make elasticsearch group name configurable

Klaus Zerwes · Klaus Zerwes · commit 5c2ee70efa8f · 2024-01-22T11:33:48.000+01:00
diff --git a/README.md b/README.md
@@ -120,7 +120,7 @@ There are some comments in the Playbook. Either fill them with the correct value
 
 ### Inventory
 
-_Note_: The roles rely on hardcoded group names for placing services on hosts. Please make sure you have groups named `elasticsearch`, `logstash` and `kibana` in your Ansible inventory. Hosts in these groups will get the respective services. Just restricting your plays to the appropriate hosts will not work because the roles interact with hosts from other groups e.g. for certificate generation.
+_Note_: The roles rely on hardcoded group names for placing services on hosts. Please make sure you have groups named `elasticsearch` (or define your desired group name using the var `elasticsearch_group_name`), `logstash` and `kibana` in your Ansible inventory. Hosts in these groups will get the respective services. Just restricting your plays to the appropriate hosts will not work because the roles interact with hosts from other groups e.g. for certificate generation.
 
 The execution order of the roles is important! (see below)
 
diff --git a/molecule/elasticsearch_no-security/verify.yml b/molecule/elasticsearch_no-security/verify.yml
@@ -5,6 +5,7 @@
   hosts: all
   vars:
     elasticstack_elasticsearch_http_port: 9200
+    elasticsearch_group_name: elasticsearch
   tasks:
 
 # Remember, this is the no-security scenario. So no https
@@ -19,7 +20,7 @@
       until: result.json.status == "green"
       retries: 6
       delay: 10
-      when: groups['elasticsearch'] | length > 1
+      when: groups[elasticsearch_group_name] | length > 1
 
     - name: Node check
       ansible.builtin.uri:
@@ -29,7 +30,7 @@
         status_code: 200
         validate_certs: false
       register: nodes
-      when: groups['elasticsearch'] | length > 1
+      when: groups[elasticsearch_group_name] | length > 1
 
     - name: Check if all Nodes see each other
       ansible.builtin.assert:
@@ -38,4 +39,4 @@
         fail_msg: "'{{ item }}' was not found in nodes.content"
         success_msg: "'{{ item }}' was found in nodes.content"
       with_inventory_hostnames: all
-      when: groups['elasticsearch'] | length > 1
+      when: groups[elasticsearch_group_name] | length > 1
diff --git a/molecule/elasticstack_default/verify.yml b/molecule/elasticstack_default/verify.yml
@@ -5,6 +5,7 @@
   vars:
     elasticstack_elasticsearch_http_port: 9200
     elasticstack_initial_passwords: /usr/share/elasticsearch/initial_passwords
+    elasticsearch_group_name: elasticsearch
   tasks:
 
     - name: Run Logstash syntax check
@@ -22,7 +23,7 @@
 
     - name: Set elasticsearch_ca variable if not already done by user
       ansible.builtin.set_fact:
-        elasticsearch_ca: "{{ groups['elasticsearch'][0] }}"
+        elasticsearch_ca: "{{ groups[elasticsearch_group_name][0] }}"
       when: elasticsearch_ca is undefined
 
     - name: fetch Elastic password
@@ -42,22 +43,22 @@
         sort -n |
         tail -1
       register: logstash_count
-      when: "'elasticsearch' in group_names"
+      when: "elasticsearch_group_name is defined and elasticsearch_group_name in group_names"
 
     - name: Show full output
       ansible.builtin.debug:
         var: logstash_count
-      when: "'elasticsearch' in group_names"
+      when: "elasticsearch_group_name is defined and elasticsearch_group_name in group_names"
 
     - name: Fail when logstash index is empty
       ansible.builtin.fail:
         msg: "Logstash Index is empty"
-      when: "'elasticsearch' in group_names and logstash_count.stdout == 0"
+      when: "elasticsearch_group_name is defined and elasticsearch_group_name in group_names and logstash_count.stdout == 0"
 
