make elasticsearch group name configurable (#305)

For my setup I need multiple `single-node` instances, and here I get
into trouble with the hard coded group name.
This fixes this limitation for the `elasticsearch` role only.
If it is desired, I can implemented it for all roles ...

---------

Co-authored-by: Klaus Zerwes <[email protected]>

Author: zerwes

README.md

@@ -125,7 +125,7 @@ There are some comments in the Playbook. Either fill them with the correct value
 
 ### Inventory
 
-_Note_: The roles rely on hardcoded group names for placing services on hosts. Please make sure you have groups named `elasticsearch`, `logstash` and `kibana` in your Ansible inventory. Hosts in these groups will get the respective services. Just restricting your plays to the appropriate hosts will not work because the roles interact with hosts from other groups e.g. for certificate generation.
+_Note_: The roles rely on group names for placing services on hosts. Please make sure you have group names defined: `elasticstack_elasticsearch_group_name` (default: `elasticsearch`), `elasticstack_logstash_group_name` (default: `logstash`) and `elasticstack_kibana_group_name` (default: `kibana`) that will match your desired setup in your Ansible inventory. Hosts in these groups will get the respective services. Just restricting your plays to the appropriate hosts will not work because the roles interact with hosts from other groups e.g. for certificate generation.
 
 The execution order of the roles is important! (see below)
 

molecule/elasticsearch_no-security/converge.yml

@@ -13,6 +13,7 @@
     elasticsearch_heap: "1"
     elasticstack_release: 7
     elasticstack_no_log: false
+    elasticstack_elasticsearch_group_name: elasticsearchXYZ
   tasks:
     - name: Include Elastics repos role
       ansible.builtin.include_role:

molecule/elasticsearch_no-security/molecule.yml

@@ -8,7 +8,7 @@ driver:
 platforms:
   - name: elasticsearch-nosecurity1
     groups:
-      - elasticsearch
+      - elasticsearchXYZ
     image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:
@@ -18,7 +18,7 @@ platforms:
     pre_build_image: true
   - name: elasticsearch-nosecurity2
     groups:
-      - elasticsearch
+      - elasticsearchXYZ
     image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:

molecule/elasticsearch_no-security/verify.yml

@@ -5,6 +5,7 @@
   hosts: all
   vars:
     elasticstack_elasticsearch_http_port: 9200
+    elasticstack_elasticsearch_group_name: elasticsearchXYZ
   tasks:
 
 # Remember, this is the no-security scenario. So no https
@@ -19,7 +20,7 @@
       until: result.json.status == "green"
       retries: 6
       delay: 10
-      when: groups['elasticsearch'] | length > 1
+      when: groups[elasticstack_elasticsearch_group_name] | length > 1
 
     - name: Node check
       ansible.builtin.uri:
@@ -29,7 +30,7 @@
         status_code: 200
         validate_certs: false
       register: nodes
-      when: groups['elasticsearch'] | length > 1
+      when: groups[elasticstack_elasticsearch_group_name] | length > 1
 
     - name: Check if all Nodes see each other
       ansible.builtin.assert:
@@ -38,4 +39,4 @@
         fail_msg: "'{{ item }}' was not found in nodes.content"
         success_msg: "'{{ item }}' was found in nodes.content"
       with_inventory_hostnames: all
-      when: groups['elasticsearch'] | length > 1
+      when: groups[elasticstack_elasticsearch_group_name] | length > 1

molecule/elasticstack_default/verify.yml

@@ -5,6 +5,7 @@
   vars:
     elasticstack_elasticsearch_http_port: 9200
     elasticstack_initial_passwords: /usr/share/elasticsearch/initial_passwords
+    elasticstack_elasticsearch_group_name: elasticsearch
   tasks:
 
     - name: Run Logstash syntax check
@@ -22,7 +23,7 @@
 
     - name: Set elasticsearch_ca variable if not already done by user
       ansible.builtin.set_fact:
-        elasticsearch_ca: "{{ groups['elasticsearch'][0] }}"
+        elasticsearch_ca: "{{ groups[elasticstack_elasticsearch_group_name][0] }}"
       when: elasticsearch_ca is undefined
 
     - name: fetch Elastic password
@@ -42,22 +43,22 @@
         sort -n |
         tail -1
       register: logstash_count
-      when: "'elasticsearch' in group_names"
+      when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names"
 
     - name: Show full output
       ansible.builtin.debug:
         var: logstash_count
-      when: "'elasticsearch' in group_names"
+      when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names"
 
     - name: Fail when logstash index is empty
       ansible.builtin.fail:
         msg: "Logstash Index is empty"
-      when: "'elasticsearch' in group_names and logstash_count.stdout == 0"
+      when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names and logstash_count.stdout == 0"
 
     - name: Show number of received events
       ansible.builtin.debug:
         msg: "Elasticsearch received {{ logstash_count.stdout }} events so far"
-      when: "'elasticsearch' in group_names"
+      when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names"
 
     - name: Run Kibana checks
       when: "'kibana' in group_names"
@@ -112,7 +113,7 @@
       until: result.json.status == "green"
       retries: 6
       delay: 10
-      when: groups['elasticsearch'] | length > 1
+      when: groups[elasticstack_elasticsearch_group_name] | length > 1
 
     - name: Elasticsearch Node check
       ansible.builtin.uri:
@@ -125,7 +126,7 @@
         status_code: 200
         validate_certs: false
       register: nodes
-      when: groups['elasticsearch'] | length > 1
+      when: groups[elasticstack_elasticsearch_group_name] | length > 1
 
