From 50bf641b8cc4593891d779858726d5b7efee4f04 Mon Sep 17 00:00:00 2001 From: Wade Rossmann Date: Tue, 25 Aug 2020 23:42:43 -0700 Subject: [PATCH 01/68] Properly quote password in shell command (#715) --- tasks/xpack/security/elasticsearch-security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/xpack/security/elasticsearch-security.yml b/tasks/xpack/security/elasticsearch-security.yml index 50af4330..9f29a7c8 100644 --- a/tasks/xpack/security/elasticsearch-security.yml +++ b/tasks/xpack/security/elasticsearch-security.yml @@ -28,7 +28,7 @@ - name: Create Bootstrap password for elastic user become: yes - shell: echo "{{es_api_basic_auth_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x 'bootstrap.password' + shell: echo {{ es_api_basic_auth_password | quote }} | {{ es_home }}/bin/elasticsearch-keystore add -x 'bootstrap.password' when: - es_api_basic_auth_username is defined and list_keystore is defined and es_api_basic_auth_username == 'elastic' and 'bootstrap.password' not in list_keystore.stdout_lines environment: From 37e93217fea5e398d353bdad464c7978e4466ecc Mon Sep 17 00:00:00 2001 From: joshschmitter <45405518+joshschmitter@users.noreply.github.com> Date: Wed, 2 Sep 2020 02:10:28 -0500 Subject: [PATCH 02/68] add ansible var for ES_TMPDIR env var (#714) Elasticsearch requires its temp directory to be mounted as executable (see executable-jna-tmpdir). However, the CIS guidelines (e.g., CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v2.1.1, 1.1.5) recommend mounting /tmp with noexec. Therefore, users of this ansible role may have reason to set elasticsearch's temp dir to a non-default location. (The elasticsearch environment variable ES_TMPDIR gets set to /tmp by default. This PR preserves this default behavior.) --- defaults/main.yml | 1 + templates/elasticsearch.j2 | 3 +++ 2 files changed, 4 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 6a2aedf4..6e7cf363 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -26,6 +26,7 @@ es_config_jvm: "jvm.options.j2" #Need to provide default directories es_conf_dir: "/etc/elasticsearch" es_pid_dir: "/var/run/elasticsearch" +es_tmp_dir: "/tmp" es_data_dirs: - "/var/lib/elasticsearch" es_log_dir: "/var/log/elasticsearch" diff --git a/templates/elasticsearch.j2 b/templates/elasticsearch.j2 index 1d2fd857..367bf950 100644 --- a/templates/elasticsearch.j2 +++ b/templates/elasticsearch.j2 @@ -5,6 +5,9 @@ # Elasticsearch home directory ES_HOME={{es_home}} +# Elasticsearch temp directory +ES_TMPDIR={{ es_tmp_dir }} + # Elasticsearch Java path {% if es_java_home | length > 0 %} JAVA_HOME={{ es_java_home }} From b6a07ee61c42561747fd36c66f9ceafc08523dd4 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Thu, 3 Sep 2020 17:43:28 +0200 Subject: [PATCH 03/68] 7.9.1 release (#718) * 7.9.1 as default version --- CHANGELOG.md | 11 +++++++++++ README.md | 10 +++++----- defaults/main.yml | 2 +- helpers/bumper.py | 4 ++-- 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 417314af..65da3f11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,21 @@ # Changelog +## 7.9.1 - 2020/09/03 + +* 7.9.1 as default version + +| PR | Author | Title | +|-------------------------------------------------------------------|----------------------------------------|------------------------------------------| +| [#701](https://github.com/elastic/ansible-elasticsearch/pull/701) | [@suramon](https://github.com/suramon) | Fix running ansible in check mode | +| [#703](https://github.com/elastic/ansible-elasticsearch/pull/703) | [@anisf](https://github.com/anisf) | Add amazonlinux2 support | +| [#705](https://github.com/elastic/ansible-elasticsearch/pull/705) | [@andzs](https://github.com/andzs) | Use sudo for users migration from <6.3.0 | + ## 7.9.0 - 2020/08/18 * 7.9.0 as default version * 6.8.12 as 6.x tested version + ## 7.8.1 - 2020/07/28 * 7.8.1 as default version diff --git a/README.md b/README.md index 774543ab..9336fb3b 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,7.9.0 +ansible-galaxy install elastic.elasticsearch,7.9.1 ``` Then create your playbook yaml adding the role elasticsearch. @@ -71,14 +71,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.9.0 + es_version: 7.9.1 ``` -The above installs Elasticsearch 7.9.0 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.9.1 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.9.0](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.12](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.9.1](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.12](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -399,7 +399,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of elasticsearch * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.9.0"). +* ```es_version``` (e.g. "7.9.1"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index 6e7cf363..b519ab00 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.9.0" +es_version: "7.9.1" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" diff --git a/helpers/bumper.py b/helpers/bumper.py index da5c61b8..956b835f 100755 --- a/helpers/bumper.py +++ b/helpers/bumper.py @@ -15,12 +15,12 @@ old_versions = { 6: '6.8.11', - 7: '7.8.1', + 7: '7.9.0', } new_versions = { 6: '6.8.12', - 7: '7.9.0', + 7: '7.9.1', } files = [ From a933f3c90ea18afe847648c58f1a48eec24d73ac Mon Sep 17 00:00:00 2001 From: Luke Snyder Date: Mon, 7 Sep 2020 09:57:11 -0400 Subject: [PATCH 04/68] Use run_once for api related tasks (#716) Co-authored-by: Luke Snyder --- tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tasks/main.yml b/tasks/main.yml index 23d218dc..2e53b9ca 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -89,15 +89,18 @@ - name: activate-license include: ./xpack/security/elasticsearch-xpack-activation.yml when: es_start_service and not oss_version and es_xpack_license is defined and es_xpack_license != '' + run_once: True - name: activate-trial include: ./xpack/security/elasticsearch-xpack-trial-activation.yml when: es_start_service and not oss_version and es_xpack_trial + run_once: True #perform security actions here now elasticsearch is started - name: include xpack/security/elasticsearch-security-native.yml include: ./xpack/security/elasticsearch-security-native.yml when: manage_native_realm | bool + run_once: True #Templates done after restart - handled by flushing the handlers. e.g. suppose user removes security on a running node and doesn't specify es_api_basic_auth_username and es_api_basic_auth_password. The templates will subsequently not be removed if we don't wait for the node to restart. #We also do after the native realm to ensure any changes are applied here first and its denf up. From ef36f105b7c940183739e5b6ccd48a494d4e4ca4 Mon Sep 17 00:00:00 2001 From: Nassim Kammah Date: Thu, 24 Sep 2020 19:08:32 +0200 Subject: [PATCH 05/68] 7.9.2 release (#723) Co-authored-by: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> --- CHANGELOG.md | 8 ++++++++ README.md | 10 +++++----- defaults/main.yml | 2 +- helpers/bumper.py | 6 +++--- test/integration/files/custom_config/jvm.options | 3 --- 5 files changed, 17 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65da3f11..981d3c60 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## 7.9.2 - 2020/09/24 + +* 7.9.2 as default version + +| PR | Author | Title | +|-------------------------------------------------------------------|----------------------------------------|------------------------------------------| +| [#716](https://github.com/elastic/ansible-elasticsearch/pull/716) | [@lksnyder0](https://github.com/lksnyder0) | Use run_once for api related tasks | + ## 7.9.1 - 2020/09/03 * 7.9.1 as default version diff --git a/README.md b/README.md index 9336fb3b..8a5886e4 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,7.9.1 +ansible-galaxy install elastic.elasticsearch,7.9.2 ``` Then create your playbook yaml adding the role elasticsearch. @@ -71,14 +71,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.9.1 + es_version: 7.9.2 ``` -The above installs Elasticsearch 7.9.1 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.9.2 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.9.1](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.12](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.9.2](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.12](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -399,7 +399,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of elasticsearch * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.9.1"). +* ```es_version``` (e.g. "7.9.2"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index b519ab00..6d6f6f7f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.9.1" +es_version: "7.9.2" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" diff --git a/helpers/bumper.py b/helpers/bumper.py index 956b835f..3e32420d 100755 --- a/helpers/bumper.py +++ b/helpers/bumper.py @@ -14,13 +14,13 @@ os.chdir(os.path.join(os.path.dirname(__file__), '..')) old_versions = { - 6: '6.8.11', - 7: '7.9.0', + 6: '6.8.12', + 7: '7.9.1', } new_versions = { 6: '6.8.12', - 7: '7.9.1', + 7: '7.9.2', } files = [ diff --git a/test/integration/files/custom_config/jvm.options b/test/integration/files/custom_config/jvm.options index 71ce100a..2c6049ee 100644 --- a/test/integration/files/custom_config/jvm.options +++ b/test/integration/files/custom_config/jvm.options @@ -2,9 +2,6 @@ -Xms2g -Xmx2g --XX:+UseConcMarkSweepGC --XX:CMSInitiatingOccupancyFraction=75 --XX:+UseCMSInitiatingOccupancyOnly -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch From 2a3793ce82ee2428531894f3737b959e15026a49 Mon Sep 17 00:00:00 2001 From: vielfarbig <66375686+vielfarbig@users.noreply.github.com> Date: Mon, 5 Oct 2020 18:03:51 +0200 Subject: [PATCH 06/68] =?UTF-8?q?Add=20note=20to=20only=20using=20es=5Fdat?= =?UTF-8?q?a=5Fdirs=20and=20es=5Flog=5Fdir=20for=20customizing=20th?= =?UTF-8?q?=E2=80=A6=20(#726)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8a5886e4..77abeee8 100644 --- a/README.md +++ b/README.md @@ -216,11 +216,13 @@ A more complex example: - plugin: ingest-attachment ``` -#### Important Note +#### Important Notes **The role uses es_api_host and es_api_port to communicate with the node for actions only achievable via http e.g. to install templates and to check the NODE IS ACTIVE. These default to "localhost" and 9200 respectively. If the node is deployed to bind on either a different host or port, these must be changed.** +**Only use es_data_dirs and es_log_dir for customizing the data and log dirs respectively. When using together with `es_config['path.data']` and `es_config['path.logs']` it would result in generating duplicate data- and logs-keys in `elasticsearch.yml` and thus let fail to start elasticsearch.** + ### Multi Node Server Installations The application of the elasticsearch role results in the installation of a node on a host. Specifying the role multiple times for a host therefore results in the installation of multiple nodes for the host. From fdfaa5c88806bf74fc93be9a4df5fd0a777e6c69 Mon Sep 17 00:00:00 2001 From: Samuel Mutel Date: Mon, 12 Oct 2020 10:02:25 +0200 Subject: [PATCH 07/68] Add an option to not upload SSL/TLS certs (#727) --- defaults/main.yml | 1 + docs/ssl-tls-setup.md | 2 ++ tasks/elasticsearch-ssl.yml | 11 ++++++----- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 6d6f6f7f..19ac7dc3 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -55,6 +55,7 @@ es_heap_dump_path: "/var/lib/elasticsearch" es_enable_auto_ssl_configuration: true es_enable_http_ssl: false es_enable_transport_ssl: false +es_ssl_upload: true es_ssl_keystore: "" es_ssl_keystore_password: "" es_ssl_truststore: "" diff --git a/docs/ssl-tls-setup.md b/docs/ssl-tls-setup.md index a887e653..d08a0ea0 100644 --- a/docs/ssl-tls-setup.md +++ b/docs/ssl-tls-setup.md @@ -2,6 +2,8 @@ The role allows configuring HTTP and transport layer SSL/TLS for the cluster. You will need to generate and provide your own PKCS12 or PEM encoded certificates as described in [Encrypting communications in Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/7.4/configuring-tls.html#configuring-tls). +By default this role will upload the certs to your elasticsearch servers. If you already copied the certs by your own way, set `es_ssl_upload` to `false` (default: `true`) + If you don't want this role to add autogenerated SSL configuration to elasticsearch.yml set `es_enable_auto_ssl_configuration` to `false` (default: `true`). The following should be configured to ensure a security-enabled cluster successfully forms: diff --git a/tasks/elasticsearch-ssl.yml b/tasks/elasticsearch-ssl.yml index 2437f794..af5e15ba 100644 --- a/tasks/elasticsearch-ssl.yml +++ b/tasks/elasticsearch-ssl.yml @@ -7,7 +7,7 @@ set_fact: es_same_keystore=true when: es_ssl_keystore == es_ssl_truststore -- name: ensure certificate directory exists +- name: Ensure certificate directory exists become: yes file: dest: "{{ es_ssl_certificate_path }}" @@ -15,6 +15,7 @@ owner: root group: "{{ es_group }}" mode: "750" + when: es_ssl_upload - name: Upload SSL/TLS keystore become: yes @@ -24,7 +25,7 @@ owner: "{{ es_user }}" group: "{{ es_group }}" mode: "640" - when: es_ssl_keystore and es_ssl_truststore + when: es_ssl_upload and es_ssl_keystore and es_ssl_truststore notify: restart elasticsearch register: copy_keystore @@ -36,7 +37,7 @@ owner: "{{ es_user }}" group: "{{ es_group }}" mode: "640" - when: es_ssl_keystore and es_ssl_truststore + when: es_ssl_upload and es_ssl_keystore and es_ssl_truststore notify: restart elasticsearch register: copy_truststore @@ -51,7 +52,7 @@ with_items: - "{{ es_ssl_key }}" - "{{ es_ssl_certificate }}" - when: es_ssl_key and es_ssl_certificate + when: es_ssl_upload and es_ssl_key and es_ssl_certificate #Restart if these change notify: restart elasticsearch register: copy_certificates @@ -66,7 +67,7 @@ mode: "640" #Restart if this changes notify: restart elasticsearch - when: (es_ssl_certificate_authority is defined) and (es_ssl_certificate_authority|length > 0) + when: es_ssl_upload and (es_ssl_certificate_authority is defined) and (es_ssl_certificate_authority|length > 0) - name: Set keystore password become: yes From 389a3ff45f8f51de95313ca0354cedcdc92b16f4 Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Thu, 22 Oct 2020 09:50:23 -0400 Subject: [PATCH 08/68] 7.9.3 release (#734) * 7.9.3 release Co-authored-by: Nassim Kammah --- .kitchen.yml | 2 +- CHANGELOG.md | 11 +++++++++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index da58756c..06c2c208 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -19,7 +19,7 @@ provisioner: extra_vars: es_major_version: "<%= ENV['VERSION'] %>" <% if ENV['VERSION'] == '6.x' %> - es_version: '6.8.12' + es_version: '6.8.13' <% end %> <% end %> diff --git a/CHANGELOG.md b/CHANGELOG.md index 981d3c60..c4d8d7d3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,16 @@ # Changelog +## 7.9.3 + +* 7.9.3 as default version. +* 6.8.13 as 6.x tested version + +| PR | Author | Title | +| --- | --- | --- | +| [#727](https://github.com/elastic/ansible-elasticsearch/pull/727) | [@smutel](https://github.com/smutel) | Add an option to not upload SSL/TLS certs | +| [#726](https://github.com/elastic/ansible-elasticsearch/pull/726) | [@vielfarbig](https://github.com/vielfarbig) | Add note to only using es_data_dirs and es_log_dir for customizing th… | + + ## 7.9.2 - 2020/09/24 * 7.9.2 as default version diff --git a/README.md b/README.md index 77abeee8..2d34ab9a 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,7.9.2 +ansible-galaxy install elastic.elasticsearch,7.9.3 ``` Then create your playbook yaml adding the role elasticsearch. @@ -71,14 +71,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.9.2 + es_version: 7.9.3 ``` -The above installs Elasticsearch 7.9.2 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.9.3 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.9.2](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.12](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.9.3](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.13](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -401,7 +401,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of elasticsearch * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.9.2"). +* ```es_version``` (e.g. "7.9.3"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index 19ac7dc3..6c1c0017 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.9.2" +es_version: "7.9.3" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From ca39bf107ec76e517edacb54115b5a98814e6719 Mon Sep 17 00:00:00 2001 From: 0xflotus <0xflotus@gmail.com> Date: Wed, 4 Nov 2020 11:33:15 +0100 Subject: [PATCH 09/68] fix: small error (#739) fix some typos --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2d34ab9a..466ab656 100644 --- a/README.md +++ b/README.md @@ -95,9 +95,9 @@ This playbook uses [Kitchen](https://kitchen.ci/) for CI and local testing. ### Running the tests -* Ensure you have checked out this repository to `elaticsearch`, not `ansible-elasticsearch`. +* Ensure you have checked out this repository to `elasticsearch`, not `ansible-elasticsearch`. * If you don't have a Gold or Platinum license to test with you can run the trial versions of the `xpack-upgrade` and `issue-test` suites by appending `-trial` to the `PATTERN` variable. -* You may need to explicity specify `VERSION=7.x` if some suites are failing. +* You may need to explicitly specify `VERSION=7.x` if some suites are failing. Install the ruby dependencies with bundler From 674cea7938097b8e6be83e3fd67c521d586edba8 Mon Sep 17 00:00:00 2001 From: Samuel Mutel Date: Wed, 4 Nov 2020 12:33:44 +0100 Subject: [PATCH 10/68] Improve the documentation for TLS (#728) Co-authored-by: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> --- docs/ssl-tls-setup.md | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/docs/ssl-tls-setup.md b/docs/ssl-tls-setup.md index d08a0ea0..b948e8e2 100644 --- a/docs/ssl-tls-setup.md +++ b/docs/ssl-tls-setup.md @@ -68,8 +68,8 @@ $ bin/elasticsearch-certutil cert --ca ./my-ca.p12 --out ./my-keystore.p12 --pas xpack.security.authc.realms.file.file1.order: 0 xpack.security.authc.realms.native.native1.order: 1 es_heap_size: 1g - es_api_basic_auth_username: elastic - es_api_basic_auth_password: changeme + es_api_basic_auth_username: "elastic" # This is the default user created by the installation of elasticsearch + es_api_basic_auth_password: "changeme" # This is the default password created by the installation of elasticsearch es_enable_http_ssl: true es_enable_transport_ssl: true es_ssl_keystore: "files/certs/my-keystore.p12" @@ -78,3 +78,28 @@ $ bin/elasticsearch-certutil cert --ca ./my-ca.p12 --out ./my-keystore.p12 --pas es_ssl_truststore_password: "truststore_password" es_validate_certs: no ``` + +## Changing the default password of elastic user + +To change the default password of user elastic: + +* Add this line to your playbook: + +``` +vars: + es_api_basic_auth_username: "elastic" + es_api_basic_auth_password: "changeme" + es_users: + native: + elastic: + password: "" +``` + +* Deploy your playbook +* Update your playbook with: + +``` +vars: + es_api_basic_auth_username: "elastic" + es_api_basic_auth_password: "" +``` From c91892ac92c66926cdcb6024a82c4c26fa5e3611 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Wed, 4 Nov 2020 16:14:49 +0100 Subject: [PATCH 11/68] fix some typos (#740) --- README.md | 8 ++++---- tasks/xpack/security/elasticsearch-security-native.yml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 466ab656..53d79c35 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ Ansible-elasticsearch 7.5.2 is updating the configuration files provided by this - `/etc/elasticsearch/jvm.options`: the new template reflect the configuration files provided by Elasticsearch >= 6.x - `/etc/elasticsearch/log4j2.properties`: - We removed `log4j2.properties.j2` template from this Ansible role as it was a static file not bringing any customization specific to some ansible variable. - - Deployment of this Ansible role on new servers will get the default `log4j2.properties` provided by Elastisearch without any override. + - Deployment of this Ansible role on new servers will get the default `log4j2.properties` provided by Elasticsearch without any override. - **WARNING**: For upgrade scenarios where this file was already managed by previous versions of ansible-elasticsearch, this file will become unmanaged and won't be updated by default. If you wish to update it to 7.5 version, you can retrieve it [here](https://github.com/elastic/elasticsearch/blob/7.5/distribution/src/config/log4j2.properties) and use this file with `es_config_log4j2` Ansible variable (see below). #### How to override configuration files provided by ansible-elasticsearch? @@ -186,7 +186,7 @@ Whilst the role installs Elasticsearch with the default configuration parameters The `network.publish_host` setting allows to control the host the node will publish itself within the cluster so other nodes will be able to connect to it. -See https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html for further details on default binding behaviour and available options. +See https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html for further details on default binding behavior and available options. The role makes no attempt to enforce the setting of these are requires users to specify them appropriately. It is recommended master nodes are listed and thus deployed first where possible. A more complex example: @@ -397,7 +397,7 @@ These can either be set to a user declared in the file based realm, with admin p ### Additional Configuration -In addition to es_config, the following parameters allow the customization of the Java and Elasticsearch versions as well as the role behaviour. Options include: +In addition to es_config, the following parameters allow the customization of the Java and Elasticsearch versions as well as the role behavior. Options include: * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of elasticsearch * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. @@ -477,7 +477,7 @@ To define proxy globally, set the following variables: ## IMPORTANT NOTES RE PLUGIN MANAGEMENT -* If the ES version is changed, all plugins will be removed. Those listed in the playbook will be re-installed. This is behaviour is required in ES 6.x. +* If the ES version is changed, all plugins will be removed. Those listed in the playbook will be re-installed. This is behavior is required in ES 6.x. * If no plugins are listed in the playbook for a node, all currently installed plugins will be removed. * The role supports automatic detection of differences between installed and listed plugins - installing those listed but not installed, and removing those installed but not listed. Should users wish to re-install plugins they should set es_plugins_reinstall to true. This will cause all currently installed plugins to be removed and those listed to be installed. diff --git a/tasks/xpack/security/elasticsearch-security-native.yml b/tasks/xpack/security/elasticsearch-security-native.yml index 7a27fd4a..0d04a280 100644 --- a/tasks/xpack/security/elasticsearch-security-native.yml +++ b/tasks/xpack/security/elasticsearch-security-native.yml @@ -12,7 +12,7 @@ - name: set fact manage_native_role to false set_fact: manage_native_roles=false -- name: set fact manange_native_roles to true +- name: set fact manage_native_roles to true set_fact: manage_native_roles=true when: es_roles is defined and es_roles.native is defined and es_roles.native.keys() | list | length > 0 From 6901f7141bab282d82641fbcbceea617fe138b57 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Thu, 5 Nov 2020 17:02:53 +0100 Subject: [PATCH 12/68] [meta] clean deprecated bumper script (#741) --- helpers/bumper.py | 36 ------------------------------------ 1 file changed, 36 deletions(-) delete mode 100755 helpers/bumper.py diff --git a/helpers/bumper.py b/helpers/bumper.py deleted file mode 100755 index 3e32420d..00000000 --- a/helpers/bumper.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env python3 -import fileinput -import os - -""" -This script is used to bump elasticsearch versions before a new release - -Usage: -- Change the values of `old_versions` and `new_versions`` -- Run the script: `./bumper.py` -- That's all -""" - -os.chdir(os.path.join(os.path.dirname(__file__), '..')) - -old_versions = { - 6: '6.8.12', - 7: '7.9.1', -} - -new_versions = { - 6: '6.8.12', - 7: '7.9.2', -} - -files = [ - 'README.md', - 'defaults/main.yml', - '.kitchen.yml', -] - -for major, version in old_versions.items(): - for file in files: - print(file) - for line in fileinput.input([file], inplace=True): - print(line.replace(version, new_versions[major]), end='') From f01f19a4d3f574bae6f204f8212ecb19571790a4 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Tue, 10 Nov 2020 06:38:21 +0100 Subject: [PATCH 13/68] convert custom filter to python3 (#742) This commit convert the custom filters to python 3 using 2to3 source: https://docs.python.org/2/library/2to3.html --- filter_plugins/custom.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/filter_plugins/custom.py b/filter_plugins/custom.py index 443627b0..ad13ab18 100644 --- a/filter_plugins/custom.py +++ b/filter_plugins/custom.py @@ -27,7 +27,7 @@ def array_to_str(values=[], separator=","): def extract_role_users(users={}, exclude_users=[]): role_users = [] - for user, details in users.items(): + for user, details in list(users.items()): if user not in exclude_users and "roles" in details: for role in details["roles"]: role_users.append(role + ":" + user) @@ -40,7 +40,7 @@ def filename(filename=""): def remove_reserved(user_roles={}): not_reserved = [] - for user_role, details in user_roles.items(): + for user_role, details in list(user_roles.items()): if ( not "metadata" in details or not "_reserved" in details["metadata"] @@ -52,7 +52,7 @@ def remove_reserved(user_roles={}): def filter_reserved(users_role={}): reserved = [] - for user_role, details in users_role.items(): + for user_role, details in list(users_role.items()): if ( "metadata" in details and "_reserved" in details["metadata"] From 36c451d3f1fa7f0182b5c379d5ec16d5461925e1 Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Wed, 11 Nov 2020 10:05:49 -0500 Subject: [PATCH 14/68] 7.10.0 release (#743) --- CHANGELOG.md | 14 ++++++++++++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c4d8d7d3..cc8298d8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,19 @@ # Changelog +## 7.10.0 + +* 7.10.0 as default version. + + +| PR | Author | Title | +| --- | --- | --- | +| [#742](https://github.com/elastic/ansible-elasticsearch/pull/742) | [@jmlrt](https://github.com/jmlrt) | convert custom filter to python3 | +| [#741](https://github.com/elastic/ansible-elasticsearch/pull/741) | [@jmlrt](https://github.com/jmlrt) | [meta] clean deprecated bumper script | +| [#740](https://github.com/elastic/ansible-elasticsearch/pull/740) | [@jmlrt](https://github.com/jmlrt) | fix some typos | +| [#728](https://github.com/elastic/ansible-elasticsearch/pull/728) | [@smutel](https://github.com/smutel) | Improve the documentation for TLS | +| [#739](https://github.com/elastic/ansible-elasticsearch/pull/739) | [@0xflotus](https://github.com/0xflotus) | fix: small error | + + ## 7.9.3 * 7.9.3 as default version. diff --git a/README.md b/README.md index 53d79c35..aed754ee 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,7.9.3 +ansible-galaxy install elastic.elasticsearch,7.10.0 ``` Then create your playbook yaml adding the role elasticsearch. @@ -71,14 +71,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.9.3 + es_version: 7.10.0 ``` -The above installs Elasticsearch 7.9.3 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.10.0 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.9.3](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.13](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.10.0](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.13](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -401,7 +401,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of elasticsearch * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.9.3"). +* ```es_version``` (e.g. "7.10.0"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index 6c1c0017..1f2c8b7d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.9.3" +es_version: "7.10.0" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From 64f92ed17031df5542330ed67e1a5e41da1e7c1e Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Tue, 17 Nov 2020 18:17:40 +0100 Subject: [PATCH 15/68] Fix test-kitchen net-scp-error (#736) This commit report setting added to ansible-beats repo to fix the transient Net::SCP::Error reported in ansible-beats and ansible-elasticsearch during test-kitchen CI tests. --- .kitchen.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.kitchen.yml b/.kitchen.yml index 06c2c208..ab210553 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -2,6 +2,9 @@ driver: name: docker +transport: + max_ssh_sessions: 6 + provisioner: name: ansible_playbook hosts: localhost From cc4d7fa98c846efeec48378c0087c9ee4935ba0e Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Tue, 17 Nov 2020 18:43:41 +0000 Subject: [PATCH 16/68] Support CentOS 8 (#744) --- .kitchen.yml | 12 ++++++++++++ README.md | 1 + test/matrix.yml | 1 + 3 files changed, 14 insertions(+) diff --git a/.kitchen.yml b/.kitchen.yml index ab210553..fc9dcc1c 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -123,6 +123,18 @@ platforms: run_command: "/usr/sbin/init" privileged: true use_sudo: false + - name: centos-8 + driver_config: + image: centos:8 + provision_command: + - yum -y install epel-release + - yum -y install ansible iproute python3-jmespath + volume: + - <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json + - /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers + run_command: "/usr/sbin/init" + privileged: true + use_sudo: false - name: amazonlinux-2 driver_config: image: amazonlinux:2 diff --git a/README.md b/README.md index aed754ee..a5826c9f 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ Ansible role for 7.x/6.x Elasticsearch. Currently this works on Debian and RedH * Debian 9 * Debian 10 * CentOS 7 +* CentOS 8 * Amazon Linux 2 The latest Elasticsearch versions of 7.x & 6.x are actively tested. diff --git a/test/matrix.yml b/test/matrix.yml index a0a67f95..877e2598 100644 --- a/test/matrix.yml +++ b/test/matrix.yml @@ -9,6 +9,7 @@ OS: - debian-9 - debian-10 - centos-7 + - centos-8 - amazonlinux-2 TEST_TYPE: - oss From 5b3976cd20549cabea19b6b73dcb727bd2c9197e Mon Sep 17 00:00:00 2001 From: Robin Opletal <49439044+fourstepper@users.noreply.github.com> Date: Thu, 3 Dec 2020 15:59:44 +0100 Subject: [PATCH 17/68] Fix idempotency for both supported CentOS versions (#747) * Fix idempotency for version lock broken in CentOS8 --- tasks/elasticsearch-RedHat-version-lock.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/elasticsearch-RedHat-version-lock.yml b/tasks/elasticsearch-RedHat-version-lock.yml index 504f13c4..7835be42 100644 --- a/tasks/elasticsearch-RedHat-version-lock.yml +++ b/tasks/elasticsearch-RedHat-version-lock.yml @@ -8,7 +8,7 @@ - name: RedHat - check if requested elasticsearch version lock exists become: yes - shell: yum versionlock list | grep -c {{es_package_name}}-{{es_version}} + shell: 'yum versionlock list | grep {{es_package_name}} | grep -c "{{es_version}}"' register: es_requested_version_locked args: warn: false From ffeb286150bad5a6f6edbc3b805df24f2d159e93 Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Wed, 9 Dec 2020 07:16:36 -0800 Subject: [PATCH 18/68] 7.10.1 release (#749) --- CHANGELOG.md | 12 ++++++++++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cc8298d8..203b1650 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## 7.10.1 + +* 7.10.1 as default version. + + +| PR | Author | Title | +| --- | --- | --- | +| [#747](https://github.com/elastic/ansible-elasticsearch/pull/747) | [@fourstepper](https://github.com/fourstepper) | Fix idempotency for both supported CentOS versions | +| [#744](https://github.com/elastic/ansible-elasticsearch/pull/744) | [@v1v](https://github.com/v1v) | Support CentOS 8 | +| [#736](https://github.com/elastic/ansible-elasticsearch/pull/736) | [@jmlrt](https://github.com/jmlrt) | Fix test-kitchen net-scp-error | + + ## 7.10.0 * 7.10.0 as default version. diff --git a/README.md b/README.md index a5826c9f..8b3016f0 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,7.10.0 +ansible-galaxy install elastic.elasticsearch,7.10.1 ``` Then create your playbook yaml adding the role elasticsearch. @@ -72,14 +72,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.10.0 + es_version: 7.10.1 ``` -The above installs Elasticsearch 7.10.0 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.10.1 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.10.0](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.13](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.10.1](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.13](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -402,7 +402,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of elasticsearch * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.10.0"). +* ```es_version``` (e.g. "7.10.1"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index 1f2c8b7d..10eca9f0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.10.0" +es_version: "7.10.1" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From 470eae90ede5af4fbe9c501707d9d68b9abb0115 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Thu, 10 Dec 2020 17:37:17 +0100 Subject: [PATCH 19/68] [meta] fix ansible galaxy install command (#751) This commit fix the Ansible Galaxy install command to use the new versioning implemented in 7.10.1 release. ansible-beats tags are now prefixed by v which makes Ansible Galaxy versions also including this prefix. Fix #750 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8b3016f0..cc24411d 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,7.10.1 +ansible-galaxy install elastic.elasticsearch,v7.10.1 ``` Then create your playbook yaml adding the role elasticsearch. From e1fd7d770d2e780cd06a42a63bfbba3b3921ffc6 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Wed, 6 Jan 2021 18:22:27 +0100 Subject: [PATCH 20/68] Fix java install path when system has multiple java (#753) This commit fix the command to get Java install path when the system has multiple java installed Fix #721 --- tasks/java.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/java.yml b/tasks/java.yml index 26d6b159..649d424f 100644 --- a/tasks/java.yml +++ b/tasks/java.yml @@ -13,7 +13,7 @@ when: ansible_os_family == 'RedHat' - name: Get the installed java path - shell: "update-alternatives --display java | grep '^/' | awk '{print $1}' | grep 1.8.0 | head -1" + shell: "update-alternatives --display java | grep '^/' | awk '{print $1}' | grep 1.8.0-openjdk | head -1" become: yes register: java_full_path failed_when: False From dcef5b7e91d8efbd2f13249d54e7d774c7ba2681 Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Thu, 14 Jan 2021 07:25:39 -0800 Subject: [PATCH 21/68] 7.10.2 release (#754) --- CHANGELOG.md | 4 ++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 203b1650..49e7ce09 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 7.10.2 + +* 7.10.2 as default version. + ## 7.10.1 * 7.10.1 as default version. diff --git a/README.md b/README.md index cc24411d..e3892b80 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.10.1 +ansible-galaxy install elastic.elasticsearch,v7.10.2 ``` Then create your playbook yaml adding the role elasticsearch. @@ -72,14 +72,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.10.1 + es_version: 7.10.2 ``` -The above installs Elasticsearch 7.10.1 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.10.2 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.10.1](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.13](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.10.2](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.13](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -402,7 +402,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of elasticsearch * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.10.1"). +* ```es_version``` (e.g. "7.10.2"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index 10eca9f0..78fdc9ec 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.10.1" +es_version: "7.10.2" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From fec4907c4bcf8e70a49352a6ba4e30cd44dfc6b0 Mon Sep 17 00:00:00 2001 From: Nassim Kammah Date: Thu, 14 Jan 2021 17:17:04 +0100 Subject: [PATCH 22/68] Update 7.10.2 changelog (#755) --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 49e7ce09..3c1b4037 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ * 7.10.2 as default version. + +| PR | Author | Title | +| --- | --- | --- | +| [#753](https://github.com/elastic/ansible-elasticsearch/pull/753) | [@jmlrt](https://github.com/jmlrt) | Fix java install path when system has multiple java | + + ## 7.10.1 * 7.10.1 as default version. From e863695018352a8fc7e930e50fa277b8128addce Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Wed, 27 Jan 2021 17:37:00 +0100 Subject: [PATCH 23/68] [meta] add dedicated ci jobs for 6.x (#760) This commit create dedicated Jenkins jobs for 6.x for master branch and PRs. This is required to allow having different test suites for 7.x and 6.x in a following PR. --- .ci/jobs/defaults.yml | 30 ++++++++------ ...lastic+ansible-elasticsearch+master-6x.yml | 39 +++++++++++++++++++ .../elastic+ansible-elasticsearch+master.yml | 25 +++--------- ...+ansible-elasticsearch+pull-request-6x.yml | 36 +++++++++++++++++ ...tic+ansible-elasticsearch+pull-request.yml | 21 ---------- test/matrix-6x.yml | 16 ++++++++ test/matrix.yml | 3 -- 7 files changed, 116 insertions(+), 54 deletions(-) create mode 100644 .ci/jobs/elastic+ansible-elasticsearch+master-6x.yml create mode 100644 .ci/jobs/elastic+ansible-elasticsearch+pull-request-6x.yml create mode 100644 test/matrix-6x.yml diff --git a/.ci/jobs/defaults.yml b/.ci/jobs/defaults.yml index 0a39d45a..2abf0fb9 100644 --- a/.ci/jobs/defaults.yml +++ b/.ci/jobs/defaults.yml @@ -12,12 +12,6 @@ logrotate: daysToKeep: 30 numToKeep: 100 - parameters: - - string: - name: branch_specifier - default: master - description: the Git branch specifier to build (<branchName>, <tagName>, - <commitId>, etc.) properties: - github: url: https://github.com/elastic/ansible-elasticsearch/ @@ -41,10 +35,6 @@ name: label values: - linux - - axis: - name: VERSION - filename: elasticsearch/test/matrix.yml - type: yaml - axis: name: OS filename: elasticsearch/test/matrix.yml @@ -55,6 +45,25 @@ type: yaml vault: role_id: cff5d4e0-61bf-2497-645f-fcf019d10c13 + builders: + - shell: |- + #!/usr/local/bin/runbld + set -euo pipefail + + export RBENV_VERSION='2.5.7' + export PATH="$HOME/.rbenv/bin:$PATH" + eval "$(rbenv init -)" + rbenv local $RBENV_VERSION + + export ES_XPACK_LICENSE_FILE="$(pwd)/license.json" + echo "Getting xpack_license from secrets service" + set +x + VAULT_TOKEN=$( curl -s -X POST -H "Content-Type: application/json" -L -d "{\"role_id\":\"$VAULT_ROLE_ID\",\"secret_id\":\"$VAULT_SECRET_ID\"}" $VAULT_ADDR/v1/auth/approle/login | jq -r '.auth.client_token' ) + curl -s -L -H "X-Vault-Token:$VAULT_TOKEN" $VAULT_ADDR/v1/secret/devops-ci/ansible-elasticsearch/xpack_license | jq -r '.data.value' > ${ES_XPACK_LICENSE_FILE} + set -x + echo "Finished getting xpack_license from secrets service" + make setup + make verify VERSION=$VERSION PATTERN=$TEST_TYPE-$OS wrappers: - ansicolor - timeout: @@ -62,4 +71,3 @@ timeout: 360 fail: true - timestamps - diff --git a/.ci/jobs/elastic+ansible-elasticsearch+master-6x.yml b/.ci/jobs/elastic+ansible-elasticsearch+master-6x.yml new file mode 100644 index 00000000..969986ba --- /dev/null +++ b/.ci/jobs/elastic+ansible-elasticsearch+master-6x.yml @@ -0,0 +1,39 @@ +--- +- job: + name: elastic+ansible-elasticsearch+master-6x + display-name: elastic / ansible-elasticsearch - master - 6.x + description: Master branch testing with test kitchen for Elasticsearch 6.x + parameters: + - string: + name: branch_specifier + default: master + description: the Git branch specifier to build (<branchName>, <tagName>, + <commitId>, etc.) + - string: + name: VERSION + default: 6.x + description: Elasticsearch major version + axes: + - axis: + type: slave + name: label + values: + - linux + - axis: + name: OS + filename: elasticsearch/test/matrix-6x.yml + type: yaml + - axis: + name: TEST_TYPE + filename: elasticsearch/test/matrix-6x.yml + type: yaml + triggers: + - timed: H H(02-04) * * * + publishers: + - slack: + notify-back-to-normal: True + notify-every-failure: True + room: infra-release-notify + team-domain: elastic + auth-token-id: release-slack-integration-token + auth-token-credential-id: release-slack-integration-token diff --git a/.ci/jobs/elastic+ansible-elasticsearch+master.yml b/.ci/jobs/elastic+ansible-elasticsearch+master.yml index cb76aba4..64aa21cd 100644 --- a/.ci/jobs/elastic+ansible-elasticsearch+master.yml +++ b/.ci/jobs/elastic+ansible-elasticsearch+master.yml @@ -3,27 +3,14 @@ name: elastic+ansible-elasticsearch+master display-name: elastic / ansible-elasticsearch - master description: Master branch testing with test kitchen + parameters: + - string: + name: branch_specifier + default: master + description: the Git branch specifier to build (<branchName>, <tagName>, + <commitId>, etc.) triggers: - timed: H H(02-04) * * * - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - export RBENV_VERSION='2.5.7' - export PATH="$HOME/.rbenv/bin:$PATH" - eval "$(rbenv init -)" - rbenv local $RBENV_VERSION - - export ES_XPACK_LICENSE_FILE="$(pwd)/license.json" - echo "Getting xpack_license from secrets service" - set +x - VAULT_TOKEN=$( curl -s -X POST -H "Content-Type: application/json" -L -d "{\"role_id\":\"$VAULT_ROLE_ID\",\"secret_id\":\"$VAULT_SECRET_ID\"}" $VAULT_ADDR/v1/auth/approle/login | jq -r '.auth.client_token' ) - curl -s -L -H "X-Vault-Token:$VAULT_TOKEN" $VAULT_ADDR/v1/secret/devops-ci/ansible-elasticsearch/xpack_license | jq -r '.data.value' > ${ES_XPACK_LICENSE_FILE} - set -x - echo "Finished getting xpack_license from secrets service" - make setup - make verify VERSION=$VERSION PATTERN=$TEST_TYPE-$OS publishers: - slack: notify-back-to-normal: True diff --git a/.ci/jobs/elastic+ansible-elasticsearch+pull-request-6x.yml b/.ci/jobs/elastic+ansible-elasticsearch+pull-request-6x.yml new file mode 100644 index 00000000..725826bf --- /dev/null +++ b/.ci/jobs/elastic+ansible-elasticsearch+pull-request-6x.yml @@ -0,0 +1,36 @@ +--- +- job: + name: elastic+ansible-elasticsearch+pull-request-6x + display-name: elastic / ansible-elasticsearch - pull-request - 6.x + description: Pull request testing with test kitchen for Elasticsearch 6.x + parameters: + - string: + name: VERSION + default: 6.x + description: Elasticsearch major version + scm: + - git: + branches: + - $ghprbActualCommit + refspec: +refs/pull/*:refs/remotes/origin/pr/* + axes: + - axis: + type: slave + name: label + values: + - linux + - axis: + name: OS + filename: elasticsearch/test/matrix-6x.yml + type: yaml + - axis: + name: TEST_TYPE + filename: elasticsearch/test/matrix-6x.yml + triggers: + - github-pull-request: + github-hooks: true + org-list: + - elastic + allow-whitelist-orgs-as-admins: true + cancel-builds-on-update: true + status-context: devops-ci diff --git a/.ci/jobs/elastic+ansible-elasticsearch+pull-request.yml b/.ci/jobs/elastic+ansible-elasticsearch+pull-request.yml index 166c43ad..ef8ecd12 100644 --- a/.ci/jobs/elastic+ansible-elasticsearch+pull-request.yml +++ b/.ci/jobs/elastic+ansible-elasticsearch+pull-request.yml @@ -3,8 +3,6 @@ name: elastic+ansible-elasticsearch+pull-request display-name: elastic / ansible-elasticsearch - pull-request description: Pull request testing with test kitchen - project-type: matrix - parameters: [] scm: - git: branches: @@ -18,22 +16,3 @@ allow-whitelist-orgs-as-admins: true cancel-builds-on-update: true status-context: devops-ci - builders: - - shell: |- - #!/usr/local/bin/runbld - set -euo pipefail - - export RBENV_VERSION='2.5.7' - export PATH="$HOME/.rbenv/bin:$PATH" - eval "$(rbenv init -)" - rbenv local $RBENV_VERSION - - export ES_XPACK_LICENSE_FILE="$(pwd)/license.json" - echo "Getting xpack_license from secrets service" - set +x - VAULT_TOKEN=$( curl -s -X POST -H "Content-Type: application/json" -L -d "{\"role_id\":\"$VAULT_ROLE_ID\",\"secret_id\":\"$VAULT_SECRET_ID\"}" $VAULT_ADDR/v1/auth/approle/login | jq -r '.auth.client_token' ) - curl -s -L -H "X-Vault-Token:$VAULT_TOKEN" $VAULT_ADDR/v1/secret/devops-ci/ansible-elasticsearch/xpack_license | jq -r '.data.value' > ${ES_XPACK_LICENSE_FILE} - set -x - echo "Finished getting xpack_license from secrets service" - make setup - make verify VERSION=$VERSION PATTERN=$TEST_TYPE-$OS diff --git a/test/matrix-6x.yml b/test/matrix-6x.yml new file mode 100644 index 00000000..d8fad354 --- /dev/null +++ b/test/matrix-6x.yml @@ -0,0 +1,16 @@ +OS: + - ubuntu-1404 + - ubuntu-1604 + - ubuntu-1804 + - debian-8 + - debian-9 + - debian-10 + - centos-7 + - centos-8 + - amazonlinux-2 +TEST_TYPE: + - oss + - oss-upgrade + - oss-to-xpack-upgrade + - xpack + - xpack-upgrade diff --git a/test/matrix.yml b/test/matrix.yml index 877e2598..d8fad354 100644 --- a/test/matrix.yml +++ b/test/matrix.yml @@ -1,6 +1,3 @@ -VERSION: - - 7.x - - 6.x OS: - ubuntu-1404 - ubuntu-1604 From fb6c0c9876aeaa63301d76f25d1220c6461131f0 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Wed, 27 Jan 2021 19:30:00 +0100 Subject: [PATCH 24/68] [meta] fix jobs template following #760 (#762) This commit fix the test job templates following #760. - add VERSION parameter for 7.x jobs - move axis to jobs templates --- .ci/jobs/defaults.yml | 14 -------------- .../elastic+ansible-elasticsearch+master.yml | 18 ++++++++++++++++++ ...tic+ansible-elasticsearch+pull-request.yml | 19 +++++++++++++++++++ 3 files changed, 37 insertions(+), 14 deletions(-) diff --git a/.ci/jobs/defaults.yml b/.ci/jobs/defaults.yml index 2abf0fb9..9e55507a 100644 --- a/.ci/jobs/defaults.yml +++ b/.ci/jobs/defaults.yml @@ -29,20 +29,6 @@ url: git@github.com:elastic/ansible-elasticsearch.git basedir: elasticsearch wipe-workspace: 'False' - axes: - - axis: - type: slave - name: label - values: - - linux - - axis: - name: OS - filename: elasticsearch/test/matrix.yml - type: yaml - - axis: - name: TEST_TYPE - filename: elasticsearch/test/matrix.yml - type: yaml vault: role_id: cff5d4e0-61bf-2497-645f-fcf019d10c13 builders: diff --git a/.ci/jobs/elastic+ansible-elasticsearch+master.yml b/.ci/jobs/elastic+ansible-elasticsearch+master.yml index 64aa21cd..16ffc0c1 100644 --- a/.ci/jobs/elastic+ansible-elasticsearch+master.yml +++ b/.ci/jobs/elastic+ansible-elasticsearch+master.yml @@ -9,6 +9,24 @@ default: master description: the Git branch specifier to build (<branchName>, <tagName>, <commitId>, etc.) + - string: + name: VERSION + default: 7.x + description: Elasticsearch major version + axes: + - axis: + type: slave + name: label + values: + - linux + - axis: + name: OS + filename: elasticsearch/test/matrix.yml + type: yaml + - axis: + name: TEST_TYPE + filename: elasticsearch/test/matrix.yml + type: yaml triggers: - timed: H H(02-04) * * * publishers: diff --git a/.ci/jobs/elastic+ansible-elasticsearch+pull-request.yml b/.ci/jobs/elastic+ansible-elasticsearch+pull-request.yml index ef8ecd12..f11c5db4 100644 --- a/.ci/jobs/elastic+ansible-elasticsearch+pull-request.yml +++ b/.ci/jobs/elastic+ansible-elasticsearch+pull-request.yml @@ -3,6 +3,25 @@ name: elastic+ansible-elasticsearch+pull-request display-name: elastic / ansible-elasticsearch - pull-request description: Pull request testing with test kitchen + parameters: + - string: + name: VERSION + default: 7.x + description: Elasticsearch major version + axes: + - axis: + type: slave + name: label + values: + - linux + - axis: + name: OS + filename: elasticsearch/test/matrix.yml + type: yaml + - axis: + name: TEST_TYPE + filename: elasticsearch/test/matrix.yml + type: yaml scm: - git: branches: From 87946a8305147216cc682df35054f5e9b75ae953 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Wed, 27 Jan 2021 21:34:28 +0100 Subject: [PATCH 25/68] [meta] fix again jjbb template for jenkins jobs (#763) This commit fix PR test job for 6.x following #762. --- .ci/jobs/elastic+ansible-elasticsearch+pull-request-6x.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.ci/jobs/elastic+ansible-elasticsearch+pull-request-6x.yml b/.ci/jobs/elastic+ansible-elasticsearch+pull-request-6x.yml index 725826bf..e8a4cacd 100644 --- a/.ci/jobs/elastic+ansible-elasticsearch+pull-request-6x.yml +++ b/.ci/jobs/elastic+ansible-elasticsearch+pull-request-6x.yml @@ -26,6 +26,7 @@ - axis: name: TEST_TYPE filename: elasticsearch/test/matrix-6x.yml + type: yaml triggers: - github-pull-request: github-hooks: true From 69c8997a8369f48ed9bc1b560203b8151bae236e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?rubar=20=C3=A7elik?= <69350353+rubarclk@users.noreply.github.com> Date: Wed, 3 Feb 2021 17:10:13 +0300 Subject: [PATCH 26/68] Update elasticsearch-Debian.yml (#761) Co-authored-by: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> --- tasks/elasticsearch-Debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/elasticsearch-Debian.yml b/tasks/elasticsearch-Debian.yml index 50e1ae7e..b344b413 100644 --- a/tasks/elasticsearch-Debian.yml +++ b/tasks/elasticsearch-Debian.yml @@ -103,7 +103,7 @@ when: es_version_lock - name: Debian - Download elasticsearch from url - get_url: url={% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_package_url }}-{{ es_version }}.deb{% endif %} dest=/tmp/elasticsearch-{{ es_version }}.deb validate_certs=no + get_url: url={% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_package_url }}-{{ es_version }}-amd64.deb{% endif %} dest=/tmp/elasticsearch-{{ es_version }}.deb validate_certs=no when: not es_use_repository - name: Debian - Ensure elasticsearch is installed from downloaded package From 78e805e6cbe5a178e751fb69d96dcdb06323294b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bernhard=20Fl=C3=BChmann?= Date: Wed, 3 Feb 2021 18:37:52 +0100 Subject: [PATCH 27/68] Ad support for elasticsearch-keystore entries (#769) --- README.md | 20 +++++++++++ .../xpack/security/elasticsearch-security.yml | 35 +++++++++++++++++++ 2 files changed, 55 insertions(+) diff --git a/README.md b/README.md index e3892b80..2164b4db 100644 --- a/README.md +++ b/README.md @@ -459,6 +459,26 @@ Both ```es_user_id``` and ```es_group_id``` must be set for the user and group i * ```es_restart_on_change``` - defaults to true. If false, changes will not result in Elasticsearch being restarted. * ```es_plugins_reinstall``` - defaults to false. If true, all currently installed plugins will be removed from a node. Listed plugins will then be re-installed. +To add, update or remove elasticsearch.keystore entries, use the following variable: + +```yaml +# state is optional and defaults to present +es_keystore_entries: +- key: someKeyToAdd + value: someValue + state: present + +- key: someKeyToUpdate + value: newValue + # state: present + force: Yes + +- key: someKeyToDelete + state: absent +``` + + + This role ships with sample templates located in the [test/integration/files/templates-7.x](https://github.com/elastic/ansible-elasticsearch/tree/master/test/integration/files/templates-7.x) directory. `es_templates_fileglob` variable is used with the Ansible [with_fileglob](http://docs.ansible.com/ansible/playbooks_loops.html#id4) loop. When setting the globs, be sure to use an absolute path. ### Proxy diff --git a/tasks/xpack/security/elasticsearch-security.yml b/tasks/xpack/security/elasticsearch-security.yml index 9f29a7c8..febecfe4 100644 --- a/tasks/xpack/security/elasticsearch-security.yml +++ b/tasks/xpack/security/elasticsearch-security.yml @@ -34,6 +34,41 @@ environment: ES_PATH_CONF: "{{ es_conf_dir }}" no_log: true + + - name: Remove keystore entries + become: yes + command: > + echo {{ es_api_basic_auth_password | quote }} | {{ es_home }}/bin/elasticsearch-keystore remove '{{ item.key }}' + with_items: "{{ es_keystore_entries }}" + when: + - es_keystore_entries is defined and es_keystore_entries | length > 0 + - item.state is defined and item.state == 'absent' + - item.key in list_keystore.stdout_lines + - ('bootstrap.password' not in item.key) + no_log: true + + - name: Reload keystore entries + become: yes + command: > + {{es_home}}/bin/elasticsearch-keystore list + register: list_keystore + changed_when: False + environment: + ES_PATH_CONF: "{{ es_conf_dir }}" + check_mode: no + + - name: Add keystore entries + become: yes + shell: echo {{ item.value | quote }} | {{ es_home }}/bin/elasticsearch-keystore add -x -f {{ item.key }} + with_items: "{{ es_keystore_entries }}" + when: + - es_keystore_entries is defined and es_keystore_entries | length > 0 + - item.state is undefined or item.state == 'present' + - item.force|default(False) or ( not item.force|default(False) and item.key not in list_keystore.stdout_lines ) + - ('bootstrap.password' not in item.key) + no_log: true + + ### END BLOCK elasticsearch keystore ### #-----------------------------FILE BASED REALM---------------------------------------- From d3e394b071d819ef47a515557a1ce33e81a34522 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Thu, 4 Feb 2021 11:19:00 +0100 Subject: [PATCH 28/68] [meta] refactor kitchen tests (#765) * [meta] refactor kitchen tests This commit update kitchen tests to match important feature to test: - default: test a deployment with all default values - license: test a deployment with a license and default values - trial: test a deployment with security enabled and trial license - oss: test a deployment with oss version and default values (6.x only) - upgrade: test an upgrade from a previous version - oss-upgrade: test an upgrade with oss version (6.x only) - oss-to-default-upgrade: test an upgrade from previous oss to latest default version - custom_config: test a deployment with custom config files - security: test a deployment with security enabled * [meta] fix license test --- .kitchen.yml | 38 ++-- Makefile | 2 +- README.md | 2 +- test/integration/custom-config.yml | 11 ++ .../custom_config.yml} | 0 .../serverspec/default_spec.rb | 6 +- test/integration/default.yml | 7 + .../default.yml} | 0 .../serverspec/default_spec.rb | 2 +- .../{oss_spec.rb => custom_config_spec.rb} | 2 +- .../helpers/serverspec/issue_test_spec.rb | 10 - .../helpers/serverspec/license_spec.rb | 27 +++ .../serverspec/oss_to_xpack_upgrade_spec.rb | 4 - .../helpers/serverspec/oss_upgrade_spec.rb | 4 - ...xpack_upgrade_spec.rb => security_spec.rb} | 24 +-- test/integration/issue-test.yml | 42 ----- .../issue-test/serverspec/default_spec.rb | 8 - test/integration/license.yml | 57 ++++++ .../oss-upgrade.yml => license/license.yml} | 0 .../license/serverspec/default_spec.rb | 9 + ...upgrade.yml => oss-to-default-upgrade.yml} | 6 +- .../oss-to-default-upgrade.yml} | 0 .../serverspec/default_spec.rb | 7 + .../serverspec/default_spec.rb | 9 - test/integration/oss-upgrade.yml | 6 +- .../{xpack/xpack.yml => oss-upgrade/oss.yml} | 0 .../oss-upgrade/serverspec/default_spec.rb | 4 +- test/integration/oss.yml | 8 +- .../oss/serverspec/default_spec.rb | 7 +- test/integration/security.yml | 56 ++++++ test/integration/security/security.yml | 2 + .../security/serverspec/default_spec.rb | 9 + .../{xpack-upgrade-trial.yml => trial.yml} | 71 +------ .../trial/serverspec/default_spec.rb | 7 + test/integration/trial/trial.yml | 2 + test/integration/upgrade.yml | 16 ++ .../upgrade/serverspec/default_spec.rb | 7 + test/integration/upgrade/upgrade.yml | 2 + test/integration/xpack-upgrade-trial | 1 - test/integration/xpack-upgrade.yml | 173 ------------------ test/integration/xpack.yml | 10 - test/matrix-6x.yml | 10 +- test/matrix.yml | 10 +- 43 files changed, 272 insertions(+), 406 deletions(-) create mode 100644 test/integration/custom-config.yml rename test/integration/{issue-test/issue-test.yml => custom-config/custom_config.yml} (100%) rename test/integration/{xpack-upgrade => custom-config}/serverspec/default_spec.rb (53%) create mode 100644 test/integration/default.yml rename test/integration/{oss-to-xpack-upgrade/oss-to-xpack-upgrade.yml => default/default.yml} (100%) rename test/integration/{xpack => default}/serverspec/default_spec.rb (79%) rename test/integration/helpers/serverspec/{oss_spec.rb => custom_config_spec.rb} (92%) delete mode 100644 test/integration/helpers/serverspec/issue_test_spec.rb create mode 100644 test/integration/helpers/serverspec/license_spec.rb delete mode 100644 test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb delete mode 100644 test/integration/helpers/serverspec/oss_upgrade_spec.rb rename test/integration/helpers/serverspec/{xpack_upgrade_spec.rb => security_spec.rb} (73%) delete mode 100644 test/integration/issue-test.yml delete mode 100644 test/integration/issue-test/serverspec/default_spec.rb create mode 100644 test/integration/license.yml rename test/integration/{oss-upgrade/oss-upgrade.yml => license/license.yml} (100%) create mode 100644 test/integration/license/serverspec/default_spec.rb rename test/integration/{oss-to-xpack-upgrade.yml => oss-to-default-upgrade.yml} (72%) rename test/integration/{xpack-upgrade/xpack-upgrade.yml => oss-to-default-upgrade/oss-to-default-upgrade.yml} (100%) create mode 100644 test/integration/oss-to-default-upgrade/serverspec/default_spec.rb delete mode 100644 test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb rename test/integration/{xpack/xpack.yml => oss-upgrade/oss.yml} (100%) create mode 100644 test/integration/security.yml create mode 100644 test/integration/security/security.yml create mode 100644 test/integration/security/serverspec/default_spec.rb rename test/integration/{xpack-upgrade-trial.yml => trial.yml} (53%) create mode 100644 test/integration/trial/serverspec/default_spec.rb create mode 100644 test/integration/trial/trial.yml create mode 100644 test/integration/upgrade.yml create mode 100644 test/integration/upgrade/serverspec/default_spec.rb create mode 100644 test/integration/upgrade/upgrade.yml delete mode 120000 test/integration/xpack-upgrade-trial delete mode 100644 test/integration/xpack-upgrade.yml delete mode 100644 test/integration/xpack.yml diff --git a/.kitchen.yml b/.kitchen.yml index fc9dcc1c..a1ee4f55 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -149,31 +149,39 @@ platforms: use_sudo: false suites: + - name: custom-config + provisioner: + idempotency_test: true + playbook: test/integration/custom-config.yml + - name: default + provisioner: + playbook: test/integration/default.yml + idempotency_test: true + - name: license + provisioner: + playbook: test/integration/license.yml + idempotency_test: true - name: oss provisioner: idempotency_test: true playbook: test/integration/oss.yml - - name: oss-upgrade + - name: oss-to-default-upgrade provisioner: - playbook: test/integration/oss-upgrade.yml + playbook: test/integration/oss-to-default-upgrade.yml idempotency_test: false - - name: oss-to-xpack-upgrade + - name: oss-upgrade provisioner: - playbook: test/integration/oss-to-xpack-upgrade.yml + playbook: test/integration/oss-upgrade.yml idempotency_test: false - - name: xpack + - name: security provisioner: - playbook: test/integration/xpack.yml + playbook: test/integration/security.yml idempotency_test: true - - name: xpack-upgrade + - name: trial provisioner: - playbook: test/integration/xpack-upgrade.yml - idempotency_test: false - - name: issue-test - provisioner: - playbook: test/integration/issue-test.yml - idempotency_test: false - - name: xpack-upgrade-trial + playbook: test/integration/trial.yml + idempotency_test: false # es_xpack_trial is not idempotent currently + - name: upgrade provisioner: - playbook: test/integration/xpack-upgrade-trial.yml + playbook: test/integration/upgrade.yml idempotency_test: false diff --git a/Makefile b/Makefile index 8d28ebca..0de81fb1 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ default: build SHELL:=/bin/bash -eux export VERSION := 7.x -PATTERN := xpack-ubuntu-1604 +PATTERN := default-ubuntu-1804 .PHONY: converge verify test login destroy list diff --git a/README.md b/README.md index 2164b4db..a660e63e 100644 --- a/README.md +++ b/README.md @@ -97,7 +97,7 @@ This playbook uses [Kitchen](https://kitchen.ci/) for CI and local testing. ### Running the tests * Ensure you have checked out this repository to `elasticsearch`, not `ansible-elasticsearch`. -* If you don't have a Gold or Platinum license to test with you can run the trial versions of the `xpack-upgrade` and `issue-test` suites by appending `-trial` to the `PATTERN` variable. +* If you don't have a Gold or Platinum license to test with you can run the trial versions of the `xpack-upgrade` suites by appending `-trial` to the `PATTERN` variable. * You may need to explicitly specify `VERSION=7.x` if some suites are failing. Install the ruby dependencies with bundler diff --git a/test/integration/custom-config.yml b/test/integration/custom-config.yml new file mode 100644 index 00000000..ed2dbab6 --- /dev/null +++ b/test/integration/custom-config.yml @@ -0,0 +1,11 @@ +--- +- name: Setup Elasticsearch with custom config files + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch + vars: + es_config_default: "test/integration/files/custom_config/elasticsearch" + es_config_log4j2: "test/integration/files/custom_config/log4j2.properties" + es_config_jvm: "test/integration/files/custom_config/jvm.options" diff --git a/test/integration/issue-test/issue-test.yml b/test/integration/custom-config/custom_config.yml similarity index 100% rename from test/integration/issue-test/issue-test.yml rename to test/integration/custom-config/custom_config.yml diff --git a/test/integration/xpack-upgrade/serverspec/default_spec.rb b/test/integration/custom-config/serverspec/default_spec.rb similarity index 53% rename from test/integration/xpack-upgrade/serverspec/default_spec.rb rename to test/integration/custom-config/serverspec/default_spec.rb index 043bc5ca..edcd5935 100644 --- a/test/integration/xpack-upgrade/serverspec/default_spec.rb +++ b/test/integration/custom-config/serverspec/default_spec.rb @@ -1,9 +1,9 @@ -require 'xpack_upgrade_spec' +require 'custom_config_spec' require 'shared_spec' require 'json' vars = JSON.parse(File.read('/tmp/vars.json')) -describe 'Xpack upgrade Tests' do +describe 'Custom Config Tests' do + include_examples 'custom_config::init', vars include_examples 'shared::init', vars - include_examples 'xpack_upgrade::init', vars end diff --git a/test/integration/default.yml b/test/integration/default.yml new file mode 100644 index 00000000..7a61d178 --- /dev/null +++ b/test/integration/default.yml @@ -0,0 +1,7 @@ +--- +- name: Setup Elasticsearch using default configuration + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch diff --git a/test/integration/oss-to-xpack-upgrade/oss-to-xpack-upgrade.yml b/test/integration/default/default.yml similarity index 100% rename from test/integration/oss-to-xpack-upgrade/oss-to-xpack-upgrade.yml rename to test/integration/default/default.yml diff --git a/test/integration/xpack/serverspec/default_spec.rb b/test/integration/default/serverspec/default_spec.rb similarity index 79% rename from test/integration/xpack/serverspec/default_spec.rb rename to test/integration/default/serverspec/default_spec.rb index 496a28cf..248a3397 100644 --- a/test/integration/xpack/serverspec/default_spec.rb +++ b/test/integration/default/serverspec/default_spec.rb @@ -2,6 +2,6 @@ require 'json' vars = JSON.parse(File.read('/tmp/vars.json')) -describe 'Xpack upgrade Tests' do +describe 'default tests' do include_examples 'shared::init', vars end diff --git a/test/integration/helpers/serverspec/oss_spec.rb b/test/integration/helpers/serverspec/custom_config_spec.rb similarity index 92% rename from test/integration/helpers/serverspec/oss_spec.rb rename to test/integration/helpers/serverspec/custom_config_spec.rb index f07ce889..96255103 100644 --- a/test/integration/helpers/serverspec/oss_spec.rb +++ b/test/integration/helpers/serverspec/custom_config_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper' require 'shared_spec' -shared_examples 