From 8b061afa8126c0f8b03373b82b65934789233264 Mon Sep 17 00:00:00 2001 From: "Thierno IB. BARRY" Date: Mon, 19 Sep 2016 17:40:42 +0200 Subject: [PATCH 01/17] Activate ES license --- tasks/xpack/elasticsearch-xpack.yml | 39 ++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/tasks/xpack/elasticsearch-xpack.yml b/tasks/xpack/elasticsearch-xpack.yml index 46be973..e0dca51 100644 --- a/tasks/xpack/elasticsearch-xpack.yml +++ b/tasks/xpack/elasticsearch-xpack.yml @@ -49,7 +49,44 @@ #Shield configuration - include: shield/elasticsearch-shield.yml -#Add any feature specific configuration here +# Activate ES lience +- name: Activate ES license (without shield authentication) + uri: + method: PUT + url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true" + body_format: json + body: "{{ es_xpack_license }}" + return_content: yes + register: license_activated + no_log: True + when: es_xpack_license is defined and es_xpack_license != '' and es_enable_xpack and '"shield" not in es_xpack_features + failed_when: > + license_activated.status != 200 or + license_activated.json.license_status is not defined or + license_activated.json.license_status != 'valid' +- name: Activate ES license (with shield authentication) + uri: + method: PUT + url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true" + user: "{{es_api_basic_auth_username}}" + password: "{{es_api_basic_auth_password}}" + body_format: json + force_basic_auth: yes + body: "{{ es_xpack_license }}" + return_content: yes + register: license_activated + no_log: True + when: es_xpack_license is defined and es_xpack_license != '' and es_enable_xpack and '"shield" in es_xpack_features + failed_when: > + license_activated.status != 200 or + license_activated.json.license_status is not defined or + license_activated.json.license_status != 'valid' + +- debug: + msg: "License: {{ license_activated.content }}" + when: es_xpack_license is defined and es_xpack_license != '' and es_enable_xpack + +#Add any feature specific configuration here - name: Set Plugin Directory Permissions file: state=directory path={{ es_home }}/plugins owner={{ es_user }} group={{ es_group }} recurse=yes \ No newline at end of file From da57e2dd65c849e4fae65beac935c438bb0532e6 Mon Sep 17 00:00:00 2001 From: "Thierno IB. BARRY" Date: Mon, 19 Sep 2016 17:41:24 +0200 Subject: [PATCH 02/17] no log password when adding or updating user --- handlers/shield/elasticsearch-shield-native.yml | 1 + tasks/xpack/shield/elasticsearch-shield-file.yml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/handlers/shield/elasticsearch-shield-native.yml b/handlers/shield/elasticsearch-shield-native.yml index 52083a5..c666f23 100644 --- a/handlers/shield/elasticsearch-shield-native.yml +++ b/handlers/shield/elasticsearch-shield-native.yml @@ -64,6 +64,7 @@ password: "{{es_api_basic_auth_password}}" force_basic_auth: yes when: manage_native_users and es_users.native.keys() > 0 + no_log: True with_dict: "{{es_users.native}}" #List current roles diff --git a/tasks/xpack/shield/elasticsearch-shield-file.yml b/tasks/xpack/shield/elasticsearch-shield-file.yml index da78e91..6fa7182 100644 --- a/tasks/xpack/shield/elasticsearch-shield-file.yml +++ b/tasks/xpack/shield/elasticsearch-shield-file.yml @@ -31,6 +31,7 @@ {{es_home}}/bin/shield/esusers useradd {{item}} -p {{es_users.file[item].password}} with_items: "{{users_to_add}}" when: manage_file_users and users_to_add | length > 0 + no_log: True environment: CONF_DIR: "{{ conf_dir }}" ES_HOME: "{{es_home}}" @@ -43,6 +44,7 @@ when: manage_file_users and es_users.file.keys() | length > 0 #Currently no easy way to figure out if the password has changed or to know what it currently is so we can skip. changed_when: False + no_log: True environment: CONF_DIR: "{{ conf_dir }}" ES_HOME: "{{es_home}}" From daa14f687fef34d14d11cc8041393680b90557df Mon Sep 17 00:00:00 2001 From: "Thierno IB. BARRY" Date: Mon, 19 Sep 2016 17:41:56 +0200 Subject: [PATCH 03/17] fix typo when removing xpack plugins --- tasks/xpack/elasticsearch-xpack-install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/xpack/elasticsearch-xpack-install.yml b/tasks/xpack/elasticsearch-xpack-install.yml index 77ddc58..d7b08d3 100644 --- a/tasks/xpack/elasticsearch-xpack-install.yml +++ b/tasks/xpack/elasticsearch-xpack-install.yml @@ -14,7 +14,7 @@ #Remove Plugin if installed and its not been requested or the ES version has changed - name: Remove {{item}} plugin command: > - {{es_home}}/bin/plugin remove shield + {{es_home}}/bin/plugin remove {{item}} register: xpack_state failed_when: "'ERROR' in xpack_state.stdout" changed_when: xpack_state.rc == 0 From fbbb06111de78b4ea5f94bb7e37eac7142db360a Mon Sep 17 00:00:00 2001 From: "Thierno IB. BARRY" Date: Mon, 19 Sep 2016 18:39:32 +0200 Subject: [PATCH 04/17] update xpack license's url --- tasks/xpack/elasticsearch-xpack.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/xpack/elasticsearch-xpack.yml b/tasks/xpack/elasticsearch-xpack.yml index e0dca51..e09f8db 100644 --- a/tasks/xpack/elasticsearch-xpack.yml +++ b/tasks/xpack/elasticsearch-xpack.yml @@ -53,7 +53,7 @@ - name: Activate ES license (without shield authentication) uri: method: PUT - url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true" + url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true" body_format: json body: "{{ es_xpack_license }}" return_content: yes @@ -68,7 +68,7 @@ - name: Activate ES license (with shield authentication) uri: method: PUT - url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true" + url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true" user: "{{es_api_basic_auth_username}}" password: "{{es_api_basic_auth_password}}" body_format: json From 61a3ba32c551c8ca5a9951837446c751cd9e9c43 Mon Sep 17 00:00:00 2001 From: "Thierno IB. BARRY" Date: Wed, 21 Sep 2016 17:04:31 +0200 Subject: [PATCH 05/17] add xpack license activation tests --- .../xpack/elasticsearch-xpack-activation.yml | 36 ++++++++++++++++++ tasks/xpack/elasticsearch-xpack.yml | 38 +------------------ .../helpers/serverspec/xpack_spec.rb | 10 +++++ test/integration/xpack.yml | 1 + 4 files changed, 49 insertions(+), 36 deletions(-) create mode 100644 tasks/xpack/elasticsearch-xpack-activation.yml diff --git a/tasks/xpack/elasticsearch-xpack-activation.yml b/tasks/xpack/elasticsearch-xpack-activation.yml new file mode 100644 index 0000000..6da5595 --- /dev/null +++ b/tasks/xpack/elasticsearch-xpack-activation.yml @@ -0,0 +1,36 @@ + +- name: Activate ES license (without shield authentication) + uri: + method: PUT + url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true" + body_format: json + body: "{{ es_xpack_license }}" + return_content: yes + register: license_activated + no_log: True + when: '"shield" not in es_xpack_features + failed_when: > + license_activated.status != 200 or + license_activated.json.license_status is not defined or + license_activated.json.license_status != 'valid' + +- name: Activate ES license (with shield authentication) + uri: + method: PUT + url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true" + user: "{{es_api_basic_auth_username}}" + password: "{{es_api_basic_auth_password}}" + body_format: json + force_basic_auth: yes + body: "{{ es_xpack_license }}" + return_content: yes + register: license_activated + no_log: True + when: '"shield" in es_xpack_features + failed_when: > + license_activated.status != 200 or + license_activated.json.license_status is not defined or + license_activated.json.license_status != 'valid' + +- debug: + msg: "License: {{ license_activated.content }}" diff --git a/tasks/xpack/elasticsearch-xpack.yml b/tasks/xpack/elasticsearch-xpack.yml index e09f8db..5c42317 100644 --- a/tasks/xpack/elasticsearch-xpack.yml +++ b/tasks/xpack/elasticsearch-xpack.yml @@ -50,42 +50,8 @@ - include: shield/elasticsearch-shield.yml # Activate ES lience -- name: Activate ES license (without shield authentication) - uri: - method: PUT - url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true" - body_format: json - body: "{{ es_xpack_license }}" - return_content: yes - register: license_activated - no_log: True - when: es_xpack_license is defined and es_xpack_license != '' and es_enable_xpack and '"shield" not in es_xpack_features - failed_when: > - license_activated.status != 200 or - license_activated.json.license_status is not defined or - license_activated.json.license_status != 'valid' - -- name: Activate ES license (with shield authentication) - uri: - method: PUT - url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true" - user: "{{es_api_basic_auth_username}}" - password: "{{es_api_basic_auth_password}}" - body_format: json - force_basic_auth: yes - body: "{{ es_xpack_license }}" - return_content: yes - register: license_activated - no_log: True - when: es_xpack_license is defined and es_xpack_license != '' and es_enable_xpack and '"shield" in es_xpack_features - failed_when: > - license_activated.status != 200 or - license_activated.json.license_status is not defined or - license_activated.json.license_status != 'valid' - -- debug: - msg: "License: {{ license_activated.content }}" - when: es_xpack_license is defined and es_xpack_license != '' and es_enable_xpack +- include: elasticsearch-xpack-activation.yml + when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != '' #Add any feature specific configuration here - name: Set Plugin Directory Permissions diff --git a/test/integration/helpers/serverspec/xpack_spec.rb b/test/integration/helpers/serverspec/xpack_spec.rb index 6848c9e..dc7faad 100644 --- a/test/integration/helpers/serverspec/xpack_spec.rb +++ b/test/integration/helpers/serverspec/xpack_spec.rb @@ -87,6 +87,16 @@ shared_examples 'xpack::init' do |es_version| describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMe | grep license') do its(:exit_status) { should eq 0 } end + + #Test if x-pack is activated + describe 'x-pack activation' do + it 'should be activated with the license uid '+ENV["ES_XPACK_LICENSE_UID"] do + command = command('curl -s localhost:9200/_xpack/license?pretty=true -u es_admin:changeMe') + expect(command.stdout).to match(active) + expect(command.stdout).to match(ENV["ES_XPACK_LICENSE_UID"]) + expect(command.exit_status).to eq(0) + end + end describe file('/usr/share/elasticsearch/plugins/shield') do it { should be_directory } diff --git a/test/integration/xpack.yml b/test/integration/xpack.yml index 8bfcd2b..2f0d9b3 100644 --- a/test/integration/xpack.yml +++ b/test/integration/xpack.yml @@ -8,6 +8,7 @@ vars: es_templates: true es_enable_xpack: true + es_xpack_license: <%= ENV['ES_XPACK_LICENSE'] %> es_plugins: - plugin: lmenezes/elasticsearch-kopf version: master From 5da67786e258ea8fe1862b62249e1460cc901b43 Mon Sep 17 00:00:00 2001 From: "Thierno IB. BARRY" Date: Tue, 27 Sep 2016 16:59:20 +0200 Subject: [PATCH 06/17] use include_vars to include license during tests --- tasks/xpack/elasticsearch-xpack-activation.yml | 6 +++--- test/integration/xpack.