---

elastic_id: "{{ inventory_hostname }}-elastic"
elastic_exporter_id: "{{ inventory_hostname }}-elastic-exporter"

elastic_docker: {
  networks: [
    {
      name: back-tier,
      external: true,
    },
  ],
  volumes: [
    {
      name: "{{ elastic_id }}-data"
    },
  ],
  services: [
    {
      name: "{{ elastic_id }}",
      image_name: "{{ elastic_image_name }}",
      image_version: "{{ elastic_image_version }}",
      environment: [
        "ES_JAVA_OPTS: -Xms{{ JVM_HEAP_MB | default((ansible_memtotal_mb / 2) | round | int) }}m -Xmx{{ JVM_HEAP_MB | default((ansible_memtotal_mb / 2) | round | int) }}m",
        "ELASTIC_PASSWORD: \"{{ elastic_admin_password }}\"",
        "node.name: \"{{ inventory_hostname }}\"",
        "cluster.name: \"{{ stage }}-elastic-stack\"",
        "discovery.seed_hosts: {{ groups['elastic']
          | difference([inventory_hostname])
          | join(',') }}",
        "cluster.initial_master_nodes: {{ groups['elastic']
          | join(',')}}",
        "bootstrap.memory_lock: \"true\"",
        "network.publish_host: {{ elastic_stack_network[inventory_hostname] }}",
        "xpack.security.enabled: \"true\"",
        "xpack.security.http.ssl.enabled: \"true\"",
        "xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/certificates/ca/ca.crt",
        "xpack.security.http.ssl.key: /usr/share/elasticsearch/config/certificates/{{ inventory_hostname }}/{{ inventory_hostname }}.key",
        "xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/certificates/{{ inventory_hostname }}/{{ inventory_hostname }}.crt",
        "xpack.security.transport.ssl.enabled: \"true\"",
        "xpack.security.transport.ssl.certificate_authorities: /usr/share/elasticsearch/config/certificates/ca/ca.crt",
        "xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/certificates/{{ inventory_hostname }}/{{ inventory_hostname }}.key",
        "xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/certificates/{{ inventory_hostname }}/{{ inventory_hostname }}.crt",
        "xpack.security.transport.ssl.verification_mode: certificate",
      ],
      volumes: [
        '"{{ elastic_id }}-data:/usr/share/elasticsearch/data"',
        '"./certs:/usr/share/elasticsearch/config/certificates:ro"',
        '"./config/roles.yml:/usr/share/elasticsearch/config/roles.yml:ro"',
      ],
      networks: [
        '"back-tier"',
      ],
      extra_hosts: "{{ elastic_extra_hosts | default([]) }}",
      ports: [
        {
          "external": "9200",
          "internal": "9200",
        },
        {
          "external": "9300",
          "internal": "9300",
        },
      ],
      lines: [
        "ulimits:",
        "  memlock:",
        "    soft: -1",
        "    hard: -1",
        "healthcheck:",
        "  test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi",
        "  interval: 30s",
        "  timeout: 10s",
        "  retries: 5",
      ]
    },
    {
      name: "{{ elastic_exporter_id }}",
      image_name: "{{ elasticsearch_exporter_image_name }}",
      image_version: "{{ elasticsearch_exporter_image_version }}",
      command: [
        '"--es.ca=/certificates/ca/ca.crt"',
        '"--es.uri=https://{{ elastic_admin_username }}:{{ elastic_admin_password }}@{{ inventory_hostname }}:9200"',
      ],
      volumes: [
        '"./certs:/certificates:ro"',
      ],
      networks: [
        '"back-tier"',
      ],
      extra_hosts: "{{ elastic_extra_hosts | default([]) }}",
      ports: [
        {
          "external": "{{ monitor_port_elastic }}",
          "internal": "9114",
        },
      ],
    },
  ],
}