From b73cd06c1491515bdaf7912a97ee3865208b8f36 Mon Sep 17 00:00:00 2001 From: Ludovic Petetin Date: Mon, 22 Jul 2019 12:28:40 +0200 Subject: [PATCH 1/4] Set limitMEMLOCK for OS using systemd --- tasks/elasticsearch-config.yml | 12 ++++++++++++ tasks/elasticsearch-parameters.yml | 4 ++++ vars/main.yml | 1 + 3 files changed, 17 insertions(+) diff --git a/tasks/elasticsearch-config.yml b/tasks/elasticsearch-config.yml index 3d4f304..9b7d14f 100644 --- a/tasks/elasticsearch-config.yml +++ b/tasks/elasticsearch-config.yml @@ -24,6 +24,18 @@ template: src=elasticsearch.j2 dest={{ default_file }} mode=0644 force=yes notify: restart elasticsearch +#Copy the systemd specific file if systemd is installed +- name: Make sure destination dir exists + file: path={{ sysd_config_file | dirname }} state=directory recurse=yes mode=0755 + +- name: Copy Systemd File for Instance + become: yes + copy: src=systemd/elasticsearch_override.conf dest={{ sysd_config_file }} mode=0644 force=yes + when: use_system_d and m_lock_enabled + notify: + - reload systemd configuration + - restart elasticsearch + #Copy the logging.yml - name: Copy log4j2.properties File become: yes diff --git a/tasks/elasticsearch-parameters.yml b/tasks/elasticsearch-parameters.yml index a27088a..36c3fe1 100644 --- a/tasks/elasticsearch-parameters.yml +++ b/tasks/elasticsearch-parameters.yml @@ -28,3 +28,7 @@ - name: set fact m_lock_enabled set_fact: m_lock_enabled={{ es_config['bootstrap.memory_lock'] is defined and es_config['bootstrap.memory_lock'] == True }} + +- name: set fact use_system_d + set_fact: use_system_d={{(ansible_distribution == 'Debian' and ansible_distribution_version is version_compare('8', '>=')) or (ansible_distribution in ['RedHat','CentOS'] and ansible_distribution_version is version_compare('7', '>=')) or (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('15', '>=')) }} + diff --git a/vars/main.yml b/vars/main.yml index d640fc4..91b7b69 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,3 +1,4 @@ --- es_package_url: "https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch" reserved_xpack_users: ["elastic","kibana","logstash_system"] +sysd_config_file: "/etc/systemd/system/elasticsearch.service.d/override.conf" From 2142c6f8f92fc58ad6103e11442072f3daf470c5 Mon Sep 17 00:00:00 2001 From: Ludovic Petetin Date: Mon, 22 Jul 2019 12:30:43 +0200 Subject: [PATCH 2/4] adding systemd limitMEMLOCK override file --- files/systemd/elasticsearch_override.conf | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 files/systemd/elasticsearch_override.conf diff --git a/files/systemd/elasticsearch_override.conf b/files/systemd/elasticsearch_override.conf new file mode 100644 index 0000000..bf02203 --- /dev/null +++ b/files/systemd/elasticsearch_override.conf @@ -0,0 +1,2 @@ +[Service] +LimitMEMLOCK=infinity From 5994840c75320e460056dd44b8af021d389adf0f Mon Sep 17 00:00:00 2001 From: Ludovic Petetin Date: Mon, 22 Jul 2019 14:42:26 +0200 Subject: [PATCH 3/4] Create overriding systemd directory only if using systemd and memory lock is enabled --- tasks/elasticsearch-config.yml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/tasks/elasticsearch-config.yml b/tasks/elasticsearch-config.yml index 9b7d14f..f3508a7 100644 --- a/tasks/elasticsearch-config.yml +++ b/tasks/elasticsearch-config.yml @@ -25,16 +25,17 @@ notify: restart elasticsearch #Copy the systemd specific file if systemd is installed -- name: Make sure destination dir exists - file: path={{ sysd_config_file | dirname }} state=directory recurse=yes mode=0755 +- when: use_system_d and m_lock_enabled + block: + - name: Make sure destination dir exists + file: path={{ sysd_config_file | dirname }} state=directory recurse=yes mode=0755 -- name: Copy Systemd File for Instance - become: yes - copy: src=systemd/elasticsearch_override.conf dest={{ sysd_config_file }} mode=0644 force=yes - when: use_system_d and m_lock_enabled - notify: - - reload systemd configuration - - restart elasticsearch + - name: Copy Systemd File for Instance + become: yes + copy: src=systemd/elasticsearch_override.conf dest={{ sysd_config_file }} mode=0644 force=yes + notify: + - reload systemd configuration + - restart elasticsearch #Copy the logging.yml - name: Copy log4j2.properties File From 5bac5a4dbf07f748c77175fbc032ac6052d45cd3 Mon Sep 17 00:00:00 2001 From: Ludovic Petetin Date: Mon, 22 Jul 2019 15:19:00 +0200 Subject: [PATCH 4/4] Use ini_file module for systemd overriding config file, better task naming and fix variable indentation --- tasks/elasticsearch-config.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tasks/elasticsearch-config.yml b/tasks/elasticsearch-config.yml index f3508a7..e3437f2 100644 --- a/tasks/elasticsearch-config.yml +++ b/tasks/elasticsearch-config.yml @@ -26,13 +26,13 @@ #Copy the systemd specific file if systemd is installed - when: use_system_d and m_lock_enabled + become: yes block: - name: Make sure destination dir exists - file: path={{ sysd_config_file | dirname }} state=directory recurse=yes mode=0755 + file: path={{ sysd_config_file | dirname }} state=directory mode=0755 - - name: Copy Systemd File for Instance - become: yes - copy: src=systemd/elasticsearch_override.conf dest={{ sysd_config_file }} mode=0644 force=yes + - name: Copy specific ElasticSearch Systemd config file + ini_file: path={{ sysd_config_file }} section=Service option=LimitMEMLOCK value=infinity mode=0644 notify: - reload systemd configuration - restart elasticsearch @@ -40,7 +40,7 @@ #Copy the logging.yml - name: Copy log4j2.properties File become: yes - template: src={{es_config_log4j2}} dest={{ es_conf_dir }}/log4j2.properties owner={{ es_user }} group={{ es_group }} mode=0644 force=yes + template: src={{ es_config_log4j2 }} dest={{ es_conf_dir }}/log4j2.properties owner={{ es_user }} group={{ es_group }} mode=0644 force=yes notify: restart elasticsearch - name: Copy jvm.options File