mastodon: Fix elasticsearch container

roles/mastodon/defaults/main.yml

@@ -47,6 +47,9 @@ mastodon_config:
   smtp_from_address: mastodon@example.com
   enable_elasticsearch: false
 
+# Should we automatically adjust the needed sysctl setting for vm.max_map_count?
+mastodon_elasticsearch_adjust_sysctl: true
+
 # Container versions
 # renovate: depName=docker.io/tootsuite/mastodon
 mastodon_version: 4.0.2
@@ -54,8 +57,8 @@ mastodon_version: 4.0.2
 mastodon_database_version: 15.1
 # renovate: depName=docker.io/library/redis
 mastodon_redis_version: 7.0
-# renovate: depName=docker.elastic.co/elasticsearch/elasticsearch-oss
-mastodon_elasticsearch_version: 7.14.1
+# renovate: depName=docker.elastic.co/elasticsearch/elasticsearch
+mastodon_elasticsearch_version: 7.17.8
 
 # Container tag definitions
 mastodon_image_version: "v{{ mastodon_version }}"

roles/mastodon/tasks/main.yml

@@ -56,6 +56,26 @@
     - "{{ mastodon_nginx_location }}"
   become: true
 
+- name: Adjust elasticsearch directory permissions
+  ansible.builtin.file:
+    path: "{{ mastodon_elastic_location }}"
+    state: directory
+    setype: "container_file_t"
+    mode: '0750'
+    owner: 1000
+    group: 'root'
+  become: true
+
+- name: Adjust sysctl settings for elasticsearch
+  ansible.posix.sysctl:
+    name: vm.max_map_count
+    value: '262144'
+    state: present
+  when:
+    - mastodon_config.enable_elasticsearch is defined and mastodon_config.enable_elasticsearch
+    - mastodon_elasticsearch_adjust_sysctl
+  become: true
+
 - name: Create public data directory
   ansible.builtin.file:
     path: "{{ mastodon_public_location }}/system"

roles/mastodon/templates/docker-compose.yml

@@ -17,7 +17,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-version: '2'
+version: '2.1'
 services:
   nginx:
     image: docker.io/library/nginx:alpine
@@ -80,15 +80,32 @@ services:
 {% if mastodon_config.enable_elasticsearch is defined and mastodon_config.enable_elasticsearch %}
   es:
     restart: always
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:{{ mastodon_elasticsearch_image_version }}
+    image: docker.elastic.co/elasticsearch/elasticsearch:{{ mastodon_elasticsearch_image_version }}
     mem_limit: 724mb
     memswap_limit: 780mb
     environment:
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m -Des.enforce.bootstrap.checks=true"
+      - "xpack.license.self_generated.type=basic"
+      - "xpack.security.enabled=false"
+      - "xpack.watcher.enabled=false"
+      - "xpack.graph.enabled=false"
+      - "xpack.ml.enabled=false"
+      - "bootstrap.memory_lock=true"
+      - "cluster.name=es-mastodon"
+      - "discovery.type=single-node"
+      - "thread_pool.write.queue_size=1000"
+      - "ingest.geoip.downloader.enabled=false"
     networks:
       backend:
     healthcheck:
       test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
     volumes:
       - {{ mastodon_elastic_location }}:/usr/share/elasticsearch/data
 {% endif %}