     - name: Show number of received events
       ansible.builtin.debug:
         msg: "Elasticsearch received {{ logstash_count.stdout }} events so far"
-      when: "'elasticsearch' in group_names"
+      when: "elasticsearch_group_name is defined and elasticsearch_group_name in group_names"
 
     - name: Run Kibana checks
       when: "'kibana' in group_names"
@@ -112,7 +113,7 @@
       until: result.json.status == "green"
       retries: 6
       delay: 10
-      when: groups['elasticsearch'] | length > 1
+      when: groups[elasticsearch_group_name] | length > 1
 
     - name: Elasticsearch Node check
       ansible.builtin.uri:
@@ -125,7 +126,7 @@
         status_code: 200
         validate_certs: false
       register: nodes
-      when: groups['elasticsearch'] | length > 1
+      when: groups[elasticsearch_group_name] | length > 1
 
     - name: Check if all Nodes see each other
       ansible.builtin.assert:
@@ -134,5 +135,5 @@
         fail_msg: "'{{ item }}' was not found in nodes.content"
         success_msg: "'{{ item }}' was found in nodes.content"
       with_inventory_hostnames: all
-      when: groups['elasticsearch'] | length > 1
+      when: groups[elasticsearch_group_name] | length > 1
 
diff --git a/molecule/logstash_full_stack-oss/verify.yml b/molecule/logstash_full_stack-oss/verify.yml
@@ -25,16 +25,16 @@
       sort -n |
       tail -1
     register: logstash_count
-    when: "'elasticsearch' in group_names"
+    when: "elasticsearch_group_name is defined and elasticsearch_group_name in group_names"
   - name: Show full output
     ansible.builtin.debug:
       var: logstash_count
-    when: "'elasticsearch' in group_names"
+    when: "elasticsearch_group_name is defined and elasticsearch_group_name in group_names"
   - name: Fail when logstash is empty
     ansible.builtin.fail:
       msg: "Logstash Index is empty"
-    when: "'elasticsearch' in group_names and logstash_count.stdout == 0"
+    when: "elasticsearch_group_name is defined and elasticsearch_group_name in group_names and logstash_count.stdout == 0"
   - name: Show number of received events
     ansible.builtin.debug:
       msg: "Elasticsearch received {{ logstash_count.stdout }} events so far"
-    when: "'elasticsearch' in group_names"
+    when: "elasticsearch_group_name is defined and elasticsearch_group_name in group_names"
diff --git a/roles/beats/defaults/main.yml b/roles/beats/defaults/main.yml
@@ -63,6 +63,8 @@ elasticstack_full_stack: true
 elasticstack_variant: elastic
 elasticstack_security: true
 
+elasticsearch_group_name: elasticsearch
+
 elasticstack_ca_dir: /opt/es-ca
 elasticstack_ca_pass: PleaseChangeMe
 elasticstack_initial_passwords: /usr/share/elasticsearch/initial_passwords
diff --git a/roles/beats/tasks/main.yml b/roles/beats/tasks/main.yml
@@ -27,11 +27,11 @@
 
     - name: Set elasticstack_ca variable if not already done by user
       ansible.builtin.set_fact:
-        elasticstack_ca: "{{ groups['elasticsearch'][0] }}"
+        elasticstack_ca: "{{ groups[elasticsearch_group_name][0] }}"
       when:
         - beats_security | bool
         - elasticstack_ca is undefined
-        - groups['elasticsearch'] is defined
+        - groups[elasticsearch_group_name] is defined
       tags:
         - certificates
         - renew_ca
diff --git a/roles/beats/templates/auditbeat.yml.j2 b/roles/beats/templates/auditbeat.yml.j2
@@ -33,7 +33,7 @@ setup.kibana:
 output.elasticsearch:
 {% if elasticsearch_http_security | bool %}
 {% if elasticstack_full_stack | bool %}
-  hosts: [ {% for host in groups['elasticsearch'] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
+  hosts: [ {% for host in groups[elasticsearch_group_name] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% else %}
   hosts: [ {% for host in beats_target_hosts %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% endif %}
@@ -44,7 +44,7 @@ output.elasticsearch:
   ssl.certificate_authorities: ["/etc/beats/certs/ca.crt"]
 {% else %}
 {% if elasticstack_full_stack | bool %}
-  hosts: [ {% for host in groups['elasticsearch'] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
+  hosts: [ {% for host in groups[elasticsearch_group_name] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% else %}
   hosts: [ {% for host in beats_target_hosts %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% endif %}
diff --git a/roles/beats/templates/filebeat.yml.j2 b/roles/beats/templates/filebeat.yml.j2
@@ -108,7 +108,7 @@ setup.kibana:
 output.elasticsearch:
 {% if beats_security | bool %}
 {% if elasticstack_full_stack | bool %}
-  hosts: [ {% for host in groups['elasticsearch'] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
+  hosts: [ {% for host in groups[elasticsearch_group_name] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% else %}
   hosts: [ {% for host in beats_target_hosts %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% endif %}
@@ -119,7 +119,7 @@ output.elasticsearch:
   ssl.certificate_authorities: ["/etc/beats/certs/ca.crt"]
 {% else %}
 {% if elasticstack_full_stack | bool %}
-  hosts: [ {% for host in groups['elasticsearch'] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
+  hosts: [ {% for host in groups[elasticsearch_group_name] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% else %}
   hosts: [ {% for host in beats_target_hosts %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% endif %}
diff --git a/roles/beats/templates/metricbeat.yml.j2 b/roles/beats/templates/metricbeat.yml.j2
@@ -10,7 +10,7 @@ setup.kibana:
 output.elasticsearch:
 {% if elasticsearch_http_security | bool %}
 {% if elasticstack_full_stack | bool %}
-  hosts: [ {% for host in groups['elasticsearch'] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
+  hosts: [ {% for host in groups[elasticsearch_group_name] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% else %}
   hosts: [ {% for host in beats_target_hosts %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% endif %}
@@ -21,7 +21,7 @@ output.elasticsearch:
   ssl.certificate_authorities: ["/etc/beats/certs/ca.crt"]
 {% else %}
 {% if elasticstack_full_stack | bool %}
-  hosts: [ {% for host in groups['elasticsearch'] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
+  hosts: [ {% for host in groups[elasticsearch_group_name] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% else %}
   hosts: [ {% for host in beats_target_hosts %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% endif %}
diff --git a/roles/elasticsearch/defaults/main.yml b/roles/elasticsearch/defaults/main.yml
@@ -61,3 +61,5 @@ elasticstack_full_stack: true
 elasticstack_variant: elastic
 elasticstack_elasticsearch_http_port: 9200
 elasticstack_no_log: true
+
+elasticsearch_group_name: elasticsearch
diff --git a/roles/elasticsearch/tasks/elasticsearch-security.yml b/roles/elasticsearch/tasks/elasticsearch-security.yml
@@ -14,7 +14,7 @@
 
 - name: Set elasticstack_ca variable if not already done by user
   ansible.builtin.set_fact:
-    elasticstack_ca: "{{ groups['elasticsearch'][0] }}"
+    elasticstack_ca: "{{ groups[elasticsearch_group_name][0] }}"
   when: elasticstack_ca is undefined
   tags:
     - certificates
@@ -267,7 +267,7 @@
         --dns {{ hostvars[item].ansible_hostname }},{{ hostvars[item].ansible_fqdn }},{{ hostvars[item].inventory_hostname }}
         --pass {{ elasticsearch_tls_key_passphrase }}
         --out {{ elasticstack_ca_dir }}/{{ hostvars[item].ansible_hostname }}.p12
-      loop: "{{ groups['elasticsearch'] }}"
+      loop: "{{ groups[elasticsearch_group_name] }}"
       no_log: "{{ elasticstack_no_log }}"
       args:
         creates: "{{ elasticstack_ca_dir }}/{{ hostvars[item].ansible_hostname }}.p12"
@@ -356,7 +356,7 @@
 
 - name: Wait for all instances to start
   ansible.builtin.include_tasks: wait_for_instance.yml
-  loop: "{{ groups['elasticsearch'] }}"
+  loop: "{{ groups[elasticsearch_group_name] }}"
 
 - name: Restart if Elasticsearch was already running
   when:
@@ -372,7 +372,7 @@
 
     - name: Wait for all instances to start
       ansible.builtin.include_tasks: wait_for_instance.yml
-      loop: "{{ groups['elasticsearch'] }}"
+      loop: "{{ groups[elasticsearch_group_name] }}"
       tags:
         - certificates
         - renew_ca
@@ -400,7 +400,7 @@
   no_log: "{{ elasticstack_no_log }}"
   when:
     - not elasticsearch_passwords_file.stat.exists | bool
-    - groups['elasticsearch'] | length > 1
+    - groups[elasticsearch_group_name] | length > 1
   until: elasticsearch_api_status_bootstrap.json.cluster_name is defined
   retries: 5
   delay: 10
@@ -419,7 +419,7 @@
   no_log: "{{ elasticstack_no_log }}"
   when:
     - not elasticsearch_passwords_file.stat.exists | bool
-    - groups['elasticsearch'] | length > 1
+    - groups[elasticsearch_group_name] | length > 1
   until: elasticsearch_cluster_status_bootstrap.json.status == "green"
   retries: 5
   delay: 10
@@ -446,7 +446,7 @@
   no_log: "{{ elasticstack_no_log }}"
   when:
     - elasticsearch_passwords_file.stat.exists | bool
-    - groups['elasticsearch'] | length > 1
+    - groups[elasticsearch_group_name] | length > 1
   until: elasticsearch_api_status.json.cluster_name is defined
   retries: 20
   delay: 10
@@ -497,7 +497,7 @@
   no_log: "{{ elasticstack_no_log }}"
   when:
     - elasticsearch_passwords_file.stat.exists | bool
-    - groups['elasticsearch'] | length > 1
+    - groups[elasticsearch_group_name] | length > 1
   until: elasticsearch_cluster_status.json.status == "green"
   retries: 20
   delay: 10
diff --git a/roles/elasticsearch/templates/elasticsearch.yml.j2 b/roles/elasticsearch/templates/elasticsearch.yml.j2
@@ -18,23 +18,23 @@ http.publish_port: {{ elasticsearch_http_publish_port }}
 node.roles: [ {% for type in elasticsearch_node_types %}{{ type }}{% if not loop.last %}, {% endif %}{% endfor %} ]
 {% endif %}
 
-{% if elasticstack_release | int > 7 and groups['elasticsearch'] | length == 1 %}
+{% if elasticstack_release | int > 7 and groups[elasticsearch_group_name] | length == 1 %}
 discovery.type: single-node
 {% endif %}
 
-{% if elasticstack_release | int < 8 or groups['elasticsearch'] | length > 1 %}
-discovery.seed_hosts: [ {% for host in groups['elasticsearch']  %}
+{% if elasticstack_release | int < 8 or groups[elasticsearch_group_name] | length > 1 %}
+discovery.seed_hosts: [ {% for host in groups[elasticsearch_group_name]  %}
 "{{ hostvars[host].ansible_default_ipv4.address | default(hostvars[host].ansible_all_ipv4_addresses[0]) }}"{% if not loop.last %},{% endif %}
 {% endfor %} ]
 {% endif %}
 
-{% if not elaticsearch_cluster_set_up | bool and groups['elasticsearch'] | length > 1 %}
+{% if not elaticsearch_cluster_set_up | bool and groups[elasticsearch_group_name] | length > 1 %}
 {% if elasticsearch_node_types is defined %}
 cluster.initial_master_nodes: [ {% for host in groups['elasticsearch_role_master']  %}
 "{{ hostvars[host].ansible_hostname }}"{% if not loop.last %},{% endif %}
 {% endfor %} ]
 {% else %}
-cluster.initial_master_nodes: [ {% for host in groups['elasticsearch']  %}
+cluster.initial_master_nodes: [ {% for host in groups[elasticsearch_group_name]  %}
 "{{ hostvars[host].ansible_hostname }}"{% if not loop.last %},{% endif %}
 {% endfor %} ]
 {% endif %}
diff --git a/roles/elasticsearch/templates/instances.j2 b/roles/elasticsearch/templates/instances.j2
@@ -1,5 +1,5 @@
 instances:
-{% for host in groups['elasticsearch']  %}
+{% for host in groups[elasticsearch_group_name]  %}
   - name: "{{ host }}" 
     ip: 
       - "{{ hostvars[host].ansible_default_ipv4.address | default(hostvars[host].ansible_all_ipv4_addresses[0]) }}"
diff --git a/roles/kibana/defaults/main.yml b/roles/kibana/defaults/main.yml
@@ -28,3 +28,5 @@ elasticstack_variant: elastic
 elasticstack_elasticsearch_http_port: 9200
 elasticstack_kibana_port: 5601
 elasticstack_no_log: true
+
+elasticsearch_group_name: elasticsearch
diff --git a/roles/kibana/tasks/kibana-security.yml b/roles/kibana/tasks/kibana-security.yml
@@ -13,10 +13,10 @@
 
 - name: Set elasticstack_ca variable if not already done by user
   ansible.builtin.set_fact:
-    elasticstack_ca: "{{ groups['elasticsearch'][0] }}"
+    elasticstack_ca: "{{ groups[elasticsearch_group_name][0] }}"
   when:
     - elasticstack_ca is undefined
-    - groups['elasticsearch'] is defined
+    - groups[elasticsearch_group_name] is defined
   tags:
     - certificates
     - renew_ca
diff --git a/roles/kibana/tasks/main.yml b/roles/kibana/tasks/main.yml
@@ -21,18 +21,18 @@
 
 - name: Set Elasticsearch hosts if used with other roles
   ansible.builtin.set_fact:
-    kibana_elasticsearch_hosts: "{{ groups['elasticsearch'] }}"
+    kibana_elasticsearch_hosts: "{{ groups[elasticsearch_group_name] }}"
   when:
     - kibana_elasticsearch_hosts is undefined
-    - groups['elasticsearch'] is defined
+    - groups[elasticsearch_group_name] is defined
 
 - name: Set Elasticsearch hosts to localhost if no other info is available
   ansible.builtin.set_fact:
     kibana_elasticsearch_hosts:
       - localhost
   when:
     - kibana_elasticsearch_hosts is undefined
-    - groups['elasticsearch'] is undefined
+    - groups[elasticsearch_group_name] is undefined
 
 - name: Construct exact name of Kibana package
   ansible.builtin.set_fact:
diff --git a/roles/logstash/defaults/main.yml b/roles/logstash/defaults/main.yml
@@ -91,6 +91,8 @@ elasticstack_security: true
 elasticstack_elasticsearch_http_port: 9200
 elasticstack_beats_port: 5044
 
+elasticsearch_group_name: elasticsearch
+
 # Variables for debugging and development
 
 elasticstack_override_beats_tls: false
diff --git a/roles/logstash/tasks/logstash-security.yml b/roles/logstash/tasks/logstash-security.yml
@@ -13,10 +13,10 @@
 
 - name: Set elasticstack_ca variable if not already done by user
   ansible.builtin.set_fact:
-    elasticstack_ca: "{{ groups['elasticsearch'][0] }}"
+    elasticstack_ca: "{{ groups[elasticsearch_group_name][0] }}"
   when:
     - elasticstack_ca is undefined
-    - groups['elasticsearch'] is defined
+    - groups[elasticsearch_group_name] is defined
   tags:
     - certificates
     - configuration
diff --git a/roles/logstash/tasks/main.yml b/roles/logstash/tasks/main.yml
diff --git a/roles/repos/defaults/main.yml b/roles/repos/defaults/main.yml
