Changes to support license
This commit is contained in:
Dale McDiarmid
parent
6ef629a869
commit
2ea0842a6c
12 changed files with 35 additions and 31 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -1,4 +1,5 @@
|
|||
.kitchen/
|
||||
license.json
|
||||
*.pyc
|
||||
.vendor
|
||||
.bundle
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ platforms:
|
|||
- apt-get update && apt-get install -y software-properties-common && add-apt-repository -y ppa:ansible/ansible
|
||||
- apt-get update && apt-get -y -q install python-apt python-pycurl
|
||||
use_sudo: false
|
||||
volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
|
||||
- name: debian-8
|
||||
driver_config:
|
||||
image: dliappis/debian-devopsci:8
|
||||
|
|
@ -33,6 +34,7 @@ platforms:
|
|||
- sed -ri 's/^#?PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config
|
||||
- sed -ri 's/^#?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config
|
||||
- sed -ri 's/^#?UsePAM .*/UsePAM no/' /etc/ssh/sshd_config
|
||||
volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
|
||||
use_sudo: false
|
||||
run_command: "/sbin/init"
|
||||
- name: centos-7
|
||||
|
|
@ -45,6 +47,7 @@ platforms:
|
|||
- rm /etc/yum.repos.d/epel*repo /etc/yum.repos.d/puppetlabs-pc1.repo
|
||||
- yum -y install initscripts
|
||||
- yum clean all
|
||||
volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
|
||||
run_command: "/usr/sbin/init"
|
||||
privileged: true
|
||||
use_sudo: false
|
||||
|
|
|
|||
|
|
@ -1,11 +1,5 @@
|
|||
---
|
||||
|
||||
- name: Ensure elasticsearch is started
|
||||
service: name={{instance_init_script | basename}} state=started enabled=yes
|
||||
|
||||
- name: Wait for elasticsearch to startup
|
||||
wait_for: host={{es_api_host}} port={{es_api_port}} delay=10
|
||||
|
||||
- name: Get template files
|
||||
find: paths="/etc/elasticsearch/templates" patterns="*.json"
|
||||
register: templates
|
||||
|
|
|
|||
|
|
@ -6,10 +6,16 @@
|
|||
service: name={{instance_init_script | basename}} state=restarted enabled=yes
|
||||
when: es_restart_on_change and es_start_service and ((plugin_installed is defined and plugin_installed.changed) or (config_updated is defined and config_updated.changed) or (xpack_state.changed) or (debian_elasticsearch_install_from_repo.changed or redhat_elasticsearch_install_from_repo.changed or elasticsearch_install_from_package.changed))
|
||||
|
||||
- name: load-native-realms
|
||||
include: ./handlers/shield/elasticsearch-shield-native.yml
|
||||
when: (es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined)
|
||||
# Assumes all handlers need to be started as likely to make HTTP calls
|
||||
- name: Ensure elasticsearch is started
|
||||
service: name={{instance_init_script | basename}} state=started enabled=yes
|
||||
|
||||
- name: Wait for elasticsearch to startup
|
||||
wait_for: host={{es_api_host}} port={{es_api_port}} delay=10
|
||||
|
||||
# All security specific actions should go in here
|
||||
- name: activate-shield
|
||||
include: ./handlers/shield/elasticsearch-shield.yml
|
||||
|
||||
#Templates are a handler as they need to come after a restart e.g. suppose user removes shield on a running node and doesn't
|
||||
#specify es_api_basic_auth_username and es_api_basic_auth_password. The templates will subsequently not be removed if we don't wait for the node to restart.
|
||||
|
|
|
|||
|
|
@ -1,11 +1,5 @@
|
|||
---
|
||||
|
||||
- name: Ensure elasticsearch is started
|
||||
service: name={{instance_init_script | basename}} state=started enabled=yes
|
||||
|
||||
- name: Wait for elasticsearch to startup
|
||||
wait_for: host={{es_api_host}} port={{es_api_port}} delay=10
|
||||
|
||||
- set_fact: manage_native_users=false
|
||||
|
||||
- set_fact: manage_native_users=true
|
||||
|
|
|
|||
9
handlers/shield/elasticsearch-shield.yml
Normal file
9
handlers/shield/elasticsearch-shield.yml
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
|
||||
- name: activate-license
|
||||
include: ./handlers/shield/elasticsearch-xpack-activation.yml
|
||||
when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != ''
|
||||
|
||||
- name: load-native-realms
|
||||
include: ./handlers/shield/elasticsearch-shield-native.yml
|
||||
when: (es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined)
|
||||
|
|
@ -1,14 +1,15 @@
|
|||
---
|
||||
|
||||
- name: Activate ES license (without shield authentication)
|
||||
uri:
|
||||
method: PUT
|
||||
url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true"
|
||||
url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true"
|
||||
body_format: json
|
||||
body: "{{ es_xpack_license }}"
|
||||
