add: basic openvpn node setup

group_vars/all.yaml

@@ -39,6 +39,14 @@ immich_pg_password: HISTORY_PURGED_SECRET
 
 event_dispatcher_token: "HISTORY_PURGED_SECRET"
 
+opensearch_admin_password: "HISTORY_PURGED_SECRET"
+opensearch_seed_hosts:
+    - ipv4.atlantishq.de:9300
+    - ipv4.atlantishq.de:9301
+opensearch_manager_nodes:
+    - opensearch-data-1
+    - opensearch-data-2
+
 extra_root_keys:
     - "# no extra keys"
 

group_vars/kube1.yaml

@@ -0,0 +1,6 @@
+opensearch_data_nodes:
+    - opensearch-data-1
+    - opensearch-data-2
+
+opensearch_dashboards:
+    - opensearch-dasboard-1

roles/opensearch/tasks/main.yaml

@@ -0,0 +1,4 @@
+- import_tasks: opensearch.yaml
+  when:
+    - opensearch_data_nodes is defined
+    - opensearch_dashboards is defined

roles/opensearch/tasks/opensearch.yaml

@@ -0,0 +1,34 @@
+- name: "Create Opesearch Parent Directory"
+  file:
+    state: directory
+    name: /data/opensearch/
+    owner: 1000
+    group: 1000
+
+- name: "Create Data Directories"
+  file:
+    state: directory
+    name: "/data/opensearch/{{ item }}"
+    owner: 1000
+    group: 1000
+  with_items: "{{ opensearch_data_nodes }}"
+
+- name: "Create Compose Directories"
+  file:
+    state: directory
+    name: "/opt/{{ item }}"
+  with_items: "{{ opensearch_data_nodes + opensearch_dashboards }}"
+
+- name: "Dashboard Template"
+  template:
+    src: "opensearch-dashboard.yaml"
+    dest: "/opt/{{ item }}/{{ item }}.yaml"
+  with_items: "{{ opensearch_dashboards }}"
+
+- name: "Data Node Template"
+  template:
+    src: "opensearch-data.yaml"
+    dest: "/opt/{{ node_name }}/{{ node_name }}.yaml"
+  loop: "{{ opensearch_data_nodes }}"
+  loop_control:
+    loop_var: node_name

roles/opensearch/templates/opensearch-dashboard.yaml

@@ -0,0 +1,11 @@
+version: '3'
+services:
+  opensearch-dashboards:
+    image: opensearchproject/opensearch-dashboards:latest # Make sure the version of opensearch-dashboards matches the version of opensearch installed on other nodes
+    container_name: opensearch-dashboards
+    ports:
+      - 9400:5601 # Map host port 5601 to container port 5601
+    environment:
+        OPENSEARCH_HOSTS: '["https://atlantishq.de:9200","https://atlantishq.de:9201"]'
+        OPENSEARCH.USERNAME: "admin"
+        OPENSEARCH.PASSWORD: "{{ opensearch_admin_password }}"

roles/opensearch/templates/opensearch-data.yaml

@@ -0,0 +1,28 @@
+version: '3'
+services:
+  opensearch-{{ node_name }}:
+    image: opensearchproject/opensearch:latest
+    container_name: {{ node_name }}
+    environment:
+      - cluster.name=atlantis-opensearch-cluster
+      - node.name={{ node_name }}
+      - network.publish_host=ipv4.atlantishq.de
+      - transport.port=930{{ node_name.split('-')[-1] | int - 1 }}
+      - discovery.seed_hosts={{ ",".join(opensearch_seed_hosts) }}
+      - cluster.initial_cluster_manager_nodes={{ ",".join(opensearch_manager_nodes) }}
+      - bootstrap.memory_lock=true # Disable JVM heap memory swapping
+      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
+      - OPENSEARCH_INITIAL_ADMIN_PASSWORD={{ opensearch_admin_password }}
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - /data/opensearch/{{ node_name }}/:/usr/share/opensearch/data
+    ports:
+      - 920{{ node_name.split('-')[-1] | int - 1 }}:9200 # REST API
+      - 930{{ node_name.split('-')[-1] | int - 1 }}:930{{ node_name.split('-')[-1] | int - 1 }} # Data Transport
+      - 960{{ node_name.split('-')[-1] | int - 1 }}:9600 # Performance Analyzer