From 2280224d3760d0858666fd4de4aebb45cba13aae Mon Sep 17 00:00:00 2001 From: Sheppy Date: Sat, 23 Nov 2024 16:49:59 +0000 Subject: [PATCH] add: basic openvpn node setup --- group_vars/all.yaml | 8 +++++ group_vars/kube1.yaml | 6 ++++ roles/opensearch/tasks/main.yaml | 4 +++ roles/opensearch/tasks/opensearch.yaml | 34 +++++++++++++++++++ .../templates/opensearch-dashboard.yaml | 11 ++++++ .../opensearch/templates/opensearch-data.yaml | 28 +++++++++++++++ 6 files changed, 91 insertions(+) create mode 100644 group_vars/kube1.yaml create mode 100644 roles/opensearch/tasks/main.yaml create mode 100644 roles/opensearch/tasks/opensearch.yaml create mode 100644 roles/opensearch/templates/opensearch-dashboard.yaml create mode 100644 roles/opensearch/templates/opensearch-data.yaml diff --git a/group_vars/all.yaml b/group_vars/all.yaml index 8b83d5e..8c5cc4c 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -39,6 +39,14 @@ immich_pg_password: HISTORY_PURGED_SECRET event_dispatcher_token: "HISTORY_PURGED_SECRET" +opensearch_admin_password: "HISTORY_PURGED_SECRET" +opensearch_seed_hosts: + - ipv4.atlantishq.de:9300 + - ipv4.atlantishq.de:9301 +opensearch_manager_nodes: + - opensearch-data-1 + - opensearch-data-2 + extra_root_keys: - "# no extra keys" diff --git a/group_vars/kube1.yaml b/group_vars/kube1.yaml new file mode 100644 index 0000000..d067dd8 --- /dev/null +++ b/group_vars/kube1.yaml @@ -0,0 +1,6 @@ +opensearch_data_nodes: + - opensearch-data-1 + - opensearch-data-2 + +opensearch_dashboards: + - opensearch-dasboard-1 diff --git a/roles/opensearch/tasks/main.yaml b/roles/opensearch/tasks/main.yaml new file mode 100644 index 0000000..6c422cc --- /dev/null +++ b/roles/opensearch/tasks/main.yaml @@ -0,0 +1,4 @@ +- import_tasks: opensearch.yaml + when: + - opensearch_data_nodes is defined + - opensearch_dashboards is defined diff --git a/roles/opensearch/tasks/opensearch.yaml b/roles/opensearch/tasks/opensearch.yaml new file mode 100644 index 0000000..05820f3 --- /dev/null +++ b/roles/opensearch/tasks/opensearch.yaml @@ -0,0 +1,34 @@ +- name: "Create Opesearch Parent Directory" + file: + state: directory + name: /data/opensearch/ + owner: 1000 + group: 1000 + +- name: "Create Data Directories" + file: + state: directory + name: "/data/opensearch/{{ item }}" + owner: 1000 + group: 1000 + with_items: "{{ opensearch_data_nodes }}" + +- name: "Create Compose Directories" + file: + state: directory + name: "/opt/{{ item }}" + with_items: "{{ opensearch_data_nodes + opensearch_dashboards }}" + +- name: "Dashboard Template" + template: + src: "opensearch-dashboard.yaml" + dest: "/opt/{{ item }}/{{ item }}.yaml" + with_items: "{{ opensearch_dashboards }}" + +- name: "Data Node Template" + template: + src: "opensearch-data.yaml" + dest: "/opt/{{ node_name }}/{{ node_name }}.yaml" + loop: "{{ opensearch_data_nodes }}" + loop_control: + loop_var: node_name diff --git a/roles/opensearch/templates/opensearch-dashboard.yaml b/roles/opensearch/templates/opensearch-dashboard.yaml new file mode 100644 index 0000000..0e12e75 --- /dev/null +++ b/roles/opensearch/templates/opensearch-dashboard.yaml @@ -0,0 +1,11 @@ +version: '3' +services: + opensearch-dashboards: + image: opensearchproject/opensearch-dashboards:latest # Make sure the version of opensearch-dashboards matches the version of opensearch installed on other nodes + container_name: opensearch-dashboards + ports: + - 9400:5601 # Map host port 5601 to container port 5601 + environment: + OPENSEARCH_HOSTS: '["https://atlantishq.de:9200","https://atlantishq.de:9201"]' + OPENSEARCH.USERNAME: "admin" + OPENSEARCH.PASSWORD: "{{ opensearch_admin_password }}" diff --git a/roles/opensearch/templates/opensearch-data.yaml b/roles/opensearch/templates/opensearch-data.yaml new file mode 100644 index 0000000..08ef064 --- /dev/null +++ b/roles/opensearch/templates/opensearch-data.yaml @@ -0,0 +1,28 @@ +version: '3' +services: + opensearch-{{ node_name }}: + image: opensearchproject/opensearch:latest + container_name: {{ node_name }} + environment: + - cluster.name=atlantis-opensearch-cluster + - node.name={{ node_name }} + - network.publish_host=ipv4.atlantishq.de + - transport.port=930{{ node_name.split('-')[-1] | int - 1 }} + - discovery.seed_hosts={{ ",".join(opensearch_seed_hosts) }} + - cluster.initial_cluster_manager_nodes={{ ",".join(opensearch_manager_nodes) }} + - bootstrap.memory_lock=true # Disable JVM heap memory swapping + - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" + - OPENSEARCH_INITIAL_ADMIN_PASSWORD={{ opensearch_admin_password }} + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + volumes: + - /data/opensearch/{{ node_name }}/:/usr/share/opensearch/data + ports: + - 920{{ node_name.split('-')[-1] | int - 1 }}:9200 # REST API + - 930{{ node_name.split('-')[-1] | int - 1 }}:930{{ node_name.split('-')[-1] | int - 1 }} # Data Transport + - 960{{ node_name.split('-')[-1] | int - 1 }}:9600 # Performance Analyzer