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/xpack/elasticsearch-xpack-activation.yml b/tasks/xpack/elasticsearch-xpack-activation.yml index 6da5595..7010a5b 100644 --- a/tasks/xpack/elasticsearch-xpack-activation.yml +++ b/tasks/xpack/elasticsearch-xpack-activation.yml @@ -1,4 +1,4 @@ - +--- - name: Activate ES license (without shield authentication) uri: method: PUT @@ -11,7 +11,7 @@ when: '"shield" not in es_xpack_features failed_when: > license_activated.status != 200 or - license_activated.json.license_status is not defined or + license_activated.json.license_status is not defined or license_activated.json.license_status != 'valid' - name: Activate ES license (with shield authentication) @@ -29,7 +29,7 @@ when: '"shield" in es_xpack_features failed_when: > license_activated.status != 200 or - license_activated.json.license_status is not defined or + license_activated.json.license_status is not defined or license_activated.json.license_status != 'valid' - debug: diff --git a/test/integration/xpack.yml b/test/integration/xpack.yml index 2f0d9b3..2e46e30 100644 --- a/test/integration/xpack.yml +++ b/test/integration/xpack.yml @@ -5,10 +5,10 @@ - { role: elasticsearch, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300", "shield.authc.realms.file1.type": "file","shield.authc.realms.file1.order": 0, "shield.authc.realms.native1.type": "native","shield.authc.realms.native1.order": 1 }, es_instance_name: "shield_node" } + include_vars: <%= ENV['ES_XPACK_LICENSE_FILE'] %> vars: es_templates: true es_enable_xpack: true - es_xpack_license: <%= ENV['ES_XPACK_LICENSE'] %> es_plugins: - plugin: lmenezes/elasticsearch-kopf version: master From 2ea0842a6c0dd2a0af25a1660c01217c699a09ad Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Wed, 4 Jan 2017 13:23:22 +0000 Subject: [PATCH 07/17] Changes to support license --- .gitignore | 1 + .kitchen.yml | 3 +++ handlers/elasticsearch-templates.yml | 6 ------ handlers/main.yml | 12 +++++++++--- handlers/shield/elasticsearch-shield-native.yml | 6 ------ handlers/shield/elasticsearch-shield.yml | 9 +++++++++ .../shield}/elasticsearch-xpack-activation.yml | 11 ++++++----- license.json | 1 + tasks/xpack/elasticsearch-xpack.yml | 6 +----- tasks/xpack/shield/elasticsearch-shield.yml | 2 +- test/integration/helpers/serverspec/xpack_spec.rb | 7 +++---- test/integration/xpack.yml | 2 +- 12 files changed, 35 insertions(+), 31 deletions(-) create mode 100644 handlers/shield/elasticsearch-shield.yml rename {tasks/xpack => handlers/shield}/elasticsearch-xpack-activation.yml (77%) create mode 100644 license.json diff --git a/.gitignore b/.gitignore index 7a4be3e..bdcfa29 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ .kitchen/ +license.json *.pyc .vendor .bundle diff --git a/.kitchen.yml b/.kitchen.yml index 98adee0..d7857a1 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -22,6 +22,7 @@ platforms: - apt-get update && apt-get install -y software-properties-common && add-apt-repository -y ppa:ansible/ansible - apt-get update && apt-get -y -q install python-apt python-pycurl use_sudo: false + volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json - name: debian-8 driver_config: image: dliappis/debian-devopsci:8 @@ -33,6 +34,7 @@ platforms: - sed -ri 's/^#?PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config - sed -ri 's/^#?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config - sed -ri 's/^#?UsePAM .*/UsePAM no/' /etc/ssh/sshd_config + volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json use_sudo: false run_command: "/sbin/init" - name: centos-7 @@ -45,6 +47,7 @@ platforms: - rm /etc/yum.repos.d/epel*repo /etc/yum.repos.d/puppetlabs-pc1.repo - yum -y install initscripts - yum clean all + volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json run_command: "/usr/sbin/init" privileged: true use_sudo: false diff --git a/handlers/elasticsearch-templates.yml b/handlers/elasticsearch-templates.yml index 4595ef6..bad2226 100644 --- a/handlers/elasticsearch-templates.yml +++ b/handlers/elasticsearch-templates.yml @@ -1,11 +1,5 @@ --- -- name: Ensure elasticsearch is started - service: name={{instance_init_script | basename}} state=started enabled=yes - -- name: Wait for elasticsearch to startup - wait_for: host={{es_api_host}} port={{es_api_port}} delay=10 - - name: Get template files find: paths="/etc/elasticsearch/templates" patterns="*.json" register: templates diff --git a/handlers/main.yml b/handlers/main.yml index ac960ef..524d130 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -6,10 +6,16 @@ service: name={{instance_init_script | basename}} state=restarted enabled=yes when: es_restart_on_change and es_start_service and ((plugin_installed is defined and plugin_installed.changed) or (config_updated is defined and config_updated.changed) or (xpack_state.changed) or (debian_elasticsearch_install_from_repo.changed or redhat_elasticsearch_install_from_repo.changed or elasticsearch_install_from_package.changed)) -- name: load-native-realms - include: ./handlers/shield/elasticsearch-shield-native.yml - when: (es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined) +# Assumes all handlers need to be started as likely to make HTTP calls +- name: Ensure elasticsearch is started + service: name={{instance_init_script | basename}} state=started enabled=yes +- name: Wait for elasticsearch to startup + wait_for: host={{es_api_host}} port={{es_api_port}} delay=10 + +# All security specific actions should go in here +- name: activate-shield + include: ./handlers/shield/elasticsearch-shield.yml #Templates are a handler as they need to come after a restart e.g. suppose user removes shield on a running node and doesn't #specify es_api_basic_auth_username and es_api_basic_auth_password. The templates will subsequently not be removed if we don't wait for the node to restart. diff --git a/handlers/shield/elasticsearch-shield-native.yml b/handlers/shield/elasticsearch-shield-native.yml index c6fcb66..d545394 100644 --- a/handlers/shield/elasticsearch-shield-native.yml +++ b/handlers/shield/elasticsearch-shield-native.yml @@ -1,11 +1,5 @@ --- -- name: Ensure elasticsearch is started - service: name={{instance_init_script | basename}} state=started enabled=yes - -- name: Wait for elasticsearch to startup - wait_for: host={{es_api_host}} port={{es_api_port}} delay=10 - - set_fact: manage_native_users=false - set_fact: manage_native_users=true diff --git a/handlers/shield/elasticsearch-shield.yml b/handlers/shield/elasticsearch-shield.yml new file mode 100644 index 0000000..ca4f63f --- /dev/null +++ b/handlers/shield/elasticsearch-shield.yml @@ -0,0 +1,9 @@ +--- + +- name: activate-license + include: ./handlers/shield/elasticsearch-xpack-activation.yml + when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != '' + +- name: load-native-realms + include: ./handlers/shield/elasticsearch-shield-native.yml + when: (es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined) \ No newline at end of file diff --git a/tasks/xpack/elasticsearch-xpack-activation.yml b/handlers/shield/elasticsearch-xpack-activation.yml similarity index 77% rename from tasks/xpack/elasticsearch-xpack-activation.yml rename to handlers/shield/elasticsearch-xpack-activation.yml index 7010a5b..063a9e9 100644 --- a/tasks/xpack/elasticsearch-xpack-activation.yml +++ b/handlers/shield/elasticsearch-xpack-activation.yml @@ -1,14 +1,15 @@ --- + - name: Activate ES license (without shield authentication) uri: method: PUT - url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true" + url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true" body_format: json body: "{{ es_xpack_license }}" return_content: yes register: license_activated no_log: True - when: '"shield" not in es_xpack_features + when: not '"shield" in es_xpack_features' failed_when: > license_activated.status != 200 or license_activated.json.license_status is not defined or @@ -17,7 +18,7 @@ - name: Activate ES license (with shield authentication) uri: method: PUT - url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true" + url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true" user: "{{es_api_basic_auth_username}}" password: "{{es_api_basic_auth_password}}" body_format: json @@ -25,8 +26,8 @@ body: "{{ es_xpack_license }}" return_content: yes register: license_activated - no_log: True - when: '"shield" in es_xpack_features + #no_log: True + when: '"shield" in es_xpack_features' failed_when: > license_activated.status != 200 or license_activated.json.license_status is not defined or diff --git a/license.json b/license.json new file mode 100644 index 0000000..cef4223 --- /dev/null +++ b/license.json @@ -0,0 +1 @@ +{"license":{"uid":"bdbff559-f174-4759-a247-b61a53c435f1","type":"platinum","issue_date_in_millis":1467936000000,"expiry_date_in_millis":1485993599999,"max_nodes":100,"issued_to":"Elastic - INTERNAL","issuer":"Steve Kearns","signature":"AAAAAgAAAA1U9OcROUC+K+4MlK/gAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBL67VOlF8w2t85at2P5R5VjrZViKJk/XUHmLC/xBBr0YsFWN5XIWOpRSAIrA4MfQMwrfQ3eHpQmCSD3ki/pe+jMgAhnqMfq3Ojgoqb41HTEIQb9GYKFX/Jvlubzuf+6TYO56FRz3sgg2f4KsyoHi3/YlfUbhHPxOnqS2RhLBrKNL7atW04Pb7NhfGMTX60y+PppPQnE9uTUVS6BiXjz2aILpEqBgLDnnqN3gTdOHaOIhphfkztZcMO8cnHFLkkU61qNtmANRSAvbnjsuixho5wQdWctla8pZDAYiglI0LHsTN5Oe11x/lKEtXun59VyN7cPfxTsQ2l7QypJQE/v0fi"}} \ No newline at end of file diff --git a/tasks/xpack/elasticsearch-xpack.yml b/tasks/xpack/elasticsearch-xpack.yml index 0669b42..07b68d3 100644 --- a/tasks/xpack/elasticsearch-xpack.yml +++ b/tasks/xpack/elasticsearch-xpack.yml @@ -5,7 +5,7 @@ #enabling xpack installs the license. Not a xpack feature and does not need to be specified - TODO: we should append it to the list if xpack is enabled and remove this #Check if license is installed -- name: Check License is installed +- name: Check License plugin is installed shell: > {{es_home}}/bin/plugin list | tail -n +2 | grep license register: license_installed @@ -49,10 +49,6 @@ #Shield configuration - include: shield/elasticsearch-shield.yml -# Activate ES lience -- include: elasticsearch-xpack-activation.yml - when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != '' - #Add any feature specific configuration here - name: Set Plugin Directory Permissions file: state=directory path={{ es_home }}/plugins owner={{ es_user }} group={{ es_group }} recurse=yes \ No newline at end of file diff --git a/tasks/xpack/shield/elasticsearch-shield.yml b/tasks/xpack/shield/elasticsearch-shield.yml index 35abd3a..e464c76 100644 --- a/tasks/xpack/shield/elasticsearch-shield.yml +++ b/tasks/xpack/shield/elasticsearch-shield.yml @@ -11,7 +11,7 @@ #-----------------------------NATIVE BASED REALM---------------------------------------- # The native realm requires the node to be started so we do as a handler - command: /bin/true - notify: load-native-realms + notify: activate-shield when: (es_enable_xpack and '"shield" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined)) #-----------------------------ROLE MAPPING ---------------------------------------- diff --git a/test/integration/helpers/serverspec/xpack_spec.rb b/test/integration/helpers/serverspec/xpack_spec.rb index 93c6507..2bc671d 100644 --- a/test/integration/helpers/serverspec/xpack_spec.rb +++ b/test/integration/helpers/serverspec/xpack_spec.rb @@ -90,10 +90,9 @@ shared_examples 'xpack::init' do |es_version| #Test if x-pack is activated describe 'x-pack activation' do - it 'should be activated with the license uid '+ENV["ES_XPACK_LICENSE_UID"] do - command = command('curl -s localhost:9200/_xpack/license?pretty=true -u es_admin:changeMe') - expect(command.stdout).to match(active) - expect(command.stdout).to match(ENV["ES_XPACK_LICENSE_UID"]) + it 'should be activated and valid' do + command = command('curl -s localhost:9200/_license?pretty=true -u es_admin:changeMe') + expect(command.stdout).to match('"status" : "active"') expect(command.exit_status).to eq(0) end end diff --git a/test/integration/xpack.yml b/test/integration/xpack.yml index af52016..25ece50 100644 --- a/test/integration/xpack.yml +++ b/test/integration/xpack.yml @@ -5,10 +5,10 @@ - { role: elasticsearch, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300", "shield.authc.realms.file1.type": "file","shield.authc.realms.file1.order": 0, "shield.authc.realms.native1.type": "native","shield.authc.realms.native1.order": 1 }, es_instance_name: "shield_node" } - include_vars: <%= ENV['ES_XPACK_LICENSE_FILE'] %> vars: es_templates: true es_enable_xpack: true + es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" es_plugins: - plugin: lmenezes/elasticsearch-kopf version: master From 4c47e609d7a030802da00ec78efefbf0838dfc54 Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Wed, 4 Jan 2017 13:23:49 +0000 Subject: [PATCH 08/17] Remove license --- license.json | 1 - 1 file changed, 1 deletion(-) delete mode 100644 license.json diff --git a/license.json b/license.json deleted file mode 100644 index cef4223..0000000 --- a/license.json +++ /dev/null @@ -1 +0,0 @@ -{"license":{"uid":"bdbff559-f174-4759-a247-b61a53c435f1","type":"platinum","issue_date_in_millis":1467936000000,"expiry_date_in_millis":1485993599999,"max_nodes":100,"issued_to":"Elastic - INTERNAL","issuer":"Steve Kearns","signature":"AAAAAgAAAA1U9OcROUC+K+4MlK/gAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBL67VOlF8w2t85at2P5R5VjrZViKJk/XUHmLC/xBBr0YsFWN5XIWOpRSAIrA4MfQMwrfQ3eHpQmCSD3ki/pe+jMgAhnqMfq3Ojgoqb41HTEIQb9GYKFX/Jvlubzuf+6TYO56FRz3sgg2f4KsyoHi3/YlfUbhHPxOnqS2RhLBrKNL7atW04Pb7NhfGMTX60y+PppPQnE9uTUVS6BiXjz2aILpEqBgLDnnqN3gTdOHaOIhphfkztZcMO8cnHFLkkU61qNtmANRSAvbnjsuixho5wQdWctla8pZDAYiglI0LHsTN5Oe11x/lKEtXun59VyN7cPfxTsQ2l7QypJQE/v0fi"}} \ No newline at end of file From 3ed945d2aa9f75dd18c5f4da53f078b4cbac66d4 Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Wed, 4 Jan 2017 13:28:38 +0000 Subject: [PATCH 09/17] disable logging on license install --- handlers/shield/elasticsearch-xpack-activation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/handlers/shield/elasticsearch-xpack-activation.yml b/handlers/shield/elasticsearch-xpack-activation.yml index 063a9e9..948bd83 100644 --- a/handlers/shield/elasticsearch-xpack-activation.yml +++ b/handlers/shield/elasticsearch-xpack-activation.yml @@ -26,7 +26,7 @@ body: "{{ es_xpack_license }}" return_content: yes register: license_activated - #no_log: True + no_log: True when: '"shield" in es_xpack_features' failed_when: > license_activated.status != 200 or From fc400862b1cc8a46db2d4ccbbd8cffa34b9223eb Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Wed, 4 Jan 2017 16:39:00 +0000 Subject: [PATCH 10/17] Fix for license update --- handlers/elasticsearch-templates.yml | 6 ++++++ handlers/main.yml | 7 ------- handlers/shield/elasticsearch-shield.yml | 5 +++++ handlers/shield/elasticsearch-xpack-activation.yml | 2 +- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/handlers/elasticsearch-templates.yml b/handlers/elasticsearch-templates.yml index bad2226..4595ef6 100644 --- a/handlers/elasticsearch-templates.yml +++ b/handlers/elasticsearch-templates.yml @@ -1,5 +1,11 @@ --- +- name: Ensure elasticsearch is started + service: name={{instance_init_script | basename}} state=started enabled=yes + +- name: Wait for elasticsearch to startup + wait_for: host={{es_api_host}} port={{es_api_port}} delay=10 + - name: Get template files find: paths="/etc/elasticsearch/templates" patterns="*.json" register: templates diff --git a/handlers/main.yml b/handlers/main.yml index 524d130..00df18e 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -6,13 +6,6 @@ service: name={{instance_init_script | basename}} state=restarted enabled=yes when: es_restart_on_change and es_start_service and ((plugin_installed is defined and plugin_installed.changed) or (config_updated is defined and config_updated.changed) or (xpack_state.changed) or (debian_elasticsearch_install_from_repo.changed or redhat_elasticsearch_install_from_repo.changed or elasticsearch_install_from_package.changed)) -# Assumes all handlers need to be started as likely to make HTTP calls -- name: Ensure elasticsearch is started - service: name={{instance_init_script | basename}} state=started enabled=yes - -- name: Wait for elasticsearch to startup - wait_for: host={{es_api_host}} port={{es_api_port}} delay=10 - # All security specific actions should go in here - name: activate-shield include: ./handlers/shield/elasticsearch-shield.yml diff --git a/handlers/shield/elasticsearch-shield.yml b/handlers/shield/elasticsearch-shield.yml index ca4f63f..61620b3 100644 --- a/handlers/shield/elasticsearch-shield.yml +++ b/handlers/shield/elasticsearch-shield.yml @@ -1,5 +1,10 @@ --- +- name: Ensure elasticsearch is started + service: name={{instance_init_script | basename}} state=started enabled=yes +- name: Wait for elasticsearch to startup + wait_for: host={{es_api_host}} port={{es_api_port}} delay=10 + - name: activate-license include: ./handlers/shield/elasticsearch-xpack-activation.yml when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != '' diff --git a/handlers/shield/elasticsearch-xpack-activation.yml b/handlers/shield/elasticsearch-xpack-activation.yml index 948bd83..063a9e9 100644 --- a/handlers/shield/elasticsearch-xpack-activation.yml +++ b/handlers/shield/elasticsearch-xpack-activation.yml @@ -26,7 +26,7 @@ body: "{{ es_xpack_license }}" return_content: yes register: license_activated - no_log: True + #no_log: True when: '"shield" in es_xpack_features' failed_when: > license_activated.status != 200 or From b3e242fed91093f5bfa4184234b9bc5005e6a89f Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Thu, 5 Jan 2017 11:02:33 +0000 Subject: [PATCH 11/17] Fix for handling restart + ubuntu 16.04 tests --- .kitchen.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.kitchen.yml b/.kitchen.yml index d7857a1..0284b0b 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -23,6 +23,17 @@ platforms: - apt-get update && apt-get -y -q install python-apt python-pycurl use_sudo: false volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json + - name: ubuntu-16.04 + driver_config: + image: dliappis/ubuntu-devopsci:16.04 + privileged: true + provision_command: + - apt-get update && apt-get install -y software-properties-common && add-apt-repository -y ppa:ansible/ansible + - apt-get install -y -q net-tools + - apt-get update && apt-get -y -q install python-apt python-pycurl + use_sudo: false + volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json + run_command: "/sbin/init" - name: debian-8 driver_config: image: dliappis/debian-devopsci:8 From b82f1bdce5905f60d760666c8bc30fbeec62da83 Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Thu, 5 Jan 2017 12:15:59 +0000 Subject: [PATCH 12/17] Moving to testing murmur3 for plugins as stable download --- .kitchen.yml | 6 ++---- test/integration/config-1x/config.yml | 2 -- test/integration/config-1x/serverspec/default_spec.rb | 6 ------ test/integration/helpers/serverspec/xpack_spec.rb | 4 ++-- test/integration/multi-1x/multi.yml | 2 -- test/integration/multi-1x/serverspec/default_spec.rb | 6 ------ test/integration/multi-2x/serverspec/default_spec.rb | 2 +- test/integration/package-1x/package.yaml | 2 -- test/integration/package-1x/serverspec/default_spec.rb | 5 ----- test/integration/package-2x/serverspec/default_spec.rb | 2 +- test/integration/standard-1x/serverspec/default_spec.rb | 8 -------- test/integration/standard-1x/standard.yml | 2 -- test/integration/xpack.yml | 3 +-- 13 files changed, 7 insertions(+), 43 deletions(-) delete mode 100644 test/integration/config-1x/config.yml delete mode 100644 test/integration/config-1x/serverspec/default_spec.rb delete mode 100644 test/integration/multi-1x/multi.yml delete mode 100644 test/integration/multi-1x/serverspec/default_spec.rb delete mode 100644 test/integration/package-1x/package.yaml delete mode 100644 test/integration/package-1x/serverspec/default_spec.rb delete mode 100644 test/integration/standard-1x/serverspec/default_spec.rb delete mode 100644 test/integration/standard-1x/standard.yml diff --git a/.kitchen.yml b/.kitchen.yml index 0284b0b..a17e77f 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -74,8 +74,7 @@ suites: attributes: extra_vars: es_plugins: - - plugin: lmenezes/elasticsearch-kopf - version: master + - plugin: mapper-murmur3 provisioner: playbook: test/integration/package.yml - name: config-2x @@ -88,8 +87,7 @@ suites: attributes: extra_vars: es_plugins: - - plugin: lmenezes/elasticsearch-kopf - version: master + - plugin: mapper-murmur3 provisioner: playbook: test/integration/multi.yml - name: xpack-2x diff --git a/test/integration/config-1x/config.yml b/test/integration/config-1x/config.yml deleted file mode 100644 index a3c37e1..0000000 --- a/test/integration/config-1x/config.