santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[7.x] add support for elasticsearch 7.x and remove support for 5.x (#558)

Browse source 
- add support for elasticsearch 7.x
- remove support for elasticsearch 5.x
- update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories)
- replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html)
- update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play)
- update index template structure for 7.x 
- update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting)
This commit is contained in:
Julien Mailleret 2019-05-09 09:06:02 +02:00 committed by GitHub
parent adba13bcd8
commit a1c81884e2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
22 changed files with 139 additions and 175 deletions
Download patch file Download diff file Expand all files Collapse all files

49
.kitchen.yml
View file

@ -6,11 +6,9 @@ provisioner:
name: ansible_playbook
hosts: localhost
roles_path: ../
require_ansible_repo: false
require_ansible_repo: true
require_ansible_omnibus: false
require_ansible_source: false
require_pip: true
ansible_version: 2.4.3.0
http_proxy: <%= ENV['HTTP_PROXY'] %>
https_proxy: <%= ENV['HTTPS_PROXY'] %>
no_proxy: localhost,127.0.0.1
@ -20,8 +18,8 @@ provisioner:
attributes:
extra_vars:
es_major_version: "<%= ENV['VERSION'] %>"
<% if ENV['VERSION'] == '5.x' %>
es_version: '5.6.11'
<% if ENV['VERSION'] == '6.x' %>
es_version: '6.7.2'
<% end %>
<% end %>
@ -34,10 +32,9 @@ platforms:
image: ubuntu:14.04
privileged: true
provision_command:
- apt-get update && apt-get install -y software-properties-common && add-apt-repository -y ppa:ansible/ansible && add-apt-repository -y ppa:openjdk-r/ppa
- apt-get update && apt-get -y -q install python-apt python-pycurl python-pip python-openssl build-essential libssl-dev libffi-dev python-dev locales openjdk-8-jre
- apt-get update -q && apt-get install -y -q software-properties-common && add-apt-repository -y ppa:ansible/ansible && add-apt-repository -y ppa:openjdk-r/ppa
- apt-get update -q && apt-get -y -q install ansible openjdk-8-jre python-jmespath
- locale-gen en_US.UTF-8 && localedef -i en_US -c -f UTF-8 en_US.UTF-8
- pip install jmespath pyOpenSSL ndg-httpsclient cryptography==1.8.1
use_sudo: false
volume:
- <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
@ -47,11 +44,9 @@ platforms:
image: ubuntu:16.04
privileged: true
provision_command:
- apt-get update && apt-get install -y software-properties-common && add-apt-repository -y ppa:ansible/ansible
- apt-get install -y -q net-tools
- apt-get update && apt-get -y -q install python-apt python-pycurl python-pip locales
- apt-get update -q && apt-get install -y -q iproute locales software-properties-common && add-apt-repository -y ppa:ansible/ansible
- apt-get update -q && apt-get install -y -q ansible python-jmespath
- locale-gen en_US.UTF-8 && localedef -i en_US -c -f UTF-8 en_US.UTF-8
- pip install jmespath
use_sudo: false
volume:
- <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
@ -62,9 +57,7 @@ platforms:
image: ubuntu:18.04
privileged: true
provision_command:
- apt-get update && apt-get install -y software-properties-common && add-apt-repository -y ppa:ansible/ansible
- apt-get update && apt-get -y -q install python-apt python-pycurl python-pip net-tools iproute2
- pip install jmespath
- apt-get install -y -q ansible iproute2 python-jmespath
use_sudo: false
volume:
- <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
@ -75,14 +68,13 @@ platforms:
image: debian:8
privileged: true
provision_command:
- apt-get update -q && apt-get install -y -q gnupg2 python-jmespath
- echo "deb http://archive.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/jessie-backports.list
- echo 'Acquire::Check-Valid-Until "false";' > /etc/apt/apt.conf
- apt-get update && apt-get -y install -t jessie-backports openjdk-8-jre-headless
- apt-get update && apt-get -y install python python-dev python-pip build-essential libyaml-dev python-yaml curl wget net-tools
- sed -ri 's/^#?PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config
- sed -ri 's/^#?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config
- sed -ri 's/^#?UsePAM .*/UsePAM no/' /etc/ssh/sshd_config
- pip install jmespath setuptools --upgrade
- echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" > /etc/apt/sources.list.d/ansible.list
- apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
- apt-get update -q && apt-get install -y -q ansible
volume:
- <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
- /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers
@ -93,12 +85,10 @@ platforms:
image: debian:9
privileged: true
provision_command:
- apt-get update && apt-get -y install python python-dev python-pip build-essential libyaml-dev python-yaml curl wget systemd-sysv
- apt-get install -y -q net-tools
- sed -ri 's/^#?PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config
- sed -ri 's/^#?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config
- sed -ri 's/^#?UsePAM .*/UsePAM no/' /etc/ssh/sshd_config
- pip install jmespath
- apt-get update -q && apt-get install -y -q gnupg2 python-jmespath systemd-sysv
- echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" > /etc/apt/sources.list.d/ansible.list
- apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
- apt-get update -q && apt-get install -y -q ansible
volume:
- <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
- /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers
@ -108,13 +98,8 @@ platforms:
driver_config:
image: centos:7
provision_command:
- sed -ri 's/^#?PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config
- sed -ri 's/^#?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config
- sed -ri 's/^#?UsePAM .*/UsePAM no/' /etc/ssh/sshd_config
- yum -y install epel-release
- yum -y install initscripts python-pip
- yum clean all
- pip install jmespath
- yum -y install ansible iproute python2-jmespath
volume:
- <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
- /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers

2
Makefile
View file

@ -1,7 +1,7 @@
default: build
SHELL:=/bin/bash -eux
VERSION := 6.x
VERSION := 7.x
PATTERN := xpack-ubuntu-1604
.PHONY: converge verify test login destroy list

55
README.md
View file

@ -2,16 +2,18 @@
[![Build Status](https://img.shields.io/jenkins/s/https/devops-ci.elastic.co/job/elastic+ansible-elasticsearch+master.svg)](https://devops-ci.elastic.co/job/elastic+ansible-elasticsearch+master/)
[![Ansible Galaxy](https://img.shields.io/badge/ansible--galaxy-elastic.elasticsearch-blue.svg)](https://galaxy.ansible.com/elastic/elasticsearch/)
**THIS ROLE IS FOR 6.x, 5.x. FOR 2.x SUPPORT PLEASE USE THE 2.x BRANCH.**
**THIS ROLE IS FOR 7.x & 6.x**
Ansible role for 6.x/5.x Elasticsearch. Currently this works on Debian and RedHat based linux systems. Tested platforms are:
Ansible role for 7.x/6.x Elasticsearch. Currently this works on Debian and RedHat based linux systems. Tested platforms are:
* Ubuntu 14.04
* Ubuntu 16.04
* Ubuntu 18.04
* Debian 8
* Debian 9
* CentOS 7
The latest Elasticsearch versions of 6.x and 5.x are actively tested. **Only Ansible versions > 2.4.3.0 are supported, as this is currently the only version tested.**
The latest Elasticsearch versions of 7.x & 6.x are actively tested. **Only Ansible versions > 2.4.3.0 are supported, as this is currently the only version tested.**
##### Dependency
This role uses the json_query filter which [requires jmespath](https://github.com/ansible/ansible/issues/24319) on the local machine.
@ -21,7 +23,7 @@ This role uses the json_query filter which [requires jmespath](https://github.co
Create your Ansible playbook with your own tasks, and include the role elasticsearch. You will have to have this repository accessible within the context of playbook.
```sh
ansible-galaxy install elastic.elasticsearch,6.6.0
ansible-galaxy install elastic.elasticsearch,7.0.1
```
Then create your playbook yaml adding the role elasticsearch. By default, the user is only required to specify a unique es_instance_name per role application. This should be unique per node.
@ -91,9 +93,9 @@ The `PATTERN` is a kitchen pattern which can match multiple suites. To run all t
$ make converge PATTERN=centos-7
```
The default version is 6.x If you want to test 5.x you can override it with the `VERSION` variable to test 5.x
The default version is 7.x. If you want to test 6.x you can override it with the `VERSION` variable, for example:
```sh
$ make converge VERSION=5.x PATTERN=oss-centos-7
$ make converge VERSION=6.x PATTERN=oss-centos-7
```
When you are finished testing you can clean up everything with
@ -123,9 +125,9 @@ The following illustrates applying configuration parameters to an Elasticsearch
es_config:
node.name: "node1"
cluster.name: "custom-cluster"
discovery.zen.ping.unicast.hosts: "localhost:9301"
discovery.seed_hosts: "localhost:9301"
http.port: 9201
transport.tcp.port: 9301
transport.port: 9301
node.data: false
node.master: true
bootstrap.memory_lock: true
@ -139,8 +141,8 @@ The following illustrates applying configuration parameters to an Elasticsearch
Whilst the role installs Elasticsearch with the default configuration parameters, the following should be configured to ensure a cluster successfully forms:
* ```es_config['http.port']``` - the http port for the node
* ```es_config['transport.tcp.port']``` - the transport port for the node
* ```es_config['discovery.zen.ping.unicast.hosts']``` - the unicast discovery list, in the comma separated format ```"<host>:<port>,<host>:<port>"``` (typically the clusters dedicated masters)
* ```es_config['transport.port']``` - the transport port for the node
* ```es_config['discovery.seed_hosts']``` - the unicast discovery list, in the comma separated format ```"<host>:<port>,<host>:<port>"``` (typically the clusters dedicated masters)
* ```es_config['network.host']``` - sets both network.bind_host and network.publish_host to the same host value. The network.bind_host setting allows to control the host different network components will bind on.
The network.publish_host setting allows to control the host the node will publish itself within the cluster so other nodes will be able to connect to it.
@ -163,9 +165,9 @@ A more complex example:
es_config:
node.name: "node1"
cluster.name: "custom-cluster"
discovery.zen.ping.unicast.hosts: "localhost:9301"
discovery.seed_hosts: "localhost:9301"
http.port: 9201
transport.tcp.port: 9301
transport.port: 9301
node.data: false
node.master: true
bootstrap.memory_lock: true
@ -177,7 +179,7 @@ A more complex example:
es_plugins_reinstall: false
es_api_port: 9201
es_plugins:
- plugin: ingest-geoip
- plugin: ingest-attachment
proxy_host: proxy.example.com
proxy_port: 8080
```
@ -204,9 +206,9 @@ An example of a two server deployment is shown below. The first server holds th