'oss::init' do |vars| +shared_examples 'custom_config::init' do |vars| describe file("/etc/elasticsearch/log4j2.properties") do it { should be_file } it { should be_owned_by 'root' } diff --git a/test/integration/helpers/serverspec/issue_test_spec.rb b/test/integration/helpers/serverspec/issue_test_spec.rb deleted file mode 100644 index f65ed61d..00000000 --- a/test/integration/helpers/serverspec/issue_test_spec.rb +++ /dev/null @@ -1,10 +0,0 @@ -require 'spec_helper' -require 'json' -vars = JSON.parse(File.read('/tmp/vars.json')) - -shared_examples 'issue_test::init' do |vars| - - #Add custom tests here for the issue-test.yml test - -end - diff --git a/test/integration/helpers/serverspec/license_spec.rb b/test/integration/helpers/serverspec/license_spec.rb new file mode 100644 index 00000000..4045a63d --- /dev/null +++ b/test/integration/helpers/serverspec/license_spec.rb @@ -0,0 +1,27 @@ +require 'spec_helper' +require 'json' +require 'pathname' +vars = JSON.parse(File.read('/tmp/vars.json')) + +es_api_url = "#{vars['es_api_scheme']}://localhost:#{vars['es_api_port']}" +username = vars['es_api_basic_auth_username'] +password = vars['es_api_basic_auth_password'] +es_keystore = Pathname.new(vars['es_ssl_keystore']).basename.to_s +es_truststore = Pathname.new(vars['es_ssl_truststore']).basename.to_s + +if vars['es_major_version'] == '7.x' + es_license_api = "_license" +else + es_license_api = "_xpack/license" +end + +shared_examples 'license::init' do |vars| + describe 'License check' do + result = curl_json("#{es_api_url}/#{es_license_api}", username=username, password=password) + it 'should list the license issued by Elastic' do + expect(result['license']['status']).to eq('active') + expect(result['license']['type']).to eq('trial') + expect(result['license']['issued_to']).to eq('Elastic - INTERNAL (non-production environments)') + end + end +end diff --git a/test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb b/test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb deleted file mode 100644 index 4eeda4ce..00000000 --- a/test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb +++ /dev/null @@ -1,4 +0,0 @@ -require 'spec_helper' - -shared_examples 'oss_to_xpack_upgrade::init' do |vars| -end diff --git a/test/integration/helpers/serverspec/oss_upgrade_spec.rb b/test/integration/helpers/serverspec/oss_upgrade_spec.rb deleted file mode 100644 index f09e937f..00000000 --- a/test/integration/helpers/serverspec/oss_upgrade_spec.rb +++ /dev/null @@ -1,4 +0,0 @@ -require 'spec_helper' - -shared_examples 'oss_upgrade::init' do |vars| -end diff --git a/test/integration/helpers/serverspec/xpack_upgrade_spec.rb b/test/integration/helpers/serverspec/security_spec.rb similarity index 73% rename from test/integration/helpers/serverspec/xpack_upgrade_spec.rb rename to test/integration/helpers/serverspec/security_spec.rb index 237b1de8..94108984 100644 --- a/test/integration/helpers/serverspec/xpack_upgrade_spec.rb +++ b/test/integration/helpers/serverspec/security_spec.rb @@ -15,7 +15,7 @@ es_security_api = "_xpack/security" end -shared_examples 'xpack_upgrade::init' do |vars| +shared_examples 'security::init' do |vars| #Test users file, users_roles and roles.yml describe file("/etc/elasticsearch/users_roles") do it { should be_owned_by 'root' } @@ -39,12 +39,9 @@ describe file("/etc/elasticsearch/elasticsearch.yml") do if vars['es_major_version'] == '7.x' it { should contain 'security.authc.realms.file.file1.order: 0' } - it { should contain 'security.authc.realms.native.native1.order: 1' } else it { should contain 'security.authc.realms.file1.order: 0' } it { should contain 'security.authc.realms.file1.type: file' } - it { should contain 'security.authc.realms.native1.order: 1' } - it { should contain 'security.authc.realms.native1.type: native' } end it { should contain 'xpack.security.transport.ssl.enabled: true' } it { should contain 'xpack.security.http.ssl.enabled: true' } @@ -56,18 +53,10 @@ describe file("/etc/elasticsearch/role_mapping.yml") do it { should be_owned_by 'root' } it { should contain 'power_user:' } - it { should contain '- cn=admins,dc=example,dc=com' } it { should contain 'user:' } - it { should contain '- cn=admins,dc=example,dc=com' } end #check accounts are correct i.e. we can auth and they have the correct roles - describe 'kibana4_server access check' do - it 'should be reported as version '+vars['es_version'] do - expect(curl_json(es_api_url, username='kibana4_server', password='changeMe')['version']['number']).to eq(vars['es_version']) - end - end - describe 'security users' do result = curl_json("#{es_api_url}/#{es_security_api}/user", username=username, password=password) it 'should have the elastic user' do @@ -80,11 +69,6 @@ expect(result['kibana']['roles']).to eq(['kibana_system']) expect(result['kibana']['enabled']).to eq(true) end - it 'should have the kibana_server user' do - expect(result['kibana4_server']['username']).to eq('kibana4_server') - expect(result['kibana4_server']['roles']).to eq(['kibana4_server']) - expect(result['kibana4_server']['enabled']).to eq(true) - end it 'should have the logstash user' do expect(result['logstash_system']['username']).to eq('logstash_system') expect(result['logstash_system']['roles']).to eq(['logstash_system']) @@ -92,12 +76,6 @@ end end - describe 'logstash_system access check' do - it 'should be reported as version '+vars['es_version'] do - expect(curl_json(es_api_url, username='logstash_system', password='aNewLogstashPassword')['version']['number']).to eq(vars['es_version']) - end - end - describe 'SSL certificate check' do certificates = curl_json("#{es_api_url}/_ssl/certificates", username=username, password=password) it 'should list the keystore file' do diff --git a/test/integration/issue-test.yml b/test/integration/issue-test.yml deleted file mode 100644 index 1629f204..00000000 --- a/test/integration/issue-test.yml +++ /dev/null @@ -1,42 +0,0 @@ -#This file is for users to test issues and reproduce them using the test framework. -#Modify the playbook below and test with kitchen i.e. `kitchen test issue-test` -#To add custom tests modify the serverspec file ./helpers/serverspec/issue_test_spec.rb -#Idempot test is enabled for this test - -- name: Simple Example - hosts: localhost - post_tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - elasticsearch - vars: - es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" - es_config: - xpack.security.authc.realms.file.file1.order: 1 - xpack.security.authc.realms.native.native1.type: "native" - es_heap_size: "1g" - es_plugins: - - plugin: ingest-attachment - es_api_basic_auth_username: elastic - es_api_basic_auth_password: changeme - es_users: - file: - test_user: - password: changeme - roles: - - kibana_system - native: - kibana: - password: changeme - roles: - - kibana_system - elastic: - password: aNewPassWord - es_roles: - native: - logstash: - cluster: - - manage_index_templates - logstash_system: - cluster: - - manage_index_templates diff --git a/test/integration/issue-test/serverspec/default_spec.rb b/test/integration/issue-test/serverspec/default_spec.rb deleted file mode 100644 index ee7536b0..00000000 --- a/test/integration/issue-test/serverspec/default_spec.rb +++ /dev/null @@ -1,8 +0,0 @@ -require 'issue_test_spec' -require 'json' -vars = JSON.parse(File.read('/tmp/vars.json')) - -describe 'Issue Test' do - include_examples 'issue_test::init', vars -end - diff --git a/test/integration/license.yml b/test/integration/license.yml new file mode 100644 index 00000000..cd0e2343 --- /dev/null +++ b/test/integration/license.yml @@ -0,0 +1,57 @@ +--- +- name: Elasticsearch Xpack HTTP different keystore and truststore with password + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch + vars: + es_config_6x: + xpack.security.authc.realms.file1.order: 0 + xpack.security.authc.realms.file1.type: file + es_config_7x: + xpack.security.authc.realms.file.file1.order: 0 + es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" + es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" + es_api_basic_auth_username: elastic + es_api_basic_auth_password: changeme + es_api_sleep: 5 + es_enable_http_ssl: true + es_enable_transport_ssl: true + es_ssl_keystore: "test/integration/files/certs/keystore-password.p12" + es_ssl_truststore: "test/integration/files/certs/truststore-password.p12" + es_ssl_keystore_password: password1 + es_ssl_truststore_password: password2 + es_validate_certs: no + es_users: + file: + es_admin: + password: changeMe + roles: + - admin + testUser: + password: changeMeAlso! + roles: + - power_user + - user + es_roles: + file: + admin: + cluster: + - all + indices: + - names: '*' + privileges: + - all + power_user: + cluster: + - monitor + indices: + - names: '*' + privileges: + - all + user: + indices: + - names: '*' + privileges: + - read diff --git a/test/integration/oss-upgrade/oss-upgrade.yml b/test/integration/license/license.yml similarity index 100% rename from test/integration/oss-upgrade/oss-upgrade.yml rename to test/integration/license/license.yml diff --git a/test/integration/license/serverspec/default_spec.rb b/test/integration/license/serverspec/default_spec.rb new file mode 100644 index 00000000..aabba223 --- /dev/null +++ b/test/integration/license/serverspec/default_spec.rb @@ -0,0 +1,9 @@ +require 'license_spec' +require 'shared_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'license tests' do + include_examples 'shared::init', vars + include_examples 'license::init', vars +end diff --git a/test/integration/oss-to-xpack-upgrade.yml b/test/integration/oss-to-default-upgrade.yml similarity index 72% rename from test/integration/oss-to-xpack-upgrade.yml rename to test/integration/oss-to-default-upgrade.yml index 2d8caf87..774f7250 100644 --- a/test/integration/oss-to-xpack-upgrade.yml +++ b/test/integration/oss-to-default-upgrade.yml @@ -1,5 +1,5 @@ --- -- name: Standard test for single node setup. Tests idempotence. +- name: Deploy Elasticsearch OSS version hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -8,9 +8,8 @@ vars: es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade oss_version: true - es_heap_size: "1g" -- name: Standard test for single node setup. Tests idempotence. +- name: Upgrade to Elasticsearch default version hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -18,4 +17,3 @@ - elasticsearch vars: oss_version: false - es_heap_size: "1g" diff --git a/test/integration/xpack-upgrade/xpack-upgrade.yml b/test/integration/oss-to-default-upgrade/oss-to-default-upgrade.yml similarity index 100% rename from test/integration/xpack-upgrade/xpack-upgrade.yml rename to test/integration/oss-to-default-upgrade/oss-to-default-upgrade.yml diff --git a/test/integration/oss-to-default-upgrade/serverspec/default_spec.rb b/test/integration/oss-to-default-upgrade/serverspec/default_spec.rb new file mode 100644 index 00000000..08e2a2df --- /dev/null +++ b/test/integration/oss-to-default-upgrade/serverspec/default_spec.rb @@ -0,0 +1,7 @@ +require 'shared_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'oss to default upgrade tests' do + include_examples 'shared::init', vars +end diff --git a/test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb b/test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb deleted file mode 100644 index c633ffaf..00000000 --- a/test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -require 'oss_to_xpack_upgrade_spec' -require 'shared_spec' -require 'json' -vars = JSON.parse(File.read('/tmp/vars.json')) - -describe 'oss to xpack upgrade Tests' do - include_examples 'shared::init', vars - include_examples 'oss_to_xpack_upgrade::init', vars -end diff --git a/test/integration/oss-upgrade.yml b/test/integration/oss-upgrade.yml index 9d5c147a..153b02a6 100644 --- a/test/integration/oss-upgrade.yml +++ b/test/integration/oss-upgrade.yml @@ -1,5 +1,5 @@ --- -- name: Standard test for single node setup. Tests idempotence. +- name: Deploy Elasticsearch OSS previous version hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -8,9 +8,8 @@ vars: es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade oss_version: true - es_heap_size: "1g" -- name: Standard test for single node setup. Tests idempotence. +- name: Deploy Elasticsearch OSS latest version hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -18,4 +17,3 @@ - elasticsearch vars: oss_version: true - es_heap_size: "1g" diff --git a/test/integration/xpack/xpack.yml b/test/integration/oss-upgrade/oss.yml similarity index 100% rename from test/integration/xpack/xpack.yml rename to test/integration/oss-upgrade/oss.yml diff --git a/test/integration/oss-upgrade/serverspec/default_spec.rb b/test/integration/oss-upgrade/serverspec/default_spec.rb index 939ee16d..cd365924 100644 --- a/test/integration/oss-upgrade/serverspec/default_spec.rb +++ b/test/integration/oss-upgrade/serverspec/default_spec.rb @@ -1,9 +1,7 @@ -require 'oss_upgrade_spec' require 'shared_spec' require 'json' vars = JSON.parse(File.read('/tmp/vars.json')) -describe 'oss upgrade Tests' do - include_examples 'oss_upgrade::init', vars +describe 'oss upgrade tests' do include_examples 'shared::init', vars end diff --git a/test/integration/oss.yml b/test/integration/oss.yml index 7f54c47b..6c6ba062 100644 --- a/test/integration/oss.yml +++ b/test/integration/oss.yml @@ -1,5 +1,5 @@ --- -- name: Standard test for single node setup. Tests idempotence. +- name: Setup Elasticsearch OSS 6.x hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -7,11 +7,5 @@ - elasticsearch vars: oss_version: true - es_heap_size: "1g" - es_plugins: - - plugin: ingest-attachment - es_config_default: "test/integration/files/custom_config/elasticsearch" - es_config_log4j2: "test/integration/files/custom_config/log4j2.properties" - es_config_jvm: "test/integration/files/custom_config/jvm.options" #Do not add tests here. This test is run twice and confirms idempotency. diff --git a/test/integration/oss/serverspec/default_spec.rb b/test/integration/oss/serverspec/default_spec.rb index 7b506670..b32dc04b 100644 --- a/test/integration/oss/serverspec/default_spec.rb +++ b/test/integration/oss/serverspec/default_spec.rb @@ -1,12 +1,7 @@ -require 'oss_spec' require 'shared_spec' require 'json' vars = JSON.parse(File.read('/tmp/vars.json')) -describe 'OSS Tests' do - include_examples 'oss::init', vars +describe 'oss tests' do include_examples 'shared::init', vars end - - - diff --git a/test/integration/security.yml b/test/integration/security.yml new file mode 100644 index 00000000..bfedebfe --- /dev/null +++ b/test/integration/security.yml @@ -0,0 +1,56 @@ +--- +- name: Elasticsearch Xpack HTTP different keystore and truststore with password + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch + vars: + es_config_6x: + xpack.security.authc.realms.file1.order: 0 + xpack.security.authc.realms.file1.type: file + es_config_7x: + xpack.security.authc.realms.file.file1.order: 0 + es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" + es_api_basic_auth_username: elastic + es_api_basic_auth_password: changeme + es_api_sleep: 5 + es_enable_http_ssl: true + es_enable_transport_ssl: true + es_ssl_keystore: "test/integration/files/certs/keystore-password.p12" + es_ssl_truststore: "test/integration/files/certs/truststore-password.p12" + es_ssl_keystore_password: password1 + es_ssl_truststore_password: password2 + es_validate_certs: no + es_users: + file: + es_admin: + password: changeMe + roles: + - admin + testUser: + password: changeMeAlso! + roles: + - power_user + - user + es_roles: + file: + admin: + cluster: + - all + indices: + - names: '*' + privileges: + - all + power_user: + cluster: + - monitor + indices: + - names: '*' + privileges: + - all + user: + indices: + - names: '*' + privileges: + - read diff --git a/test/integration/security/security.yml b/test/integration/security/security.yml new file mode 100644 index 00000000..a3c37e19 --- /dev/null +++ b/test/integration/security/security.yml @@ -0,0 +1,2 @@ +--- +- host: test-kitchen diff --git a/test/integration/security/serverspec/default_spec.rb b/test/integration/security/serverspec/default_spec.rb new file mode 100644 index 00000000..25696e8f --- /dev/null +++ b/test/integration/security/serverspec/default_spec.rb @@ -0,0 +1,9 @@ +require 'security_spec' +require 'shared_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'security tests' do + include_examples 'shared::init', vars + include_examples 'security::init', vars +end diff --git a/test/integration/xpack-upgrade-trial.yml b/test/integration/trial.yml similarity index 53% rename from test/integration/xpack-upgrade-trial.yml rename to test/integration/trial.yml index acf2e574..32217138 100644 --- a/test/integration/xpack-upgrade-trial.yml +++ b/test/integration/trial.yml @@ -1,5 +1,5 @@ --- -- name: Elasticsearch Xpack HTTP different keystore and truststore with password +- name: Setup Elasticsearch with security enabled and a trial license hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml @@ -15,15 +15,7 @@ xpack.security.authc.realms.file.file1.order: 0 xpack.security.authc.realms.native.native1.order: 1 es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" - es_heap_size: "1g" - es_templates: true - es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json" - es_major_version: "7.x" - es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade - es_xpack_license: "" es_xpack_trial: true - es_plugins: - - plugin: ingest-attachment es_api_basic_auth_username: elastic es_api_basic_auth_password: changeme es_api_sleep: 5 @@ -112,64 +104,3 @@ - write - delete - create_index - -#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed. -- name: Elasticsearch Xpack HTTP SSL and shared keystore without password - hosts: localhost - post_tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - elasticsearch - vars: - es_config_6x: - xpack.security.authc.realms.file1.order: 0 - xpack.security.authc.realms.file1.type: file - xpack.security.authc.realms.native1.order: 1 - xpack.security.authc.realms.native1.type: native - es_config_7x: - xpack.security.authc.realms.file.file1.order: 0 - xpack.security.authc.realms.native.native1.order: 1 - es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" - es_heap_size: "1g" - es_templates: true - es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json" - es_xpack_license: "" - es_xpack_trial: false - es_plugins: - - plugin: ingest-attachment - es_api_basic_auth_username: elastic - es_api_basic_auth_password: elasticChanged - es_api_sleep: 5 - es_enable_http_ssl: true - es_enable_transport_ssl: true - es_ssl_keystore: "test/integration/files/certs/shared-store-no-password.p12" - es_ssl_truststore: "test/integration/files/certs/shared-store-no-password.p12" - es_ssl_keystore_password: "" - es_ssl_truststore_password: "" - es_validate_certs: no - es_role_mapping: - power_user: - - "cn=admins,dc=example,dc=com" - user: - - "cn=users,dc=example,dc=com" - - "cn=admins,dc=example,dc=com" - es_users: - native: - kibana4_server: - password: changeMe - roles: - - kibana4_server - logstash_system: - #this will be ignored - roles: - - kibana4_server - file: - es_admin: - password: changeMeAgain - roles: - - admin - testUser: - password: changeMeAlso! - roles: - - power_user - - user diff --git a/test/integration/trial/serverspec/default_spec.rb b/test/integration/trial/serverspec/default_spec.rb new file mode 100644 index 00000000..9700f5bd --- /dev/null +++ b/test/integration/trial/serverspec/default_spec.rb @@ -0,0 +1,7 @@ +require 'shared_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'trial tests' do + include_examples 'shared::init', vars +end diff --git a/test/integration/trial/trial.yml b/test/integration/trial/trial.yml new file mode 100644 index 00000000..a3c37e19 --- /dev/null +++ b/test/integration/trial/trial.yml @@ -0,0 +1,2 @@ +--- +- host: test-kitchen diff --git a/test/integration/upgrade.yml b/test/integration/upgrade.yml new file mode 100644 index 00000000..2a1a27bb --- /dev/null +++ b/test/integration/upgrade.yml @@ -0,0 +1,16 @@ +--- +- name: Deploy Elasticsearch previous version + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch + vars: + es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" + +- name: Deploy Elasticsearch latest version + hosts: localhost + post_tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - elasticsearch diff --git a/test/integration/upgrade/serverspec/default_spec.rb b/test/integration/upgrade/serverspec/default_spec.rb new file mode 100644 index 00000000..29eacb20 --- /dev/null +++ b/test/integration/upgrade/serverspec/default_spec.rb @@ -0,0 +1,7 @@ +require 'shared_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'upgrade tests' do + include_examples 'shared::init', vars +end diff --git a/test/integration/upgrade/upgrade.yml b/test/integration/upgrade/upgrade.yml new file mode 100644 index 00000000..a3c37e19 --- /dev/null +++ b/test/integration/upgrade/upgrade.yml @@ -0,0 +1,2 @@ +--- +- host: test-kitchen diff --git a/test/integration/xpack-upgrade-trial b/test/integration/xpack-upgrade-trial deleted file mode 120000 index 3021ce03..00000000 --- a/test/integration/xpack-upgrade-trial +++ /dev/null @@ -1 +0,0 @@ -xpack-upgrade \ No newline at end of file diff --git a/test/integration/xpack-upgrade.yml b/test/integration/xpack-upgrade.yml deleted file mode 100644 index ea4a8bc1..00000000 --- a/test/integration/xpack-upgrade.yml +++ /dev/null @@ -1,173 +0,0 @@ ---- -- name: Elasticsearch