     - name: Check if all Nodes see each other
       ansible.builtin.assert:
@@ -134,5 +135,5 @@
         fail_msg: "'{{ item }}' was not found in nodes.content"
         success_msg: "'{{ item }}' was found in nodes.content"
       with_inventory_hostnames: all
-      when: groups['elasticsearch'] | length > 1
+      when: groups[elasticstack_elasticsearch_group_name] | length > 1
 

molecule/logstash_full_stack-oss/verify.yml

@@ -25,16 +25,16 @@
       sort -n |
       tail -1
     register: logstash_count
-    when: "'elasticsearch' in group_names"
+    when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names"
   - name: Show full output
     ansible.builtin.debug:
       var: logstash_count
-    when: "'elasticsearch' in group_names"
+    when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names"
   - name: Fail when logstash is empty
     ansible.builtin.fail:
       msg: "Logstash Index is empty"
-    when: "'elasticsearch' in group_names and logstash_count.stdout == 0"
+    when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names and logstash_count.stdout == 0"
   - name: Show number of received events
     ansible.builtin.debug:
       msg: "Elasticsearch received {{ logstash_count.stdout }} events so far"
-    when: "'elasticsearch' in group_names"
+    when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names"

roles/beats/defaults/main.yml

@@ -63,6 +63,9 @@ elasticstack_full_stack: true
 elasticstack_variant: elastic
 elasticstack_security: true
 
+elasticstack_elasticsearch_group_name: elasticsearch
+elasticstack_logstash_group_name: logstash
+
 elasticstack_ca_dir: /opt/es-ca
 elasticstack_ca_pass: PleaseChangeMe
 elasticstack_initial_passwords: /usr/share/elasticsearch/initial_passwords

roles/beats/tasks/main.yml

@@ -27,11 +27,11 @@
 
     - name: Set elasticstack_ca variable if not already done by user
       ansible.builtin.set_fact:
-        elasticstack_ca: "{{ groups['elasticsearch'][0] }}"
+        elasticstack_ca: "{{ groups[elasticstack_elasticsearch_group_name][0] }}"
       when:
         - beats_security | bool
         - elasticstack_ca is undefined
-        - groups['elasticsearch'] is defined
+        - groups[elasticstack_elasticsearch_group_name] is defined
       tags:
         - certificates
         - renew_ca

roles/beats/templates/auditbeat.yml.j2

@@ -33,7 +33,7 @@ setup.kibana:
 output.elasticsearch:
 {% if elasticsearch_http_security | bool %}
 {% if elasticstack_full_stack | bool %}
-  hosts: [ {% for host in groups['elasticsearch'] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
+  hosts: [ {% for host in groups[elasticstack_elasticsearch_group_name] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% else %}
   hosts: [ {% for host in beats_target_hosts %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% endif %}
@@ -44,7 +44,7 @@ output.elasticsearch:
   ssl.certificate_authorities: ["/etc/beats/certs/ca.crt"]
 {% else %}
 {% if elasticstack_full_stack | bool %}
-  hosts: [ {% for host in groups['elasticsearch'] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
+  hosts: [ {% for host in groups[elasticstack_elasticsearch_group_name] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% else %}
   hosts: [ {% for host in beats_target_hosts %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% endif %}
@@ -53,7 +53,7 @@ output.elasticsearch:
 {% if beats_auditbeat_output == "logstash" %}
 output.logstash:
 {% if elasticstack_full_stack | bool %}
-  hosts: [ {% for host in groups['logstash'] %}"{{ host }}:{{ elasticstack_beats_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
+  hosts: [ {% for host in groups[elasticstack_logstash_group_name] %}"{{ host }}:{{ elasticstack_beats_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% else %}
   hosts: [ {% for host in beats_target_hosts %}"{{ host }}:{{ elasticstack_beats_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% endif %}

roles/beats/templates/filebeat.yml.j2

@@ -108,7 +108,7 @@ setup.kibana:
 output.elasticsearch:
 {% if beats_security | bool %}
 {% if elasticstack_full_stack | bool %}
-  hosts: [ {% for host in groups['elasticsearch'] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
+  hosts: [ {% for host in groups[elasticstack_elasticsearch_group_name] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% else %}
   hosts: [ {% for host in beats_target_hosts %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% endif %}
@@ -119,7 +119,7 @@ output.elasticsearch:
   ssl.certificate_authorities: ["/etc/beats/certs/ca.crt"]
 {% else %}
 {% if elasticstack_full_stack | bool %}
-  hosts: [ {% for host in groups['elasticsearch'] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
+  hosts: [ {% for host in groups[elasticstack_elasticsearch_group_name] %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% else %}
   hosts: [ {% for host in beats_target_hosts %}"http://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% endif %}
@@ -128,7 +128,7 @@ output.elasticsearch:
 {% if beats_filebeat_output == "logstash" %}
 output.logstash:
 {% if elasticstack_full_stack | bool %}
-  hosts: [ {% for host in groups['logstash'] %}"{{ host }}:{{ elasticstack_beats_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
+  hosts: [ {% for host in groups[elasticstack_logstash_group_name] %}"{{ host }}:{{ elasticstack_beats_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% else %}
   hosts: [ {% for host in beats_target_hosts %}"{{ host }}:{{ elasticstack_beats_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% endif %}