From 3400cb2f47a1cc97519f51e5c7720c5091ba486f Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 15 Nov 2016 18:23:53 +0100
Subject: [PATCH] [WIP] Elasticsearch role

---
 apt-backports/README.md                  |  7 ++++
 apt-backports/tasks/main.yml             | 23 +++++++++++
 elasticsearch/README.md                  | 23 +++++++++++
 elasticsearch/defaults/main.yml          |  6 +++
 elasticsearch/handlers/main.yml          |  9 +++++
 elasticsearch/tasks/bootstrap_checks.yml | 38 ++++++++++++++++++
 elasticsearch/tasks/configuration.yml    | 49 ++++++++++++++++++++++++
 elasticsearch/tasks/datadir.yml          | 40 +++++++++++++++++++
 elasticsearch/tasks/elasticsearch.yml    | 38 ++++++++++++++++++
 elasticsearch/tasks/java.yml             | 15 ++++++++
 elasticsearch/tasks/main.yml             | 13 +++++++
 elasticsearch/tasks/tmpdir.yml           | 30 +++++++++++++++
 vagrant.yml                              |  2 +
 13 files changed, 293 insertions(+)
 create mode 100644 apt-backports/README.md
 create mode 100644 apt-backports/tasks/main.yml
 create mode 100644 elasticsearch/README.md
 create mode 100644 elasticsearch/defaults/main.yml
 create mode 100644 elasticsearch/handlers/main.yml
 create mode 100644 elasticsearch/tasks/bootstrap_checks.yml
 create mode 100644 elasticsearch/tasks/configuration.yml
 create mode 100644 elasticsearch/tasks/datadir.yml
 create mode 100644 elasticsearch/tasks/elasticsearch.yml
 create mode 100644 elasticsearch/tasks/java.yml
 create mode 100644 elasticsearch/tasks/main.yml
 create mode 100644 elasticsearch/tasks/tmpdir.yml

diff --git a/apt-backports/README.md b/apt-backports/README.md
new file mode 100644
index 00000000..0bbe77cf
--- /dev/null
+++ b/apt-backports/README.md
@@ -0,0 +1,7 @@
+# apt-backports
+
+Add a backports source list
+
+## Tasks
+
+Everything is in the `tasks/main.yml` file.
diff --git a/apt-backports/tasks/main.yml b/apt-backports/tasks/main.yml
new file mode 100644
index 00000000..c7dd5b35
--- /dev/null
+++ b/apt-backports/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+- name: Jessie-backports list is available
+  apt_repository:
+    repo: "deb http://mirror.evolix.org/debian jessie-backports main contrib non-free"
+    update_cache: yes
+    state: present
+  tags:
+    - system
+    - packages
+
+- name: Backports have a low priority
+  blockinfile:
+    dest: /etc/apt/preferences.d/backports
+    marker: "// {mark} ANSIBLE MANAGED BLOCK"
+    insertafter: EOF
+    create: yes
+    content: |
+      Package: *
+      Pin: release a=jessie-backports
+      Pin-Priority: 50
+  tags:
+    - system
+    - packages
diff --git a/elasticsearch/README.md b/elasticsearch/README.md
new file mode 100644
index 00000000..ce7e6b72
--- /dev/null
+++ b/elasticsearch/README.md
@@ -0,0 +1,23 @@
+# elasticsearch
+
+Install Elasticsearch.
+
+## Tasks
+
+Tasks are extracted in several files, included in `tasks/main.yml` :
+
+* `java.yml` : install Java 8 ;
+* `elasticsearch.yml` : install packages ;
+* `configuration.yml` : configure the service;
+* `bootstrap_checks.yml` : deal with bootstrap checks;
+* `datadir.yml` : data directory customization ;
+* `tmpdir.yml` : temporary directory customization ;
+
+## Available variables
+
+* `elasticsearch_cluster_name`: cluster name ;
+* `elasticsearch_node_name`: node name, defaults to hostname ;
+* `elasticsearch_network_host`: which interfaces to bind to ;
+* `elasticsearch_network_publish_host`: which interface to publish ;
+* `elasticsearch_custom_datadir`: custom datadir
+* `elasticsearch_custom_tmpdir`: custom tmpdir
diff --git a/elasticsearch/defaults/main.yml b/elasticsearch/defaults/main.yml
new file mode 100644
index 00000000..2a75b07a
--- /dev/null
+++ b/elasticsearch/defaults/main.yml
@@ -0,0 +1,6 @@
+elasticsearch_cluster_name: Null
+elasticsearch_node_name: "${HOSTNAME}"
+elasticsearch_network_host: "[_site_, _local_]"
+elasticsearch_network_publish_host: "_site_"
+elasticsearch_custom_datadir: Null
+elasticsearch_custom_tmpdir: Null
diff --git a/elasticsearch/handlers/main.yml b/elasticsearch/handlers/main.yml
new file mode 100644
index 00000000..f21919c2
--- /dev/null
+++ b/elasticsearch/handlers/main.yml
@@ -0,0 +1,9 @@
+---
+
+- name: restart elasticsearch
+  service:
+    name: elasticsearch
+    state: restarted
+
+- name: reload elasticsearch unit
+  command: systemctl daemon-reload
diff --git a/elasticsearch/tasks/bootstrap_checks.yml b/elasticsearch/tasks/bootstrap_checks.yml
new file mode 100644
index 00000000..aff90d7e
--- /dev/null
+++ b/elasticsearch/tasks/bootstrap_checks.yml
@@ -0,0 +1,38 @@
+---
+
+- name: Read maximum map count
+  command: "sysctl -n vm.max_map_count"
+  register: max_map_count
+  failed_when: False
+  changed_when: False
+  tags:
+    - config
+
+- name: Maximum map count check
+  sysctl:
+    name: vm.max_map_count
+    value: 262144
+    sysctl_file: /etc/sysctl.d/elasticsearch.conf
+  when: "{{ max_map_count|int < 262144 }}"
+  tags:
+    - config
+
+- name: bootstrap.memory_lock
+  lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "bootstrap.memory_lock: true"
+    regexp: "^bootstrap.memory_lock:"
+    insertafter: "^# *bootstrap.memory_lock:"
+  tags:
+    - config
+
+- name: Override memory config in systemd unit
+  ini_file:
+    dest: /etc/systemd/system/elasticsearch.service.d/elasticsearch.conf
+    section: Service
+    option: "LimitMEMLOCK"
+    value: "infinity"
+  notify:
+    - reload elasticsearch unit
+  tags:
+    - config
diff --git a/elasticsearch/tasks/configuration.yml b/elasticsearch/tasks/configuration.yml
new file mode 100644
index 00000000..6d14f1a3
--- /dev/null
+++ b/elasticsearch/tasks/configuration.yml
@@ -0,0 +1,49 @@
+---
+
+- name: Configure cluster name
+  lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "cluster.name: {{ elasticsearch_cluster_name }}"
+    regexp: "^cluster.name:"
+    insertafter: "^# *cluster.name:"
+  when: elasticsearch_cluster_name|default("", True)
+  tags:
+    - config
+
+- name: Configure node name
+  lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "node.name: {{ elasticsearch_node_name }}"
+    regexp: "^node.name:"
+    insertafter: "^# *node.name:"
+  tags:
+    - config
+
+- name: Configure network host
+  lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "network.host: {{ elasticsearch_network_host }}"
+    regexp: "^network.host:"
+    insertafter: "^# *network.host:"
+  when: elasticsearch_network_host|default("", True)
+  tags:
+    - config
+
+- name: Configure network publish_host
+  lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "network.publish_host: {{ elasticsearch_network_publish_host }}"
+    regexp: "^network.publish_host:"
+    insertafter: "^# *network.publish_host:"
+  when: elasticsearch_network_publish_host|default("", True)
+  tags:
+    - config
+
+- name: Restart on upgrade
+  lineinfile:
+    dest: /etc/default/elasticsearch
+    line: "RESTART_ON_UPGRADE=true"
+    regexp: "^RESTART_ON_UPGRADE="
+    insertafter: "^# *RESTART_ON_UPGRADE=true"
+  tags:
+    - config
diff --git a/elasticsearch/tasks/datadir.yml b/elasticsearch/tasks/datadir.yml
new file mode 100644
index 00000000..1b95305b
--- /dev/null
+++ b/elasticsearch/tasks/datadir.yml
@@ -0,0 +1,40 @@
+---
+
+- block:
+  - name: "Is {{ elasticsearch_custom_datadir }} present ?"
