hinzufügen von ILM und Templates in der Elastic Rolle

2 years ago · 5c2316747d
parent aef0b9652a
commit 5c2316747d
6 changed files with 117 additions and 23 deletions
--- a/group_vars/all/elastic.yml
+++ b/group_vars/all/elastic.yml
@ -1,6 +1,16 @@
 ---
 elastic_cluster_settings_max_shards: 1000
 # We use a proxy due to blocked ip addresses by elastic
 filebeat_image_name: "{{ shared_service_hostname_harbor }}/docker.elastic.co/beats/filebeat"
 metricbeat_image_name: "{{ shared_service_hostname_harbor }}/docker.elastic.co/beats/metricbeat"
 elastic_cluster_settings_max_shards: 1000
 ilm_configuration:
  - name: default_housekeeping
    strategy: delete_after
    retention: 60d
    priority: 200
    template: "default_housekeeping"
    patterns:
      - "{{ stage }}-*"
      - "uncategorized-*"
--- a/roles/elastic/tasks/main.yaml
+++ b/roles/elastic/tasks/main.yaml
@ -5,6 +5,7 @@
 ###   update_config
 ###   update_settings
 ###   update_deployment
 ###   update_ilm_configuration
 - name: "Check if {{ elastic_id }}/docker-compose.yml exists"
  stat:
@ -87,3 +88,4 @@
  tags:
    - update_config
    - update_settings
    - update_ilm_configuration
--- a/roles/elastic/tasks/update_settings.yml
+++ b/roles/elastic/tasks/update_settings.yml
@ -1,6 +1,8 @@
 ---
 ### tags:
 ###   update_config
 ###   update_settings
 ###   update_ilm_configuration
 - name: "Wait for <https://{{ inventory_hostname }}:9200>"
  ansible.builtin.uri:
@ -46,3 +48,51 @@
  tags:
    - update_config
    - update_settings
 - name: "Create/Update ILM Policies"
  ansible.builtin.uri:
    url: "https://localhost:9200/_ilm/policy/{{ configuration.name }}"
    user: "{{ elastic_admin_username }}"
    password: "{{ elastic_admin_password }}"
    ca_path: "{{ service_base_path }}/{{ elastic_id }}/certs/ca/ca.crt"
    method: PUT
    headers:
      Content-Type: "application/json"
      Accept: "application/json"
    body_format: json
    body: "{{ lookup('template', configuration.strategy + '_policy.j2') }}"
    force_basic_auth: true
    status_code: [200]
  when:
    - inventory_hostname == groups['elastic'][0]
  tags:
    - update_config
    - update_settings
    - update_ilm_configuration
  loop: "{{ ilm_configuration }}"
  loop_control:
    loop_var: configuration
 - name: "Create/Update Index Templates"
  ansible.builtin.uri:
    url: "https://localhost:9200/_index_template/{{ configuration.template }}"
    user: "{{ elastic_admin_username }}"
    password: "{{ elastic_admin_password }}"
    ca_path: "{{ service_base_path }}/{{ elastic_id }}/certs/ca/ca.crt"
    method: PUT
    headers:
      Content-Type: "application/json"
      Accept: "application/json"
    body_format: json
    body: "{{ lookup('template', configuration.strategy + '_template.j2') }}"
    force_basic_auth: true
    status_code: 200
  when:
    - inventory_hostname == groups['elastic'][0]
  tags:
    - update_config
    - update_settings
    - update_ilm_configuration
  loop: "{{ ilm_configuration }}"
  loop_control:
    loop_var: configuration
--- a/roles/elastic/templates/delete_after_policy.j2
+++ b/roles/elastic/templates/delete_after_policy.j2
@ -0,0 +1,22 @@
 {
  "policy": {
    "phases": {
      "hot": {
        "min_age": "0ms",
        "actions": {}
      },
      "delete": {
        "min_age": "{{ configuration.retention }}",
        "actions": {
          "delete": {
            "delete_searchable_snapshot": true
          }
        }
      }
    },
    "_meta": {
      "description": "ILM Policy for {{ configuration.retention }} delete",
      "managed": true
    }
  }
 }
--- a/roles/elastic/templates/delete_after_template.j2
+++ b/roles/elastic/templates/delete_after_template.j2
@ -0,0 +1,10 @@
 {
