Merge branch 'activate-elasticsearch-license' of https://github.com/barryib/ansible-elasticsearch into barryib-activate-elasticsearch-license

handlers/shield/elasticsearch-shield-native.yml

@@ -68,6 +68,7 @@
     password: "{{es_api_basic_auth_password}}"
     force_basic_auth: yes
   when: manage_native_users and es_users.native.keys() > 0
+  no_log: True
   with_dict: "{{es_users.native}}"
 
 #List current roles

tasks/xpack/elasticsearch-xpack-activation.yml

@@ -0,0 +1,36 @@
+---
+- name: Activate ES license (without shield authentication)
+  uri:
+    method: PUT
+    url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true"
+    body_format: json
+    body: "{{ es_xpack_license }}"
+    return_content: yes
+  register: license_activated
+  no_log: True
+  when: '"shield" not in es_xpack_features
+  failed_when: >
+    license_activated.status != 200 or
+    license_activated.json.license_status is not defined or
+    license_activated.json.license_status != 'valid'
+
+- name: Activate ES license (with shield authentication)
+  uri:
+    method: PUT
+    url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true"
+    user: "{{es_api_basic_auth_username}}"
+    password: "{{es_api_basic_auth_password}}"
+    body_format: json
+    force_basic_auth: yes
+    body: "{{ es_xpack_license }}"
+    return_content: yes
+  register: license_activated
+  no_log: True
+  when: '"shield" in es_xpack_features
+  failed_when: >
+    license_activated.status != 200 or
+    license_activated.json.license_status is not defined or
+    license_activated.json.license_status != 'valid'
+
+- debug:
+    msg: "License: {{ license_activated.content }}"

tasks/xpack/elasticsearch-xpack-install.yml

@@ -14,7 +14,7 @@
 #Remove Plugin if installed and its not been requested or the ES version has changed
 - name: Remove {{item}} plugin
   command: >
-    {{es_home}}/bin/plugin remove shield
+    {{es_home}}/bin/plugin remove {{item}}
   register: xpack_state
   failed_when: "'ERROR' in xpack_state.stdout"
   changed_when: xpack_state.rc == 0

tasks/xpack/elasticsearch-xpack.yml

@@ -49,7 +49,10 @@
 #Shield configuration
 - include: shield/elasticsearch-shield.yml
 
-#Add any feature specific configuration here
+# Activate ES lience
+- include: elasticsearch-xpack-activation.yml
+  when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != ''
 
+#Add any feature specific configuration here
 - name: Set Plugin Directory Permissions
   file: state=directory path={{ es_home }}/plugins owner={{ es_user }} group={{ es_group }} recurse=yes

tasks/xpack/shield/elasticsearch-shield-file.yml

@@ -37,6 +37,7 @@
     {{es_home}}/bin/shield/esusers useradd {{item}} -p {{es_users.file[item].password}}
   with_items: "{{users_to_add | default([])}}"
   when: manage_file_users and users_to_add | length > 0
+  no_log: True
   environment:
     CONF_DIR: "{{ conf_dir }}"
     ES_HOME: "{{es_home}}"
@@ -49,6 +50,7 @@
   when: manage_file_users and es_users.file.keys() | length > 0
   #Currently no easy way to figure out if the password has changed or to know what it currently is so we can skip.
   changed_when: False
+  no_log: True
   environment:
     CONF_DIR: "{{ conf_dir }}"
     ES_HOME: "{{es_home}}"

test/integration/helpers/serverspec/xpack_spec.rb

@@ -87,6 +87,16 @@ shared_examples 'xpack::init' do |es_version|
   describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMe | grep license') do
     its(:exit_status) { should eq 0 }
   end
+  
+  #Test if x-pack is activated
+  describe 'x-pack activation' do
+    it 'should be activated with the license uid '+ENV["ES_XPACK_LICENSE_UID"] do
+      command = command('curl -s localhost:9200/_xpack/license?pretty=true -u es_admin:changeMe')
+      expect(command.stdout).to match(active)
+      expect(command.stdout).to match(ENV["ES_XPACK_LICENSE_UID"])
+      expect(command.exit_status).to eq(0)
+    end
+  end
 
   describe file('/usr/share/elasticsearch/plugins/shield') do
     it { should be_directory }

test/integration/xpack.yml

@@ -5,6 +5,7 @@
     - { role: elasticsearch, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300",
     "shield.authc.realms.file1.type": "file","shield.authc.realms.file1.order": 0, "shield.authc.realms.native1.type": "native","shield.authc.realms.native1.order": 1 },
     es_instance_name: "shield_node" }
+  include_vars: <%= ENV['ES_XPACK_LICENSE_FILE'] %>
   vars:
     es_templates: true
     es_enable_xpack: true