return_content: yes
|
||||
register: license_activated
|
||||
no_log: True
|
||||
when: '"shield" not in es_xpack_features
|
||||
when: not '"shield" in es_xpack_features'
|
||||
failed_when: >
|
||||
license_activated.status != 200 or
|
||||
license_activated.json.license_status is not defined or
|
||||
|
|
@ -17,7 +18,7 @@
|
|||
- name: Activate ES license (with shield authentication)
|
||||
uri:
|
||||
method: PUT
|
||||
url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true"
|
||||
url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true"
|
||||
user: "{{es_api_basic_auth_username}}"
|
||||
password: "{{es_api_basic_auth_password}}"
|
||||
body_format: json
|
||||
|
|
@ -25,8 +26,8 @@
|
|||
body: "{{ es_xpack_license }}"
|
||||
return_content: yes
|
||||
register: license_activated
|
||||
no_log: True
|
||||
when: '"shield" in es_xpack_features
|
||||
#no_log: True
|
||||
when: '"shield" in es_xpack_features'
|
||||
failed_when: >
|
||||
license_activated.status != 200 or
|
||||
license_activated.json.license_status is not defined or
|
||||
1
license.json
Normal file
1
license.json
Normal file
|
|
@ -0,0 +1 @@
|
|||
{"license":{"uid":"bdbff559-f174-4759-a247-b61a53c435f1","type":"platinum","issue_date_in_millis":1467936000000,"expiry_date_in_millis":1485993599999,"max_nodes":100,"issued_to":"Elastic - INTERNAL","issuer":"Steve Kearns","signature":"AAAAAgAAAA1U9OcROUC+K+4MlK/gAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBL67VOlF8w2t85at2P5R5VjrZViKJk/XUHmLC/xBBr0YsFWN5XIWOpRSAIrA4MfQMwrfQ3eHpQmCSD3ki/pe+jMgAhnqMfq3Ojgoqb41HTEIQb9GYKFX/Jvlubzuf+6TYO56FRz3sgg2f4KsyoHi3/YlfUbhHPxOnqS2RhLBrKNL7atW04Pb7NhfGMTX60y+PppPQnE9uTUVS6BiXjz2aILpEqBgLDnnqN3gTdOHaOIhphfkztZcMO8cnHFLkkU61qNtmANRSAvbnjsuixho5wQdWctla8pZDAYiglI0LHsTN5Oe11x/lKEtXun59VyN7cPfxTsQ2l7QypJQE/v0fi"}}
|
||||
|
|
@ -5,7 +5,7 @@
|
|||
#enabling xpack installs the license. Not a xpack feature and does not need to be specified - TODO: we should append it to the list if xpack is enabled and remove this
|
||||
|
||||
#Check if license is installed
|
||||
- name: Check License is installed
|
||||
- name: Check License plugin is installed
|
||||
shell: >
|
||||
{{es_home}}/bin/plugin list | tail -n +2 | grep license
|
||||
register: license_installed
|
||||
|
|
@ -49,10 +49,6 @@
|
|||
#Shield configuration
|
||||
- include: shield/elasticsearch-shield.yml
|
||||
|
||||
# Activate ES lience
|
||||
- include: elasticsearch-xpack-activation.yml
|
||||
when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != ''
|
||||
|
||||
#Add any feature specific configuration here
|
||||
- name: Set Plugin Directory Permissions
|
||||
file: state=directory path={{ es_home }}/plugins owner={{ es_user }} group={{ es_group }} recurse=yes
|
||||
|
|
@ -11,7 +11,7 @@
|
|||
#-----------------------------NATIVE BASED REALM----------------------------------------
|
||||
# The native realm requires the node to be started so we do as a handler
|
||||
- command: /bin/true
|
||||
notify: load-native-realms
|
||||
notify: activate-shield
|
||||
when: (es_enable_xpack and '"shield" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined))
|
||||
|
||||
#-----------------------------ROLE MAPPING ----------------------------------------
|
||||
|
|
|
|||
|
|
@ -90,10 +90,9 @@ shared_examples 'xpack::init' do |es_version|
|
|||
|
||||
#Test if x-pack is activated
|
||||
describe 'x-pack activation' do
|
||||
it 'should be activated with the license uid '+ENV["ES_XPACK_LICENSE_UID"] do
|
||||
command = command('curl -s localhost:9200/_xpack/license?pretty=true -u es_admin:changeMe')
|
||||
expect(command.stdout).to match(active)
|
||||
expect(command.stdout).to match(ENV["ES_XPACK_LICENSE_UID"])
|
||||
it 'should be activated and valid' do
|
||||
command = command('curl -s localhost:9200/_license?pretty=true -u es_admin:changeMe')
|
||||
expect(command.stdout).to match('"status" : "active"')
|
||||
expect(command.exit_status).to eq(0)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -5,10 +5,10 @@
|
|||
- { role: elasticsearch, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300",
|
||||
"shield.authc.realms.file1.type": "file","shield.authc.realms.file1.order": 0, "shield.authc.realms.native1.type": "native","shield.authc.realms.native1.order": 1 },
|
||||
es_instance_name: "shield_node" }
|
||||
include_vars: <%= ENV['ES_XPACK_LICENSE_FILE'] %>
|
||||
vars:
|
||||
es_templates: true
|
||||
es_enable_xpack: true
|
||||
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
|
||||
es_plugins:
|
||||
- plugin: lmenezes/elasticsearch-kopf
|
||||
version: master
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue