santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into become-yes

Browse source
This commit is contained in:
Brad Pitcher 2017-09-19 14:22:02 -06:00
commit 891d87c019
No known key found for this signature in database
GPG key ID: 9985F03D4EE0AA12
52 changed files with 624 additions and 195 deletions
Download patch file Download diff file Expand all files Collapse all files

41
.github/issue_template.md vendored Normal file
View file

@ -0,0 +1,41 @@
<!
<!--
** Please read the guidelines below. **
Issues that do not follow these guidelines are likely to be closed.
1. GitHub is reserved for bug reports and feature requests. The best place to
ask a general question is at the Elastic [forums](https://discuss.elastic.co).
GitHub is not the place for general questions.
2. Is this bug report or feature request for a supported OS? If not, it
is likely to be closed. See https://www.elastic.co/support/matrix#show_os
3. Please fill out EITHER the feature request block or the bug report block
below, and delete the other block.
-->
<!-- Feature request -->
**Describe the feature**:
<!-- Bug report -->
**Elasticsearch version**
**Role version**: (If using master please specify github sha)
**JVM version** (`java -version`):
**OS version** (`uname -a` if on a Unix-like system):
**Description of the problem including expected versus actual behaviour**:
**Playbook**:
Please specify the full playbook used to reproduce this issue.
**Provide logs from Ansible**:
**ES Logs if irrelevant**:

2
.gitignore vendored
View file

@ -1,4 +1,3 @@
/vars/Debian.yml
.kitchen/
license*.json
*.pyc
@ -8,3 +7,4 @@ Converging
TODO
.idea/
elasticsearch.iml
!/vars/RedHat.yml

32
.kitchen.yml
View file

@ -6,12 +6,19 @@ provisioner:
name: ansible_playbook
hosts: localhost
roles_path: ../
require_ansible_repo: true
ansible_verbose: true
ansible_version: 2.2.0
require_ansible_repo: false
require_ansible_omnibus: false
require_ansible_source: false
require_pip: true
ansible_version: 2.3.2.0
http_proxy: <%= ENV['HTTP_PROXY'] %>
https_proxy: <%= ENV['HTTPS_PROXY'] %>
no_proxy: localhost,127.0.0.1
ignore_extensions_from_root: [".git",".idea",".kitchen.yml"]
ignore_paths_from_root: [".git",".idea",".kitchen"]
transport:
max_ssh_sessions: 6
platforms:
- name: ubuntu-14.04
@ -22,6 +29,7 @@ platforms:
- apt-get update && apt-get install -y software-properties-common && add-apt-repository -y ppa:ansible/ansible
- apt-get update && apt-get -y -q install python-apt python-pycurl python-pip
- pip install jmespath
- pip uninstall -y ansible
use_sudo: false
volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
- name: ubuntu-16.04
@ -33,6 +41,7 @@ platforms:
- apt-get install -y -q net-tools
- apt-get update && apt-get -y -q install python-apt python-pycurl python-pip
- pip install jmespath
- pip uninstall -y ansible
use_sudo: false
volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
run_command: "/sbin/init"
@ -43,11 +52,11 @@ platforms:
provision_command:
- apt-get update && apt-get -y install python python-dev python-pip build-essential libyaml-dev python-yaml curl wget
- apt-get install -y -q net-tools
- apt-get install -y ansible
- sed -ri 's/^#?PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config
- sed -ri 's/^#?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config
- sed -ri 's/^#?UsePAM .*/UsePAM no/' /etc/ssh/sshd_config
- pip install jmespath
- pip uninstall -y ansible
volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
use_sudo: false
run_command: "/sbin/init"
@ -60,6 +69,7 @@ platforms:
- sed -ri 's/^#?UsePAM .*/UsePAM no/' /etc/ssh/sshd_config
- rm /etc/yum.repos.d/epel*repo /etc/yum.repos.d/puppetlabs-pc1.repo
- yum -y install initscripts
- yum -y remove ansible
- yum clean all
- pip install jmespath
volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
@ -94,4 +104,16 @@ suites:
run_list:
attributes:
provisioner:
playbook: test/integration/xpack.yml
playbook: test/integration/xpack.yml
- name: xpack-standard-5x
run_list:
attributes:
provisioner:
playbook: test/integration/xpack-standard.yml
idempotency_test: true
- name: issue-test
run_list:
attributes:
provisioner:
playbook: test/integration/issue-test.yml
idempotency_test: true

8
Gemfile
View file

@ -1,6 +1,6 @@
source 'https://rubygems.org'
gem 'test-kitchen', '1.8.0'
gem "kitchen-docker", '2.5.0'
gem 'kitchen-ansible', '0.44.6'
gem 'net-ssh', '~> 3.0'
gem 'test-kitchen', '1.17.0'
gem 'kitchen-docker', '2.6.0'
gem 'kitchen-ansible', '0.47.3'
gem 'net-ssh', '4.1.0'

39
Gemfile.lock
View file

@ -1,39 +1,44 @@
GEM
remote: https://rubygems.org/
specs:
artifactory (2.3.3)
kitchen-ansible (0.44.6)
net-ssh (~> 3.0)
artifactory (2.8.2)
kitchen-ansible (0.47.3)
mixlib-shellout (<= 2.2.7)
net-ssh (>= 3)
test-kitchen (~> 1.4)
kitchen-docker (2.5.0)
kitchen-docker (2.6.0)
test-kitchen (>= 1.0.0)
mixlib-install (1.1.0)
mixlib-install (2.1.12)
artifactory
mixlib-shellout
mixlib-versioning
mixlib-shellout (2.2.6)
mixlib-versioning (1.1.0)
thor
mixlib-shellout (2.2.7)
mixlib-versioning (1.2.2)
net-scp (1.2.1)
net-ssh (>= 2.6.5)
net-ssh (3.2.0)
net-ssh (4.1.0)
net-ssh-gateway (1.3.0)
net-ssh (>= 2.6.5)
safe_yaml (1.0.4)
test-kitchen (1.8.0)
mixlib-install (~> 1.0, >= 1.0.4)
test-kitchen (1.17.0)
mixlib-install (>= 1.2, < 3.0)
mixlib-shellout (>= 1.2, < 3.0)
net-scp (~> 1.1)
net-ssh (>= 2.9, < 4.0)
net-ssh (>= 2.9, < 5.0)
net-ssh-gateway (~> 1.2)
safe_yaml (~> 1.0)
thor (~> 0.18)
thor (~> 0.19, < 0.19.2)
thor (0.19.1)
PLATFORMS
ruby
DEPENDENCIES
kitchen-ansible (= 0.44.6)
kitchen-docker (= 2.5.0)
net-ssh (~> 3.0)
test-kitchen (= 1.8.0)
kitchen-ansible (= 0.47.3)
kitchen-docker (= 2.6.0)
net-ssh (= 4.1.0)
test-kitchen (= 1.17.0)
BUNDLED WITH
1.11.2
1.15.3

45
README.md
View file

@ -9,7 +9,10 @@ Ansible role for 5.x Elasticsearch. Currently this works on Debian and RedHat b
* Debian 8
* Centos 7
The latest Elasticsearch versions of 5.x are actively tested. **Only Ansible versions > 2.2.0 are supported.**
The latest Elasticsearch versions of 5.x are actively tested. **Only Ansible versions > 2.3.2 are supported, as this is currently the only version tested.**
##### Dependency
This role uses the json_query filter which [requires jmespath](https://github.com/ansible/ansible/issues/24319) on the local machine.
## Usage
@ -19,19 +22,18 @@ e.g.
```
cd /my/repos/
git clone git@github.com:elastic/ansible-elasticsearch.git
git clone https://github.com/elastic/ansible-elasticsearch.git
cd /my/ansible/playbook
mkdir -p roles
ln -s /my/repos/ansible-elasticsearch ./roles/elasticsearch
```
Then create your playbook yaml adding the role elasticsearch. By default, the user is only required to specify a unique es_instance_name per role application. This should be unique per node.
Then create your playbook yaml adding the role elasticsearch. By default, the user is only required to specify a unique es_instance_name per role application. This should be unique per node.
The application of the elasticsearch role results in the installation of a node on a host.
The simplest configuration therefore consists of:
```
---
- name: Simple Example
hosts: localhost
roles:
@ -74,10 +76,10 @@ The following illustrates applying configuration parameters to an Elasticsearch
es_templates: false
es_version_lock: false
es_heap_size: 1g
es_api_port:9201
es_api_port: 9201
```
`
The role utilises Elasticsearch version defaults. The following should be set to ensure a successful cluster forms.
Whilst the role installs Elasticsearch with the default configuration parameters, the following should be configured to ensure a cluster successfully forms:
* ```es_config['http.port']``` - the http port for the node
* ```es_config['transport.tcp.port']``` - the transport port for the node
@ -92,7 +94,6 @@ The role makes no attempt to enforce the setting of these are requires users to
A more complex example:
```
---
- name: Elasticsearch with custom configuration
hosts: localhost
roles:
@ -114,12 +115,9 @@ A more complex example:
es_templates: false
es_version_lock: false
es_heap_size: 1g
es_scripts: false
es_templates: false
es_version_lock: false
es_start_service: false
es_plugins_reinstall: false
es_api_port:9201
es_api_port: 9201
es_plugins:
- plugin: ingest-geoip
proxy_host: proxy.example.com
@ -224,13 +222,15 @@ ansible-playbook -i hosts ./your-playbook.yml
X-Pack features, such as Security, are supported. This feature is currently experimental. To enable X-Pack set the parameter `es_enable_xpack` to true and list the required features in the parameter `es_xpack_features`.
The parameter `es_xpack_features` by default enables all features i.e. it defaults to ["alerting","monitoring","graph","security"]
The parameter `es_xpack_features` by default enables all features i.e. it defaults to ["alerting","monitoring","graph","security","ml"]
The following additional parameters allow X-Pack to be configured:
* ```es_message_auth_file``` System Key field to allow message authentication. This file should be placed in the 'files' directory.
* ```es_xpack_custom_url``` Url from which X-Pack can be downloaded. This can be used for installations in isolated environments where the elastic.co repo is not accessible. e.g. ```es_xpack_custom_url: "https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.5.1.zip"```
* ```es_role_mapping``` Role mappings file declared as yml as described [here](https://www.elastic.co/guide/en/x-pack/current/mapping-roles.html)
```
es_role_mapping:
power_user:
@ -305,17 +305,17 @@ es_roles:
- create_index
```
* ```es_xpack_license``` - X-Pack license. The license should be declared as a json blob. Alternative use Ansible vault or copy the license to the target machine as part of a playbook and access via a lookup e.g.
* ```es_xpack_license``` - X-Pack license. The license is a json blob. Set the variable directly (possibly protected by Ansible vault) or from a file in the Ansible project on the control machine via a lookup:
```
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
es_xpack_license: "{{ lookup('file', playbook_dir + '/files/' + es_cluster_name + '/license.json') }}"
```
X-Pack configuration parameters can be added to the elasticsearch.yml file using the normal `es_config` parameter.
For a full example see [here](https://github.com/elastic/ansible-elasticsearch/blob/master/test/integration/xpack.yml)
####Important Note for Native Realm Configuration
#### Important Note for Native Realm Configuration
In order for native users and roles to be configured, the role calls the Elasticsearch API. Given security is installed this requires definition of two parameters:
@ -327,9 +327,9 @@ These can either be set to a user declared in the file based realm, with admin p
### Additional Configuration
Additional parameters to es_config allow the customization of the Java and Elasticsearch versions, in addition to role behaviour. Options include:
In addition to es_config, the following parameters allow the customization of the Java and Elasticsearch versions as well as the role behaviour. Options include:
* ```es_major_version``` (e.g. "5.1" ). Should be consistent with es_version. For versions >= 5.0 this must be "5.x".
* ```es_major_version``` Should be consistent with es_version. For versions >= 5.0 this must be "5.x".
* ```es_version``` (e.g. "5.1.2").
* ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost".
* ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200**
@ -340,13 +340,14 @@ Additional parameters to es_config allow the customization of the Java and Elast
* ```es_plugins``` an array of plugin definitions e.g.:
```yml
es_plugins:
- plugin: elasticsearch-cloud-aws
- plugin: ingest-geoip
```
* ```es_allow_downgrades``` For development purposes only. (true or false (default) )
* ```es_java_install``` If set to false, Java will not be installed. (true (default) or false)
* ```update_java``` Updates Java to the latest version. (true or false (default))
* ```es_max_map_count``` maximum number of VMA (Virtual Memory Areas) a process can own. Defaults to 262144.
* ```es_max_open_files``` the maximum file descriptor number that can be opened by this process. Defaults to 65536.
* ```es_max_threads``` the maximum number of threads the process can start. Defaults to 2048 (the minimum required by elasticsearch).
Earlier examples illustrate the installation of plugins using `es_plugins`. For officially supported plugins no version or source delimiter is required. The plugin script will determine the appropriate plugin version based on the target Elasticsearch version. For community based plugins include the full url. This approach should NOT be used for the X-Pack plugin. See X-Pack below for details here.
@ -383,12 +384,12 @@ To define proxy only for a particular plugin during its installation:
```
es_plugins:
- plugin: elasticsearch-cloud-aws
- plugin: ingest-geoip
proxy_host: proxy.example.com
proxy_port: 8080
```
> For plugins installation, proxy_host and proxy_port are used first if they are defined and fallback to the global proxy settings if not.
> For plugins installation, proxy_host and proxy_port are used first if they are defined and fallback to the global proxy settings if not. The same values are currently used for both the http and https proxy settings.
## Notes
@ -406,7 +407,7 @@ Elasticsearch restarted where required.
* If the ES version is changed, all plugins will be removed. Those listed in the playbook will be re-installed. This is behaviour is required in ES 5.x.
* If no plugins are listed in the playbook for a node, all currently installed plugins will be removed.
* The role does not currently support automatic detection of differences between installed and listed plugins (other than if none are listed). Should users wish to change installed plugins should set es_plugins_reinstall to true. This will cause all currently installed plugins to be removed and those listed to be installed. Change detection will be implemented in future releases.
* The role supports automatic detection of differences between installed and listed plugins - installing those listed but not installed, and removing those installed but not listed. Should users wish to re-install plugins they should set es_plugins_reinstall to true. This will cause all currently installed plugins to be removed and those listed to be installed.
## Questions on Usage

