From 1568b16a060013ee1089938af125126cc62dd843 Mon Sep 17 00:00:00 2001
From: Ivar Eriksen <ivar.eriksen@norkart.no>
Date: Fri, 9 Feb 2024 13:32:58 +0100
Subject: [PATCH 1/3] Use elasticsearch_network_host for connection tests if
 defined

---
 roles/elasticsearch/tasks/elasticsearch-security.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/roles/elasticsearch/tasks/elasticsearch-security.yml b/roles/elasticsearch/tasks/elasticsearch-security.yml
index 48bcb2aa..69aa1a9e 100644
--- a/roles/elasticsearch/tasks/elasticsearch-security.yml
+++ b/roles/elasticsearch/tasks/elasticsearch-security.yml
@@ -391,7 +391,7 @@
 
 - name: Check for API with bootstrap password
   ansible.builtin.uri:
-    url: "{{ elasticsearch_http_protocol }}://localhost:{{ elasticstack_elasticsearch_http_port }}"
+    url: "{{ elasticsearch_http_protocol }}://{{ elasticsearch_network_host|default('localhost') }}:{{ elasticstack_elasticsearch_http_port }}"
     user: elastic
     password: "{{ elasticsearch_bootstrap_pw }}"
     validate_certs: false
@@ -410,7 +410,7 @@
 
 - name: Check for cluster status with bootstrap password
   ansible.builtin.uri:
-    url: "{{ elasticsearch_http_protocol }}://localhost:{{ elasticstack_elasticsearch_http_port }}/_cluster/health?pretty"
+    url: "{{ elasticsearch_http_protocol }}://{{ elasticsearch_network_host|default('localhost') }}:{{ elasticstack_elasticsearch_http_port }}/_cluster/health?pretty"
     user: elastic
     password: "{{ elasticsearch_bootstrap_pw }}"
     validate_certs: false
@@ -437,7 +437,7 @@
 
 - name: Check for API availability with elastic password
   ansible.builtin.uri:
-    url: "{{ elasticsearch_http_protocol }}://localhost:{{ elasticstack_elasticsearch_http_port }}"
+    url: "{{ elasticsearch_http_protocol }}://{{ elasticsearch_network_host|default('localhost') }}:{{ elasticstack_elasticsearch_http_port }}"
     user: elastic
     password: "{{ elasticstack_password.stdout }}"
     validate_certs: false
@@ -466,7 +466,7 @@
         curl
         -k
         -X PUT
-        "{{ elasticsearch_http_protocol }}://elastic:{{ elasticstack_password.stdout }}@localhost:9200/_cluster/settings"
+        "{{ elasticsearch_http_protocol }}://elastic:{{ elasticstack_password.stdout }}@{{ elasticsearch_network_host|default('localhost') }}:9200/_cluster/settings"
         -H 'Content-Type: application/json' -d
         '
         {
@@ -488,7 +488,7 @@
 
 - name: Check for cluster status with elastic password
   ansible.builtin.uri:
-    url: "{{ elasticsearch_http_protocol }}://localhost:{{ elasticstack_elasticsearch_http_port }}/_cluster/health?pretty"
+    url: "{{ elasticsearch_http_protocol }}://{{ elasticsearch_network_host|default('localhost') }}:{{ elasticstack_elasticsearch_http_port }}/_cluster/health?pretty"
     user: elastic
     password: "{{ elasticstack_password.stdout }}"
     validate_certs: false

From 28c0140c69a004466bd7902ce8f6b4055197741a Mon Sep 17 00:00:00 2001
From: Ivar Eriksen <ivareri@users.noreply.github.com>
Date: Sat, 10 Feb 2024 09:47:29 +0100
Subject: [PATCH 2/3] changed to elasticsearch_api_host

---
 docs/role-elasticsearch.md                           |  2 +-
 roles/elasticsearch/defaults/main.yml                |  1 +
 roles/elasticsearch/tasks/elasticsearch-security.yml | 10 +++++-----
 roles/elasticsearch/tasks/main.yml                   |  2 +-
 4 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/docs/role-elasticsearch.md b/docs/role-elasticsearch.md
index e8b53c8f..4099322c 100644
--- a/docs/role-elasticsearch.md
+++ b/docs/role-elasticsearch.md
@@ -31,7 +31,7 @@ Role Variables
 * *elasticsearch_pamlimits*: Set pam_limits neccessary for Elasticsearch. (Default: `true`)
 * *elasticsearch_check_calculation*: End play in checks (Default: `false`)
 * *elasticsearch_network_host*: You can configure multipe network addresses where the networking is bind to. You can assign IP addresses or interfaces by their names. You can also use elasticsearch internal variabels as it set as default. Example: `"_ens190_,_local_"` (Default: `"_local_,"_site_"`) (Optional; if not defined `default` is used)
-
+* *elasticsearch_api_host*: Hostname or IP elasticsearch is listening on. Only used for connection checks by ansible role. (Default: `localhost`)
 * *elasticsearch_extra_config*: You can set additional configuration in YAML-notation as you would write in the `elasaticsearch.yml`. Example:
 
 ```YAML
diff --git a/roles/elasticsearch/defaults/main.yml b/roles/elasticsearch/defaults/main.yml
index 57f86c69..c35cb0de 100644
--- a/roles/elasticsearch/defaults/main.yml
+++ b/roles/elasticsearch/defaults/main.yml
@@ -22,6 +22,7 @@ elasticsearch_conf_dir: "/etc/elasticsearch/"
 elasticsearch_config_jvm: "jvm.options.j2"
 elasticsearch_user: elasticsearch
 elasticsearch_group: elasticsearch
+elasticsearch_api_host: localhost
 
 # JVM custom parameters
 elasticsearch_java_home: ''
diff --git a/roles/elasticsearch/tasks/elasticsearch-security.yml b/roles/elasticsearch/tasks/elasticsearch-security.yml
index 69aa1a9e..c43b6249 100644
--- a/roles/elasticsearch/tasks/elasticsearch-security.yml
+++ b/roles/elasticsearch/tasks/elasticsearch-security.yml
@@ -391,7 +391,7 @@
 
 - name: Check for API with bootstrap password
   ansible.builtin.uri:
-    url: "{{ elasticsearch_http_protocol }}://{{ elasticsearch_network_host|default('localhost') }}:{{ elasticstack_elasticsearch_http_port }}"
+    url: "{{ elasticsearch_http_protocol }}://{{ elasticsearch_api_host }}:{{ elasticstack_elasticsearch_http_port }}"
     user: elastic
     password: "{{ elasticsearch_bootstrap_pw }}"
     validate_certs: false
@@ -410,7 +410,7 @@
 
 - name: Check for cluster status with bootstrap password
   ansible.builtin.uri:
-    url: "{{ elasticsearch_http_protocol }}://{{ elasticsearch_network_host|default('localhost') }}:{{ elasticstack_elasticsearch_http_port }}/_cluster/health?pretty"
+    url: "{{ elasticsearch_http_protocol }}://{{ elasticsearch_api_host }}:{{ elasticstack_elasticsearch_http_port }}/_cluster/health?pretty"
     user: elastic
     password: "{{ elasticsearch_bootstrap_pw }}"
     validate_certs: false
@@ -437,7 +437,7 @@
 
 - name: Check for API availability with elastic password
   ansible.builtin.uri:
-    url: "{{ elasticsearch_http_protocol }}://{{ elasticsearch_network_host|default('localhost') }}:{{ elasticstack_elasticsearch_http_port }}"
+    url: "{{ elasticsearch_http_protocol }}://{{ elasticsearch_api_host }}:{{ elasticstack_elasticsearch_http_port }}"
     user: elastic
     password: "{{ elasticstack_password.stdout }}"
     validate_certs: false
@@ -466,7 +466,7 @@
         curl
         -k
         -X PUT
-        "{{ elasticsearch_http_protocol }}://elastic:{{ elasticstack_password.stdout }}@{{ elasticsearch_network_host|default('localhost') }}:9200/_cluster/settings"
+        "{{ elasticsearch_http_protocol }}://elastic:{{ elasticstack_password.stdout }}@{{ elasticsearch_api_host }}:9200/_cluster/settings"
         -H 'Content-Type: application/json' -d
         '
         {
@@ -488,7 +488,7 @@
 
 - name: Check for cluster status with elastic password
   ansible.builtin.uri:
-    url: "{{ elasticsearch_http_protocol }}://{{ elasticsearch_network_host|default('localhost') }}:{{ elasticstack_elasticsearch_http_port }}/_cluster/health?pretty"
+    url: "{{ elasticsearch_http_protocol }}://{{ elasticsearch_api_host }}:{{ elasticstack_elasticsearch_http_port }}/_cluster/health?pretty"
     user: elastic
     password: "{{ elasticstack_password.stdout }}"
     validate_certs: false
diff --git a/roles/elasticsearch/tasks/main.yml b/roles/elasticsearch/tasks/main.yml
index 80af2291..cfad7f59 100644
--- a/roles/elasticsearch/tasks/main.yml
+++ b/roles/elasticsearch/tasks/main.yml
@@ -222,7 +222,7 @@
   block:
     - name: Check for cluster status without security
       ansible.builtin.uri:
-        url: "http://localhost:{{ elasticstack_elasticsearch_http_port }}/_cluster/health?pretty"
+        url: "http://{{ elasticsearch_api_host }}:{{ elasticstack_elasticsearch_http_port }}/_cluster/health?pretty"
       register: elasticsearch_cluster_status
       ignore_errors: "{{ ansible_check_mode }}"
       until: elasticsearch_cluster_status.json.status == "green"

From 46ea56f86eb294c61aa929bd38b59f31a218444e Mon Sep 17 00:00:00 2001
From: Ivar Eriksen <ivareri@users.noreply.github.com>
Date: Sat, 10 Feb 2024 09:58:07 +0100
Subject: [PATCH 3/3] Use elasticsearch_api_host for all connection checks

---
 roles/elasticsearch/tasks/wait_for_instance.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/elasticsearch/tasks/wait_for_instance.yml b/roles/elasticsearch/tasks/wait_for_instance.yml
index dd237939..6bcd90df 100644
--- a/roles/elasticsearch/tasks/wait_for_instance.yml
+++ b/roles/elasticsearch/tasks/wait_for_instance.yml
@@ -2,7 +2,7 @@
 
 - name: Wait for instance
   ansible.builtin.wait_for:
-    host: "{{ hostvars[item].ansible_default_ipv4.address }}"
+    host: "{{ elasticsearch_api_host }}"
     port: "{{ elasticstack_elasticsearch_http_port }}"
     timeout: 600
   tags: