diff --git a/ansible/es.yml b/ansible/es.yml
index ab6aaf2ce8f31aabe84cbca93c0e12a397cd395e..4184bac96c3f03fe328fa759df3f3fee936248b0 100644
--- a/ansible/es.yml
+++ b/ansible/es.yml
@@ -12,6 +12,7 @@
- es_backup
- hosts: es-backup
+ gather_facts: no
become: yes
vars_files:
- ['{{inventory_dir}}/secrets.yml', 'secrets/{{env}}.yml']
diff --git a/ansible/roles/es-azure-restore/defaults/main.yml b/ansible/roles/es-azure-restore/defaults/main.yml
index 49962dba3574e8a5fafa023eace34459e0cd4f17..2225e72a8445c3521fa1495fbd51608e37195d72 100644
--- a/ansible/roles/es-azure-restore/defaults/main.yml
+++ b/ansible/roles/es-azure-restore/defaults/main.yml
@@ -1,2 +1,11 @@
# Override these values
+snapshot_create_request_body: {
+ type: azure,
+ settings: {
+ container: "elasticsearch-snapshots",
+ base_path: "{{ snapshot_base_path }}"
+ }
+}
+
es_restore_host: localhost
+snapshot_base_path: application
diff --git a/ansible/roles/es-azure-restore/tasks/main.yml b/ansible/roles/es-azure-restore/tasks/main.yml
index 1b1f6200c0de9ac089f254aeca2e1d5153cd4975..ba858ec67d26e2ccdb2d5e5a15d93da262e3fb39 100644
--- a/ansible/roles/es-azure-restore/tasks/main.yml
+++ b/ansible/roles/es-azure-restore/tasks/main.yml
@@ -1,4 +1,11 @@
---
+- name: Set azure snapshot for the first time
+ uri:
+ url: "http://{{ es_snapshot_host }}:9200/_snapshot/azurebackup"
+ method: PUT
+ body: "{{ snapshot_create_request_body | to_json }}"
+ headers:
+ Content-Type: "application/json"
- name: Restore ES from Azure backup
uri:
diff --git a/ansible/roles/es6/tasks/azure-plugin.yml b/ansible/roles/es6/tasks/azure-plugin.yml
new file mode 100644
index 0000000000000000000000000000000000000000..aed14050cd77611ed14a0965948dcdd39977455b
--- /dev/null
+++ b/ansible/roles/es6/tasks/azure-plugin.yml
@@ -0,0 +1,3 @@
+- name: Install azure plugin
+ shell: ES_PATH_CONF=/etc/elasticsearch/"{{ es_instance_name }}" /usr/share/elasticsearch/bin/elasticsearch-plugin install repository-azure
+ notify: restart elasticsearch
diff --git a/ansible/roles/es6/tasks/main.yml b/ansible/roles/es6/tasks/main.yml
index bc6a1ba865a0d672e9dbde3c69f7a4243e355d62..8cf05813023669741f7b918e0adf3682af37db6a 100644
--- a/ansible/roles/es6/tasks/main.yml
+++ b/ansible/roles/es6/tasks/main.yml
@@ -9,12 +9,6 @@
tags:
- always
-# - name: include java.yml
-# include: java.yml
-# when: es_java_install
-# tags:
-# - java
-
- name: include elasticsearch.yml
include: elasticsearch.yml
tags:
@@ -75,10 +69,13 @@
include: ./xpack/security/elasticsearch-security-native.yml
when: manage_native_realm
-#Templates done after restart - handled by flushing the handlers. e.g. suppose user removes security on a running node and doesn't specify es_api_basic_auth_username and es_api_basic_auth_password. The templates will subsequently not be removed if we don't wait for the node to restart.
#We also do after the native realm to ensure any changes are applied here first and its denf up.
- name: include elasticsearch-template.yml
include: elasticsearch-template.yml
when: es_templates
tags:
- - templates
\ No newline at end of file
+ - templates
+
+# Install Elasticsearch plugin for backups
+- name: include elasticsearch plugin install
+ include: azure-plugin.yml
diff --git a/ansible/roles/es6/templates/elasticsearch.yml.j2 b/ansible/roles/es6/templates/elasticsearch.yml.j2
index dcf6f7aef10c720acd37751b2c6db6e8144decaf..3cdbe5ab7145df35b8e2a4f028d32d04906455ba 100644
--- a/ansible/roles/es6/templates/elasticsearch.yml.j2
+++ b/ansible/roles/es6/templates/elasticsearch.yml.j2
@@ -50,3 +50,8 @@ network.host: 0.0.0.0
{% if es_remote_reindex is defined %}
reindex.remote.whitelist: {{es_remote_host}}:9200
{% endif %}
+
+{% if backup_azure_storage_account_name is defined and backup_azure_storage_access_key is defined %}
+cloud.azure.storage.default.account: {{ backup_azure_storage_account_name }}
+cloud.azure.storage.default.key: {{ backup_azure_storage_access_key }}
+{% endif %}