Xpack HTTP different keystore and truststore with password - hosts: localhost - post_tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - elasticsearch - vars: - es_config_6x: - xpack.security.authc.realms.file1.order: 0 - xpack.security.authc.realms.file1.type: file - xpack.security.authc.realms.native1.order: 1 - xpack.security.authc.realms.native1.type: native - es_config_7x: - xpack.security.authc.realms.file.file1.order: 0 - xpack.security.authc.realms.native.native1.order: 1 - es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" - es_heap_size: "1g" - es_templates: true - es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json" - es_major_version: "7.x" - es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade - es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" - es_plugins: - - plugin: ingest-attachment - es_api_basic_auth_username: elastic - es_api_basic_auth_password: changeme - es_api_sleep: 5 - es_enable_http_ssl: false - es_enable_transport_ssl: true - es_ssl_keystore: "test/integration/files/certs/keystore-password.p12" - es_ssl_truststore: "test/integration/files/certs/truststore-password.p12" - es_ssl_keystore_password: password1 - es_ssl_truststore_password: password2 - es_validate_certs: no - es_role_mapping: - power_user: - - "cn=admins,dc=example,dc=com" - user: - - "cn=users,dc=example,dc=com" - - "cn=admins,dc=example,dc=com" - es_users: - native: - kibana4_server: - password: changeMe - roles: - - kibana4_server - logstash_system: - #this should be successfully modified - password: aNewLogstashPassword - #this will be ignored - roles: - - kibana4_server - elastic: - password: elasticChanged - file: - es_admin: - password: changeMe - roles: - - admin - testUser: - password: changeMeAlso! - roles: - - power_user - - user - es_roles: - file: - admin: - cluster: - - all - indices: - - names: '*' - privileges: - - all - power_user: - cluster: - - monitor - indices: - - names: '*' - privileges: - - all - user: - indices: - - names: '*' - privileges: - - read - kibana4_server: - cluster: - - monitor - indices: - - names: '.kibana' - privileges: - - all - native: - logstash: - cluster: - - manage_index_templates - indices: - - names: 'logstash-*' - privileges: - - write - - delete - - create_index - #this will be ignored - its reserved - logstash_system: - cluster: - - manage_index_templates - indices: - - names: 'logstash-*' - privileges: - - write - - delete - - create_index - -#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed. -- name: Elasticsearch Xpack HTTP SSL and shared keystore without password - hosts: localhost - post_tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - elasticsearch - vars: - es_config_6x: - xpack.security.authc.realms.file1.order: 0 - xpack.security.authc.realms.file1.type: file - xpack.security.authc.realms.native1.order: 1 - xpack.security.authc.realms.native1.type: native - es_config_7x: - xpack.security.authc.realms.file.file1.order: 0 - xpack.security.authc.realms.native.native1.order: 1 - es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" - es_heap_size: "1g" - es_templates: true - es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json" - es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" - es_plugins: - - plugin: ingest-attachment - es_api_basic_auth_username: elastic - es_api_basic_auth_password: elasticChanged - es_api_sleep: 5 - es_enable_http_ssl: true - es_enable_transport_ssl: true - es_ssl_keystore: "test/integration/files/certs/shared-store-no-password.p12" - es_ssl_truststore: "test/integration/files/certs/shared-store-no-password.p12" - es_ssl_keystore_password: "" - es_ssl_truststore_password: "" - es_validate_certs: no - es_role_mapping: - power_user: - - "cn=admins,dc=example,dc=com" - user: - - "cn=users,dc=example,dc=com" - - "cn=admins,dc=example,dc=com" - es_users: - native: - kibana4_server: - password: changeMe - roles: - - kibana4_server - logstash_system: - #this will be ignored - roles: - - kibana4_server - file: - es_admin: - password: changeMeAgain - roles: - - admin - testUser: - password: changeMeAlso! - roles: - - power_user - - user diff --git a/test/integration/xpack.yml b/test/integration/xpack.yml deleted file mode 100644 index 002736f9..00000000 --- a/test/integration/xpack.yml +++ /dev/null @@ -1,10 +0,0 @@ -#Tests x-pack is idempotent and works when security is not enabled ---- -- name: Elasticsearch Xpack tests - no security and manual download - hosts: localhost - post_tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - elasticsearch - vars: - es_heap_size: 2g diff --git a/test/matrix-6x.yml b/test/matrix-6x.yml index d8fad354..d08e1e61 100644 --- a/test/matrix-6x.yml +++ b/test/matrix-6x.yml @@ -9,8 +9,12 @@ OS: - centos-8 - amazonlinux-2 TEST_TYPE: + - custom-config + - default + - license - oss + - oss-to-default-upgrade - oss-upgrade - - oss-to-xpack-upgrade - - xpack - - xpack-upgrade + - security + - trial + - upgrade diff --git a/test/matrix.yml b/test/matrix.yml index d8fad354..d08e1e61 100644 --- a/test/matrix.yml +++ b/test/matrix.yml @@ -9,8 +9,12 @@ OS: - centos-8 - amazonlinux-2 TEST_TYPE: + - custom-config + - default + - license - oss + - oss-to-default-upgrade - oss-upgrade - - oss-to-xpack-upgrade - - xpack - - xpack-upgrade + - security + - trial + - upgrade From e2caeb84b389dece6ad8407a669c31be17aaef40 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Fri, 5 Feb 2021 16:23:55 +0100 Subject: [PATCH 29/68] Remove OSS support for version >= 7.11.0 (#770) This commit is removing the option to install Elasticsearch OSS distribution for version >= 7.11.0. This is due to Elasticsearch recent license change. See https://www.elastic.co/blog/licensing-change for more details. - Add notice to breaking changes and update documentation - Fail the deployment if trying to install OSS >= 7.11.0 - Remove OSS tests for 7.x except the upgrade test from last OSS version to default distribution --- README.md | 17 ++++++++++++++--- tasks/elasticsearch-parameters.yml | 7 +++++++ test/matrix.yml | 2 -- 3 files changed, 21 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index a660e63e..48fbad48 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,17 @@ Ansible-elasticsearch 7.5.2 is updating the configuration files provided by this - Deployment of this Ansible role on new servers will get the default `log4j2.properties` provided by Elasticsearch without any override. - **WARNING**: For upgrade scenarios where this file was already managed by previous versions of ansible-elasticsearch, this file will become unmanaged and won't be updated by default. If you wish to update it to 7.5 version, you can retrieve it [here](https://github.com/elastic/elasticsearch/blob/7.5/distribution/src/config/log4j2.properties) and use this file with `es_config_log4j2` Ansible variable (see below). +### Removing OSS distribution for versions >= 7.11.0 + +Starting from Elasticsearch 7.11.0, OSS distributions will no more provided following Elasticsearch +recent license change. + +This Ansible role will fail if `oss_version` is set to `true` and `es_version` is greater than +`7.11.0`. + +See [Doubling down on open, Part II](https://www.elastic.co/blog/licensing-change for more details) +blog post for more details. + #### How to override configuration files provided by ansible-elasticsearch? You can now override the configuration files with your own versions by using the following Ansible variables: @@ -128,7 +139,7 @@ $ make list The default test suite is Ubuntu 16.04 with X-Pack. If you want to test another suite you can override this with the `PATTERN` variable ```sh -$ make converge PATTERN=oss-centos-7 +$ make converge PATTERN=security-centos-7 ``` The `PATTERN` is a kitchen pattern which can match multiple suites. To run all tests for CentOS @@ -138,7 +149,7 @@ $ make converge PATTERN=centos-7 The default version is 7.x. If you want to test 6.x you can override it with the `VERSION` variable, for example: ```sh -$ make converge VERSION=6.x PATTERN=oss-centos-7 +$ make converge VERSION=6.x PATTERN=security-centos-7 ``` When you are finished testing you can clean up everything with @@ -400,7 +411,7 @@ These can either be set to a user declared in the file based realm, with admin p In addition to es_config, the following parameters allow the customization of the Java and Elasticsearch versions as well as the role behavior. Options include: -* ```oss_version``` Default `false`. Setting this to `true` will install the oss release of elasticsearch +* ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. * ```es_version``` (e.g. "7.10.2"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". diff --git a/tasks/elasticsearch-parameters.yml b/tasks/elasticsearch-parameters.yml index 63693fc7..c73d7ae8 100644 --- a/tasks/elasticsearch-parameters.yml +++ b/tasks/elasticsearch-parameters.yml @@ -5,6 +5,13 @@ msg: "WARNING: es_xpack_features variable is now deprecated. All feature are now enabled by default" when: es_xpack_features is defined and not oss_version +- name: "fail when oss_version is true with es_version >= 7.11.0" + fail: + msg: > + OSS versions are not available for Elasticsearch >= 7.11.0. + See https://www.elastic.co/blog/licensing-change for more details. + when: oss_version and es_version is version('7.11.0', '>=') + - name: fail when es_proxy_port is not defined or is blank fail: msg="es_proxy_port must be specified and cannot be blank when es_proxy_host is defined" when: (es_proxy_port is not defined or es_proxy_port == '') and (es_proxy_host is defined and es_proxy_host != '') diff --git a/test/matrix.yml b/test/matrix.yml index d08e1e61..0ea5ac5c 100644 --- a/test/matrix.yml +++ b/test/matrix.yml @@ -12,9 +12,7 @@ TEST_TYPE: - custom-config - default - license - - oss - oss-to-default-upgrade - - oss-upgrade - security - trial - upgrade From 30fcd95d51a7f593e65ad2984c9fe9f54a413f85 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Mon, 22 Feb 2021 17:02:41 +0100 Subject: [PATCH 30/68] Fix "list native roles" task (#779) This commit fix "List Native Roles" task with Elasticsearch 7.11.0+ by removing the unused `body_format` parameter from `uri` module. This parameter isn't used with a GET method but make request fail with `request [GET /_security/role] does not support having a body` error with Elasticsearch 7.11.0+. --- tasks/xpack/security/elasticsearch-security-native.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tasks/xpack/security/elasticsearch-security-native.yml b/tasks/xpack/security/elasticsearch-security-native.yml index 0d04a280..f8502640 100644 --- a/tasks/xpack/security/elasticsearch-security-native.yml +++ b/tasks/xpack/security/elasticsearch-security-native.yml @@ -137,7 +137,6 @@ uri: url: "{{ es_api_uri }}/{{ es_security_api }}/role" method: GET - body_format: json user: "{{es_api_basic_auth_username}}" password: "{{es_api_basic_auth_password}}" force_basic_auth: yes From 7bf590a2193dfb610306af7ecddb81944d83b7d7 Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Mon, 22 Feb 2021 11:52:36 -0500 Subject: [PATCH 31/68] 7.11.1 release (#780) Co-authored-by: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> --- .kitchen.yml | 2 +- CHANGELOG.md | 15 +++++++++++++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index a1ee4f55..b741aa86 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -22,7 +22,7 @@ provisioner: extra_vars: es_major_version: "<%= ENV['VERSION'] %>" <% if ENV['VERSION'] == '6.x' %> - es_version: '6.8.13' + es_version: '6.8.14' <% end %> <% end %> diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c1b4037..425a0d83 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,20 @@ # Changelog +## 7.11.1 + +* 7.11.1 as default version. +* 6.8.14 as 6.x tested version + +| PR | Author | Title | +|-------------------------------------------------------------------|--------------------------------------------------------------|------------------------------------------------| +| [#760](https://github.com/elastic/ansible-elasticsearch/pull/760) | [@jmlrt](https://github.com/jmlrt) | Add dedicated CI jobs for 6.x | +| [#761](https://github.com/elastic/ansible-elasticsearch/pull/761) | [@rubarclk](https://github.com/rubarclk) | Fix Elasticsearch 7.x deb url | +| [#769](https://github.com/elastic/ansible-elasticsearch/pull/769) | [@Bernhard-Fluehmann](https://github.com/Bernhard-Fluehmann) | Add support for elasticsearch-keystore entries | +| [#765](https://github.com/elastic/ansible-elasticsearch/pull/765) | [@jmlrt](https://github.com/jmlrt) | Refactor Kitchen tests | +| [#770](https://github.com/elastic/ansible-elasticsearch/pull/770) | [@jmlrt](https://github.com/jmlrt) | Remove OSS support for version >= 7.11.0 | +| [#779](https://github.com/elastic/ansible-elasticsearch/pull/779) | [@jmlrt](https://github.com/jmlrt) | Fix "list native roles" task | + + ## 7.10.2 * 7.10.2 as default version. diff --git a/README.md b/README.md index 48fbad48..6016165e 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.10.2 +ansible-galaxy install elastic.elasticsearch,v7.11.1 ``` Then create your playbook yaml adding the role elasticsearch. @@ -83,14 +83,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.10.2 + es_version: 7.11.1 ``` -The above installs Elasticsearch 7.10.2 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.11.1 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.10.2](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.13](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.11.1](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.14](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -413,7 +413,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.10.2"). +* ```es_version``` (e.g. "7.11.1"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index 78fdc9ec..29249b2b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.10.2" +es_version: "7.11.1" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From f0e4e360a2ceabc6e5bb0b9f73a808655bc875ea Mon Sep 17 00:00:00 2001 From: Dan Roscigno Date: Wed, 24 Feb 2021 05:53:17 -0500 Subject: [PATCH 32/68] Update ssl-tls-setup.md (#777) When generating the CA the filename is `my-ca.p12`, so I changed the name from `my-truststore.p12` to `my-ca.p12` Co-authored-by: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> --- docs/ssl-tls-setup.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/ssl-tls-setup.md b/docs/ssl-tls-setup.md index b948e8e2..4eec7614 100644 --- a/docs/ssl-tls-setup.md +++ b/docs/ssl-tls-setup.md @@ -73,9 +73,9 @@ $ bin/elasticsearch-certutil cert --ca ./my-ca.p12 --out ./my-keystore.p12 --pas es_enable_http_ssl: true es_enable_transport_ssl: true es_ssl_keystore: "files/certs/my-keystore.p12" - es_ssl_truststore: "files/certs/my-truststore.p12" + es_ssl_truststore: "files/certs/my-ca.p12" es_ssl_keystore_password: "keystore_password" - es_ssl_truststore_password: "truststore_password" + es_ssl_truststore_password: "ca_password" es_validate_certs: no ``` From 5af8fbfe92becacae5abc567993deeac4273ca1b Mon Sep 17 00:00:00 2001 From: Shiny Hou Date: Wed, 3 Mar 2021 19:14:19 +0800 Subject: [PATCH 33/68] Fix README.md Multi Node Server Installations (#782) --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 6016165e..b4037fd7 100644 --- a/README.md +++ b/README.md @@ -253,9 +253,12 @@ An example of a three server deployment is shown below. The first server holds cluster.name: "test-cluster" cluster.initial_master_nodes: "elastic02" discovery.seed_hosts: "elastic02:9300" + http.host: 0.0.0.0 http.port: 9200 node.data: false node.master: true + transport.host: 0.0.0.0 + transport.port: 9300 bootstrap.memory_lock: false es_plugins: - plugin: ingest-attachment @@ -270,9 +273,12 @@ An example of a three server deployment is shown below. The first server holds cluster.name: "test-cluster" cluster.initial_master_nodes: "elastic02" discovery.seed_hosts: "elastic02:9300" + http.host: 0.0.0.0 http.port: 9200 node.data: true node.master: false + transport.host: 0.0.0.0 + transport.port: 9300 bootstrap.memory_lock: false es_plugins: - plugin: ingest-attachment @@ -284,9 +290,12 @@ An example of a three server deployment is shown below. The first server holds es_config: cluster.name: "test-cluster" discovery.seed_hosts: "elastic02:9300" + http.host: 0.0.0.0 http.port: 9200 node.data: true node.master: false + transport.host: 0.0.0.0 + transport.port: 9300 bootstrap.memory_lock: false es_plugins: - plugin: ingest-attachment From 9d3627431b564a85e10a4359b0fe51fbaf6a09f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bernhard=20Fl=C3=BChmann?= Date: Wed, 3 Mar 2021 13:48:25 +0100 Subject: [PATCH 34/68] Cleanup remove keystore entries (#771) --- tasks/xpack/security/elasticsearch-security.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/xpack/security/elasticsearch-security.yml b/tasks/xpack/security/elasticsearch-security.yml index febecfe4..184ab442 100644 --- a/tasks/xpack/security/elasticsearch-security.yml +++ b/tasks/xpack/security/elasticsearch-security.yml @@ -38,7 +38,7 @@ - name: Remove keystore entries become: yes command: > - echo {{ es_api_basic_auth_password | quote }} | {{ es_home }}/bin/elasticsearch-keystore remove '{{ item.key }}' + {{ es_home }}/bin/elasticsearch-keystore remove '{{ item.key }}' with_items: "{{ es_keystore_entries }}" when: - es_keystore_entries is defined and es_keystore_entries | length > 0 From 001c08b1a804094c093e90f4c2c8bbf6cbbf401c Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Wed, 10 Mar 2021 11:07:27 -0500 Subject: [PATCH 35/68] 7.11.2 release (#783) --- CHANGELOG.md | 4 ++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 425a0d83..47fe69e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 7.11.2 + +* 7.11.2 as default version. + ## 7.11.1 * 7.11.1 as default version. diff --git a/README.md b/README.md index b4037fd7..9fd34d32 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.11.1 +ansible-galaxy install elastic.elasticsearch,v7.11.2 ``` Then create your playbook yaml adding the role elasticsearch. @@ -83,14 +83,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.11.1 + es_version: 7.11.2 ``` -The above installs Elasticsearch 7.11.1 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.11.2 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.11.1](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.14](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.11.2](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.14](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -422,7 +422,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.11.1"). +* ```es_version``` (e.g. "7.11.2"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index 29249b2b..ce804ea0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.11.1" +es_version: "7.11.2" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From 4f01bc74a079c726a5045bed5595273fbe2d2bc0 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Wed, 10 Mar 2021 18:04:12 +0100 Subject: [PATCH 36/68] [meta] fix changelog after 7.11.2 release (#784) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 47fe69e6..d7b6c708 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,13 @@ * 7.11.2 as default version. +| PR | Author | Title | +| --- | --- | --- | +| [#771](https://github.com/elastic/ansible-elasticsearch/pull/771) | [@Bernhard-Fluehmann](https://github.com/Bernhard-Fluehmann) | Cleanup remove keystore entries | +| [#782](https://github.com/elastic/ansible-elasticsearch/pull/782) | [@kuops](https://github.com/kuops) | Fix README.md Multi Node Server Installations | +| [#777](https://github.com/elastic/ansible-elasticsearch/pull/777) | [@DanRoscigno](https://github.com/DanRoscigno) | Update ssl-tls-setup.md | + + ## 7.11.1 * 7.11.1 as default version. From 3904913be5f5998d1f10ebd8e20e947977389015 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Thu, 18 Mar 2021 15:22:43 +0100 Subject: [PATCH 37/68] Fix deb and rpm url (#788) * Fix commit fix the deb package url for Elasticsearch 6.x * Fix commit fix the rpm package url for Elasticsearch 6.x and 7.x * Download deb package directly using apt module * Use new ansible syntax --- tasks/elasticsearch-Debian.yml | 12 +++++++----- tasks/elasticsearch-RedHat.yml | 8 +++++++- vars/RedHat.yml | 2 +- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/tasks/elasticsearch-Debian.yml b/tasks/elasticsearch-Debian.yml index b344b413..f6e4c17c 100644 --- a/tasks/elasticsearch-Debian.yml +++ b/tasks/elasticsearch-Debian.yml @@ -102,13 +102,15 @@ selection: "hold" when: es_version_lock -- name: Debian - Download elasticsearch from url - get_url: url={% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_package_url }}-{{ es_version }}-amd64.deb{% endif %} dest=/tmp/elasticsearch-{{ es_version }}.deb validate_certs=no - when: not es_use_repository +# workaround due to https://github.com/ansible/ansible/issues/66977 +- set_fact: + es_deb_url: "{% if es_version is version('7.0.0', '>=') %}{{ es_package_url }}-{{ es_version }}-amd64.deb{% else %}{{ es_package_url }}-{{ es_version }}.deb{% endif %}" -- name: Debian - Ensure elasticsearch is installed from downloaded package +- name: Debian - Install Elasticsearch from url become: yes - apt: deb=/tmp/elasticsearch-{{ es_version }}.deb + apt: + deb: "{% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_deb_url }}{% endif %}" + state: present when: not es_use_repository register: elasticsearch_install_from_package notify: restart elasticsearch diff --git a/tasks/elasticsearch-RedHat.yml b/tasks/elasticsearch-RedHat.yml index f3ebc1ed..7d53fbf1 100644 --- a/tasks/elasticsearch-RedHat.yml +++ b/tasks/elasticsearch-RedHat.yml @@ -54,9 +54,15 @@ environment: ES_PATH_CONF: "{{ es_conf_dir }}" +# workaround due to https://github.com/ansible/ansible/issues/66977 +- set_fact: + es_rpm_url: "{% if es_version is version('7.0.0', '>=') %}{{ es_package_url }}-{{ es_version }}-x86_64.rpm{% else %}{{ es_package_url }}-{{ es_version }}.rpm{% endif %}" + - name: RedHat - Install Elasticsearch from url become: yes - yum: name={% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_package_url }}-{{ es_version }}.noarch.rpm{% endif %} state=present + yum: + name: '{% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_rpm_url }}{% endif %}' + state: present when: not es_use_repository register: elasticsearch_install_from_package notify: restart elasticsearch diff --git a/vars/RedHat.yml b/vars/RedHat.yml index b0aa42b2..5887416b 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,4 +1,4 @@ --- java: "{{ es_java | default('java-1.8.0-openjdk.x86_64') }}" default_file: "/etc/sysconfig/elasticsearch" -es_home: "/usr/share/elasticsearch" \ No newline at end of file +es_home: "/usr/share/elasticsearch" From ba1e82849b30bb47e343aa9039d001906cb2b8c9 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Thu, 18 Mar 2021 15:32:30 +0100 Subject: [PATCH 38/68] Use ES_JAVA_HOME instead of JAVA_HOME (#789) This commit set `ES_JAVA_HOME` environment variable instead of `JAVA_HOME` when `es_java_home` environment variable is used. See https://github.com/elastic/elasticsearch/issues/68848 for more context. --- templates/elasticsearch.