Add .deb and .rpm Installation and make .tar Installation the Fallback

Jostrus · Jostrus · commit e9b94cb5c6ab · 2024-05-16T19:20:53.000Z
Split Configuration and Installation into own .yml files
Add variables file for OS Specific Values

Signed-off-by: Johannes Wagner &lt;wagner1.johannes@web.de&gt;
diff --git a/roles/linux/opensearch/handlers/main.yml b/roles/linux/opensearch/handlers/main.yml
@@ -8,3 +8,8 @@
 
 - name: restart opensearch
   ansible.builtin.systemd: name=opensearch state=restarted enabled=yes
+
+
+- name: update repository cache
+  ansible.builtin.apt:
+    update_cache: yes
diff --git a/roles/linux/opensearch/tasks/configuration.yml b/roles/linux/opensearch/tasks/configuration.yml
@@ -0,0 +1,20 @@
+- name: OpenSearch Configuration | Copy Configuration File
+  ansible.builtin.blockinfile:
+    block: "{{ lookup('template', 'templates/opensearch-{{ cluster_type }}.yml') }}"
+    dest: "{{ os_conf_dir }}/opensearch.yml"
+    backup: true
+    state: present
+    create: true
+    marker: "## {mark} opensearch main configuration ##"
+    owner: "{{ os_user }}"
+    group: "{{ os_user }}"
+    mode: 0600
+
+- name: OpenSearch Configuration | Copy jvm.options File for Instance
+  ansible.builtin.template:
+    src: jvm.options
+    dest: "{{ os_conf_dir }}/jvm.options"
+    owner: "{{ os_user }}"
+    group: "{{ os_user }}"
+    mode: 0600
+    force: true
diff --git a/roles/linux/opensearch/tasks/installation.yml b/roles/linux/opensearch/tasks/installation.yml
@@ -0,0 +1,88 @@
+---
+- name: OpenSearch Install | Install from .deb
+  when: ansible_os_family == 'Debian'
+  block:
+    - name: OpenSearch Install | Download GPG Key
+      ansible.builtin.get_url: 
+        url: https://artifacts.opensearch.org/publickeys/opensearch.pgp
+        dest: /tmp/opensearch.pgp
+
+    - name: OpenSearch Install | Install GPG Key
+      ansible.builtin.command: gpg --dearmor --batch --yes -o /usr/share/keyrings/opensearch-keyring /tmp/opensearch.pgp
+
+    - name: OpenSearch Install | Deploy deb repository file
+      ansible.builtin.apt_repository:
+        repo: deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main
+        state: present
+        filename: opensearch-core.list
+      notify: update repository cache
+
+    - name: OpenSearch Install | Flush handlers
+      meta: flush_handlers
+
+    - name: OpenSearch Install | Get installed Packages
+      package_facts:
+        manager: "auto"
+
+    - name: OpenSearch Install | Unhold opensearch
+      ansible.builtin.dpkg_selections:
+        name: opensearch
+        selection: install
+      when: "'opensearch' in ansible_facts.packages"
+
+    - name: OpenSearch Install | Install OpenSearch
+      ansible.builtin.apt:
+        name: opensearch={{ os_version }}
+        state: present
+      environment:
+        OPENSEARCH_INITIAL_ADMIN_PASSWORD: "{{ admin_password }}"
+
+    - name: OpenSearch Install | Hold opensearch
+      ansible.builtin.dpkg_selections:
+        name: opensearch
+        selection: hold
+
+- name: OpenSearch Install | Install from .rpm
+  when: ansible_os_family == 'RedHat'
+  block:
+    - name: OpenSearch Install | Install OpenSearch
+      ansible.builtin.yum:
+        name: https://artifacts.opensearch.org/releases/bundle/opensearch/{{ os_version }}/opensearch-{{ os_version }}-linux-x64.rpm
+        state: present
+        disable_gpg_check: true
+
+
+- name: OpenSearch Install | Install from tar
+  when: ansible_os_family != 'Debian' and ansible_os_family != 'RedHat'
+  block:
+    - name: OpenSearch Install | Download opensearch {{ os_version }}
+      ansible.builtin.get_url:
+        url: "{{ os_download_url }}/{{ os_version }}/opensearch-{{ os_version }}-linux-x64.tar.gz"
+        dest: "/tmp/opensearch.tar.gz"
+      register: download
+
+    - name: OpenSearch Install | Create opensearch user
+      ansible.builtin.user:
+        name: "{{ os_user }}"
+        state: present
+        shell: /bin/false
+        create_home: true
+        home: "{{ os_home }}"
+      when: download.changed or iac_enable
+
+    - name: OpenSearch Install | Create home directory
+      ansible.builtin.file:
+        path: "{{ os_home }}"
+        state: directory
+        owner: "{{ os_user }}"
+        group: "{{ os_user }}"
+      when: download.changed or iac_enable
+
+    - name: OpenSearch Install | Extract the tar file
+      ansible.builtin.command: chdir=/tmp/ tar -xvzf opensearch.tar.gz -C "{{ os_home }}" --strip-components=1
+      when: download.changed or iac_enable
+    
+    - name: OpenSearch Install | create systemd service
+      ansible.builtin.template:
+        src: opensearch.service
+        dest: "{{ systemctl_path }}/opensearch.service"
diff --git a/roles/linux/opensearch/tasks/main.yml b/roles/linux/opensearch/tasks/main.yml
@@ -4,6 +4,14 @@
   ansible.builtin.hostname:
     name: "{{ inventory_hostname }}"
 
