setup-elasticsearch.yml

- name: Install Elasticsearch
  hosts: elasticsearch
  roles:
    - role: elastic.elasticsearch
  vars:
    es_version: "6.5.1"
    es_instance_name: "node1"
    es_data_dirs:
      - "/opt/elasticsearch/data"
    es_log_dir: "/opt/elasticsearch/logs"
    es_config:
      node.name: "node1"
      cluster.name: "blockmed"
      http.port: 9200
      transport.tcp.port: 9300
      node.data: true
      node.master: true
      network.host: 0.0.0.0
      discovery.zen.minimum_master_nodes: 1
      searchguard.ssl.transport.pemcert_filepath: esnode.pem
      searchguard.ssl.transport.pemkey_filepath: esnode-key.pem
      searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem
      searchguard.ssl.transport.enforce_hostname_verification: false
      searchguard.ssl.http.enabled: false
      searchguard.ssl.http.pemcert_filepath: esnode.pem
      searchguard.ssl.http.pemkey_filepath: esnode-key.pem
      searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem
      searchguard.allow_unsafe_democertificates: true
      searchguard.allow_default_init_sgindex: true
      searchguard.audit.type: internal_elasticsearch
      searchguard.enable_snapshot_restore_privilege: true
      searchguard.check_snapshot_restore_write_privileges: true
      searchguard.restapi.roles_enabled: ["sg_all_access"]
      searchguard.enterprise_modules_enabled: false
    es_heap_size: 1g
    es_api_port: 9200
    es_xpack_features: ["monitoring"]
    es_plugins:
      - plugin: com.floragunn:search-guard-6:6.5.1-23.2
# Need to manual run search-guard initial tools at `<ES dir>/plugins/search-guard-6/tools/install_demo_configuration.sh` 
# and make sure the `*.pem` files stored in ES_CONFIG path `/etc/elasticsearch/node1/`