Shield to Security and other X-Pack clear up

README.md

@@ -119,7 +119,6 @@ A more complex example:
     es_plugins_reinstall: false
     es_plugins:
         - plugin: license
-        - plugin: marvel-agent
         - plugin: lmenezes/elasticsearch-kopf
           version: master
           proxy_host: proxy.example.com
@@ -214,7 +213,7 @@ ansible-playbook -i hosts ./your-playbook.yml
 X-Pack features, such as Security, are supported. This feature is currently experimental.  To enable X-Pack set the parameter `es_enable_xpack` to true and list the required features in the parameter `es_xpack_features`.  The following additional parameters allow X-Pack to be configured:
 
 * ```es_message_auth_file``` System Key field to allow message authentication. This file should be placed in the 'files' directory.
-* ```es_role_mapping``` Role mappings file declared as yml as described [here](https://www.elastic.co/guide/en/shield/current/mapping-roles.html)
+* ```es_role_mapping``` Role mappings file declared as yml as described [here](https://www.elastic.co/guide/en/x-pack/current/mapping-roles.html)
 
 ```
 es_role_mapping:
@@ -247,7 +246,7 @@ es_users:
 ```
             
             
-* ```es_roles``` - Elasticsearch roles can be declared here as yml. Two sub keys 'native' and 'file' determine how the role is created i.e. either through a file or http(native) call.  Beneath each key list the roles with appropriate permissions, using the file based format described [here] (https://www.elastic.co/guide/en/shield/current/_file_based_roles.html) e.g.
+* ```es_roles``` - Elasticsearch roles can be declared here as yml. Two sub keys 'native' and 'file' determine how the role is created i.e. either through a file or http(native) call.  Beneath each key list the roles with appropriate permissions, using the file based format described [here] (https://www.elastic.co/guide/en/x-pack/current/file-realm.html) e.g.
 
 ```
 es_roles:
@@ -312,7 +311,7 @@ Following variables affect the versions installed:
 * ```es_version``` (e.g. "5.1.1").  
 * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost".
 * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200.
-* ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Shield is enabled. Ensure this user is admin.
+* ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin.
 * ```es_api_basic_auth_password``` The password associated with the user declared in `es_api_basic_auth_username`
 * ```es_start_service``` (true (default) or false)
 * ```es_plugins_reinstall``` (true or false (default) )
@@ -331,9 +330,9 @@ es_java_opts:
   - "-Djava.io.tmpdir=/data/tmp/elasticsearch"
 ```
 
-Earlier examples illustrate the installation of plugins using `es_plugins`.  For officially supported plugins no version or source delimiter is required. The plugin script will determine the appropriate plugin version based on the target Elasticsearch version.  For community based plugins include the full path e.g. "lmenezes/elasticsearch-kopf" and the appropriate version for the target version of Elasticsearch.  This approach should NOT be used for X-Pack related plugins e.g. Shield.  See X-Pack below for details here.
+Earlier examples illustrate the installation of plugins using `es_plugins`.  For officially supported plugins no version or source delimiter is required. The plugin script will determine the appropriate plugin version based on the target Elasticsearch version.  For community based plugins include the full path e.g. "lmenezes/elasticsearch-kopf" and the appropriate version for the target version of Elasticsearch.  This approach should NOT be used for X-Pack related plugins e.g. Security.  See X-Pack below for details here.
  
-If installing Marvel or Watcher, ensure the license plugin is also specified.  Shield configuration is currently not supported but planned for later versions.
+If installing Monitoring or Alerting, ensure the license plugin is also specified.  Security configuration is currently not supported but planned for later versions.
 
 * ```es_user``` - defaults to elasticsearch.
 * ```es_group``` - defaults to elasticsearch.
@@ -385,7 +384,7 @@ all supported platforms.
 * The role aims to be idempotent.  Running the role multiple times, with no changes, should result in no state change on the server.  If the configuration is changed, these will be applied and 
 Elasticsearch restarted where required.
 * Systemd is used for Ubuntu versions >= 15, Debian >=8, Centos >=7.  All other versions use init for service scripts.
-* In order to run x-pack tests a license file with shield enabled is required. A trial license is appropriate. Set the environment variable `ES_XPACK_LICENSE_FILE` to the full path of the license file prior to running tests.
