diff --git a/test/integration/files/custom_config/elasticsearch b/test/integration/files/custom_config/elasticsearch new file mode 100644 index 0000000..36540c8 --- /dev/null +++ b/test/integration/files/custom_config/elasticsearch @@ -0,0 +1,7 @@ +# Elasticsearch CUSTOM FILE + +ES_HOME=/usr/share/elasticsearch +ES_PATH_CONF=/etc/elasticsearch +PID_DIR=/var/run/elasticsearch +ES_JAVA_OPTS= +ES_STARTUP_SLEEP_TIME=5 diff --git a/test/integration/files/custom_config/jvm.options b/test/integration/files/custom_config/jvm.options new file mode 100644 index 0000000..71ce100 --- /dev/null +++ b/test/integration/files/custom_config/jvm.options @@ -0,0 +1,34 @@ +## JVM configuration CUSTOM FILE + +-Xms2g +-Xmx2g +-XX:+UseConcMarkSweepGC +-XX:CMSInitiatingOccupancyFraction=75 +-XX:+UseCMSInitiatingOccupancyOnly +-Des.networkaddress.cache.ttl=60 +-Des.networkaddress.cache.negative.ttl=10 +-XX:+AlwaysPreTouch +-Xss1m +-Djava.awt.headless=true +-Dfile.encoding=UTF-8 +-Djna.nosys=true +-XX:-OmitStackTraceInFastThrow +-Dio.netty.noUnsafe=true +-Dio.netty.noKeySetOptimization=true +-Dio.netty.recycler.maxCapacityPerThread=0 +-Dlog4j.shutdownHookEnabled=false +-Dlog4j2.disable.jmx=true +-Djava.io.tmpdir=${ES_TMPDIR} +-XX:+HeapDumpOnOutOfMemoryError +-XX:HeapDumpPath=${heap.dump.path} +-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log +8:-XX:+PrintGCDetails +8:-XX:+PrintGCDateStamps +8:-XX:+PrintTenuringDistribution +8:-XX:+PrintGCApplicationStoppedTime +8:-Xloggc:/var/log/elasticsearch/gc.log +8:-XX:+UseGCLogFileRotation +8:-XX:NumberOfGCLogFiles=32 +8:-XX:GCLogFileSize=64m +9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m +9-:-Djava.locale.providers=COMPAT diff --git a/test/integration/files/custom_config/log4j2.properties b/test/integration/files/custom_config/log4j2.properties new file mode 100644 index 0000000..1573120 --- /dev/null +++ b/test/integration/files/custom_config/log4j2.properties @@ -0,0 +1,86 @@ +{% raw %} +# Log4j CUSTOM FILE + +status = error +logger.action.name = org.elasticsearch.action +logger.action.level = debug +appender.rolling.type = Console +appender.rolling.name = rolling +appender.rolling.layout.type = ESJsonLayout +appender.rolling.layout.type_name = server +rootLogger.level = info +rootLogger.appenderRef.rolling.ref = rolling +appender.deprecation_rolling.type = Console +appender.deprecation_rolling.name = deprecation_rolling +appender.deprecation_rolling.layout.type = ESJsonLayout +appender.deprecation_rolling.layout.type_name = deprecation +appender.deprecation_rolling.layout.esmessagefields=x-opaque-id +logger.deprecation.name = org.elasticsearch.deprecation +logger.deprecation.level = warn +logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +logger.deprecation.additivity = false +appender.index_search_slowlog_rolling.type = Console +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.layout.type = ESJsonLayout +appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog +appender.index_search_slowlog_rolling.layout.esmessagefields=message,took,took_millis,total_hits,stats,search_type,total_shards,source,id +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false +appender.index_indexing_slowlog_rolling.type = Console +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout +appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog +appender.index_indexing_slowlog_rolling.layout.esmessagefields=message,took,took_millis,doc_type,id,routing,source +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false +appender.audit_rolling.type = Console +appender.audit_rolling.name = audit_rolling +appender.audit_rolling.layout.type = PatternLayout +appender.audit_rolling.layout.pattern = {\ +"type": "audit", \ +"timestamp":"%d{yyyy-MM-dd'T'HH:mm:ss,SSSZ}"\ +%varsNotEmpty{, "node.name":"%enc{%map{node.name}}{JSON}"}\ +%varsNotEmpty{, "node.id":"%enc{%map{node.id}}{JSON}"}\ +%varsNotEmpty{, "host.name":"%enc{%map{host.name}}{JSON}"}\ +%varsNotEmpty{, "host.ip":"%enc{%map{host.ip}}{JSON}"}\ +%varsNotEmpty{, "event.type":"%enc{%map{event.type}}{JSON}"}\ +%varsNotEmpty{, "event.action":"%enc{%map{event.action}}{JSON}"}\ +%varsNotEmpty{, "user.name":"%enc{%map{user.name}}{JSON}"}\ +%varsNotEmpty{, "user.run_by.name":"%enc{%map{user.run_by.name}}{JSON}"}\ +%varsNotEmpty{, "user.run_as.name":"%enc{%map{user.run_as.name}}{JSON}"}\ +%varsNotEmpty{, "user.realm":"%enc{%map{user.realm}}{JSON}"}\ +%varsNotEmpty{, "user.run_by.realm":"%enc{%map{user.run_by.realm}}{JSON}"}\ +%varsNotEmpty{, "user.run_as.realm":"%enc{%map{user.run_as.realm}}{JSON}"}\ +%varsNotEmpty{, "user.roles":%map{user.roles}}\ +%varsNotEmpty{, "origin.type":"%enc{%map{origin.type}}{JSON}"}\ +%varsNotEmpty{, "origin.address":"%enc{%map{origin.address}}{JSON}"}\ +%varsNotEmpty{, "realm":"%enc{%map{realm}}{JSON}"}\ +%varsNotEmpty{, "url.path":"%enc{%map{url.path}}{JSON}"}\ +%varsNotEmpty{, "url.query":"%enc{%map{url.query}}{JSON}"}\ +%varsNotEmpty{, "request.method":"%enc{%map{request.method}}{JSON}"}\ +%varsNotEmpty{, "request.body":"%enc{%map{request.body}}{JSON}"}\ +%varsNotEmpty{, "request.id":"%enc{%map{request.id}}{JSON}"}\ +%varsNotEmpty{, "action":"%enc{%map{action}}{JSON}"}\ +%varsNotEmpty{, "request.name":"%enc{%map{request.name}}{JSON}"}\ +%varsNotEmpty{, "indices":%map{indices}}\ +%varsNotEmpty{, "opaque_id":"%enc{%map{opaque_id}}{JSON}"}\ +%varsNotEmpty{, "x_forwarded_for":"%enc{%map{x_forwarded_for}}{JSON}"}\ +%varsNotEmpty{, "transport.profile":"%enc{%map{transport.profile}}{JSON}"}\ +%varsNotEmpty{, "rule":"%enc{%map{rule}}{JSON}"}\ +%varsNotEmpty{, "event.category":"%enc{%map{event.category}}{JSON}"}\ +}%n +logger.xpack_security_audit_logfile.name = org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail +logger.xpack_security_audit_logfile.level = info +logger.xpack_security_audit_logfile.appenderRef.audit_rolling.ref = audit_rolling +logger.xpack_security_audit_logfile.additivity = false +logger.xmlsig.name = org.apache.xml.security.signature.XMLSignature +logger.xmlsig.level = error +logger.samlxml_decrypt.name = org.opensaml.xmlsec.encryption.support.Decrypter +logger.samlxml_decrypt.level = fatal +logger.saml2_decrypt.name = org.opensaml.saml.saml2.encryption.Decrypter +logger.saml2_decrypt.level = fatal +{% endraw %} diff --git a/test/integration/helpers/serverspec/oss_spec.rb b/test/integration/helpers/serverspec/oss_spec.rb index 0f4ff00..f07ce88 100644 --- a/test/integration/helpers/serverspec/oss_spec.rb +++ b/test/integration/helpers/serverspec/oss_spec.rb @@ -1,13 +1,20 @@ require 'spec_helper' +require 'shared_spec' shared_examples 'oss::init' do |vars| describe file("/etc/elasticsearch/log4j2.properties") do it { should be_file } it { should be_owned_by 'root' } - it { should_not contain 'CUSTOM LOG4J FILE' } + it { should contain 'Log4j CUSTOM FILE' } end describe file("/etc/elasticsearch/jvm.options") do it { should be_file } it { should be_owned_by 'root' } + it { should contain 'JVM configuration CUSTOM FILE' } + end + describe file($family['defaults_path']) do + it { should be_file } + it { should be_owned_by 'root' } + it { should contain 'Elasticsearch CUSTOM FILE' } end end diff --git a/test/integration/helpers/serverspec/shared_spec.rb b/test/integration/helpers/serverspec/shared_spec.rb index 0522fe4..4bf94e9 100644 --- a/test/integration/helpers/serverspec/shared_spec.rb +++ b/test/integration/helpers/serverspec/shared_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' require 'json' vars = JSON.parse(File.read('/tmp/vars.json')) -families = { +$families = { 'Debian' => { 'shell' => '/bin/false', 'password' => '*', @@ -15,7 +15,7 @@ families = { } } -family = families[vars['ansible_os_family']] +$family = $families[vars['ansible_os_family']] es_api_url = "#{vars['es_api_scheme']}://localhost:#{vars['es_api_port']}" username = vars['es_api_basic_auth_username'] @@ -88,9 +88,9 @@ shared_examples 'shared::init' do |vars| it { should belong_to_group vars['es_group'] } it { should have_uid vars['es_user_id'] } if vars.key?('es_user_id') - it { should have_login_shell family['shell'] } + it { should have_login_shell $family['shell'] } - its(:encrypted_password) { should eq(family['password']) } + its(:encrypted_password) { should eq($family['password']) } end describe package(vars['es_package_name']) do @@ -129,7 +129,7 @@ shared_examples 'shared::init' do |vars| end end - describe file(family['defaults_path']) do + describe file($family['defaults_path']) do its(:content) { should match '' } end diff --git a/test/integration/oss.yml b/test/integration/oss.yml index f94d585..d7ab9b7 100644 --- a/test/integration/oss.yml +++ b/test/integration/oss.yml @@ -10,5 +10,8 @@ es_heap_size: "1g" es_plugins: - plugin: ingest-attachment + es_config_default: "test/integration/files/custom_config/elasticsearch" + es_config_log4j2: "test/integration/files/custom_config/log4j2.properties" + es_config_jvm: "test/integration/files/custom_config/jvm.options" #Do not add tests here. This test is run twice and confirms idempotency.