From f79d8456d6250ec2a5e21e68f15e0d5b1a8907f7 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Fri, 12 May 2023 18:14:19 +0200
Subject: [PATCH] elasticsearch: improve networking configuration

---
 CHANGELOG.md                          |  2 +
 elasticsearch/defaults/main.yml       | 14 +++++-
 elasticsearch/tasks/configuration.yml | 67 +++++++++++++++++++++++++--
 3 files changed, 78 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ef47af93..1397fdbb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * nagios-nrpe: add a NRPE check-local command with completion.
 
 ### Changed
+
+* elasticsearch: improve networking configuration
 * evolinux-users: remove Stretch references in tasks that also apply to next Debian versions.
 
 ### Fixed
diff --git a/elasticsearch/defaults/main.yml b/elasticsearch/defaults/main.yml
index 98b1a646..ba5d6728 100644
--- a/elasticsearch/defaults/main.yml
+++ b/elasticsearch/defaults/main.yml
@@ -5,10 +5,20 @@ elasticsearch_cluster_name: Null
 elasticsearch_cluster_members: Null
 elasticsearch_minimum_master_nodes: Null
 elasticsearch_node_name: "${HOSTNAME}"
-elasticsearch_network_host:
-  - "_local_"
+
+# https://www.elastic.co/guide/en/elasticsearch/reference/8.7/modules-network.html
+elasticsearch_network_host: "_local_"
 elasticsearch_network_publish_host: Null
+elasticsearch_network_port: Null
+
+elasticsearch_http_host: Null
 elasticsearch_http_publish_host: Null
+elasticsearch_http_port: Null
+
+elasticsearch_transport_host: Null
+elasticsearch_transport_publish_host: Null
+elasticsearch_transport_port: Null
+
 elasticsearch_discovery_seed_hosts: Null
 elasticsearch_cluster_initial_master_nodes: Null
 elasticsearch_custom_datadir: Null
diff --git a/elasticsearch/tasks/configuration.yml b/elasticsearch/tasks/configuration.yml
index 9c3875b0..0b601aff 100644
--- a/elasticsearch/tasks/configuration.yml
+++ b/elasticsearch/tasks/configuration.yml
@@ -22,7 +22,7 @@
 - name: Configure network host
   ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
-    line: "network.host: {{ elasticsearch_network_host  }}"
+    line: "network.host: {{ elasticsearch_network_host }}"
     regexp: "^network.host:"
     insertafter: "^# *network.host:"
   when: elasticsearch_network_host | default("", True) | length > 0
@@ -32,28 +32,89 @@
 - name: Configure network publish_host
   ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
-    line: "network.publish_host: {{ elasticsearch_network_publish_host  }}"
+    line: "network.publish_host: {{ elasticsearch_network_publish_host }}"
     regexp: "^network.publish_host:"
     insertafter: "^network.host:"
   when: elasticsearch_network_publish_host | default("", True) | length > 0
   tags:
     - config
 
+- name: Configure network port
+  ansible.builtin.lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "network.port: {{ elasticsearch_network_port }}"
+    regexp: "^network.port:"
+    insertafter: "^network.host:"
+  when: elasticsearch_network_port | default("", True) | length > 0
+  tags:
+    - config
+
+- name: Configure http host
+  ansible.builtin.lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "http.host: {{ elasticsearch_http_host }}"
+    regexp: "^http.host:"
+    insertafter: "^# *http.host:"
+  when: elasticsearch_http_host | default("", True) | length > 0
+  tags:
+    - config
+
 - name: Configure http publish_host
   ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
-    line: "http.publish_host: {{ elasticsearch_http_publish_host  }}"
+    line: "http.publish_host: {{ elasticsearch_http_publish_host }}"
     regexp: "^http.publish_host:"
     insertafter: "^http.port:"
   when: elasticsearch_http_publish_host | default("", True) | length > 0
   tags:
     - config
 
+- name: Configure http port
+  ansible.builtin.lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "http.port: {{ elasticsearch_http_port }}"
+    regexp: "^http.port:"
+    insertafter: "^http.host:"
+  when: elasticsearch_http_port | default("", True) | length > 0
+  tags:
+    - config
+
+- name: Configure transport host
+  ansible.builtin.lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "transport.host: {{ elasticsearch_transport_host }}"
+    regexp: "^transport.host:"
+    insertafter: "^# *transport.host:"
+  when: elasticsearch_transport_host | default("", True) | length > 0
+  tags:
+    - config
+
+- name: Configure transport publish_host
+  ansible.builtin.lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "transport.publish_host: {{ elasticsearch_transport_publish_host }}"
+    regexp: "^transport.publish_host:"
+    insertafter: "^transport.host:"
+  when: elasticsearch_transport_publish_host | default("", True) | length > 0
+  tags:
+    - config
+
+- name: Configure transport port
+  ansible.builtin.lineinfile:
+    dest: /etc/elasticsearch/elasticsearch.yml
+    line: "transport.port: {{ elasticsearch_transport_port }}"
+    regexp: "^transport.port:"
+    insertafter: "^transport.host:"
+  when: elasticsearch_transport_port | default("", True) | length > 0
+  tags:
+    - config
+
 - name: Configure discovery seed hosts
   ansible.builtin.lineinfile:
     dest: /etc/elasticsearch/elasticsearch.yml
     line: "discovery.seed_hosts: {{ elasticsearch_discovery_seed_hosts | to_yaml(default_flow_style=True) }}"
     regexp: "^discovery.seed_hosts:"
+    insertafter: "^# *discovery.seed_hosts:"
   when: elasticsearch_discovery_seed_hosts | default([], True) | length > 0
   tags:
     - config