Ansible role for opendistro

Is anyone working on an ansible role for opendistro? The searchguard role is outdated so would be difficult to use as a base. Not sure how much work would be involved to update ansible-elasticsearch to use opendistro OR xpack.

Any ideas?

I am currently looking into creating an Ansible role for OpenDistro based on the old searchguard role. By the way, the old SG role does not seem to be very far away from what OpenDistro requires for deployment, or maybe I am missing something essential? I will post a link to a github repo as soon as I have something working and ready for an initial commit.

1 Like

The thing is it’s quite far behind the ansible-elasticsearch repo it forked. Otherwise off the top of my head it would be

  • Renaming the SG admin tools and paths
  • Confirming the Java components and tools.jar are available
  • Updating the systemd service template
  • Managing CA and certs (should the role do this?)
  • Ensure the ES OSS package is installed (this happens as a dependency of opendistroforelasticsearch)

My fork of ansible-elasticsearch, very limited beginnings. It’s perhaps a pipe dream I should give up on, but I’d like to support X-Pack and OpenDistro.

1 Like

Created a playbook to maintain Open Distro for ElasticSearch: GitHub - rt711/opendistro-for-elasticsearch-ansible: OpenDistro for ElasticSearch Ansible deployment
Currently deploys the cluster with default passwords but I will change this shortly.
Feedback welcome.

As far as I know the role requirements will change with new Ansible Galaxy version, so maybe I will revisit the separate role idea a bit later.

2 Likes

How does this handle deploying the CA and certificates?

Thank you for the question.
I hopefully add it this week. The playbook you have seen deploys default ones, but I aim for custom certificate deployment. I have couple of ideas how to do it:

  • use Ansible to manage the certs outside the repository: …/certs/
    • this comes first - done /as of 9th May 2019/
  • use Ansible to generate CSR, self sign maybe?
    • second
  • use Ansible with opendistro tooling to generate the certs

Hi All, I am also going to build my opendistro role and would open source it soon as well. I am trying to support xpack as well. I would welcome the collaboration.

Hi @rt711 did you update your Ansible role for the latest Open Distro version 1.2.0? Please submit your Ansible PR at GitHub - opendistro-for-elasticsearch/opendistro-build: 🧰 Open Distro Build Scripts so that we can test and possibly integrate.

Hi @alolitas, I’m in the middle of moving house so there will be some delay, but I will make it work.
It’s actually a playbook and it has a role for the opendistro related configuration, once I make the required changes it shouldn’t be a big effort to convert it to a role.

1 Like

Hi @rt711 Let us know when you’re ready to update the Ansible role to the latest Open Distro version.

Any update on the ansible role for opendistro?

Hi @creativefre we’re in the process of reviewing an Ansible role for Open Distro? Stay tuned. Please watch the GitHub - opendistro-for-elasticsearch/opendistro-build: 🧰 Open Distro Build Scripts repo for updates.