diff --git a/elastic/elastic7/00_base.yaml b/elastic/elastic7/00_base.yaml new file mode 100644 index 0000000000000000000000000000000000000000..cbb5e189cae1e98acab0fbfadc15bc79990a0339 --- /dev/null +++ b/elastic/elastic7/00_base.yaml @@ -0,0 +1,25 @@ +- name: "Install Elastic 7" + hosts: es7-1 + tasks: + - name: Install components and prerequisites + include_tasks: 01_install-components.yaml + + - name: Install Elastic + include_tasks: 02_install-elastic.yaml + + - name: Update Elasticsearch configuration file + lineinfile: + path: /etc/elasticsearch/elasticsearch.yml + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^cluster.name:', line: 'cluster.name: es7' } + - { regexp: '^node.name:', line: 'node.name: es7-1' } + - { regexp: '^bootstrap.memory_lock:', line: 'bootstrap.memory_lock: true' } + - { regexp: '^network.host:', line: 'network.host: _eth0_' } + - { regexp: '^http.port:', line: 'http.port: 9200' } + - { regexp: '^discovery.seed_hosts:', line: 'discovery.seed_hosts: ["es7-1"]' } + - { regexp: '^cluster.initial_master_nodes:', line: 'cluster.initial_master_nodes: ["es7-1"]' } + + - name: Configure Elastic + include_tasks: 03_configure-elastic.yaml diff --git a/elastic/elastic7/01_install-components.yaml b/elastic/elastic7/01_install-components.yaml new file mode 100644 index 0000000000000000000000000000000000000000..61450c923887ae14ca09f158389b219ad45e18bd --- /dev/null +++ b/elastic/elastic7/01_install-components.yaml @@ -0,0 +1,14 @@ +- name: Install JRE + apt: + name: default-jre + state: present + +- name: Install JDK + apt: + name: default-jdk + state: present + +- name: Install gnupg2 + apt: + name: gnupg2 + state: present diff --git a/elastic/elastic7/02_install-elastic.yaml b/elastic/elastic7/02_install-elastic.yaml new file mode 100644 index 0000000000000000000000000000000000000000..add795875b0e042b0ea29f0e79cc3c05ac7f4a69 --- /dev/null +++ b/elastic/elastic7/02_install-elastic.yaml @@ -0,0 +1,18 @@ +- name: Add Elasticsearch repository key + apt_key: + url: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + id: "46095ACC8548582C1A2699A9D27D666CD88E42B4" + state: present + +- name: Add elasticsearch repository + apt_repository: + repo: "deb https://artifacts.elastic.co/packages/7.x/apt stable main" + state: present + +- name: Update APT + apt: + update_cache: yes + +- name: Install Elastic + apt: + name: elasticsearch=7.17.11 diff --git a/elastic/elastic7/03_configure-elastic.yaml b/elastic/elastic7/03_configure-elastic.yaml new file mode 100644 index 0000000000000000000000000000000000000000..74ca6e321dfe8242ea9f86285173163414e05b14 --- /dev/null +++ b/elastic/elastic7/03_configure-elastic.yaml @@ -0,0 +1,82 @@ +- name: Update Security limits + blockinfile: + path: /etc/security/limits.conf + block: | + # Source: https://www.elastic.co/guide/en/elasticsearch/reference/7.17/setup-configuration-memory.html#bootstrap-memory_lock + # allow user 'elasticsearch' mlockall + elasticsearch soft memlock unlimited + elasticsearch hard memlock unlimited + ###### + # Source : https://www.elastic.co/guide/en/elasticsearch/reference/7.17/setting-system-settings.html#limits.conf + elasticsearch - nofile 65535 + +- name: Check if JVM options file exists + stat: + path: /etc/elasticsearch/jvm.options.d/jvm.options + register: jvm_options_file + +- name: Create JVM options file + file: + path: /etc/elasticsearch/jvm.options.d/jvm.options + state: touch + owner: root + group: root + mode: '0644' + force: yes + when: not jvm_options_file.stat.exists + +- name: Update JVM options file + blockinfile: + path: /etc/elasticsearch/jvm.options.d/jvm.options + block: | + # Source: https://www.elastic.co/guide/en/elasticsearch/reference/7.17/advanced-configuration.html#set-jvm-heap-size + -Xms2g + -Xmx2g + +- name: Check if Elasticsearch service override folder exists + stat: + path: /etc/systemd/system/elasticsearch.service.d + register: elastic_service_override_folder + +- name: Create Elasticsearch service override folder + file: + path: /etc/systemd/system/elasticsearch.service.d + state: directory + when: not elastic_service_override_folder.stat.exists + +- name: Check if Elasticsearch service override file exists + stat: + path: /etc/systemd/system/elasticsearch.service.d/override.conf + register: elastic_service_override_file + +- name: Create Elasticsearch service override file + file: + path: /etc/systemd/system/elasticsearch.service.d/override.conf + state: touch + owner: root + group: root + mode: '0644' + force: yes + when: not elastic_service_override_file.stat.exists + +- name: Update Elasticsearch service override file + blockinfile: + path: /etc/systemd/system/elasticsearch.service.d/override.conf + block: | + # Source: https://www.elastic.co/guide/en/elasticsearch/reference/7.11/setting-system-settings.html#systemd + [Service] + LimitMEMLOCK=infinity + +- name: Reload daemon + systemd: + daemon_reload: yes + +- name: Enable Elasticsearch service + systemd: + name: elasticsearch + enabled: yes + +- name: Start Elasticsearch service + systemd: + name: elasticsearch + state: restarted \ No newline at end of file