diff --git a/defaults/main.yml b/defaults/main.yml index 5d7b164..3611078 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,8 +1,10 @@ --- -es_version: "7.10.2" -es_url: "https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-{{ es_version }}-amd64.deb" -es_dl_path: /data -es_attachment_max_size: "50" +opensearch: + apt_key_url: https://artifacts.opensearch.org/publickeys/opensearch.pgp + apt_repo: https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main + network_host: 127.0.0.1 + http_port: 9200 + attachment_max_size: 50 ruby_path: "{{ zammad_user_home }}/.rbenv" ruby_bin_path: "{{ ruby_path }}/versions/{{ ruby_version }}/bin" diff --git a/files/elasticsearch.monit b/files/elasticsearch.monit deleted file mode 100644 index b9835e3..0000000 --- a/files/elasticsearch.monit +++ /dev/null @@ -1,5 +0,0 @@ -check process elasticsearch with pidfile /run/elasticsearch/elasticsearch.pid - start program = "/usr/sbin/service elasticsearch start" - stop program = "/usr/sbin/service elasticsearch stop" - if failed host 127.0.0.1 port 9200 for 3 cycles then restart - if 5 restarts within 5 cycles then timeout diff --git a/tasks/elastic.yml b/tasks/elastic.yml deleted file mode 100644 index 1030d73..0000000 --- a/tasks/elastic.yml +++ /dev/null @@ -1,83 +0,0 @@ -- name: "elastic | Hole Paket" - get_url: - url: "{{ es_url }}" - dest: "{{ es_dl_path }}" - when: "'elasticsearch-oss' not in ansible_facts.packages" - -- name: "elastic | Installiere Paket" - command: "dpkg -i elasticsearch-oss-{{ es_version }}-amd64.deb" - args: - chdir: "{{ es_dl_path }}" - when: "'elasticsearch-oss' not in ansible_facts.packages" - -- name: "elastic | Prüfe Plugin" - stat: - path: /usr/share/elasticsearch/plugins/ingest-attachment - register: ingest_plugin - -# https://www.elastic.co/guide/en/elasticsearch/plugins/current/installation.html -# Installiert die zur ES passende Plugin-Version - 7.10.2 (OSS) -- name: "eleastic | Installiere Plugin" - command: elasticsearch-plugin install ingest-attachment --batch - when: ingest_plugin.stat.exists == False - -- name: "elastic | Passe Konfiguration an" - lineinfile: - path: /etc/elasticsearch/elasticsearch.yml - line: "{{ item }}" - loop: - - 'http.max_content_length: 400mb' - - 'indices.query.bool.max_clause_count: 2000' - -- name: "elastic | Kopiere Fix für CVE-2021-44228" - copy: - src: nolog4j0day.options - dest: /etc/elasticsearch/jvm.options.d/nolog4j0day.options - -- name: "elastic | Starte Dienst" - systemd: - name: elasticsearch - state: started - daemon_reload: yes - -- name: "elastic | Konfiguriere ES-Server-Adresse" - shell: - cmd: rbenv exec bundle exec rails r "Setting.set('es_url', 'http://127.0.0.1:9200')" - chdir: "{{ zammad_home }}" - environment: - RAILS_ENV: production - become: true - become_user: "{{ zammad_user }}" - -- name: "elastic | Erstelle Such-Index" - shell: - cmd: rbenv exec bundle exec rake zammad:searchindex:rebuild - chdir: "{{ zammad_home }}" - environment: - RAILS_ENV: production - become: true - become_user: "{{ zammad_user }}" - -- name: "elastic | Konfiguriere Datei-Erweiterungen" - shell: - cmd: rbenv exec bundle exec rails r "Setting.set('es_attachment_ignore', [ '.png', '.jpg', '.jpeg', '.mpeg', '.mpg', '.mov', '.bin', '.exe', '.box', '.mbox' ] )" - chdir: "{{ zammad_home }}" - environment: - RAILS_ENV: production - become: true - become_user: "{{ zammad_user }}" - -- name: "elastic | Konfiguriere Datei-Größen" - shell: - cmd: rbenv exec bundle exec rails r "Setting.set('es_attachment_max_size_in_mb', {{ es_attachment_max_size }})" - chdir: "{{ zammad_home }}" - environment: - RAILS_ENV: production - become: true - become_user: "{{ zammad_user }}" - -- name: "elastic | Richte Monit-Überwachung ein" - copy: - src: elasticsearch.monit - dest: /etc/monit/conf-enabled/elasticsearch - notify: reload monit diff --git a/tasks/main.yml b/tasks/main.yml index 2c7874f..e825827 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -37,5 +37,5 @@ - import_tasks: gateway.yml tags: gateway -- import_tasks: elastic.yml - tags: elastic +- import_tasks: opensearch.yml + tags: opensearch diff --git a/tasks/opensearch.yml b/tasks/opensearch.yml new file mode 100644 index 0000000..c546168 --- /dev/null +++ b/tasks/opensearch.yml @@ -0,0 +1,86 @@ +--- +- name: "Opensearch | Füge Schlüssel des Apt-Repositories hinzu" + ansible.builtin.apt_key: + url: "{{ opensearch.apt_key_url }}" + +- name: "Opensearch | Füge Repository hinzu" + ansible.builtin.apt_repository: + repo: "deb {{ opensearch.apt_repo }}" + update_cache: true + +- name: "Opensearch | Installiere deb-Paket" + ansible.builtin.apt: + name: opensearch + +- name: "Opensearch | Installiere Ingest-Plugin" + ansible.builtin.command: + cmd: ./opensearch-plugin install ingest-attachment --batch + chdir: /usr/share/opensearch/bin/ + creates: /usr/share/opensearch/plugins/ingest-attachment + become: true + become_user: opensearch + +- name: "Opensearch | Kopiere Opensearch-Konfiguration" + ansible.builtin.template: + src: opensearch.yml + dest: /etc/opensearch/opensearch.yml + mode: 0644 + +- name: "Opensearch | Starte Opensearch-Dienst" + ansible.builtin.systemd: + name: opensearch + enabled: true + state: started + daemon_reload: true + +- name: "Opensearch | Konfiguriere Dienst-Adresse" + ansible.builtin.shell: + cmd: rbenv exec bundle exec rails r "Setting.set('es_url', 'http://{{ opensearch.network_host }}:{{ opensearch.http_port }}')" + chdir: "{{ zammad_home }}" + environment: + RAILS_ENV: production + become: true + become_user: "{{ zammad_user }}" + +- name: "Opensearch | Konfiguriere Index-Namespacing" + ansible.builtin.shell: + cmd: rbenv exec bundle exec rails r "Setting.set('es_index', Socket.gethostname.downcase + '_zammad')" + chdir: "{{ zammad_home }}" + environment: + RAILS_ENV: production + become: true + become_user: "{{ zammad_user }}" + +- name: "Opensearch | Erstelle Such-Index" + ansible.builtin.shell: + cmd: rbenv exec bundle exec rake zammad:searchindex:rebuild + chdir: "{{ zammad_home }}" + environment: + RAILS_ENV: production + become: true + become_user: "{{ zammad_user }}" + +- name: "Opensearch | Konfiguriere Datei-Erweiterungen" + ansible.builtin.shell: + cmd: rbenv exec bundle exec rails r "Setting.set('es_attachment_ignore', [ '.png', '.jpg', '.jpeg', '.mpeg', '.mpg', '.mov', '.bin', '.exe', '.box', '.mbox' ] )" + chdir: "{{ zammad_home }}" + environment: + RAILS_ENV: production + become: true + become_user: "{{ zammad_user }}" + +- name: "Opensearch | Konfiguriere Datei-Größen" + ansible.builtin.shell: + cmd: rbenv exec bundle exec rails r "Setting.set('es_attachment_max_size_in_mb', {{ opensearch.attachment_max_size }})" + chdir: "{{ zammad_home }}" + environment: + RAILS_ENV: production + become: true + become_user: "{{ zammad_user }}" + +- name: "Opensearch | Richte Monit-Überwachung ein" + ansible.builtin.template: + src: opensearch.monit + dest: /etc/monit/conf-enabled/opensearch + mode: 0644 + notify: reload monit diff --git a/templates/opensearch.monit b/templates/opensearch.monit new file mode 100644 index 0000000..ab5d0af --- /dev/null +++ b/templates/opensearch.monit @@ -0,0 +1,5 @@ +check process opensearch with pidfile /run/opensearch/opensearch.pid + start program = "/usr/sbin/service opensearch start" + stop program = "/usr/sbin/service opensearch stop" + if failed host {{ opensearch.network_host }} port {{ opensearch.http_port }} for 3 cycles then restart + if 5 restarts within 5 cycles then timeout diff --git a/templates/opensearch.yml b/templates/opensearch.yml new file mode 100644 index 0000000..f302478 --- /dev/null +++ b/templates/opensearch.yml @@ -0,0 +1,11 @@ +# {{ ansible_managed }} + +path.data: /var/lib/opensearch +path.logs: /var/log/opensearch + +network.host: {{ opensearch.network_host }} +http.port: {{ opensearch.http_port }} +discovery.type: single-node + +compatibility.override_main_response_version: true +plugins.security.disabled: true