7
defaults/main.yml
View file

@ -1,8 +1,9 @@
---
es_major_version: "5.x"
es_version: "5.2.2"
es_version: "5.5.1"
es_version_lock: false
es_use_repository: true
es_templates_fileglob: "files/templates/*.json"
es_apt_key: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
es_apt_url: "deb https://artifacts.elastic.co/packages/{{ es_major_version }}/apt stable main"
es_apt_url_old: "deb http://packages.elastic.co/elasticsearch/{{ es_major_version }}/debian stable main"
@ -16,15 +17,17 @@ es_templates: false
es_user: elasticsearch
es_group: elasticsearch
es_config: {}
es_config_log4j2: log4j2.properties.j2
#Need to provide default directories
es_pid_dir: "/var/run/elasticsearch"
es_data_dirs: "/var/lib/elasticsearch"
es_log_dir: "/var/log/elasticsearch"
es_max_open_files: 65536
es_max_threads: 2048
es_max_map_count: 262144
es_allow_downgrades: false
es_enable_xpack: false
es_xpack_features: ["alerting","monitoring","graph","security"]
es_xpack_features: ["alerting","monitoring","graph","ml","security"]
#These are used for internal operations performed by ansible.
#They do not effect the current configuration
es_api_host: "localhost"

9
elasticsearch.iml
View file

@ -1,9 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<module type="RUBY_MODULE" version="4">
<component name="NewModuleRootManager" inherit-compiler-output="true">
<exclude-output />
<content url="file://$MODULE_DIR$" />
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
</module>

76
files/logging/log4j2.properties.custom.j2 Normal file
View file

@ -0,0 +1,76 @@
#CUSTOM LOG4J FILE
status = error
# log action execution errors for easier debugging
logger.action.name = org.elasticsearch.action
logger.action.level = info
appender.console.type = Console
appender.console.name = console
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n
appender.rolling.type = RollingFile
appender.rolling.name = rolling
appender.rolling.fileName = ${sys:es.logs}.log
appender.rolling.layout.type = PatternLayout
appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.-10000m%n
appender.rolling.filePattern = ${sys:es.logs}-%d{yyyy-MM-dd}.log
appender.rolling.policies.type = Policies
appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.rolling.policies.time.interval = 1
appender.rolling.policies.time.modulate = true
rootLogger.level = debug
rootLogger.appenderRef.console.ref = console
rootLogger.appenderRef.rolling.ref = rolling
appender.deprecation_rolling.type = RollingFile
appender.deprecation_rolling.name = deprecation_rolling
appender.deprecation_rolling.fileName = ${sys:es.logs}_deprecation.log
appender.deprecation_rolling.layout.type = PatternLayout
appender.deprecation_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.-10000m%n
appender.deprecation_rolling.filePattern = ${sys:es.logs}_deprecation-%i.log.gz
appender.deprecation_rolling.policies.type = Policies
appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.deprecation_rolling.policies.size.size = 10mb
appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy
appender.deprecation_rolling.strategy.max = 4
logger.deprecation.name = org.elasticsearch.deprecation
logger.deprecation.level = debug
logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling
logger.deprecation.additivity = false
appender.index_search_slowlog_rolling.type = RollingFile
appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling
appender.index_search_slowlog_rolling.fileName = ${sys:es.logs}_index_search_slowlog.log
appender.index_search_slowlog_rolling.layout.type = PatternLayout
appender.index_search_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.-10000m%n
appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs}_index_search_slowlog-%d{yyyy-MM-dd}.log
appender.index_search_slowlog_rolling.policies.type = Policies
appender.index_search_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.index_search_slowlog_rolling.policies.time.interval = 1
appender.index_search_slowlog_rolling.policies.time.modulate = true
logger.index_search_slowlog_rolling.name = index.search.slowlog
logger.index_search_slowlog_rolling.level = debug
logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling
logger.index_search_slowlog_rolling.additivity = false
appender.index_indexing_slowlog_rolling.type = RollingFile
appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling
appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs}_index_indexing_slowlog.log
appender.index_indexing_slowlog_rolling.layout.type = PatternLayout
appender.index_indexing_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.-10000m%n
appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs}_index_indexing_slowlog-%d{yyyy-MM-dd}.log
appender.index_indexing_slowlog_rolling.policies.type = Policies
appender.index_indexing_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.index_indexing_slowlog_rolling.policies.time.interval = 1
appender.index_indexing_slowlog_rolling.policies.time.modulate = true
logger.index_indexing_slowlog.name = index.indexing.slowlog.index
logger.index_indexing_slowlog.level = debug
logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling
logger.index_indexing_slowlog.additivity = false

6
filter_plugins/custom.py
View file

@ -2,6 +2,7 @@ __author__ = 'dale mcdiarmid'
import re
import os.path
from six import string_types
def modify_list(values=[], pattern='', replacement='', ignorecase=False):
''' Perform a `re.sub` on every item in the list'''
@ -13,7 +14,7 @@ def modify_list(values=[], pattern='', replacement='', ignorecase=False):
return [_re.sub(replacement, value) for value in values]
def append_to_list(values=[], suffix=''):
if isinstance(values, basestring):
if isinstance(values, string_types):
values = values.split(',')
return [str(value+suffix) for value in values]
@ -46,5 +47,4 @@ class FilterModule(object):
'array_to_str':array_to_str,
'extract_role_users':extract_role_users,
'filter_reserved':filter_reserved,
'filename':filename}
'filename':filename}

37
handlers/elasticsearch-templates.yml
View file

@ -1,37 +0,0 @@
---
- name: Ensure elasticsearch is started
become: yes
service: name={{instance_init_script | basename}} state=started enabled=yes
- name: Wait for elasticsearch to startup
become: yes
wait_for: host={{es_api_host}} port={{es_api_port}} delay=10
- name: Get template files
become: yes
find: paths="/etc/elasticsearch/templates" patterns="*.json"
register: templates
- name: Install templates without auth
uri:
url: "http://{{es_api_host}}:{{es_api_port}}/_template/{{item.path | filename}}"
method: PUT
status_code: 200
body_format: json
body: "{{ lookup('file', item.path) }}"
when: not es_enable_xpack or not es_xpack_features is defined or "security" not in es_xpack_features
with_items: "{{ templates.files }}"
- name: Install templates with auth
uri:
url: "http://{{es_api_host}}:{{es_api_port}}/_template/{{item.path | filename}}"
method: PUT
status_code: 200
user: "{{es_api_basic_auth_username}}"
password: "{{es_api_basic_auth_password}}"
force_basic_auth: yes
body_format: json
body: "{{ lookup('file', item.path) }}"
when: es_enable_xpack and es_xpack_features is defined and "security" in es_xpack_features
with_items: "{{ templates.files }}"

15
handlers/main.yml
View file

@ -1,17 +1,14 @@
- name: reload systemd configuration
become: yes
command: systemctl daemon-reload
# Restart service and ensure it is enabled
- name: restart elasticsearch
become: yes
service: name={{instance_init_script | basename}} state=restarted enabled=yes
when: es_restart_on_change and es_start_service and ((plugin_installed is defined and plugin_installed.changed) or (config_updated is defined and config_updated.changed) or (xpack_state.changed) or (debian_elasticsearch_install_from_repo.changed or redhat_elasticsearch_install_from_repo.changed or elasticsearch_install_from_package.changed))
#Templates are a handler as they need to come after a restart e.g. suppose user removes security on a running node and doesn't
#specify es_api_basic_auth_username and es_api_basic_auth_password. The templates will subsequently not be removed if we don't wait for the node to restart.
#Templates done after restart therefore - as a handler.
- name: load-templates
include: ./handlers/elasticsearch-templates.yml
when: es_templates
when:
- es_restart_on_change
- es_start_service
register: es_restarted