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- host: test-kitchen diff --git a/test/integration/config-1x/serverspec/default_spec.rb b/test/integration/config-1x/serverspec/default_spec.rb deleted file mode 100644 index 404dd30..0000000 --- a/test/integration/config-1x/serverspec/default_spec.rb +++ /dev/null @@ -1,6 +0,0 @@ -require 'config_spec' - -describe 'Config Tests v 1.x' do - include_examples 'config::init', "1.7.3" -end - diff --git a/test/integration/helpers/serverspec/xpack_spec.rb b/test/integration/helpers/serverspec/xpack_spec.rb index 2bc671d..14cd42d 100644 --- a/test/integration/helpers/serverspec/xpack_spec.rb +++ b/test/integration/helpers/serverspec/xpack_spec.rb @@ -120,12 +120,12 @@ shared_examples 'xpack::init' do |es_version| its(:exit_status) { should eq 0 } end - describe file('/usr/share/elasticsearch/plugins/kopf') do + describe file('/usr/share/elasticsearch/plugins/mapper-murmur3') do it { should be_directory } it { should be_owned_by 'elasticsearch' } end - describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMe | grep kopf') do + describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMe | grep mapper-murmur3') do its(:exit_status) { should eq 0 } end diff --git a/test/integration/multi-1x/multi.yml b/test/integration/multi-1x/multi.yml deleted file mode 100644 index a3c37e1..0000000 --- a/test/integration/multi-1x/multi.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- host: test-kitchen diff --git a/test/integration/multi-1x/serverspec/default_spec.rb b/test/integration/multi-1x/serverspec/default_spec.rb deleted file mode 100644 index 4fbbceb..0000000 --- a/test/integration/multi-1x/serverspec/default_spec.rb +++ /dev/null @@ -1,6 +0,0 @@ -require 'multi_spec' - - -describe 'Multi Tests v 1.x' do - include_examples 'multi::init', "1.7.3", ["kopf","marvel"] -end \ No newline at end of file diff --git a/test/integration/multi-2x/serverspec/default_spec.rb b/test/integration/multi-2x/serverspec/default_spec.rb index 81637c4..703ad1a 100644 --- a/test/integration/multi-2x/serverspec/default_spec.rb +++ b/test/integration/multi-2x/serverspec/default_spec.rb @@ -2,7 +2,7 @@ require 'multi_spec' describe 'Multi Tests v 2.x' do - include_examples 'multi::init', "2.3.4", ["kopf"] + include_examples 'multi::init', "2.3.4", ["mapper-murmur3"] end diff --git a/test/integration/package-1x/package.yaml b/test/integration/package-1x/package.yaml deleted file mode 100644 index a3c37e1..0000000 --- a/test/integration/package-1x/package.yaml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- host: test-kitchen diff --git a/test/integration/package-1x/serverspec/default_spec.rb b/test/integration/package-1x/serverspec/default_spec.rb deleted file mode 100644 index b22af05..0000000 --- a/test/integration/package-1x/serverspec/default_spec.rb +++ /dev/null @@ -1,5 +0,0 @@ -require 'package_spec' - -describe 'Package Tests v 1.x' do - include_examples 'package::init', "1.7.3", ["kopf","marvel"] -end \ No newline at end of file diff --git a/test/integration/package-2x/serverspec/default_spec.rb b/test/integration/package-2x/serverspec/default_spec.rb index 417df47..4cb829c 100644 --- a/test/integration/package-2x/serverspec/default_spec.rb +++ b/test/integration/package-2x/serverspec/default_spec.rb @@ -2,5 +2,5 @@ require 'package_spec' describe 'Package Tests v 2.x' do - include_examples 'package::init', "2.3.4", ["kopf"] + include_examples 'package::init', "2.3.4", ["mapper-murmur3"] end \ No newline at end of file diff --git a/test/integration/standard-1x/serverspec/default_spec.rb b/test/integration/standard-1x/serverspec/default_spec.rb deleted file mode 100644 index 67f3c99..0000000 --- a/test/integration/standard-1x/serverspec/default_spec.rb +++ /dev/null @@ -1,8 +0,0 @@ -require 'standard_spec' - - -describe 'Standard Tests v 1.x' do - include_examples 'standard::init', "1.7.3" -end - - diff --git a/test/integration/standard-1x/standard.yml b/test/integration/standard-1x/standard.yml deleted file mode 100644 index a3c37e1..0000000 --- a/test/integration/standard-1x/standard.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- host: test-kitchen diff --git a/test/integration/xpack.yml b/test/integration/xpack.yml index 25ece50..2c098bb 100644 --- a/test/integration/xpack.yml +++ b/test/integration/xpack.yml @@ -10,8 +10,7 @@ es_enable_xpack: true es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" es_plugins: - - plugin: lmenezes/elasticsearch-kopf - version: master + - plugin: mapper-murmur3 es_xpack_features: - shield - watcher From 367c704b6e1b1ddec9470f86bb23a759181822da Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Thu, 5 Jan 2017 12:24:51 +0000 Subject: [PATCH 13/17] No log on license install --- handlers/shield/elasticsearch-xpack-activation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/handlers/shield/elasticsearch-xpack-activation.yml b/handlers/shield/elasticsearch-xpack-activation.yml index 063a9e9..948bd83 100644 --- a/handlers/shield/elasticsearch-xpack-activation.yml +++ b/handlers/shield/elasticsearch-xpack-activation.yml @@ -26,7 +26,7 @@ body: "{{ es_xpack_license }}" return_content: yes register: license_activated - #no_log: True + no_log: True when: '"shield" in es_xpack_features' failed_when: > license_activated.status != 200 or From 6ad2dcaeb825df67dfdda7b75bdd646b29a55a1f Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Thu, 5 Jan 2017 12:36:00 +0000 Subject: [PATCH 14/17] Run method for 14.04 --- .kitchen.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.kitchen.yml b/.kitchen.yml index a17e77f..1d8d0ef 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -23,6 +23,7 @@ platforms: - apt-get update && apt-get -y -q install python-apt python-pycurl use_sudo: false volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json + run_command: "/sbin/init" - name: ubuntu-16.04 driver_config: image: dliappis/ubuntu-devopsci:16.04 From fe02c4daa6723b36b2bdc5d85bfc6ade2500df19 Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Thu, 5 Jan 2017 12:48:16 +0000 Subject: [PATCH 15/17] Ubuntu 14.04 not using init --- .kitchen.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.kitchen.yml b/.kitchen.yml index 1d8d0ef..a17e77f 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -23,7 +23,6 @@ platforms: - apt-get update && apt-get -y -q install python-apt python-pycurl use_sudo: false volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json - run_command: "/sbin/init" - name: ubuntu-16.04 driver_config: image: dliappis/ubuntu-devopsci:16.04 From cad6a590f9f7c32a293e1386ed6833c90936d21c Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Thu, 5 Jan 2017 13:17:53 +0000 Subject: [PATCH 16/17] Include nettools in 14.04 --- .kitchen.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.kitchen.yml b/.kitchen.yml index a17e77f..7165476 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -20,6 +20,7 @@ platforms: privileged: true provision_command: - apt-get update && apt-get install -y software-properties-common && add-apt-repository -y ppa:ansible/ansible + - apt-get install -y -q net-tools - apt-get update && apt-get -y -q install python-apt python-pycurl use_sudo: false volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json From 5fb4350a634a75f69e917ad726fc1e7b8bf549d1 Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Thu, 5 Jan 2017 14:34:47 +0000 Subject: [PATCH 17/17] Tests back to kopf + checks to fix java cert issues --- .kitchen.yml | 7 ++++--- tasks/java.yml | 9 ++++++++- test/integration/helpers/serverspec/xpack_spec.rb | 4 ++-- test/integration/multi-2x/serverspec/default_spec.rb | 2 +- test/integration/package-2x/serverspec/default_spec.rb | 2 +- test/integration/xpack.yml | 3 ++- 6 files changed, 18 insertions(+), 9 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index 7165476..0284b0b 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -20,7 +20,6 @@ platforms: privileged: true provision_command: - apt-get update && apt-get install -y software-properties-common && add-apt-repository -y ppa:ansible/ansible - - apt-get install -y -q net-tools - apt-get update && apt-get -y -q install python-apt python-pycurl use_sudo: false volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json @@ -75,7 +74,8 @@ suites: attributes: extra_vars: es_plugins: - - plugin: mapper-murmur3 + - plugin: lmenezes/elasticsearch-kopf + version: master provisioner: playbook: test/integration/package.yml - name: config-2x @@ -88,7 +88,8 @@ suites: attributes: extra_vars: es_plugins: - - plugin: mapper-murmur3 + - plugin: lmenezes/elasticsearch-kopf + version: master provisioner: playbook: test/integration/multi.yml - name: xpack-2x diff --git a/tasks/java.yml b/tasks/java.yml index ed7247f..ed49fb1 100644 --- a/tasks/java.yml +++ b/tasks/java.yml @@ -12,4 +12,11 @@ - name: Debian - Ensure Java is installed apt: name={{ java }} state={{java_state}} update_cache=yes force=yes - when: ansible_os_family == 'Debian' \ No newline at end of file + when: ansible_os_family == 'Debian' + +- command: java -version 2>&1 | grep OpenJDK + register: open_jdk + +- name: refresh the java ca-certificates + command: /var/lib/dpkg/info/ca-certificates-java.postinst configure + when: ansible_distribution == 'Ubuntu' and open_jdk.rc == 0 \ No newline at end of file diff --git a/test/integration/helpers/serverspec/xpack_spec.rb b/test/integration/helpers/serverspec/xpack_spec.rb index 14cd42d..2bc671d 100644 --- a/test/integration/helpers/serverspec/xpack_spec.rb +++ b/test/integration/helpers/serverspec/xpack_spec.rb @@ -120,12 +120,12 @@ shared_examples 'xpack::init' do |es_version| its(:exit_status) { should eq 0 } end - describe file('/usr/share/elasticsearch/plugins/mapper-murmur3') do + describe file('/usr/share/elasticsearch/plugins/kopf') do it { should be_directory } it { should be_owned_by 'elasticsearch' } end - describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMe | grep mapper-murmur3') do + describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMe | grep kopf') do its(:exit_status) { should eq 0 } end diff --git a/test/integration/multi-2x/serverspec/default_spec.rb b/test/integration/multi-2x/serverspec/default_spec.rb index 703ad1a..81637c4 100644 --- a/test/integration/multi-2x/serverspec/default_spec.rb +++ b/test/integration/multi-2x/serverspec/default_spec.rb @@ -2,7 +2,7 @@ require 'multi_spec' describe 'Multi Tests v 2.x' do - include_examples 'multi::init', "2.3.4", ["mapper-murmur3"] + include_examples 'multi::init', "2.3.4", ["kopf"] end diff --git a/test/integration/package-2x/serverspec/default_spec.rb b/test/integration/package-2x/serverspec/default_spec.rb index 4cb829c..417df47 100644 --- a/test/integration/package-2x/serverspec/default_spec.rb +++ b/test/integration/package-2x/serverspec/default_spec.rb @@ -2,5 +2,5 @@ require 'package_spec' describe 'Package Tests v 2.x' do - include_examples 'package::init', "2.3.4", ["mapper-murmur3"] + include_examples 'package::init', "2.3.4", ["kopf"] end \ No newline at end of file diff --git a/test/integration/xpack.yml b/test/integration/xpack.yml index 2c098bb..25ece50 100644 --- a/test/integration/xpack.yml +++ b/test/integration/xpack.yml @@ -10,7 +10,8 @@ es_enable_xpack: true es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" es_plugins: - - plugin: mapper-murmur3 + - plugin: lmenezes/elasticsearch-kopf + version: master es_xpack_features: - shield - watcher