diff --git a/README.md b/README.md index 2074676..b8d8e7d 100644 --- a/README.md +++ b/README.md @@ -386,7 +386,8 @@ In addition to es_config, the following parameters allow the customization of th * ```es_max_open_files``` the maximum file descriptor number that can be opened by this process. Defaults to 65536. * ```es_max_threads``` the maximum number of threads the process can start. Defaults to 2048 (the minimum required by elasticsearch). * ```es_debian_startup_timeout``` how long Debian-family SysV init scripts wait for the service to start, in seconds. Defaults to 10 seconds. -* ```es_use_repository``` Setting this to `false` will stop Ansible from using the official Elastic package repositories. +* ```es_use_repository``` Setting this to `false` will stop Ansible from using the official Elastic package from any repository configured on the system. +* ```es_add_repository``` Setting this to `false` will stop Ansible to add the official Elastic package repositories (if es_use_repository is true) if you want to use a repo already present. * ```es_custom_package_url``` the URL to the rpm or deb package for Ansible to install. When using this you will also need to set `es_use_repository: false` and make sure that the `es_version` matches the version being installed from your custom URL. E.g. `es_custom_package_url: https://downloads.example.com/elasticsearch.rpm` Earlier examples illustrate the installation of plugins using `es_plugins`. For officially supported plugins no version or source delimiter is required. The plugin script will determine the appropriate plugin version based on the target Elasticsearch version. For community based plugins include the full url. This approach should NOT be used for the X-Pack plugin. See X-Pack below for details here. diff --git a/defaults/main.yml b/defaults/main.yml index 7bedaec..08ab962 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,6 +5,7 @@ es_enable_xpack: true es_package_name: "elasticsearch" es_version_lock: false es_use_repository: true +es_add_repository: true es_templates_fileglob: "files/templates-{{ es_major_version }}/*.json" es_repo_base: "https://artifacts.elastic.co" es_apt_key: "{{ es_repo_base }}/GPG-KEY-elasticsearch" diff --git a/docs/multi-instance.md b/docs/multi-instance.md index b934904..11872a9 100644 --- a/docs/multi-instance.md +++ b/docs/multi-instance.md @@ -10,11 +10,11 @@ If you have single-instances hosts and want to upgrade from previous versions of 1. Override these variables to match previous values: ```yaml -es_conf_dir: /etc/elasticsearch/{{ instance_name }} +es_conf_dir: /etc/elasticsearch/{{ es_instance_name }} es_data_dirs: - - /var/lib/elasticsearch/{{ node_name }}-{{ instance_name }} -es_log_dir: /var/log/elasticsearch/{{ node_name }}-{{ instance_name }} -es_pid_dir: /var/run/elasticsearch/{{ node_name }}-{{ instance_name }} + - /var/lib/elasticsearch/{{ inventory_hostname }}-{{ es_instance_name }} +es_log_dir: /var/log/elasticsearch/{{ inventory_hostname }}-{{ es_instance_name }} +es_pid_dir: /var/run/elasticsearch/{{ inventory_hostname }}-{{ es_instance_name }} ``` 2. Deploy ansible-role. **Even if these variables are overrided, Elasticsearch config file and default option file will change, which imply an Elasticsearch restart.** diff --git a/files/systemd/elasticsearch_override.conf b/files/systemd/elasticsearch_override.conf new file mode 100644 index 0000000..bf02203 --- /dev/null +++ b/files/systemd/elasticsearch_override.conf @@ -0,0 +1,2 @@ +[Service] +LimitMEMLOCK=infinity diff --git a/tasks/elasticsearch-Debian.yml b/tasks/elasticsearch-Debian.yml index 3b696c7..8e01fd9 100644 --- a/tasks/elasticsearch-Debian.yml +++ b/tasks/elasticsearch-Debian.yml @@ -43,17 +43,21 @@ apt_key: url: '{{ es_apt_key }}' state: present - when: es_apt_key | string + when: es_add_repository and es_apt_key | string - name: Debian - Add elasticsearch repository apt_repository: repo: '{{ item.repo }}' state: '{{ item.state }}' + when: es_add_repository with_items: - { repo: "{{ es_apt_url_old }}", state: "absent" } - { repo: "{{ es_apt_url }}", state: "present" } - { repo: "{{ es_other_apt_url }}", state: "absent" } +- name: Include optional user and group creation. + when: (es_user_id is defined) and (es_group_id is defined) + include: elasticsearch-optional-user.yml - name: Debian - Ensure elasticsearch is installed become: yes diff --git a/tasks/elasticsearch-RedHat.yml b/tasks/elasticsearch-RedHat.yml index c872fc3..2b5c044 100644 --- a/tasks/elasticsearch-RedHat.yml +++ b/tasks/elasticsearch-RedHat.yml @@ -16,7 +16,7 @@ template: src: 'elasticsearch.repo' dest: '/etc/yum.repos.d/elasticsearch-{{ es_repo_name }}.repo' - when: es_use_repository + when: es_use_repository and es_add_repository - name: RedHat - remove unused Elasticsearch repo become: yes @@ -35,6 +35,10 @@ name: '{{ es_other_package_name }}' state: 'absent' +- name: Include optional user and group creation. + when: (es_user_id is defined) and (es_group_id is defined) + include: elasticsearch-optional-user.yml + - name: RedHat - Install Elasticsearch become: yes yum: diff --git a/tasks/elasticsearch-config.yml b/tasks/elasticsearch-config.yml index 3d4f304..e3437f2 100644 --- a/tasks/elasticsearch-config.yml +++ b/tasks/elasticsearch-config.yml @@ -24,10 +24,23 @@ template: src=elasticsearch.j2 dest={{ default_file }} mode=0644 force=yes notify: restart elasticsearch +#Copy the systemd specific file if systemd is installed +- when: use_system_d and m_lock_enabled + become: yes + block: + - name: Make sure destination dir exists + file: path={{ sysd_config_file | dirname }} state=directory mode=0755 + + - name: Copy specific ElasticSearch Systemd config file + ini_file: path={{ sysd_config_file }} section=Service option=LimitMEMLOCK value=infinity mode=0644 + notify: + - reload systemd configuration + - restart elasticsearch + #Copy the logging.yml - name: Copy log4j2.properties File become: yes - template: src={{es_config_log4j2}} dest={{ es_conf_dir }}/log4j2.properties owner={{ es_user }} group={{ es_group }} mode=0644 force=yes + template: src={{ es_config_log4j2 }} dest={{ es_conf_dir }}/log4j2.properties owner={{ es_user }} group={{ es_group }} mode=0644 force=yes notify: restart elasticsearch - name: Copy jvm.options File diff --git a/tasks/elasticsearch-parameters.yml b/tasks/elasticsearch-parameters.yml index f20c2d2..36c3fe1 100644 --- a/tasks/elasticsearch-parameters.yml +++ b/tasks/elasticsearch-parameters.yml @@ -4,10 +4,6 @@ fail: msg="es_proxy_port must be specified and cannot be blank when es_proxy_host is defined" when: (es_proxy_port is not defined or es_proxy_port == '') and (es_proxy_host is defined and es_proxy_host != '') -- name: debug message - debug: msg="WARNING - It is recommended you specify the parameter 'http.port'" - when: es_config['http.port'] is not defined - #If the user attempts to lock memory they must specify a heap size - name: fail when heap size is not specified when using memory lock fail: msg="If locking memory with bootstrap.memory_lock a heap size must be specified" @@ -32,3 +28,7 @@ - name: set fact m_lock_enabled set_fact: m_lock_enabled={{ es_config['bootstrap.memory_lock'] is defined and es_config['bootstrap.memory_lock'] == True }} + +- name: set fact use_system_d + set_fact: use_system_d={{(ansible_distribution == 'Debian' and ansible_distribution_version is version_compare('8', '>=')) or (ansible_distribution in ['RedHat','CentOS'] and ansible_distribution_version is version_compare('7', '>=')) or (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('15', '>=')) }} + diff --git a/tasks/elasticsearch-template.yml b/tasks/elasticsearch-template.yml index e1bc80d..8af780d 100644 --- a/tasks/elasticsearch-template.yml +++ b/tasks/elasticsearch-template.yml @@ -20,6 +20,7 @@ status_code: 200 user: "{{es_api_basic_auth_username | default(omit)}}" password: "{{es_api_basic_auth_password | default(omit)}}" + force_basic_auth: yes body_format: json body: "{{ lookup('file', item) }}" when: load_templates.changed and es_start_service diff --git a/tasks/elasticsearch.yml b/tasks/elasticsearch.yml index e2361d4..05fd93b 100644 --- a/tasks/elasticsearch.yml +++ b/tasks/elasticsearch.yml @@ -1,9 +1,5 @@ --- -- name: Include optional user and group creation. - when: (es_user_id is defined) and (es_group_id is defined) - include: elasticsearch-optional-user.yml - - name: Include specific Elasticsearch include: elasticsearch-Debian.yml when: ansible_os_family == 'Debian' diff --git a/tasks/xpack/security/elasticsearch-xpack-activation.yml b/tasks/xpack/security/elasticsearch-xpack-activation.yml index 996d86a..7da085e 100644 --- a/tasks/xpack/security/elasticsearch-xpack-activation.yml +++ b/tasks/xpack/security/elasticsearch-xpack-activation.yml @@ -8,6 +8,7 @@ body_format: json body: "{{ es_xpack_license }}" return_content: yes + force_basic_auth: yes register: license_activated no_log: True failed_when: > diff --git a/templates/elasticsearch.yml.j2 b/templates/elasticsearch.yml.j2 index d0ba57b..f217129 100644 --- a/templates/elasticsearch.yml.j2 +++ b/templates/elasticsearch.yml.j2 @@ -50,10 +50,10 @@ xpack.notification.email: auth: {{ es_mail_config['require_auth'] }} host: {{ es_mail_config['host'] }} port: {{ es_mail_config['port'] }} - {% if es_mail_config['require_auth'] == true %} + {% if es_mail_config['require_auth'] == true -%} user: {{ es_mail_config['user'] }} password: {{ es_mail_config['pass'] }} - {% endif %} + {%- endif %} {% endif %} {% if es_enable_http_ssl | bool %} diff --git a/test/integration/xpack-upgrade.yml b/test/integration/xpack-upgrade.yml index c1944fe..1270007 100644 --- a/test/integration/xpack-upgrade.yml +++ b/test/integration/xpack-upgrade.yml @@ -7,13 +7,11 @@ - elasticsearch vars: es_config_6x: - http.port: 9200 xpack.security.authc.realms.file1.order: 0 xpack.security.authc.realms.file1.type: file xpack.security.authc.realms.native1.order: 1 xpack.security.authc.realms.native1.type: native es_config_7x: - http.port: 9200 xpack.security.authc.realms.file.file1.order: 0 xpack.security.authc.realms.native.native1.order: 1 es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" @@ -117,13 +115,11 @@ - elasticsearch vars: es_config_6x: - http.port: 9200 xpack.security.authc.realms.file1.order: 0 xpack.security.authc.realms.file1.type: file xpack.security.authc.realms.native1.order: 1 xpack.security.authc.realms.native1.type: native es_config_7x: - http.port: 9200 xpack.security.authc.realms.file.file1.order: 0 xpack.security.authc.realms.native.native1.order: 1 es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" diff --git a/test/integration/xpack.yml b/test/integration/xpack.yml index aa02d61..e12064d 100644 --- a/test/integration/xpack.yml +++ b/test/integration/xpack.yml @@ -7,7 +7,5 @@ roles: - elasticsearch vars: - es_config: - http.port: 9200 es_xpack_custom_url: "https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-{{ es_version }}.zip" es_heap_size: 2g diff --git a/vars/main.yml b/vars/main.yml index d640fc4..91b7b69 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,3 +1,4 @@ --- es_package_url: "https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch" reserved_xpack_users: ["elastic","kibana","logstash_system"] +sysd_config_file: "/etc/systemd/system/elasticsearch.service.d/override.conf"