es_heap_size: "1g"
es_config:
cluster.name: "test-cluster"
discovery.zen.ping.unicast.hosts: "elastic02:9300"
discovery.seed_hosts: "elastic02:9300"
http.port: 9200
transport.tcp.port: 9300
transport.port: 9300
node.data: false
node.master: true
bootstrap.memory_lock: false
@ -215,7 +217,7 @@ An example of a two server deployment is shown below. The first server holds th
es_version_lock: false
ansible_user: ansible
es_plugins:
- plugin: ingest-geoip
- plugin: ingest-attachment
- hosts: data_nodes
roles:
@ -226,9 +228,9 @@ An example of a two server deployment is shown below. The first server holds th
- "/opt/elasticsearch"
es_config:
cluster.name: "test-cluster"
discovery.zen.ping.unicast.hosts: "elastic02:9300"
discovery.seed_hosts: "elastic02:9300"
http.port: 9200
transport.tcp.port: 9300
transport.port: 9300
node.data: true
node.master: false
bootstrap.memory_lock: false
@ -238,7 +240,7 @@ An example of a two server deployment is shown below. The first server holds th
ansible_user: ansible
es_api_port: 9200
es_plugins:
- plugin: ingest-geoip
- plugin: ingest-attachment
- hosts: data_nodes
roles:
@ -247,9 +249,9 @@ An example of a two server deployment is shown below. The first server holds th
es_instance_name: "node2"
es_api_port: 9201
es_config:
discovery.zen.ping.unicast.hosts: "elastic02:9300"
discovery.seed_hosts: "elastic02:9300"
http.port: 9201
transport.tcp.port: 9301
transport.port: 9301
node.data: true
node.master: false
bootstrap.memory_lock: false
@ -260,7 +262,7 @@ An example of a two server deployment is shown below. The first server holds th
es_api_port: 9201
ansible_user: ansible
es_plugins:
- plugin: ingest-geoip
- plugin: ingest-attachment
```
Parameters can additionally be assigned to hosts using the inventory file if desired.
@ -385,8 +387,7 @@ These can either be set to a user declared in the file based realm, with admin p
In addition to es_config, the following parameters allow the customization of the Java and Elasticsearch versions as well as the role behaviour. Options include:
* ```es_enable_xpack``` Default `true`. Setting this to `false` will install the oss release of elasticsearch
* ```es_major_version``` Should be consistent with es_version. For versions >= 5.0 and < 6.0 this must be "5.x". For versions >= 6.0 this must be "6.x".
* ```es_version``` (e.g. "6.3.0").
* ```es_version``` (e.g. "7.0.0").
* ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost".
* ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200**
* ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin.
@ -396,7 +397,7 @@ In addition to es_config, the following parameters allow the customization of th
* ```es_plugins``` an array of plugin definitions e.g.:
```yaml
es_plugins:
- plugin: ingest-geoip
- plugin: ingest-attachment
```
* ```es_path_repo``` Sets the whitelist for allowing local back-up repositories
* ```es_action_auto_create_index ``` Sets the value for auto index creation, use the syntax below for specifying indexes (else true/false):
@ -459,7 +460,7 @@ To define proxy only for a particular plugin during its installation:
```yaml
es_plugins:
- plugin: ingest-geoip
- plugin: ingest-attachment
proxy_host: proxy.example.com
proxy_port: 8080
```
@ -471,7 +472,7 @@ To define proxy only for a particular plugin during its installation:
* The role assumes the user/group exists on the server. The elasticsearch packages create the default elasticsearch user. If this needs to be changed, ensure the user exists.
* The playbook relies on the inventory_name of each host to ensure its directories are unique
* Changing an instance_name for a role application will result in the installation of a new component. The previous component will remain.
* KitchenCI has been used for testing. This is used to confirm images reach the correct state after a play is first applied. We currently test the latest version of 6.x and 5.x on all supported platforms.
* KitchenCI has been used for testing. This is used to confirm images reach the correct state after a play is first applied. We currently test the latest version of 7.x and 6.x on all supported platforms.
* The role aims to be idempotent. Running the role multiple times, with no changes, should result in no state change on the server. If the configuration is changed, these will be applied and Elasticsearch restarted where required.
* Systemd is used for Ubuntu versions >= 15, Debian >=8, Centos >=7. All other versions use init for service scripts.
* In order to run x-pack tests a license file with security enabled is required. A trial license is appropriate. Set the environment variable `ES_XPACK_LICENSE_FILE` to the full path of the license file prior to running tests.

5
defaults/main.yml
View file

@ -1,12 +1,11 @@
---
es_major_version: "6.x"
es_version: "6.6.0"
es_version: "7.0.1"
es_use_snapshot_release: false
es_enable_xpack: true
es_package_name: "elasticsearch"
es_version_lock: false
es_use_repository: true
es_templates_fileglob: "files/templates/*.json"
es_templates_fileglob: "files/templates-{{ es_major_version }}/*.json"
es_repo_base: "https://artifacts.elastic.co"
es_apt_key: "{{ es_repo_base }}/GPG-KEY-elasticsearch"
es_apt_url: "deb {{ es_repo_base }}/packages/{{ es_repo_name }}/apt stable main"

0
files/templates/basic.json → files/templates-6.x/basic.json
View file

9
files/templates-7.x/basic.json Normal file
View file

@ -0,0 +1,9 @@
{
"index_patterns" : "te*",
"settings" : {
"number_of_shards" : 1
},
"mappings" : {
"_source" : { "enabled" : false }
}
}

1
tasks/compatibility-variables.yml
View file

@ -14,6 +14,7 @@
es_xpack_conf_subdir: ""
es_repo_name: "{{ es_major_version }}"
es_xpack_users_command: "elasticsearch-users"
es_package_name: "elasticsearch"
es_other_package_name: "elasticsearch-oss"
es_other_repo_name: "{{ 'oss-' + es_major_version }}"
es_other_apt_url: "deb {{ es_repo_base }}/packages/{{ 'oss-' + es_major_version }}/apt stable main"

8
tasks/elasticsearch-parameters.yml
View file

@ -12,14 +12,6 @@
debug: msg="WARNING - It is recommended you specify the parameter 'http.port'"
when: es_config['http.port'] is not defined
- name: debug message
debug: msg="WARNING - It is recommended you specify the parameter 'transport.tcp.port'"
when: es_config['transport.tcp.port'] is not defined
- name: debug message
debug: msg="WARNING - It is recommended you specify the parameter 'discovery.zen.ping.unicast.hosts'"
when: es_config['discovery.zen.ping.unicast.hosts'] is not defined
#If the user attempts to lock memory they must specify a heap size
- name: fail when heap size is not specified when using memory lock
fail: msg="If locking memory with bootstrap.memory_lock a heap size must be specified"

5
tasks/main.yml
View file

@ -1,4 +1,9 @@
---
- set_fact: "es_major_version={{ es_version.split('.')[0] }}.x"
when:
- es_major_version is undefined
- name: os-specific vars
include_vars: "{{ansible_os_family}}.yml"
tags:

8
templates/jvm.options.j2
View file

@ -103,14 +103,6 @@
#-XX:+UseGCLogFileRotation
#-XX:NumberOfGCLogFiles=32
#-XX:GCLogFileSize=128M
# Elasticsearch 5.0.0 will throw an exception on unquoted field names in JSON.
# If documents were already indexed with unquoted fields in a previous version
# of Elasticsearch, some operations may throw errors.
#
# WARNING: This option will be removed in Elasticsearch 6.0.0 and is provided
# only for migration purposes.
#-Delasticsearch.json.allow_unquoted_field_names=true
{% if es_jvm_custom_parameters !='' %}
{% for item in es_jvm_custom_parameters %}
{{ item }}

24
test/integration/helpers/serverspec/multi_spec.rb
View file

@ -11,16 +11,16 @@ shared_examples 'multi::init' do |vars|
describe file("/etc/elasticsearch/#{vars['es_instance_name']}/elasticsearch.yml") do
it { should be_file }
it { should contain 'http.port: 9201' }
it { should contain 'transport.tcp.port: 9301' }
if vars['es_major_version'] == '7.x'
it { should contain 'transport.port: 9301' }
else
it { should contain 'transport.tcp.port: 9301' }
end
it { should contain 'node.data: true' }
it { should contain 'node.master: false' }
it { should contain "node.name: localhost-#{vars['es_instance_name']}" }
it { should_not contain 'bootstrap.memory_lock: true' }
if vars['es_major_version'] == '6.x'
it { should_not contain "path.conf: /etc/elasticsearch/#{vars['es_instance_name']}" }
else
it { should contain "path.conf: /etc/elasticsearch/#{vars['es_instance_name']}" }
end
it { should_not contain "path.conf: /etc/elasticsearch/#{vars['es_instance_name']}" }
it { should contain "path.data: /opt/elasticsearch/data-1/localhost-#{vars['es_instance_name']},/opt/elasticsearch/data-2/localhost-#{vars['es_instance_name']}" }
it { should contain "path.logs: /var/log/elasticsearch/localhost-#{vars['es_instance_name']}" }
end
@ -30,16 +30,16 @@ shared_examples 'multi::init' do |vars|
describe file('/etc/elasticsearch/master/elasticsearch.yml') do
it { should be_file }
it { should contain 'http.port: 9200' }
it { should contain 'transport.tcp.port: 9300' }
if vars['es_major_version'] == '7.x'
it { should contain 'transport.port: 9300' }
else
it { should contain 'transport.tcp.port: 9300' }
end
it { should contain 'node.data: false' }
it { should contain 'node.master: true' }
it { should contain 'node.name: localhost-master' }
it { should contain 'bootstrap.memory_lock: true' }
if vars['es_major_version'] == '6.x'
it { should_not contain 'path.conf: /etc/elasticsearch/master' }
else
it { should contain 'path.conf: /etc/elasticsearch/master' }
end
it { should_not contain 'path.conf: /etc/elasticsearch/master' }
it { should contain 'path.data: /opt/elasticsearch/master/localhost-master' }
it { should contain 'path.logs: /var/log/elasticsearch/localhost-master' }
end

