feat: support RHEL8/9/10 and Rocky, Debian, Ubuntu

* Major refactor for whole playbook (untested)
* Bump ELK version to 9.x

Author: sadsfae

install/roles/apache/tasks/main.yml

@@ -3,45 +3,59 @@
 # Install/run apache
 #
 
-- name: Install httpd and tools
-  yum:
-    name: [httpd, httpd-tools, python-httplib2]
+- name: Set OS dependent variables
+  set_fact:
+    apache_service: "{{ 'httpd' if ansible_os_family == 'RedHat' else 'apache2' }}"
+    apache_conf_dir: "{{ '/etc/httpd/conf.d' if ansible_os_family == 'RedHat' else '/etc/apache2/sites-enabled' }}"
+    apache_packages: "{{ ['httpd', 'httpd-tools', 'python3-httplib2'] if ansible_os_family == 'RedHat' else ['apache2', 'apache2-utils', 'python3-httplib2'] }}"
+
+- name: Install Apache and tools
+  package:
+    name: "{{ apache_packages }}"
+    state: present
   become: true
 
-# SELinux boolean for nginx
+# SELinux boolean for httpd
 - name: Apply SELinux boolean httpd_can_network_connect
-  seboolean: name=httpd_can_network_connect state=yes persistent=yes
+  seboolean:
+    name: httpd_can_network_connect
+    state: yes
+    persistent: yes
   become: true
+  when: ansible_os_family == 'RedHat'
 
 # deploy kibana.conf with FQDN
 - name: Setup apache reverse proxy for kibana
   template:
-    src=kibana.conf.j2
-    dest=/etc/httpd/conf.d/kibana.conf
-    owner=root
-    group=root
-    mode=0644
+    src: kibana.conf.j2
+    dest: "{{ apache_conf_dir }}/kibana.conf"
+    owner: root
+    group: root
+    mode: '0644'
   become: true
-  register: httpd_needs_restart
+  register: kibana_conf
 
 # deploy basic httpd 8080 vhost
 - name: Setup httpd TCP/8080 vhost for SSL certificate
   template:
-    src=8080vhost.conf.j2
-    dest=/etc/httpd/conf.d/8080vhost.conf
-    owner=root
-    group=root
-    mode=0644
+    src: 8080vhost.conf.j2
+    dest: "{{ apache_conf_dir }}/8080vhost.conf"
+    owner: root
+    group: root
+    mode: '0644'
   become: true
+  register: vhost_conf
 
-# start httpd service
-- name: Start httpd service
-  command: systemctl restart httpd.service
-  ignore_errors: true
-  when: httpd_needs_restart != 0
+- name: Ensure Apache is enabled and started
+  service:
+    name: "{{ apache_service }}"
+    state: started
+    enabled: true
   become: true
 
-- name: Set httpd to start on boot
-  command: systemctl enable httpd.service
-  ignore_errors: true
+- name: Restart Apache if configuration changed
+  service:
+    name: "{{ apache_service }}"
+    state: restarted
   become: true
+  when: kibana_conf.changed or vhost_conf.changed

install/roles/curator/files/curator.repo

@@ -1,6 +1,6 @@
-[curator-5]
-name=CentOS/RHEL 7 repository for Elasticsearch Curator 5.x packages
-baseurl=https://packages.elastic.co/curator/5/centos/7
+[curator-9]
+name=RHEL/Rocky repository for Elasticsearch Curator 9.x packages
+baseurl=https://artifacts.elastic.co/packages/9.x/yum
 gpgcheck=1
-gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
+gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
 enabled=1

install/roles/curator/tasks/main.yml

@@ -3,58 +3,83 @@
 # install curator tool for managing elasticsearch
 #
 
-- name: Copy curator yum repo file
-  copy:
-    src=curator.repo
-    dest=/etc/yum.repos.d/curator.repo
-    owner=root
-    group=root
-    mode=0644
+- name: Setup Curator repository (RedHat/Rocky)
+  when:
+    - install_curator_tool
+    - ansible_os_family == 'RedHat'
   become: true
-  when: install_curator_tool
+  block:
+    - name: Copy curator yum repo file
+      copy:
+        src: curator.repo
+        dest: /etc/yum.repos.d/curator.repo
+        owner: root
+        group: root
+        mode: '0644'
 
-- name: Import curator GPG Key
-  rpm_key: key=http://packages.elastic.co/GPG-KEY-elasticsearch
-    state=present
-  when: install_curator_tool
-  become: true
+    - name: Import curator GPG Key
+      rpm_key:
+        key: http://packages.elastic.co/GPG-KEY-elasticsearch
+        state: present
 
-- name: Install curator and python-setuptools
-  yum:
-    name: elasticsearch-curator
+- name: Setup Curator repository (Debian/Ubuntu)
+  when:
+    - install_curator_tool
+    - ansible_os_family == 'Debian'
   become: true
+  block:
+    - name: Install apt-transport-https
+      apt:
+        name: apt-transport-https
+        state: present
+
+    - name: Import curator GPG Key
+      apt_key:
+        url: http://packages.elastic.co/GPG-KEY-elasticsearch
+        state: present
+
+    - name: Add Curator repository
+      apt_repository:
+        repo: deb http://packages.elastic.co/curator/5/debian stable main
+        state: present
+
+- name: Install curator
   when: install_curator_tool
+  become: true
+  package:
+    name: elasticsearch-curator
+    state: present
 
 - name: Setup curator config
-  template:
-    src=curator-config.yml.j2
-    dest=/etc/elasticsearch/curator-config.yml
-    owner=root
-    group=root
-    mode=0644
-  become: true
   when: install_curator_tool
+  become: true
+  template:
+    src: curator-config.yml.j2
+    dest: /etc/elasticsearch/curator-config.yml
+    owner: root
+    group: root
+    mode: '0644'
 
 - name: Setup curator template file
-  template:
-    src=curator-action.yml.j2
-    dest=/etc/elasticsearch/curator-action.yml
-    owner=root
-    group=root
-    mode=0644
-  become: true
   when: install_curator_tool
+  become: true
+  template:
+    src: curator-action.yml.j2
+    dest: /etc/elasticsearch/curator-action.yml
+    owner: root
+    group: root
+    mode: '0644'
 
 # Runs cron job to cleanup indices every weekday.
 # you should adjust this to your needs
 - name: Curator Cleanup Cronjob
+  when: install_curator_tool
+  become: true
   cron:
     name: Curator run
-    weekday: '*'
-    minute: 0
-    hour: 12
+    weekday: "*"
+    minute: "0"
+    hour: "12"
     user: root
     job: "curator --config /etc/elasticsearch/curator-config.yml /etc/elasticsearch/curator-action.yml >> /var/log/curator.log 2>&1"
     cron_file: curator-daily-cleanup
-  when: install_curator_tool
-  become: true

install/roles/elasticsearch/files/elasticsearch.repo

@@ -1,6 +1,6 @@
-[elasticsearch-6.x]
-name=Elasticsearch repository for 6.x packages
-baseurl=https://artifacts.elastic.co/packages/6.x/yum
+[elasticsearch-9.x]
+name=Elasticsearch repository for 9.x packages
+baseurl=https://artifacts.elastic.co/packages/9.x/yum
 gpgcheck=1
 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
 enabled=1