2016-07-22 23:44:27 +01:00
|
|
|
---
|
2017-03-16 21:06:17 +00:00
|
|
|
- name: Elasticsearch Xpack tests initial
|
2016-07-23 19:48:50 +01:00
|
|
|
hosts: localhost
|
2016-07-22 23:44:27 +01:00
|
|
|
roles:
|
2017-01-17 15:33:51 +00:00
|
|
|
- { role: elasticsearch, es_api_port: 9200, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300",
|
2017-01-11 13:02:23 +00:00
|
|
|
"xpack.security.authc.realms.file1.type": "file","xpack.security.authc.realms.file1.order": 0, "xpack.security.authc.realms.native1.type": "native","xpack.security.authc.realms.native1.order": 1 },
|
|
|
|
|
es_instance_name: "security_node" }
|
2016-07-22 23:44:27 +01:00
|
|
|
vars:
|
2017-01-17 12:00:49 +00:00
|
|
|
es_heap_size: "1g"
|
2016-07-23 20:23:56 +01:00
|
|
|
es_templates: true
|
2017-08-17 21:44:46 +01:00
|
|
|
es_version: "5.4.0"
|
2016-07-22 23:44:27 +01:00
|
|
|
es_enable_xpack: true
|
2017-01-04 13:23:22 +00:00
|
|
|
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
|
2016-07-24 17:39:44 +01:00
|
|
|
es_plugins:
|
2017-01-16 12:04:10 +00:00
|
|
|
- plugin: ingest-geoip
|
2016-07-22 23:44:27 +01:00
|
|
|
es_xpack_features:
|
2017-01-11 13:02:23 +00:00
|
|
|
- security
|
|
|
|
|
- alerting
|
2017-01-16 12:32:03 +00:00
|
|
|
es_api_basic_auth_username: elastic
|
|
|
|
|
es_api_basic_auth_password: changeme
|
2016-09-19 17:09:27 +01:00
|
|
|
es_message_auth_file: system_key
|
2016-09-19 13:57:09 +01:00
|
|
|
es_role_mapping:
|
|
|
|
|
power_user:
|
|
|
|
|
- "cn=admins,dc=example,dc=com"
|
|
|
|
|
user:
|
|
|
|
|
- "cn=users,dc=example,dc=com"
|
|
|
|
|
- "cn=admins,dc=example,dc=com"
|
2016-07-22 23:44:27 +01:00
|
|
|
es_users:
|
|
|
|
|
native:
|
|
|
|
|
kibana4_server:
|
|
|
|
|
password: changeMe
|
|
|
|
|
roles:
|
|
|
|
|
- kibana4_server
|
2017-09-19 20:11:09 +01:00
|
|
|
logstash_system:
|
|
|
|
|
#this should be successfully modified
|
|
|
|
|
password: aNewLogstashPassword
|
|
|
|
|
#this will be ignored
|
|
|
|
|
roles:
|
|
|
|
|
- kibana4_server
|
|
|
|
|
elastic:
|
|
|
|
|
password: elasticChanged
|
2016-07-22 23:44:27 +01:00
|
|
|
file:
|
|
|
|
|
es_admin:
|
|
|
|
|
password: changeMe
|
|
|
|
|
roles:
|
|
|
|
|
- admin
|
|
|
|
|
testUser:
|
|
|
|
|
password: changeMeAlso!
|
|
|
|
|
roles:
|
|
|
|
|
- power_user
|
|
|
|
|
- user
|
|
|
|
|
es_roles:
|
|
|
|
|
file:
|
|
|
|
|
admin:
|
|
|
|
|
cluster:
|
|
|
|
|
- all
|
|
|
|
|
indices:
|
|
|
|
|
- names: '*'
|
|
|
|
|
privileges:
|
|
|
|
|
- all
|
|
|
|
|
power_user:
|
|
|
|
|
cluster:
|
|
|
|
|
- monitor
|
|
|
|
|
indices:
|
|
|
|
|
- names: '*'
|
|
|
|
|
privileges:
|
|
|
|
|
- all
|
|
|
|
|
user:
|
|
|
|
|
indices:
|
|
|
|
|
- names: '*'
|
|
|
|
|
privileges:
|
|
|
|
|
- read
|
|
|
|
|
kibana4_server:
|
|
|
|
|
cluster:
|
|
|
|
|
- monitor
|
|
|
|
|
indices:
|
|
|
|
|
- names: '.kibana'
|
|
|
|
|
privileges:
|
|
|
|
|
- all
|
|
|
|
|
native:
|
|
|
|
|
logstash:
|
|
|
|
|
cluster:
|
|
|
|
|
- manage_index_templates
|
|
|
|
|
indices:
|
|
|
|
|
- names: 'logstash-*'
|
|
|
|
|
privileges:
|
|
|
|
|
- write
|
|
|
|
|
- delete
|
|
|
|
|
- create_index
|
2017-09-19 20:11:09 +01:00
|
|
|
#this will be ignored - its reserved
|
|
|
|
|
logstash_system:
|
|
|
|
|
cluster:
|
|
|
|
|
- manage_index_templates
|
|
|
|
|
indices:
|
|
|
|
|
- names: 'logstash-*'
|
|
|
|
|
privileges:
|
|
|
|
|
- write
|
|
|
|
|
- delete
|
|
|
|
|
- create_index
|
2016-07-22 23:44:27 +01:00
|
|
|
|
2017-03-16 21:06:17 +00:00
|
|
|
#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed.
|
|
|
|
|
- name: Elasticsearch Xpack modify
|
|
|
|
|
hosts: localhost
|
|
|
|
|
roles:
|
|
|
|
|
- { role: elasticsearch, es_api_port: 9200, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300",
|
|
|
|
|
"xpack.security.authc.realms.file1.type": "file","xpack.security.authc.realms.file1.order": 0, "xpack.security.authc.realms.native1.type": "native","xpack.security.authc.realms.native1.order": 1 },
|
|
|
|
|
es_instance_name: "security_node" }
|
|
|
|
|
vars:
|
|
|
|
|
es_heap_size: "1g"
|
|
|
|
|
es_templates: true
|
2017-08-17 21:44:46 +01:00
|
|
|
es_version: "5.5.1"
|
2017-03-16 21:06:17 +00:00
|
|
|
es_enable_xpack: true
|
|
|
|
|
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
|
|
|
|
|
es_plugins:
|
|
|
|
|
- plugin: ingest-attachment
|
|
|
|
|
es_xpack_features:
|
|
|
|
|
- security
|
|
|
|
|
- alerting
|
|
|
|
|
es_api_basic_auth_username: elastic
|
2017-09-19 20:11:09 +01:00
|
|
|
es_api_basic_auth_password: elasticChanged
|
2017-03-16 21:06:17 +00:00
|
|
|
es_role_mapping:
|
|
|
|
|
power_user:
|
|
|
|
|
- "cn=admins,dc=example,dc=com"
|
|
|
|
|
user:
|
|
|
|
|
- "cn=users,dc=example,dc=com"
|
|
|
|
|
- "cn=admins,dc=example,dc=com"
|
|
|
|
|
es_users:
|
|
|
|
|
native:
|
|
|
|
|
kibana4_server:
|
|
|
|
|
password: changeMe
|
|
|
|
|
roles:
|
|
|
|
|
- kibana4_server
|
2017-09-19 20:11:09 +01:00
|
|
|
logstash_system:
|
|
|
|
|
#this will be ignored
|
|
|
|
|
roles:
|
|
|
|
|
- kibana4_server
|
2017-03-16 21:06:17 +00:00
|
|
|
file:
|
|
|
|
|
es_admin:
|
|
|
|
|
password: changeMeAgain
|
|
|
|
|
roles:
|
|
|
|
|
- admin
|
|
|
|
|
testUser:
|
|
|
|
|
password: changeMeAlso!
|
|
|
|
|
roles:
|
|
|
|
|
- power_user
|
|
|
|
|
- user
|
