ansible/roles/elasticsearch/tasks/main.yml - fluo-muchos - Git at Google

 ---
 #
 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #

 #
 # Installing Elasticsearch
 #

 # Add the Elasticsearch yum repo.
 - name: "download elasticsearch rpm"
   get_url:
   args:
     url: https://artifacts.elastic.co/downloads/elasticsearch/{{ elasticsearch_rpm }}
     dest: /tmp/{{ elasticsearch_rpm }}
     checksum: "{{ elasticsearch_checksum }}"
     force: no

 - name: "Import GPG key for CentOS 8.0 and later"
   become: true
   rpm_key:
     key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
     state: present
   when: ansible_facts['distribution_version'] is version('8.0', '>=')

 # Install elasticsearch
 - name: "ensure elasticsearch is installed"
   become: true
   yum:
     name: /tmp/{{ elasticsearch_rpm }}
     state: present

 # Update Elasticsearch config file to allow access (to secure Elasticsearch, bind to 'localhost').
 - name: Updating the config file to allow outside access
   lineinfile:
     destfile: /etc/elasticsearch/elasticsearch.yml
     regexp: "network.host:"
     line: "network.host: 0.0.0.0"
   become: true

 # Update Elasticsearch port in config file
 - name: Updating the port in config file
   lineinfile:
     destfile: /etc/elasticsearch/elasticsearch.yml
     regexp: "http.port:"
     line: "http.port: 9200"
   become: true

 # Update Discovery Settings in config file
 - name: Update the Discovery Seed Host
   lineinfile:
     destfile: /etc/elasticsearch/elasticsearch.yml
     regexp: "discovery.seed_hosts:"
     line: "discovery.seed_hosts: [\"{{ groups['elkserver'][0] }}\"]"
   become: true

 # Update Discovery Settings in config file
 - name: Update the Discovery Seed Host
   lineinfile:
     destfile: /etc/elasticsearch/elasticsearch.yml
     regexp: "cluster.initial_master_nodes:"
     line: "cluster.initial_master_nodes: [\"{{ groups['elkserver'][0] }}\"]"
   become: true

 # Enable Elasticsearch
 - name: Enable Elasticsearch
   service:
     name: elasticsearch
     enabled: yes
   become: true

 - name: remove jndi plugin from log4j jar to mitigate log4shell
   shell: zip -q -d /usr/share/elasticsearch/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
   become: true

 # Restart Elasticsearch
 - name: Start Elasticsearch
   service:
     name: elasticsearch
     state: started
   become: yes
	---
	#
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#

	#
	# Installing Elasticsearch
	#

	# Add the Elasticsearch yum repo.
	- name: "download elasticsearch rpm"
	get_url:
	args:
	url: https://artifacts.elastic.co/downloads/elasticsearch/{{ elasticsearch_rpm }}
	dest: /tmp/{{ elasticsearch_rpm }}
	checksum: "{{ elasticsearch_checksum }}"
	force: no

	- name: "Import GPG key for CentOS 8.0 and later"
	become: true
	rpm_key:
	key: https://artifacts.elastic.co/GPG-KEY-elasticsearch
	state: present
	when: ansible_facts['distribution_version'] is version('8.0', '>=')

	# Install elasticsearch
	- name: "ensure elasticsearch is installed"
	become: true
	yum:
	name: /tmp/{{ elasticsearch_rpm }}
	state: present

	# Update Elasticsearch config file to allow access (to secure Elasticsearch, bind to 'localhost').
	- name: Updating the config file to allow outside access
	lineinfile:
	destfile: /etc/elasticsearch/elasticsearch.yml
	regexp: "network.host:"
	line: "network.host: 0.0.0.0"
	become: true

	# Update Elasticsearch port in config file
	- name: Updating the port in config file
	lineinfile:
	destfile: /etc/elasticsearch/elasticsearch.yml
	regexp: "http.port:"
	line: "http.port: 9200"
	become: true

	# Update Discovery Settings in config file
	- name: Update the Discovery Seed Host
	lineinfile:
	destfile: /etc/elasticsearch/elasticsearch.yml
	regexp: "discovery.seed_hosts:"
	line: "discovery.seed_hosts: [\"{{ groups['elkserver'][0] }}\"]"
	become: true

	# Update Discovery Settings in config file
	- name: Update the Discovery Seed Host
	lineinfile:
	destfile: /etc/elasticsearch/elasticsearch.yml
	regexp: "cluster.initial_master_nodes:"
	line: "cluster.initial_master_nodes: [\"{{ groups['elkserver'][0] }}\"]"
	become: true

	# Enable Elasticsearch
	- name: Enable Elasticsearch
	service:
	name: elasticsearch
	enabled: yes
	become: true

	- name: remove jndi plugin from log4j jar to mitigate log4shell
	shell: zip -q -d /usr/share/elasticsearch/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
	become: true

	# Restart Elasticsearch
	- name: Start Elasticsearch
	service:
	name: elasticsearch
	state: started
	become: yes