diff --git a/group_vars/all/elastic.yml b/group_vars/all/elastic.yml index ea692ff..d231022 100644 --- a/group_vars/all/elastic.yml +++ b/group_vars/all/elastic.yml @@ -1,6 +1,16 @@ --- -elastic_cluster_settings_max_shards: 1000 - # We use a proxy due to blocked ip addresses by elastic filebeat_image_name: "{{ shared_service_hostname_harbor }}/docker.elastic.co/beats/filebeat" metricbeat_image_name: "{{ shared_service_hostname_harbor }}/docker.elastic.co/beats/metricbeat" + +elastic_cluster_settings_max_shards: 1000 + +ilm_configuration: + - name: default_housekeeping + strategy: delete_after + retention: 60d + priority: 200 + template: "default_housekeeping" + patterns: + - "{{ stage }}-*" + - "uncategorized-*" diff --git a/roles/elastic/tasks/main.yaml b/roles/elastic/tasks/main.yaml index 35f0f58..a7ad31a 100644 --- a/roles/elastic/tasks/main.yaml +++ b/roles/elastic/tasks/main.yaml @@ -5,6 +5,7 @@ ### update_config ### update_settings ### update_deployment +### update_ilm_configuration - name: "Check if {{ elastic_id }}/docker-compose.yml exists" stat: @@ -87,3 +88,4 @@ tags: - update_config - update_settings + - update_ilm_configuration diff --git a/roles/elastic/tasks/update_settings.yml b/roles/elastic/tasks/update_settings.yml index c1123b4..7f4ab88 100644 --- a/roles/elastic/tasks/update_settings.yml +++ b/roles/elastic/tasks/update_settings.yml @@ -1,6 +1,8 @@ --- ### tags: +### update_config ### update_settings +### update_ilm_configuration - name: "Wait for " ansible.builtin.uri: @@ -46,3 +48,51 @@ tags: - update_config - update_settings + +- name: "Create/Update ILM Policies" + ansible.builtin.uri: + url: "https://localhost:9200/_ilm/policy/{{ configuration.name }}" + user: "{{ elastic_admin_username }}" + password: "{{ elastic_admin_password }}" + ca_path: "{{ service_base_path }}/{{ elastic_id }}/certs/ca/ca.crt" + method: PUT + headers: + Content-Type: "application/json" + Accept: "application/json" + body_format: json + body: "{{ lookup('template', configuration.strategy + '_policy.j2') }}" + force_basic_auth: true + status_code: [200] + when: + - inventory_hostname == groups['elastic'][0] + tags: + - update_config + - update_settings + - update_ilm_configuration + loop: "{{ ilm_configuration }}" + loop_control: + loop_var: configuration + +- name: "Create/Update Index Templates" + ansible.builtin.uri: + url: "https://localhost:9200/_index_template/{{ configuration.template }}" + user: "{{ elastic_admin_username }}" + password: "{{ elastic_admin_password }}" + ca_path: "{{ service_base_path }}/{{ elastic_id }}/certs/ca/ca.crt" + method: PUT + headers: + Content-Type: "application/json" + Accept: "application/json" + body_format: json + body: "{{ lookup('template', configuration.strategy + '_template.j2') }}" + force_basic_auth: true + status_code: 200 + when: + - inventory_hostname == groups['elastic'][0] + tags: + - update_config + - update_settings + - update_ilm_configuration + loop: "{{ ilm_configuration }}" + loop_control: + loop_var: configuration diff --git a/roles/elastic/templates/delete_after_policy.j2 b/roles/elastic/templates/delete_after_policy.j2 new file mode 100644 index 0000000..1ac1433 --- /dev/null +++ b/roles/elastic/templates/delete_after_policy.j2 @@ -0,0 +1,22 @@ +{ + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": {} + }, + "delete": { + "min_age": "{{ configuration.retention }}", + "actions": { + "delete": { + "delete_searchable_snapshot": true + } + } + } + }, + "_meta": { + "description": "ILM Policy for {{ configuration.retention }} delete", + "managed": true + } + } +} \ No newline at end of file diff --git a/roles/elastic/templates/delete_after_template.j2 b/roles/elastic/templates/delete_after_template.j2 new file mode 100644 index 0000000..901c94c --- /dev/null +++ b/roles/elastic/templates/delete_after_template.j2 @@ -0,0 +1,10 @@ +{ + "priority": {{ configuration.priority }}, + "template": { + "settings": { + "index.lifecycle.name": "{{ configuration.name }}" + }, + "mappings": {} + }, + "index_patterns": {{ configuration.patterns | to_json }} +} \ No newline at end of file diff --git a/roles/pgadmin4/vars/main.yml b/roles/pgadmin4/vars/main.yml index 212d7f0..765f2ff 100644 --- a/roles/pgadmin4/vars/main.yml +++ b/roles/pgadmin4/vars/main.yml @@ -12,7 +12,7 @@ pgadmin4_docker: services: [ { - name: "init-pgadmin", + name: "{{ pgadmin_id }}-init", image_name: "{{ pgadmin4_image_name }}", image_version: "{{ pgadmin4_version }}", restart: '"on-failure:20"', @@ -47,26 +47,26 @@ pgadmin4_docker: '"traefik.http.services.{{ pgadmin_id }}.loadbalancer.server.port={{ http_port }}"', ], environment: [ - 'PGADMIN_DEFAULT_EMAIL: "{{ pgadmin4_admin_username }}"', - 'PGADMIN_DEFAULT_PASSWORD: "{{ pgadmin4_admin_password }}"', - 'PGADMIN_CONFIG_CONSOLE_LOG_LEVEL: "20"', - 'PGADMIN_CONFIG_AUTHENTICATION_SOURCES: "[''oauth2'',''internal'']"', - 'PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER: "True"', - 'PGADMIN_CONFIG_OAUTH2_CONFIG: "[{ - ''OAUTH2_NAME'': ''keycloak'', - ''OAUTH2_DISPLAY_NAME'': ''Keycloak'', - ''OAUTH2_CLIENT_ID'': ''{{ pgadmin4_oidc_client_id }}'', - ''OAUTH2_CLIENT_SECRET'': ''{{ pgadmin4_oidc_client_secret }}'', - ''OAUTH2_TOKEN_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/protocol/openid-connect/token'', - ''OAUTH2_AUTHORIZATION_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/protocol/openid-connect/auth'', - ''OAUTH2_API_BASE_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/protocol/openid-connect/'', - ''OAUTH2_USERINFO_ENDPOINT'': ''userinfo'', - ''OAUTH2_BUTTON_COLOR'': ''#3253a8'', - ''OAUTH2_SCOPE'': ''openid email profile'', - ''OAUTH2_USERNAME_CLAIM'': ''sub'', - ''OAUTH2_SERVER_METADATA_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/.well-known/openid-configuration'' - }]"', - ], + 'PGADMIN_DEFAULT_EMAIL: "{{ pgadmin4_admin_username }}"', + 'PGADMIN_DEFAULT_PASSWORD: "{{ pgadmin4_admin_password }}"', + 'PGADMIN_CONFIG_CONSOLE_LOG_LEVEL: "20"', + 'PGADMIN_CONFIG_AUTHENTICATION_SOURCES: "[''oauth2'',''internal'']"', + 'PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER: "True"', + 'PGADMIN_CONFIG_OAUTH2_CONFIG: "[{ + ''OAUTH2_NAME'': ''keycloak'', + ''OAUTH2_DISPLAY_NAME'': ''Keycloak'', + ''OAUTH2_CLIENT_ID'': ''{{ pgadmin4_oidc_client_id }}'', + ''OAUTH2_CLIENT_SECRET'': ''{{ pgadmin4_oidc_client_secret }}'', + ''OAUTH2_TOKEN_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/protocol/openid-connect/token'', + ''OAUTH2_AUTHORIZATION_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/protocol/openid-connect/auth'', + ''OAUTH2_API_BASE_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/protocol/openid-connect/'', + ''OAUTH2_USERINFO_ENDPOINT'': ''userinfo'', + ''OAUTH2_BUTTON_COLOR'': ''#3253a8'', + ''OAUTH2_SCOPE'': ''openid email profile'', + ''OAUTH2_USERNAME_CLAIM'': ''sub'', + ''OAUTH2_SERVER_METADATA_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/.well-known/openid-configuration'' + }]"', + ], volumes: ["pgadmin_data:/var/lib/pgadmin"], networks: [front-tier, back-tier], extra_hosts: "{{ pgadmin_extra_hosts | default([]) }}",