[WIP] Elasticsearch role

apt-backports/README.md

@@ -0,0 +1,7 @@
+# apt-backports
+
+Add a backports source list
+
+## Tasks
+
+Everything is in the `tasks/main.yml` file.

apt-backports/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Jessie-backports list is available
+  apt_repository:
+    repo: "deb http://mirror.evolix.org/debian jessie-backports main contrib non-free"
+    update_cache: yes
+    state: present
+  tags:
+    - system
+    - packages
+
+- name: Backports have a low priority
+  blockinfile:
+    dest: /etc/apt/preferences.d/backports
+    marker: "// {mark} ANSIBLE MANAGED BLOCK"
+    insertafter: EOF
+    create: yes
+    content: |
+      Package: *
+      Pin: release a=jessie-backports
+      Pin-Priority: 50
+  tags:
+    - system
+    - packages

elasticsearch/README.md

@@ -0,0 +1,23 @@
+# elasticsearch
+
+Install Elasticsearch.
+
+## Tasks
+
+Tasks are extracted in several files, included in `tasks/main.yml` :
+
+* `java.yml` : install Java 8 ;
+* `elasticsearch.yml` : install packages ;
+* `configuration.yml` : configure the service;
+* `bootstrap_checks.yml` : deal with bootstrap checks;
+* `datadir.yml` : data directory customization ;
+* `tmpdir.yml` : temporary directory customization ;
+
+## Available variables
+
+* `elasticsearch_cluster_name`: cluster name ;
+* `elasticsearch_node_name`: node name, defaults to hostname ;
+* `elasticsearch_network_host`: which interfaces to bind to ;
+* `elasticsearch_network_publish_host`: which interface to publish ;
+* `elasticsearch_custom_datadir`: custom datadir
+* `elasticsearch_custom_tmpdir`: custom tmpdir

elasticsearch/defaults/main.yml

@@ -0,0 +1,6 @@
+elasticsearch_cluster_name: Null
+elasticsearch_node_name: "${HOSTNAME}"
+elasticsearch_network_host: "[_site_, _local_]"
+elasticsearch_network_publish_host: "_site_"
+elasticsearch_custom_datadir: Null
+elasticsearch_custom_tmpdir: Null

elasticsearch/handlers/main.yml

@@ -0,0 +1,9 @@
+---
+
+- name: restart elasticsearch
+  service:
+    name: elasticsearch
+    state: restarted
+
+- name: reload elasticsearch unit
+  command: systemctl daemon-reload

elasticsearch/tasks/bootstrap_checks.yml

@@ -0,0 +1,38 @@
+---
+
+- name: Read maximum map count
+  command: "sysctl -n vm.max_map_count"
+  register: max_map_count
+  failed_when: False
+  changed_when: False
+  tags:
+    - config
+
+- name: Maximum map count check
+  sysctl:
+    name: vm.max_map_count
+    value: 262144
+    sysctl_file: /etc/sysctl.d/elasticsearch.conf
+  when: "{{ max_map_count|int < 262144 }}"
+  tags:
+    - config
+
+- name: bootstrap.memory_lock
+  lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "bootstrap.memory_lock: true"
+    regexp: "^bootstrap.memory_lock:"
+    insertafter: "^# *bootstrap.memory_lock:"
+  tags:
+    - config
+
+- name: Override memory config in systemd unit
+  ini_file:
+    dest: /etc/systemd/system/elasticsearch.service.d/elasticsearch.conf
+    section: Service
+    option: "LimitMEMLOCK"
+    value: "infinity"
+  notify:
+    - reload elasticsearch unit
+  tags:
+    - config

elasticsearch/tasks/configuration.yml

@@ -0,0 +1,49 @@
+---
+
+- name: Configure cluster name
+  lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "cluster.name: {{ elasticsearch_cluster_name }}"
+    regexp: "^cluster.name:"
+    insertafter: "^# *cluster.name:"
+  when: elasticsearch_cluster_name|default("", True)
+  tags:
+    - config
+
+- name: Configure node name
+  lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "node.name: {{ elasticsearch_node_name }}"
+    regexp: "^node.name:"
+    insertafter: "^# *node.name:"
+  tags:
+    - config
+
+- name: Configure network host
+  lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "network.host: {{ elasticsearch_network_host }}"
+    regexp: "^network.host:"
+    insertafter: "^# *network.host:"
+  when: elasticsearch_network_host|default("", True)
+  tags:
+    - config
+
+- name: Configure network publish_host
+  lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "network.publish_host: {{ elasticsearch_network_publish_host }}"
+    regexp: "^network.publish_host:"
+    insertafter: "^# *network.publish_host:"
+  when: elasticsearch_network_publish_host|default("", True)
+  tags:
+    - config
+
+- name: Restart on upgrade
+  lineinfile:
+    dest: /etc/default/elasticsearch
+    line: "RESTART_ON_UPGRADE=true"
+    regexp: "^RESTART_ON_UPGRADE="
+    insertafter: "^# *RESTART_ON_UPGRADE=true"
+  tags:
+    - config

elasticsearch/tasks/datadir.yml

@@ -0,0 +1,40 @@
+---
+
+- block:
+  - name: "Is {{ elasticsearch_custom_datadir }} present ?"
+    stat:
+      path: "{{ elasticsearch_custom_datadir }}"
+    register: elasticsearch_custom_datadir_test
+
+  - name: "read the real datadir"
+    command: readlink -f /var/lib/elasticsearch
+    changed_when: false
+    register: elasticsearch_current_real_datadir_test
+  tags:
+    - elasticsearch
+  when: elasticsearch_custom_datadir
+
+- block:
+  - name: elasticsearch is stopped
+    service:
+      name: elasticsearch
+      state: stopped
+
+  - name: Move elasticsearch datadir to {{ elasticsearch_custom_datadir }}
+    command: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }}
+    args:
+      creates: "{{ elasticsearch_custom_datadir }}"
+
+  - name: Symlink {{ elasticsearch_custom_datadir }} to /var/lib/elasticsearch
+    file:
+      src: "{{ elasticsearch_custom_datadir }}"
+      dest: '/var/lib/elasticsearch'
+      state: link
+
+  - name: elasticsearch is started
+    service:
+      name: elasticsearch
+      state: started
+  tags:
+    - elasticsearch
+  when: elasticsearch_custom_datadir and elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout and not elasticsearch_custom_datadir_test.stat.exists

elasticsearch/tasks/elasticsearch.yml

@@ -0,0 +1,38 @@
+---
+
+- name: APT https transport is enabled
+  apt:
+    name: apt-transport-https
+    state: installed
+  tags:
+    - system
+    - packages
+
+- name: Elastic GPG key is installed
+  apt_key:
+    url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
+    state: present
+  tags:
+    - system
+    - packages
+
+- name: Elastic sources list is available
+  apt_repository:
+    repo: "deb https://artifacts.elastic.co/packages/5.x/apt stable main"
+    state: present
+  tags:
+    - system
+    - packages
+
+- name: Elasticsearch is installed
+  apt:
+    name: elasticsearch
+    update_cache: yes
+    state: installed
+  tags:
+    - packages
+
+- name: Elasticsearch service is enabled
+  service:
+    name: elasticsearch
+    enabled: yes

elasticsearch/tasks/java.yml

@@ -0,0 +1,15 @@
+---
+
+- name: Java 8 is installed
+  apt:
+    name: openjdk-8-jre
+    default_release: jessie-backports
+    state: installed
+  tags:
+    - java
+    - packages
+
+- name: Java 8 is the default alternative
+  alternatives:
+    name: java
+    path: /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java

elasticsearch/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+
+- include: java.yml
+
+- include: elasticsearch.yml
+
+- include: configuration.yml
+
+- include: bootstrap_checks.yml
+
+- include: datadir.yml
+
+- include: tmpdir.yml

elasticsearch/tasks/tmpdir.yml

@@ -0,0 +1,30 @@
+---
+
+- name: Check if /tmp is noexec
+  shell: "cat /etc/fstab | grep -E \" +/tmp\" | grep noexec"
+  register: fstab_tmp_noexec
+  failed_when: False
+  changed_when: False
+
+- block:
+  - name: "Create {{ elasticsearch_custom_tmpdir }}"
+    file:
+      path: "{{ elasticsearch_custom_tmpdir }}"
+      owner: elasticsearch
+      group: elasticsearch
+      mode: 0755
+      state: directory
+    tags:
+      - elasticsearch
+
+  - name: change JVM tmpdir
+    lineinfile:
+      dest: /etc/elasticsearch/jvm.options
+      line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir }}"
+      regexp: "^-Djava.io.tmpdir="
+      insertafter: "## JVM configuration"
+    notify:
+      - restart elasticsearch
+    tags:
+      - elasticsearch
+  when: elasticsearch_custom_tmpdir or fstab_tmp_noexec|success

vagrant.yml

@@ -20,3 +20,5 @@
     #     nginx_private_htpasswd_absent: ["toto:dsfgdfsdf"]
     #   }
     # - apache
+    # - apt-backports
+    - { role: elasticsearch, elasticsearch_custom_tmpdir: "/var/lib/elasticsearch/tmp" }