ansible-role-elasticsearch/test/integration/xpack-upgrade.yml

---
- name: Elasticsearch Xpack tests initial
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
  roles:
    - elasticsearch
  vars:
    es_config_6x:
      http.port: 9200
      xpack.security.authc.realms.file1.order: 0
      xpack.security.authc.realms.file1.type: file
      xpack.security.authc.realms.native1.order: 1
      xpack.security.authc.realms.native1.type: native
    es_config_7x:
      http.port: 9200
      xpack.security.authc.realms.file.file1.order: 0
      xpack.security.authc.realms.native.native1.order: 1
    es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
    es_heap_size: "1g"
    es_templates: true
    es_major_version: "7.x"
    es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
    es_xpack_license: "{{ lookup('file', '/tmp/license.json')  }}"
    es_plugins:
      - plugin: ingest-attachment
    es_xpack_features:
      - security
      - alerting
    es_api_basic_auth_username: elastic
    es_api_basic_auth_password: changeme
    es_role_mapping:
      power_user:
        - "cn=admins,dc=example,dc=com"
      user:
        - "cn=users,dc=example,dc=com"
        - "cn=admins,dc=example,dc=com"
    es_users:
      native:
        kibana4_server:
          password: changeMe
          roles:
            - kibana4_server
        logstash_system:
          #this should be successfully modified
          password: aNewLogstashPassword
          #this will be ignored
          roles:
            - kibana4_server
        elastic:
          password: elasticChanged
      file:
        es_admin:
          password: changeMe
          roles:
            - admin
        testUser:
          password: changeMeAlso!
          roles:
            - power_user
            - user
    es_roles:
      file:
        admin:
          cluster:
            - all
          indices:
            - names: '*'
              privileges:
                - all
        power_user:
          cluster:
            - monitor
          indices:
            - names: '*'
              privileges:
                - all
        user:
          indices:
            - names: '*'
              privileges:
                - read
        kibana4_server:
          cluster:
              - monitor
          indices:
            - names: '.kibana'
              privileges:
                - all
      native:
        logstash:
          cluster:
            - manage_index_templates
          indices:
            - names: 'logstash-*'
              privileges:
                - write
                - delete
                - create_index
        #this will be ignored - its reserved
        logstash_system:
          cluster:
            - manage_index_templates
          indices:
            - names: 'logstash-*'
              privileges:
                - write
                - delete
                - create_index

#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed.
- name: Elasticsearch Xpack modify
  hosts: localhost
  post_tasks:
    - include: elasticsearch/test/integration/debug.yml
  roles:
    - elasticsearch
  vars:
    es_config_6x:
      http.port: 9200
      xpack.security.authc.realms.file1.order: 0
      xpack.security.authc.realms.file1.type: file
      xpack.security.authc.realms.native1.order: 1
      xpack.security.authc.realms.native1.type: native
    es_config_7x:
      http.port: 9200
      xpack.security.authc.realms.file.file1.order: 0
      xpack.security.authc.realms.native.native1.order: 1
    es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
    es_heap_size: "1g"
    es_templates: true
    es_xpack_license: "{{ lookup('file', '/tmp/license.json')  }}"
    es_plugins:
      - plugin: ingest-attachment
    es_xpack_features:
      - security
      - alerting
    es_api_basic_auth_username: elastic
    es_api_basic_auth_password: elasticChanged
    es_role_mapping:
      power_user:
        - "cn=admins,dc=example,dc=com"
      user:
        - "cn=users,dc=example,dc=com"
        - "cn=admins,dc=example,dc=com"
    es_users:
      native:
        kibana4_server:
          password: changeMe
          roles:
            - kibana4_server
        logstash_system:
          #this will be ignored
          roles:
            - kibana4_server
      file:
        es_admin:
          password: changeMeAgain
          roles:
            - admin
        testUser:
          password: changeMeAlso!
          roles:
            - power_user
            - user
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`---`
			`- name: Elasticsearch Xpack tests initial`
			`hosts: localhost`
Move all shared tests into the shared test helper 2018-06-19 21:17:10 +02:00			`post_tasks:`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`- include: elasticsearch/test/integration/debug.yml`
			`roles:`
Move all shared tests into the shared test helper 2018-06-19 21:17:10 +02:00			`- elasticsearch`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`vars:`
[7.x] add support for elasticsearch 7.x and remove support for 5.x (#558) - add support for elasticsearch 7.x - remove support for elasticsearch 5.x - update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories) - replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html) - update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play) - update index template structure for 7.x - update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting) 2019-05-09 09:06:02 +02:00			`es_config_6x:`
Move all shared tests into the shared test helper 2018-06-19 21:17:10 +02:00			`http.port: 9200`
			`xpack.security.authc.realms.file1.order: 0`
[7.x] add support for elasticsearch 7.x and remove support for 5.x (#558) - add support for elasticsearch 7.x - remove support for elasticsearch 5.x - update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories) - replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html) - update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play) - update index template structure for 7.x - update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting) 2019-05-09 09:06:02 +02:00			`xpack.security.authc.realms.file1.type: file`
Move all shared tests into the shared test helper 2018-06-19 21:17:10 +02:00			`xpack.security.authc.realms.native1.order: 1`
[7.x] add support for elasticsearch 7.x and remove support for 5.x (#558) - add support for elasticsearch 7.x - remove support for elasticsearch 5.x - update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories) - replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html) - update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play) - update index template structure for 7.x - update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting) 2019-05-09 09:06:02 +02:00			`xpack.security.authc.realms.native1.type: native`
			`es_config_7x:`
			`http.port: 9200`
			`xpack.security.authc.realms.file.file1.order: 0`
			`xpack.security.authc.realms.native.native1.order: 1`
			`es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`es_heap_size: "1g"`
			`es_templates: true`
[7.x] add support for elasticsearch 7.x and remove support for 5.x (#558) - add support for elasticsearch 7.x - remove support for elasticsearch 5.x - update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories) - replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html) - update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play) - update index template structure for 7.x - update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting) 2019-05-09 09:06:02 +02:00			`es_major_version: "7.x"`
			`es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"`
			`es_plugins:`
[7.x] add support for elasticsearch 7.x and remove support for 5.x (#558) - add support for elasticsearch 7.x - remove support for elasticsearch 5.x - update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories) - replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html) - update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play) - update index template structure for 7.x - update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting) 2019-05-09 09:06:02 +02:00			`- plugin: ingest-attachment`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`es_xpack_features:`
			`- security`
			`- alerting`
			`es_api_basic_auth_username: elastic`
			`es_api_basic_auth_password: changeme`
			`es_role_mapping:`
			`power_user:`
			`- "cn=admins,dc=example,dc=com"`
			`user:`
			`- "cn=users,dc=example,dc=com"`
			`- "cn=admins,dc=example,dc=com"`
			`es_users:`
			`native:`
			`kibana4_server:`
			`password: changeMe`
			`roles:`
			`- kibana4_server`
			`logstash_system:`
			`#this should be successfully modified`
			`password: aNewLogstashPassword`
			`#this will be ignored`
			`roles:`
			`- kibana4_server`
			`elastic:`
			`password: elasticChanged`
			`file:`
			`es_admin:`
			`password: changeMe`
			`roles:`
			`- admin`
			`testUser:`
			`password: changeMeAlso!`
			`roles:`
			`- power_user`
			`- user`
			`es_roles:`
			`file:`
			`admin:`
			`cluster:`
			`- all`
			`indices:`
			`- names: '*'`
			`privileges:`
			`- all`
			`power_user:`
			`cluster:`
			`- monitor`
			`indices:`
			`- names: '*'`
			`privileges:`
			`- all`
			`user:`
			`indices:`
			`- names: '*'`
			`privileges:`
			`- read`
			`kibana4_server:`
			`cluster:`
			`- monitor`
			`indices:`
			`- names: '.kibana'`
			`privileges:`
			`- all`
			`native:`
			`logstash:`
			`cluster:`
			`- manage_index_templates`
			`indices:`
			`- names: 'logstash-*'`
			`privileges:`
			`- write`
			`- delete`
			`- create_index`
			`#this will be ignored - its reserved`
			`logstash_system:`
			`cluster:`
			`- manage_index_templates`
			`indices:`
			`- names: 'logstash-*'`
			`privileges:`
			`- write`
			`- delete`
			`- create_index`

			`#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed.`
			`- name: Elasticsearch Xpack modify`
			`hosts: localhost`
Move all shared tests into the shared test helper 2018-06-19 21:17:10 +02:00			`post_tasks:`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`- include: elasticsearch/test/integration/debug.yml`
			`roles:`
Move all shared tests into the shared test helper 2018-06-19 21:17:10 +02:00			`- elasticsearch`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`vars:`
[7.x] add support for elasticsearch 7.x and remove support for 5.x (#558) - add support for elasticsearch 7.x - remove support for elasticsearch 5.x - update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories) - replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html) - update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play) - update index template structure for 7.x - update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting) 2019-05-09 09:06:02 +02:00			`es_config_6x:`
Move all shared tests into the shared test helper 2018-06-19 21:17:10 +02:00			`http.port: 9200`
			`xpack.security.authc.realms.file1.order: 0`
[7.x] add support for elasticsearch 7.x and remove support for 5.x (#558) - add support for elasticsearch 7.x - remove support for elasticsearch 5.x - update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories) - replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html) - update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play) - update index template structure for 7.x - update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting) 2019-05-09 09:06:02 +02:00			`xpack.security.authc.realms.file1.type: file`
Move all shared tests into the shared test helper 2018-06-19 21:17:10 +02:00			`xpack.security.authc.realms.native1.order: 1`
[7.x] add support for elasticsearch 7.x and remove support for 5.x (#558) - add support for elasticsearch 7.x - remove support for elasticsearch 5.x - update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories) - replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html) - update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play) - update index template structure for 7.x - update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting) 2019-05-09 09:06:02 +02:00			`xpack.security.authc.realms.native1.type: native`
			`es_config_7x:`
			`http.port: 9200`
			`xpack.security.authc.realms.file.file1.order: 0`
			`xpack.security.authc.realms.native.native1.order: 1`
			`es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"`
Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine 2018-06-19 10:39:16 +02:00			`es_heap_size: "1g"`
			`es_templates: true`
			`es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"`
			`es_plugins:`
			`- plugin: ingest-attachment`
			`es_xpack_features:`
			`- security`
			`- alerting`
			`es_api_basic_auth_username: elastic`
			`es_api_basic_auth_password: elasticChanged`
			`es_role_mapping:`
			`power_user:`
			`- "cn=admins,dc=example,dc=com"`
			`user:`
			`- "cn=users,dc=example,dc=com"`
			`- "cn=admins,dc=example,dc=com"`
			`es_users:`
			`native:`
			`kibana4_server:`
			`password: changeMe`
			`roles:`
			`- kibana4_server`
			`logstash_system:`
			`#this will be ignored`
			`roles:`
			`- kibana4_server`
			`file:`
			`es_admin:`
			`password: changeMeAgain`
			`roles:`
			`- admin`
			`testUser:`
			`password: changeMeAlso!`
			`roles:`
			`- power_user`
			`- user`