Remove multi instances support (#566)

* remove multi instances support The goal is to stop supporting installation of more than one node in the same host. This commit update the Ansible role README documentation and remove the multi instances kitchen test. * remove systemd and init.d templates As we no more need to support more than one node on the same host, we no more need to override init files provided by elasticsearch official packages. * remove file script feature File scripts have been removed since elasticsearch 6.0 (https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking_60_scripting_changes.html#_file_scripts_removed) * remove custom user and custom group ES_USER and ES_GROUP settings are no longer supported (https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking_60_packaging_changes.html#_configuring_custom_user_and_group_for_package_is_no_longer_allowed) * add upgrade procedure * use same task for license activation with and without authentication
2019-06-03 14:18:09 +02:00 · 2019-06-03 14:18:09 +02:00 · 2cb020a4c2
commit 2cb020a4c2
parent 25bd09f683
34 changed files with 176 additions and 1053 deletions
--- a/tasks/xpack/security/elasticsearch-security-file.yml
+++ b/tasks/xpack/security/elasticsearch-security-file.yml
@ -4,7 +4,7 @@

 - name: Check if old users file exists
  stat:
-    path: '{{ conf_dir }}/x-pack/users'
+    path: '{{ es_conf_dir }}/x-pack/users'
  register: old_users_file
  check_mode: no

@ -12,14 +12,14 @@
  copy:
    remote_src: yes
    force: no # only copy it if the new path doesn't exist yet
-    src: "{{ conf_dir }}/x-pack/users"
-    dest: "{{ conf_dir }}{{ es_xpack_conf_subdir }}/users"
+    src: "{{ es_conf_dir }}/x-pack/users"
+    dest: "{{ es_conf_dir }}{{ es_xpack_conf_subdir }}/users"
  when: old_users_file.stat.exists

 - name: Create the users file if it doesn't exist
  copy:
    content: ""
-    dest: "{{ conf_dir }}{{ es_xpack_conf_subdir }}/users"
+    dest: "{{ es_conf_dir }}{{ es_xpack_conf_subdir }}/users"
    force: no # this ensures it only creates it if it does not exist
    group: "{{ es_group }}"
    owner: "{{ es_user }}"
@ -28,7 +28,7 @@
 #List current users
 - name: List Users
  become: yes
-  shell: cat {{conf_dir}}{{es_xpack_conf_subdir}}/users | awk -F':' '{print $1}'
+  shell: cat {{ es_conf_dir }}{{es_xpack_conf_subdir}}/users | awk -F':' '{print $1}'
  register: current_file_users
  when: manage_file_users
  changed_when: False
@ -46,8 +46,8 @@
  with_items: "{{users_to_remove | default([])}}"
  when: manage_file_users
  environment:
-    CONF_DIR: "{{ conf_dir }}"
-    ES_PATH_CONF: "{{ conf_dir }}"
+    CONF_DIR: "{{ es_conf_dir }}"
+    ES_PATH_CONF: "{{ es_conf_dir }}"
    ES_HOME: "{{es_home}}"

 - name: set fact users_to_add
@ -63,8 +63,8 @@
  when: manage_file_users
  no_log: True
  environment:
-    CONF_DIR: "{{ conf_dir }}"
-    ES_PATH_CONF: "{{ conf_dir }}"
+    CONF_DIR: "{{ es_conf_dir }}"
+    ES_PATH_CONF: "{{ es_conf_dir }}"
    ES_HOME: "{{es_home}}"

 #Set passwords for all users declared - Required as the useradd will not change existing user passwords
@ -78,8 +78,8 @@
  changed_when: False
  no_log: True
  environment:
-    CONF_DIR: "{{ conf_dir }}"
-    ES_PATH_CONF: "{{ conf_dir }}"
+    CONF_DIR: "{{ es_conf_dir }}"
+    ES_PATH_CONF: "{{ es_conf_dir }}"
    ES_HOME: "{{es_home}}"

 - name: set fact users_roles
@ -89,16 +89,16 @@
 #Copy Roles files
 - name: Copy roles.yml File for Instance
  become: yes
-  template: src=security/roles.yml.j2 dest={{conf_dir}}{{es_xpack_conf_subdir}}/roles.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
+  template: src=security/roles.yml.j2 dest={{ es_conf_dir }}{{es_xpack_conf_subdir}}/roles.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
  when: es_roles is defined and es_roles.file is defined

 #Overwrite users_roles file
 - name: Copy User Roles
  become: yes
-  template: src=security/users_roles.j2 dest={{conf_dir}}{{es_xpack_conf_subdir}}/users_roles mode=0644 force=yes
+  template: src=security/users_roles.j2 dest={{ es_conf_dir }}{{es_xpack_conf_subdir}}/users_roles mode=0644 force=yes
  when: manage_file_users and users_roles | length > 0

 #Set permission on security directory. E.g. if 2 nodes are installed on the same machine, the second node will not get the users file created at install, causing the files being created at es_users call and then having the wrong Permissions.
 - name: Set Security Directory Permissions Recursive
  become: yes
-  file: state=directory path={{conf_dir}}{{es_xpack_conf_subdir}}/ owner={{ es_user }} group={{ es_group }} recurse=yes
+  file: state=directory path={{ es_conf_dir }}{{es_xpack_conf_subdir}}/ owner={{ es_user }} group={{ es_group }} recurse=yes
--- a/tasks/xpack/security/elasticsearch-security.yml
+++ b/tasks/xpack/security/elasticsearch-security.yml
@ -5,7 +5,7 @@

 #Ensure x-pack conf directory is created if necessary
 - name: Ensure x-pack conf directory exists (file)
-  file: path={{ conf_dir }}{{ es_xpack_conf_subdir }} state=directory owner={{ es_user }} group={{ es_group }}
+  file: path={{ es_conf_dir }}{{ es_xpack_conf_subdir }} state=directory owner={{ es_user }} group={{ es_group }}
  changed_when: False
  when: (es_users is defined and es_users.file is defined) or (es_roles is defined and es_roles.file is defined) or (es_role_mapping is defined)

@ -18,9 +18,9 @@
    command: >
     {{es_home}}/bin/elasticsearch-keystore create
    args:
-      creates: "{{ conf_dir }}/elasticsearch.keystore"
+      creates: "{{ es_conf_dir }}/elasticsearch.keystore"
    environment:
-      ES_PATH_CONF: "{{ conf_dir }}"
+      ES_PATH_CONF: "{{ es_conf_dir }}"

  - name: Check if bootstrap password is set
    become: yes
@ -29,7 +29,7 @@
    register: list_keystore
    changed_when: False
    environment:
-      ES_PATH_CONF: "{{ conf_dir }}"
+      ES_PATH_CONF: "{{ es_conf_dir }}"
    check_mode: no

  - name: Create Bootstrap password for elastic user
@ -38,7 +38,7 @@
    when:
      - es_api_basic_auth_username is defined and list_keystore is defined and es_api_basic_auth_username == 'elastic' and 'bootstrap.password' not in list_keystore.stdout_lines
    environment:
-      ES_PATH_CONF: "{{ conf_dir }}"
+      ES_PATH_CONF: "{{ es_conf_dir }}"
    no_log: true
 ### END BLOCK elasticsearch keystore ###

@ -52,7 +52,7 @@
 #Copy Roles files
 - name: Copy role_mapping.yml File for Instance
  become: yes
-  template: src=security/role_mapping.yml.j2 dest={{conf_dir}}{{es_xpack_conf_subdir}}/role_mapping.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
+  template: src=security/role_mapping.yml.j2 dest={{ es_conf_dir }}{{es_xpack_conf_subdir}}/role_mapping.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
  when: es_role_mapping is defined

 #------------------------------------------------------------------------------------
@ -60,5 +60,5 @@
 #Ensure security conf directory is created
 - name: Ensure security conf directory exists
  become: yes
-  file: path={{ conf_dir }}/security state=directory owner={{ es_user }} group={{ es_group }}
+  file: path={{ es_conf_dir }}/security state=directory owner={{ es_user }} group={{ es_group }}
  changed_when: False
--- a/tasks/xpack/security/elasticsearch-xpack-activation.yml
+++ b/tasks/xpack/security/elasticsearch-xpack-activation.yml
@ -1,33 +1,15 @@
 ---
-
- name: Activate ES license (without security authentication)
-  uri:
-    method: PUT
-    url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true"
-    body_format: json
-    body: "{{ es_xpack_license }}"
-    return_content: yes
-  register: license_activated
-  no_log: True
-  when: es_api_basic_auth_username is not defined or es_api_basic_auth_password is not defined
-  failed_when: >
-    license_activated.status != 200 or
-    license_activated.json.license_status is not defined or
-    license_activated.json.license_status != 'valid'
-
 - name: Activate ES license (with security authentication)
  uri:
    method: PUT
    url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true"
-    user: "{{es_api_basic_auth_username}}"
-    password: "{{es_api_basic_auth_password}}"
+    user: "{{es_api_basic_auth_username  | default(omit)}}"
+    password: "{{es_api_basic_auth_password | default(omit)}}"
    body_format: json
-    force_basic_auth: yes
    body: "{{ es_xpack_license }}"
    return_content: yes
  register: license_activated
  no_log: True
-  when: es_api_basic_auth_username is defined and es_api_basic_auth_password is defined
  failed_when: >
    license_activated.status != 200 or
    license_activated.json.license_status is not defined or