Playbook for elasticsearch cluster deployment using ansible with ssl transport enabled.
Tested on ansible 2.8.1, python version = 3.6.8
Deployment steps:
-
Install required roles:
$ ansible-galaxy install -r requirements.yml -
Copy and change
inventory.sample.ymlfile:$ cp inventory.sample.yml inventory.yml -
Deploy elasticsearch master servers:
$ ansible-playbook -i inventory.yml pb.es-master.yml -
Deploy elasticsearch data servers:
$ ansible-playbook -i inventory.yml pb.es-data.yml -
Credentials are created in new directory called
./credentialswhile deploying. -
Generate ssl certificates.
Now elasticsearch should start successful but after first restart it will fail because x-pack security feature is enabled but ssl transport is not configured which is required starting from basic license.
Note: at the moment the used elasticsearch role does not provide any way to generate and use ssl certificates automatically, that's why we should do in manually.
See the "Transport TLS/SSL encryption" part in Elasticsearch Security: Configure TLS/SSL & PKI Authentication for details.
-
Next, you should create local
./certsdirectory and copy newly createdelastic-certificates.p12andelastic-stack-ca.p12files into it. -
After that, stop all your elasticsearch nodes by running:
Note: check that all_nodes variable is configured properly in
inventory.ymlfile.$ ansible-playbook -i inventory.yml pb.es-stop.yml -
Copy certificates from local directory to all elasticsearch nodes:
$ ansible-playbook -i inventory.yml pb.es-cp-certs.yml -
Enable ssl transport:
$ ansible-playbook -i inventory.yml pb.es-enable-ssl.yml -
Now when the configuration is done, start your elasticsearch nodes.
Note: Here could be some transport issues. I've solved them by starting master nodes one by one, and after that I've started all data nodes by manipulating inventory file and running:
$ ansible-playbook -i inventory.yml pb.es-start.yml
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent