Elasticsearch role for Proserver
- Debian 12
- Ubuntu 24.04, 22.04
- FreeBSD Proserver
| Option | Description | Type | Required | Default |
|---|---|---|---|---|
use_dehydrated |
Whether to configure an SSL certificate and a reverse proxy for Elasticsearch. If set to true, will use ansible-proserver-nginx and ansible-proserver-dehydrated to set up an Nginx-based reverse proxy with a valid SSL certificate that listens on 0.0.0.0:443. By default, HTTPS-01 challenge will be used to create the SSL certificate. In order for this to work, elasticsearch.domain has to be set to a valid, DNS-resolveable FQDN (defaults to inventory_hostname). Please consult the documentation of ansible-proserver-dehydrated for other available challenges |
bool | no | False |
domain |
A domain that will be used for the Elasticsearch cluster name as well as reverse proxy (the latter only applies when elasticsearch.use_dehydrated is set) |
str | no | {{ inventory_hostname }} |
version |
The major version of Elasticsearch to be configured/installed. If set to >=8, will require setting the password for the elastic superuser (`elasticsearch.users.builtin.elastic.password), since security is enabled by default starting with Elasticsearch 8.x |
int | no | 8 |
users |
Allows for setting passwords for Elasticsearch users As of now, only supports setting the password for the elastic user (elasticsearch.users.builtin.elastic.password) |
dict | yes | |
prefix |
Sets folders/prefixes for Elasticsearch directories | dict of 'prefix' options | yes | |
transport_security |
Settings for transport security (disabled by default) | dict of 'transport_security' options | yes | |
elasticsearch.yml |
Allows to define options included in the elasticsearch.yml file Consult defaults/main.yml for options set by default, and https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html for a guide on how to configure Elasticsearch | dict | yes | |
log4j2.properties |
Allows to define options included in the log4j2.properties file | dict | no | |
jvm.options |
Allows to define options included in the log4j2.properties file Consult defaults/main.yml for options set by default | dict | yes | |
repository |
dict of 'repository' options | yes | ||
plugins |
Will install the specified plugins using the elasticsearch-plugin install command |
dict | no | |
http_proxy |
Specifies HTTP proxy to be used for Elasticsearch commands that require Internet access (e.g. elasticsearch-plugin) | str | no |
| Option | Description | Type | Required | Default |
|---|---|---|---|---|
config |
Path for configuration files (e.g. elasticsearch.yml) Defaults to /etc/elasticsearch on Linux and /usr/local/etc/elasticsearch on other systems | str | yes | |
bin |
Path for Elasticsearch binaries (e.g. elasticsearch-keystore) Defaults to /usr/share/elasticsearch/bin on Linux and /usr/local/lib/elasticsearch/bin on other systems | str | yes | |
plugins |
Path for installing Elasticsearch plugins Defaults to /usr/share/elasticsearch/plugins on Linux and /usr/local/lib/elasticsearch/plugins on other systems | str | yes |
| Option | Description | Type | Required | Default |
|---|---|---|---|---|
ca_from |
The inventory hostname of the machine which should generate the CA for transport security. Setting this variable activates transport security The resulting CA will then be copied to all the other inventory members which satisfy the following requirements * ansible-proserver-elasticsearch role is executed on the machine * The machine has the elasticsearch.transport_security.ca_from variable set which is not equal to the machine's inventory_hostname` The certificates will be generated on every machine in the cluster individually using this CA. |
str | no | |
cert_dns |
Domain names for which the transport security certificate will be generated Includes inventory_hostname and ansible_nodename of the current node by default | list of 'str' | no | {{ [inventory_hostname] + [ansible_nodename] }} |
cert_ips |
IP addresses for which the transport security certificate will be generated Includes all of the machine's IPv4 and IPv6 addresses by default | list of 'str' | no | {{ ansible_all_ipv4_addresses + ansible_all_ipv6_addresses }} |
| Option | Description | Type | Required | Default |
|---|---|---|---|---|
apt |
Configuration options for APT repository used to install Elasticsearch (only applies for Debian-based systems) | dict of 'apt' options | yes |
| Option | Description | Type | Required | Default |
|---|---|---|---|---|
key_url |
str | no | https://artifacts.elastic.co/GPG-KEY-elasticsearch | |
repository |
str | no | https://artifacts.elastic.co/packages/{{ vars.elasticsearch.version }}.x/apt |
- dehydrated
- Condition:
elasticsearch.use_dehydrated
- Condition:
- nginx
- Condition:
elasticsearch.use_dehydrated
- Condition:
Add this role to the requirements.yml of your playbook as follows:
roles:
- name: ansible-proserver-elasticsearch
src: https://github.com/punktDe/ansible-proserver-elasticsearchAfterwards, install the role by running ansible-galaxy install -r requirements.yml
- hosts: all
roles:
- name: elasticsearch