+* In order to run x-pack tests a license file with security enabled is required. A trial license is appropriate. Set the environment variable `ES_XPACK_LICENSE_FILE` to the full path of the license file prior to running tests.
 
 ## IMPORTANT NOTES RE PLUGIN MANAGEMENT
 

handlers/elasticsearch-templates.yml

@@ -17,7 +17,7 @@
     status_code: 200
     body_format: json
     body: "{{ lookup('file', item.path) }}"
-  when: not es_enable_xpack or not es_xpack_features is defined or not '"shield" in es_xpack_features'
+  when: not es_enable_xpack or not es_xpack_features is defined or not '"security" in es_xpack_features'
   with_items: "{{ templates.files }}"
 
 - name: Install templates with auth
@@ -30,5 +30,5 @@
     force_basic_auth: yes
     body_format: json
     body: "{{ lookup('file', item.path) }}"
-  when: es_enable_xpack and es_xpack_features is defined and '"shield" in es_xpack_features'
+  when: es_enable_xpack and es_xpack_features is defined and '"security" in es_xpack_features'
   with_items: "{{ templates.files }}"

handlers/main.yml

@@ -7,10 +7,10 @@
   when: es_restart_on_change and es_start_service and ((plugin_installed is defined and plugin_installed.changed) or (config_updated is defined and config_updated.changed) or (xpack_state.changed) or (debian_elasticsearch_install_from_repo.changed or redhat_elasticsearch_install_from_repo.changed or elasticsearch_install_from_package.changed))
 
 # All security specific actions should go in here
-- name: activate-shield
-  include: ./handlers/shield/elasticsearch-shield.yml
+- name: activate-security
+  include: ./handlers/security/elasticsearch-security.yml
 
-#Templates are a handler as they need to come after a restart e.g. suppose user removes shield on a running node and doesn't
+#Templates are a handler as they need to come after a restart e.g. suppose user removes security on a running node and doesn't
 #specify es_api_basic_auth_username and es_api_basic_auth_password.  The templates will subsequently not be removed if we don't wait for the node to restart.
 #Templates done after restart therefore - as a handler.
 

handlers/security/elasticsearch-security-native.yml

@@ -14,12 +14,12 @@
 - name: Wait 15 seconds for the Native Relm to come up
   pause: seconds=15
 
-#If the node has just has shield installed it maybe either stopped or started 1. if stopped, we need to start to load native realms 2. if started, we need to restart to load
+#If the node has just has security installed it maybe either stopped or started 1. if stopped, we need to start to load native realms 2. if started, we need to restart to load
 
 #List current users
 - name: List Native Users
   uri:
-    url: http://{{es_api_host}}:{{es_api_port}}/_shield/user
+    url: http://{{es_api_host}}:{{es_api_port}}/_xpack/security/user
     method: GET
     user: "{{es_api_basic_auth_username}}"
     password: "{{es_api_basic_auth_password}}"
@@ -40,7 +40,7 @@
 #Delete all non required users
 - name: Delete Native Users
   uri:
-    url: http://{{es_api_host}}:{{es_api_port}}/_shield/user/{{item}}
+    url: http://{{es_api_host}}:{{es_api_port}}/_xpack/security/user/{{item}}
     method: DELETE
     status_code: 200
     user: "{{es_api_basic_auth_username}}"
@@ -53,7 +53,7 @@
 #Overwrite all other users
 - name: Update Native Users
   uri:
-    url: http://{{es_api_host}}:{{es_api_port}}/_shield/user/{{item.key}}
+    url: http://{{es_api_host}}:{{es_api_port}}/_xpack/security/{{item.key}}
     method: POST
     body_format: json
     body: "{{item.value | to_json}}"
@@ -69,7 +69,7 @@
 
 - name: List Native Roles
   uri:
-    url: http://{{es_api_host}}:{{es_api_port}}/_shield/role
+    url: http://{{es_api_host}}:{{es_api_port}}/_xpack/security/role
     method: GET
     body_format: json
     user: "{{es_api_basic_auth_username}}"
@@ -93,7 +93,7 @@
 #Delete all non required roles
 - name: Delete Native Roles
   uri:
-    url: http://{{es_api_host}}:{{es_api_port}}/_shield/role/{{item}}
+    url: http://{{es_api_host}}:{{es_api_port}}/_xpack/security/role/{{item}}
     method: DELETE
     status_code: 200
     user: "{{es_api_basic_auth_username}}"
@@ -106,7 +106,7 @@
 #Update other roles
 - name: Update Native Roles
   uri:
-    url: http://{{es_api_host}}:{{es_api_port}}/_shield/role/{{item.key}}
+    url: http://{{es_api_host}}:{{es_api_port}}/_xpack/security/role/{{item.key}}
     method: POST
     body_format: json
     body: "{{item.value | to_json}}"

handlers/security/elasticsearch-security.yml

@@ -6,9 +6,9 @@
   wait_for: host={{es_api_host}} port={{es_api_port}} delay=10
   
 - name: activate-license
-  include: ./handlers/shield/elasticsearch-xpack-activation.yml
+  include: ./handlers/security/elasticsearch-xpack-activation.yml
   when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != ''
 
 - name: load-native-realms
-  include: ./handlers/shield/elasticsearch-shield-native.yml
+  include: ./handlers/security/elasticsearch-security-native.yml
   when: (es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined)

handlers/security/elasticsearch-xpack-activation.yml

@@ -1,6 +1,6 @@
 ---
 
-- name: Activate ES license (without shield authentication)
+- name: Activate ES license (without security authentication)
   uri:
     method: PUT
     url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true"
@@ -9,13 +9,13 @@
     return_content: yes
   register: license_activated
   no_log: True
-  when: not '"shield" in es_xpack_features'
+  when: not '"security" in es_xpack_features'
   failed_when: >
     license_activated.status != 200 or
     license_activated.json.license_status is not defined or
     license_activated.json.license_status != 'valid'
 
-- name: Activate ES license (with shield authentication)
+- name: Activate ES license (with security authentication)
   uri:
     method: PUT
     url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true"
@@ -27,7 +27,7 @@
     return_content: yes
   register: license_activated
   no_log: True
-  when: '"shield" in es_xpack_features'
+  when: '"security" in es_xpack_features'
   failed_when: >
     license_activated.status != 200 or
     license_activated.json.license_status is not defined or

tasks/elasticsearch-config.yml

@@ -79,8 +79,8 @@
 - name: Delete Default Logging File
   file: dest=/etc/elasticsearch/logging.yml state=absent
 
-- name: Delete Default Logging File (5.x)
+- name: Delete Default Logging File
   file: dest=/etc/elasticsearch/log4j2.properties state=absent
 
-- name: Delete Default JVM Options File (5.x)
+- name: Delete Default JVM Options File
   file: dest=/etc/elasticsearch/jvm.options state=absent

tasks/elasticsearch-parameters.yml

@@ -19,9 +19,9 @@
 - fail: msg="If locking memory with bootstrap.mlockall (or bootstrap.memory_lock) a heap size must be specified"
   when: (es_config['bootstrap.mlockall'] is defined or es_config['bootstrap.memory_lock'] is defined) and es_config['bootstrap.mlockall'] == True and es_heap_size is not defined
 
-#Check if working with shield we have an es_api_basic_auth_username and es_api_basic_auth_username - otherwise any http calls wont work
-- fail: msg="Enabling shield requires an es_api_basic_auth_username and es_api_basic_auth_password to be provided to allow cluster operations"
-  when: es_enable_xpack and ("shield" in es_xpack_features) and es_api_basic_auth_username is not defined and es_api_basic_auth_password is not defined
+#Check if working with security we have an es_api_basic_auth_username and es_api_basic_auth_username - otherwise any http calls wont work
+- fail: msg="Enabling security requires an es_api_basic_auth_username and es_api_basic_auth_password to be provided to allow cluster operations"
+  when: es_enable_xpack and ("security" in es_xpack_features) and es_api_basic_auth_username is not defined and es_api_basic_auth_password is not defined
 
 - set_fact: instance_default_file={{default_file | dirname}}/{{es_instance_name}}_{{default_file | basename}}
