
 # For more information, consult the discovery and cluster formation module documentation.
 #
 # ---------------------------------- Various -----------------------------------
 #
 # Allow wildcard deletion of indices:
 #
 #action.destructive_requires_name: false
 #----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
 #
 # The following settings, TLS certificates, and keys have been automatically
 # generated to configure Elasticsearch security features on 03-02-2025 20:51:51
 #
 # --------------------------------------------------------------------------------
 # Enable security features
 xpack:
    security:
        enabled: true
        enrollment:
            enabled: true
 # Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
        http:
            ssl:
                enabled: true
                keystore:
                    path: certs/http.p12
 # Enable encryption and mutual authentication between cluster nodes
        transport:
            ssl:
                enabled: true
                verification_mode: certificate
                keystore:
                    path: certs/transport.p12
                truststore:
                    path: certs/transport.p12
 # Create a new cluster with the current node only
 # Additional nodes can still join the cluster later
 cluster:
    name: {{ cloud_name | default('elasticsearch') }}.{{ cloud_stage }}
    initial_master_nodes:
 {%- for node in ansible_hostname.split('-')[:-1] | join('-') | split('\n') | product(range(elastic_cluster_size)) | map('join', '-') %}
        - {{ node }}
 {% endfor %}
 # Allow other nodes to join the cluster from anywhere
 # Connections are encrypted and mutually authenticated
 #transport.host: 0.0.0.0
 #----------------------- END SECURITY AUTO CONFIGURATION -------------------------
--- a/templates/opt/elastic/home/config/jvm.options.j2
+++ b/templates/opt/elastic/home/config/jvm.options.j2
@ -0,0 +1,83 @@
 ################################################################
 ##
 ## JVM configuration
 ##
 ################################################################
 ##
 ## WARNING: DO NOT EDIT THIS FILE. If you want to override the
 ## JVM options in this file, or set any additional options, you
 ## should create one or more files in the jvm.options.d
 ## directory containing your adjustments.
 ##
 ## See https://www.elastic.co/guide/en/elasticsearch/reference/8.17/advanced-configuration.html#set-jvm-options
 ## for more information.
 ##
 ################################################################
 ################################################################
 ## IMPORTANT: JVM heap size
 ################################################################
 ##
 ## The heap size is automatically configured by Elasticsearch
 ## based on the available memory in your system and the roles
 ## each node is configured to fulfill. If specifying heap is
 ## required, it should be done through a file in jvm.options.d,
 ## which should be named with .options suffix, and the min and
 ## max should be set to the same value. For example, to set the
 ## heap to 4 GB, create a new file in the jvm.options.d
 ## directory containing these lines:
 ##
 ## -Xms4g
 ## -Xmx4g
 ##
 ## See https://www.elastic.co/guide/en/elasticsearch/reference/8.17/heap-size.html
 ## for more information
 ##
 ################################################################
 ################################################################
 ## Expert settings
 ################################################################
 ##
 ## All settings below here are considered expert settings. Do
 ## not adjust them unless you understand what you are doing. Do
 ## not edit them in this file; instead, create a new file in the
 ## jvm.options.d directory containing your adjustments.
 ##
 ################################################################
 -XX:+UseG1GC
 ## JVM temporary directory
 -Djava.io.tmpdir=${ES_TMPDIR}
 # Leverages accelerated vector hardware instructions; removing this may
 # result in less optimal vector performance
 20-:--add-modules=jdk.incubator.vector
 # Required to workaround performance issue in JDK 23, https://github.com/elastic/elasticsearch/issues/113030
 23:-XX:CompileCommand=dontinline,java/lang/invoke/MethodHandle.setAsTypeCache
 23:-XX:CompileCommand=dontinline,java/lang/invoke/MethodHandle.asTypeUncached
 ## heap dumps
 # generate a heap dump when an allocation from the Java heap fails; heap dumps
 # are created in the working directory of the JVM unless an alternative path is
 # specified
 -XX:+HeapDumpOnOutOfMemoryError
 # exit right after heap dump on out of memory error
 -XX:+ExitOnOutOfMemoryError
 # specify an alternative path for heap dumps; ensure the directory exists and
 # has sufficient space
 -XX:HeapDumpPath=data
 # specify an alternative path for JVM fatal error logs
 -XX:ErrorFile=logs/hs_err_pid%p.log
 ## GC logging
 -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,level,pid,tags:filecount=32,filesize=64m
--- a/vars/main.yml
+++ b/vars/main.yml
@ -0,0 +1,9 @@
 ---
 elastic_usr: elastic
 elastic_grp: "{{ elastic_usr }}"
 elastic_path: "{{ cloud_apps }}/elastic"
 elastic_link: "{{ elastic_path }}/inst"
 elastic_inst: "{{ elastic_path }}/elasticsearch-{{ elastic_version }}"
 elastic_home: "{{ elastic_path }}/home"
 elastic_conf: "{{ elastic_home }}/config"