diff --git a/.ci/jobs/defaults.yml b/.ci/jobs/defaults.yml index 0a39d45a..9e55507a 100644 --- a/.ci/jobs/defaults.yml +++ b/.ci/jobs/defaults.yml @@ -12,12 +12,6 @@ logrotate: daysToKeep: 30 numToKeep: 100 - parameters: - - string: - name: branch_specifier - default: master - description: the Git branch specifier to build (<branchName>, <tagName>, - <commitId>, etc.) properties: - github: url: https://github.com/elastic/ansible-elasticsearch/ @@ -35,26 +29,27 @@ url: git@github.com:elastic/ansible-elasticsearch.git basedir: elasticsearch wipe-workspace: 'False' - axes: - - axis: - type: slave - name: label - values: - - linux - - axis: - name: VERSION - filename: elasticsearch/test/matrix.yml - type: yaml - - axis: - name: OS - filename: elasticsearch/test/matrix.yml - type: yaml - - axis: - name: TEST_TYPE - filename: elasticsearch/test/matrix.yml - type: yaml vault: role_id: cff5d4e0-61bf-2497-645f-fcf019d10c13 + builders: + - shell: |- + #!/usr/local/bin/runbld + set -euo pipefail + + export RBENV_VERSION='2.5.7' + export PATH="$HOME/.rbenv/bin:$PATH" + eval "$(rbenv init -)" + rbenv local $RBENV_VERSION + + export ES_XPACK_LICENSE_FILE="$(pwd)/license.json" + echo "Getting xpack_license from secrets service" + set +x + VAULT_TOKEN=$( curl -s -X POST -H "Content-Type: application/json" -L -d "{\"role_id\":\"$VAULT_ROLE_ID\",\"secret_id\":\"$VAULT_SECRET_ID\"}" $VAULT_ADDR/v1/auth/approle/login | jq -r '.auth.client_token' ) + curl -s -L -H "X-Vault-Token:$VAULT_TOKEN" $VAULT_ADDR/v1/secret/devops-ci/ansible-elasticsearch/xpack_license | jq -r '.data.value' > ${ES_XPACK_LICENSE_FILE} + set -x + echo "Finished getting xpack_license from secrets service" + make setup + make verify VERSION=$VERSION PATTERN=$TEST_TYPE-$OS wrappers: - ansicolor - timeout: @@ -62,4 +57,3 @@ timeout: 360 fail: true - timestamps - diff --git a/.ci/jobs/elastic+ansible-elasticsearch+main-6x.yml b/.ci/jobs/elastic+ansible-elasticsearch+main-6x.yml new file mode 100644 index 00000000..4b73d884 --- /dev/null +++ b/.ci/jobs/elastic+ansible-elasticsearch+main-6x.yml @@ -0,0 +1,39 @@ +--- +- job: + name: elastic+ansible-elasticsearch+main-6x + display-name: elastic / ansible-elasticsearch - main - 6.x + description: Main branch testing with test kitchen for Elasticsearch 6.x + parameters: + - string: + name: branch_specifier + default: main + description: the Git branch specifier to build (<branchName>, <tagName>, + <commitId>, etc.) + - string: + name: VERSION + default: 6.x + description: Elasticsearch major version + axes: + - axis: + type: slave + name: label + values: + - linux + - axis: + name: OS + filename: elasticsearch/test/matrix-6x.yml + type: yaml + - axis: + name: TEST_TYPE + filename: elasticsearch/test/matrix-6x.yml + type: yaml + triggers: + - timed: H H(02-04) * * * + publishers: + - slack: + notify-back-to-normal: True + notify-every-failure: True + room: infra-release-notify + team-domain: elastic + auth-token-id: release-slack-integration-token + auth-token-credential-id: release-slack-integration-token diff --git a/.ci/jobs/elastic+ansible-elasticsearch+main.yml b/.ci/jobs/elastic+ansible-elasticsearch+main.yml new file mode 100644 index 00000000..f4848d2a --- /dev/null +++ b/.ci/jobs/elastic+ansible-elasticsearch+main.yml @@ -0,0 +1,39 @@ +--- +- job: + name: elastic+ansible-elasticsearch+main + display-name: elastic / ansible-elasticsearch - main + description: Main branch testing with test kitchen + parameters: + - string: + name: branch_specifier + default: main + description: the Git branch specifier to build (<branchName>, <tagName>, + <commitId>, etc.) + - string: + name: VERSION + default: 7.x + description: Elasticsearch major version + axes: + - axis: + type: slave + name: label + values: + - linux + - axis: + name: OS + filename: elasticsearch/test/matrix.yml + type: yaml + - axis: + name: TEST_TYPE + filename: elasticsearch/test/matrix.yml + type: yaml + triggers: + - timed: H H(02-04) * * * + publishers: + - slack: + notify-back-to-normal: True + notify-every-failure: True + room: infra-release-notify + team-domain: elastic + auth-token-id: release-slack-integration-token + auth-token-credential-id: release-slack-integration-token diff --git a/.ci/jobs/elastic+ansible-elasticsearch+master.yml b/.ci/jobs/elastic+ansible-elasticsearch+master.yml deleted file mode 100644 index cb76aba4..00000000 --- a/.ci/jobs/elastic+ansible-elasticsearch+master.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- job: - name: elastic+ansible-elasticsearch+master - display-name: elastic / ansible-elasticsearch - master - description: Master branch testing with test kitchen - triggers: - - timed: H H(02-04) * * * - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - export RBENV_VERSION='2.5.7' - export PATH="$HOME/.rbenv/bin:$PATH" - eval "$(rbenv init -)" - rbenv local $RBENV_VERSION - - export ES_XPACK_LICENSE_FILE="$(pwd)/license.json" - echo "Getting xpack_license from secrets service" - set +x - VAULT_TOKEN=$( curl -s -X POST -H "Content-Type: application/json" -L -d "{\"role_id\":\"$VAULT_ROLE_ID\",\"secret_id\":\"$VAULT_SECRET_ID\"}" $VAULT_ADDR/v1/auth/approle/login | jq -r '.auth.client_token' ) - curl -s -L -H "X-Vault-Token:$VAULT_TOKEN" $VAULT_ADDR/v1/secret/devops-ci/ansible-elasticsearch/xpack_license | jq -r '.data.value' > ${ES_XPACK_LICENSE_FILE} - set -x - echo "Finished getting xpack_license from secrets service" - make setup - make verify VERSION=$VERSION PATTERN=$TEST_TYPE-$OS - publishers: - - slack: - notify-back-to-normal: True - notify-every-failure: True - room: infra-release-notify - team-domain: elastic - auth-token-id: release-slack-integration-token - auth-token-credential-id: release-slack-integration-token diff --git a/.ci/jobs/elastic+ansible-elasticsearch+pull-request-6x.yml b/.ci/jobs/elastic+ansible-elasticsearch+pull-request-6x.yml new file mode 100644 index 00000000..e8a4cacd --- /dev/null +++ b/.ci/jobs/elastic+ansible-elasticsearch+pull-request-6x.yml @@ -0,0 +1,37 @@ +--- +- job: + name: elastic+ansible-elasticsearch+pull-request-6x + display-name: elastic / ansible-elasticsearch - pull-request - 6.x + description: Pull request testing with test kitchen for Elasticsearch 6.x + parameters: + - string: + name: VERSION + default: 6.x + description: Elasticsearch major version + scm: + - git: + branches: + - $ghprbActualCommit + refspec: +refs/pull/*:refs/remotes/origin/pr/* + axes: + - axis: + type: slave + name: label + values: + - linux + - axis: + name: OS + filename: elasticsearch/test/matrix-6x.yml + type: yaml + - axis: + name: TEST_TYPE + filename: elasticsearch/test/matrix-6x.yml + type: yaml + triggers: + - github-pull-request: + github-hooks: true + org-list: + - elastic + allow-whitelist-orgs-as-admins: true + cancel-builds-on-update: true + status-context: devops-ci diff --git a/.ci/jobs/elastic+ansible-elasticsearch+pull-request.yml b/.ci/jobs/elastic+ansible-elasticsearch+pull-request.yml index 166c43ad..f11c5db4 100644 --- a/.ci/jobs/elastic+ansible-elasticsearch+pull-request.yml +++ b/.ci/jobs/elastic+ansible-elasticsearch+pull-request.yml @@ -3,8 +3,25 @@ name: elastic+ansible-elasticsearch+pull-request display-name: elastic / ansible-elasticsearch - pull-request description: Pull request testing with test kitchen - project-type: matrix - parameters: [] + parameters: + - string: + name: VERSION + default: 7.x + description: Elasticsearch major version + axes: + - axis: + type: slave + name: label + values: + - linux + - axis: + name: OS + filename: elasticsearch/test/matrix.yml + type: yaml + - axis: + name: TEST_TYPE + filename: elasticsearch/test/matrix.yml + type: yaml scm: - git: branches: @@ -18,22 +35,3 @@ allow-whitelist-orgs-as-admins: true cancel-builds-on-update: true status-context: devops-ci - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - export RBENV_VERSION='2.5.7' - export PATH="$HOME/.rbenv/bin:$PATH" - eval "$(rbenv init -)" - rbenv local $RBENV_VERSION - - export ES_XPACK_LICENSE_FILE="$(pwd)/license.json" - echo "Getting xpack_license from secrets service" - set +x - VAULT_TOKEN=$( curl -s -X POST -H "Content-Type: application/json" -L -d "{\"role_id\":\"$VAULT_ROLE_ID\",\"secret_id\":\"$VAULT_SECRET_ID\"}" $VAULT_ADDR/v1/auth/approle/login | jq -r '.auth.client_token' ) - curl -s -L -H "X-Vault-Token:$VAULT_TOKEN" $VAULT_ADDR/v1/secret/devops-ci/ansible-elasticsearch/xpack_license | jq -r '.data.value' > ${ES_XPACK_LICENSE_FILE} - set -x - echo "Finished getting xpack_license from secrets service" - make setup - make verify VERSION=$VERSION PATTERN=$TEST_TYPE-$OS diff --git a/.github/issue_template.md b/.github/issue_template.md index 2609e628..ef515861 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -24,7 +24,7 @@ Issues that do not follow these guidelines are likely to be closed. **Elasticsearch version** -**Role version**: (If using master please specify github sha) +**Role version**: (If using main please specify github sha) **JVM version** (`java -version`): diff --git a/.kitchen.yml b/.kitchen.yml index da58756c..15af7cfd 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -2,6 +2,9 @@ driver: name: docker +transport: + max_ssh_sessions: 6 + provisioner: name: ansible_playbook hosts: localhost @@ -19,13 +22,10 @@ provisioner: extra_vars: es_major_version: "<%= ENV['VERSION'] %>" <% if ENV['VERSION'] == '6.x' %> - es_version: '6.8.12' + es_version: '6.8.23' <% end %> <% end %> -transport: - max_ssh_sessions: 6 - platforms: - name: ubuntu-14.04 driver_config: @@ -57,7 +57,18 @@ platforms: image: ubuntu:18.04 privileged: true provision_command: - - apt-get install -y -q ansible iproute2 python-jmespath + - apt-get update -q && apt-get install -y -q ansible iproute2 python-jmespath + use_sudo: false + volume: + - <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json + - /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers + run_command: "/sbin/init" + - name: ubuntu-20.04 + driver_config: + image: ubuntu:20.04 + privileged: true + provision_command: + - apt-get update -q && apt-get install -y -q ansible gpg iproute2 python3-jmespath use_sudo: false volume: - <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json @@ -120,6 +131,18 @@ platforms: run_command: "/usr/sbin/init" privileged: true use_sudo: false + - name: centos-8 + driver_config: + image: centos:8 + provision_command: + - yum -y install epel-release + - yum -y install ansible iproute python3-jmespath + volume: + - <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json + - /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers + run_command: "/usr/sbin/init" + privileged: true + use_sudo: false - name: amazonlinux-2 driver_config: image: amazonlinux:2 @@ -134,31 +157,39 @@ platforms: use_sudo: false suites: + - name: custom-config + provisioner: + idempotency_test: true + playbook: test/integration/custom-config.yml + - name: default + provisioner: + playbook: test/integration/default.yml + idempotency_test: true + - name: license + provisioner: + playbook: test/integration/license.yml + idempotency_test: true - name: oss provisioner: idempotency_test: true playbook: test/integration/oss.yml - - name: oss-upgrade + - name: oss-to-default-upgrade provisioner: - playbook: test/integration/oss-upgrade.yml + playbook: test/integration/oss-to-default-upgrade.yml idempotency_test: false - - name: oss-to-xpack-upgrade + - name: oss-upgrade provisioner: - playbook: test/integration/oss-to-xpack-upgrade.yml + playbook: test/integration/oss-upgrade.yml idempotency_test: false - - name: xpack + - name: security provisioner: - playbook: test/integration/xpack.yml + playbook: test/integration/security.yml idempotency_test: true - - name: xpack-upgrade - provisioner: - playbook: test/integration/xpack-upgrade.yml - idempotency_test: false - - name: issue-test + - name: trial provisioner: - playbook: test/integration/issue-test.yml - idempotency_test: false - - name: xpack-upgrade-trial + playbook: test/integration/trial.yml + idempotency_test: false # es_xpack_trial is not idempotent currently + - name: upgrade provisioner: - playbook: test/integration/xpack-upgrade-trial.yml + playbook: test/integration/upgrade.yml idempotency_test: false diff --git a/CHANGELOG.md b/CHANGELOG.md index 417314af..efa5c6d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,220 @@ # Changelog +## 7.17.0 + +* 7.17.0 as default version. + + +| PR | Author | Title | +| --- | --- | --- | +| [#845](https://github.com/elastic/ansible-elasticsearch/pull/845) | [@jmlrt](https://github.com/jmlrt) | Remove CentOS 8 tests | + + +## 7.16.3 + +* 7.16.3 as default version. +* 6.8.23 as 6.x tested version + +## 7.16.2 + +* 7.16.2 as default version. +* 6.8.22 as 6.x tested version + +## 7.16.1 + +* 7.16.1 as default version. +* 6.8.21 as 6.x tested version + + +| PR | Author | Title | +| --- | --- | --- | +| [#838](https://github.com/elastic/ansible-elasticsearch/pull/838) | [@mgreau](https://github.com/mgreau) | Add warning message about 8.x versions | +| [#830](https://github.com/elastic/ansible-elasticsearch/pull/830) | [@bfontaine](https://github.com/bfontaine) | README: fix link to ES licensing change blog post | +| [#831](https://github.com/elastic/ansible-elasticsearch/pull/831) | [@gaima8](https://github.com/gaima8) | command necessarily causes a change on each invocation breaking idempotency, wait_for accomplishes the same goal without the change | +| [#833](https://github.com/elastic/ansible-elasticsearch/pull/833) | [@Pablohn26](https://github.com/Pablohn26) | Fix broken link | + + +## 7.16.0 + +* 7.16.0 as default version. + + +| PR | Author | Title | +| --- | --- | --- | +| [#835](https://github.com/elastic/ansible-elasticsearch/pull/835) | [@jmlrt](https://github.com/jmlrt) | Remove Ubuntu 14.04 support | +| [#825](https://github.com/elastic/ansible-elasticsearch/pull/825) | [@darxriggs](https://github.com/darxriggs) | Remove duplicate entry from YAML | +| [#828](https://github.com/elastic/ansible-elasticsearch/pull/828) | [@ygel](https://github.com/ygel) | Rename master - main | + + +## 7.15.1 + +* 7.15.1 as default version. + +## 7.15.0 + +* 7.15.0 as default version. + +## 7.14.0 + +* 7.14.0 as default version. +* 6.8.18 as 6.x tested version + +## 7.13.4 + +* 7.13.4 as default version. + +## 7.13.3 + +* 7.13.3 as default version. +* 6.8.17 as 6.x tested version + + +| PR | Author | Title | +| --- | --- | --- | +| [#800](https://github.com/elastic/ansible-elasticsearch/pull/800) | [@chuckmilam](https://github.com/chuckmilam) | Minor correction for readability. | + + +## 7.13.2 + +* 7.13.2 as default version. + +## 7.13.1 + +* 7.13.1 as default version. + +## 7.13.0 + +* 7.13.0 as default version. +* 6.8.16 as 6.x tested version + + +| PR | Author | Title | +| --- | --- | --- | +| [#796](https://github.com/elastic/ansible-elasticsearch/pull/796) | [@jmlrt](https://github.com/jmlrt) | Fails deployment when using tls without security | +| [#745](https://github.com/elastic/ansible-elasticsearch/pull/745) | [@v1v](https://github.com/v1v) | Support ubuntu-20 | + + +## 7.12.1 + +* 7.12.1 as default version. + + +| PR | Author | Title | +| --- | --- | --- | +| [#793](https://github.com/elastic/ansible-elasticsearch/pull/793) | [@jmlrt](https://github.com/jmlrt) | [meta] update ubuntu-1804 during kitchen provisioning | +| [#787](https://github.com/elastic/ansible-elasticsearch/pull/787) | [@tobiashuste](https://github.com/tobiashuste) | Stop plugin install to fail in check mode | + + +## 7.12.0 + +* 7.12.0 as default version. +* 6.8.15 as 6.x tested version + + +| PR | Author | Title | +| --- | --- | --- | +| [#789](https://github.com/elastic/ansible-elasticsearch/pull/789) | [@jmlrt](https://github.com/jmlrt) | Use ES_JAVA_HOME instead of JAVA_HOME | +| [#788](https://github.com/elastic/ansible-elasticsearch/pull/788) | [@jmlrt](https://github.com/jmlrt) | Fix deb and rpm url | +| [#784](https://github.com/elastic/ansible-elasticsearch/pull/784) | [@jmlrt](https://github.com/jmlrt) | [meta] fix changelog after 7.11.2 release | + + +## 7.11.2 + +* 7.11.2 as default version. + +| PR | Author | Title | +| --- | --- | --- | +| [#771](https://github.com/elastic/ansible-elasticsearch/pull/771) | [@Bernhard-Fluehmann](https://github.com/Bernhard-Fluehmann) | Cleanup remove keystore entries | +| [#782](https://github.com/elastic/ansible-elasticsearch/pull/782) | [@kuops](https://github.com/kuops) | Fix README.md Multi Node Server Installations | +| [#777](https://github.com/elastic/ansible-elasticsearch/pull/777) | [@DanRoscigno](https://github.com/DanRoscigno) | Update ssl-tls-setup.md | + + +## 7.11.1 + +* 7.11.1 as default version. +* 6.8.14 as 6.x tested version + +| PR | Author | Title | +|-------------------------------------------------------------------|--------------------------------------------------------------|------------------------------------------------| +| [#760](https://github.com/elastic/ansible-elasticsearch/pull/760) | [@jmlrt](https://github.com/jmlrt) | Add dedicated CI jobs for 6.x | +| [#761](https://github.com/elastic/ansible-elasticsearch/pull/761) | [@rubarclk](https://github.com/rubarclk) | Fix Elasticsearch 7.x deb url | +| [#769](https://github.com/elastic/ansible-elasticsearch/pull/769) | [@Bernhard-Fluehmann](https://github.com/Bernhard-Fluehmann) | Add support for elasticsearch-keystore entries | +| [#765](https://github.com/elastic/ansible-elasticsearch/pull/765) | [@jmlrt](https://github.com/jmlrt) | Refactor Kitchen tests | +| [#770](https://github.com/elastic/ansible-elasticsearch/pull/770) | [@jmlrt](https://github.com/jmlrt) | Remove OSS support for version >= 7.11.0 | +| [#779](https://github.com/elastic/ansible-elasticsearch/pull/779) | [@jmlrt](https://github.com/jmlrt) | Fix "list native roles" task | + + +## 7.10.2 + +* 7.10.2 as default version. + + +| PR | Author | Title | +| --- | --- | --- | +| [#753](https://github.com/elastic/ansible-elasticsearch/pull/753) | [@jmlrt](https://github.com/jmlrt) | Fix java install path when system has multiple java | + + +## 7.10.1 + +* 7.10.1 as default version. + + +| PR | Author | Title | +| --- | --- | --- | +| [#747](https://github.com/elastic/ansible-elasticsearch/pull/747) | [@fourstepper](https://github.com/fourstepper) | Fix idempotency for both supported CentOS versions | +| [#744](https://github.com/elastic/ansible-elasticsearch/pull/744) | [@v1v](https://github.com/v1v) | Support CentOS 8 | +| [#736](https://github.com/elastic/ansible-elasticsearch/pull/736) | [@jmlrt](https://github.com/jmlrt) | Fix test-kitchen net-scp-error | + + +## 7.10.0 + +* 7.10.0 as default version. + + +| PR | Author | Title | +| --- | --- | --- | +| [#742](https://github.com/elastic/ansible-elasticsearch/pull/742) | [@jmlrt](https://github.com/jmlrt) | convert custom filter to python3 | +| [#741](https://github.com/elastic/ansible-elasticsearch/pull/741) | [@jmlrt](https://github.com/jmlrt) | [meta] clean deprecated bumper script | +| [#740](https://github.com/elastic/ansible-elasticsearch/pull/740) | [@jmlrt](https://github.com/jmlrt) | fix some typos | +| [#728](https://github.com/elastic/ansible-elasticsearch/pull/728) | [@smutel](https://github.com/smutel) | Improve the documentation for TLS | +| [#739](https://github.com/elastic/ansible-elasticsearch/pull/739) | [@0xflotus](https://github.com/0xflotus) | fix: small error | + + +## 7.9.3 + +* 7.9.3 as default version. +* 6.8.13 as 6.x tested version + +| PR | Author | Title | +| --- | --- | --- | +| [#727](https://github.com/elastic/ansible-elasticsearch/pull/727) | [@smutel](https://github.com/smutel) | Add an option to not upload SSL/TLS certs | +| [#726](https://github.com/elastic/ansible-elasticsearch/pull/726) | [@vielfarbig](https://github.com/vielfarbig) | Add note to only using es_data_dirs and es_log_dir for customizing th… | + + +## 7.9.2 - 2020/09/24 + +* 7.9.2 as default version + +| PR | Author | Title | +|-------------------------------------------------------------------|----------------------------------------|------------------------------------------| +| [#716](https://github.com/elastic/ansible-elasticsearch/pull/716) | [@lksnyder0](https://github.com/lksnyder0) | Use run_once for api related tasks | + +## 7.9.1 - 2020/09/03 + +* 7.9.1 as default version + +| PR | Author | Title | +|-------------------------------------------------------------------|----------------------------------------|------------------------------------------| +| [#701](https://github.com/elastic/ansible-elasticsearch/pull/701) | [@suramon](https://github.com/suramon) | Fix running ansible in check mode | +| [#703](https://github.com/elastic/ansible-elasticsearch/pull/703) | [@anisf](https://github.com/anisf) | Add amazonlinux2 support | +| [#705](https://github.com/elastic/ansible-elasticsearch/pull/705) | [@andzs](https://github.com/andzs) | Use sudo for users migration from <6.3.0 | + ## 7.9.0 - 2020/08/18 * 7.9.0 as default version * 6.8.12 as 6.x tested version + ## 7.8.1 - 2020/07/28 * 7.8.1 as default version @@ -136,7 +346,7 @@ You can now override the configuration files with your own versions by using the ### SSL/TLS Support -Ansible-elasticsearch is now supporting SSL/TLS encryption. Please refer to [X-Pack Security SSL/TLS](https://github.com/elastic/ansible-elasticsearch/blob/master/docs/ssl-tls-setup.md) to configure it. +Ansible-elasticsearch is now supporting SSL/TLS encryption. Please refer to [X-Pack Security SSL/TLS](https://github.com/elastic/ansible-elasticsearch/blob/main/docs/ssl-tls-setup.md) to configure it. | PR | Author | Title | |-------------------------------------------------------------------|------------------------------------------------|----------------------------------------------| diff --git a/Makefile b/Makefile index 8d28ebca..0de81fb1 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ default: build SHELL:=/bin/bash -eux export VERSION := 7.x -PATTERN := xpack-ubuntu-1604 +PATTERN := default-ubuntu-1804 .PHONY: converge verify test login destroy list diff --git a/README.md b/README.md index 774543ab..182cdaeb 100644 --- a/README.md +++ b/README.md @@ -1,28 +1,39 @@ +# ARCHIVED + +This project is no longer maintained. + +You are welcomed to keep using it and adapting it to work for your own needs, including with Elasticsearch [8.x](docs/8x-support.md). + +For alternative getting started experiences, you may want to try one of these options: + +- Start a [free trial on Elastic Cloud](https://www.elastic.co/cloud/elasticsearch-service/signup), our hosted service. +- Take a look at [Elastic Cloud on Kubernetes (ECK)](https://elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html) for launching the stack via Kubernetes. +- Read our [Running the Elastic Stack on Docker](https://www.elastic.co/guide/en/elastic-stack-get-started/current/get-started-docker.html) guide. +- Take a look at the [Elastic Stack