38
test/integration/helpers/serverspec/shared_spec.rb
View file

@ -43,32 +43,6 @@ shared_examples 'shared::init' do |vars|
expect(values['enabled'] = enabled)
end
end
# X-Pack is no longer installed as a plugin in elasticsearch
if vars['es_major_version'] == '5.x'
describe file('/usr/share/elasticsearch/plugins/x-pack') do
it { should be_directory }
it { should be_owned_by vars['es_user'] }
end
describe file("/etc/elasticsearch/#{vars['es_instance_name']}/x-pack") do
it { should be_directory }
it { should be_owned_by vars['es_user'] }
end
describe 'x-pack-core plugin' do
it 'should be installed with the correct version' do
plugins = curl_json("#{es_api_url}/_nodes/plugins", username=username, password=password)
node, data = plugins['nodes'].first
version = 'plugin not found'
name = 'x-pack'
data['plugins'].each do |plugin|
if plugin['name'] == name
version = plugin['version']
end
end
expect(version).to eql(vars['es_version'])
end
end
end
end
end
describe user(vars['es_user']) do
@ -108,7 +82,11 @@ shared_examples 'shared::init' do |vars|
template = curl_json("#{es_api_url}/_template/basic", username=username, password=password)
expect(template.key?('basic'))
expect(template['basic']['settings']['index']['number_of_shards']).to eq("1")
expect(template['basic']['mappings']['type1']['_source']['enabled']).to eq(false)
if vars['es_major_version'] == '7.x'
expect(template['basic']['mappings']['_source']['enabled']).to eq(false)
else
expect(template['basic']['mappings']['type1']['_source']['enabled']).to eq(false)
end
end
end
end
@ -159,11 +137,7 @@ shared_examples 'shared::init' do |vars|
describe file("/etc/elasticsearch/#{vars['es_instance_name']}/elasticsearch.yml") do
it { should contain "node.name: localhost-#{vars['es_instance_name']}" }
it { should contain 'cluster.name: elasticsearch' }
if vars['es_major_version'] == '6.x'
it { should_not contain "path.conf: /etc/elasticsearch/#{vars['es_instance_name']}" }
else
it { should contain "path.conf: /etc/elasticsearch/#{vars['es_instance_name']}" }
end
it { should_not contain "path.conf: /etc/elasticsearch/#{vars['es_instance_name']}" }
its(:content) { should match "path.data: #{vars['data_dirs'].join(',')}" }
its(:content) { should match "path.logs: /var/log/elasticsearch/localhost-#{vars['es_instance_name']}" }
end

6
test/integration/helpers/serverspec/xpack_spec.rb
View file

@ -4,11 +4,7 @@ shared_examples 'xpack::init' do |vars|
describe file("/etc/elasticsearch/#{vars['es_instance_name']}/elasticsearch.yml") do
it { should contain "node.name: localhost-#{vars['es_instance_name']}" }
it { should contain 'cluster.name: elasticsearch' }
if vars['es_major_version'] == '6.x'
it { should_not contain "path.conf: /etc/elasticsearch/#{vars['es_instance_name']}" }
else
it { should contain "path.conf: /etc/elasticsearch/#{vars['es_instance_name']}" }
end
it { should_not contain "path.conf: /etc/elasticsearch/#{vars['es_instance_name']}" }
it { should contain "path.data: /var/lib/elasticsearch/localhost-#{vars['es_instance_name']}" }
it { should contain "path.logs: /var/log/elasticsearch/localhost-#{vars['es_instance_name']}" }
it { should contain 'xpack.security.enabled: false' }

28
test/integration/helpers/serverspec/xpack_upgrade_spec.rb
View file

@ -6,11 +6,7 @@ shared_examples 'xpack_upgrade::init' do |vars|
describe file("/etc/elasticsearch/#{vars['es_instance_name']}/elasticsearch.yml") do
it { should contain "node.name: localhost-#{vars['es_instance_name']}" }
it { should contain 'cluster.name: elasticsearch' }
if vars['es_major_version'] == '6.x'
it { should_not contain "path.conf: /etc/elasticsearch/#{vars['es_instance_name']}" }
else
it { should contain "path.conf: /etc/elasticsearch/#{vars['es_instance_name']}" }
end
it { should_not contain "path.conf: /etc/elasticsearch/#{vars['es_instance_name']}" }
it { should contain "path.data: /var/lib/elasticsearch/localhost-#{vars['es_instance_name']}" }
it { should contain "path.logs: /var/log/elasticsearch/localhost-#{vars['es_instance_name']}" }
end
@ -36,10 +32,15 @@ shared_examples 'xpack_upgrade::init' do |vars|
end
describe file("/etc/elasticsearch/#{vars['es_instance_name']}/elasticsearch.yml") do
it { should contain 'security.authc.realms.file1.order: 0' }
it { should contain 'security.authc.realms.file1.type: file' }
it { should contain 'security.authc.realms.native1.order: 1' }
it { should contain 'security.authc.realms.native1.type: native' }
if vars['es_major_version'] == '7.x'
it { should contain 'security.authc.realms.file.file1.order: 0' }
it { should contain 'security.authc.realms.native.native1.order: 1' }
else
it { should contain 'security.authc.realms.file1.order: 0' }
it { should contain 'security.authc.realms.file1.type: file' }
it { should contain 'security.authc.realms.native1.order: 1' }
it { should contain 'security.authc.realms.native1.type: native' }
end
end
#Test contents of role_mapping.yml
@ -91,13 +92,4 @@ shared_examples 'xpack_upgrade::init' do |vars|
expect(command.exit_status).to eq(0)
end
end
if vars['es_major_version'] == '5.x' # kibana default password has been removed in 6.x
describe 'kibana access check' do
it 'should be reported as version '+vars['es_version'] do
result = curl_json('http://localhost:9200/', username='kibana', password='changeme')
expect(result['version']['number']).to eq(vars['es_version'])
end
end
end
end

8
test/integration/issue-test.yml
View file

@ -14,14 +14,12 @@
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
es_config:
xpack.security.enabled: True
xpack.security.authc.realms.file1.type: "file"
xpack.security.authc.realms.file1.order: 1
xpack.security.authc.realms.native1.type: "native"
xpack.security.authc.realms.native1.order: 0
xpack.security.authc.realms.file.file1.order: 1
xpack.security.authc.realms.native.native1.type: "native"
es_heap_size: "1g"
es_enable_xpack: true
es_plugins:
- plugin: ingest-geoip
- plugin: ingest-attachment
es_xpack_features:
- security
- alerting

24
test/integration/multi.yml
View file

@ -10,20 +10,27 @@
es_instance_name: "master"
es_data_dirs:
- "/opt/elasticsearch/master"
es_config:
es_config_6x:
discovery.zen.ping.unicast.hosts: "localhost:9300"
http.port: 9200
transport.tcp.port: 9300
node.data: false
node.master: true
bootstrap.memory_lock: true
es_config_7x:
http.port: 9200
transport.port: 9300
node.data: false
node.master: true
bootstrap.memory_lock: true
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
es_enable_xpack: false
es_scripts: true
es_templates: true
es_heap_size: "1g"
es_api_port: 9200
es_plugins:
- plugin: ingest-geoip
- plugin: ingest-attachment
- name: Elasticsearch Multi test - data on 9201
hosts: localhost
@ -38,14 +45,21 @@
es_heap_size: "1g"
es_api_port: 9201
es_plugins:
- plugin: ingest-geoip
- plugin: ingest-attachment
es_instance_name: "node1"
es_data_dirs:
es_data_dirs:
- "/opt/elasticsearch/data-1"
- "/opt/elasticsearch/data-2"
es_config:
es_config_6x:
discovery.zen.ping.unicast.hosts: "localhost:9300"
http.port: 9201
transport.tcp.port: 9301
node.data: true
node.master: false
es_config_7x:
discovery.seed_hosts: "localhost:9300"
http.port: 9201
transport.port: 9301
node.data: true
node.master: false
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"

2
test/integration/oss-to-xpack-upgrade.yml
View file

@ -7,7 +7,7 @@
- elasticsearch
vars:
es_instance_name: "node1"
es_version: "{{ '6.2.4' if es_major_version == '6.x' else '5.6.9' }}" # This is set to an older version than the current default to force an upgrade
es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
es_enable_xpack: false
es_heap_size: "1g"

2
test/integration/oss-upgrade.yml
View file

@ -7,7 +7,7 @@
- elasticsearch
vars:
es_instance_name: "node1"
es_version: "{{ '6.2.4' if es_major_version == '6.x' else '5.6.9' }}" # This is set to an older version than the current default to force an upgrade
es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
es_enable_xpack: false
es_heap_size: "1g"

2
test/integration/oss.yml
View file

@ -10,6 +10,6 @@
es_enable_xpack: false
es_heap_size: "1g"
es_plugins:
- plugin: ingest-geoip
- plugin: ingest-attachment
#Do not add tests here. This test is run twice and confirms idempotency.

34
test/integration/xpack-upgrade.yml
View file

@ -8,21 +8,26 @@
vars:
es_instance_name: "node1"
es_api_port: 9200
es_config:
es_config_6x:
http.port: 9200
transport.tcp.port: 9300
discovery.zen.ping.unicast.hosts: "localhost:9300"
xpack.security.authc.realms.file1.type: "file"
xpack.security.authc.realms.file1.order: 0
xpack.security.authc.realms.native1.type: "native"
xpack.security.authc.realms.file1.type: file
xpack.security.authc.realms.native1.order: 1
xpack.security.authc.realms.native1.type: native
es_config_7x:
http.port: 9200
xpack.security.enabled: True
xpack.security.authc.realms.file.file1.order: 0
xpack.security.authc.realms.native.native1.order: 1
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
es_heap_size: "1g"
es_templates: true
es_version: "{{ '6.2.4' if es_major_version == '6.x' else '5.6.9' }}" # This is set to an older version than the current default to force an upgrade
es_major_version: "7.x"
es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
es_enable_xpack: true
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
es_plugins:
- plugin: ingest-geoip
- plugin: ingest-attachment
es_xpack_features:
- security
- alerting
@ -118,15 +123,18 @@
vars:
es_api_port: 9200
es_instance_name: "node1"
es_config:
es_config_6x:
http.port: 9200
transport.tcp.port: 9300
discovery.zen.ping.unicast.hosts: "localhost:9300"
xpack.security.enabled: True
xpack.security.authc.realms.file1.type: "file"
xpack.security.authc.realms.file1.order: 0
xpack.security.authc.realms.native1.type: "native"
xpack.security.authc.realms.file1.type: file
xpack.security.authc.realms.native1.order: 1
xpack.security.authc.realms.native1.type: native
es_config_7x:
http.port: 9200
xpack.security.enabled: True
xpack.security.authc.realms.file.file1.order: 0
xpack.security.authc.realms.native.native1.order: 1
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
es_heap_size: "1g"
es_templates: true
es_enable_xpack: true

2
test/integration/xpack.yml
View file

@ -11,8 +11,6 @@
es_instance_name: "node1"
es_config:
http.port: 9200
transport.tcp.port: 9300
discovery.zen.ping.unicast.hosts: "localhost:9300"
es_xpack_custom_url: "https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-{{ es_version }}.zip"
es_heap_size: 2g
es_enable_xpack: true

2
test/matrix.yml
View file

@ -1,6 +1,6 @@
VERSION:
- 7.x
- 6.x
- 5.x
OS:
- ubuntu-1404
- ubuntu-1604