ansible playbooks for retailor.io infrastructure

2026-02-14 13:29:17 +00:00 · 2025-03-03 19:33:36 +01:00
commit 92cb10ba27
139 changed files with 33603 additions and 0 deletions
--- a/roles/elasticsearch/tasks/elasticsearch.yml
+++ b/roles/elasticsearch/tasks/elasticsearch.yml
@@ -0,0 +1,46 @@
+---
+- name: Create a Docker network for Elasticsearch
+  docker_network:
+    name: elk_network
+    state: present
+
+- name: Pull Elasticsearch Docker image
+  docker_image:
+    name: docker.elastic.co/elasticsearch/elasticsearch-wolfi:{{ elk_version }}
+    source: pull
+
+- name: Create Elasticsearch configuration file directory on host
+  file:
+    path: /etc/elasticsearch
+    state: directory
+    mode: '0755'
+
+    # - name: Create Elasticsearch configuration file
+    #   template:
+    #     src: elasticsearch.yml.j2
+    #     dest: /etc/elasticsearch/elasticsearch.yml
+
+- name: Start Elasticsearch container
+  docker_container:
+    name: elasticsearch
+    image: docker.elastic.co/elasticsearch/elasticsearch-wolfi:{{ elk_version }}
+    state: started
+    restart: yes
+    restart_policy: unless-stopped
+    published_ports:
+      - "9200:9200"
+    volumes:
+      - /etc/elasticsearch/esdata:/usr/share/elasticsearch/data
+    networks:
+      - name: elk_network
+        ipv4_address: 172.19.0.2
+    env:
+      node.name: elasticsearch
+      cluster.name: retailor-elk
+      discovery.type: single-node
+      bootstrap.memory_lock: "true"
+      # limits elasticsearch to 2 GB of RAM
+      ES_JAVA_OPTS: "-Xms1g -Xmx2g"
+      # disables SSL & xpack security
+      xpack.security.http.ssl.enabled: "false"
+
--- a/roles/elasticsearch/tasks/kibana.yml
+++ b/roles/elasticsearch/tasks/kibana.yml
@@ -0,0 +1,37 @@
+---
+- name: Create a Docker network for Kibana
+  docker_network:
+    name: elk_network
+    state: present
+
+- name: Create kibana directory on host
+  file:
+    path: /etc/kibana
+    state: directory
+    mode: "0755"
+
+- name: Pull Kibana Docker image
+  docker_image:
+    name: docker.elastic.co/kibana/kibana:{{ elk_version }}
+    source: pull
+
+# TODO rember to move CA cert from elastic to Kibana
+# docker cp elasticsearch:/usr/share/elasticsearch/config/certs/http_ca.crt .
+# docker cp http_ca.crt kibana:/usr/share/kibana/config/certs/ca/http_ca.crt
+- name: Start Kibana container
+  docker_container:
+    name: kibana
+    image: docker.elastic.co/kibana/kibana:{{ elk_version }}
+    state: started
+    restart: yes
+    restart_policy: unless-stopped
+    published_ports:
+      - "5601:5601"
+    env:
+      ELASTICSEARCH_HOSTS: "{{ env_vars.ELASTIC_HOSTS }}" 
+      ELASTICSEARCH_USERNAME: kibana_system
+      ELASTICSEARCH_PASSWORD: "{{ env_vars.KIBANA_PASSWORD }}"
+      TELEMETRY_ENABLED: "false"
+    networks:
+      - name: elk_network
+
--- a/roles/elasticsearch/tasks/logstash.yml
+++ b/roles/elasticsearch/tasks/logstash.yml
@@ -0,0 +1,64 @@
+---
+- name: Create a Docker network for Logstash
+  docker_network:
+    name: elk_network
+    state: present
+
+- name: Create logstash directory on host
+  file:
+    path: /etc/logstash
+    state: directory
+    mode: "0755"
+
+- name: Copy logstash config
+  copy:
+    src: templates/pipelines.yml.j2
+    dest: /etc/logstash/pipelines.yml
+
+- name: Create logstash directory on host
+  file:
+    path: /etc/logstash/pipeline
+    state: directory
+    mode: "0755"
+
+- name: Copy logstash input configs
+  copy:
+    src: "{{ item }}"
+    dest: /etc/logstash/pipeline/{{ item | basename | regex_replace('\.j2$', '') }}
+  loop: "{{ query('fileglob', 'templates/logstash-conf.d/*.j2') }}"
+
+- name: Pull Logstash Docker image
+  docker_image:
+    name: docker.elastic.co/logstash/logstash:{{ elk_version }}
+    source: pull
+
+# TODO rember to move CA cert from elastic to Logstash
+# docker cp elasticsearch:/usr/share/elasticsearch/config/certs/http_ca.crt .
+# docker cp http_ca.crt logstash:/usr/share/logstash/config/certs/ca/http_ca.crt
+- name: Start Logstash container
+  docker_container:
+    name: logstash
+    image: docker.elastic.co/logstash/logstash:{{ elk_version }}
+    state: started
+    restart: yes
+    restart_policy: unless-stopped
+    command:
+      - /bin/bash
+      - -c
+      - |
+        echo "Waiting for Elasticsearch availability";
+        until curl -s {{ env_vars.ELASTIC_HOSTS }} | grep -q "missing authentication credentials"; do sleep 1; done;
+        echo "Starting logstash";
+        /usr/share/logstash/bin/logstash
+    published_ports:
+      - "5044-5049:5044-5049"
+    volumes:
+      - /etc/logstash/pipelines.yml:/usr/share/logstash/config/pipelines.yml
+      - /etc/logstash/pipeline:/usr/share/logstash/pipeline
+    env:
+      xpack.monitoring.enabled: "false"
+      ELASTIC_USER: elastic
+      ELASTIC_PASSWORD: "{{ env_vars.ELASTIC_PASSWORD }}"
+      ELASTIC_HOSTS: "{{ env_vars.ELASTIC_HOSTS }}"
+    networks:
+      - name: elk_network
--- a/roles/elasticsearch/tasks/main.yml
+++ b/roles/elasticsearch/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+# ensure we have variables from .env files
+- include_tasks: ../roles/env/tasks/main.yml
+
+- include_tasks: elasticsearch.yml
+- include_tasks: kibana.yml
+- include_tasks: logstash.yml