diff --git a/README.md b/README.md index 14a36df5..dd151086 100644 --- a/README.md +++ b/README.md @@ -125,7 +125,7 @@ There are some comments in the Playbook. Either fill them with the correct value ### Inventory -_Note_: The roles rely on hardcoded group names for placing services on hosts. Please make sure you have groups named `elasticsearch`, `logstash` and `kibana` in your Ansible inventory. Hosts in these groups will get the respective services. Just restricting your plays to the appropriate hosts will not work because the roles interact with hosts from other groups e.g. for certificate generation. +_Note_: The roles rely on group names for placing services on hosts. Please make sure you have group names defined: `elasticstack_elasticsearch_group_name` (default: `elasticsearch`), `elasticstack_logstash_group_name` (default: `logstash`) and `elasticstack_kibana_group_name` (default: `kibana`) that will match your desired setup in your Ansible inventory. Hosts in these groups will get the respective services. Just restricting your plays to the appropriate hosts will not work because the roles interact with hosts from other groups e.g. for certificate generation. The execution order of the roles is important! (see below) diff --git a/molecule/elasticsearch_no-security/converge.yml b/molecule/elasticsearch_no-security/converge.yml index 379a32e9..b8fd37cc 100644 --- a/molecule/elasticsearch_no-security/converge.yml +++ b/molecule/elasticsearch_no-security/converge.yml @@ -13,6 +13,7 @@ elasticsearch_heap: "1" elasticstack_release: 7 elasticstack_no_log: false + elasticstack_elasticsearch_group_name: elasticsearchXYZ tasks: - name: Include Elastics repos role ansible.builtin.include_role: diff --git a/molecule/elasticsearch_no-security/molecule.yml b/molecule/elasticsearch_no-security/molecule.yml index 8b08e708..d36a077a 100644 --- a/molecule/elasticsearch_no-security/molecule.yml +++ b/molecule/elasticsearch_no-security/molecule.yml @@ -8,7 +8,7 @@ driver: platforms: - name: elasticsearch-nosecurity1 groups: - - elasticsearch + - elasticsearchXYZ image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: @@ -18,7 +18,7 @@ platforms: pre_build_image: true - name: elasticsearch-nosecurity2 groups: - - elasticsearch + - elasticsearchXYZ image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: diff --git a/molecule/elasticsearch_no-security/verify.yml b/molecule/elasticsearch_no-security/verify.yml index 90cdacae..601be29f 100644 --- a/molecule/elasticsearch_no-security/verify.yml +++ b/molecule/elasticsearch_no-security/verify.yml @@ -5,6 +5,7 @@ hosts: all vars: elasticstack_elasticsearch_http_port: 9200 + elasticstack_elasticsearch_group_name: elasticsearchXYZ tasks: # Remember, this is the no-security scenario. So no https @@ -19,7 +20,7 @@ until: result.json.status == "green" retries: 6 delay: 10 - when: groups['elasticsearch'] | length > 1 + when: groups[elasticstack_elasticsearch_group_name] | length > 1 - name: Node check ansible.builtin.uri: @@ -29,7 +30,7 @@ status_code: 200 validate_certs: false register: nodes - when: groups['elasticsearch'] | length > 1 + when: groups[elasticstack_elasticsearch_group_name] | length > 1 - name: Check if all Nodes see each other ansible.builtin.assert: @@ -38,4 +39,4 @@ fail_msg: "'{{ item }}' was not found in nodes.content" success_msg: "'{{ item }}' was found in nodes.content" with_inventory_hostnames: all - when: groups['elasticsearch'] | length > 1 + when: groups[elasticstack_elasticsearch_group_name] | length > 1 diff --git a/molecule/elasticstack_default/verify.yml b/molecule/elasticstack_default/verify.yml index 110673d4..7c2b570b 100644 --- a/molecule/elasticstack_default/verify.yml +++ b/molecule/elasticstack_default/verify.yml @@ -5,6 +5,7 @@ vars: elasticstack_elasticsearch_http_port: 9200 elasticstack_initial_passwords: /usr/share/elasticsearch/initial_passwords + elasticstack_elasticsearch_group_name: elasticsearch tasks: - name: Run Logstash syntax check @@ -22,7 +23,7 @@ - name: Set elasticsearch_ca variable if not already done by user ansible.builtin.set_fact: - elasticsearch_ca: "{{ groups['elasticsearch'][0] }}" + elasticsearch_ca: "{{ groups[elasticstack_elasticsearch_group_name][0] }}" when: elasticsearch_ca is undefined - name: fetch Elastic password @@ -42,22 +43,22 @@ sort -n | tail -1 register: logstash_count - when: "'elasticsearch' in group_names" + when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names" - name: Show full output ansible.builtin.debug: var: logstash_count - when: "'elasticsearch' in group_names" + when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names" - name: Fail when logstash index is empty ansible.builtin.fail: msg: "Logstash Index is empty" - when: "'elasticsearch' in group_names and logstash_count.stdout == 0" + when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names and logstash_count.stdout == 0" - name: Show number of received events ansible.builtin.debug: msg: "Elasticsearch received {{ logstash_count.stdout }} events so far" - when: "'elasticsearch' in group_names" + when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names" - name: Run Kibana checks when: "'kibana' in group_names" @@ -112,7 +113,7 @@ until: result.json.status == "green" retries: 6 delay: 10 - when: groups['elasticsearch'] | length > 1 + when: groups[elasticstack_elasticsearch_group_name] | length > 1 - name: Elasticsearch Node check ansible.builtin.uri: @@ -125,7 +126,7 @@ status_code: 200 validate_certs: false register: nodes - when: groups['elasticsearch'] | length > 1 + when: groups[elasticstack_elasticsearch_group_name] | length > 1 - name: Check if all Nodes see each other ansible.builtin.assert: @@ -134,5 +135,5 @@ fail_msg: "'{{ item }}' was not found in nodes.content" success_msg: "'{{ item }}' was found in nodes.content" with_inventory_hostnames: all - when: groups['elasticsearch'] | length > 1 + when: groups[elasticstack_elasticsearch_group_name] | length > 1 diff --git a/molecule/logstash_full_stack-oss/verify.yml b/molecule/logstash_full_stack-oss/verify.yml index 557b63b9..f4888fa6 100644 --- a/molecule/logstash_full_stack-oss/verify.yml +++ b/molecule/logstash_full_stack-oss/verify.yml @@ -25,16 +25,16 @@ sort -n | tail -1 register: logstash_count - when: "'elasticsearch' in group_names" + when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names" - name: Show full output ansible.builtin.debug: var: logstash_count - when: "'elasticsearch' in group_names" + when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names" - name: Fail when logstash is empty ansible.builtin.fail: msg: "Logstash Index is empty" - when: "'elasticsearch' in group_names and logstash_count.stdout == 0" + when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names and logstash_count.stdout == 0" - name: Show number of received events ansible.builtin.debug: msg: "Elasticsearch received {{ logstash_count.stdout }} events so far" - when: "'elasticsearch' in group_names" + when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names" diff --git a/roles/beats/defaults/main.yml b/roles/beats/defaults/main.yml