From 8b061afa8126c0f8b03373b82b65934789233264 Mon Sep 17 00:00:00 2001 From: "Thierno IB. BARRY" Date: Mon, 19 Sep 2016 17:40:42 +0200 Subject: [PATCH 1/6] Activate ES license --- tasks/xpack/elasticsearch-xpack.yml | 39 ++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/tasks/xpack/elasticsearch-xpack.yml b/tasks/xpack/elasticsearch-xpack.yml index 46be973..e0dca51 100644 --- a/tasks/xpack/elasticsearch-xpack.yml +++ b/tasks/xpack/elasticsearch-xpack.yml @@ -49,7 +49,44 @@ #Shield configuration - include: shield/elasticsearch-shield.yml -#Add any feature specific configuration here +# Activate ES lience +- name: Activate ES license (without shield authentication) + uri: + method: PUT + url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true" + body_format: json + body: "{{ es_xpack_license }}" + return_content: yes + register: license_activated + no_log: True + when: es_xpack_license is defined and es_xpack_license != '' and es_enable_xpack and '"shield" not in es_xpack_features + failed_when: > + license_activated.status != 200 or + license_activated.json.license_status is not defined or + license_activated.json.license_status != 'valid' +- name: Activate ES license (with shield authentication) + uri: + method: PUT + url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true" + user: "{{es_api_basic_auth_username}}" + password: "{{es_api_basic_auth_password}}" + body_format: json + force_basic_auth: yes + body: "{{ es_xpack_license }}" + return_content: yes + register: license_activated + no_log: True + when: es_xpack_license is defined and es_xpack_license != '' and es_enable_xpack and '"shield" in es_xpack_features + failed_when: > + license_activated.status != 200 or + license_activated.json.license_status is not defined or + license_activated.json.license_status != 'valid' + +- debug: + msg: "License: {{ license_activated.content }}" + when: es_xpack_license is defined and es_xpack_license != '' and es_enable_xpack + +#Add any feature specific configuration here - name: Set Plugin Directory Permissions file: state=directory path={{ es_home }}/plugins owner={{ es_user }} group={{ es_group }} recurse=yes \ No newline at end of file From da57e2dd65c849e4fae65beac935c438bb0532e6 Mon Sep 17 00:00:00 2001 From: "Thierno IB. BARRY" Date: Mon, 19 Sep 2016 17:41:24 +0200 Subject: [PATCH 2/6] no log password when adding or updating user --- handlers/shield/elasticsearch-shield-native.yml | 1 + tasks/xpack/shield/elasticsearch-shield-file.yml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/handlers/shield/elasticsearch-shield-native.yml b/handlers/shield/elasticsearch-shield-native.yml index 52083a5..c666f23 100644 --- a/handlers/shield/elasticsearch-shield-native.yml +++ b/handlers/shield/elasticsearch-shield-native.yml @@ -64,6 +64,7 @@ password: "{{es_api_basic_auth_password}}" force_basic_auth: yes when: manage_native_users and es_users.native.keys() > 0 + no_log: True with_dict: "{{es_users.native}}" #List current roles diff --git a/tasks/xpack/shield/elasticsearch-shield-file.yml b/tasks/xpack/shield/elasticsearch-shield-file.yml index da78e91..6fa7182 100644 --- a/tasks/xpack/shield/elasticsearch-shield-file.yml +++ b/tasks/xpack/shield/elasticsearch-shield-file.yml @@ -31,6 +31,7 @@ {{es_home}}/bin/shield/esusers useradd {{item}} -p {{es_users.file[item].password}} with_items: "{{users_to_add}}" when: manage_file_users and users_to_add | length > 0 + no_log: True environment: CONF_DIR: "{{ conf_dir }}" ES_HOME: "{{es_home}}" @@ -43,6 +44,7 @@ when: manage_file_users and es_users.file.keys() | length > 0 #Currently no easy way to figure out if the password has changed or to know what it currently is so we can skip. changed_when: False + no_log: True environment: CONF_DIR: "{{ conf_dir }}" ES_HOME: "{{es_home}}" From daa14f687fef34d14d11cc8041393680b90557df Mon Sep 17 00:00:00 2001 From: "Thierno IB. BARRY" Date: Mon, 19 Sep 2016 17:41:56 +0200 Subject: [PATCH 3/6] fix typo when removing xpack plugins --- tasks/xpack/elasticsearch-xpack-install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/xpack/elasticsearch-xpack-install.yml b/tasks/xpack/elasticsearch-xpack-install.yml index 77ddc58..d7b08d3 100644 --- a/tasks/xpack/elasticsearch-xpack-install.yml +++ b/tasks/xpack/elasticsearch-xpack-install.yml @@ -14,7 +14,7 @@ #Remove Plugin if installed and its not been requested or the ES version has changed - name: Remove {{item}} plugin command: > - {{es_home}}/bin/plugin remove shield + {{es_home}}/bin/plugin remove {{item}} register: xpack_state failed_when: "'ERROR' in xpack_state.stdout" changed_when: xpack_state.rc == 0 From fbbb06111de78b4ea5f94bb7e37eac7142db360a Mon Sep 17 00:00:00 2001 From: "Thierno IB. BARRY" Date: Mon, 19 Sep 2016 18:39:32 +0200 Subject: [PATCH 4/6] update xpack license's url --- tasks/xpack/elasticsearch-xpack.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/xpack/elasticsearch-xpack.yml b/tasks/xpack/elasticsearch-xpack.yml index e0dca51..e09f8db 100644 --- a/tasks/xpack/elasticsearch-xpack.yml +++ b/tasks/xpack/elasticsearch-xpack.yml @@ -53,7 +53,7 @@ - name: Activate ES license (without shield authentication) uri: method: PUT - url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true" + url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true" body_format: json body: "{{ es_xpack_license }}" return_content: yes @@ -68,7 +68,7 @@ - name: Activate ES license (with shield authentication) uri: method: PUT - url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true" + url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true" user: "{{es_api_basic_auth_username}}" password: "{{es_api_basic_auth_password}}" body_format: json From 61a3ba32c551c8ca5a9951837446c751cd9e9c43 Mon Sep 17 00:00:00 2001 From: "Thierno IB. BARRY" Date: Wed, 21 Sep 2016 17:04:31 +0200 Subject: [PATCH 5/6] add xpack license activation tests --- .../xpack/elasticsearch-xpack-activation.yml | 36 ++++++++++++++++++ tasks/xpack/elasticsearch-xpack.yml | 38 +------------------ .../helpers/serverspec/xpack_spec.rb | 10 +++++ test/integration/xpack.yml | 1 + 4 files changed, 49 insertions(+), 36 deletions(-) create mode 100644 tasks/xpack/elasticsearch-xpack-activation.yml diff --git a/tasks/xpack/elasticsearch-xpack-activation.yml b/tasks/xpack/elasticsearch-xpack-activation.yml new file mode 100644 index 0000000..6da5595 --- /dev/null +++ b/tasks/xpack/elasticsearch-xpack-activation.yml @@ -0,0 +1,36 @@ + +- name: Activate ES license (without shield authentication) + uri: + method: PUT + url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true" + body_format: json + body: "{{ es_xpack_license }}" + return_content: yes + register: license_activated + no_log: True + when: '"shield" not in es_xpack_features + failed_when: > + license_activated.status != 200 or + license_activated.json.license_status is not defined or + license_activated.json.license_status != 'valid' + +- name: Activate ES license (with shield authentication) + uri: + method: PUT + url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true" + user: "{{es_api_basic_auth_username}}" + password: "{{es_api_basic_auth_password}}" + body_format: json + force_basic_auth: yes + body: "{{ es_xpack_license }}" + return_content: yes + register: license_activated + no_log: True + when: '"shield" in es_xpack_features + failed_when: > + license_activated.status != 200 or + license_activated.json.license_status is not defined or + license_activated.json.license_status != 'valid' + +- debug: + msg: "License: {{ license_activated.content }}" diff --git a/tasks/xpack/elasticsearch-xpack.yml b/tasks/xpack/elasticsearch-xpack.yml index e09f8db..5c42317 100644 --- a/tasks/xpack/elasticsearch-xpack.yml +++ b/tasks/xpack/elasticsearch-xpack.yml @@ -50,42 +50,8 @@ - include: shield/elasticsearch-shield.yml # Activate ES lience -- name: Activate ES license (without shield authentication) - uri: - method: PUT - url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true" - body_format: json - body: "{{ es_xpack_license }}" - return_content: yes - register: license_activated - no_log: True - when: es_xpack_license is defined and es_xpack_license != '' and es_enable_xpack and '"shield" not in es_xpack_features - failed_when: > - license_activated.status != 200 or - license_activated.json.license_status is not defined or - license_activated.json.license_status != 'valid' - -- name: Activate ES license (with shield authentication) - uri: - method: PUT - url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true" - user: "{{es_api_basic_auth_username}}" - password: "{{es_api_basic_auth_password}}" - body_format: json - force_basic_auth: yes - body: "{{ es_xpack_license }}" - return_content: yes - register: license_activated - no_log: True - when: es_xpack_license is defined and es_xpack_license != '' and es_enable_xpack and '"shield" in es_xpack_features - failed_when: > - license_activated.status != 200 or - license_activated.json.license_status is not defined or - license_activated.json.license_status != 'valid' - -- debug: - msg: "License: {{ license_activated.content }}" - when: es_xpack_license is defined and es_xpack_license != '' and es_enable_xpack +- include: elasticsearch-xpack-activation.yml + when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != '' #Add any feature specific configuration here - name: Set Plugin Directory Permissions diff --git a/test/integration/helpers/serverspec/xpack_spec.rb b/test/integration/helpers/serverspec/xpack_spec.rb index 6848c9e..dc7faad 100644 --- a/test/integration/helpers/serverspec/xpack_spec.rb +++ b/test/integration/helpers/serverspec/xpack_spec.rb @@ -87,6 +87,16 @@ shared_examples 'xpack::init' do |es_version| describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMe | grep license') do its(:exit_status) { should eq 0 } end + + #Test if x-pack is activated + describe 'x-pack activation' do + it 'should be activated with the license uid '+ENV["ES_XPACK_LICENSE_UID"] do + command = command('curl -s localhost:9200/_xpack/license?pretty=true -u es_admin:changeMe') + expect(command.stdout).to match(active) + expect(command.stdout).to match(ENV["ES_XPACK_LICENSE_UID"]) + expect(command.exit_status).to eq(0) + end + end describe file('/usr/share/elasticsearch/plugins/shield') do it { should be_directory } diff --git a/test/integration/xpack.yml b/test/integration/xpack.yml index 8bfcd2b..2f0d9b3 100644 --- a/test/integration/xpack.yml +++ b/test/integration/xpack.yml @@ -8,6 +8,7 @@ vars: es_templates: true es_enable_xpack: true + es_xpack_license: <%= ENV['ES_XPACK_LICENSE'] %> es_plugins: - plugin: lmenezes/elasticsearch-kopf version: master From 5da67786e258ea8fe1862b62249e1460cc901b43 Mon Sep 17 00:00:00 2001 From: "Thierno IB. BARRY" Date: Tue, 27 Sep 2016 16:59:20 +0200 Subject: [PATCH 6/6] use include_vars to include license during tests --- tasks/xpack/elasticsearch-xpack-activation.yml | 6 +++--- test/integration/xpack.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/xpack/elasticsearch-xpack-activation.yml b/tasks/xpack/elasticsearch-xpack-activation.yml index 6da5595..7010a5b 100644 --- a/tasks/xpack/elasticsearch-xpack-activation.yml +++ b/tasks/xpack/elasticsearch-xpack-activation.yml @@ -1,4 +1,4 @@ - +--- - name: Activate ES license (without shield authentication) uri: method: PUT @@ -11,7 +11,7 @@ when: '"shield" not in es_xpack_features failed_when: > license_activated.status != 200 or - license_activated.json.license_status is not defined or + license_activated.json.license_status is not defined or license_activated.json.license_status != 'valid' - name: Activate ES license (with shield authentication) @@ -29,7 +29,7 @@ when: '"shield" in es_xpack_features failed_when: > license_activated.status != 200 or - license_activated.json.license_status is not defined or + license_activated.json.license_status is not defined or license_activated.json.license_status != 'valid' - debug: diff --git a/test/integration/xpack.yml b/test/integration/xpack.yml index 2f0d9b3..2e46e30 100644 --- a/test/integration/xpack.yml +++ b/test/integration/xpack.yml @@ -5,10 +5,10 @@ - { role: elasticsearch, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300", "shield.authc.realms.file1.type": "file","shield.authc.realms.file1.order": 0, "shield.authc.realms.native1.type": "native","shield.authc.realms.native1.order": 1 }, es_instance_name: "shield_node" } + include_vars: <%= ENV['ES_XPACK_LICENSE_FILE'] %> vars: es_templates: true es_enable_xpack: true - es_xpack_license: <%= ENV['ES_XPACK_LICENSE'] %> es_plugins: - plugin: lmenezes/elasticsearch-kopf version: master