Terraform provider.](https://github.com/elastic/terraform-provider-elasticstack) + # ansible-elasticsearch -[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+ansible-elasticsearch+master.svg)](https://devops-ci.elastic.co/job/elastic+ansible-elasticsearch+master/) [![Ansible Galaxy](https://img.shields.io/badge/ansible--galaxy-elastic.elasticsearch-blue.svg)](https://galaxy.ansible.com/elastic/elasticsearch/) -**THIS ROLE IS FOR 7.x & 6.x** -Ansible role for 7.x/6.x Elasticsearch. Currently this works on Debian and RedHat based linux systems. Tested platforms are: +**THIS ROLE IS FOR 7.x & 6.x**, but should still work with 8.x (see [note](docs/8x-support.md)). + +Ansible role for 7.x/6.x Elasticsearch - tests used to run and pass on the below platforms: -* Ubuntu 14.04 * Ubuntu 16.04 * Ubuntu 18.04 +* Ubuntu 20.04 * Debian 8 * Debian 9 * Debian 10 * CentOS 7 * Amazon Linux 2 -The latest Elasticsearch versions of 7.x & 6.x are actively tested. - ## BREAKING CHANGES ### Notice about multi-instance support -* If you use only one instance but want to upgrade from an older ansible-elasticsearch version, follow [upgrade procedure](https://github.com/elastic/ansible-elasticsearch/blob/master/docs/multi-instance.md#upgrade-procedure) -* If you install more than one instance of Elasticsearch on the same host (with different ports, directory and config files), **do not update to ansible-elasticsearch >= 7.1.1**, please follow this [workaround](https://github.com/elastic/ansible-elasticsearch/blob/master/docs/multi-instance.md#workaround) instead. +* If you use only one instance but want to upgrade from an older ansible-elasticsearch version, follow [upgrade procedure](https://github.com/elastic/ansible-elasticsearch/blob/main/docs/multi-instance.md#upgrade-procedure) +* If you install more than one instance of Elasticsearch on the same host (with different ports, directory and config files), **do not update to ansible-elasticsearch >= 7.1.1**, please follow this [workaround](https://github.com/elastic/ansible-elasticsearch/blob/main/docs/multi-instance.md#workaround) instead. * For multi-instances use cases, we are now recommending Docker containers using our official images (https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html). ### Removing the MAX_THREAD settings @@ -38,9 +49,19 @@ Ansible-elasticsearch 7.5.2 is updating the configuration files provided by this - `/etc/elasticsearch/jvm.options`: the new template reflect the configuration files provided by Elasticsearch >= 6.x - `/etc/elasticsearch/log4j2.properties`: - We removed `log4j2.properties.j2` template from this Ansible role as it was a static file not bringing any customization specific to some ansible variable. - - Deployment of this Ansible role on new servers will get the default `log4j2.properties` provided by Elastisearch without any override. + - Deployment of this Ansible role on new servers will get the default `log4j2.properties` provided by Elasticsearch without any override. - **WARNING**: For upgrade scenarios where this file was already managed by previous versions of ansible-elasticsearch, this file will become unmanaged and won't be updated by default. If you wish to update it to 7.5 version, you can retrieve it [here](https://github.com/elastic/elasticsearch/blob/7.5/distribution/src/config/log4j2.properties) and use this file with `es_config_log4j2` Ansible variable (see below). +### Removing OSS distribution for versions >= 7.11.0 + +Starting from Elasticsearch 7.11.0, OSS distributions will no longer be provided following the recent Elasticsearch license change. + +This Ansible role will fail if `oss_version` is set to `true` and `es_version` is greater than +`7.11.0`. + +See [Doubling down on open, Part II](https://www.elastic.co/blog/licensing-change) +blog post for more details. + #### How to override configuration files provided by ansible-elasticsearch? You can now override the configuration files with your own versions by using the following Ansible variables: @@ -57,7 +78,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,7.9.0 +ansible-galaxy install elastic.elasticsearch,v7.17.0 ``` Then create your playbook yaml adding the role elasticsearch. @@ -71,16 +92,16 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.9.0 + es_version: 7.17.0 ``` -The above installs Elasticsearch 7.9.0 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.17.0 in a single node 'node1' on the hosts 'localhost'. **Note**: -Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.9.0](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.12](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2). You can override this variable in your playbook to install another version. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.17.0](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2) and [6.8.23](https://github.com/elastic/ansible-elasticsearch/blob/main/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. -This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. +This role also uses [Ansible tags](https://docs.ansible.com/ansible/2.9/user_guide/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. ## Testing @@ -95,9 +116,9 @@ This playbook uses [Kitchen](https://kitchen.ci/) for CI and local testing. ### Running the tests -* Ensure you have checked out this repository to `elaticsearch`, not `ansible-elasticsearch`. -* If you don't have a Gold or Platinum license to test with you can run the trial versions of the `xpack-upgrade` and `issue-test` suites by appending `-trial` to the `PATTERN` variable. -* You may need to explicity specify `VERSION=7.x` if some suites are failing. +* Ensure you have checked out this repository to `elasticsearch`, not `ansible-elasticsearch`. +* If you don't have a Gold or Platinum license to test with you can run the trial versions of the `xpack-upgrade` suites by appending `-trial` to the `PATTERN` variable. +* You may need to explicitly specify `VERSION=7.x` if some suites are failing. Install the ruby dependencies with bundler @@ -127,7 +148,7 @@ $ make list The default test suite is Ubuntu 16.04 with X-Pack. If you want to test another suite you can override this with the `PATTERN` variable ```sh -$ make converge PATTERN=oss-centos-7 +$ make converge PATTERN=security-centos-7 ``` The `PATTERN` is a kitchen pattern which can match multiple suites. To run all tests for CentOS @@ -137,7 +158,7 @@ $ make converge PATTERN=centos-7 The default version is 7.x. If you want to test 6.x you can override it with the `VERSION` variable, for example: ```sh -$ make converge VERSION=6.x PATTERN=oss-centos-7 +$ make converge VERSION=6.x PATTERN=security-centos-7 ``` When you are finished testing you can clean up everything with @@ -186,7 +207,7 @@ Whilst the role installs Elasticsearch with the default configuration parameters The `network.publish_host` setting allows to control the host the node will publish itself within the cluster so other nodes will be able to connect to it. -See https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html for further details on default binding behaviour and available options. +See https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html for further details on default binding behavior and available options. The role makes no attempt to enforce the setting of these are requires users to specify them appropriately. It is recommended master nodes are listed and thus deployed first where possible. A more complex example: @@ -216,11 +237,13 @@ A more complex example: - plugin: ingest-attachment ``` -#### Important Note +#### Important Notes **The role uses es_api_host and es_api_port to communicate with the node for actions only achievable via http e.g. to install templates and to check the NODE IS ACTIVE. These default to "localhost" and 9200 respectively. If the node is deployed to bind on either a different host or port, these must be changed.** +**Only use es_data_dirs and es_log_dir for customizing the data and log dirs respectively. When using together with `es_config['path.data']` and `es_config['path.logs']` it would result in generating duplicate data- and logs-keys in `elasticsearch.yml` and thus let fail to start elasticsearch.** + ### Multi Node Server Installations The application of the elasticsearch role results in the installation of a node on a host. Specifying the role multiple times for a host therefore results in the installation of multiple nodes for the host. @@ -239,9 +262,12 @@ An example of a three server deployment is shown below. The first server holds cluster.name: "test-cluster" cluster.initial_master_nodes: "elastic02" discovery.seed_hosts: "elastic02:9300" + http.host: 0.0.0.0 http.port: 9200 node.data: false node.master: true + transport.host: 0.0.0.0 + transport.port: 9300 bootstrap.memory_lock: false es_plugins: - plugin: ingest-attachment @@ -256,9 +282,12 @@ An example of a three server deployment is shown below. The first server holds cluster.name: "test-cluster" cluster.initial_master_nodes: "elastic02" discovery.seed_hosts: "elastic02:9300" + http.host: 0.0.0.0 http.port: 9200 node.data: true node.master: false + transport.host: 0.0.0.0 + transport.port: 9300 bootstrap.memory_lock: false es_plugins: - plugin: ingest-attachment @@ -270,9 +299,12 @@ An example of a three server deployment is shown below. The first server holds es_config: cluster.name: "test-cluster" discovery.seed_hosts: "elastic02:9300" + http.host: 0.0.0.0 http.port: 9200 node.data: true node.master: false + transport.host: 0.0.0.0 + transport.port: 9300 bootstrap.memory_lock: false es_plugins: - plugin: ingest-attachment @@ -377,7 +409,7 @@ If you don't have a license you can enable the 30-day trial by setting `es_xpack X-Pack configuration parameters can be added to the elasticsearch.yml file using the normal `es_config` parameter. -For a full example see [here](https://github.com/elastic/ansible-elasticsearch/blob/master/test/integration/xpack-upgrade.yml) +For a full example see [here](https://github.com/elastic/ansible-elasticsearch/blob/main/test/integration/xpack-upgrade.yml) #### Important Note for Native Realm Configuration @@ -390,16 +422,16 @@ These can either be set to a user declared in the file based realm, with admin p #### X-Pack Security SSL/TLS -* To configure your cluster with SSL/TLS for HTTP and/or transport communications follow the [SSL/TLS setup procedure](https://github.com/elastic/ansible-elasticsearch/blob/master/docs/ssl-tls-setup.md) +* To configure your cluster with SSL/TLS for HTTP and/or transport communications follow the [SSL/TLS setup procedure](https://github.com/elastic/ansible-elasticsearch/blob/main/docs/ssl-tls-setup.md) ### Additional Configuration -In addition to es_config, the following parameters allow the customization of the Java and Elasticsearch versions as well as the role behaviour. Options include: +In addition to es_config, the following parameters allow the customization of the Java and Elasticsearch versions as well as the role behavior. Options include: -* ```oss_version``` Default `false`. Setting this to `true` will install the oss release of elasticsearch +* ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.9.0"). +* ```es_version``` (e.g. "7.17.0"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. @@ -456,7 +488,27 @@ Both ```es_user_id``` and ```es_group_id``` must be set for the user and group i * ```es_restart_on_change``` - defaults to true. If false, changes will not result in Elasticsearch being restarted. * ```es_plugins_reinstall``` - defaults to false. If true, all currently installed plugins will be removed from a node. Listed plugins will then be re-installed. -This role ships with sample templates located in the [test/integration/files/templates-7.x](https://github.com/elastic/ansible-elasticsearch/tree/master/test/integration/files/templates-7.x) directory. `es_templates_fileglob` variable is used with the Ansible [with_fileglob](http://docs.ansible.com/ansible/playbooks_loops.html#id4) loop. When setting the globs, be sure to use an absolute path. +To add, update or remove elasticsearch.keystore entries, use the following variable: + +```yaml +# state is optional and defaults to present +es_keystore_entries: +- key: someKeyToAdd + value: someValue + state: present + +- key: someKeyToUpdate + value: newValue + # state: present + force: Yes + +- key: someKeyToDelete + state: absent +``` + + + +This role ships with sample templates located in the [test/integration/files/templates-7.x](https://github.com/elastic/ansible-elasticsearch/tree/main/test/integration/files/templates-7.x) directory. `es_templates_fileglob` variable is used with the Ansible [with_fileglob](http://docs.ansible.com/ansible/playbooks_loops.html#id4) loop. When setting the globs, be sure to use an absolute path. ### Proxy @@ -475,7 +527,7 @@ To define proxy globally, set the following variables: ## IMPORTANT NOTES RE PLUGIN MANAGEMENT -* If the ES version is changed, all plugins will be removed. Those listed in the playbook will be re-installed. This is behaviour is required in ES 6.x. +* If the ES version is changed, all plugins will be removed. Those listed in the playbook will be re-installed. This is behavior is required in ES 6.x. * If no plugins are listed in the playbook for a node, all currently installed plugins will be removed. * The role supports automatic detection of differences between installed and listed plugins - installing those listed but not installed, and removing those installed but not listed. Should users wish to re-install plugins they should set es_plugins_reinstall to true. This will cause all currently installed plugins to be removed and those listed to be installed. diff --git a/defaults/main.yml b/defaults/main.yml index 6a2aedf4..47c94790 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.9.0" +es_version: "7.17.0" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" @@ -26,6 +26,7 @@ es_config_jvm: "jvm.options.j2" #Need to provide default directories es_conf_dir: "/etc/elasticsearch" es_pid_dir: "/var/run/elasticsearch" +es_tmp_dir: "/tmp" es_data_dirs: - "/var/lib/elasticsearch" es_log_dir: "/var/log/elasticsearch" @@ -54,6 +55,7 @@ es_heap_dump_path: "/var/lib/elasticsearch" es_enable_auto_ssl_configuration: true es_enable_http_ssl: false es_enable_transport_ssl: false +es_ssl_upload: true es_ssl_keystore: "" es_ssl_keystore_password: "" es_ssl_truststore: "" diff --git a/docs/8x-support.md b/docs/8x-support.md new file mode 100644 index 00000000..9e8d9807 --- /dev/null +++ b/docs/8x-support.md @@ -0,0 +1,116 @@ +# 8.x support + +In [December 2021](https://github.com/elastic/ansible-elasticsearch/pull/838), we made the hard decision to deprecate this Ansible playbook without adding support for Elasticsearch 8.X. +We acknowledge the impact this has had on many developers and organizations, and while we are not reverting the decision, we decided to share some guidelines around how to proceed from here, for folks wanting to keep using this playbook with Elasticsearch 8.X. + +--- + +At a high level, this role is expected to work in most cases for fresh installs and upgrades from 7.17+ by only overriding the `es_version` variable as long as the security is enforced properly using the [SSL/TLS doc](ssl-tls-setup.md). + +1. install the last released version of the role from galaxy: `ansible-galaxy install elastic.elasticsearch,v7.17.0` + +2. copy the TLS PKCS12 keystore and truststore (https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html#security-http-pkcs12-files) + +3. write a minimal playbook to deploy 8.2.3 on localhost: +```yaml +- hosts: localhost + roles: + - elastic.elasticsearch + vars: + es_version: 8.2.3 + es_api_basic_auth_username: elastic + es_api_basic_auth_password: changeme + es_enable_http_ssl: true + es_enable_transport_ssl: true + es_ssl_keystore: "certs/keystore-password.p12" + es_ssl_truststore: "certs/truststore-password.p12" + es_ssl_keystore_password: password1 + es_ssl_truststore_password: password2 + es_validate_certs: no +``` + +4. deploy locally: `ansible-playbook es.yml` + +## Context for the below experiment + +The intent is to assess if the current playbook can still work with ES 8.X and what modifications may be needed. The testing was done on Ubuntu 20.04 and CentOS7 GCP VMs. + +The only code change done in the Ansible playbook was the override of the `es_version` variable. + +### What is working + +- ✅ Deploying a standalone Elasticsearch cluster in 8.2.3 with the security example playbook from 7.x: +- ✅ managing Elasticsearch users +- ✅ upgrading a 7.17.0 standalone cluster **with security already enabled** to 8.2.3 +- ✅ managing Elasticsearch license + +The below configuration was used in the tests + +```yaml +- hosts: localhost + roles: + - elastic.elasticsearch + vars: + es_config: + xpack.security.authc.realms.file.file1.order: 0 + es_api_basic_auth_username: elastic + es_api_basic_auth_password: changeme + es_api_sleep: 5 + es_enable_http_ssl: true + es_enable_transport_ssl: true + es_ssl_keystore: "test/integration/files/certs/keystore-password.p12" + es_ssl_truststore: "test/integration/files/certs/truststore-password.p12" + es_ssl_keystore_password: password1 + es_ssl_truststore_password: password2 + es_validate_certs: no + es_users: + file: + es_admin: + password: changeMe + roles: + - admin + testUser: + password: changeMeAlso! + roles: + - power_user + - user + es_roles: + file: + admin: + cluster: + - all + indices: + - names: '*' + privileges: + - all + power_user: + cluster: + - monitor + indices: + - names: '*' + privileges: + - all + user: + indices: + - names: '*' + privileges: + - read +``` + +### What is not working + +**Deploying an 8.X cluster with the default Ansible configuration (no security) will not work.** + +When runnin Elasticsearch 8.x outside of Ansible without any security configuration, Elasticsearch will autogenerate a security configuration and still activate security. +However, when you run Elasticsearch 8.x as part of the Ansible role without any security configuration, this will fail because the Ansible role will not be able to retrieve and use the autogenerated security configuration. + +To tackle this, you always have to specify your own security configuration based on the [SSL/TLS doc](ssl-tls-setup.md). + + +### What has not been tested + +**Deploying a 3 nodes cluster** + +When trying to deploy a 3 nodes clusters, the nodes seem to be configured successfully but they aren't able to communicate together with the test certificates (the ones used in automated standalone tests). It's highly likely that the problem lies with the tests certs themselves and not with the role. + +Should you be able to deploy a multi-node clusters, you will most likely have to change the configuration to use the new `node.roles` parameter ([example](https://github.com/elastic/ansible-elasticsearch/pull/772)) instead of the `node.master` and `node.data` (which got deprecated in 7.9, but the role never got [fixed](https://github.com/elastic/ansible-elasticsearch/issues/731). diff --git a/docs/ssl-tls-setup.md b/docs/ssl-tls-setup.md index a887e653..4eec7614 100644 --- a/docs/ssl-tls-setup.md +++ b/docs/ssl-tls-setup.md @@ -2,6 +2,8 @@ The role allows configuring HTTP and transport layer SSL/TLS for the cluster. You will need to generate and provide your own PKCS12 or PEM encoded certificates as described in [Encrypting communications in Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/7.4/configuring-tls.html#configuring-tls). +By default this role will upload the certs to your elasticsearch servers. If you already copied the certs by your own way, set `es_ssl_upload` to `false` (default: `true`) + If you don't want this role to add autogenerated SSL configuration to elasticsearch.yml set `es_enable_auto_ssl_configuration` to `false` (default: `true`). The following should be configured to ensure a security-enabled cluster successfully forms: @@ -66,13 +68,38 @@ $ bin/elasticsearch-certutil cert --ca ./my-ca.p12 --out ./my-keystore.p12 --pas xpack.security.authc.realms.file.file1.order: 0 xpack.security.authc.realms.native.native1.order: 1 es_heap_size: 1g - es_api_basic_auth_username: elastic - es_api_basic_auth_password: changeme + es_api_basic_auth_username: "elastic" # This is the default user created by the installation of elasticsearch + es_api_basic_auth_password: "changeme" # This is the default password created by the installation of elasticsearch es_enable_http_ssl: true es_enable_transport_ssl: true es_ssl_keystore: "files/certs/my-keystore.p12" - es_ssl_truststore: "files/certs/my-truststore.p12" + es_ssl_truststore: "files/certs/my-ca.p12" es_ssl_keystore_password: "keystore_password" - es_ssl_truststore_password: "truststore_password" + es_ssl_truststore_password: "ca_password" es_validate_certs: no ``` + +## Changing the default password of elastic user + +To change the default password of user elastic: + +* Add this line to your playbook: + +``` +vars: + es_api_basic_auth_username: "elastic" + es_api_basic_auth_password: "changeme" + es_users: + native: + elastic: + password: "" +``` + +* Deploy your playbook +* Update your playbook with: + +``` +vars: + es_api_basic_auth_username: "elastic" + es_api_basic_auth_password: "" +``` diff --git a/filter_plugins/custom.py b/filter_plugins/custom.py index 443627b0..ad13ab18 100644 --- a/filter_plugins/custom.py +++ b/filter_plugins/custom.py @@ -27,7 +27,7 @@ def array_to_str(values=[], separator=","): def extract_role_users(users={}, exclude_users=[]): role_users = [] - for user, details in users.items(): + for user, details in list(users.items()): if user not in exclude_users and "roles" in details: for role in details["roles"]: role_users.append(role + ":" + user) @@ -40,7 +40,7 @@ def filename(filename=""): def remove_reserved(user_roles={}): not_reserved = [] - for user_role, details in user_roles.items(): + for user_role, details in list(user_roles.items()): if ( not "metadata" in details or not "_reserved" in details["metadata"] @@ -52,7 +52,7 @@ def remove_reserved(user_roles={}): def filter_reserved(users_role={}): reserved = [] - for user_role, details in users_role.items(): + for user_role, details in list(users_role.items()): if ( "metadata" in details and "_reserved" in details["metadata"] diff --git a/helpers/bumper.py b/helpers/bumper.py deleted file mode 100755 index da5c61b8..00000000 --- a/helpers/bumper.