+    stat:
+      path: "{{ elasticsearch_custom_datadir }}"
+    register: elasticsearch_custom_datadir_test
+
+  - name: "read the real datadir"
+    command: readlink -f /var/lib/elasticsearch
+    changed_when: false
+    register: elasticsearch_current_real_datadir_test
+  tags:
+    - elasticsearch
+  when: elasticsearch_custom_datadir
+
+- block:
+  - name: elasticsearch is stopped
+    service:
+      name: elasticsearch
+      state: stopped
+
+  - name: Move elasticsearch datadir to {{ elasticsearch_custom_datadir }}
+    command: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }}
+    args:
+      creates: "{{ elasticsearch_custom_datadir }}"
+
+  - name: Symlink {{ elasticsearch_custom_datadir }} to /var/lib/elasticsearch
+    file:
+      src: "{{ elasticsearch_custom_datadir }}"
+      dest: '/var/lib/elasticsearch'
+      state: link
+
+  - name: elasticsearch is started
+    service:
+      name: elasticsearch
+      state: started
+  tags:
+    - elasticsearch
+  when: elasticsearch_custom_datadir and elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout and not elasticsearch_custom_datadir_test.stat.exists
diff --git a/elasticsearch/tasks/elasticsearch.yml b/elasticsearch/tasks/elasticsearch.yml
new file mode 100644
index 00000000..65d54631
--- /dev/null
+++ b/elasticsearch/tasks/elasticsearch.yml
@@ -0,0 +1,38 @@
+---
+
+- name: APT https transport is enabled
+  apt:
+    name: apt-transport-https
+    state: installed
+  tags:
+    - system
+    - packages
+
+- name: Elastic GPG key is installed
+  apt_key:
+    url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
+    state: present
+  tags:
+    - system
+    - packages
+
+- name: Elastic sources list is available
+  apt_repository:
+    repo: "deb https://artifacts.elastic.co/packages/5.x/apt stable main"
+    state: present
+  tags:
+    - system
+    - packages
+
+- name: Elasticsearch is installed
+  apt:
+    name: elasticsearch
+    update_cache: yes
+    state: installed
+  tags:
+    - packages
+
+- name: Elasticsearch service is enabled
+  service:
+    name: elasticsearch
+    enabled: yes
diff --git a/elasticsearch/tasks/java.yml b/elasticsearch/tasks/java.yml
new file mode 100644
index 00000000..29c681a3
--- /dev/null
+++ b/elasticsearch/tasks/java.yml
@@ -0,0 +1,15 @@
+---
+
+- name: Java 8 is installed
+  apt:
+    name: openjdk-8-jre
+    default_release: jessie-backports
+    state: installed
+  tags:
+    - java
+    - packages
+
+- name: Java 8 is the default alternative
+  alternatives:
+    name: java
+    path: /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java
diff --git a/elasticsearch/tasks/main.yml b/elasticsearch/tasks/main.yml
new file mode 100644
index 00000000..fc4d4edc
--- /dev/null
+++ b/elasticsearch/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+
+- include: java.yml
+
+- include: elasticsearch.yml
+
+- include: configuration.yml
+
+- include: bootstrap_checks.yml
+
+- include: datadir.yml
+
+- include: tmpdir.yml
diff --git a/elasticsearch/tasks/tmpdir.yml b/elasticsearch/tasks/tmpdir.yml
new file mode 100644
index 00000000..1ec97597
--- /dev/null
+++ b/elasticsearch/tasks/tmpdir.yml
@@ -0,0 +1,30 @@
+---
+
+- name: Check if /tmp is noexec
+  shell: "cat /etc/fstab | grep -E \" +/tmp\" | grep noexec"
+  register: fstab_tmp_noexec
+  failed_when: False
+  changed_when: False
+
+- block:
+  - name: "Create {{ elasticsearch_custom_tmpdir }}"
+    file:
+      path: "{{ elasticsearch_custom_tmpdir }}"
+      owner: elasticsearch
+      group: elasticsearch
+      mode: 0755
+      state: directory
+    tags:
+      - elasticsearch
+
+  - name: change JVM tmpdir
+    lineinfile:
+      dest: /etc/elasticsearch/jvm.options
+      line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir }}"
+      regexp: "^-Djava.io.tmpdir="
+      insertafter: "## JVM configuration"
+    notify:
+      - restart elasticsearch
+    tags:
+      - elasticsearch
+  when: elasticsearch_custom_tmpdir or fstab_tmp_noexec|success
diff --git a/vagrant.yml b/vagrant.yml
index 5d2d6eb7..89285a70 100644
--- a/vagrant.yml
+++ b/vagrant.yml
@@ -20,3 +20,5 @@
     #     nginx_private_htpasswd_absent: ["toto:dsfgdfsdf"]
     #   }
     # - apache
+    # - apt-backports
+    - { role: elasticsearch, elasticsearch_custom_tmpdir: "/var/lib/elasticsearch/tmp" }