Allow definition of a list of Elasticsearch servers. These servers are intended to be refenced by elasticsearch_indices and elasticsearch_templates items.


Each item of the list has the following attributes:

Name req? Description
name yes The logical name given to this server
relay_host yes From which host are the HTTP requests to elasticsearch server issued.
url yes The base part of the url of the server. Typically: http://elastic1.myserver.mydomain.com:9200/
when no Boolean. Allow conditional deployment of this item.
Default True
username no The user name to log on this elasticsearch server. Must have enough rights to perform intended operations.
password no The password associated with the username. May be encrypted. Refer to encrypted variables
validate_certs no Useful if the connection is using SSL. If no, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates.
Default: yes
ca_bundle_relay_file no Useful if the connection is using SSL. Allow to specify a CA_BUNDLE file, a file that contains root and intermediate certificates to validate the elasticsearch server certificate in .pem format.
This file will be looked up on the relay host system, on which this module will be executed.
ca_bundle_local_file no Same as above, except this file will be looked up locally, relative to the main file. It will be copied on the relay host at the location defined by ca_bundle_relay_file


The simplest case:

- name: elastic1
  relay_host: en1
  url: http://elastic1.myserver.mydomain.com:9200/

For a secured elasticsearch cluster:

- name: elastic2
  relay_host: en1
  url: https://elastic2.myserver.mydomain.com:9200/
  validate_certs: false 
  username: elastic
  password: changeme  


Internally, HADeploy use the python requests API to access elasticsearch. The provided ca_bundle_relay_file will be used as the verify parameter of all HTTP requests. More info here.

If, for encrypting communication with elasticsearch you have generated a Certificate authority with

bin/elasticsearch-certutil ca 

as described in the elastic documentation, the following python code will allow you to generate a CA_BUNDE file elastic-stack-ca.crt.pem.

# Need:
# sudo yum install pyOpenSSL
from OpenSSL import crypto

# Accept "" for empty password.
with open("elastic-stack-ca.p12", "rb") as file:
    p12 = crypto.load_pkcs12(file.read(), "capassword")

# PEM formatted certificate
cert =  crypto.dump_certificate(crypto.FILETYPE_PEM, p12.get_certificate())
print cert
f = open("elastic-stack-ca.crt.pem", "w")