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env python3 -import fileinput -import os - -""" -This script is used to bump elasticsearch versions before a new release - -Usage: -- Change the values of `old_versions` and `new_versions`` -- Run the script: `./bumper.py` -- That's all -""" - -os.chdir(os.path.join(os.path.dirname(__file__), '..')) - -old_versions = { - 6: '6.8.11', - 7: '7.8.1', -} - -new_versions = { - 6: '6.8.12', - 7: '7.9.0', -} - -files = [ - 'README.md', - 'defaults/main.yml', - '.kitchen.yml', -] - -for major, version in old_versions.items(): - for file in files: - print(file) - for line in fileinput.input([file], inplace=True): - print(line.replace(version, new_versions[major]), end='') diff --git a/tasks/compatibility-variables.yml b/tasks/compatibility-variables.yml index 213d3668..fc9af088 100644 --- a/tasks/compatibility-variables.yml +++ b/tasks/compatibility-variables.yml @@ -3,8 +3,8 @@ # It is possible to set these are defaults with messy jinja templating one liners however: # 1. That is really hard to read and debug # 2. When running multiple plays with the same role the defaults are not re-evaluated. An example of this -# can be seen in our the https://github.com/elastic/ansible-elasticsearch/blob/master/test/integration/xpack.yml -# integration test and in the Multi Node server documentation examples https://github.com/elastic/ansible-elasticsearch/blob/master/test/integration/xpack.yml +# can be seen in our the https://github.com/elastic/ansible-elasticsearch/blob/main/test/integration/xpack.yml +# integration test and in the Multi Node server documentation examples https://github.com/elastic/ansible-elasticsearch/blob/main/test/integration/xpack.yml - name: Set backward compatibility for deprecated es_enable_xpack variable when: es_enable_xpack is defined and not es_enable_xpack block: diff --git a/tasks/elasticsearch-Debian.yml b/tasks/elasticsearch-Debian.yml index 50e1ae7e..f6e4c17c 100644 --- a/tasks/elasticsearch-Debian.yml +++ b/tasks/elasticsearch-Debian.yml @@ -102,13 +102,15 @@ selection: "hold" when: es_version_lock -- name: Debian - Download elasticsearch from url - get_url: url={% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_package_url }}-{{ es_version }}.deb{% endif %} dest=/tmp/elasticsearch-{{ es_version }}.deb validate_certs=no - when: not es_use_repository +# workaround due to https://github.com/ansible/ansible/issues/66977 +- set_fact: + es_deb_url: "{% if es_version is version('7.0.0', '>=') %}{{ es_package_url }}-{{ es_version }}-amd64.deb{% else %}{{ es_package_url }}-{{ es_version }}.deb{% endif %}" -- name: Debian - Ensure elasticsearch is installed from downloaded package +- name: Debian - Install Elasticsearch from url become: yes - apt: deb=/tmp/elasticsearch-{{ es_version }}.deb + apt: + deb: "{% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_deb_url }}{% endif %}" + state: present when: not es_use_repository register: elasticsearch_install_from_package notify: restart elasticsearch diff --git a/tasks/elasticsearch-RedHat-version-lock.yml b/tasks/elasticsearch-RedHat-version-lock.yml index 504f13c4..7835be42 100644 --- a/tasks/elasticsearch-RedHat-version-lock.yml +++ b/tasks/elasticsearch-RedHat-version-lock.yml @@ -8,7 +8,7 @@ - name: RedHat - check if requested elasticsearch version lock exists become: yes - shell: yum versionlock list | grep -c {{es_package_name}}-{{es_version}} + shell: 'yum versionlock list | grep {{es_package_name}} | grep -c "{{es_version}}"' register: es_requested_version_locked args: warn: false diff --git a/tasks/elasticsearch-RedHat.yml b/tasks/elasticsearch-RedHat.yml index f3ebc1ed..7d53fbf1 100644 --- a/tasks/elasticsearch-RedHat.yml +++ b/tasks/elasticsearch-RedHat.yml @@ -54,9 +54,15 @@ environment: ES_PATH_CONF: "{{ es_conf_dir }}" +# workaround due to https://github.com/ansible/ansible/issues/66977 +- set_fact: + es_rpm_url: "{% if es_version is version('7.0.0', '>=') %}{{ es_package_url }}-{{ es_version }}-x86_64.rpm{% else %}{{ es_package_url }}-{{ es_version }}.rpm{% endif %}" + - name: RedHat - Install Elasticsearch from url become: yes - yum: name={% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_package_url }}-{{ es_version }}.noarch.rpm{% endif %} state=present + yum: + name: '{% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_rpm_url }}{% endif %}' + state: present when: not es_use_repository register: elasticsearch_install_from_package notify: restart elasticsearch diff --git a/tasks/elasticsearch-parameters.yml b/tasks/elasticsearch-parameters.yml index 63693fc7..f79cc461 100644 --- a/tasks/elasticsearch-parameters.yml +++ b/tasks/elasticsearch-parameters.yml @@ -1,3 +1,4 @@ +--- # Check for mandatory parameters - name: Warn about deprecated es_xpack_features variable @@ -5,23 +6,36 @@ msg: "WARNING: es_xpack_features variable is now deprecated. All feature are now enabled by default" when: es_xpack_features is defined and not oss_version +- name: "fail when oss_version is true with es_version >= 7.11.0" + fail: + msg: > + OSS versions are not available for Elasticsearch >= 7.11.0. + See https://www.elastic.co/blog/licensing-change for more details. + when: oss_version and es_version is version('7.11.0', '>=') + - name: fail when es_proxy_port is not defined or is blank fail: msg="es_proxy_port must be specified and cannot be blank when es_proxy_host is defined" when: (es_proxy_port is not defined or es_proxy_port == '') and (es_proxy_host is defined and es_proxy_host != '') -#If the user attempts to lock memory they must specify a heap size +# If the user attempts to lock memory they must specify a heap size - name: fail when heap size is not specified when using memory lock fail: msg="If locking memory with bootstrap.memory_lock a heap size must be specified" when: es_config['bootstrap.memory_lock'] is defined and es_config['bootstrap.memory_lock'] == True and es_heap_size is not defined and not ansible_check_mode -#Check if working with security we have an es_api_basic_auth_username and es_api_basic_auth_username - otherwise any http calls wont work -- name: fail when api credentials are not declared when using security +- name: fail when password is not declared when using security fail: msg="Enabling security requires an es_api_basic_auth_username and es_api_basic_auth_password to be provided to allow cluster operations" when: - not oss_version - es_api_basic_auth_username is defined - es_api_basic_auth_password is not defined +- name: fail when api credentials are not declared when using tls + fail: msg="Enabling tls requires an es_api_basic_auth_username and es_api_basic_auth_password" + when: + - not oss_version + - es_enable_http_ssl or es_enable_transport_ssl + - es_api_basic_auth_username is not defined or es_api_basic_auth_password is not defined + - name: fail when ssl enabled without defining a key and certificate fail: msg="Enabling SSL/TLS (es_enable_http_ssl or es_enable_transport_ssl) requires es_ssl_keystore and es_ssl_truststore or es_ssl_key and es_ssl_certificate to be provided" when: @@ -35,7 +49,7 @@ - name: fail when changing users through file realm fail: - msg: "ERROR: INVALID CONFIG - YOU CANNOT CHANGE RESERVED USERS THROUGH THE FILE REALM. THE FOLLOWING CANNOT BE CHANGED: {{file_reserved_users}}. USE THE NATIVE REALM." + msg: "ERROR: INVALID CONFIG - YOU CANNOT CHANGE RESERVED USERS THROUGH THE FILE REALM. THE FOLLOWING CANNOT BE CHANGED: {{file_reserved_users}}. USE THE NATIVE REALM." when: file_reserved_users | default([]) | length > 0 - name: set fact m_lock_enabled diff --git a/tasks/elasticsearch-plugins.yml b/tasks/elasticsearch-plugins.yml index 7e1829a0..d96ac96e 100644 --- a/tasks/elasticsearch-plugins.yml +++ b/tasks/elasticsearch-plugins.yml @@ -67,7 +67,7 @@ become: yes command: "{{es_home}}/bin/elasticsearch-plugin install {{ item.url | default(item.plugin) }} --batch --silent" register: plugin_installed - changed_when: plugin_installed.rc == 0 + changed_when: plugin_installed.rc|default(0) == 0 with_items: "{{ es_plugins }}" when: item.plugin in plugins_to_install notify: restart elasticsearch @@ -75,6 +75,6 @@ CONF_DIR: "{{ es_conf_dir }}" ES_PATH_CONF: "{{ es_conf_dir }}" ES_INCLUDE: "{{ default_file }}" - until: plugin_installed.rc == 0 + until: plugin_installed.rc|default(0) == 0 retries: 5 delay: 5 diff --git a/tasks/elasticsearch-ssl.yml b/tasks/elasticsearch-ssl.yml index 2437f794..af5e15ba 100644 --- a/tasks/elasticsearch-ssl.yml +++ b/tasks/elasticsearch-ssl.yml @@ -7,7 +7,7 @@ set_fact: es_same_keystore=true when: es_ssl_keystore == es_ssl_truststore -- name: ensure certificate directory exists +- name: Ensure certificate directory exists become: yes file: dest: "{{ es_ssl_certificate_path }}" @@ -15,6 +15,7 @@ owner: root group: "{{ es_group }}" mode: "750" + when: es_ssl_upload - name: Upload SSL/TLS keystore become: yes @@ -24,7 +25,7 @@ owner: "{{ es_user }}" group: "{{ es_group }}" mode: "640" - when: es_ssl_keystore and es_ssl_truststore + when: es_ssl_upload and es_ssl_keystore and es_ssl_truststore notify: restart elasticsearch register: copy_keystore @@ -36,7 +37,7 @@ owner: "{{ es_user }}" group: "{{ es_group }}" mode: "640" - when: es_ssl_keystore and es_ssl_truststore + when: es_ssl_upload and es_ssl_keystore and es_ssl_truststore notify: restart elasticsearch register: copy_truststore @@ -51,7 +52,7 @@ with_items: - "{{ es_ssl_key }}" - "{{ es_ssl_certificate }}" - when: es_ssl_key and es_ssl_certificate + when: es_ssl_upload and es_ssl_key and es_ssl_certificate #Restart if these change notify: restart elasticsearch register: copy_certificates @@ -66,7 +67,7 @@ mode: "640" #Restart if this changes notify: restart elasticsearch - when: (es_ssl_certificate_authority is defined) and (es_ssl_certificate_authority|length > 0) + when: es_ssl_upload and (es_ssl_certificate_authority is defined) and (es_ssl_certificate_authority|length > 0) - name: Set keystore password become: yes diff --git a/tasks/java.yml b/tasks/java.yml index 26d6b159..649d424f 100644 --- a/tasks/java.yml +++ b/tasks/java.yml @@ -13,7 +13,7 @@ when: ansible_os_family == 'RedHat' - name: Get the installed java path - shell: "update-alternatives --display java | grep '^/' | awk '{print $1}' | grep 1.8.0 | head -1" + shell: "update-alternatives --display java | grep '^/' | awk '{print $1}' | grep 1.8.0-openjdk | head -1" become: yes register: java_full_path failed_when: False diff --git a/tasks/main.yml b/tasks/main.yml index 23d218dc..c0ad7004 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -83,21 +83,25 @@ # If playbook runs too fast, Native commands could fail as the Native Realm is not yet up - name: Wait {{ es_api_sleep }} seconds for the Native Realm to come up - command: "sleep {{ es_api_sleep }}" + wait_for: + timeout: "{{ es_api_sleep }}" when: manage_native_realm | bool - name: activate-license include: ./xpack/security/elasticsearch-xpack-activation.yml when: es_start_service and not oss_version and es_xpack_license is defined and es_xpack_license != '' + run_once: True - name: activate-trial include: ./xpack/security/elasticsearch-xpack-trial-activation.yml when: es_start_service and not oss_version and es_xpack_trial + run_once: True #perform security actions here now elasticsearch is started - name: include xpack/security/elasticsearch-security-native.yml include: ./xpack/security/elasticsearch-security-native.yml when: manage_native_realm | bool + run_once: True #Templates done after restart - handled by flushing the handlers. e.g. suppose user removes security on a running node and doesn't specify es_api_basic_auth_username and es_api_basic_auth_password. The templates will subsequently not be removed if we don't wait for the node to restart. #We also do after the native realm to ensure any changes are applied here first and its denf up. diff --git a/tasks/xpack/security/elasticsearch-security-native.yml b/tasks/xpack/security/elasticsearch-security-native.yml index 7a27fd4a..f8502640 100644 --- a/tasks/xpack/security/elasticsearch-security-native.yml +++ b/tasks/xpack/security/elasticsearch-security-native.yml @@ -12,7 +12,7 @@ - name: set fact manage_native_role to false set_fact: manage_native_roles=false -- name: set fact manange_native_roles to true +- name: set fact manage_native_roles to true set_fact: manage_native_roles=true when: es_roles is defined and es_roles.native is defined and es_roles.native.keys() | list | length > 0 @@ -137,7 +137,6 @@ uri: url: "{{ es_api_uri }}/{{ es_security_api }}/role" method: GET - body_format: json user: "{{es_api_basic_auth_username}}" password: "{{es_api_basic_auth_password}}" force_basic_auth: yes diff --git a/tasks/xpack/security/elasticsearch-security.yml b/tasks/xpack/security/elasticsearch-security.yml index 50af4330..184ab442 100644 --- a/tasks/xpack/security/elasticsearch-security.yml +++ b/tasks/xpack/security/elasticsearch-security.yml @@ -28,12 +28,47 @@ - name: Create Bootstrap password for elastic user become: yes - shell: echo "{{es_api_basic_auth_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x 'bootstrap.password' + shell: echo {{ es_api_basic_auth_password | quote }} | {{ es_home }}/bin/elasticsearch-keystore add -x 'bootstrap.password' when: - es_api_basic_auth_username is defined and list_keystore is defined and es_api_basic_auth_username == 'elastic' and 'bootstrap.password' not in list_keystore.stdout_lines environment: ES_PATH_CONF: "{{ es_conf_dir }}" no_log: true + + - name: Remove keystore entries + become: yes + command: > + {{ es_home }}/bin/elasticsearch-keystore remove '{{ item.key }}' + with_items: "{{ es_keystore_entries }}" + when: + - es_keystore_entries is defined and es_keystore_entries | length > 0 + - item.state is defined and item.state == 'absent' + - item.key in list_keystore.stdout_lines + - ('bootstrap.password' not in item.key) + no_log: true + + - name: Reload keystore entries + become: yes + command: > + {{es_home}}/bin/elasticsearch-keystore list + register: list_keystore + changed_when: False + environment: + ES_PATH_CONF: "{{ es_conf_dir }}" + check_mode: no + + - name: Add keystore entries + become: yes + shell: echo {{ item.value | quote }} | {{ es_home }}/bin/elasticsearch-keystore add -x -f {{ item.key }} + with_items: "{{ es_keystore_entries }}" + when: + - es_keystore_entries is defined and es_keystore_entries | length > 0 + - item.state is undefined or item.state == 'present' + - item.force|default(False) or ( not item.force|default(False) and item.key not in list_keystore.stdout_lines ) + - ('bootstrap.password' not in item.key) + no_log: true + + ### END BLOCK elasticsearch keystore ### #-----------------------------FILE BASED REALM---------------------------------------- diff --git a/templates/elasticsearch.j2 b/templates/elasticsearch.j2 index 1d2fd857..4e64f388 100644 --- a/templates/elasticsearch.j2 +++ b/templates/elasticsearch.j2 @@ -5,11 +5,14 @@ # Elasticsearch home directory ES_HOME={{es_home}} +# Elasticsearch temp directory +ES_TMPDIR={{ es_tmp_dir }} + # Elasticsearch Java path {% if es_java_home | length > 0 %} -JAVA_HOME={{ es_java_home }} +ES_JAVA_HOME={{ es_java_home }} {% else %} -#JAVA_HOME= +#ES_JAVA_HOME= {% endif %} # Elasticsearch configuration directory diff --git a/test/integration/custom-config.yml b/test/integration/custom-config.yml new file mode 100644 index 00000000..ed2dbab6 --- /dev/null +++ b/test/integration/custom-config.yml @@ -0,0 +1,11 @@ +--- +- name: Setup Elasticsearch with custom config files + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch + vars: + es_config_default: "test/integration/files/custom_config/elasticsearch" + es_config_log4j2: "test/integration/files/custom_config/log4j2.properties" + es_config_jvm: "test/integration/files/custom_config/jvm.options" diff --git a/test/integration/issue-test/issue-test.yml b/test/integration/custom-config/custom_config.yml similarity index 100% rename from test/integration/issue-test/issue-test.yml rename to test/integration/custom-config/custom_config.yml diff --git a/test/integration/xpack-upgrade/serverspec/default_spec.rb b/test/integration/custom-config/serverspec/default_spec.rb similarity index 53% rename from test/integration/xpack-upgrade/serverspec/default_spec.rb rename to test/integration/custom-config/serverspec/default_spec.rb index 043bc5ca..edcd5935 100644 --- a/test/integration/xpack-upgrade/serverspec/default_spec.rb +++ b/test/integration/custom-config/serverspec/default_spec.rb @@ -1,9 +1,9 @@ -require 'xpack_upgrade_spec' +require 'custom_config_spec' require 'shared_spec' require 'json' vars = JSON.parse(File.read('/tmp/vars.json')) -describe 'Xpack upgrade Tests' do +describe 'Custom Config Tests' do + include_examples 'custom_config::init', vars include_examples 'shared::init', vars - include_examples 'xpack_upgrade::init', vars end diff --git a/test/integration/default.yml b/test/integration/default.yml new file mode 100644 index 00000000..7a61d178 --- /dev/null +++ b/test/integration/default.yml @@ -0,0 +1,7 @@ +--- +- name: Setup Elasticsearch using default configuration + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch diff --git a/test/integration/oss-to-xpack-upgrade/oss-to-xpack-upgrade.yml b/test/integration/default/default.yml similarity index 100% rename from test/integration/oss-to-xpack-upgrade/oss-to-xpack-upgrade.yml rename to test/integration/default/default.yml diff --git a/test/integration/xpack/serverspec/default_spec.rb b/test/integration/default/serverspec/default_spec.rb similarity index 79% rename from test/integration/xpack/serverspec/default_spec.rb rename to test/integration/default/serverspec/default_spec.rb index 496a28cf..248a3397 100644 --- a/test/integration/xpack/serverspec/default_spec.rb +++ b/test/integration/default/serverspec/default_spec.rb @@ -2,6 +2,6 @@ require 'json' vars = JSON.parse(File.read('/tmp/vars.json')) -describe 'Xpack upgrade Tests' do +describe 'default tests' do include_examples 'shared::init', vars end diff --git a/test/integration/files/custom_config/jvm.options b/test/integration/files/custom_config/jvm.options index 71ce100a..2c6049ee 100644 --- a/test/integration/files/custom_config/jvm.options +++ b/test/integration/files/custom_config/jvm.options @@ -2,9 +2,6 @@ -Xms2g -Xmx2g --XX:+UseConcMarkSweepGC --XX:CMSInitiatingOccupancyFraction=75 --XX:+UseCMSInitiatingOccupancyOnly -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch diff --git a/test/integration/helpers/serverspec/oss_spec.rb b/test/integration/helpers/serverspec/custom_config_spec.rb similarity index 92% rename from test/integration/helpers/serverspec/oss_spec.rb rename to test/integration/helpers/serverspec/custom_config_spec.rb index f07ce889..96255103 100644 --- a/test/integration/helpers/serverspec/oss_spec.rb +++ b/test/integration/helpers/serverspec/custom_config_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper' require 'shared_spec' -shared_examples 'oss::init' do |vars| +shared_examples 'custom_config::init' do |vars| describe file("/etc/elasticsearch/log4j2.properties") do it { should be_file } it { should be_owned_by 'root' } diff --git a/test/integration/helpers/serverspec/issue_test_spec.rb b/test/integration/helpers/serverspec/issue_test_spec.rb deleted file mode 100644 index f65ed61d..00000000 --- a/test/integration/helpers/serverspec/issue_test_spec.rb +++ /dev/null @@ -1,10 +0,0 @@ -require 'spec_helper' -require 'json' -vars = JSON.parse(File.read('/tmp/vars.json')) - -shared_examples 'issue_test::init' do |vars| - - #Add custom tests here for the issue-test.yml test - -end - diff --git a/test/integration/helpers/serverspec/license_spec.rb b/test/integration/helpers/serverspec/license_spec.rb new file mode 100644 index 00000000..4045a63d --- /dev/null +++ b/test/integration/helpers/serverspec/license_spec.rb @@ -0,0 +1,27 @@ +require 'spec_helper' +require 'json' +require 'pathname' +vars = JSON.parse(File.read('/tmp/vars.json')) + +es_api_url = "#{vars['es_api_scheme']}://localhost:#{vars['es_api_port']}" +username = vars['es_api_basic_auth_username'] +password = vars['es_api_basic_auth_password'] +es_keystore = Pathname.new(vars['es_ssl_keystore']).basename.to_s +es_truststore = Pathname.new(vars['es_ssl_truststore']).basename.to_s + +if vars['es_major_version'] == '7.x' + es_license_api = "_license" +else + es_license_api = "_xpack/license" +end + +shared_examples 'license::init' do |vars| + describe 'License check' do + result = curl_json("#{es_api_url}/#{es_license_api}", username=username, password=password) + it 'should list the license issued by Elastic' do + expect(result['license']['status']).to eq('active') + expect(result['license']['type']).to eq('trial') + expect(result['license']['issued_to']).to eq('Elastic - INTERNAL (non-production environments)') + end + end +end diff --git a/test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb b/test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb deleted file mode 100644 index 4eeda4ce..00000000 --- a/test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb +++ /dev/null @@ -1,4 +0,0 @@ -require 'spec_helper' - -shared_examples 'oss_to_xpack_upgrade::init' do |vars| -end diff --git a/test/integration/helpers/serverspec/oss_upgrade_spec.rb b/test/integration/helpers/serverspec/oss_upgrade_spec.rb deleted file mode 100644 index f09e937f..00000000 --- a/test/integration/helpers/serverspec/oss_upgrade_spec.rb +++ /dev/null @@ -1,4 +0,0 @@ -require 'spec_helper' - -shared_examples 'oss_upgrade::init' do |vars| -end diff --git a/test/integration/helpers/serverspec/xpack_upgrade_spec.rb b/test/integration/helpers/serverspec/security_spec.rb similarity index 73% rename from test/integration/helpers/serverspec/xpack_upgrade_spec.rb rename to test/integration/helpers/serverspec/security_spec.rb index 237b1de8..94108984 100644 --- a/test/integration/helpers/serverspec/xpack_upgrade_spec.rb +++ b/test/integration/helpers/serverspec/security_spec.rb @@ -15,7 +15,7 @@ es_security_api = "_xpack/security" end -shared_examples 'xpack_upgrade::init' do |vars| +shared_examples 'security::init' do |vars| #Test users file, users_roles and roles.yml describe file("/etc/elasticsearch/users_roles") do it { should be_owned_by 'root' } @@ -39,12 +39,9 @@ describe file("/etc/elasticsearch/elasticsearch.yml") do if vars['es_major_version'] == '7.x' it { should contain 'security.authc.realms.file.file1.order: 0' } - it { should contain 'security.authc.realms.native.native1.order: 1' } else it { should contain 'security.authc.realms.file1.order: 0' } it { should contain 'security.authc.realms.file1.type: file' } - it { should contain 'security.authc.realms.native1.order: 1' } - it { should contain 'security.authc.realms.native1.type: native' } end it { should contain 'xpack.security.transport.ssl.enabled: true' } it { should contain 'xpack.security.http.ssl.enabled: true' } @@ -56,18 +53,10 @@ describe file("/etc/elasticsearch/role_mapping.yml") do it { should be_owned_by 'root' } it { should contain 'power_user:' } - it { should contain '- cn=admins,dc=example,dc=com' } it { should contain 'user:' } - it { should contain '- cn=admins,dc=example,dc=com' } end #check accounts are correct i.e. we can auth and they have the correct roles - describe 'kibana4_server access check' do - it 'should be