--- elastic_id: "{{ inventory_hostname }}-elastic" kibana_id: "{{ inventory_hostname }}-kibana" logstash_id: "{{ inventory_hostname }}-logstash" elastic_exporter_id: "{{ inventory_hostname }}-elastic-exporter" kibana_labels: [ '"traefik.enable=true"', '"traefik.http.routers.{{ kibana_id }}.service={{ kibana_id }}"', '"traefik.http.routers.{{ kibana_id }}.rule=Host(`{{ inventory_hostname }}-kibana.{{ domain }}`)"', '"traefik.http.routers.{{ kibana_id }}.entrypoints=websecure"', '"traefik.http.routers.{{ kibana_id }}.tls=true"', '"traefik.http.routers.{{ kibana_id }}.tls.certresolver=letsencrypt"', '"traefik.http.services.{{ kibana_id }}.loadbalancer.server.port={{ service_port_kibana }}"', ] elastic_docker: { networks: [ { name: back-tier, external: true, }, { name: front-tier, external: true, }, ], volumes: [ { name: "{{ elastic_id }}-data" }, { name: "{{ logstash_id }}-data" } ], services: [ { name: "{{ elastic_id }}", image_name: "{{ elastic_image_name }}", image_version: "{{ elastic_image_version }}", environment: [ "ES_JAVA_OPTS: -Xms{{ JVM_HEAP_MB | default((ansible_memtotal_mb / 2) | round | int) }}m -Xmx{{ JVM_HEAP_MB | default((ansible_memtotal_mb / 2) | round | int) }}m", "ELASTIC_PASSWORD: \"{{ elastic_admin_password }}\"", "node.name: \"{{ elastic_id }}\"", "cluster.name: dev-elastic-stack", "discovery.seed_hosts: {{ groups['elastic'] | difference([inventory_hostname]) | product(['elastic']) | map('join', '-') | join(',') }}", "cluster.initial_master_nodes: {{ groups['elastic'] | product(['elastic']) | map('join', '-') | join(',')}}", "bootstrap.memory_lock: \"true\"", "network.publish_host: {{ elastic_stack_network[inventory_hostname] }}", "xpack.security.enabled: \"true\"", "xpack.security.http.ssl.enabled: \"true\"", "xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/certificates/ca/ca.crt", "xpack.security.http.ssl.key: /usr/share/elasticsearch/config/certificates/{{ elastic_id }}/{{ elastic_id }}.key", "xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/certificates/{{ elastic_id }}/{{ elastic_id }}.crt", "xpack.security.transport.ssl.enabled: \"true\"", "xpack.security.transport.ssl.certificate_authorities: /usr/share/elasticsearch/config/certificates/ca/ca.crt", "xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/certificates/{{ elastic_id }}/{{ elastic_id }}.key", "xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/certificates/{{ elastic_id }}/{{ elastic_id }}.crt", "xpack.security.transport.ssl.verification_mode: certificate", ], volumes: [ '"{{ elastic_id }}-data:/usr/share/elasticsearch/data"', '"./certs:/usr/share/elasticsearch/config/certificates:ro"', '"./config/roles.yml:/usr/share/elasticsearch/config/roles.yml:ro"', ], networks: [ '"back-tier"', ], extra_hosts: "{{ elastic_extra_hosts | default([]) }}", ports: [ { "external": "9200", "internal": "9200", }, { "external": "9300", "internal": "9300", }, ], lines: [ "ulimits:", " memlock:", " soft: -1", " hard: -1", "healthcheck:", " test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi", " interval: 30s", " timeout: 10s", " retries: 5", ] }, { name: "{{ kibana_id }}", image_name: "{{ kibana_image_name }}", image_version: "{{ kibana_image_version }}", labels: "{{ kibana_labels + ( kibana_labels_additional | default([])) }}", environment: [ "SERVER_NAME: {{ kibana_id }}", "SERVER_PUBLICBASEURL: https://{{ inventory_hostname }}-kibana.{{ domain }}", "ELASTICSEARCH_URL: https://{{ elastic_id }}:9200", "ELASTICSEARCH_HOSTS: '[\"https://{{ elastic_id }}:9200\"]'", "ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES: /usr/share/elasticsearch/config/certificates/ca/ca.crt", "ELASTICSEARCH_USERNAME: \"{{ elastic_admin_username }}\"", "ELASTICSEARCH_PASSWORD: \"{{ elastic_admin_password }}\"", ], volumes: [ '"./certs:/usr/share/elasticsearch/config/certificates:ro"', ], networks: [ '"back-tier"', '"front-tier"', ], extra_hosts: "{{ elastic_extra_hosts | default([]) }}", }, { name: "{{ logstash_id }}", image_name: "{{ logstash_image_name }}", image_version: "{{ logstash_image_version }}", environment: [ "node.name: \"{{ logstash_id }}\"", "config.reload.automatic: \"true\"", "pipeline.ecs_compatibility: v1", "pipeline.ordered: \"false\"", "xpack.monitoring.enabled: \"true\"", "xpack.monitoring.elasticsearch.username: \"{{ elastic_admin_username }}\"", "xpack.monitoring.elasticsearch.password: \"{{ elastic_admin_password }}\"", "xpack.monitoring.elasticsearch.hosts: https://{{ elastic_id }}:9200", "xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/certificates/ca/ca.crt", ], volumes: [ '"{{ logstash_id }}-data:/usr/share/logstash/data"', '"./config/logstash/pipeline:/usr/share/logstash/pipeline:ro"', '"./certs:/usr/share/logstash/config/certificates:ro"', ], networks: [ '"back-tier"', ], extra_hosts: "{{ elastic_extra_hosts | default([]) }}", ports: [ { external: "5044", internal: "5044", }, ], }, { name: "{{ elastic_exporter_id }}", image_name: "{{ elasticsearch_exporter_image_name }}", image_version: "{{ elasticsearch_exporter_image_version }}", command: [ '"--es.ca=/certificates/ca/ca.crt"', '"--es.uri=https://{{ elastic_admin_username }}:{{ elastic_admin_password }}@{{ elastic_id }}:9200"', ], labels: [ '"traefik.enable=true"', '"traefik.http.routers.{{ elastic_exporter_id }}.service={{ elastic_exporter_id }}"', '"traefik.http.routers.{{ elastic_exporter_id }}.rule=Host(`{{ inventory_hostname }}.{{ domain }}`)"', '"traefik.http.routers.{{ elastic_exporter_id }}.entrypoints=monitoring-docker"', '"traefik.http.routers.{{ elastic_exporter_id }}.tls=true"', '"traefik.http.routers.{{ elastic_exporter_id }}.tls.certresolver=letsencrypt"', '"traefik.http.services.{{ elastic_exporter_id }}.loadbalancer.server.port=9114"', ], volumes: [ '"./certs:/certificates:ro"', ], networks: [ '"back-tier"', '"front-tier"', ], extra_hosts: "{{ elastic_extra_hosts | default([]) }}", }, ], }