 - set_fact: instance_init_script={{init_script | dirname }}/{{es_instance_name}}_{{init_script | basename}}

tasks/xpack/elasticsearch-xpack.yml

@@ -46,8 +46,8 @@
 - include: elasticsearch-xpack-install.yml
   with_items: "{{supported_xpack_features}}"
 
-#Shield configuration
-- include: shield/elasticsearch-shield.yml
+#Security configuration
+- include: security/elasticsearch-security.yml
 
 #Add any feature specific configuration here
 - name: Set Plugin Directory Permissions

tasks/xpack/shield/elasticsearch-security-file.yml

@@ -1,15 +1,15 @@
 ---
 - set_fact: manage_file_users=es_users is defined and es_users.file is defined
 
-#Ensure shield conf directory is created
-- name: Ensure shield conf directory exists (file)
-  file: path={{ conf_dir }}/shield state=directory owner={{ es_user }} group={{ es_group }}
+#Ensure x-pack conf directory is created
+- name: Ensure x-pack conf directory exists (file)
+  file: path={{ conf_dir }}/x-pack state=directory owner={{ es_user }} group={{ es_group }}
   changed_when: False
-  when: es_enable_xpack and '"shield" in es_xpack_features'
+  when: es_enable_xpack and '"security" in es_xpack_features'
 
 #List current users
 - name: List Users
-  shell: cat {{conf_dir}}/shield/users | awk -F':' '{print $1}'
+  shell: cat {{conf_dir}}/x-pack/users | awk -F':' '{print $1}'
   register: current_file_users
   when: manage_file_users
   changed_when: False
@@ -20,7 +20,7 @@
 #Remove users
 - name: Remove Users
   command: >
-    {{es_home}}/bin/shield/esusers userdel {{item}}
+    {{es_home}}/bin/x-pack/users userdel {{item}}
   when: manage_file_users and (users_to_remove | length > 0)
   with_items: "{{users_to_remove | default([])}}"
   environment:
@@ -34,7 +34,7 @@
 #Add users
 - name: Add Users
   command: >
-    {{es_home}}/bin/shield/esusers useradd {{item}} -p {{es_users.file[item].password}}
+    {{es_home}}/bin/x-pack/users useradd {{item}} -p {{es_users.file[item].password}}
   with_items: "{{users_to_add | default([])}}"
   when: manage_file_users and users_to_add | length > 0
   no_log: True
@@ -45,7 +45,7 @@
 #Set passwords for all users declared - Required as the useradd will not change existing user passwords
 - name: Set User Passwords
   command: >
-    {{es_home}}/bin/shield/esusers passwd {{item.key}} -p {{item.value.password}}
+    {{es_home}}/bin/x-pack/users passwd {{item.key}} -p {{item.value.password}}
   with_dict: "{{(es_users | default({'file':{}})).file}}"
   when: manage_file_users and es_users.file.keys() | length > 0
   #Currently no easy way to figure out if the password has changed or to know what it currently is so we can skip.
@@ -60,14 +60,14 @@
 
 #Copy Roles files
 - name: Copy roles.yml File for Instance
-  template: src=shield/roles.yml.j2 dest={{conf_dir}}/shield/roles.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
+  template: src=security/roles.yml.j2 dest={{conf_dir}}/x-pack/roles.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
   when: es_roles is defined and es_roles.file is defined
 
 #Overwrite users_roles file
 - name: Copy User Roles
-  template: src=shield/users_roles.j2 dest={{conf_dir}}/shield/users_roles mode=0644 force=yes
+  template: src=security/users_roles.j2 dest={{conf_dir}}/x-pack/users_roles mode=0644 force=yes
   when: manage_file_users and users_roles | length > 0
 
-#Set permission on shield directory. E.g. if 2 nodes are installed on the same machine, the second node will not get the users file created at install, causing the files being created at es_users call and then having the wrong Permissions.
-- name: Set Shield Directory Permissions Recursive
-  file: state=directory path={{conf_dir}}/shield/ owner={{ es_user }} group={{ es_group }} recurse=yes
+#Set permission on security directory. E.g. if 2 nodes are installed on the same machine, the second node will not get the users file created at install, causing the files being created at es_users call and then having the wrong Permissions.
+- name: Set Security Directory Permissions Recursive
+  file: state=directory path={{conf_dir}}/x-pack/ owner={{ es_user }} group={{ es_group }} recurse=yes

tasks/xpack/shield/elasticsearch-security.yml

@@ -0,0 +1,36 @@
+---
+#Security specific configuration done here
+
+#TODO: 1. Skip users with no password defined or error 2. Passwords | length > 6
+
+#-----------------------------FILE BASED REALM----------------------------------------
+
+- include: elasticsearch-security-file.yml
+  when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.file) or (es_roles is defined and es_roles.file is defined))
+
+#-----------------------------NATIVE BASED REALM----------------------------------------
+# The native realm requires the node to be started so we do as a handler
+- command: /bin/true
+  notify: activate-security
+  when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined))
+
+#-----------------------------ROLE MAPPING ----------------------------------------
+
+#Copy Roles files
+- name: Copy role_mapping.yml File for Instance
+  template: src=security/role_mapping.yml.j2 dest={{conf_dir}}/x-pack/role_mapping.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
+  when: es_role_mapping is defined
+
+#-----------------------------AUTH FILE----------------------------------------
+
+- name: Copy message auth key to elasticsearch
+  copy: src={{ es_message_auth_file }} dest={{conf_dir}}/x-pack/system_key owner={{ es_user }} group={{ es_group }} mode=0600 force=yes
+  when: es_message_auth_file is defined
+
+#------------------------------------------------------------------------------------
+
+#Ensure security conf directory is created
+- name: Ensure security conf directory exists
+  file: path={{ conf_dir }}/security state=directory owner={{ es_user }} group={{ es_group }}
+  changed_when: False
+  when: es_enable_xpack and '"security" in es_xpack_features'

tasks/xpack/shield/elasticsearch-shield.yml

@@ -1,36 +0,0 @@
----
-#Shield specific configuration done here
-
-#TODO: 1. Skip users with no password defined or error 2. Passwords | length > 6
-
-#-----------------------------FILE BASED REALM----------------------------------------
-
-- include: elasticsearch-shield-file.yml
-  when: (es_enable_xpack and '"shield" in es_xpack_features') and ((es_users is defined and es_users.file) or (es_roles is defined and es_roles.file is defined))
-
-#-----------------------------NATIVE BASED REALM----------------------------------------
-# The native realm requires the node to be started so we do as a handler
-- command: /bin/true
-  notify: activate-shield
-  when: (es_enable_xpack and '"shield" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined))
-
-#-----------------------------ROLE MAPPING ----------------------------------------
-
-#Copy Roles files
-- name: Copy role_mapping.yml File for Instance
-  template: src=shield/role_mapping.yml.j2 dest={{conf_dir}}/shield/role_mapping.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
-  when: es_role_mapping is defined
-
-#-----------------------------AUTH FILE----------------------------------------
-
-- name: Copy message auth key to elasticsearch
-  copy: src={{ es_message_auth_file }} dest={{conf_dir}}/shield/system_key owner={{ es_user }} group={{ es_group }} mode=0600 force=yes
-  when: es_message_auth_file is defined
-
-#------------------------------------------------------------------------------------
-
-#Ensure shield conf directory is created
-- name: Ensure shield conf directory exists
-  file: path={{ conf_dir }}/shield state=directory owner={{ es_user }} group={{ es_group }}
-  changed_when: False
-  when: es_enable_xpack and '"shield" in es_xpack_features'

test/integration/helpers/serverspec/xpack_spec.rb

@@ -6,7 +6,7 @@ shared_examples 'xpack::init' do |es_version|
     it { should exist }
   end
 
-  describe service('shield_node_elasticsearch') do
+  describe service('security_node_elasticsearch') do
     it { should be_running }
   end
 
@@ -14,23 +14,23 @@ shared_examples 'xpack::init' do |es_version|
     it { should be_installed }
   end
 
-  describe file('/etc/elasticsearch/shield_node/elasticsearch.yml') do
+  describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
     it { should be_file }
     it { should be_owned_by 'elasticsearch' }
   end
 
-  describe file('/etc/elasticsearch/shield_node/logging.yml') do
+  describe file('/etc/elasticsearch/security_node/logging.yml') do
     it { should be_file }
     it { should be_owned_by 'elasticsearch' }
   end
 
-  describe file('/etc/elasticsearch/shield_node/elasticsearch.yml') do
-    it { should contain 'node.name: localhost-shield_node' }
+  describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
+    it { should contain 'node.name: localhost-security_node' }
     it { should contain 'cluster.name: elasticsearch' }
-    it { should contain 'path.conf: /etc/elasticsearch/shield_node' }
-    it { should contain 'path.data: /var/lib/elasticsearch/localhost-shield_node' }
-    it { should contain 'path.work: /tmp/elasticsearch/localhost-shield_node' }
-    it { should contain 'path.logs: /var/log/elasticsearch/localhost-shield_node' }
+    it { should contain 'path.conf: /etc/elasticsearch/security_node' }
+    it { should contain 'path.data: /var/lib/elasticsearch/localhost-security_node' }
+    it { should contain 'path.work: /tmp/elasticsearch/localhost-security_node' }
+    it { should contain 'path.logs: /var/log/elasticsearch/localhost-security_node' }
   end
 
   describe 'Node listening' do
@@ -78,7 +78,7 @@ shared_examples 'xpack::init' do |es_version|
   end
 
 
-  #Check shield,watcher and license plugins are installed
+  #Check security,watcher and license plugins are installed
   describe file('/usr/share/elasticsearch/plugins/license') do
     it { should be_directory }
     it { should be_owned_by 'elasticsearch' }
@@ -97,16 +97,16 @@ shared_examples 'xpack::init' do |es_version|
     end
   end
 
-  describe file('/usr/share/elasticsearch/plugins/shield') do
+  describe file('/usr/share/elasticsearch/plugins/security') do
     it { should be_directory }
     it { should be_owned_by 'elasticsearch' }
   end
 
-  describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMe | grep shield') do
+  describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMe | grep security') do
     its(:exit_status) { should eq 0 }
   end
 
-  describe file('/etc/elasticsearch/shield_node/shield') do
+  describe file('/etc/elasticsearch/security_node/security') do
     it { should be_directory }
     it { should be_owned_by 'elasticsearch' }
   end
@@ -149,20 +149,20 @@ shared_examples 'xpack::init' do |es_version|
 
 
   #Test users file, users_roles and roles.yml
-  describe file('/etc/elasticsearch/shield_node/shield/users_roles') do
+  describe file('/etc/elasticsearch/security_node/x-pack/users_roles') do
     it { should be_owned_by 'elasticsearch' }
     it { should contain 'admin:es_admin' }
     it { should contain 'power_user:testUser' }
   end
 
-  describe file('/etc/elasticsearch/shield_node/shield/users') do
+  describe file('/etc/elasticsearch/security_node/x-pack/users') do
     it { should be_owned_by 'elasticsearch' }
     it { should contain 'testUser:' }
     it { should contain 'es_admin:' }
   end
 
 
-  describe file('/etc/elasticsearch/shield_node/shield/roles.yml') do
+  describe file('/etc/elasticsearch/security_node/x-pack/roles.yml') do
     it { should be_owned_by 'elasticsearch' }
     #Test contents as expected
     its(:md5sum) { should eq '7800182547287abd480c8b095bf26e9e' }
@@ -170,19 +170,19 @@ shared_examples 'xpack::init' do |es_version|
 
 
   #Test native roles and users are loaded
-  describe command('curl -s localhost:9200/_shield/user -u es_admin:changeMe | md5sum | grep 557a730df7136694131b5b7012a5ffad') do
+  describe command('curl -s localhost:9200/_xpack/security/user -u es_admin:changeMe | md5sum | grep 557a730df7136694131b5b7012a5ffad') do
     its(:exit_status) { should eq 0 }
   end
 
-  describe command('curl -s localhost:9200/_shield/user -u es_admin:changeMe | grep "{\"kibana4_server\":{\"username\":\"kibana4_server\",\"roles\":\[\"kibana4_server\"\],\"full_name\":null,\"email\":null,\"metadata\":{}}}"') do
+  describe command('curl -s localhost:9200/_xpack/security/user -u es_admin:changeMe | grep "{\"kibana4_server\":{\"username\":\"kibana4_server\",\"roles\":\[\"kibana4_server\"\],\"full_name\":null,\"email\":null,\"metadata\":{}}}"') do
     its(:exit_status) { should eq 0 }
   end
 
-  describe command('curl -s localhost:9200/_shield/role -u es_admin:changeMe | grep "{\"logstash\":{\"cluster\":\[\"manage_index_templates\"\],\"indices\":\[{\"names\":\[\"logstash-\*\"\],\"privileges\":\[\"write\",\"delete\",\"create_index\"\]}\],\"run_as\":\[\]}}"') do
+  describe command('curl -s localhost:9200/_xpack/security/role -u es_admin:changeMe | grep "{\"logstash\":{\"cluster\":\[\"manage_index_templates\"\],\"indices\":\[{\"names\":\[\"logstash-\*\"\],\"privileges\":\[\"write\",\"delete\",\"create_index\"\]}\],\"run_as\":\[\]}}"') do
     its(:exit_status) { should eq 0 }
   end
 
-  describe command('curl -s localhost:9200/_shield/role -u es_admin:changeMe | md5sum | grep 6d14f09ef1eea64adf4d4a9c04229629') do
+  describe command('curl -s localhost:9200/_xpack/security/role -u es_admin:changeMe | md5sum | grep 6d14f09ef1eea64adf4d4a9c04229629') do
     its(:exit_status) { should eq 0 }
   end
 
@@ -213,15 +213,15 @@ shared_examples 'xpack::init' do |es_version|
   end
 
   #Test contents of Elasticsearch.yml file
-  describe file('/etc/elasticsearch/shield_node/elasticsearch.yml') do
-    it { should contain 'shield.authc.realms.file1.order: 0' }
-    it { should contain 'shield.authc.realms.file1.type: file' }
-    it { should contain 'shield.authc.realms.native1.order: 1' }
-    it { should contain 'shield.authc.realms.native1.type: native' }
+  describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
+    it { should contain 'security.authc.realms.file1.order: 0' }
+    it { should contain 'security.authc.realms.file1.type: file' }
+    it { should contain 'security.authc.realms.native1.order: 1' }
+    it { should contain 'security.authc.realms.native1.type: native' }
   end
 
   #Test contents of role_mapping.yml
-  describe file('/etc/elasticsearch/shield_node/shield/role_mapping.yml') do
+  describe file('/etc/elasticsearch/security_node/x-pack/role_mapping.yml') do
     it { should be_owned_by 'elasticsearch' }
     it { should contain 'power_user:' }
     it { should contain '- cn=admins,dc=example,dc=com' }
@@ -230,7 +230,7 @@ shared_examples 'xpack::init' do |es_version|
   end
 
 
-  describe file('/etc/elasticsearch/shield_node/shield/system_key') do
+  describe file('/etc/elasticsearch/security_node/x-pack/system_key') do
     it { should be_owned_by 'elasticsearch' }
     it { should be_writable.by('owner') }
     it { should be_writable.by_user('elasticsearch') }

test/integration/xpack.yml

@@ -3,8 +3,8 @@
   hosts: localhost
   roles:
     - { role: elasticsearch, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300",
-    "shield.authc.realms.file1.type": "file","shield.authc.realms.file1.order": 0, "shield.authc.realms.native1.type": "native","shield.authc.realms.native1.order": 1 },
-    es_instance_name: "shield_node" }
+    "xpack.security.authc.realms.file1.type": "file","xpack.security.authc.realms.file1.order": 0, "xpack.security.authc.realms.native1.type": "native","xpack.security.authc.realms.native1.order": 1 },
+    es_instance_name: "security_node" }
   vars:
     es_templates: true
     es_enable_xpack: true
@@ -13,8 +13,8 @@
       - plugin: lmenezes/elasticsearch-kopf
         version: master
     es_xpack_features:
-      - shield
-      - watcher
+      - security
+      - alerting
     es_api_basic_auth_username: es_admin
     es_api_basic_auth_password: changeMe
     es_message_auth_file: system_key

vars/main.yml

@@ -4,4 +4,4 @@ es_conf_dir: "/etc/elasticsearch"
 sysd_script: "/usr/lib/systemd/system/elasticsearch.service"
 init_script: "/etc/init.d/elasticsearch"
 #add supported features here
-supported_xpack_features: ["watcher","marvel-agent","graph","shield"]
+supported_xpack_features: ["alerting","monitoring","graph","security"]