feat(roles/elasticsearch): add logrotate config for daily rotation

Author: NavidSassan

CHANGELOG.md

@@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+* **role:elasticsearch**: Add logrotate config for daily rotation
 * **role:freeipa_server**: Add the ability to specify the systemd unit start timeout
 * **role:postfix**: Add RHEL 10 support
 * **role:kvm_vm**: Add the ability to resize disks

roles/elasticsearch/README.md

@@ -198,6 +198,7 @@ ansible-playbook --inventory inventory linuxfabrik.lfops.elasticsearch --limit n
 | `elasticsearch__discovery_seed_hosts` | A list of IPs or hostnames that point to all master-eligible nodes of the cluster. The port defaults to 9300 but can be overwritten using `:9301`, for example. | unset |
 | `elasticsearch__http_cert` | ASCII-armored PEM HTTP certificate. | unset |
 | `elasticsearch__http_key` | ASCII-armored PEM HTTP private key. | unset |
+| `elasticsearch__log4j2_retention_days` | Number of days to retain rotated Elasticsearch log files (server, deprecation, slowlog, audit). All log appenders rotate daily and delete files older than this value. | `3` |
 | `elasticsearch__network_host` | Sets the address for both HTTP and transport traffic. Accepts an IP address, a hostname, or a [special value](https://www.elastic.co/guide/en/elasticsearch/reference/8.19/modules-network.html#network-interface-values). | `'_local_'` |
 | `elasticsearch__node_attributes` | Dictionary of custom node attributes. Can be used for shard allocation awareness. Each attribute identifies a node's physical location or characteristic. | `{}` |
 | `elasticsearch__node_name` | A descriptive name for the node | `'{{ ansible_facts["nodename"] }}'` |
@@ -230,6 +231,7 @@ elasticsearch__discovery_seed_hosts:
   - 'node3.example.com:9301'
 elasticsearch__http_cert: '{{ lookup("ansible.builtin.file", "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/etc/elasticsearch/certs/http.crt") }}'
 elasticsearch__http_key: '{{ lookup("ansible.builtin.file", "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/etc/elasticsearch/certs/http.key") }}'
+elasticsearch__log4j2_retention_days: 7
 elasticsearch__network_host: '0.0.0.0'
 elasticsearch__network_host: '_local_'  # or '127.0.0.1' for single node
 elasticsearch__node_attributes:

roles/elasticsearch/defaults/main.yml

@@ -25,6 +25,7 @@ elasticsearch__node_attributes: {}
 elasticsearch__node_name: '{{ ansible_facts["nodename"] }}'
 elasticsearch__path_data: '/var/lib/elasticsearch'
 elasticsearch__path_repos: []
+elasticsearch__log4j2_retention_days: 3
 elasticsearch__service_enabled: true
 elasticsearch__service_state: 'started'
 

roles/elasticsearch/tasks/main.yml

@@ -117,6 +117,23 @@
     vars:
       shared__remove_rpmnew_rpmsave_config_file: '/etc/elasticsearch/elasticsearch.yml'
 
+  - name: 'deploy /etc/elasticsearch/log4j2.properties'
+    ansible.builtin.template:
+      src: 'etc/elasticsearch/log4j2.properties.j2'
+      dest: '/etc/elasticsearch/log4j2.properties'
+      owner: 'root'
+      group: 'elasticsearch'
+      mode: 0o660
+      backup: true
+    notify: 'elasticsearch: restart elasticsearch'
+
+  - name: 'Remove rpmnew / rpmsave (and Debian equivalents)'
+    ansible.builtin.include_role:
+      name: 'shared'
+      tasks_from: 'remove-rpmnew-rpmsave.yml'
+    vars:
+      shared__remove_rpmnew_rpmsave_config_file: '/etc/elasticsearch/log4j2.properties'
+
   - name: 'deploy {{ __elasticsearch__sysconfig_file_path }}'
     ansible.builtin.template:
       src: 'etc/sysconfig/elasticsearch.j2'