zammad: Installiere Opensearch statt ES

defaults/main.yml

@@ -1,8 +1,10 @@
 ---
-es_version: "7.10.2"
-es_url: "https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-{{ es_version }}-amd64.deb"
-es_dl_path: /data
-es_attachment_max_size: "50"
+opensearch:
+  apt_key_url: https://artifacts.opensearch.org/publickeys/opensearch.pgp
+  apt_repo: https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main
+  network_host: 127.0.0.1
+  http_port: 9200
+  attachment_max_size: 50
 
 ruby_path: "{{ zammad_user_home }}/.rbenv"
 ruby_bin_path: "{{ ruby_path }}/versions/{{ ruby_version }}/bin"

files/elasticsearch.monit

@@ -1,5 +0,0 @@
-check process elasticsearch with pidfile /run/elasticsearch/elasticsearch.pid
-  start program = "/usr/sbin/service elasticsearch start"
-  stop program = "/usr/sbin/service elasticsearch stop"
-  if failed host 127.0.0.1 port 9200 for 3 cycles then restart
-  if 5 restarts within 5 cycles then timeout

tasks/elastic.yml

@@ -1,83 +0,0 @@
-- name: "elastic | Hole Paket"
-  get_url:
-    url: "{{ es_url }}"
-    dest: "{{ es_dl_path }}"
-  when: "'elasticsearch-oss' not in ansible_facts.packages"
-
-- name: "elastic | Installiere Paket"
-  command: "dpkg -i elasticsearch-oss-{{ es_version }}-amd64.deb"
-  args:
-    chdir: "{{ es_dl_path }}"
-  when: "'elasticsearch-oss' not in ansible_facts.packages"
-
-- name: "elastic | Prüfe Plugin"
-  stat:
-    path: /usr/share/elasticsearch/plugins/ingest-attachment
-  register: ingest_plugin
-
-# https://www.elastic.co/guide/en/elasticsearch/plugins/current/installation.html
-# Installiert die zur ES passende Plugin-Version - 7.10.2 (OSS)
-- name: "eleastic | Installiere Plugin"
-  command: elasticsearch-plugin install ingest-attachment --batch
-  when: ingest_plugin.stat.exists == False
-
-- name: "elastic | Passe Konfiguration an"
-  lineinfile:
-    path: /etc/elasticsearch/elasticsearch.yml
-    line: "{{ item }}"
-  loop:
-    - 'http.max_content_length: 400mb'
-    - 'indices.query.bool.max_clause_count: 2000'
-
-- name: "elastic | Kopiere Fix für CVE-2021-44228"
-  copy:
-    src: nolog4j0day.options
-    dest: /etc/elasticsearch/jvm.options.d/nolog4j0day.options
-
-- name: "elastic | Starte Dienst"
-  systemd:
-    name: elasticsearch
-    state: started
-    daemon_reload: yes
-
-- name: "elastic | Konfiguriere ES-Server-Adresse"
-  shell:
-    cmd: rbenv exec bundle exec rails r "Setting.set('es_url', 'http://127.0.0.1:9200')"
-    chdir: "{{ zammad_home }}"
-  environment:
-    RAILS_ENV: production
-  become: true
-  become_user: "{{ zammad_user }}"
-
-- name: "elastic | Erstelle Such-Index"
-  shell:
-    cmd: rbenv exec bundle exec rake zammad:searchindex:rebuild
-    chdir: "{{ zammad_home }}"
-  environment:
-    RAILS_ENV: production
-  become: true
-  become_user: "{{ zammad_user }}"
-
-- name: "elastic | Konfiguriere Datei-Erweiterungen"
-  shell:
-    cmd: rbenv exec bundle exec rails r "Setting.set('es_attachment_ignore', [ '.png', '.jpg', '.jpeg', '.mpeg', '.mpg', '.mov', '.bin', '.exe', '.box', '.mbox' ] )"
-    chdir: "{{ zammad_home }}"
-  environment:
-    RAILS_ENV: production
-  become: true
-  become_user: "{{ zammad_user }}"
-
-- name: "elastic | Konfiguriere Datei-Größen"
-  shell:
-    cmd: rbenv exec bundle exec rails r "Setting.set('es_attachment_max_size_in_mb', {{ es_attachment_max_size }})"
-    chdir: "{{ zammad_home }}"
-  environment:
-    RAILS_ENV: production
-  become: true
-  become_user: "{{ zammad_user }}"
-
-- name: "elastic | Richte Monit-Überwachung ein"
-  copy:
-    src: elasticsearch.monit
-    dest: /etc/monit/conf-enabled/elasticsearch
-  notify: reload monit

tasks/main.yml

@@ -37,5 +37,5 @@
 - import_tasks: gateway.yml
   tags: gateway
 
-- import_tasks: elastic.yml
-  tags: elastic
+- import_tasks: opensearch.yml
+  tags: opensearch

tasks/opensearch.yml

@@ -0,0 +1,86 @@
+---
+- name: "Opensearch | Füge Schlüssel des Apt-Repositories hinzu"
+  ansible.builtin.apt_key:
+    url: "{{ opensearch.apt_key_url }}"
+
+- name: "Opensearch | Füge Repository hinzu"
+  ansible.builtin.apt_repository:
+    repo: "deb {{ opensearch.apt_repo }}"
+    update_cache: true
+
+- name: "Opensearch | Installiere deb-Paket"
+  ansible.builtin.apt:
+    name: opensearch
+
+- name: "Opensearch | Installiere Ingest-Plugin"
+  ansible.builtin.command:
+    cmd: ./opensearch-plugin install ingest-attachment --batch
+    chdir: /usr/share/opensearch/bin/
+    creates: /usr/share/opensearch/plugins/ingest-attachment
+  become: true
+  become_user: opensearch
+
+- name: "Opensearch | Kopiere Opensearch-Konfiguration"
+  ansible.builtin.template:
+    src: opensearch.yml
+    dest: /etc/opensearch/opensearch.yml
+    mode: 0644
+
+- name: "Opensearch | Starte Opensearch-Dienst"
+  ansible.builtin.systemd:
+    name: opensearch
+    enabled: true
+    state: started
+    daemon_reload: true
+
+- name: "Opensearch | Konfiguriere Dienst-Adresse"
+  ansible.builtin.shell:
+    cmd: rbenv exec bundle exec rails r "Setting.set('es_url', 'http://{{ opensearch.network_host }}:{{ opensearch.http_port }}')"
+    chdir: "{{ zammad_home }}"
+  environment:
+    RAILS_ENV: production
+  become: true
+  become_user: "{{ zammad_user }}"
+
+- name: "Opensearch | Konfiguriere Index-Namespacing"
+  ansible.builtin.shell:
+    cmd: rbenv exec bundle exec rails r "Setting.set('es_index', Socket.gethostname.downcase + '_zammad')"
+    chdir: "{{ zammad_home }}"
+  environment:
+    RAILS_ENV: production
+  become: true
+  become_user: "{{ zammad_user }}"
+
+- name: "Opensearch | Erstelle Such-Index"
+  ansible.builtin.shell:
+    cmd: rbenv exec bundle exec rake zammad:searchindex:rebuild
+    chdir: "{{ zammad_home }}"
+  environment:
+    RAILS_ENV: production
+  become: true
+  become_user: "{{ zammad_user }}"
+
+- name: "Opensearch | Konfiguriere Datei-Erweiterungen"
+  ansible.builtin.shell:
+    cmd: rbenv exec bundle exec rails r "Setting.set('es_attachment_ignore', [ '.png', '.jpg', '.jpeg', '.mpeg', '.mpg', '.mov', '.bin', '.exe', '.box', '.mbox' ] )"
+    chdir: "{{ zammad_home }}"
+  environment:
+    RAILS_ENV: production
+  become: true
+  become_user: "{{ zammad_user }}"
+
+- name: "Opensearch | Konfiguriere Datei-Größen"
+  ansible.builtin.shell:
+    cmd: rbenv exec bundle exec rails r "Setting.set('es_attachment_max_size_in_mb', {{ opensearch.attachment_max_size }})"
+    chdir: "{{ zammad_home }}"
+  environment:
+    RAILS_ENV: production
+  become: true
+  become_user: "{{ zammad_user }}"
+
+- name: "Opensearch | Richte Monit-Überwachung ein"
+  ansible.builtin.template:
+    src: opensearch.monit
+    dest: /etc/monit/conf-enabled/opensearch
+    mode: 0644
+  notify: reload monit

templates/opensearch.monit

@@ -0,0 +1,5 @@
+check process opensearch with pidfile /run/opensearch/opensearch.pid
+  start program = "/usr/sbin/service opensearch start"
+  stop program = "/usr/sbin/service opensearch stop"
+  if failed host {{ opensearch.network_host }} port {{ opensearch.http_port }} for 3 cycles then restart
+  if 5 restarts within 5 cycles then timeout

templates/opensearch.yml

@@ -0,0 +1,11 @@
+# {{ ansible_managed }}
+
+path.data: /var/lib/opensearch
+path.logs: /var/log/opensearch
+
+network.host: {{ opensearch.network_host }}
+http.port: {{ opensearch.http_port }}
+discovery.type: single-node
+
+compatibility.override_main_response_version: true
+plugins.security.disabled: true