Merge branch 'master' into fix-redhat-install-elasticsearch-until-condition

2018-05-02 11:32:14 +03:00 · 2018-05-02 11:32:14 +03:00 · d42c12fb44
commit d42c12fb44
parent 9647e12819 046f5c2500
21 changed files with 232 additions and 108 deletions
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
@ -38,4 +38,4 @@ Please specify the full playbook used to reproduce this issue.
 **Provide logs from Ansible**:
-**ES Logs if irrelevant**:
+**ES Logs if relevant**:
--- a/.kitchen.yml
+++ b/.kitchen.yml
@ -21,7 +21,7 @@ provisioner:
    extra_vars:
      es_major_version: "<%= ENV['VERSION'] %>"
      <% if ENV['VERSION'] == '5.x' %>
-      es_version: '5.6.7'
+      es_version: '5.6.9'
      <% end %>
  <% end %>
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,6 +1,6 @@
 ---
 es_major_version: "6.x"
-es_version: "6.1.3"
+es_version: "6.2.4"
 es_version_lock: false
 es_use_repository: true
 es_templates_fileglob: "files/templates/*.json"
--- a/tasks/elasticsearch-Debian.yml
+++ b/tasks/elasticsearch-Debian.yml
@ -1,8 +1,10 @@
 ---
- set_fact: force_install=no
+- name: set fact force_install to no
  set_fact: force_install=no
- set_fact: force_install=yes
+- name: set fact force_install to yes
  set_fact: force_install=yes
  when: es_allow_downgrades
 - name: Debian - Install apt-transport-https to support https APT downloads
--- a/tasks/elasticsearch-config.yml
+++ b/tasks/elasticsearch-config.yml
@ -70,14 +70,20 @@
  become: yes
  file: dest=/etc/init.d/elasticsearch state=absent
- name: Delete Default Environment File
+- name: Create empty default environment file
  become: yes
-  file: dest=/etc/default/elasticsearch state=absent
+  changed_when: False
  copy:
    dest: /etc/default/elasticsearch
    content: ''
  when: ansible_os_family == 'Debian'
- name: Delete Default Environment File
+- name: Create empty default environment file
  become: yes
-  file: dest=/etc/sysconfig/elasticsearch state=absent
+  changed_when: False
  copy:
    dest: /etc/sysconfig/elasticsearch
    content: ''
  when: ansible_os_family == 'RedHat'
 - name: Delete Default Sysconfig File
--- a/tasks/elasticsearch-parameters.yml
+++ b/tasks/elasticsearch-parameters.yml
@ -1,39 +1,52 @@
 # Check for mandatory parameters
- fail: msg="es_instance_name must be specified and cannot be blank"
+- name: fail when es_instance is not defined
  fail: msg="es_instance_name must be specified and cannot be blank"
  when: es_instance_name is not defined or es_instance_name == ''
- fail: msg="es_proxy_port must be specified and cannot be blank when es_proxy_host is defined"
+- name: fail when es_proxy_port is not defined or is blank
  fail: msg="es_proxy_port must be specified and cannot be blank when es_proxy_host is defined"
  when: (es_proxy_port is not defined or es_proxy_port == '') and (es_proxy_host is defined and es_proxy_host != '')
- debug: msg="WARNING - It is recommended you specify the parameter 'http.port'"
+- name: debug message
  debug: msg="WARNING - It is recommended you specify the parameter 'http.port'"
  when: es_config['http.port'] is not defined
- debug: msg="WARNING - It is recommended you specify the parameter 'transport.tcp.port'"
+- name: debug message
  debug: msg="WARNING - It is recommended you specify the parameter 'transport.tcp.port'"
  when: es_config['transport.tcp.port'] is not defined
- debug: msg="WARNING - It is recommended you specify the parameter 'discovery.zen.ping.unicast.hosts'"
+- name: debug message
  debug: msg="WARNING - It is recommended you specify the parameter 'discovery.zen.ping.unicast.hosts'"
  when: es_config['discovery.zen.ping.unicast.hosts'] is not defined
 #If the user attempts to lock memory they must specify a heap size
- fail: msg="If locking memory with bootstrap.memory_lock a heap size must be specified"
+- name: fail when heap size is not specified when using memory lock
  fail: msg="If locking memory with bootstrap.memory_lock a heap size must be specified"
  when: es_config['bootstrap.memory_lock'] is defined and es_config['bootstrap.memory_lock'] == True and es_heap_size is not defined
 #Check if working with security we have an es_api_basic_auth_username and es_api_basic_auth_username - otherwise any http calls wont work
- fail: msg="Enabling security requires an es_api_basic_auth_username and es_api_basic_auth_password to be provided to allow cluster operations"
+- name: fail when api credentials are not declared when using security
  fail: msg="Enabling security requires an es_api_basic_auth_username and es_api_basic_auth_password to be provided to allow cluster operations"
  when: es_enable_xpack and ("security" in es_xpack_features) and es_api_basic_auth_username is not defined and es_api_basic_auth_password is not defined
- set_fact: file_reserved_users={{ es_users.file.keys() | intersect (reserved_xpack_users) }}
+- name: set fact file_reserved_users
  set_fact: file_reserved_users={{ es_users.file.keys() | intersect (reserved_xpack_users) }}
  when: es_users is defined and es_users.file is defined and (es_users.file.keys() | length > 0) and (es_users.file.keys() | intersect (reserved_xpack_users) | length > 0)
- fail:
+- name: fail when changing users through file realm
  fail:
     msg: "ERROR: INVALID CONFIG - YOU CANNOT CHANGE RESERVED USERS THROUGH THE FILE REALM. THE FOLLOWING CANNOT BE CHANGED: {{file_reserved_users}}. USE THE NATIVE REALM."
  when: file_reserved_users | default([]) | length > 0
- set_fact: instance_default_file={{default_file | dirname}}/{{es_instance_name}}_{{default_file | basename}}
+- name: set fact instance_default_file
- set_fact: instance_init_script={{init_script | dirname }}/{{es_instance_name}}_{{init_script | basename}}
+  set_fact: instance_default_file={{default_file | dirname}}/{{es_instance_name}}_{{default_file | basename}}
- set_fact: conf_dir={{ es_conf_dir }}/{{es_instance_name}}
+- name: set fact instance_init_script
- set_fact: m_lock_enabled={{ es_config['bootstrap.memory_lock'] is defined and es_config['bootstrap.memory_lock'] == True }}
+  set_fact: instance_init_script={{init_script | dirname }}/{{es_instance_name}}_{{init_script | basename}}
 - name: set fact conf_dir
  set_fact: conf_dir={{ es_conf_dir }}/{{es_instance_name}}
 - name: set fact m_lock_enabled
  set_fact: m_lock_enabled={{ es_config['bootstrap.memory_lock'] is defined and es_config['bootstrap.memory_lock'] == True }}
 #TODO - if transport.host is not local maybe error on boostrap checks
@ -44,13 +57,19 @@
 #Centos 7 and up
 #Relies on elasticsearch distribution installing a serviced script to determine whether one should be copied.
- set_fact: use_system_d={{(ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', '>=')) or (ansible_distribution in ['RedHat','CentOS'] and ansible_distribution_version | version_compare('7', '>=')) or (ansible_distribution == 'Ubuntu' and ansible_distribution_version | version_compare('15', '>=')) }}
+- name: set fact use_system_d
  set_fact: use_system_d={{(ansible_distribution == 'Debian' and ansible_distribution_version | version_compare('8', '>=')) or (ansible_distribution in ['RedHat','CentOS'] and ansible_distribution_version | version_compare('7', '>=')) or (ansible_distribution == 'Ubuntu' and ansible_distribution_version | version_compare('15', '>=')) }}
- set_fact: instance_sysd_script={{sysd_script | dirname }}/{{es_instance_name}}_{{sysd_script | basename}}
+- name: set fact instance_sysd_script
  set_fact: instance_sysd_script={{sysd_script | dirname }}/{{es_instance_name}}_{{sysd_script | basename}}
  when: use_system_d
 #For directories we also use the {{inventory_hostname}}-{{ es_instance_name }} - this helps if we have a shared SAN.
- set_fact: instance_suffix={{inventory_hostname}}-{{ es_instance_name }}
+- name: set fact instance_suffix
- set_fact: pid_dir={{ es_pid_dir }}/{{instance_suffix}}
+  set_fact: instance_suffix={{inventory_hostname}}-{{ es_instance_name }}
- set_fact: log_dir={{ es_log_dir }}/{{instance_suffix}}
+- name: set fact pid_dir
- set_fact: data_dirs={{ es_data_dirs | append_to_list('/'+instance_suffix) }}
+  set_fact: pid_dir={{ es_pid_dir }}/{{instance_suffix}}
 - name: set fact log_dir
  set_fact: log_dir={{ es_log_dir }}/{{instance_suffix}}
 - name: set fact log_dir
  set_fact: data_dirs={{ es_data_dirs | append_to_list('/'+instance_suffix) }}
--- a/tasks/elasticsearch-plugins.yml
+++ b/tasks/elasticsearch-plugins.yml
@ -2,12 +2,15 @@
 # es_plugins_reinstall will be set to true if elasticsearch_install_from_repo.changed or elasticsearch_install_from_package.changed
 # i.e. we have changed ES version(or we have clean installation of ES), or if no plugins listed. Otherwise it is false and requires explicitly setting.