  "priority": {{ configuration.priority }},
  "template": {
    "settings": {
       "index.lifecycle.name": "{{ configuration.name }}"
    },
    "mappings": {}
  },
  "index_patterns": {{ configuration.patterns | to_json }}
 }
--- a/roles/pgadmin4/vars/main.yml
+++ b/roles/pgadmin4/vars/main.yml
@ -12,7 +12,7 @@ pgadmin4_docker:
    services:
      [
        {
-          name: "init-pgadmin",
+          name: "{{ pgadmin_id }}-init",
          image_name: "{{ pgadmin4_image_name }}",
          image_version: "{{ pgadmin4_version }}",
          restart: '"on-failure:20"',
@ -47,26 +47,26 @@ pgadmin4_docker:
              '"traefik.http.services.{{ pgadmin_id }}.loadbalancer.server.port={{ http_port }}"',
            ],
          environment: [
-            'PGADMIN_DEFAULT_EMAIL: "{{ pgadmin4_admin_username }}"',
+              'PGADMIN_DEFAULT_EMAIL: "{{ pgadmin4_admin_username }}"',
-            'PGADMIN_DEFAULT_PASSWORD: "{{ pgadmin4_admin_password }}"',
+              'PGADMIN_DEFAULT_PASSWORD: "{{ pgadmin4_admin_password }}"',
-            'PGADMIN_CONFIG_CONSOLE_LOG_LEVEL: "20"',
+              'PGADMIN_CONFIG_CONSOLE_LOG_LEVEL: "20"',
-            'PGADMIN_CONFIG_AUTHENTICATION_SOURCES: "[''oauth2'',''internal'']"',
+              'PGADMIN_CONFIG_AUTHENTICATION_SOURCES: "[''oauth2'',''internal'']"',
-            'PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER: "True"',
+              'PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER: "True"',
-            'PGADMIN_CONFIG_OAUTH2_CONFIG: "[{
+              'PGADMIN_CONFIG_OAUTH2_CONFIG: "[{
-            ''OAUTH2_NAME'': ''keycloak'',
+              ''OAUTH2_NAME'': ''keycloak'',
-            ''OAUTH2_DISPLAY_NAME'': ''Keycloak'',
+              ''OAUTH2_DISPLAY_NAME'': ''Keycloak'',
-            ''OAUTH2_CLIENT_ID'': ''{{ pgadmin4_oidc_client_id }}'',
+              ''OAUTH2_CLIENT_ID'': ''{{ pgadmin4_oidc_client_id }}'',
-            ''OAUTH2_CLIENT_SECRET'': ''{{ pgadmin4_oidc_client_secret }}'',
+              ''OAUTH2_CLIENT_SECRET'': ''{{ pgadmin4_oidc_client_secret }}'',
-            ''OAUTH2_TOKEN_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/protocol/openid-connect/token'',
+              ''OAUTH2_TOKEN_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/protocol/openid-connect/token'',
-            ''OAUTH2_AUTHORIZATION_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/protocol/openid-connect/auth'',
+              ''OAUTH2_AUTHORIZATION_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/protocol/openid-connect/auth'',
-            ''OAUTH2_API_BASE_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/protocol/openid-connect/'',
+              ''OAUTH2_API_BASE_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/protocol/openid-connect/'',
-            ''OAUTH2_USERINFO_ENDPOINT'': ''userinfo'',
+              ''OAUTH2_USERINFO_ENDPOINT'': ''userinfo'',
-            ''OAUTH2_BUTTON_COLOR'': ''#3253a8'',
+              ''OAUTH2_BUTTON_COLOR'': ''#3253a8'',
-            ''OAUTH2_SCOPE'': ''openid email profile'',
+              ''OAUTH2_SCOPE'': ''openid email profile'',
-            ''OAUTH2_USERNAME_CLAIM'': ''sub'',
+              ''OAUTH2_USERNAME_CLAIM'': ''sub'',
-            ''OAUTH2_SERVER_METADATA_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/.well-known/openid-configuration''
+              ''OAUTH2_SERVER_METADATA_URL'': ''{{ shared_service_url_keycloak }}/auth/realms/{{ pgadmin4_oidc_realm }}/.well-known/openid-configuration''
-            }]"',
+              }]"',
-          ],
+            ],
          volumes: ["pgadmin_data:/var/lib/pgadmin"],
          networks: [front-tier, back-tier],
          extra_hosts: "{{ pgadmin_extra_hosts | default([]) }}",