From 60226ec2ed27a3216daf93f02db99e69e3fa66e4 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Fri, 5 Jul 2019 15:37:11 +0200
Subject: [PATCH] customer/bitegra/portal/support#1 Implement elasticsearch
 backup

---
 files/elasticsearch-remove-readonly     | 16 ----------------
 tasks/backup.yml                        | 25 +++++++++++++++++++++++++
 tasks/install.yml                       |  9 +++++++++
 tasks/main.yml                          |  4 ++++
 tasks/readonly.yml                      |  2 +-
 templates/elasticsearch-remove-readonly |  3 +++
 templates/elasticsearch-snapshot        |  5 +++++
 templates/etc_default_elasticsearch     |  2 +-
 8 files changed, 48 insertions(+), 18 deletions(-)
 delete mode 100644 files/elasticsearch-remove-readonly
 create mode 100644 tasks/backup.yml
 create mode 100644 templates/elasticsearch-remove-readonly
 create mode 100644 templates/elasticsearch-snapshot

diff --git a/files/elasticsearch-remove-readonly b/files/elasticsearch-remove-readonly
deleted file mode 100644
index dd2ef1d..0000000
--- a/files/elasticsearch-remove-readonly
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-
-if [[ "x$1" = "x" ]]; then
-  DATE=`date +%Y.%m.%d`
-  elasticsearch-remove-readonly .kibana_2
-  elasticsearch-remove-readonly .kibana_1
-  elasticsearch-remove-readonly ansible
-  elasticsearch-remove-readonly uptime
-  elasticsearch-remove-readonly logstash-$DATE
-  elasticsearch-remove-readonly heartbeat-6.6.1-$DATE
-  exit 0
-fi
-
-echo ""
-echo "Unlock $1"
-curl -X PUT http://127.0.0.1:9200/$1/_settings -H 'Content-Type: application/json' -d '{"index.blocks.read_only_allow_delete":null}'
diff --git a/tasks/backup.yml b/tasks/backup.yml
new file mode 100644
index 0000000..9693b5f
--- /dev/null
+++ b/tasks/backup.yml
@@ -0,0 +1,25 @@
+---
+# file: roles/elasticsearch/tasks/backup.yml
+
+- name: Register snapshot repository
+  uri:
+    url: http://localhost:9200/_snapshot/Backup
+    method: PUT
+    user: elastic
+    password: '{{ elasticsearch.users.elastic|default("") }}'
+    body: '{"type":"source","settings":{"delegate_type":"fs","location":"/var/backups/elasticsearch"}}'
+    force_basic_auth: yes
+    status_code: 200
+    body_format: json
+
+- name: Copy snapshot script
+  template:
+    src: elasticsearch-snapshot
+    dest: /usr/local/bin/elasticsearch-snapshot
+    mode: 0755
+
+- name: Backup Cron
+  cron:
+    name: Elasticsearch backup
+    hour: 2
+    job: /usr/local/bin/elasticsearch-snapshot >/dev/null 2>&1
diff --git a/tasks/install.yml b/tasks/install.yml
index 0a95200..157ec4c 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -50,6 +50,15 @@
       line: 'xpack.security.enabled: true'
     - regexp: 'xpack.security.transport.ssl.enabled'
       line: 'xpack.security.transport.ssl.enabled: false'
+    - regexp: 'path.repo'
+      line: 'path.repo: ["/var/backups/elasticsearch"]'
+
+- name: Prepare backup directory
+  file:
+    path: /var/backups/elasticsearch
+    state: directory
+    owner: elasticsearch
+    group: elasticsearch
 
 - name: Start Elasticsearch
   service:
diff --git a/tasks/main.yml b/tasks/main.yml
index 36e52fb..814db0b 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -27,4 +27,8 @@
     - name: Import readonly
       import_tasks: readonly.yml
 
+    - name: Include backup
+      include_tasks: backup.yml
+      when: elasticsearch.snapshot is defined and elasticsearch.snapshot.indices is defined
+
   when: not excluded_roles or "elasticsearch" not in excluded_roles
diff --git a/tasks/readonly.yml b/tasks/readonly.yml
index a9abee4..bdfa37a 100644
--- a/tasks/readonly.yml
+++ b/tasks/readonly.yml
@@ -2,7 +2,7 @@
 # file: roles/elasticsearch/tasks/readonly.yml
 
 - name: Copy script
-  copy:
+  template:
     src: elasticsearch-remove-readonly
     dest: /usr/local/bin/elasticsearch-remove-readonly
     mode: 0755
diff --git a/templates/elasticsearch-remove-readonly b/templates/elasticsearch-remove-readonly
new file mode 100644
index 0000000..135365c
--- /dev/null
+++ b/templates/elasticsearch-remove-readonly
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+curl -X PUT http://elastic:{{ elasticsearch.users.elastic|default('') }}@localhost:9200/_all/_settings -H 'Content-Type: application/json' -d'{ "index.blocks.read_only_allow_delete" : false } }'
diff --git a/templates/elasticsearch-snapshot b/templates/elasticsearch-snapshot
new file mode 100644
index 0000000..6bf691b
--- /dev/null
+++ b/templates/elasticsearch-snapshot
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+{% set ES_INDICES = elasticsearch.snapshot.indices|join(',') %}
+
+curl -X PUT 'http://elastic:{{ elasticsearch.users.elastic|default("") }}@localhost:9200/_snapshot/Backup/snapshot_1?wait_for_completion=true' -H 'Content-Type: application/json' -d '{"indices": "{{ ES_INDICES }}","ignore_unavailable": true,"include_global_state": false}'
diff --git a/templates/etc_default_elasticsearch b/templates/etc_default_elasticsearch
index ec9dde7..75aca7f 100644
--- a/templates/etc_default_elasticsearch
+++ b/templates/etc_default_elasticsearch
@@ -6,7 +6,7 @@
 #ES_HOME=/usr/share/elasticsearch
 
 # Elasticsearch Java path
-JAVA_HOME=/usr/lib/jvm/java-{{ java_version }}-openjdk-amd64/bin/java
+JAVA_HOME=/usr/lib/jvm/java-{{ java_version }}-openjdk-amd64
 
 # Elasticsearch configuration directory
 ES_PATH_CONF=/etc/elasticsearch
-- 
GitLab