reported as version '+vars['es_version'] do - expect(curl_json(es_api_url, username='kibana4_server', password='changeMe')['version']['number']).to eq(vars['es_version']) - end - end - describe 'security users' do result = curl_json("#{es_api_url}/#{es_security_api}/user", username=username, password=password) it 'should have the elastic user' do @@ -80,11 +69,6 @@ expect(result['kibana']['roles']).to eq(['kibana_system']) expect(result['kibana']['enabled']).to eq(true) end - it 'should have the kibana_server user' do - expect(result['kibana4_server']['username']).to eq('kibana4_server') - expect(result['kibana4_server']['roles']).to eq(['kibana4_server']) - expect(result['kibana4_server']['enabled']).to eq(true) - end it 'should have the logstash user' do expect(result['logstash_system']['username']).to eq('logstash_system') expect(result['logstash_system']['roles']).to eq(['logstash_system']) @@ -92,12 +76,6 @@ end end - describe 'logstash_system access check' do - it 'should be reported as version '+vars['es_version'] do - expect(curl_json(es_api_url, username='logstash_system', password='aNewLogstashPassword')['version']['number']).to eq(vars['es_version']) - end - end - describe 'SSL certificate check' do certificates = curl_json("#{es_api_url}/_ssl/certificates", username=username, password=password) it 'should list the keystore file' do diff --git a/test/integration/issue-test.yml b/test/integration/issue-test.yml deleted file mode 100644 index 1629f204..00000000 --- a/test/integration/issue-test.yml +++ /dev/null @@ -1,42 +0,0 @@ -#This file is for users to test issues and reproduce them using the test framework. -#Modify the playbook below and test with kitchen i.e. `kitchen test issue-test` -#To add custom tests modify the serverspec file ./helpers/serverspec/issue_test_spec.rb -#Idempot test is enabled for this test - -- name: Simple Example - hosts: localhost - post_tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - elasticsearch - vars: - es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" - es_config: - xpack.security.authc.realms.file.file1.order: 1 - xpack.security.authc.realms.native.native1.type: "native" - es_heap_size: "1g" - es_plugins: - - plugin: ingest-attachment - es_api_basic_auth_username: elastic - es_api_basic_auth_password: changeme - es_users: - file: - test_user: - password: changeme - roles: - - kibana_system - native: - kibana: - password: changeme - roles: - - kibana_system - elastic: - password: aNewPassWord - es_roles: - native: - logstash: - cluster: - - manage_index_templates - logstash_system: - cluster: - - manage_index_templates diff --git a/test/integration/issue-test/serverspec/default_spec.rb b/test/integration/issue-test/serverspec/default_spec.rb deleted file mode 100644 index ee7536b0..00000000 --- a/test/integration/issue-test/serverspec/default_spec.rb +++ /dev/null @@ -1,8 +0,0 @@ -require 'issue_test_spec' -require 'json' -vars = JSON.parse(File.read('/tmp/vars.json')) - -describe 'Issue Test' do - include_examples 'issue_test::init', vars -end - diff --git a/test/integration/license.yml b/test/integration/license.yml new file mode 100644 index 00000000..cd0e2343 --- /dev/null +++ b/test/integration/license.yml @@ -0,0 +1,57 @@ +--- +- name: Elasticsearch Xpack HTTP different keystore and truststore with password + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch + vars: + es_config_6x: + xpack.security.authc.realms.file1.order: 0 + xpack.security.authc.realms.file1.type: file + es_config_7x: + xpack.security.authc.realms.file.file1.order: 0 + es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" + es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" + es_api_basic_auth_username: elastic + es_api_basic_auth_password: changeme + es_api_sleep: 5 + es_enable_http_ssl: true + es_enable_transport_ssl: true + es_ssl_keystore: "test/integration/files/certs/keystore-password.p12" + es_ssl_truststore: "test/integration/files/certs/truststore-password.p12" + es_ssl_keystore_password: password1 + es_ssl_truststore_password: password2 + es_validate_certs: no + es_users: + file: + es_admin: + password: changeMe + roles: + - admin + testUser: + password: changeMeAlso! + roles: + - power_user + - user + es_roles: + file: + admin: + cluster: + - all + indices: + - names: '*' + privileges: + - all + power_user: + cluster: + - monitor + indices: + - names: '*' + privileges: + - all + user: + indices: + - names: '*' + privileges: + - read diff --git a/test/integration/oss-upgrade/oss-upgrade.yml b/test/integration/license/license.yml similarity index 100% rename from test/integration/oss-upgrade/oss-upgrade.yml rename to test/integration/license/license.yml diff --git a/test/integration/license/serverspec/default_spec.rb b/test/integration/license/serverspec/default_spec.rb new file mode 100644 index 00000000..aabba223 --- /dev/null +++ b/test/integration/license/serverspec/default_spec.rb @@ -0,0 +1,9 @@ +require 'license_spec' +require 'shared_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'license tests' do + include_examples 'shared::init', vars + include_examples 'license::init', vars +end diff --git a/test/integration/oss-to-xpack-upgrade.yml b/test/integration/oss-to-default-upgrade.yml similarity index 72% rename from test/integration/oss-to-xpack-upgrade.yml rename to test/integration/oss-to-default-upgrade.yml index 2d8caf87..774f7250 100644 --- a/test/integration/oss-to-xpack-upgrade.yml +++ b/test/integration/oss-to-default-upgrade.yml @@ -1,5 +1,5 @@ --- -- name: Standard test for single node setup. Tests idempotence. +- name: Deploy Elasticsearch OSS version hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -8,9 +8,8 @@ vars: es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade oss_version: true - es_heap_size: "1g" -- name: Standard test for single node setup. Tests idempotence. +- name: Upgrade to Elasticsearch default version hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -18,4 +17,3 @@ - elasticsearch vars: oss_version: false - es_heap_size: "1g" diff --git a/test/integration/xpack-upgrade/xpack-upgrade.yml b/test/integration/oss-to-default-upgrade/oss-to-default-upgrade.yml similarity index 100% rename from test/integration/xpack-upgrade/xpack-upgrade.yml rename to test/integration/oss-to-default-upgrade/oss-to-default-upgrade.yml diff --git a/test/integration/oss-to-default-upgrade/serverspec/default_spec.rb b/test/integration/oss-to-default-upgrade/serverspec/default_spec.rb new file mode 100644 index 00000000..08e2a2df --- /dev/null +++ b/test/integration/oss-to-default-upgrade/serverspec/default_spec.rb @@ -0,0 +1,7 @@ +require 'shared_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'oss to default upgrade tests' do + include_examples 'shared::init', vars +end diff --git a/test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb b/test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb deleted file mode 100644 index c633ffaf..00000000 --- a/test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -require 'oss_to_xpack_upgrade_spec' -require 'shared_spec' -require 'json' -vars = JSON.parse(File.read('/tmp/vars.json')) - -describe 'oss to xpack upgrade Tests' do - include_examples 'shared::init', vars - include_examples 'oss_to_xpack_upgrade::init', vars -end diff --git a/test/integration/oss-upgrade.yml b/test/integration/oss-upgrade.yml index 9d5c147a..153b02a6 100644 --- a/test/integration/oss-upgrade.yml +++ b/test/integration/oss-upgrade.yml @@ -1,5 +1,5 @@ --- -- name: Standard test for single node setup. Tests idempotence. +- name: Deploy Elasticsearch OSS previous version hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -8,9 +8,8 @@ vars: es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade oss_version: true - es_heap_size: "1g" -- name: Standard test for single node setup. Tests idempotence. +- name: Deploy Elasticsearch OSS latest version hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -18,4 +17,3 @@ - elasticsearch vars: oss_version: true - es_heap_size: "1g" diff --git a/test/integration/xpack/xpack.yml b/test/integration/oss-upgrade/oss.yml similarity index 100% rename from test/integration/xpack/xpack.yml rename to test/integration/oss-upgrade/oss.yml diff --git a/test/integration/oss-upgrade/serverspec/default_spec.rb b/test/integration/oss-upgrade/serverspec/default_spec.rb index 939ee16d..cd365924 100644 --- a/test/integration/oss-upgrade/serverspec/default_spec.rb +++ b/test/integration/oss-upgrade/serverspec/default_spec.rb @@ -1,9 +1,7 @@ -require 'oss_upgrade_spec' require 'shared_spec' require 'json' vars = JSON.parse(File.read('/tmp/vars.json')) -describe 'oss upgrade Tests' do - include_examples 'oss_upgrade::init', vars +describe 'oss upgrade tests' do include_examples 'shared::init', vars end diff --git a/test/integration/oss.yml b/test/integration/oss.yml index 7f54c47b..6c6ba062 100644 --- a/test/integration/oss.yml +++ b/test/integration/oss.yml @@ -1,5 +1,5 @@ --- -- name: Standard test for single node setup. Tests idempotence. +- name: Setup Elasticsearch OSS 6.x hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -7,11 +7,5 @@ - elasticsearch vars: oss_version: true - es_heap_size: "1g" - es_plugins: - - plugin: ingest-attachment - es_config_default: "test/integration/files/custom_config/elasticsearch" - es_config_log4j2: "test/integration/files/custom_config/log4j2.properties" - es_config_jvm: "test/integration/files/custom_config/jvm.options" #Do not add tests here. This test is run twice and confirms idempotency. diff --git a/test/integration/oss/serverspec/default_spec.rb b/test/integration/oss/serverspec/default_spec.rb index 7b506670..b32dc04b 100644 --- a/test/integration/oss/serverspec/default_spec.rb +++ b/test/integration/oss/serverspec/default_spec.rb @@ -1,12 +1,7 @@ -require 'oss_spec' require 'shared_spec' require 'json' vars = JSON.parse(File.read('/tmp/vars.json')) -describe 'OSS Tests' do - include_examples 'oss::init', vars +describe 'oss tests' do include_examples 'shared::init', vars end - - - diff --git a/test/integration/security.yml b/test/integration/security.yml new file mode 100644 index 00000000..bfedebfe --- /dev/null +++ b/test/integration/security.yml @@ -0,0 +1,56 @@ +--- +- name: Elasticsearch Xpack HTTP different keystore and truststore with password + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch + vars: + es_config_6x: + xpack.security.authc.realms.file1.order: 0 + xpack.security.authc.realms.file1.type: file + es_config_7x: + xpack.security.authc.realms.file.file1.order: 0 + es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" + es_api_basic_auth_username: elastic + es_api_basic_auth_password: changeme + es_api_sleep: 5 + es_enable_http_ssl: true + es_enable_transport_ssl: true + es_ssl_keystore: "test/integration/files/certs/keystore-password.p12" + es_ssl_truststore: "test/integration/files/certs/truststore-password.p12" + es_ssl_keystore_password: password1 + es_ssl_truststore_password: password2 + es_validate_certs: no + es_users: + file: + es_admin: + password: changeMe + roles: + - admin + testUser: + password: changeMeAlso! + roles: + - power_user + - user + es_roles: + file: + admin: + cluster: + - all + indices: + - names: '*' + privileges: + - all + power_user: + cluster: + - monitor + indices: + - names: '*' + privileges: + - all + user: + indices: + - names: '*' + privileges: + - read diff --git a/test/integration/security/security.yml b/test/integration/security/security.yml new file mode 100644 index 00000000..a3c37e19 --- /dev/null +++ b/test/integration/security/security.yml @@ -0,0 +1,2 @@ +--- +- host: test-kitchen diff --git a/test/integration/security/serverspec/default_spec.rb b/test/integration/security/serverspec/default_spec.rb new file mode 100644 index 00000000..25696e8f --- /dev/null +++ b/test/integration/security/serverspec/default_spec.rb @@ -0,0 +1,9 @@ +require 'security_spec' +require 'shared_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'security tests' do + include_examples 'shared::init', vars + include_examples 'security::init', vars +end diff --git a/test/integration/xpack-upgrade-trial.yml b/test/integration/trial.yml similarity index 53% rename from test/integration/xpack-upgrade-trial.yml rename to test/integration/trial.yml index acf2e574..32217138 100644 --- a/test/integration/xpack-upgrade-trial.yml +++ b/test/integration/trial.yml @@ -1,5 +1,5 @@ --- -- name: Elasticsearch Xpack HTTP different keystore and truststore with password +- name: Setup Elasticsearch with security enabled and a trial license hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -15,15 +15,7 @@ xpack.security.authc.realms.file.file1.order: 0 xpack.security.authc.realms.native.native1.order: 1 es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" - es_heap_size: "1g" - es_templates: true - es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json" - es_major_version: "7.x" - es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade - es_xpack_license: "" es_xpack_trial: true - es_plugins: - - plugin: ingest-attachment es_api_basic_auth_username: elastic es_api_basic_auth_password: changeme es_api_sleep: 5 @@ -112,64 +104,3 @@ - write - delete - create_index - -#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed. -- name: Elasticsearch Xpack HTTP SSL and shared keystore without password - hosts: localhost - post_tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - elasticsearch - vars: - es_config_6x: - xpack.security.authc.realms.file1.order: 0 - xpack.security.authc.realms.file1.type: file - xpack.security.authc.realms.native1.order: 1 - xpack.security.authc.realms.native1.type: native - es_config_7x: - xpack.security.authc.realms.file.file1.order: 0 - xpack.security.authc.realms.native.native1.order: 1 - es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" - es_heap_size: "1g" - es_templates: true - es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json" - es_xpack_license: "" - es_xpack_trial: false - es_plugins: - - plugin: ingest-attachment - es_api_basic_auth_username: elastic - es_api_basic_auth_password: elasticChanged - es_api_sleep: 5 - es_enable_http_ssl: true - es_enable_transport_ssl: true - es_ssl_keystore: "test/integration/files/certs/shared-store-no-password.p12" - es_ssl_truststore: "test/integration/files/certs/shared-store-no-password.p12" - es_ssl_keystore_password: "" - es_ssl_truststore_password: "" - es_validate_certs: no - es_role_mapping: - power_user: - - "cn=admins,dc=example,dc=com" - user: - - "cn=users,dc=example,dc=com" - - "cn=admins,dc=example,dc=com" - es_users: - native: - kibana4_server: - password: changeMe - roles: - - kibana4_server - logstash_system: - #this will be ignored - roles: - - kibana4_server - file: - es_admin: - password: changeMeAgain - roles: - - admin - testUser: - password: changeMeAlso! - roles: - - power_user - - user diff --git a/test/integration/trial/serverspec/default_spec.rb b/test/integration/trial/serverspec/default_spec.rb new file mode 100644 index 00000000..9700f5bd --- /dev/null +++ b/test/integration/trial/serverspec/default_spec.rb @@ -0,0 +1,7 @@ +require 'shared_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'trial tests' do + include_examples 'shared::init', vars +end diff --git a/test/integration/trial/trial.yml b/test/integration/trial/trial.yml new file mode 100644 index 00000000..a3c37e19 --- /dev/null +++ b/test/integration/trial/trial.yml @@ -0,0 +1,2 @@ +--- +- host: test-kitchen diff --git a/test/integration/upgrade.yml b/test/integration/upgrade.yml new file mode 100644 index 00000000..2a1a27bb --- /dev/null +++ b/test/integration/upgrade.yml @@ -0,0 +1,16 @@ +--- +- name: Deploy Elasticsearch previous version + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch + vars: + es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" + +- name: Deploy Elasticsearch latest version + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch diff --git a/test/integration/upgrade/serverspec/default_spec.rb b/test/integration/upgrade/serverspec/default_spec.rb new file mode 100644 index 00000000..29eacb20 --- /dev/null +++ b/test/integration/upgrade/serverspec/default_spec.rb @@ -0,0 +1,7 @@ +require 'shared_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'upgrade tests' do + include_examples 'shared::init', vars +end diff --git a/test/integration/upgrade/upgrade.yml b/test/integration/upgrade/upgrade.yml new file mode 100644 index 00000000..a3c37e19 --- /dev/null +++ b/test/integration/upgrade/upgrade.yml @@ -0,0 +1,2 @@ +--- +- host: test-kitchen diff --git a/test/integration/xpack-upgrade-trial b/test/integration/xpack-upgrade-trial deleted file mode 120000 index 3021ce03..00000000 --- a/test/integration/xpack-upgrade-trial +++ /dev/null @@ -1 +0,0 @@ -xpack-upgrade \ No newline at end of file diff --git a/test/integration/xpack-upgrade.yml b/test/integration/xpack-upgrade.yml deleted file mode 100644 index ea4a8bc1..00000000 --- a/test/integration/xpack-upgrade.yml +++ /dev/null @@ -1,173 +0,0 @@ ---- -- name: Elasticsearch Xpack HTTP different keystore and truststore with password - hosts: localhost - post_tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - elasticsearch - vars: - es_config_6x: - xpack.security.authc.realms.file1.order: 0 - xpack.security.authc.realms.file1.type: file - xpack.security.authc.realms.native1.order: 1 - xpack.security.authc.realms.native1.type: native - es_config_7x: - xpack.security.authc.realms.file.file1.order: 0 - xpack.security.authc.realms.native.native1.order: 1 - es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" - es_heap_size: "1g" - es_templates: true - es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json" - es_major_version: "7.x" - es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade - es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" - es_plugins: - - plugin: ingest-attachment - es_api_basic_auth_username: elastic - es_api_basic_auth_password: changeme - es_api_sleep: 5 - es_enable_http_ssl: false - es_enable_transport_ssl: true - es_ssl_keystore: "test/integration/files/certs/keystore-password.p12" - es_ssl_truststore: "test/integration/files/certs/truststore-password.p12" - es_ssl_keystore_password: password1 - es_ssl_truststore_password: password2 - es_validate_certs: no - es_role_mapping: - power_user: - - "cn=admins,dc=example,dc=com" - user: - - "cn=users,dc=example,dc=com" - - "cn=admins,dc=example,dc=com" - es_users: - native: - kibana4_server: - password: changeMe - roles: - - kibana4_server - logstash_system: - #this should be successfully modified - password: aNewLogstashPassword - #this will be ignored - roles: - - kibana4_server - elastic: - password: elasticChanged - file: - es_admin: - password: changeMe - roles: - - admin - testUser: - password: changeMeAlso! - roles: - - power_user - - user - es_roles: - file: - admin: - cluster: - - all - indices: - - names: '*' - privileges: - - all - power_user: - cluster: - - monitor - indices: - - names: '*' - privileges: - - all - user: - indices: - - names: '*' - privileges: - - read - kibana4_server: - cluster: - - monitor - indices: - - names: '.kibana' - privileges: - - all - native: - logstash: - cluster: - - manage_index_templates - indices: - - names: 'logstash-*' - privileges: - - write - - delete - - create_index - #this will be ignored - its reserved - logstash_system: - cluster: - - manage_index_templates - indices: - - names: 'logstash-*' - privileges: - - write - - delete - - create_index - -#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed. -- name: Elasticsearch Xpack HTTP SSL and shared keystore without password - hosts: localhost - post_tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - elasticsearch - vars: - es_config_6x: - xpack.security.authc.realms.file1.order: 0 - xpack.security.authc.realms.file1.type: file - xpack.security.authc.realms.native1.order: 1 - xpack.security.authc.realms.native1.type: native - es_config_7x: - xpack.security.authc.realms.file.file1.order: 0 - xpack.security.authc.realms.native.native1.order: 1 - es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" - es_heap_size: "1g" - es_templates: true - es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json" - es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" - es_plugins: - - plugin: ingest-attachment - es_api_basic_auth_username: elastic - es_api_basic_auth_password: elasticChanged - es_api_sleep: 5 - es_enable_http_ssl: true - es_enable_transport_ssl: true - es_ssl_keystore: "test/integration/files/certs/shared-store-no-password.p12" - es_ssl_truststore: "test/integration/files/certs/shared-store-no-password.p12" - es_ssl_keystore_password: "" - es_ssl_truststore_password: "" - es_validate_certs: no - es_role_mapping: - power_user: - - "cn=admins,dc=example,dc=com" - user: - - "cn=users,dc=example,dc=com" - - "cn=admins,dc=example,dc=com" - es_users: - native: - kibana4_server: - password: changeMe - roles: - - kibana4_server - logstash_system: - #this will be ignored - roles: - - kibana4_server - file: - es_admin: - password: changeMeAgain - roles: - - admin - testUser: - password: changeMeAlso! - roles: - - power_user - - user diff --git a/test/integration/xpack.yml b/test/integration/xpack.yml deleted file mode 100644 index 002736f9..00000000 --- a/test/integration/xpack.yml +++ /dev/null @@ -1,10 +0,0 @@ -#Tests x-pack is idempotent and works when security is not enabled ---- -- name: Elasticsearch Xpack tests - no security and manual download - hosts: localhost - post_tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - elasticsearch - vars: - es_heap_size: 2g diff --git a/test/matrix-6x.yml b/test/matrix-6x.yml new file mode 100644 index 00000000..d76a5cca --- /dev/null +++ b/test/matrix-6x.yml @@ -0,0 +1,19 @@ +OS: + - ubuntu-1604 + - ubuntu-1804 + - ubuntu-2004 + - debian-8 + - debian-9 + - debian-10 + - centos-7 + - amazonlinux-2 +TEST_TYPE: + - custom-config + - default + - license + - oss + - oss-to-default-upgrade + - oss-upgrade + - security + - trial + - upgrade diff --git a/test/matrix.yml b/test/matrix.yml index a0a67f95..1955cf59 100644 --- a/test/matrix.yml +++ b/test/matrix.yml @@ -1,18 +1,17 @@ -VERSION: - - 7.x - - 6.x OS: - - ubuntu-1404 - ubuntu-1604 - ubuntu-1804 + - ubuntu-2004 - debian-8 - debian-9 - debian-10 - centos-7 - amazonlinux-2 TEST_TYPE: - - oss - - oss-upgrade - - oss-to-xpack-upgrade - - xpack - - xpack-upgrade + - custom-config + - default + - license + - oss-to-default-upgrade + - security + - trial + - upgrade diff --git a/vars/RedHat.yml b/vars/RedHat.yml index b0aa42b2..5887416b 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,4 +1,4 @@ --- java: "{{ es_java | default('java-1.8.0-openjdk.x86_64') }}" default_file: "/etc/sysconfig/elasticsearch" -es_home: "/usr/share/elasticsearch" \ No newline at end of file +es_home: "/usr/share/elasticsearch"