feat(elasticsearch): add role for single-node deployment using docker containers

update(gitea): bump version to 1.16.8
2022-06-19 16:49:50 +02:00 · 2022-06-19 11:03:11 +02:00
5 changed files with 70 additions and 37 deletions
--- a/roles/elasticsearch/defaults/main.yml
+++ b/roles/elasticsearch/defaults/main.yml
@ -0,0 +1,35 @@
 ---
 elasticsearch_version: 7.10.2
 elasticsearch_base_path: /opt/elasticsearch
 elasticsearch_data_path: "{{ elasticsearch_base_path }}/data"
 elasticsearch_config_cluster_name: elastic
 elasticsearch_config_discovery_type: single-node
 elasticsearch_config_boostrap_memory_lock: true
 elasticsearch_allocated_ram_mb: 512
 elasticsearch_container_image_name: docker.elastic.co/elasticsearch/elasticsearch-oss
 elasticsearch_container_image_tag: ~
 elasticsearch_container_image: >-
  {{ elasticsearch_container_image_name }}:{{ elasticsearch_container_image_tag | default(elasticsearch_version, true) }}
 elasticsearch_container_name: elasticsearch
 elasticsearch_container_env:
  "ES_JAVA_OPTS": "-Xms{{ elasticsearch_allocated_ram_mb }}m -Xmx{{ elasticsearch_allocated_ram_mb }}m"
  "cluster.name": "{{ elasticsearch_config_cluster_name }}"
  "discovery.type": "{{ elasticsearch_config_discovery_type }}"
  "bootstrap.memory_lock": "{{ 'true' if elasticsearch_config_boostrap_memory_lock else 'false' }}"
 elasticsearch_container_user: ~
 elasticsearch_container_ports: ~
 elasticsearch_container_labels:
  version: "{{ elasticsearch_version }}"
 elasticsearch_container_ulimits:
 #  - "memlock:{{ (1.5 * 1024 * elasticsearch_allocated_ram_mb) | int }}:{{ (1.5 * 1024 * elasticsearch_allocated_ram_mb) | int }}"
  - "memlock:-1:-1"
 elasticsearch_container_volumes:
  - "{{ elasticsearch_data_path }}:/usr/share/elasticsearch/data:z"
 elasticsearch_container_networks: ~
 elasticsearch_container_purge_networks: ~
 elasticsearch_container_restart_policy: unless-stopped
--- a/roles/elasticsearch/tasks/main.yml
+++ b/roles/elasticsearch/tasks/main.yml
@ -0,0 +1,32 @@
 ---
 - name: Ensure host directories are present
  file:
    path: "{{ item }}"
    state: directory
    mode: "0777"
  loop:
    - "{{ elasticsearch_base_path }}"
    - "{{ elasticsearch_data_path }}"
 - name: Ensure elastic container image is present
  docker_image:
    name: "{{ elasticsearch_container_image }}"
    state: present
    source: pull
    force_source: "{{ elasticsearch_container_image_tag|default(false, true)|bool }}"
 - name: Ensure elastic container is running
  docker_container:
    name: "{{ elasticsearch_container_name }}"
    image: "{{ elasticsearch_container_image }}"
    env: "{{ elasticsearch_container_env | default(omit, True) }}"
    user: "{{ elasticsearch_container_user | default(omit, True) }}"
    ports: "{{ elasticsearch_container_ports | default(omit, True) }}"
    labels: "{{ elasticsearch_container_labels | default(omit, True) }}"
    volumes: "{{ elasticsearch_container_volumes }}"
    ulimits: "{{ elasticsearch_container_ulimits }}"
    networks: "{{ elasticsearch_container_networks | default(omit, True) }}"
    purge_networks: "{{ elasticsearch_container_purge_networks | default(omit, True) }}"
    restart_policy: "{{ elasticsearch_container_restart_policy }}"
    state: started
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@ -1,6 +1,6 @@
 ---
-gitea_version: "1.16.4"
+gitea_version: "1.16.8"
 gitea_user: git
 gitea_base_path: "/opt/gitea"
 gitea_data_path: "{{ gitea_base_path }}/data"
--- a/roles/restic/tasks/main.yml
+++ b/roles/restic/tasks/main.yml
@ -44,22 +44,14 @@
 - name: Ensure systemd service file for '{{ restic_job_name }}' is templated
  template:
-    dest: "/etc/systemd/system/{{ service.unit_name }}.service"
+    dest: "/etc/systemd/system/{{ restic_systemd_unit_naming_scheme }}.service"
-    src: "{{ service.file }}"
+    src: restic.service.j2
    owner: root
    group: root
    mode: 0640
  notify:
    - reload-systemd
    - trigger-restic
  loop:
    - unit_name: "{{ restic_systemd_unit_naming_scheme }}"
      file: restic.service.j2
    - unit_name: "{{ restic_systemd_unit_naming_scheme }}-unlock"
      file: restic-unlock.service.j2
  loop_control:
    loop_var: service
    label: "{{ service.file }}"
 - name: Ensure systemd service file for '{{ restic_job_name }}' is templated
  template:
@ -74,11 +66,6 @@
 - name: Flush handlers to ensure systemd knows about '{{ restic_job_name }}'
  meta: flush_handlers
 - name: Ensure systemd service for unlocking repository for '{{ restic_job_name }}' is enabled
  systemd:
    name: "{{ restic_systemd_unit_naming_scheme }}-unlock.service"
    enabled: true
 - name: Ensure systemd timer for '{{ restic_job_name }}' is activated
  systemd:
    name: "{{ restic_systemd_unit_naming_scheme }}.timer"
--- a/roles/restic/templates/restic-unlock.service.j2
+++ b/roles/restic/templates/restic-unlock.service.j2
@ -1,21 +0,0 @@
 [Unit]
 Description={{ restic_job_description }} - Unlock after reboot job
 [Service]
 Type=oneshot
 User={{ restic_user }}
 WorkingDirectory={{ restic_systemd_working_directory }}
 SyslogIdentifier={{ restic_systemd_syslog_identifier }}
 Environment=RESTIC_REPOSITORY={{ restic_repo_url }}
 Environment=RESTIC_PASSWORD={{ restic_repo_password }}
 {% if restic_s3_key_id and restic_s3_access_key %}
 Environment=AWS_ACCESS_KEY_ID={{ restic_s3_key_id }}
 Environment=AWS_SECRET_ACCESS_KEY={{ restic_s3_access_key }}
 {% endif %}
 ExecStartPre=-/bin/sh -c '/usr/bin/restic snapshots || /usr/bin/restic init'
 ExecStart=/usr/bin/restic unlock
 [Install]
 WantedBy=multi-user.target
Author	SHA1	Message	Date
Johanna Dorothea Reichmann	ae556a6317	feat(elasticsearch): add role for single-node deployment using docker containers	2022-06-19 16:49:50 +02:00
Johanna Dorothea Reichmann	1417564e1d	update(gitea): bump version to 1.16.8	2022-06-19 11:03:11 +02:00