3
meta/main.yml
View file

@ -7,8 +7,7 @@ galaxy_info:
description: Elasticsearch for Linux
company: "Elastic.co"
license: "license (Apache)"
# Require 1.6 for apt deb install
min_ansible_version: 2.2.0
min_ansible_version: 2.3.2
platforms:
- name: EL
versions:

2
tasks/elasticsearch-Debian.yml
View file

@ -32,6 +32,7 @@
apt: name=elasticsearch{% if es_version is defined and es_version != "" %}={{ es_version }}{% endif %} state=present force={{force_install}} allow_unauthenticated={{ 'no' if es_apt_key else 'yes' }} cache_valid_time=86400
when: es_use_repository
register: debian_elasticsearch_install_from_repo
notify: restart elasticsearch
- name: Debian - Download elasticsearch from url
get_url: url={% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_package_url }}-{{ es_version }}.deb{% endif %} dest=/tmp/elasticsearch-{{ es_version }}.deb validate_certs=no
@ -42,3 +43,4 @@
apt: deb=/tmp/elasticsearch-{{ es_version }}.deb
when: not es_use_repository
register: elasticsearch_install_from_package
notify: restart elasticsearch

2
tasks/elasticsearch-RedHat.yml
View file

@ -18,6 +18,7 @@
yum: name=elasticsearch{% if es_version is defined and es_version != "" %}-{{ es_version }}{% endif %} state=present update_cache=yes
when: es_use_repository
register: redhat_elasticsearch_install_from_repo
notify: restart elasticsearch
until: '"failed" not in redhat_elasticsearch_install_from_repo'
retries: 5
delay: 10
@ -27,3 +28,4 @@
yum: name={% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_package_url }}-{{ es_version }}.noarch.rpm{% endif %} state=present
when: not es_use_repository
register: elasticsearch_install_from_package
notify: restart elasticsearch

4
tasks/elasticsearch-config.yml
View file

@ -21,7 +21,7 @@
- name: Copy Configuration File
become: yes
template: src=elasticsearch.yml.j2 dest={{conf_dir}}/elasticsearch.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
register: config_updated
register: system_change
notify: restart elasticsearch
#Copy the instance specific default file
@ -56,7 +56,7 @@
#Copy the logging.yml
- name: Copy log4j2.properties File for Instance
become: yes
template: src=log4j2.properties.j2 dest={{conf_dir}}/log4j2.properties owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
template: src={{es_config_log4j2}} dest={{conf_dir}}/log4j2.properties owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
notify: restart elasticsearch
- name: Copy jvm.options File for Instance

4
tasks/elasticsearch-optional-user.yml
View file

@ -2,6 +2,8 @@
#Add the elasticsearch user before installing from packages.
- name: Ensure optional elasticsearch group is created with the correct id.
become: yes
#Restart if these change
notify: restart elasticsearch
group:
state: present
name: "{{ es_group }}"
@ -10,6 +12,8 @@
- name: Ensure optional elasticsearch user is created with the correct id.
become: yes
#Restart if these change
notify: restart elasticsearch
user:
state: present
name: "{{ es_user }}"

16
tasks/elasticsearch-plugins.yml
View file

@ -29,13 +29,20 @@
- set_fact: plugins_to_remove="{{ installed_plugins.stdout_lines | difference(es_plugins | json_query('[*].plugin')) | default([]) }}"
when: not es_plugins_reinstall
#if es_plugins_reinstall is set to true we (re)install ALL plugins
- set_fact: plugins_to_install="{{ es_plugins | json_query('[*].plugin') | default([]) }}"
when: es_plugins_reinstall
#if the plugins listed are different than those requested, we install those not installed but listed in the config
- set_fact: plugins_to_install="{{ es_plugins | json_query('[*].plugin') | difference(installed_plugins.stdout_lines) | default([]) }}"
when: not es_plugins_reinstall
# This removes any currently installed plugins (to prevent errors when reinstalling)
- name: Remove elasticsearch plugins
become: yes
command: "{{es_home}}/bin/elasticsearch-plugin remove {{item}} --silent"
ignore_errors: yes
with_items: "{{ plugins_to_remove | default([]) }}"
when: es_plugins_reinstall and plugins_to_remove | length > 0
notify: restart elasticsearch
register: plugin_removed
environment:
@ -44,16 +51,17 @@
- name: Install elasticsearch plugins
become: yes
command: "{{es_home}}/bin/elasticsearch-plugin install {{ item.plugin }} --batch --silent {% if item.proxy_host is defined and item.proxy_host != '' and item.proxy_port is defined and item.proxy_port != ''%} -DproxyHost={{ item.proxy_host }} -DproxyPort={{ item.proxy_port }} {% elif es_proxy_host is defined and es_proxy_host != '' %} -DproxyHost={{ es_proxy_host }} -DproxyPort={{ es_proxy_port }} {% endif %}"
command: "{{es_home}}/bin/elasticsearch-plugin install {{ item.plugin }} --batch --silent"
register: plugin_installed
failed_when: "'ERROR' in plugin_installed.stdout"
changed_when: plugin_installed.rc == 0
with_items: "{{ es_plugins | default([]) }}"
when: not es_plugins is none and es_plugins_reinstall
with_items: "{{ es_plugins }}"
when: item.plugin in plugins_to_install
notify: restart elasticsearch
environment:
CONF_DIR: "{{ conf_dir }}"
ES_INCLUDE: "{{ instance_default_file }}"
ES_JAVA_OPTS: "{% if item.proxy_host is defined and item.proxy_host != '' and item.proxy_port is defined and item.proxy_port != ''%} -Dhttp.proxyHost={{ item.proxy_host }} -Dhttp.proxyPort={{ item.proxy_port }} -Dhttps.proxyHost={{ item.proxy_host }} -Dhttps.proxyPort={{ item.proxy_port }} {% elif es_proxy_host is defined and es_proxy_host != '' %} -Dhttp.proxyHost={{ es_proxy_host }} -Dhttp.proxyPort={{ es_proxy_port }} -Dhttps.proxyHost={{ es_proxy_host }} -Dhttps.proxyPort={{ es_proxy_port }} {% endif %}"
until: plugin_installed.rc == 0
retries: 5
delay: 5

