Disable the security plugin by default.

2022-05-09 20:02:48 +02:00 · 2022-05-09 20:02:48 +02:00 · ac47ada043
parent 19c5dd7f47
commit ac47ada043
4 changed files with 88 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -10,6 +10,54 @@ Role Variables
 The most important variables are listed below:

 ``` yaml
+opensearch_install: true
+opensearch_enabled: true
+opensearch_major_version: 1
+opensearch_minor_version: 3
+opensearch_patch_version: 2
+opensearch_version: '{{ opensearch_major_version }}.{{ opensearch_minor_version }}.{{ opensearch_patch_version }}'
+opensearch_versioned: 'opensearch-{{ opensearch_version }}'
+opensearch_filename: '{{ opensearch_versioned }}-linux-x64.tar.gz'
+opensearch_download_url: 'https://artifacts.opensearch.org/releases/bundle/opensearch/{{ opensearch_version }}/{{ opensearch_filename }}'
+opensearch_cli_tools_file: 'opensearch-cli-1.1.0-linux-x64.zip'
+opensearch_cli_tools_url: 'https://artifacts.opensearch.org/opensearch-clients/opensearch-cli/{{ opensearch_cli_tools_file }}'
+opensearch_user: opensearch
+opensearch_base_install_dir: /opt/opensearch
+opensearch_config_dir: '{{ opensearch_base_install_dir }}/config'
+opensearch_bin_dir: '{{ opensearch_base_install_dir }}/bin'
+opensearch_cluster_name: 'Opensearch Cluster'
+opensearch_http_port: 9200
+opensearch_transport_min_port: 9300
+opensearch_transport_max_port: 9400
+opensearch_data_dirs:
+  - /var/lib/opensearch
+opensearch_log_dir: /var/log/opensearch
+opensearch_bind_ip: 0.0.0.0
+opensearch_single_node: true
+opensearch_discovery_host_list: '["127.0.0.1", "[::1]"]'
+opensearch_define_majority_of_nodes: true
+opensearch_majority_of_nodes: 1
+opensearch_bootstrap_known_masters:
+  - '{{ ansible_fqdn }}'
+opensearch_real_cluster: false
+opensearch_recover_after_nodes: 3
+opensearch_max_local_storage_nodes: 1
+opensearch_destructive_requires_name: true
+opensearch_define_heap_size: false
+opensearch_heap_size: 2g
+opensearch_additional_java_opts: '-server -Djava.awt.headless=true -Dfile.encoding=UTF-8'
+opensearch_java_io_tmpdir: '/var/tmp'
+opensearch_additional_conf:
+  - {name: 'search.max_buckets', value: '65535'}
+opensearch_max_open_files: 65535
+opensearch_max_processes: 8192
+opensearch_cluster_routing_allocation_disk_threshold_enabled: 'true'
+opensearch_cluster_routing_allocation_disk_watermark_low: '85%'
+opensearch_cluster_routing_allocation_disk_watermark_high: '90%'
+# Compatibility with kernels <= 3.5. Set to False if you are using a newer kernel
+opensearch_disable_bootstrap_syscall_filter: true
+opensearch_security_enabled: false
+
 ```

 Dependencies
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -13,6 +13,8 @@ opensearch_cli_tools_url: 'https://artifacts.opensearch.org/opensearch-clients/o
 opensearch_user: opensearch
 opensearch_base_install_dir: /opt/opensearch
 opensearch_config_dir: '{{ opensearch_base_install_dir }}/config'
+opensearch_plugins_dir: '{{ opensearch_base_install_dir }}/plugins'
+opensearch_disabled_plugins_dir: '{{ opensearch_base_install_dir }}/disabled-plugins'
 opensearch_bin_dir: '{{ opensearch_base_install_dir }}/bin'

 opensearch_cluster_name: 'Opensearch Cluster'
@ -47,6 +49,21 @@ opensearch_cluster_routing_allocation_disk_watermark_low: '85%'
 opensearch_cluster_routing_allocation_disk_watermark_high: '90%'
 # Compatibility with kernels <= 3.5. Set to False if you are using a newer kernel
 opensearch_disable_bootstrap_syscall_filter: true
+opensearch_security_enabled: false
+opensearch_default_plugins:
+  - opensearch-alerting
+  - opensearch-anomaly-detection
+  - opensearch-asynchronous-search
+  - opensearch-cross-cluster-replication
+  - opensearch-index-management
+  - opensearch-job-scheduler
+  - opensearch-knn
+  - opensearch-ml
+  - opensearch-observability
+  - opensearch-performance-analyzer
+  - opensearch-reports-scheduler
+  - opensearch-security
+  - opensearch-sql

 # Only name and value are mandatory. The others have defaults
 # systemctl_custom_options:
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -64,6 +64,24 @@

  tags: ['opensearch']

+- name: Opensearch plugins
+  block:
+    - name: Create the opensearch 'disabled_plugins' directory
+      file:
+        dest: '{{ opensearch_disabled_plugins_dir }}'
+        state: directory
+        owner: root
+        group: root
+        mode: 0755
+
+    - name: Manage the security plugin
+      command: mv {{ opensearch_plugins_dir }}/opensearch-security {{ opensearch_disabled_plugins_dir }}/opensearch-security
+      args:
+        creates: '{{ opensearch_disabled_plugins_dir }}/opensearch-security'
+      when: not opensearch_security_enabled
+
+  tags: ['opensearch', 'opensearch_plugins']
+
 - name: Opensearch configuration
  block:
    - name: Install the opensearch JVM options
--- a/templates/opensearch.yml.j2
+++ b/templates/opensearch.yml.j2
@ -20,21 +20,25 @@ cluster.name: {{ opensearch_cluster_name }}
 # Use a descriptive name for the node:
 #
 node.name: {{ ansible_fqdn }}
-
+#
+{% if not opensearch_single_node %}
 cluster.initial_master_nodes:
 {% for n in opensearch_bootstrap_known_masters %}
  - {{ n }}
 {% endfor %}
+
 #
 # Add custom attributes to the node:
 #
 # node.rack: r1
+{% endif %}
 #
 # ----------------------------------- Paths ------------------------------------
 #
 # Path to directory where to store the data (separate multiple locations by comma):
 #
 path.data: {% for data_dir in opensearch_data_dirs %}{{ data_dir }}{% if not loop.last %},{% endif %}{% endfor %}
+
 #
 # Path to log files:
 #