index 5708617b..490eb610 100644 --- a/roles/beats/defaults/main.yml +++ b/roles/beats/defaults/main.yml @@ -63,6 +63,9 @@ elasticstack_full_stack: true elasticstack_variant: elastic elasticstack_security: true +elasticstack_elasticsearch_group_name: elasticsearch +elasticstack_logstash_group_name: logstash + elasticstack_ca_dir: /opt/es-ca elasticstack_ca_pass: PleaseChangeMe elasticstack_initial_passwords: /usr/share/elasticsearch/initial_passwords diff --git a/roles/beats/tasks/main.yml b/roles/beats/tasks/main.yml index cce08b9e..1a5d1c6d 100644 --- a/roles/beats/tasks/main.yml +++ b/roles/beats/tasks/main.yml @@ -27,11 +27,11 @@ - name: Set elasticstack_ca variable if not already done by user ansible.builtin.set_fact: - elasticstack_ca: "{{ groups['elasticsearch'][0] }}" + elasticstack_ca: "{{ groups[elasticstack_elasticsearch_group_name][0] }}" when: - beats_security | bool - elasticstack_ca is undefined - - groups['elasticsearch'] is defined + - groups[elasticstack_elasticsearch_group_name] is defined tags: - certificates - renew_ca diff --git a/roles/beats/templates/auditbeat.yml.j2 b/roles/beats/templates/auditbeat.yml.j2 index 3a72c505..3cf82f22 100644 --- a/roles/beats/templates/auditbeat.yml.j2 +++ b/roles/beats/templates/auditbeat.yml.j2 @@ -33,7 +33,7 @@ setup.kibana: output.elasticsearch: {% if elasticsearch_http_security | bool %} {% if elasticstack_full_stack | bool %} - hosts: [ {% for host in groups['elasticsearch'] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] + hosts: [ {% for host in groups[elasticstack_elasticsearch_group_name] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% else %} hosts: [ {% for host in beats_target_hosts %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% endif %} @@ -44,7 +44,7 @@ output.elasticsearch: ssl.certificate_authorities: ["/etc/beats/certs/ca.crt"] {% else %} {% if elasticstack_full_stack | bool %} - hosts: [ {% for host in groups['elasticsearch'] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] + hosts: [ {% for host in groups[elasticstack_elasticsearch_group_name] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% else %} hosts: [ {% for host in beats_target_hosts %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% endif %} @@ -53,7 +53,7 @@ output.elasticsearch: {% if beats_auditbeat_output == "logstash" %} output.logstash: {% if elasticstack_full_stack | bool %} - hosts: [ {% for host in groups['logstash'] %}"{{ host }}:{{ elasticstack_beats_port }}"{% if not loop.last %},{% endif %}{% endfor %}] + hosts: [ {% for host in groups[elasticstack_logstash_group_name] %}"{{ host }}:{{ elasticstack_beats_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% else %} hosts: [ {% for host in beats_target_hosts %}"{{ host }}:{{ elasticstack_beats_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% endif %} diff --git a/roles/beats/templates/filebeat.yml.j2 b/roles/beats/templates/filebeat.yml.j2 index 83591245..bf9baaa3 100644 --- a/roles/beats/templates/filebeat.yml.j2 +++ b/roles/beats/templates/filebeat.yml.j2 @@ -108,7 +108,7 @@ setup.kibana: output.elasticsearch: {% if beats_security | bool %} {% if elasticstack_full_stack | bool %} - hosts: [ {% for host in groups['elasticsearch'] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] + hosts: [ {% for host in groups[elasticstack_elasticsearch_group_name] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% else %} hosts: [ {% for host in beats_target_hosts %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% endif %} @@ -119,7 +119,7 @@ output.elasticsearch: ssl.certificate_authorities: ["/etc/beats/certs/ca.crt"] {% else %} {% if elasticstack_full_stack | bool %} - hosts: [ {% for host in groups['elasticsearch'] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] + hosts: [ {% for host in groups[elasticstack_elasticsearch_group_name] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% else %} hosts: [ {% for host in beats_target_hosts %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% endif %} @@ -128,7 +128,7 @@ output.elasticsearch: {% if beats_filebeat_output == "logstash" %} output.logstash: {% if elasticstack_full_stack | bool %} - hosts: [ {% for host in groups['logstash'] %}"{{ host }}:{{ elasticstack_beats_port }}"{% if not loop.last %},{% endif %}{% endfor %}] + hosts: [ {% for host in groups[elasticstack_logstash_group_name] %}"{{ host }}:{{ elasticstack_beats_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% else %} hosts: [ {% for host in beats_target_hosts %}"{{ host }}:{{ elasticstack_beats_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% endif %} diff --git a/roles/beats/templates/metricbeat.yml.j2 b/roles/beats/templates/metricbeat.yml.j2 index 86186f35..138eecf7 100644 --- a/roles/beats/templates/metricbeat.yml.j2 +++ b/roles/beats/templates/metricbeat.yml.j2 @@ -10,7 +10,7 @@ setup.kibana: output.elasticsearch: {% if elasticsearch_http_security | bool %} {% if elasticstack_full_stack | bool %} - hosts: [ {% for host in groups['elasticsearch'] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] + hosts: [ {% for host in groups[elasticstack_elasticsearch_group_name] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% else %} hosts: [ {% for host in beats_target_hosts %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% endif %} @@ -21,7 +21,7 @@ output.elasticsearch: ssl.certificate_authorities: ["/etc/beats/certs/ca.crt"] {% else %} {% if elasticstack_full_stack | bool %} - hosts: [ {% for host in groups['elasticsearch'] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] + hosts: [ {% for host in groups[elasticstack_elasticsearch_group_name] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% else %} hosts: [ {% for host in beats_target_hosts %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% endif %} @@ -30,7 +30,7 @@ output.elasticsearch: {% if beats_metricbeat_output == "logstash" %} output.logstash: {% if elasticstack_full_stack | bool %} - hosts: [ {% for host in groups['logstash'] %}"{{ host }}:{{ elasticstack_beats_port }}"{% if not loop.last %},{% endif %}{% endfor %}] + hosts: [ {% for host in groups[elasticstack_logstash_group_name] %}"{{ host }}:{{ elasticstack_beats_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% else %} hosts: [ {% for host in beats_target_hosts %}"{{ host }}:{{ elasticstack_beats_port }}"{% if not loop.last %},{% endif %}{% endfor %}] {% endif %} diff --git a/roles/elasticsearch/defaults/main.yml b/roles/elasticsearch/defaults/main.yml index c35cb0de..6f6fd505 100644 --- a/roles/elasticsearch/defaults/main.yml +++ b/roles/elasticsearch/defaults/main.yml @@ -63,3 +63,7 @@ elasticstack_full_stack: true elasticstack_variant: elastic elasticstack_elasticsearch_http_port: 9200 elasticstack_no_log: true + +elasticstack_elasticsearch_group_name: elasticsearch +elasticstack_logstash_group_name: logstash +elasticstack_kibana_group_name: kibana diff --git a/roles/elasticsearch/handlers/main.yml b/roles/elasticsearch/handlers/main.yml index ff3b5ab5..78169736 100644 --- a/roles/elasticsearch/handlers/main.yml +++ b/roles/elasticsearch/handlers/main.yml @@ -12,9 +12,10 @@ - name: Restart kibana if available for elasticsearch certificates ansible.builtin.include_tasks: handlers/restart_kibana.yml - with_items: "{{ groups['kibana'] }}" + with_items: "{{ groups[elasticstack_kibana_group_name] }}" when: - elasticstack_full_stack: true - "not 'renew_ca' in ansible_run_tags" - "not elasticstack_ca_will_expire_soon | bool" - - groups['kibana'] is defined + - elasticstack_kibana_group_name is defined + - groups[elasticstack_kibana_group_name] is defined diff --git a/roles/elasticsearch/tasks/elasticsearch-security.yml b/roles/elasticsearch/tasks/elasticsearch-security.yml index c43b6249..e86e4cab 100644 --- a/roles/elasticsearch/tasks/elasticsearch-security.yml +++ b/roles/elasticsearch/tasks/elasticsearch-security.yml @@ -14,7 +14,7 @@ - name: Set elasticstack_ca variable if not already done by user ansible.builtin.set_fact: - elasticstack_ca: "{{ groups['elasticsearch'][0] }}" + elasticstack_ca: "{{ groups[elasticstack_elasticsearch_group_name][0] }}" when: elasticstack_ca is undefined tags: - certificates @@ -61,11 +61,12 @@ ansible.builtin.service: name: logstash state: stopped - with_items: "{{ groups['logstash'] }}" + with_items: "{{ groups[elasticstack_logstash_group_name] }}" delegate_to: "{{ item }}" when: - "'renew_ca' in ansible_run_tags or elasticstack_ca_will_expire_soon | bool" - - groups['logstash'] is defined + - elasticstack_logstash_group_name is defined + - groups[elasticstack_logstash_group_name] is defined - name: Backup ca directory on elasticsearch ca host then remove when: (inventory_hostname == elasticstack_ca) and ('renew_ca' in "ansible_run_tags" or elasticstack_ca_will_expire_soon | bool) @@ -267,7 +268,7 @@ --dns {{ hostvars[item].ansible_hostname }},{{ hostvars[item].ansible_fqdn }},{{ hostvars[item].inventory_hostname }} --pass {{ elasticsearch_tls_key_passphrase }} --out {{ elasticstack_ca_dir }}/{{ hostvars[item].ansible_hostname }}.p12 - loop: "{{ groups['elasticsearch'] }}" + loop: "{{ groups[elasticstack_elasticsearch_group_name] }}" no_log: "{{ elasticstack_no_log }}" args: creates: "{{ elasticstack_ca_dir }}/{{ hostvars[item].ansible_hostname }}.p12" @@ -356,7 +357,7 @@ - name: Wait for all instances to start ansible.builtin.include_tasks: wait_for_instance.yml - loop: "{{ groups['elasticsearch'] }}" + loop: "{{ groups[elasticstack_elasticsearch_group_name] }}" - name: Restart if Elasticsearch was already running when: @@ -372,7 +373,7 @@ - name: Wait for all instances to start ansible.builtin.include_tasks: wait_for_instance.yml - loop: "{{ groups['elasticsearch'] }}" + loop: "{{ groups[elasticstack_elasticsearch_group_name] }}" tags: - certificates - renew_ca @@ -400,7 +401,7 @@ no_log: "{{ elasticstack_no_log }}" when: - not elasticsearch_passwords_file.stat.exists | bool - - groups['elasticsearch'] | length > 1 + - groups[elasticstack_elasticsearch_group_name] | length > 1 until: elasticsearch_api_status_bootstrap.json.cluster_name is defined retries: 5 delay: 10 @@ -419,7 +420,7 @@ no_log: "{{ elasticstack_no_log }}" when: - not elasticsearch_passwords_file.stat.exists | bool - - groups['elasticsearch'] | length > 1 + - groups[elasticstack_elasticsearch_group_name] | length > 1 until: elasticsearch_cluster_status_bootstrap.json.status == "green" retries: 5 delay: 10 @@ -446,7 +447,7 @@ no_log: "{{ elasticstack_no_log }}" when: - elasticsearch_passwords_file.stat.exists | bool - - groups['elasticsearch'] | length > 1 + - groups[elasticstack_elasticsearch_group_name] | length > 1 until: elasticsearch_api_status.json.cluster_name is defined retries: 20 delay: 10 @@ -497,7 +498,7 @@ no_log: "{{ elasticstack_no_log }}" when: - elasticsearch_passwords_file.stat.exists | bool - - groups['elasticsearch'] | length > 1 + - groups[elasticstack_elasticsearch_group_name] | length > 1 until: elasticsearch_cluster_status.json.status == "green" retries: 20 delay: 10 diff --git a/roles/elasticsearch/templates/elasticsearch.yml.j2 b/roles/elasticsearch/templates/elasticsearch.yml.j2 index 4f4aa8aa..8382f97c 100644 --- a/roles/elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elasticsearch/templates/elasticsearch.yml.j2 @@ -26,7 +26,7 @@ http.publish_port: {{ elasticsearch_http_publish_port }} node.roles: [ {% for type in elasticsearch_node_types %}{{ type }}{% if not loop.last %}, {% endif %}{% endfor %} ] {% endif %} -{% if elasticstack_release | int > 7 and groups['elasticsearch'] | length == 1 %} +{% if elasticstack_release | int > 7 and groups[elasticstack_elasticsearch_group_name] | length == 1 %} discovery.type: single-node {% endif %} @@ -34,20 +34,20 @@ discovery.type: single-node {% if elasticsearch_seed_hosts is defined %} discovery.seed_hosts: {{ elasticsearch_seed_hosts }} {% else %} -{% if elasticstack_release | int < 8 or groups['elasticsearch'] | length > 1 %} -discovery.seed_hosts: [ {% for host in groups['elasticsearch'] %} +{% if elasticstack_release | int < 8 or groups[elasticstack_elasticsearch_group_name] | length > 1 %} +discovery.seed_hosts: [ {% for host in groups[elasticstack_elasticsearch_group_name] %} "{{ hostvars[host].ansible_default_ipv4.address | default(hostvars[host].ansible_all_ipv4_addresses[0]) }}"{% if not loop.last %},{% endif %} {% endfor %} ] {% endif %} {% endif %} -{% if not elaticsearch_cluster_set_up | bool and groups['elasticsearch'] | length > 1 %} +{% if not elaticsearch_cluster_set_up | bool and groups[elasticstack_elasticsearch_group_name] | length > 1 %} {% if elasticsearch_node_types is defined %} cluster.initial_master_nodes: [ {% for host in groups['elasticsearch_role_master'] %} "{{ hostvars[host].ansible_hostname }}"{% if not loop.last %},{% endif %} {% endfor %} ] {% else %} -cluster.initial_master_nodes: [ {% for host in groups['elasticsearch'] %} +cluster.initial_master_nodes: [ {% for host in groups[elasticstack_elasticsearch_group_name] %} "{{ hostvars[host].ansible_hostname }}"{% if not loop.last %},{% endif %} {% endfor %} ] {% endif %} diff --git a/roles/elasticsearch/templates/instances.j2 b/roles/elasticsearch/templates/instances.j2 index bf7718d1..226f81a4 100644 --- a/roles/elasticsearch/templates/instances.j2 +++ b/roles/elasticsearch/templates/instances.j2 @@ -1,5 +1,5 @@ instances: -{% for host in groups['elasticsearch'] %} +{% for host in groups[elasticstack_elasticsearch_group_name] %} - name: "{{ host }}" ip: - "{{ hostvars[host].ansible_default_ipv4.address | default(hostvars[host].ansible_all_ipv4_addresses[0]) }}" diff --git a/roles/kibana/defaults/main.yml b/roles/kibana/defaults/main.yml index 7aa06f7b..b29b707a 100644 --- a/roles/kibana/defaults/main.yml +++ b/roles/kibana/defaults/main.yml @@ -28,3 +28,5 @@ elasticstack_variant: elastic elasticstack_elasticsearch_http_port: 9200 elasticstack_kibana_port: 5601 elasticstack_no_log: true + +elasticstack_elasticsearch_group_name: elasticsearch diff --git a/roles/kibana/tasks/kibana-security.yml b/roles/kibana/tasks/kibana-security.yml index 4bb14fbd..77f53bdb 100644 --- a/roles/kibana/tasks/kibana-security.yml +++ b/roles/kibana/tasks/kibana-security.yml @@ -13,10 +13,10 @@ - name: Set elasticstack_ca variable if not already done by user ansible.builtin.set_fact: - elasticstack_ca: "{{ groups['elasticsearch'][0] }}" + elasticstack_ca: "{{ groups[elasticstack_elasticsearch_group_name][0] }}" when: - elasticstack_ca is undefined - - groups['elasticsearch'] is defined + - groups[elasticstack_elasticsearch_group_name] is defined tags: - certificates - renew_ca diff --git a/roles/kibana/tasks/main.yml b/roles/kibana/tasks/main.yml index 9b061774..80dba32b 100644 --- a/roles/kibana/tasks/main.yml +++ b/roles/kibana/tasks/main.yml @@ -21,10 +21,10 @@ - name: Set Elasticsearch hosts if used with other roles ansible.builtin.set_fact: - kibana_elasticsearch_hosts: "{{ groups['elasticsearch'] }}" + kibana_elasticsearch_hosts: "{{ groups[elasticstack_elasticsearch_group_name] }}" when: - kibana_elasticsearch_hosts is undefined - - groups['elasticsearch'] is defined + - groups[elasticstack_elasticsearch_group_name] is defined - name: Set Elasticsearch hosts to localhost if no other info is available ansible.builtin.set_fact: @@ -32,7 +32,7 @@ - localhost when: - kibana_elasticsearch_hosts is undefined - - groups['elasticsearch'] is undefined + - groups[elasticstack_elasticsearch_group_name] is undefined - name: Construct exact name of Kibana package ansible.builtin.set_fact: diff --git a/roles/logstash/defaults/main.yml b/roles/logstash/defaults/main.yml index 1941e792..f510d5b4 100644 --- a/roles/logstash/defaults/main.yml +++ b/roles/logstash/defaults/main.yml @@ -91,6 +91,8 @@ elasticstack_security: true elasticstack_elasticsearch_http_port: 9200 elasticstack_beats_port: 5044 +elasticstack_elasticsearch_group_name: elasticsearch + # Variables for debugging and development elasticstack_override_beats_tls: false diff --git a/roles/logstash/tasks/logstash-security.yml b/roles/logstash/tasks/logstash-security.yml index 5a93e9d9..777f18bc 100644 --- a/roles/logstash/tasks/logstash-security.yml +++ b/roles/logstash/tasks/logstash-security.yml @@ -13,10 +13,10 @@ - name: Set elasticstack_ca variable if not already done by user ansible.builtin.set_fact: - elasticstack_ca: "{{ groups['elasticsearch'][0] }}" + elasticstack_ca: "{{ groups[elasticstack_elasticsearch_group_name][0] }}" when: - elasticstack_ca is undefined - - groups['elasticsearch'] is defined + - groups[elasticstack_elasticsearch_group_name] is defined tags: - certificates - configuration diff --git a/roles/logstash/tasks/main.yml b/roles/logstash/tasks/main.yml index f33ca617..39425258 100644 --- a/roles/logstash/tasks/main.yml +++ b/roles/logstash/tasks/main.yml @@ -20,10 +20,10 @@ - name: Set Elasticsearch hosts if used with other roles ansible.builtin.set_fact: - logstash_elasticsearch: "{{ groups['elasticsearch'] }}" + logstash_elasticsearch: "{{ groups[elasticstack_elasticsearch_group_name] }}" when: - logstash_elasticsearch is undefined - - groups['elasticsearch'] is defined + - groups[elasticstack_elasticsearch_group_name] is defined tags: - configuration - logstash_configuration @@ -41,7 +41,7 @@ - localhost when: - logstash_elasticsearch is undefined - - groups['elasticsearch'] is undefined + - groups[elasticstack_elasticsearch_group_name] is undefined tags: - configuration - logstash_configuration diff --git a/roles/repos/defaults/main.yml b/roles/repos/defaults/main.yml index c7a63813..dae1b1b9 100644 --- a/roles/repos/defaults/main.yml +++ b/roles/repos/defaults/main.yml @@ -9,3 +9,5 @@ elasticstack_rpm_workaround: false elasticstack_enable_repos: true elasticstack_no_log: true + +elasticstack_elasticsearch_group_name: elasticsearch