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/elasticsearch.j2 b/templates/elasticsearch.j2 index 367bf950..4e64f388 100644 --- a/templates/elasticsearch.j2 +++ b/templates/elasticsearch.j2 @@ -10,9 +10,9 @@ ES_TMPDIR={{ es_tmp_dir }} # Elasticsearch Java path {% if es_java_home | length > 0 %} -JAVA_HOME={{ es_java_home }} +ES_JAVA_HOME={{ es_java_home }} {% else %} -#JAVA_HOME= +#ES_JAVA_HOME= {% endif %} # Elasticsearch configuration directory From 1d3be6dc6cc25a653da0a7f581e3c944d25c5d0a Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Tue, 23 Mar 2021 10:48:12 -0400 Subject: [PATCH 39/68] 7.12.0 release (#790) --- .kitchen.yml | 2 +- CHANGELOG.md | 13 +++++++++++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 4 files changed, 20 insertions(+), 7 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index b741aa86..e77b5b04 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -22,7 +22,7 @@ provisioner: extra_vars: es_major_version: "<%= ENV['VERSION'] %>" <% if ENV['VERSION'] == '6.x' %> - es_version: '6.8.14' + es_version: '6.8.15' <% end %> <% end %> diff --git a/CHANGELOG.md b/CHANGELOG.md index d7b6c708..60f07814 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,18 @@ # Changelog +## 7.12.0 + +* 7.12.0 as default version. +* 6.8.15 as 6.x tested version + + +| PR | Author | Title | +| --- | --- | --- | +| [#789](https://github.com/elastic/ansible-elasticsearch/pull/789) | [@jmlrt](https://github.com/jmlrt) | Use ES_JAVA_HOME instead of JAVA_HOME | +| [#788](https://github.com/elastic/ansible-elasticsearch/pull/788) | [@jmlrt](https://github.com/jmlrt) | Fix deb and rpm url | +| [#784](https://github.com/elastic/ansible-elasticsearch/pull/784) | [@jmlrt](https://github.com/jmlrt) | [meta] fix changelog after 7.11.2 release | + + ## 7.11.2 * 7.11.2 as default version. diff --git a/README.md b/README.md index 9fd34d32..49edbff3 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.11.2 +ansible-galaxy install elastic.elasticsearch,v7.12.0 ``` Then create your playbook yaml adding the role elasticsearch. @@ -83,14 +83,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.11.2 + es_version: 7.12.0 ``` -The above installs Elasticsearch 7.11.2 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.12.0 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.11.2](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.14](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.12.0](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.15](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -422,7 +422,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.11.2"). +* ```es_version``` (e.g. "7.12.0"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index ce804ea0..bb239c3e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.11.2" +es_version: "7.12.0" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From 25ae51e393614e45485c958252c1267ddbcaa7bf Mon Sep 17 00:00:00 2001 From: Tobias Huste Date: Mon, 12 Apr 2021 14:25:04 +0200 Subject: [PATCH 40/68] Stop plugin install to fail in check mode (#787) In check mode Ansible is actually not going to execute the command. Therefore, the return code is not defined making the role fail when execute in Ansible check mode. Co-authored-by: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> --- tasks/elasticsearch-plugins.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/elasticsearch-plugins.yml b/tasks/elasticsearch-plugins.yml index 7e1829a0..d96ac96e 100644 --- a/tasks/elasticsearch-plugins.yml +++ b/tasks/elasticsearch-plugins.yml @@ -67,7 +67,7 @@ become: yes command: "{{es_home}}/bin/elasticsearch-plugin install {{ item.url | default(item.plugin) }} --batch --silent" register: plugin_installed - changed_when: plugin_installed.rc == 0 + changed_when: plugin_installed.rc|default(0) == 0 with_items: "{{ es_plugins }}" when: item.plugin in plugins_to_install notify: restart elasticsearch @@ -75,6 +75,6 @@ CONF_DIR: "{{ es_conf_dir }}" ES_PATH_CONF: "{{ es_conf_dir }}" ES_INCLUDE: "{{ default_file }}" - until: plugin_installed.rc == 0 + until: plugin_installed.rc|default(0) == 0 retries: 5 delay: 5 From 953f0e5d7362bede8dfdfd7d6fa5ab8eed646b51 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Mon, 12 Apr 2021 15:57:26 +0200 Subject: [PATCH 41/68] [meta] update ubuntu-1804 during kitchen provisioning (#793) --- .kitchen.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.kitchen.yml b/.kitchen.yml index e77b5b04..68aaebfe 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -60,7 +60,7 @@ platforms: image: ubuntu:18.04 privileged: true provision_command: - - apt-get install -y -q ansible iproute2 python-jmespath + - apt-get update -q && apt-get install -y -q ansible iproute2 python-jmespath use_sudo: false volume: - <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json From 1357e109c00575ad4673344d99f9258c3026985e Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Tue, 27 Apr 2021 16:25:58 -0400 Subject: [PATCH 42/68] 7.12.1 release (#795) --- CHANGELOG.md | 11 +++++++++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 60f07814..e7edfedd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,16 @@ # Changelog +## 7.12.1 + +* 7.12.1 as default version. + + +| PR | Author | Title | +| --- | --- | --- | +| [#793](https://github.com/elastic/ansible-elasticsearch/pull/793) | [@jmlrt](https://github.com/jmlrt) | [meta] update ubuntu-1804 during kitchen provisioning | +| [#787](https://github.com/elastic/ansible-elasticsearch/pull/787) | [@tobiashuste](https://github.com/tobiashuste) | Stop plugin install to fail in check mode | + + ## 7.12.0 * 7.12.0 as default version. diff --git a/README.md b/README.md index 49edbff3..cf0381f8 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.12.0 +ansible-galaxy install elastic.elasticsearch,v7.12.1 ``` Then create your playbook yaml adding the role elasticsearch. @@ -83,14 +83,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.12.0 + es_version: 7.12.1 ``` -The above installs Elasticsearch 7.12.0 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.12.1 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.12.0](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.15](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.12.1](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.15](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -422,7 +422,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.12.0"). +* ```es_version``` (e.g. "7.12.1"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index bb239c3e..ba171f63 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.12.0" +es_version: "7.12.1" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From e4920b0da41aaf37880dfd2bfbc75a4db1bb8217 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Mon, 10 May 2021 13:17:39 +0100 Subject: [PATCH 43/68] Support ubuntu-20 (#745) --- .kitchen.yml | 11 +++++++++++ README.md | 1 + test/matrix-6x.yml | 1 + test/matrix.yml | 1 + 4 files changed, 14 insertions(+) diff --git a/.kitchen.yml b/.kitchen.yml index 68aaebfe..7de39cd4 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -66,6 +66,17 @@ platforms: - <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json - /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers run_command: "/sbin/init" + - name: ubuntu-20.04 + driver_config: + image: ubuntu:20.04 + privileged: true + provision_command: + - apt-get update -q && apt-get install -y -q ansible gpg iproute2 python3-jmespath + use_sudo: false + volume: + - <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json + - /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers + run_command: "/sbin/init" - name: debian-8 driver_config: image: debian:8 diff --git a/README.md b/README.md index cf0381f8..33a3a2d9 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ Ansible role for 7.x/6.x Elasticsearch. Currently this works on Debian and RedH * Ubuntu 14.04 * Ubuntu 16.04 * Ubuntu 18.04 +* Ubuntu 20.04 * Debian 8 * Debian 9 * Debian 10 diff --git a/test/matrix-6x.yml b/test/matrix-6x.yml index d08e1e61..94aaead9 100644 --- a/test/matrix-6x.yml +++ b/test/matrix-6x.yml @@ -2,6 +2,7 @@ OS: - ubuntu-1404 - ubuntu-1604 - ubuntu-1804 + - ubuntu-2004 - debian-8 - debian-9 - debian-10 diff --git a/test/matrix.yml b/test/matrix.yml index 0ea5ac5c..19f303db 100644 --- a/test/matrix.yml +++ b/test/matrix.yml @@ -2,6 +2,7 @@ OS: - ubuntu-1404 - ubuntu-1604 - ubuntu-1804 + - ubuntu-2004 - debian-8 - debian-9 - debian-10 From ce523dd1345996171be0b741011718d2d13ba346 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Tue, 25 May 2021 11:04:24 +0200 Subject: [PATCH 44/68] Fails deployment when using tls without security (#796) --- tasks/elasticsearch-parameters.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/tasks/elasticsearch-parameters.yml b/tasks/elasticsearch-parameters.yml index c73d7ae8..f79cc461 100644 --- a/tasks/elasticsearch-parameters.yml +++ b/tasks/elasticsearch-parameters.yml @@ -1,3 +1,4 @@ +--- # Check for mandatory parameters - name: Warn about deprecated es_xpack_features variable @@ -16,19 +17,25 @@ fail: msg="es_proxy_port must be specified and cannot be blank when es_proxy_host is defined" when: (es_proxy_port is not defined or es_proxy_port == '') and (es_proxy_host is defined and es_proxy_host != '') -#If the user attempts to lock memory they must specify a heap size +# If the user attempts to lock memory they must specify a heap size - name: fail when heap size is not specified when using memory lock fail: msg="If locking memory with bootstrap.memory_lock a heap size must be specified" when: es_config['bootstrap.memory_lock'] is defined and es_config['bootstrap.memory_lock'] == True and es_heap_size is not defined and not ansible_check_mode -#Check if working with security we have an es_api_basic_auth_username and es_api_basic_auth_username - otherwise any http calls wont work -- name: fail when api credentials are not declared when using security +- name: fail when password is not declared when using security fail: msg="Enabling security requires an es_api_basic_auth_username and es_api_basic_auth_password to be provided to allow cluster operations" when: - not oss_version - es_api_basic_auth_username is defined - es_api_basic_auth_password is not defined +- name: fail when api credentials are not declared when using tls + fail: msg="Enabling tls requires an es_api_basic_auth_username and es_api_basic_auth_password" + when: + - not oss_version + - es_enable_http_ssl or es_enable_transport_ssl + - es_api_basic_auth_username is not defined or es_api_basic_auth_password is not defined + - name: fail when ssl enabled without defining a key and certificate fail: msg="Enabling SSL/TLS (es_enable_http_ssl or es_enable_transport_ssl) requires es_ssl_keystore and es_ssl_truststore or es_ssl_key and es_ssl_certificate to be provided" when: @@ -42,7 +49,7 @@ - name: fail when changing users through file realm fail: - msg: "ERROR: INVALID CONFIG - YOU CANNOT CHANGE RESERVED USERS THROUGH THE FILE REALM. THE FOLLOWING CANNOT BE CHANGED: {{file_reserved_users}}. USE THE NATIVE REALM." + msg: "ERROR: INVALID CONFIG - YOU CANNOT CHANGE RESERVED USERS THROUGH THE FILE REALM. THE FOLLOWING CANNOT BE CHANGED: {{file_reserved_users}}. USE THE NATIVE REALM." when: file_reserved_users | default([]) | length > 0 - name: set fact m_lock_enabled From a104a37e215c1d0d3c456316537e6f4162a03804 Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Tue, 25 May 2021 09:02:23 -0400 Subject: [PATCH 45/68] 7.13.0 release (#798) --- .kitchen.yml | 2 +- CHANGELOG.md | 12 ++++++++++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index 7de39cd4..9f594649 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -22,7 +22,7 @@ provisioner: extra_vars: es_major_version: "<%= ENV['VERSION'] %>" <% if ENV['VERSION'] == '6.x' %> - es_version: '6.8.15' + es_version: '6.8.16' <% end %> <% end %> diff --git a/CHANGELOG.md b/CHANGELOG.md index e7edfedd..fafcfdd5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## 7.13.0 + +* 7.13.0 as default version. +* 6.8.16 as 6.x tested version + + +| PR | Author | Title | +| --- | --- | --- | +| [#796](https://github.com/elastic/ansible-elasticsearch/pull/796) | [@jmlrt](https://github.com/jmlrt) | Fails deployment when using tls without security | +| [#745](https://github.com/elastic/ansible-elasticsearch/pull/745) | [@v1v](https://github.com/v1v) | Support ubuntu-20 | + + ## 7.12.1 * 7.12.1 as default version. diff --git a/README.md b/README.md index 33a3a2d9..55932553 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.12.1 +ansible-galaxy install elastic.elasticsearch,v7.13.0 ``` Then create your playbook yaml adding the role elasticsearch. @@ -84,14 +84,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.12.1 + es_version: 7.13.0 ``` -The above installs Elasticsearch 7.12.1 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.13.0 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.12.1](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.15](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.13.0](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.16](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -423,7 +423,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.12.1"). +* ```es_version``` (e.g. "7.13.0"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index ba171f63..a6227595 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.12.1" +es_version: "7.13.0" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From 82c2129f174e744ed6013d3d5dae863192f54a92 Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Wed, 2 Jun 2021 10:46:53 -0500 Subject: [PATCH 46/68] 7.13.1 release (#799) --- CHANGELOG.md | 4 ++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fafcfdd5..a6a8b82a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 7.13.1 + +* 7.13.1 as default version. + ## 7.13.0 * 7.13.0 as default version. diff --git a/README.md b/README.md index 55932553..35d0c6fa 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.13.0 +ansible-galaxy install elastic.elasticsearch,v7.13.1 ``` Then create your playbook yaml adding the role elasticsearch. @@ -84,14 +84,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.13.0 + es_version: 7.13.1 ``` -The above installs Elasticsearch 7.13.0 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.13.1 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.13.0](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.16](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.13.1](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.16](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -423,7 +423,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.13.0"). +* ```es_version``` (e.g. "7.13.1"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index a6227595..6d08d615 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.13.0" +es_version: "7.13.1" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From ff67cb8306ac11fdb88ffbfe1650402ba21d1681 Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Mon, 14 Jun 2021 14:49:41 -0500 Subject: [PATCH 47/68] 7.13.2 release (#803) --- CHANGELOG.md | 4 ++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a6a8b82a..761402d0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 7.13.2 + +* 7.13.2 as default version. + ## 7.13.1 * 7.13.1 as default version. diff --git a/README.md b/README.md index 35d0c6fa..2916c830 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.13.1 +ansible-galaxy install elastic.elasticsearch,v7.13.2 ``` Then create your playbook yaml adding the role elasticsearch. @@ -84,14 +84,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.13.1 + es_version: 7.13.2 ``` -The above installs Elasticsearch 7.13.1 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.13.2 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.13.1](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.16](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.13.2](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.16](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -423,7 +423,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.13.1"). +* ```es_version``` (e.g. "7.13.2"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index 6d08d615..4f79bd75 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.13.1" +es_version: "7.13.2" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From 2ba7777c71ba168097d48aa5f276c467177ca38a Mon Sep 17 00:00:00 2001 From: Chuck Milam Date: Wed, 23 Jun 2021 09:51:50 -0500 Subject: [PATCH 48/68] Minor correction for readability. (#800) --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 2916c830..6001d267 100644 --- a/README.md +++ b/README.md @@ -45,8 +45,7 @@ Ansible-elasticsearch 7.5.2 is updating the configuration files provided by this ### Removing OSS distribution for versions >= 7.11.0 -Starting from Elasticsearch 7.11.0, OSS distributions will no more provided following Elasticsearch -recent license change. +Starting from Elasticsearch 7.11.0, OSS distributions will no longer be provided following the recent Elasticsearch license change. This Ansible role will fail if `oss_version` is set to `true` and `es_version` is greater than `7.11.0`. From 727d0b795085cb8a72e111a3d101c9b7963bec5b Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Thu, 8 Jul 2021 08:27:30 -0400 Subject: [PATCH 49/68] 7.13.3 release (#806) --- .kitchen.yml | 2 +- CHANGELOG.md | 11 +++++++++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index 9f594649..5faddff2 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -22,7 +22,7 @@ provisioner: extra_vars: es_major_version: "<%= ENV['VERSION'] %>" <% if ENV['VERSION'] == '6.x' %> - es_version: '6.8.16' + es_version: '6.8.17' <% end %> <% end %> diff --git a/CHANGELOG.md b/CHANGELOG.md index 761402d0..01afa9f7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,16 @@ # Changelog +## 7.13.3 + +* 7.13.3 as default version. +* 6.8.17 as 6.x tested version + + +| PR | Author | Title | +| --- | --- | --- | +| [#800](https://github.com/elastic/ansible-elasticsearch/pull/800) | [@chuckmilam](https://github.com/chuckmilam) | Minor correction for readability. | + + ## 7.13.2 * 7.13.2 as default version. diff --git a/README.md b/README.md index 6001d267..f2682a0e 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.13.2 +ansible-galaxy install elastic.elasticsearch,v7.13.3 ``` Then create your playbook yaml adding the role elasticsearch. @@ -83,14 +83,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.13.2 + es_version: 7.13.3 ``` -The above installs Elasticsearch 7.13.2 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.13.3 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.13.2](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.16](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.13.3](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.17](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -422,7 +422,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.13.2"). +* ```es_version``` (e.g. "7.13.3"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index 4f79bd75..e97b617f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.13.2" +es_version: "7.13.3" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From 7426e2af984faf6f41fdc96c2c455eaa77ea0bc3 Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Tue, 20 Jul 2021 16:05:17 +0200 Subject: [PATCH 50/68] 7.13.4 release (#809) --- CHANGELOG.md | 4 ++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 01afa9f7..2569c955 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 7.13.4 + +* 7.13.4 as default version. + ## 7.13.3 * 7.13.3 as default version. diff --git a/README.md b/README.md index f2682a0e..90fb5111 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.13.3 +ansible-galaxy install elastic.elasticsearch,v7.13.4 ``` Then create your playbook yaml adding the role elasticsearch. @@ -83,14 +83,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.13.3 + es_version: 7.13.4 ``` -The above installs Elasticsearch 7.13.3 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.13.4 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.13.3](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.17](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.13.4](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.17](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -422,7 +422,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.13.3"). +* ```es_version``` (e.g. "7.13.4"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index e97b617f..fbc74873 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.13.3" +es_version: "7.13.4" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From 0d22243e8e6477518b3266ff6aa7849c400a7e83 Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Tue, 3 Aug 2021 16:15:59 +0200 Subject: [PATCH 51/68] 7.14.0 release (#812) --- .kitchen.yml | 2 +- CHANGELOG.md | 5 +++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index 5faddff2..735761cc 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -22,7 +22,7 @@ provisioner: extra_vars: es_major_version: "<%= ENV['VERSION'] %>" <% if ENV['VERSION'] == '6.x' %> - es_version: '6.8.17' + es_version: '6.8.18' <% end %> <% end %> diff --git a/CHANGELOG.md b/CHANGELOG.md index 2569c955..70e7ab76 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Changelog +## 7.14.0 + +* 7.14.0 as default version. +* 6.8.18 as 6.x tested version + ## 7.13.4 * 7.13.4 as default version. diff --git a/README.md b/README.md index 90fb5111..80efc5e1 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.13.4 +ansible-galaxy install elastic.elasticsearch,v7.14.0 ``` Then create your playbook yaml adding the role elasticsearch. @@ -83,14 +83,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.13.4 + es_version: 7.14.0 ``` -The above installs Elasticsearch 7.13.4 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.14.0 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.13.4](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.17](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.14.0](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.18](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -422,7 +422,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.13.4"). +* ```es_version``` (e.g. "7.14.0"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index fbc74873..ffa08c2c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.13.4" +es_version: "7.14.0" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From 5fcca57d34088ddbee9e013de3a9ff0c4476cfcf Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Fri, 24 Sep 2021 06:56:57 +1000 Subject: [PATCH 52/68] 7.15.0 release (#821) Ignoring 6.8 failures --- CHANGELOG.md | 4 ++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 70e7ab76..7acb5bc0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 7.15.0 + +* 7.15.0 as default version. + ## 7.14.0 * 7.14.0 as default version. diff --git a/README.md b/README.md index 80efc5e1..0f29cbcf 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.14.0 +ansible-galaxy install elastic.elasticsearch,v7.15.0 ``` Then create your playbook yaml adding the role elasticsearch. @@ -83,14 +83,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.14.0 + es_version: 7.15.0 ``` -The above installs Elasticsearch 7.14.0 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.15.0 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.14.0](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.18](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.15.0](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.18](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -422,7 +422,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.14.0"). +* ```es_version``` (e.g. "7.15.0"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index ffa08c2c..0bd02c81 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.14.0" +es_version: "7.15.0" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From ffcb0b2696b0692052443dbe3077ba371580480c Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Thu, 14 Oct 2021 12:26:21 -0400 Subject: [PATCH 53/68] 7.15.1 release (#829) --- CHANGELOG.md | 4 ++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7acb5bc0..c2b5cc89 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 7.15.1 + +* 7.15.1 as default version. + ## 7.15.0 * 7.15.0 as default version. diff --git a/README.md b/README.md index 0f29cbcf..32514222 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.15.0 +ansible-galaxy install elastic.elasticsearch,v7.15.1 ``` Then create your playbook yaml adding the role elasticsearch. @@ -83,14 +83,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.15.0 + es_version: 7.15.1 ``` -The above installs Elasticsearch 7.15.0 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.15.1 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.15.0](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.18](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.15.1](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.18](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -422,7 +422,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.15.0"). +* ```es_version``` (e.g. "7.15.1"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index 0bd02c81..c92bc5d0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.15.0" +es_version: "7.15.1" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From 361c44ecbc635a21712ad830b61f65bae9ce8ad3 Mon Sep 17 00:00:00 2001 From: Yuriy <51912343+ygel@users.noreply.github.com> Date: Mon, 18 Oct 2021 11:38:17 -0500 Subject: [PATCH 54/68] Rename master - main (#828) * Rename master - main * master - main --- ...=> elastic+ansible-elasticsearch+main-6x.yml} | 8 ++++---- ...ml => elastic+ansible-elasticsearch+main.yml} | 8 ++++---- .github/issue_template.md | 2 +- CHANGELOG.md | 2 +- README.md | 16 ++++++++-------- tasks/compatibility-variables.yml | 4 ++-- 6 files changed, 20 insertions(+), 20 deletions(-) rename .ci/jobs/{elastic+ansible-elasticsearch+master-6x.yml => elastic+ansible-elasticsearch+main-6x.yml} (81%) rename .ci/jobs/{elastic+ansible-elasticsearch+master.yml => elastic+ansible-elasticsearch+main.yml} (83%) diff --git a/.ci/jobs/elastic+ansible-elasticsearch+master-6x.yml b/.ci/jobs/elastic+ansible-elasticsearch+main-6x.yml similarity index 81% rename from .ci/jobs/elastic+ansible-elasticsearch+master-6x.yml rename to .ci/jobs/elastic+ansible-elasticsearch+main-6x.yml index 969986ba..4b73d884 100644 --- a/.ci/jobs/elastic+ansible-elasticsearch+master-6x.yml +++ b/.ci/jobs/elastic+ansible-elasticsearch+main-6x.yml @@ -1,12 +1,12 @@ --- - job: - name: elastic+ansible-elasticsearch+master-6x - display-name: elastic / ansible-elasticsearch - master - 6.x - description: Master branch testing with test kitchen for Elasticsearch 6.x + name: elastic+ansible-elasticsearch+main-6x + display-name: elastic / ansible-elasticsearch - main - 6.x + description: Main branch testing with test kitchen for Elasticsearch 6.x parameters: - string: name: branch_specifier - default: master + default: main description: the Git branch specifier to build (<branchName>, <tagName>, <commitId>, etc.) - string: diff --git a/.ci/jobs/elastic+ansible-elasticsearch+master.yml b/.ci/jobs/elastic+ansible-elasticsearch+main.yml similarity index 83% rename from .ci/jobs/elastic+ansible-elasticsearch+master.yml rename to .ci/jobs/elastic+ansible-elasticsearch+main.yml index 16ffc0c1..f4848d2a 100644 --- a/.ci/jobs/elastic+ansible-elasticsearch+master.yml +++ b/.ci/jobs/elastic+ansible-elasticsearch+main.yml @@ -1,12 +1,12 @@ --- - job: - name: elastic+ansible-elasticsearch+master - display-name: elastic / ansible-elasticsearch - master - description: Master branch testing with test kitchen + name: elastic+ansible-elasticsearch+main + display-name: elastic / ansible-elasticsearch - main + description: Main branch testing with test kitchen parameters: - string: name: branch_specifier - default: master + default: main description: the Git branch specifier to build (<branchName>, <tagName>, <commitId>, etc.) - string: diff --git a/.github/issue_template.md b/.github/issue_template.md index 2609e628..ef515861 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -24,7 +24,7 @@ Issues that do not follow these guidelines are likely to be closed. **Elasticsearch version** -**Role version**: (If using master please specify github sha) +**Role version**: (If using main please specify github sha) **JVM version** (`java -version`): diff --git a/CHANGELOG.md b/CHANGELOG.md index c2b5cc89..6320e0df 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -300,7 +300,7 @@ You can now override the configuration files with your own versions by using the ### SSL/TLS Support -Ansible-elasticsearch is now supporting SSL/TLS encryption. Please refer to [X-Pack Security SSL/TLS](https://github.com/elastic/ansible-elasticsearch/blob/master/docs/ssl-tls-setup.md) to configure it. +Ansible-elasticsearch is now supporting SSL/TLS encryption. Please refer to [X-Pack Security SSL/TLS](https://github.com/elastic/ansible-elasticsearch/blob/main/docs/ssl-tls-setup.md) to configure it. | PR | Author | Title | |-------------------------------------------------------------------|------------------------------------------------|----------------------------------------------| diff --git a/README.md b/README.md index 32514222..10a31bd8 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # ansible-elasticsearch -[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+ansible-elasticsearch+master.svg)](https://devops-ci.elastic.co/job/elastic+ansible-elasticsearch+master/) +[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+ansible-elasticsearch+main.svg)](https://devops-ci.elastic.co/job/elastic+ansible-elasticsearch+main/) [![Ansible Galaxy](https://img.shields.io/badge/ansible--galaxy-elastic.elasticsearch-blue.svg)](https://galaxy.ansible.com/elastic/elasticsearch/) **THIS ROLE IS FOR 7.x & 6.x** @@ -23,8 +23,8 @@ The latest Elasticsearch versions of 7.x & 6.x are actively tested. ### Notice about multi-instance support -* If you use only one instance but want to upgrade from an older ansible-elasticsearch version, follow [upgrade procedure](https://github.com/elastic/ansible-elasticsearch/blob/master/docs/multi-instance.md#upgrade-procedure) -* If you install more than one instance of Elasticsearch on the same host (with different ports, directory and config files), **do not update to ansible-elasticsearch >= 7.1.1**, please follow this [workaround](https://github.com/elastic/ansible-elasticsearch/blob/master/docs/multi-instance.md#workaround) instead. +* If you use only one instance but want to upgrade from an older ansible-elasticsearch version, follow [upgrade procedure](https://github.com/elastic/ansible-elasticsearch/blob/main/docs/multi-instance.md#upgrade-procedure) +* If you install more than one instance of Elasticsearch on the same host (with different ports, directory and config files), **do not update to ansible-elasticsearch >= 7.1.1**, please follow this [workaround](https://github.com/elastic/ansible-elasticsearch/blob/main/docs/multi-instance.md#workaround) instead. * For multi-instances use cases, we are now recommending Docker containers using our official images (https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html). ### Removing the MAX_THREAD settings @@ -89,8 +89,8 @@ The simplest configuration therefore consists of: The above installs Elasticsearch 7.15.1 in a single node 'node1' on the hosts 'localhost'. **Note**: -Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.15.1](https://github.com/elastic/ansible-elasticsearch/blob/master/defaults/main.yml#L2) and [6.8.18](https://github.com/elastic/ansible-elasticsearch/blob/master/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2). You can override this variable in your playbook to install another version. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.15.1](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2) and [6.8.18](https://github.com/elastic/ansible-elasticsearch/blob/main/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -400,7 +400,7 @@ If you don't have a license you can enable the 30-day trial by setting `es_xpack X-Pack configuration parameters can be added to the elasticsearch.yml file using the normal `es_config` parameter. -For a full example see [here](https://github.com/elastic/ansible-elasticsearch/blob/master/test/integration/xpack-upgrade.yml) +For a full example see [here](https://github.com/elastic/ansible-elasticsearch/blob/main/test/integration/xpack-upgrade.yml) #### Important Note for Native Realm Configuration @@ -413,7 +413,7 @@ These can either be set to a user declared in the file based realm, with admin p #### X-Pack Security SSL/TLS -* To configure your cluster with SSL/TLS for HTTP and/or transport communications follow the [SSL/TLS setup procedure](https://github.com/elastic/ansible-elasticsearch/blob/master/docs/ssl-tls-setup.md) +* To configure your cluster with SSL/TLS for HTTP and/or transport communications follow the [SSL/TLS setup procedure](https://github.com/elastic/ansible-elasticsearch/blob/main/docs/ssl-tls-setup.md) ### Additional Configuration @@ -499,7 +499,7 @@ es_keystore_entries: -This role ships with sample templates located in the [test/integration/files/templates-7.x](https://github.com/elastic/ansible-elasticsearch/tree/master/test/integration/files/templates-7.x) directory. `es_templates_fileglob` variable is used with the Ansible [with_fileglob](http://docs.ansible.com/ansible/playbooks_loops.html#id4) loop. When setting the globs, be sure to use an absolute path. +This role ships with sample templates located in the [test/integration/files/templates-7.x](https://github.com/elastic/ansible-elasticsearch/tree/main/test/integration/files/templates-7.x) directory. `es_templates_fileglob` variable is used with the Ansible [with_fileglob](http://docs.ansible.com/ansible/playbooks_loops.html#id4) loop. When setting the globs, be sure to use an absolute path. ### Proxy diff --git a/tasks/compatibility-variables.yml b/tasks/compatibility-variables.yml index 213d3668..fc9af088 100644 --- a/tasks/compatibility-variables.yml +++ b/tasks/compatibility-variables.yml @@ -3,8 +3,8 @@ # It is possible to set these are defaults with messy jinja templating one liners however: # 1. That is really hard to read and debug # 2. When running multiple plays with the same role the defaults are not re-evaluated. An example of this -# can be seen in our the https://github.com/elastic/ansible-elasticsearch/blob/master/test/integration/xpack.yml -# integration test and in the Multi Node server documentation examples https://github.com/elastic/ansible-elasticsearch/blob/master/test/integration/xpack.yml +# can be seen in our the https://github.com/elastic/ansible-elasticsearch/blob/main/test/integration/xpack.yml +# integration test and in the Multi Node server documentation examples https://github.com/elastic/ansible-elasticsearch/blob/main/test/integration/xpack.yml - name: Set backward compatibility for deprecated es_enable_xpack variable when: es_enable_xpack is defined and not es_enable_xpack block: From 40de482ebf7935a0391a9c59e6f196e93fe13c8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Scheibe?= Date: Tue, 9 Nov 2021 17:08:51 +0100 Subject: [PATCH 55/68] Remove duplicate entry from YAML (#825) This entry is already present in line 5. --- .kitchen.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index 735761cc..ac8eb774 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -26,9 +26,6 @@ provisioner: <% end %> <% end %> -transport: - max_ssh_sessions: 6 - platforms: - name: ubuntu-14.04 driver_config: From 7175d71df1307e743a5a240d72cc3eecdb74cf71 Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Mon, 6 Dec 2021 18:43:19 +0100 Subject: [PATCH 56/68] Remove Ubuntu 14.04 support (#835) This commit removes the support of Ubuntu 14.04. This distribution is EOL since April 30th 2019 and CI tests are failing because apt repositories aren't available anymore. --- README.md | 1 - test/matrix-6x.yml | 1 - test/matrix.yml | 1 - 3 files changed, 3 deletions(-) diff --git a/README.md b/README.md index 10a31bd8..253650c3 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,6 @@ Ansible role for 7.x/6.x Elasticsearch. Currently this works on Debian and RedHat based linux systems. Tested platforms are: -* Ubuntu 14.04 * Ubuntu 16.04 * Ubuntu 18.04 * Ubuntu 20.04 diff --git a/test/matrix-6x.yml b/test/matrix-6x.yml index 94aaead9..c92f9417 100644 --- a/test/matrix-6x.yml +++ b/test/matrix-6x.yml @@ -1,5 +1,4 @@ OS: - - ubuntu-1404 - ubuntu-1604 - ubuntu-1804 - ubuntu-2004 diff --git a/test/matrix.yml b/test/matrix.yml index 19f303db..21538e61 100644 --- a/test/matrix.yml +++ b/test/matrix.yml @@ -1,5 +1,4 @@ OS: - - ubuntu-1404 - ubuntu-1604 - ubuntu-1804 - ubuntu-2004 From 7bf95c5ad5e13c467ad399a43fdabf38955d23b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maxime=20Gr=C3=A9au?= Date: Tue, 7 Dec 2021 14:34:17 -0500 Subject: [PATCH 57/68] 7.16.0 release (#836) Co-authored-by: Elastic Machine --- CHANGELOG.md | 12 ++++++++++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6320e0df..6d21bb07 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## 7.16.0 + +* 7.16.0 as default version. + + +| PR | Author | Title | +| --- | --- | --- | +| [#835](https://github.com/elastic/ansible-elasticsearch/pull/835) | [@jmlrt](https://github.com/jmlrt) | Remove Ubuntu 14.04 support | +| [#825](https://github.com/elastic/ansible-elasticsearch/pull/825) | [@darxriggs](https://github.com/darxriggs) | Remove duplicate entry from YAML | +| [#828](https://github.com/elastic/ansible-elasticsearch/pull/828) | [@ygel](https://github.com/ygel) | Rename master - main | + + ## 7.15.1 * 7.15.1 as default version. diff --git a/README.md b/README.md index 253650c3..c40a8c3f 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.15.1 +ansible-galaxy install elastic.elasticsearch,v7.16.0 ``` Then create your playbook yaml adding the role elasticsearch. @@ -82,14 +82,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.15.1 + es_version: 7.16.0 ``` -The above installs Elasticsearch 7.15.1 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.16.0 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.15.1](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2) and [6.8.18](https://github.com/elastic/ansible-elasticsearch/blob/main/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.16.0](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2) and [6.8.18](https://github.com/elastic/ansible-elasticsearch/blob/main/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -421,7 +421,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.15.1"). +* ```es_version``` (e.g. "7.16.0"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index c92bc5d0..4b3d1f8b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.15.1" +es_version: "7.16.0" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From cc93ddfd594d05aecce8d93f81c44ea9426be2f0 Mon Sep 17 00:00:00 2001 From: Pablo Hinojosa Date: Wed, 8 Dec 2021 17:10:04 +0100 Subject: [PATCH 58/68] Fix broken link (#833) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c40a8c3f..e68c0d23 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ The above installs Elasticsearch 7.16.0 in a single node 'node1' on the hosts 'l Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2). You can override this variable in your playbook to install another version. While we are testing this role only with one 7.x and one 6.x version (respectively [7.16.0](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2) and [6.8.18](https://github.com/elastic/ansible-elasticsearch/blob/main/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. -This role also uses [Ansible tags](http://docs.ansible.com/ansible/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. +This role also uses [Ansible tags](https://docs.ansible.com/ansible/2.9/user_guide/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. ## Testing From 90ecd51c32c87a1fa57a90148da290f8afa8b964 Mon Sep 17 00:00:00 2001 From: Mike Williams <7595658+gaima8@users.noreply.github.com> Date: Wed, 8 Dec 2021 16:45:11 +0000 Subject: [PATCH 59/68] command necessarily causes a change on each invocation breaking idempotency, wait_for accomplishes the same goal without the change (#831) --- tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks/main.yml b/tasks/main.yml index 2e53b9ca..c0ad7004 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -83,7 +83,8 @@ # If playbook runs too fast, Native commands could fail as the Native Realm is not yet up - name: Wait {{ es_api_sleep }} seconds for the Native Realm to come up - command: "sleep {{ es_api_sleep }}" + wait_for: + timeout: "{{ es_api_sleep }}" when: manage_native_realm | bool - name: activate-license From 29be2ab5e61835fd305bc89e940893daecea49c1 Mon Sep 17 00:00:00 2001 From: Baptiste Fontaine Date: Wed, 8 Dec 2021 18:13:18 +0100 Subject: [PATCH 60/68] README: fix link to ES licensing change blog post (#830) Co-authored-by: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e68c0d23..2421b57b 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ Starting from Elasticsearch 7.11.0, OSS distributions will no longer be provided This Ansible role will fail if `oss_version` is set to `true` and `es_version` is greater than `7.11.0`. -See [Doubling down on open, Part II](https://www.elastic.co/blog/licensing-change for more details) +See [Doubling down on open, Part II](https://www.elastic.co/blog/licensing-change) blog post for more details. #### How to override configuration files provided by ansible-elasticsearch? From d83e5b88ece03ddf4a412a93c7cbb5ce584e201a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maxime=20Gr=C3=A9au?= Date: Wed, 8 Dec 2021 19:58:00 -0500 Subject: [PATCH 61/68] Add warning message about 8.x versions (#838) This commit adds a warning message to the README to notify users that the role will be deprecated. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 2421b57b..b61518b5 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,8 @@ [![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+ansible-elasticsearch+main.svg)](https://devops-ci.elastic.co/job/elastic+ansible-elasticsearch+main/) [![Ansible Galaxy](https://img.shields.io/badge/ansible--galaxy-elastic.elasticsearch-blue.svg)](https://galaxy.ansible.com/elastic/elasticsearch/) +⚠️ **This Ansible role is being deprecated and will not be updated to support Elasticsearch 8.0.0 and the following versions.** + **THIS ROLE IS FOR 7.x & 6.x** Ansible role for 7.x/6.x Elasticsearch. Currently this works on Debian and RedHat based linux systems. Tested platforms are: From 22d0dbd257081c0bc20866f24be8aa0c49ee0928 Mon Sep 17 00:00:00 2001 From: Nassim Kammah Date: Tue, 14 Dec 2021 12:22:31 +0100 Subject: [PATCH 62/68] 7.16.1 release (#840) Co-authored-by: Elastic Machine --- .kitchen.yml | 2 +- CHANGELOG.md | 14 ++++++++++++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 4 files changed, 21 insertions(+), 7 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index ac8eb774..635d4a58 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -22,7 +22,7 @@ provisioner: extra_vars: es_major_version: "<%= ENV['VERSION'] %>" <% if ENV['VERSION'] == '6.x' %> - es_version: '6.8.18' + es_version: '6.8.21' <% end %> <% end %> diff --git a/CHANGELOG.md b/CHANGELOG.md index 6d21bb07..566e7a21 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,19 @@ # Changelog +## 7.16.1 + +* 7.16.1 as default version. +* 6.8.21 as 6.x tested version + + +| PR | Author | Title | +| --- | --- | --- | +| [#838](https://github.com/elastic/ansible-elasticsearch/pull/838) | [@mgreau](https://github.com/mgreau) | Add warning message about 8.x versions | +| [#830](https://github.com/elastic/ansible-elasticsearch/pull/830) | [@bfontaine](https://github.com/bfontaine) | README: fix link to ES licensing change blog post | +| [#831](https://github.com/elastic/ansible-elasticsearch/pull/831) | [@gaima8](https://github.com/gaima8) | command necessarily causes a change on each invocation breaking idempotency, wait_for accomplishes the same goal without the change | +| [#833](https://github.com/elastic/ansible-elasticsearch/pull/833) | [@Pablohn26](https://github.com/Pablohn26) | Fix broken link | + + ## 7.16.0 * 7.16.0 as default version. diff --git a/README.md b/README.md index b61518b5..7d0f6317 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.16.0 +ansible-galaxy install elastic.elasticsearch,v7.16.1 ``` Then create your playbook yaml adding the role elasticsearch. @@ -84,14 +84,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.16.0 + es_version: 7.16.1 ``` -The above installs Elasticsearch 7.16.0 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.16.1 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.16.0](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2) and [6.8.18](https://github.com/elastic/ansible-elasticsearch/blob/main/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.16.1](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2) and [6.8.21](https://github.com/elastic/ansible-elasticsearch/blob/main/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](https://docs.ansible.com/ansible/2.9/user_guide/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -423,7 +423,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.16.0"). +* ```es_version``` (e.g. "7.16.1"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index 4b3d1f8b..d5c1fd1e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.16.0" +es_version: "7.16.1" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From f3a389e8ba9f837dd968f9ca4e22753f48c59eb1 Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Mon, 20 Dec 2021 12:10:48 -0800 Subject: [PATCH 63/68] 7.16.2 release (#842) --- .kitchen.yml | 2 +- CHANGELOG.md | 5 +++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index 635d4a58..46ab4e12 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -22,7 +22,7 @@ provisioner: extra_vars: es_major_version: "<%= ENV['VERSION'] %>" <% if ENV['VERSION'] == '6.x' %> - es_version: '6.8.21' + es_version: '6.8.22' <% end %> <% end %> diff --git a/CHANGELOG.md b/CHANGELOG.md index 566e7a21..e84bb020 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Changelog +## 7.16.2 + +* 7.16.2 as default version. +* 6.8.22 as 6.x tested version + ## 7.16.1 * 7.16.1 as default version. diff --git a/README.md b/README.md index 7d0f6317..3d4dfada 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.16.1 +ansible-galaxy install elastic.elasticsearch,v7.16.2 ``` Then create your playbook yaml adding the role elasticsearch. @@ -84,14 +84,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.16.1 + es_version: 7.16.2 ``` -The above installs Elasticsearch 7.16.1 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.16.2 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.16.1](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2) and [6.8.21](https://github.com/elastic/ansible-elasticsearch/blob/main/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.16.2](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2) and [6.8.22](https://github.com/elastic/ansible-elasticsearch/blob/main/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](https://docs.ansible.com/ansible/2.9/user_guide/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -423,7 +423,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.16.1"). +* ```es_version``` (e.g. "7.16.2"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index d5c1fd1e..47ffe90d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.16.1" +es_version: "7.16.2" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From f653b3eed2984ea655d04d4e42283936ab581a71 Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Thu, 13 Jan 2022 15:09:35 -0700 Subject: [PATCH 64/68] 7.16.3 release (#844) --- .kitchen.yml | 2 +- CHANGELOG.md | 5 +++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index 46ab4e12..15af7cfd 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -22,7 +22,7 @@ provisioner: extra_vars: es_major_version: "<%= ENV['VERSION'] %>" <% if ENV['VERSION'] == '6.x' %> - es_version: '6.8.22' + es_version: '6.8.23' <% end %> <% end %> diff --git a/CHANGELOG.md b/CHANGELOG.md index e84bb020..acb9d983 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Changelog +## 7.16.3 + +* 7.16.3 as default version. +* 6.8.23 as 6.x tested version + ## 7.16.2 * 7.16.2 as default version. diff --git a/README.md b/README.md index 3d4dfada..ff23d371 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.16.2 +ansible-galaxy install elastic.elasticsearch,v7.16.3 ``` Then create your playbook yaml adding the role elasticsearch. @@ -84,14 +84,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.16.2 + es_version: 7.16.3 ``` -The above installs Elasticsearch 7.16.2 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.16.3 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.16.2](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2) and [6.8.22](https://github.com/elastic/ansible-elasticsearch/blob/main/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.16.3](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2) and [6.8.23](https://github.com/elastic/ansible-elasticsearch/blob/main/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](https://docs.ansible.com/ansible/2.9/user_guide/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -423,7 +423,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.16.2"). +* ```es_version``` (e.g. "7.16.3"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index 47ffe90d..a0c3c41a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.16.2" +es_version: "7.16.3" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From 532cfba2180c9403f033928e083cedc4feefadca Mon Sep 17 00:00:00 2001 From: Julien Mailleret <8582351+jmlrt@users.noreply.github.com> Date: Tue, 1 Feb 2022 15:51:40 +0100 Subject: [PATCH 65/68] Remove CentOS 8 tests (#845) This commit removes CentOS 8 tests. These tests are now failing because CentOS 8 is now EOL and it's repositories have been archived. Source: https://forums.centos.org/viewtopic.php?f=54&t=78708 --- README.md | 1 - test/matrix-6x.yml | 1 - test/matrix.yml | 1 - 3 files changed, 3 deletions(-) diff --git a/README.md b/README.md index ff23d371..caa7a5a0 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,6 @@ Ansible role for 7.x/6.x Elasticsearch. Currently this works on Debian and RedH * Debian 9 * Debian 10 * CentOS 7 -* CentOS 8 * Amazon Linux 2 The latest Elasticsearch versions of 7.x & 6.x are actively tested. diff --git a/test/matrix-6x.yml b/test/matrix-6x.yml index c92f9417..d76a5cca 100644 --- a/test/matrix-6x.yml +++ b/test/matrix-6x.yml @@ -6,7 +6,6 @@ OS: - debian-9 - debian-10 - centos-7 - - centos-8 - amazonlinux-2 TEST_TYPE: - custom-config diff --git a/test/matrix.yml b/test/matrix.yml index 21538e61..1955cf59 100644 --- a/test/matrix.yml +++ b/test/matrix.yml @@ -6,7 +6,6 @@ OS: - debian-9 - debian-10 - centos-7 - - centos-8 - amazonlinux-2 TEST_TYPE: - custom-config From 5363b3fde12b198156f35bc4811bb3f933ab4b28 Mon Sep 17 00:00:00 2001 From: Elastic Machine Date: Tue, 1 Feb 2022 09:28:16 -0700 Subject: [PATCH 66/68] 7.17.0 release (#846) --- CHANGELOG.md | 10 ++++++++++ README.md | 10 +++++----- defaults/main.yml | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index acb9d983..efa5c6d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,15 @@ # Changelog +## 7.17.0 + +* 7.17.0 as default version. + + +| PR | Author | Title | +| --- | --- | --- | +| [#845](https://github.com/elastic/ansible-elasticsearch/pull/845) | [@jmlrt](https://github.com/jmlrt) | Remove CentOS 8 tests | + + ## 7.16.3 * 7.16.3 as default version. diff --git a/README.md b/README.md index caa7a5a0..02848f72 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook. ```sh -ansible-galaxy install elastic.elasticsearch,v7.16.3 +ansible-galaxy install elastic.elasticsearch,v7.17.0 ``` Then create your playbook yaml adding the role elasticsearch. @@ -83,14 +83,14 @@ The simplest configuration therefore consists of: roles: - role: elastic.elasticsearch vars: - es_version: 7.16.3 + es_version: 7.17.0 ``` -The above installs Elasticsearch 7.16.3 in a single node 'node1' on the hosts 'localhost'. +The above installs Elasticsearch 7.17.0 in a single node 'node1' on the hosts 'localhost'. **Note**: Elasticsearch default version is described in [`es_version`](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2). You can override this variable in your playbook to install another version. -While we are testing this role only with one 7.x and one 6.x version (respectively [7.16.3](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2) and [6.8.23](https://github.com/elastic/ansible-elasticsearch/blob/main/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. +While we are testing this role only with one 7.x and one 6.x version (respectively [7.17.0](https://github.com/elastic/ansible-elasticsearch/blob/main/defaults/main.yml#L2) and [6.8.23](https://github.com/elastic/ansible-elasticsearch/blob/main/.kitchen.yml#L22) at the time of writing), this role should work with other versions also in most cases. This role also uses [Ansible tags](https://docs.ansible.com/ansible/2.9/user_guide/playbooks_tags.html). Run your playbook with the `--list-tasks` flag for more information. @@ -422,7 +422,7 @@ In addition to es_config, the following parameters allow the customization of th * ```oss_version``` Default `false`. Setting this to `true` will install the oss release of Elasticsearch (for version <7.11.0 only). * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts. -* ```es_version``` (e.g. "7.16.3"). +* ```es_version``` (e.g. "7.17.0"). * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost". * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. diff --git a/defaults/main.yml b/defaults/main.yml index a0c3c41a..47c94790 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -es_version: "7.16.3" +es_version: "7.17.0" es_use_snapshot_release: false oss_version: false es_package_name: "elasticsearch" From ff5f1b3ad1e39c519477a2ae944f48c8e141661a Mon Sep 17 00:00:00 2001 From: mgreau Date: Wed, 2 Feb 2022 18:00:28 -0500 Subject: [PATCH 67/68] Add archived notice to README explaining alternative options --- README.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 02848f72..342944c2 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,17 @@ +# ARCHIVED + +This project is no longer maintained. For alternative getting started +experiences, you may want to try one of these options: + +- Start a [free trial on Elastic Cloud](https://www.elastic.co/cloud/elasticsearch-service/signup), our hosted service. +- Take a look at [Elastic Cloud on Kubernetes (ECK)](https://elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html) for launching the stack via Kubernetes. +- Read our [Running the Elastic Stack on Docker](https://www.elastic.co/guide/en/elastic-stack-get-started/current/get-started-docker.html) guide. +- Take a look at the [Elastic Stack Terraform provider.](https://github.com/elastic/terraform-provider-elasticstack) + # ansible-elasticsearch [![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+ansible-elasticsearch+main.svg)](https://devops-ci.elastic.co/job/elastic+ansible-elasticsearch+main/) [![Ansible Galaxy](https://img.shields.io/badge/ansible--galaxy-elastic.elasticsearch-blue.svg)](https://galaxy.ansible.com/elastic/elasticsearch/) -⚠️ **This Ansible role is being deprecated and will not be updated to support Elasticsearch 8.0.0 and the following versions.** **THIS ROLE IS FOR 7.x & 6.x** From af05c6470ef63337deba7009eec6af3ea05e2193 Mon Sep 17 00:00:00 2001 From: Nassim Kammah Date: Fri, 24 Jun 2022 06:41:26 +0200 Subject: [PATCH 68/68] Add docs on running the role with 8.X (#847) * Add doc on 8.x support * Updating top level readme --- README.md | 14 +++--- docs/8x-support.md | 116 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 123 insertions(+), 7 deletions(-) create mode 100644 docs/8x-support.md diff --git a/README.md b/README.md index 342944c2..182cdaeb 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,10 @@ # ARCHIVED -This project is no longer maintained. For alternative getting started -experiences, you may want to try one of these options: +This project is no longer maintained. + +You are welcomed to keep using it and adapting it to work for your own needs, including with Elasticsearch [8.x](docs/8x-support.md). + +For alternative getting started experiences, you may want to try one of these options: - Start a [free trial on Elastic Cloud](https://www.elastic.co/cloud/elasticsearch-service/signup), our hosted service. - Take a look at [Elastic Cloud on Kubernetes (ECK)](https://elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html) for launching the stack via Kubernetes. @@ -9,13 +12,12 @@ experiences, you may want to try one of these options: - Take a look at the [Elastic Stack Terraform provider.](https://github.com/elastic/terraform-provider-elasticstack) # ansible-elasticsearch -[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+ansible-elasticsearch+main.svg)](https://devops-ci.elastic.co/job/elastic+ansible-elasticsearch+main/) [![Ansible Galaxy](https://img.shields.io/badge/ansible--galaxy-elastic.elasticsearch-blue.svg)](https://galaxy.ansible.com/elastic/elasticsearch/) -**THIS ROLE IS FOR 7.x & 6.x** +**THIS ROLE IS FOR 7.x & 6.x**, but should still work with 8.x (see [note](docs/8x-support.md)). -Ansible role for 7.x/6.x Elasticsearch. Currently this works on Debian and RedHat based linux systems. Tested platforms are: +Ansible role for 7.x/6.x Elasticsearch - tests used to run and pass on the below platforms: * Ubuntu 16.04 * Ubuntu 18.04 @@ -26,8 +28,6 @@ Ansible role for 7.x/6.x Elasticsearch. Currently this works on Debian and RedH * CentOS 7 * Amazon Linux 2 -The latest Elasticsearch versions of 7.x & 6.x are actively tested. - ## BREAKING CHANGES ### Notice about multi-instance support diff --git a/docs/8x-support.md b/docs/8x-support.md new file mode 100644 index 00000000..9e8d9807 --- /dev/null +++ b/docs/8x-support.md @@ -0,0 +1,116 @@ +# 8.x support + +In [December 2021](https://github.com/elastic/ansible-elasticsearch/pull/838), we made the hard decision to deprecate this Ansible playbook without adding support for Elasticsearch 8.X. +We acknowledge the impact this has had on many developers and organizations, and while we are not reverting the decision, we decided to share some guidelines around how to proceed from here, for folks wanting to keep using this playbook with Elasticsearch 8.X. + +--- + +At a high level, this role is expected to work in most cases for fresh installs and upgrades from 7.17+ by only overriding the `es_version` variable as long as the security is enforced properly using the [SSL/TLS doc](ssl-tls-setup.md). + +1. install the last released version of the role from galaxy: `ansible-galaxy install elastic.elasticsearch,v7.17.0` + +2. copy the TLS PKCS12 keystore and truststore (https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html#security-http-pkcs12-files) + +3. write a minimal playbook to deploy 8.2.3 on localhost: +```yaml +- hosts: localhost + roles: + - elastic.elasticsearch + vars: + es_version: 8.2.3 + es_api_basic_auth_username: elastic + es_api_basic_auth_password: changeme + es_enable_http_ssl: true + es_enable_transport_ssl: true + es_ssl_keystore: "certs/keystore-password.p12" + es_ssl_truststore: "certs/truststore-password.p12" + es_ssl_keystore_password: password1 + es_ssl_truststore_password: password2 + es_validate_certs: no +``` + +4. deploy locally: `ansible-playbook es.yml` + +## Context for the below experiment + +The intent is to assess if the current playbook can still work with ES 8.X and what modifications may be needed. The testing was done on Ubuntu 20.04 and CentOS7 GCP VMs. + +The only code change done in the Ansible playbook was the override of the `es_version` variable. + +### What is working + +- ✅ Deploying a standalone Elasticsearch cluster in 8.2.3 with the security example playbook from 7.x: +- ✅ managing Elasticsearch users +- ✅ upgrading a 7.17.0 standalone cluster **with security already enabled** to 8.2.3 +- ✅ managing Elasticsearch license + +The below configuration was used in the tests + +```yaml +- hosts: localhost + roles: + - elastic.elasticsearch + vars: + es_config: + xpack.security.authc.realms.file.file1.order: 0 + es_api_basic_auth_username: elastic + es_api_basic_auth_password: changeme + es_api_sleep: 5 + es_enable_http_ssl: true + es_enable_transport_ssl: true + es_ssl_keystore: "test/integration/files/certs/keystore-password.p12" + es_ssl_truststore: "test/integration/files/certs/truststore-password.p12" + es_ssl_keystore_password: password1 + es_ssl_truststore_password: password2 + es_validate_certs: no + es_users: + file: + es_admin: + password: changeMe + roles: + - admin + testUser: + password: changeMeAlso! + roles: + - power_user + - user + es_roles: + file: + admin: + cluster: + - all + indices: + - names: '*' + privileges: + - all + power_user: + cluster: + - monitor + indices: + - names: '*' + privileges: + - all + user: + indices: + - names: '*' + privileges: + - read +``` + +### What is not working + +**Deploying an 8.X cluster with the default Ansible configuration (no security) will not work.** + +When runnin Elasticsearch 8.x outside of Ansible without any security configuration, Elasticsearch will autogenerate a security configuration and still activate security. +However, when you run Elasticsearch 8.x as part of the Ansible role without any security configuration, this will fail because the Ansible role will not be able to retrieve and use the autogenerated security configuration. + +To tackle this, you always have to specify your own security configuration based on the [SSL/TLS doc](ssl-tls-setup.md). + + +### What has not been tested + +**Deploying a 3 nodes cluster** + +When trying to deploy a 3 nodes clusters, the nodes seem to be configured successfully but they aren't able to communicate together with the test certificates (the ones used in automated standalone tests). It's highly likely that the problem lies with the tests certs themselves and not with the role. + +Should you be able to deploy a multi-node clusters, you will most likely have to change the configuration to use the new `node.roles` parameter ([example](https://github.com/elastic/ansible-elasticsearch/pull/772)) instead of the `node.master` and `node.data` (which got deprecated in 7.9, but the role never got [fixed](https://github.com/elastic/ansible-elasticsearch/issues/731).