45
tasks/elasticsearch-template.yml Normal file
View file

@ -0,0 +1,45 @@
---
- file: path=/etc/elasticsearch/templates state=directory owner={{ es_user }} group={{ es_group }}
- name: Copy templates to elasticsearch
copy: src={{ item }} dest=/etc/elasticsearch/templates owner={{ es_user }} group={{ es_group }}
register: load_templates
with_fileglob:
- "{{ es_templates_fileglob | default('') }}"
- name: Ensure elasticsearch is started
service: name={{instance_init_script | basename}} state=started enabled=yes
when: es_start_service and load_templates.changed
- name: Wait for elasticsearch to startup
wait_for: host={{es_api_host}} port={{es_api_port}} delay=10
when: es_start_service and load_templates.changed
- name: Install templates without auth
uri:
url: "http://{{es_api_host}}:{{es_api_port}}/_template/{{item | filename}}"
method: PUT
status_code: 200
body_format: json
body: "{{ lookup('file', item) }}"
when: load_templates.changed and es_start_service and not es_enable_xpack or not es_xpack_features is defined or "security" not in es_xpack_features
with_fileglob:
- "{{ es_templates_fileglob | default('') }}"
run_once: True
- name: Install templates with auth
uri:
url: "http://{{es_api_host}}:{{es_api_port}}/_template/{{item | filename}}"
method: PUT
status_code: 200
user: "{{es_api_basic_auth_username}}"
password: "{{es_api_basic_auth_password}}"
force_basic_auth: yes
body_format: json
body: "{{ lookup('file', item) }}"
when: load_templates.changed and es_start_service and es_enable_xpack and es_xpack_features is defined and "security" in es_xpack_features
with_fileglob:
- "{{ es_templates_fileglob | default('') }}"
run_once: True

17
tasks/elasticsearch-templates.yml
View file

@ -1,17 +0,0 @@
---
- become: yes
file: path=/etc/elasticsearch/templates state=directory owner={{ es_user }} group={{ es_group }}
- name: Copy default templates to elasticsearch
become: yes
copy: src=templates dest=/etc/elasticsearch/ owner={{ es_user }} group={{ es_group }}
notify: load-templates
when: es_templates_fileglob is not defined
- name: Copy templates to elasticsearch
become: yes
copy: src={{ item }} dest=/etc/elasticsearch/templates owner={{ es_user }} group={{ es_group }}
notify: load-templates
with_fileglob:
- "{{ es_templates_fileglob | default('') }}"

14
tasks/main.yml
View file

@ -37,20 +37,26 @@
tags:
- xpack
- include: elasticsearch-templates.yml
- meta: flush_handlers
#Templates done after restart - handled by flushing the handlers. e.g. suppose user removes security on a running node and doesn't specify es_api_basic_auth_username and es_api_basic_auth_password. The templates will subsequently not be removed if we don't wait for the node to restart.
- include: elasticsearch-template.yml
when: es_templates
tags:
- templates
- meta: flush_handlers
- name: Make sure elasticsearch is started
service: name={{instance_init_script | basename}} state=started enabled=yes
when: es_start_service
- name: Wait for elasticsearch to startup
wait_for: host={{es_api_host}} port={{es_api_port}} delay=5 connect_timeout=1
when: es_restarted is defined and es_restarted.changed and es_start_service
- name: activate-license
include: ./xpack/security/elasticsearch-xpack-activation.yml
when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != ''
when: es_start_service and es_enable_xpack and es_xpack_license is defined and es_xpack_license != ''
#perform security actions here now elasticsearch is started
- include: ./xpack/security/elasticsearch-security-native.yml
when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined))
when: es_start_service and (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined))

29
tasks/xpack/elasticsearch-xpack-install.yml
View file

@ -28,15 +28,36 @@
#Install plugin if not installed, or the es version has changed (so removed above), and its been requested
- name: Install x-pack plugin
- name: Download x-pack from url
get_url: url={{ es_xpack_custom_url }} dest=/tmp/x-pack-{{ es_version }}.zip
when: (x_pack_installed.rc == 1 or es_version_changed) and (es_enable_xpack and es_xpack_custom_url is defined)
- name: Install x-pack plugin from local
become: yes
command: >
{{es_home}}/bin/elasticsearch-plugin install --silent --batch x-pack {% if es_proxy_host is defined and es_proxy_host != '' %} -Dhttp.proxyHost={{ es_proxy_host }} -Dhttp.proxyPort={{ es_proxy_port }} {% endif %}
{{es_home}}/bin/elasticsearch-plugin install --silent --batch file:///tmp/x-pack-{{ es_version }}.zip
register: xpack_state
failed_when: "'ERROR' in xpack_state.stdout"
changed_when: xpack_state.rc == 0
when: (x_pack_installed.rc == 1 or es_version_changed) and es_enable_xpack
when: (x_pack_installed.rc == 1 or es_version_changed) and (es_enable_xpack and es_xpack_custom_url is defined)
notify: restart elasticsearch
environment:
CONF_DIR: "{{ conf_dir }}"
ES_INCLUDE: "{{ instance_default_file }}"
- name: Delete x-pack zip file
file: dest=/tmp/x-pack-{{ es_version }}.zip state=absent
when: es_xpack_custom_url is defined
- name: Install x-pack plugin from elastic.co
become: yes
command: >
{{es_home}}/bin/elasticsearch-plugin install --silent --batch x-pack
register: xpack_state
failed_when: "'ERROR' in xpack_state.stdout"
changed_when: xpack_state.rc == 0
when: (x_pack_installed.rc == 1 or es_version_changed) and (es_enable_xpack and es_xpack_custom_url is not defined)
notify: restart elasticsearch
environment:
CONF_DIR: "{{ conf_dir }}"
ES_INCLUDE: "{{ instance_default_file }}"
ES_JAVA_OPTS: "{% if es_proxy_host is defined and es_proxy_host != '' %}-Dhttp.proxyHost={{ es_proxy_host }} -Dhttp.proxyPort={{ es_proxy_port }} -Dhttps.proxyHost={{ es_proxy_host }} -Dhttps.proxyPort={{ es_proxy_port }}{% endif %}"

7
tasks/xpack/security/elasticsearch-security-file.yml
View file

@ -1,13 +1,6 @@
---
- set_fact: manage_file_users=es_users is defined and es_users.file is defined
#Ensure x-pack conf directory is created
- name: Ensure x-pack conf directory exists (file)
become: yes
file: path={{ conf_dir }}/x-pack state=directory owner={{ es_user }} group={{ es_group }}
changed_when: False
when: es_enable_xpack and '"security" in es_xpack_features'
#List current users
- name: List Users
become: yes

3
tasks/xpack/security/elasticsearch-security-native.yml
View file

@ -81,12 +81,13 @@
- set_fact: current_roles={{ role_list_response.json | filter_reserved }}
when: manage_native_roles
- debug: msg="{{current_roles}}"
when: manage_native_roles
- set_fact: roles_to_remove={{ current_roles | difference ( es_roles.native.keys() ) }}
when: manage_native_roles
#Delete all non required roles
- name: Delete Native Roles
uri:

10
tasks/xpack/security/elasticsearch-security.yml
View file

@ -3,10 +3,18 @@
#TODO: 1. Skip users with no password defined or error 2. Passwords | length > 6
#Ensure x-pack conf directory is created if necessary
- name: Ensure x-pack conf directory exists (file)
file: path={{ conf_dir }}/x-pack state=directory owner={{ es_user }} group={{ es_group }}
changed_when: False
when:
- es_enable_xpack and '"security" in es_xpack_features'
- (es_users is defined and es_users.file is defined) or (es_roles is defined and es_roles.file is defined) or (es_role_mapping is defined)
#-----------------------------FILE BASED REALM----------------------------------------
- include: elasticsearch-security-file.yml
when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.file) or (es_roles is defined and es_roles.file is defined))
when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.file is defined) or (es_roles is defined and es_roles.file is defined))
#-----------------------------ROLE MAPPING ----------------------------------------

6
tasks/xpack/security/elasticsearch-xpack-activation.yml
View file

@ -3,7 +3,7 @@
- name: Activate ES license (without security authentication)
uri:
method: PUT
url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true"
url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true"
body_format: json
body: "{{ es_xpack_license }}"
return_content: yes
@ -18,7 +18,7 @@
- name: Activate ES license (with security authentication)
uri:
method: PUT
url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true"
url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true"
user: "{{es_api_basic_auth_username}}"
password: "{{es_api_basic_auth_password}}"
body_format: json
@ -34,4 +34,4 @@
license_activated.json.license_status != 'valid'
- debug:
msg: "License: {{ license_activated.content }}"
msg: "License: {{ license_activated }}"

5
templates/elasticsearch.j2
View file

@ -5,6 +5,9 @@
# Elasticsearch home directory
ES_HOME={{es_home}}
# Elasticsearch Java path
#JAVA_HOME=
# Elasticsearch configuration directory
CONF_DIR={{conf_dir}}
@ -56,7 +59,7 @@ MAX_OPEN_FILES={{es_max_open_files}}
# The maximum number of bytes of memory that may be locked into RAM
# Set to "unlimited" if you use the 'bootstrap.memory_lock: true' option
# in elasticsearch.yml (ES_HEAP_SIZE must also be set).
# in elasticsearch.yml
# When using Systemd, the LimitMEMLOCK property must be set
# in /usr/lib/systemd/system/elasticsearch.service
#MAX_LOCKED_MEMORY=

5
templates/elasticsearch.repo
View file

@ -4,7 +4,8 @@ baseurl=https://artifacts.elastic.co/packages/{{ es_major_version }}/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
{% if es_proxy_host is defined and es_proxy_port is defined %}
autorefresh=1
type=rpm-md
{% if es_proxy_host is defined and es_proxy_host != '' and es_proxy_port is defined %}
proxy=http://{{ es_proxy_host }}:{{es_proxy_port}}
{% endif %}

10
templates/elasticsearch.yml.j2
View file

@ -30,4 +30,12 @@ xpack.monitoring.enabled: false
{% if not "alerting" in es_xpack_features %}
xpack.watcher.enabled: false
{% endif %}
{% endif %}
{% if not "ml" in es_xpack_features %}
xpack.ml.enabled: false
{% endif %}
{% if not "graph" in es_xpack_features %}
xpack.graph.enabled: false
{% endif %}

31
templates/init/debian/elasticsearch.j2
View file

@ -84,16 +84,30 @@ if [ ! -z "$CONF_FILE" ]; then
exit 1
fi
if [ "$ES_USER" != "elasticsearch" ] || [ "$ES_GROUP" != "elasticsearch" ]; then
echo "WARNING: ES_USER and ES_GROUP are deprecated and will be removed in the next major version of Elasticsearch, got: [$ES_USER:$ES_GROUP]"
fi
# Define other required variables
PID_FILE="$PID_DIR/$NAME.pid"
DAEMON={{es_home}}/bin/elasticsearch
DAEMON_OPTS="-d -p $PID_FILE -Edefault.path.home=$ES_HOME -Edefault.path.logs=$LOG_DIR -Edefault.path.data=$DATA_DIR -Edefault.path.conf=$CONF_DIR"
DAEMON=$ES_HOME/bin/elasticsearch
DAEMON_OPTS="-d -p $PID_FILE -Edefault.path.logs=$LOG_DIR -Edefault.path.data=$DATA_DIR -Edefault.path.conf=$CONF_DIR"
export ES_JAVA_OPTS
export JAVA_HOME
export ES_INCLUDE
export ES_JVM_OPTIONS
# export unsupported variables so bin/elasticsearch can reject them and inform the user these are unsupported
if test -n "$ES_MIN_MEM"; then export ES_MIN_MEM; fi
if test -n "$ES_MAX_MEM"; then export ES_MAX_MEM; fi
if test -n "$ES_HEAP_SIZE"; then export ES_HEAP_SIZE; fi
if test -n "$ES_HEAP_NEWSIZE"; then export ES_HEAP_NEWSIZE; fi
if test -n "$ES_DIRECT_SIZE"; then export ES_DIRECT_SIZE; fi
if test -n "$ES_USE_IPV4"; then export ES_USE_IPV4; fi
if test -n "$ES_GC_OPTS"; then export ES_GC_OPTS; fi
if test -n "$ES_GC_LOG_FILE"; then export ES_GC_LOG_FILE; fi
# Check DAEMON exists
if [ ! -x "$DAEMON" ]; then
echo "The elasticsearch startup script does not exists or it is not executable, tried: $DAEMON"
@ -117,13 +131,6 @@ case "$1" in
start)
checkJava
{% if es_version | version_compare('5.0', '<') %}
if [ -n "$MAX_LOCKED_MEMORY" -a -z "$ES_HEAP_SIZE" ]; then
log_failure_msg "MAX_LOCKED_MEMORY is set - ES_HEAP_SIZE must also be set"
exit 1
fi
{% endif %}
log_daemon_msg "Starting $DESC"
pid=`pidofproc -p $PID_FILE elasticsearch`
@ -133,9 +140,6 @@ case "$1" in
exit 0
fi
# Prepare environment
mkdir -p "$LOG_DIR" "$DATA_DIR" && chown "$ES_USER":"$ES_GROUP" "$LOG_DIR" "$DATA_DIR"
# Ensure that the PID_DIR exists (it is cleaned at OS startup time)
if [ -n "$PID_DIR" ] && [ ! -e "$PID_DIR" ]; then
mkdir -p "$PID_DIR" && chown "$ES_USER":"$ES_GROUP" "$PID_DIR"
@ -157,7 +161,7 @@ case "$1" in
fi
# Start Daemon
start-stop-daemon -d $ES_HOME --start -b --user "$ES_USER" -c "$ES_USER" --pidfile "$PID_FILE" --exec $DAEMON -- $DAEMON_OPTS
start-stop-daemon -d $ES_HOME --start --user "$ES_USER" -c "$ES_USER" --pidfile "$PID_FILE" --exec $DAEMON -- $DAEMON_OPTS
return=$?
if [ $return -eq 0 ]; then
i=0
@ -203,7 +207,6 @@ case "$1" in
restart|force-reload)
if [ -f "$PID_FILE" ]; then
$0 stop
sleep 1
fi
$0 start
;;

7
templates/init/redhat/elasticsearch.j2
View file

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
#
# elasticsearch <summary>
#
@ -48,7 +48,6 @@ DATA_DIR={{ data_dirs | array_to_str }}
CONF_DIR="{{conf_dir}}"
PID_DIR="{{pid_dir}}"
ES_JVM_OPTIONS="{{conf_dir}}/jvm.options"
# Source the default env file
ES_ENV_FILE="{{instance_default_file}}"
@ -56,6 +55,10 @@ if [ -f "$ES_ENV_FILE" ]; then
. "$ES_ENV_FILE"
fi
if [ "$ES_USER" != "elasticsearch" ] || [ "$ES_GROUP" != "elasticsearch" ]; then
echo "WARNING: ES_USER and ES_GROUP are deprecated and will be removed in the next major version of Elasticsearch, got: [$ES_USER:$ES_GROUP]"
fi
# CONF_FILE setting was removed
if [ ! -z "$CONF_FILE" ]; then
echo "CONF_FILE setting is no longer supported. elasticsearch.yml must be placed in the config directory and cannot be renamed."

22
templates/jvm.options.j2
View file

@ -20,14 +20,10 @@
# Xmx represents the maximum size of total heap space
{% if es_heap_size is defined %}
-Xms{{ es_heap_size }}
{% else %}
-Xms2g
{% endif %}
{% if es_heap_size is defined %}
-Xmx{{ es_heap_size }}
{% else %}
-Xms2g
-Xmx2g
{% endif %}
################################################################
@ -47,9 +43,6 @@
## optimizations
# disable calls to System#gc
-XX:+DisableExplicitGC
# pre-touch memory pages used by the JVM during initialization
-XX:+AlwaysPreTouch
@ -67,7 +60,10 @@
# use our provided JNA always versus the system one
-Djna.nosys=true
# flags to keep Netty from being unsafe
# use old-style file permissions on JDK9
-Djdk.io.permissionsUseCanonicalPath=true
# flags to configure Netty
-Dio.netty.noUnsafe=true
-Dio.netty.noKeySetOptimization=true
-Dio.netty.recycler.maxCapacityPerThread=0
@ -100,6 +96,14 @@
# ensure the directory exists
#-Xloggc:${loggc}
# By default, the GC log file will not rotate.
# By uncommenting the lines below, the GC log file
# will be rotated every 128MB at most 32 times.
#-XX:+UseGCLogFileRotation
#-XX:NumberOfGCLogFiles=32
#-XX:GCLogFileSize=128M
# Elasticsearch 5.0.0 will throw an exception on unquoted field names in JSON.
# If documents were already indexed with unquoted fields in a previous version
# of Elasticsearch, some operations may throw errors.

10
templates/systemd/elasticsearch.j2
View file

@ -41,6 +41,9 @@ StandardError=inherit
LimitNOFILE={{es_max_open_files}}
{% endif %}
# Specifies the maximum number of processes
LimitNPROC=2048
# Specifies the maximum number of bytes of memory that may be locked into RAM
# Set to "infinity" if you use the 'bootstrap.memory_lock: true' option
# in elasticsearch.yml and 'MAX_LOCKED_MEMORY=unlimited' in {{instance_default_file}}
@ -48,12 +51,19 @@ LimitNOFILE={{es_max_open_files}}
LimitMEMLOCK=infinity
{% endif %}
# Specifies the maximum number of threads that can be started. Elasticsearch requires a
# minimum of 2048.
LimitNPROC={{ es_max_threads }}
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=0
# SIGTERM signal is used to stop the Java process
KillSignal=SIGTERM
# Send the signal only to the JVM rather than its control group
KillMode=process
# Java process is never killed
SendSIGKILL=no

2
test/integration/config-5x/serverspec/default_spec.rb
View file

@ -1,6 +1,6 @@
require 'config_spec'
describe 'Config Tests v 5.x' do
include_examples 'config::init', "5.2.2", ["ingest-attachment","ingest-user-agent"]
include_examples 'config::init', "5.5.1", ["ingest-attachment","ingest-user-agent"]
end

3
test/integration/config.yml
View file

@ -25,7 +25,10 @@
es_templates: false
es_version_lock: false
es_heap_size: 1g
#add a custom log4j file
es_config_log4j2: "./files/logging/log4j2.properties.custom.j2"
es_api_port: 9401
es_max_threads: 3000
es_plugins:
- plugin: ingest-attachment
- plugin: ingest-user-agent

9
test/integration/helpers/serverspec/config_spec.rb
View file

@ -139,11 +139,20 @@ shared_examples 'config::init' do |es_version,plugins|
describe file('/usr/lib/systemd/system/node1_elasticsearch.service') do
it { should be_file }
it { should contain 'LimitMEMLOCK=infinity' }
it { should contain 'LimitNPROC=3000' }
end
else
describe file('/etc/init.d/node1_elasticsearch') do
it { should be_file }
end
end
describe file('/etc/elasticsearch/node1/log4j2.properties') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
it { should contain 'CUSTOM LOG4J FILE' }
end
end

8
test/integration/helpers/serverspec/issue_test_spec.rb Normal file
View file

@ -0,0 +1,8 @@
require 'spec_helper'
shared_examples 'issue_test::init' do |es_version,plugins|
#Add custom tests here for the issue-test.yml test
end

15
test/integration/helpers/serverspec/standard_spec.rb
View file

@ -1,6 +1,6 @@
require 'spec_helper'
shared_examples 'standard::init' do |es_version|
shared_examples 'standard::init' do |es_version,plugins|
describe user('elasticsearch') do
it { should exist }
@ -22,6 +22,7 @@ shared_examples 'standard::init' do |es_version|
describe file('/etc/elasticsearch/node1/log4j2.properties') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
it { should_not contain 'CUSTOM LOG4J FILE' }
end
describe file('/etc/elasticsearch/node1/jvm.options') do
@ -75,5 +76,17 @@ shared_examples 'standard::init' do |es_version|
it { should_not exist }
end
for plugin in plugins
describe file('/usr/share/elasticsearch/plugins/'+plugin) do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
#confirm plugins are installed and the correct version
describe command('curl -s localhost:9200/_nodes/plugins | grep \'"name":"'+plugin+'","version":"'+es_version+'"\'') do
its(:exit_status) { should eq 0 }
end
end
end

4
test/integration/helpers/serverspec/xpack_spec.rb
View file

@ -137,11 +137,11 @@ shared_examples 'xpack::init' do |es_version,plugins|
#Test native roles and users are loaded
describe command('curl -s localhost:9200/_xpack/security/user -u es_admin:changeMeAgain | md5sum | grep 74bcc9f9534b253c1204e264df21496c') do
describe command('curl -s localhost:9200/_xpack/security/user -u es_admin:changeMeAgain | md5sum | grep b6a1293c343e745a508c74778c9be8bb') do
its(:exit_status) { should eq 0 }
end
describe command('curl -s localhost:9200/_xpack/security/role -u es_admin:changeMeAgain | md5sum | grep 2bf3ffbb9cabf26bb25de6334c4da323') do
describe command('curl -s localhost:9200/_xpack/security/role -u es_admin:changeMeAgain | md5sum | grep 44b97844bd8b31d5573493a99ef62106') do
its(:exit_status) { should eq 0 }
end

139
test/integration/helpers/serverspec/xpack_standard_spec.rb Normal file
View file

@ -0,0 +1,139 @@
require 'spec_helper'
shared_examples 'xpack_standard::init' do |es_version,plugins|
describe user('elasticsearch') do
it { should exist }
end
describe service('security_node_elasticsearch') do
it { should be_running }
end
describe package('elasticsearch') do
it { should be_installed }
end
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/security_node/log4j2.properties') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
it { should contain 'node.name: localhost-security_node' }
it { should contain 'cluster.name: elasticsearch' }
it { should contain 'path.conf: /etc/elasticsearch/security_node' }
it { should contain 'path.data: /var/lib/elasticsearch/localhost-security_node' }
it { should contain 'path.logs: /var/log/elasticsearch/localhost-security_node' }
it { should contain 'xpack.security.enabled: false' }
it { should contain 'xpack.watcher.enabled: false' }
end
describe 'Node listening' do
it 'listening in port 9200' do
expect(port 9200).to be_listening
end
end
describe 'version check' do
it 'should be reported as version '+es_version do
command = command('curl -s localhost:9200 | grep number')
expect(command.stdout).to match(es_version)
expect(command.exit_status).to eq(0)
end
end
describe file('/etc/init.d/elasticsearch') do
it { should_not exist }
end
describe file('/etc/default/elasticsearch') do
it { should_not exist }
end
describe file('/etc/sysconfig/elasticsearch') do
it { should_not exist }
end
describe file('/usr/lib/systemd/system/elasticsearch.service') do
it { should_not exist }
end
describe file('/etc/elasticsearch/elasticsearch.yml') do
it { should_not exist }
end
describe file('/etc/elasticsearch/logging.yml') do
it { should_not exist }
end
#Xpack specific tests
describe file('/usr/share/elasticsearch/plugins') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
#Test if x-pack is activated
describe 'x-pack activation' do
it 'should be activated and valid' do
command = command('curl -s localhost:9200/_license?pretty=true')
expect(command.stdout).to match('"status" : "active"')
expect(command.exit_status).to eq(0)
end
end
describe file('/usr/share/elasticsearch/plugins/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMeAgain | grep x-pack') do
its(:exit_status) { should eq 0 }
end
describe file('/etc/elasticsearch/security_node/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/usr/share/elasticsearch/plugins/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
for plugin in plugins
describe file('/usr/share/elasticsearch/plugins/'+plugin) do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe command('curl -s localhost:9200/_nodes/plugins | grep \'"name":"'+plugin+'","version":"'+es_version+'"\'') do
its(:exit_status) { should eq 0 }
end
end
#Test users file, users_roles and roles.yml
describe file('/etc/elasticsearch/security_node/x-pack/users_roles') do
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/security_node/x-pack/users') do
it { should be_owned_by 'elasticsearch' }
end
describe command('curl -s localhost:9200/_xpack') do
its(:stdout_as_json) { should include('features' => include('security' => include('enabled' => false))) }
its(:stdout_as_json) { should include('features' => include('watcher' => include('enabled' => false))) }
its(:stdout_as_json) { should include('features' => include('graph' => include('enabled' => true))) }
its(:stdout_as_json) { should include('features' => include('monitoring' => include('enabled' => true))) }
its(:stdout_as_json) { should include('features' => include('ml' => include('enabled' => true))) }
end
end

24
test/integration/issue-test.yml Normal file
View file

@ -0,0 +1,24 @@
#This file is for users to test issues and reproduce them using the test framework.
#Modify the playbook below and test with kitchen i.e. `kitchen test issue-test`
#To add custom tests modify the serverspec file ./helpers/serverspec/issue_test_spec.rb
#Idempot test is enabled for this test
- name: Simple Example
hosts: localhost
roles:
- { role: elasticsearch, es_config: { "xpack.security.authc.realms.file1.type": "file", "xpack.security.authc.realms.file1.order": 1, "xpack.security.authc.realms.native1.type": "native", "xpack.security.authc.realms.native1.order": 0 }, es_instance_name: "security_node" }
vars:
es_heap_size: "1g"
es_enable_xpack: true
es_plugins:
- plugin: ingest-geoip
es_xpack_features:
- security
- alerting
es_api_basic_auth_username: elastic
es_api_basic_auth_password: changeme
es_users:
native:
testUser:
password: changeme
roles:
- kibana_user

2
test/integration/issue-test/issue-test.yml Normal file
View file

@ -0,0 +1,2 @@
---
- host: test-kitchen

6
test/integration/issue-test/serverspec/default_spec.rb Normal file
View file

@ -0,0 +1,6 @@
require 'issue_test_spec'
describe 'Issue Test' do
include_examples 'issue_test::init', "5.5.1", []
end

2
test/integration/multi-5x/serverspec/default_spec.rb
View file

@ -2,7 +2,7 @@ require 'multi_spec'
describe 'Multi Tests v 5.x' do
include_examples 'multi::init', "5.2.2", ["ingest-geoip"]
include_examples 'multi::init', "5.5.1", ["ingest-geoip"]
end

2
test/integration/package-5x/serverspec/default_spec.rb
View file

@ -2,5 +2,5 @@ require 'package_spec'
describe 'Package Tests v 5.x' do
include_examples 'package::init', "5.2.2", ["ingest-attachment","ingest-geoip"]
include_examples 'package::init', "5.5.1", ["ingest-attachment","ingest-geoip"]
end

4
test/integration/package.yml
View file

@ -8,7 +8,7 @@
es_templates: true
es_heap_size: "1g"
es_api_port: 9200
es_version: "5.1.2"
es_version: "5.5.1"
es_plugins:
- plugin: ingest-geoip
@ -21,7 +21,7 @@
vars:
es_scripts: true
es_templates: true
es_version: "5.2.2"
es_version: "5.5.1"
es_heap_size: "1g"
es_api_port: 9200
es_plugins:

2
test/integration/standard-5x/serverspec/default_spec.rb
View file

@ -2,7 +2,7 @@ require 'standard_spec'
describe 'Standard Tests v 5.x' do
include_examples 'standard::init', "5.2.2"
include_examples 'standard::init', "5.5.1", ["ingest-geoip"]
end

2
test/integration/xpack-5x/serverspec/default_spec.rb
View file

@ -1,5 +1,5 @@
require 'xpack_spec'
describe 'Xpack Tests v 5.x' do
include_examples 'xpack::init', "5.2.2", ["ingest-attachment"]
include_examples 'xpack::init', "5.5.1", ["ingest-attachment"]
end

5
test/integration/xpack-standard-5x/serverspec/default_spec.rb Normal file
View file

@ -0,0 +1,5 @@
require 'xpack_standard_spec'
describe 'Xpack Standard Tests v 5.x' do
include_examples 'xpack_standard::init', "5.5.1", []
end

2
test/integration/xpack-standard-5x/xpack-standard.yml Normal file
View file

@ -0,0 +1,2 @@
---
- host: test-kitchen

15
test/integration/xpack-standard.yml Normal file
View file

@ -0,0 +1,15 @@
#Tests x-pack is idempotent and works when security is not enabled
---
- name: Elasticsearch Xpack tests - no security and manual download
hosts: localhost
roles:
- { role: elasticsearch, es_api_port: 9200, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300" }, es_instance_name: "security_node" }
vars:
es_version: "5.5.1"
es_heap_size: 2g
es_enable_xpack: true
es_xpack_custom_url: "https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.5.1.zip"
es_xpack_features:
- monitoring
- graph
- ml

4
test/integration/xpack.yml
View file

@ -8,7 +8,7 @@
vars:
es_heap_size: "1g"
es_templates: true
es_version: "5.1.2"
es_version: "5.4.0"
es_enable_xpack: true
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
es_plugins:
@ -90,7 +90,7 @@
vars:
es_heap_size: "1g"
es_templates: true
es_version: "5.2.2"
es_version: "5.5.1"
es_enable_xpack: true
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
es_plugins: