Merge branch 'master' into AddSSLSupport

README.md

@@ -386,7 +386,8 @@ In addition to es_config, the following parameters allow the customization of th
 * ```es_max_open_files``` the maximum file descriptor number that can be opened by this process. Defaults to 65536.
 * ```es_max_threads``` the maximum number of threads the process can start. Defaults to 2048 (the minimum required by elasticsearch).
 * ```es_debian_startup_timeout``` how long Debian-family SysV init scripts wait for the service to start, in seconds. Defaults to 10 seconds.
-* ```es_use_repository``` Setting this to `false` will stop Ansible from using the official Elastic package repositories.
+* ```es_use_repository``` Setting this to `false` will stop Ansible from using the official Elastic package from any repository configured on the system.
+* ```es_add_repository``` Setting this to `false` will stop Ansible to add the official Elastic package repositories (if es_use_repository is true) if you want to use a repo already present.
 * ```es_custom_package_url``` the URL to the rpm or deb package for Ansible to install. When using this you will also need to set `es_use_repository: false` and make sure that the `es_version` matches the version being installed from your custom URL. E.g. `es_custom_package_url: https://downloads.example.com/elasticsearch.rpm`
 
 Earlier examples illustrate the installation of plugins using `es_plugins`.  For officially supported plugins no version or source delimiter is required. The plugin script will determine the appropriate plugin version based on the target Elasticsearch version.  For community based plugins include the full url.  This approach should NOT be used for the X-Pack plugin.  See X-Pack below for details here.

defaults/main.yml

@@ -5,6 +5,7 @@ es_enable_xpack: true
 es_package_name: "elasticsearch"
 es_version_lock: false
 es_use_repository: true
+es_add_repository: true
 es_templates_fileglob: "files/templates-{{ es_major_version }}/*.json"
 es_repo_base: "https://artifacts.elastic.co"
 es_apt_key: "{{ es_repo_base }}/GPG-KEY-elasticsearch"

docs/multi-instance.md

@@ -10,11 +10,11 @@ If you have single-instances hosts and want to upgrade from previous versions of
 
 1. Override these variables to match previous values:
 ```yaml
-es_conf_dir: /etc/elasticsearch/{{ instance_name }}
+es_conf_dir: /etc/elasticsearch/{{ es_instance_name }}
 es_data_dirs:
-  - /var/lib/elasticsearch/{{ node_name }}-{{ instance_name }}
-es_log_dir: /var/log/elasticsearch/{{ node_name }}-{{ instance_name }}
-es_pid_dir: /var/run/elasticsearch/{{ node_name }}-{{ instance_name }}
+  - /var/lib/elasticsearch/{{ inventory_hostname }}-{{ es_instance_name }}
+es_log_dir: /var/log/elasticsearch/{{ inventory_hostname }}-{{ es_instance_name }}
+es_pid_dir: /var/run/elasticsearch/{{ inventory_hostname }}-{{ es_instance_name }}
 ```
 
 2. Deploy ansible-role. **Even if these variables are overrided, Elasticsearch config file and default option file will change, which imply an Elasticsearch restart.**

files/systemd/elasticsearch_override.conf

@@ -0,0 +1,2 @@
+[Service]
+LimitMEMLOCK=infinity

tasks/elasticsearch-Debian.yml

@@ -43,17 +43,21 @@
     apt_key:
       url: '{{ es_apt_key }}'
       state: present
-    when: es_apt_key | string
+    when: es_add_repository and es_apt_key | string
 
   - name: Debian - Add elasticsearch repository
     apt_repository:
       repo: '{{ item.repo }}'
       state: '{{ item.state }}'
+    when: es_add_repository
     with_items:
       - { repo: "{{ es_apt_url_old }}", state: "absent" }
       - { repo: "{{ es_apt_url }}", state: "present" }
       - { repo: "{{ es_other_apt_url }}", state: "absent" }
 
+- name: Include optional user and group creation.
+  when: (es_user_id is defined) and (es_group_id is defined)
+  include: elasticsearch-optional-user.yml
 
 - name: Debian - Ensure elasticsearch is installed
   become: yes

tasks/elasticsearch-RedHat.yml

@@ -16,7 +16,7 @@
   template:
     src: 'elasticsearch.repo'
     dest: '/etc/yum.repos.d/elasticsearch-{{ es_repo_name }}.repo'
-  when: es_use_repository
+  when: es_use_repository and es_add_repository
 
 - name: RedHat - remove unused Elasticsearch repo
   become: yes
@@ -35,6 +35,10 @@
     name: '{{ es_other_package_name }}'
     state: 'absent'
 
+- name: Include optional user and group creation.
+  when: (es_user_id is defined) and (es_group_id is defined)
+  include: elasticsearch-optional-user.yml
+
 - name: RedHat - Install Elasticsearch
   become: yes
   yum:

tasks/elasticsearch-config.yml

@@ -24,6 +24,19 @@
   template: src=elasticsearch.j2 dest={{ default_file }} mode=0644 force=yes
   notify: restart elasticsearch
 
+#Copy the systemd specific file if systemd is installed
+- when: use_system_d and m_lock_enabled
+  become: yes
+  block:
+    - name: Make sure destination dir exists
+      file: path={{ sysd_config_file | dirname }} state=directory mode=0755
+  
+    - name: Copy specific ElasticSearch Systemd config file
+      ini_file: path={{ sysd_config_file }} section=Service option=LimitMEMLOCK value=infinity mode=0644
+      notify:
+       - reload systemd configuration
+       - restart elasticsearch
+
 #Copy the logging.yml
 - name: Copy log4j2.properties File
   become: yes

tasks/elasticsearch-parameters.yml

@@ -4,10 +4,6 @@
   fail: msg="es_proxy_port must be specified and cannot be blank when es_proxy_host is defined"
   when: (es_proxy_port is not defined or es_proxy_port == '') and (es_proxy_host is defined and es_proxy_host != '')
 
-- name: debug message
-  debug: msg="WARNING - It is recommended you specify the parameter 'http.port'"
-  when: es_config['http.port'] is not defined
-
 #If the user attempts to lock memory they must specify a heap size
 - name: fail when heap size is not specified when using memory lock
   fail: msg="If locking memory with bootstrap.memory_lock a heap size must be specified"
@@ -32,3 +28,7 @@
 
 - name: set fact m_lock_enabled
   set_fact: m_lock_enabled={{ es_config['bootstrap.memory_lock'] is defined and es_config['bootstrap.memory_lock'] == True }}
+
+- name: set fact use_system_d
+  set_fact: use_system_d={{(ansible_distribution == 'Debian' and ansible_distribution_version is version_compare('8', '>=')) or (ansible_distribution in ['RedHat','CentOS'] and ansible_distribution_version is version_compare('7', '>=')) or (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version_compare('15', '>=')) }}
+

tasks/elasticsearch-template.yml

@@ -20,6 +20,7 @@
     status_code: 200
     user: "{{es_api_basic_auth_username | default(omit)}}"
     password: "{{es_api_basic_auth_password | default(omit)}}"
+    force_basic_auth: yes
     body_format: json
     body: "{{ lookup('file', item) }}"
   when: load_templates.changed and es_start_service

tasks/elasticsearch.yml

@@ -1,9 +1,5 @@
 ---
 
-- name: Include optional user and group creation.
-  when: (es_user_id is defined) and (es_group_id is defined)
-  include: elasticsearch-optional-user.yml
-
 - name: Include specific Elasticsearch
   include: elasticsearch-Debian.yml
   when: ansible_os_family == 'Debian'

tasks/xpack/security/elasticsearch-xpack-activation.yml

@@ -8,6 +8,7 @@
     body_format: json
     body: "{{ es_xpack_license }}"
     return_content: yes
+    force_basic_auth: yes
   register: license_activated
   no_log: True
   failed_when: >

templates/elasticsearch.yml.j2

@@ -50,10 +50,10 @@ xpack.notification.email:
         auth: {{ es_mail_config['require_auth'] }}
         host: {{ es_mail_config['host'] }}
         port: {{ es_mail_config['port'] }}
-        {% if es_mail_config['require_auth'] == true %}
+        {% if es_mail_config['require_auth'] == true -%}
         user: {{ es_mail_config['user'] }}
         password: {{ es_mail_config['pass'] }}
-        {% endif %}
+        {%- endif %}
 {% endif %}
 
 {% if es_enable_http_ssl | bool %}

test/integration/xpack-upgrade.yml

@@ -7,13 +7,11 @@
     - elasticsearch
   vars:
     es_config_6x:
-      http.port: 9200
       xpack.security.authc.realms.file1.order: 0
       xpack.security.authc.realms.file1.type: file
       xpack.security.authc.realms.native1.order: 1
       xpack.security.authc.realms.native1.type: native
     es_config_7x:
-      http.port: 9200
       xpack.security.authc.realms.file.file1.order: 0
       xpack.security.authc.realms.native.native1.order: 1
     es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
@@ -117,13 +115,11 @@
     - elasticsearch
   vars:
     es_config_6x:
-      http.port: 9200
       xpack.security.authc.realms.file1.order: 0
       xpack.security.authc.realms.file1.type: file
       xpack.security.authc.realms.native1.order: 1
       xpack.security.authc.realms.native1.type: native
     es_config_7x:
-      http.port: 9200
       xpack.security.authc.realms.file.file1.order: 0
       xpack.security.authc.realms.native.native1.order: 1
     es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"

test/integration/xpack.yml

@@ -7,7 +7,5 @@
   roles:
     - elasticsearch
   vars:
-    es_config:
-      http.port: 9200
     es_xpack_custom_url: "https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-{{ es_version }}.zip"
     es_heap_size: 2g

vars/main.yml

@@ -1,3 +1,4 @@
 ---
 es_package_url: "https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch"
 reserved_xpack_users: ["elastic","kibana","logstash_system"]
+sysd_config_file: "/etc/systemd/system/elasticsearch.service.d/override.conf"