+- name: Include Variables for RedHat
+  ansible.builtin.include_vars: RedHat.yml
+  when: ansible_os_family == 'RedHat'
+
+- name: Include Variables for Debian
+  ansible.builtin.include_vars: Debian.yml
+  when: ansible_os_family == 'Debian'
+
 # Disabling for Amazon Linux 2 as selinux is disabled by default.
 - name: Disable the selinux
   ansible.posix.selinux:
@@ -17,7 +25,10 @@
   ansible.builtin.import_tasks: tune.yml
 
 - name: Include opensearch installation
-  ansible.builtin.import_tasks: opensearch.yml
+  ansible.builtin.import_tasks: installation.yml
+
+- name: Include configuration deployment
+  ansible.builtin.import_tasks: configuration.yml
 
 - name: Include security plugin for opensearch
   ansible.builtin.import_tasks: security.yml
diff --git a/roles/linux/opensearch/tasks/opensearch.yml b/roles/linux/opensearch/tasks/opensearch.yml
diff --git a/roles/linux/opensearch/tasks/security.yml b/roles/linux/opensearch/tasks/security.yml
@@ -117,6 +117,8 @@
     src: "/tmp/opensearch-nodecerts/config/{{ item }}"
     dest: "{{ os_conf_dir }}"
     mode: 0600
+    owner: "{{ os_user }}"
+    group: root
   with_items:
     - root-ca.pem
     - root-ca.key
diff --git a/roles/linux/opensearch/tasks/variables.yml b/roles/linux/opensearch/tasks/variables.yml
@@ -0,0 +1,8 @@
+---
+- name: Include Debian-specific variables
+  include_vars: "{{ ansible_distribution }}.yml"
+  when: ansible_os_family == 'Debian'
+
+- name: Include RedHat-specific variables
+  include_vars: "{{ ansible_os_family }}.yml"
+  when: ansible_os_family == 'RedHat'
diff --git a/roles/linux/opensearch/vars/Debian.yml b/roles/linux/opensearch/vars/Debian.yml
@@ -0,0 +1,5 @@
+os_home: /usr/share/opensearch
+os_conf_dir: /etc/opensearch
+os_plugin_bin_path: /usr/share/opensearch/bin/opensearch-plugin
+os_sec_plugin_conf_path: /etc/opensearch
+os_sec_plugin_tools_path: /usr/share/opensearch/plugins/opensearch-security/tools
diff --git a/roles/linux/opensearch/vars/RedHat.yml b/roles/linux/opensearch/vars/RedHat.yml
@@ -0,0 +1,5 @@
+os_home: /usr/share/opensearch
+os_conf_dir: /etc/opensearch
+os_plugin_bin_path: /usr/share/opensearch/bin/opensearch-plugin
+os_sec_plugin_conf_path: /etc/opensearch
+os_sec_plugin_tools_path: /usr/share/opensearch/plugins/opensearch-security/tools
