feat(edge_vps): add Elastic Agent setup task and templates

roles/edge_vps/tasks/50_elastic_agent.yaml

@@ -0,0 +1,29 @@
+---
+- name: Deploy Elastic Agent config
+  ansible.builtin.template:
+    src: elastic-agent/elastic-agent.yml.j2
+    dest: "{{ edge_vps_elastic_config_dir }}/elastic-agent.yml"
+    mode: "0644"
+
+- name: Deploy Elastic Agent docker-compose
+  ansible.builtin.template:
+    src: elastic-agent/docker-compose.yml.j2
+    dest: "{{ edge_vps_elastic_config_dir }}/docker-compose.yml"
+    mode: "0644"
+
+- name: Deploy Elasticsearch CA certificate
+  ansible.builtin.copy:
+    src: elastic-agent/elasticsearch-ca.crt
+    dest: "{{ edge_vps_elastic_config_dir }}/elasticsearch-ca.crt"
+    mode: "0644"
+
+- name: Deploy Fleet CA certificate
+  ansible.builtin.copy:
+    src: elastic-agent/fleet-ca.crt
+    dest: "{{ edge_vps_elastic_config_dir }}/fleet-ca.crt"
+    mode: "0644"
+
+- name: Start Elastic Agent
+  community.docker.docker_compose_v2:
+    project_src: "{{ edge_vps_elastic_config_dir }}"
+    state: present

roles/edge_vps/templates/elastic-agent/docker-compose.yml.j2

@@ -0,0 +1,42 @@
+services:
+  elastic-agent:
+    image: docker.elastic.co/elastic-agent/elastic-agent:{{ edge_vps_elastic_version }}
+    container_name: elastic-agent
+    restart: always
+    network_mode: host
+    dns:
+      - {{ edge_vps_elastic_dns_server }}
+    dns_search:
+      - elastic-system.svc.cluster.local
+      - svc.cluster.local
+      - cluster.local
+    user: "0:0"
+    privileged: true
+    entrypoint: ["/usr/bin/env", "bash", "-c"]
+    command:
+      - |
+        set -e
+        if [[ -f /mnt/elastic-internal/elasticsearch-association/elastic-system/elasticsearch/certs/ca.crt ]]; then
+          if [[ -f /usr/bin/update-ca-trust ]]; then
+            cp /mnt/elastic-internal/elasticsearch-association/elastic-system/elasticsearch/certs/ca.crt /etc/pki/ca-trust/source/anchors/
+            /usr/bin/update-ca-trust
+          elif [[ -f /usr/sbin/update-ca-certificates ]]; then
+            cp /mnt/elastic-internal/elasticsearch-association/elastic-system/elasticsearch/certs/ca.crt /usr/local/share/ca-certificates/
+            /usr/sbin/update-ca-certificates
+          fi
+        fi
+        exec /usr/bin/tini -- /usr/local/bin/docker-entrypoint -e -c /etc/agent/elastic-agent.yml
+    environment:
+      - FLEET_CA=/mnt/elastic-internal/fleetserver-association/elastic-system/fleet-server/certs/ca.crt
+      - FLEET_ENROLL=true
+      - FLEET_ENROLLMENT_TOKEN={{ vault_edge_vps.elastic.fleet_enrollment_token }}
+      - FLEET_URL={{ edge_vps_elastic_fleet_url }}
+      - STATE_PATH=/usr/share/elastic-agent/state
+      - CONFIG_PATH=/usr/share/elastic-agent/state
+      - NODE_NAME={{ inventory_hostname }}
+    volumes:
+      - {{ edge_vps_elastic_state_dir }}:/usr/share/elastic-agent/state
+      - ./elastic-agent.yml:/etc/agent/elastic-agent.yml:ro
+      - ./elasticsearch-ca.crt:/mnt/elastic-internal/elasticsearch-association/elastic-system/elasticsearch/certs/ca.crt:ro
+      - ./fleet-ca.crt:/mnt/elastic-internal/fleetserver-association/elastic-system/fleet-server/certs/ca.crt:ro
+      - {{ edge_vps_traefik_logs_dir }}:/var/log/traefik:ro

roles/edge_vps/templates/elastic-agent/elastic-agent.yml.j2

@@ -0,0 +1,2 @@
+fleet:
+  enabled: true