oddly.elasticstack
Deploy and manage the Elastic Stack with Ansible.
Elasticsearch, Kibana, Logstash, and Beats — from repos to rolling upgrades.
This collection is under active development. APIs, default values, and variable names may change between releases without deprecation notices. Pin to a specific version in your
requirements.ymlif you need stability.
An Ansible collection that handles the complete lifecycle of an Elastic Stack deployment: package repositories, installation, cluster formation, TLS certificate generation and renewal, security initialization, service management, and rolling upgrades from 8.x to 9.x.
It works both for standalone single-service installs and for coordinated multi-node deployments where roles auto-discover each other through inventory groups.
Forked from NETWAYS/ansible-collection-elasticstack.
- Elastic 8.x and 9.x with automatic version-specific configuration
- Rolling upgrades from 8.x to 9.x, one node at a time with shard allocation management
- Full TLS PKI — CA generation, per-node certificates, automatic renewal before expiry
- Custom TLS certificates — bring your own certs (PEM or P12) from any CA, with format auto-detection, separate transport/HTTP certs on ES, and built-in expiry warnings
- Security initialization — bootstrap passwords, keystore management, user/role creation
- Multi-node orchestration — roles discover each other through inventory groups
- Beats collection — Filebeat (log, syslog TCP/UDP, journald, Docker), Metricbeat, Auditbeat
ansible-galaxy collection install oddly.elasticstack# inventory.yml
all:
children:
elasticsearch:
hosts:
es1: { ansible_host: 10.0.1.10 }
es2: { ansible_host: 10.0.1.11 }
es3: { ansible_host: 10.0.1.12 }
kibana:
hosts:
kb1: { ansible_host: 10.0.1.20 }
logstash:
hosts:
ls1: { ansible_host: 10.0.1.30 }# playbook.yml
- hosts: all
vars:
elasticstack_release: 9
roles:
- oddly.elasticstack.repos
- oddly.elasticstack.elasticsearch
- oddly.elasticstack.kibana
- oddly.elasticstack.logstash
- oddly.elasticstack.beatsRoles run in order. Each one uses inventory group names to find the other services. After the run, initial passwords are in /usr/share/elasticsearch/initial_passwords on the first ES host.
See the getting started guide for single-node setups, disabling security, package mirrors, and more.
| Role | Purpose |
|---|---|
repos |
APT/YUM repository and GPG key setup |
elasticsearch |
Cluster formation, JVM tuning, security setup, rolling upgrades |
kibana |
Web UI, Elasticsearch connection, optional HTTPS frontend |
logstash |
Pipeline management, queue config, ES user/role creation |
beats |
Filebeat, Metricbeat, Auditbeat with syslog, journald, Docker inputs |
elasticstack |
Shared defaults inherited by all roles (ports, groups, CA, repos) |
| Versions | |
|---|---|
| Debian | 11, 12, 13 |
| Ubuntu | 22.04, 24.04 |
| Rocky Linux / RHEL | 8, 9, 10 |
| Elastic Stack | 8.x, 9.x |
| Ansible | 2.18+ |
Full documentation lives in the wiki:
- Getting started — single-node and multi-node walkthroughs
- Architecture — data flow, TLS PKI, security init, rolling upgrades, retry budgets, container workarounds
- Role reference — every variable, operational note, and task flow diagram for each role
Issues and pull requests welcome. Branch naming: fix/ for bug fixes, feature/ for enhancements, doc/ for documentation changes.