gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e03c7b8ea4'
${ noResults }
hetzner-ansible/roles/elastic/vars/main.yml

182 lines
7.0 KiB
YAML
Raw Blame History

---
elastic_id: "{{ service_name }}-elastic"
kibana_id: "{{ service_name }}-kibana"
logstash_id: "{{ service_name }}-logstash"
elastic_exporter_id: "{{ service_name }}-elastic-exporter"
kibana_labels: [
'"traefik.enable=true"',
'"traefik.http.routers.{{ kibana_id }}.service={{ kibana_id }}"',
'"traefik.http.routers.{{ kibana_id }}.rule=Host(`{{ stage_server_name }}-kibana.{{ domain }}`)"',
'"traefik.http.routers.{{ kibana_id }}.entrypoints=websecure"',
'"traefik.http.routers.{{ kibana_id }}.tls=true"',
'"traefik.http.routers.{{ kibana_id }}.tls.certresolver=letsencrypt"',
'"traefik.http.services.{{ kibana_id }}.loadbalancer.server.port={{ service_port_kibana }}"',
]
elastic_docker: {
networks: [
{
name: back-tier,
external: true,
},
{
name: front-tier,
external: true,
},
],
volumes: [
{
name: "{{ elastic_id }}-data"
},
{
name: "{{ logstash_id }}-data"
}
],
services: [
{
name: "{{ elastic_id }}",
image_name: "{{ elastic_image_name }}",
image_version: "{{ elastic_image_version }}",
environment: [
"ES_JAVA_OPTS: -Xms{{ JVM_HEAP_MB | default((ansible_memtotal_mb / 2) | round | int) }}m -Xmx{{ JVM_HEAP_MB | default((ansible_memtotal_mb / 2) | round | int) }}m",
"ELASTIC_PASSWORD: \"{{ elastic_admin_password }}\"",
"node.name: \"{{ elastic_id }}\"",
"cluster.name: dev-elastic-stack",
"discovery.seed_hosts: {{ groups['elastic']
| difference([inventory_hostname])
| product(['elastic'])
| map('join', '-')
| join(',') }}",
"cluster.initial_master_nodes: {{ groups['elastic']
| product(['elastic'])
| map('join', '-')
| join(',')}}",
"bootstrap.memory_lock: \"true\"",
"network.publish_host: {{ elastic_stack_network[inventory_hostname] }}",
"xpack.security.enabled: \"true\"",
"xpack.security.http.ssl.enabled: \"true\"",
"xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/certificates/ca/ca.crt",
"xpack.security.http.ssl.key: /usr/share/elasticsearch/config/certificates/{{ elastic_id }}/{{ elastic_id }}.key",
"xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/certificates/{{ elastic_id }}/{{ elastic_id }}.crt",
"xpack.security.transport.ssl.enabled: \"true\"",
"xpack.security.transport.ssl.certificate_authorities: /usr/share/elasticsearch/config/certificates/ca/ca.crt",
"xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/certificates/{{ elastic_id }}/{{ elastic_id }}.key",
"xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/certificates/{{ elastic_id }}/{{ elastic_id }}.crt",
"xpack.security.transport.ssl.verification_mode: certificate",
],
volumes: [
'"{{ elastic_id }}-data:/usr/share/elasticsearch/data"',
'"./certs:/usr/share/elasticsearch/config/certificates:ro"',
'"./config/roles.yml:/usr/share/elasticsearch/config/roles.yml:ro"',
],
networks: [
'"back-tier"',
],
extra_hosts: "{{ elastic_extra_hosts | default([]) }}",
ports: [
{
"external": "9200",
"internal": "9200",
},
{
"external": "9300",
"internal": "9300",
},
],
lines: [
"ulimits:",
" memlock:",
" soft: -1",
" hard: -1",
"healthcheck:",
" test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi",
" interval: 30s",
" timeout: 10s",
" retries: 5",
]
},
{
name: "{{ kibana_id }}",
image_name: "{{ kibana_image_name }}",
image_version: "{{ kibana_image_version }}",
labels: "{{ kibana_labels + ( kibana_labels_additional | default([])) }}",
environment: [
"SERVER_NAME: {{ kibana_id }}",
"SERVER_PUBLICBASEURL: https://{{ stage_server_name }}-kibana.{{ domain }}",
"ELASTICSEARCH_URL: https://{{ elastic_id }}:9200",
"ELASTICSEARCH_HOSTS: '[\"https://{{ elastic_id }}:9200\"]'",
"ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES: /usr/share/elasticsearch/config/certificates/ca/ca.crt",
"ELASTICSEARCH_USERNAME: \"{{ elastic_admin_username }}\"",
"ELASTICSEARCH_PASSWORD: \"{{ elastic_admin_password }}\"",
],
volumes: [
'"./certs:/usr/share/elasticsearch/config/certificates:ro"',
],
networks: [
'"back-tier"',
'"front-tier"',
],
extra_hosts: "{{ elastic_extra_hosts | default([]) }}",
},
{
name: "{{ logstash_id }}",
image_name: "{{ logstash_image_name }}",
image_version: "{{ logstash_image_version }}",
environment: [
"node.name: \"{{ logstash_id }}\"",
"config.reload.automatic: \"true\"",
"pipeline.ecs_compatibility: v1",
"pipeline.ordered: \"false\"",
"xpack.monitoring.enabled: \"true\"",
"xpack.monitoring.elasticsearch.username: \"{{ elastic_admin_username }}\"",
"xpack.monitoring.elasticsearch.password: \"{{ elastic_admin_password }}\"",
"xpack.monitoring.elasticsearch.hosts: https://{{ elastic_id }}:9200",
"xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/certificates/ca/ca.crt",
],
volumes: [
'"{{ logstash_id }}-data:/usr/share/logstash/data"',
'"./config/logstash/pipeline:/usr/share/logstash/pipeline:ro"',
'"./certs:/usr/share/logstash/config/certificates:ro"',
],
networks: [
'"back-tier"',
],
extra_hosts: "{{ elastic_extra_hosts | default([]) }}",
ports: [
{
external: "5044",
internal: "5044",
},
],
},
{
name: "{{ elastic_exporter_id }}",
image_name: "{{ elasticsearch_exporter_image_name }}",
image_version: "{{ elasticsearch_exporter_image_version }}",
command: [
'"--es.ca=/certificates/ca/ca.crt"',
'"--es.uri=https://{{ elastic_admin_username }}:{{ elastic_admin_password }}@{{ elastic_id }}:9200"',
],
labels: [
'"traefik.enable=true"',
'"traefik.http.routers.{{ elastic_exporter_id }}.service={{ elastic_exporter_id }}"',
'"traefik.http.routers.{{ elastic_exporter_id }}.rule=Host(`{{ service_name }}.{{ domain }}`)"',
'"traefik.http.routers.{{ elastic_exporter_id }}.entrypoints=monitoring-docker"',
'"traefik.http.routers.{{ elastic_exporter_id }}.tls=true"',
'"traefik.http.routers.{{ elastic_exporter_id }}.tls.certresolver=letsencrypt"',
'"traefik.http.services.{{ elastic_exporter_id }}.loadbalancer.server.port=9114"',
],
volumes: [
'"./certs:/certificates:ro"',
],
networks: [
'"back-tier"',
'"front-tier"',
],
extra_hosts: "{{ elastic_extra_hosts | default([]) }}",
},
],
}
Reference in New Issue View Git Blame Copy Permalink