- set_fact: es_plugins_reinstall=true
+- name: set fact es_plugins_reinstall to true
  set_fact: es_plugins_reinstall=true
  when: (((debian_elasticsearch_install_from_repo is defined and debian_elasticsearch_install_from_repo.changed) or (redhat_elasticsearch_install_from_repo is defined and redhat_elasticsearch_install_from_repo.changed)) or (elasticsearch_install_from_package is defined and elasticsearch_install_from_package.changed)) or es_plugins is not defined or es_plugins is none
- set_fact: list_command=""
+- name: set fact list_command
  set_fact: list_command=""
 #If we are reinstalling all plugins, e.g. to a version change, we need to remove all plugins (inc. x-pack) to install any plugins. Otherwise we don't consider x-pack so the role stays idempotent.
- set_fact: list_command="| grep -vE 'x-pack'"
+- name: set fact list_command check for x-pack
  set_fact: list_command="| grep -vE 'x-pack'"
  when: not es_plugins_reinstall
 #List currently installed plugins. We have to list the directories as the list commmand fails if the ES version is different than the plugin version.
@ -23,19 +26,23 @@
    ES_INCLUDE: "{{ instance_default_file }}"
 #if es_plugins_reinstall is set to true we remove ALL plugins
- set_fact: plugins_to_remove="{{ installed_plugins.stdout_lines | default([]) }}"
+- name: set fact plugins_to_remove to install_plugins.stdout_lines
  set_fact: plugins_to_remove="{{ installed_plugins.stdout_lines | default([]) }}"
  when: es_plugins_reinstall
 #if the plugins listed are different than those requested, we remove those installed but not listed in the config
- set_fact: plugins_to_remove="{{ installed_plugins.stdout_lines | difference(es_plugins | json_query('[*].plugin')) | default([]) }}"
+- name: set fact plugins_to_remove to delete plugins installed but not listed in es_plugins
  set_fact: plugins_to_remove="{{ installed_plugins.stdout_lines | difference(es_plugins | json_query('[*].plugin')) | default([]) }}"
  when: not es_plugins_reinstall
 #if es_plugins_reinstall is set to true we (re)install ALL plugins
- set_fact: plugins_to_install="{{ es_plugins | json_query('[*].plugin') | default([]) }}"
+- name: set fact plugins_to_install to es_plugins
  set_fact: plugins_to_install="{{ es_plugins | json_query('[*].plugin') | default([]) }}"
  when: es_plugins_reinstall
 #if the plugins listed are different than those requested, we install those not installed but listed in the config
- set_fact: plugins_to_install="{{ es_plugins | json_query('[*].plugin') | difference(installed_plugins.stdout_lines) | default([]) }}"
+- name: set fact to plugins_to_install to those in es_config but not installed
  set_fact: plugins_to_install="{{ es_plugins | json_query('[*].plugin') | difference(installed_plugins.stdout_lines) | default([]) }}"
  when: not es_plugins_reinstall
 # This removes any currently installed plugins (to prevent errors when reinstalling)
--- a/tasks/elasticsearch-scripts.yml
+++ b/tasks/elasticsearch-scripts.yml
@ -1,10 +1,12 @@
 ---
- set_fact: es_script_dir={{ es_conf_dir }}/{{es_instance_name}}
+- name: set fact es_script_dir
  set_fact: es_script_dir={{ es_conf_dir }}/{{es_instance_name}}
  tags:
      - always
- set_fact: es_script_dir={{es_config['path.scripts']}}
+- name: set fact es_script_dir when path.scripts
  set_fact: es_script_dir={{es_config['path.scripts']}}
  when: es_config['path.scripts'] is defined
  tags:
      - always
--- a/tasks/elasticsearch-template.yml
+++ b/tasks/elasticsearch-template.yml
@ -1,6 +1,11 @@
 ---
- file: path=/etc/elasticsearch/templates state=directory owner={{ es_user }} group={{ es_group }}
+- name: ensure templates dir is created
  file:
    path: /etc/elasticsearch/templates
    state: directory
    owner: "{{ es_user }}"
    group: "{{ es_group }}"
 - name: Copy templates to elasticsearch
  copy: src={{ item }} dest=/etc/elasticsearch/templates owner={{ es_user }} group={{ es_group }}
--- a/tasks/java.yml
+++ b/tasks/java.yml
@ -1,8 +1,10 @@
 ---
- set_fact: java_state="present"
+- name: set fact java_state to present
  set_fact: java_state="present"
- set_fact: java_state="latest"
+- name: set fact java_state to latest
  set_fact: java_state="latest"
  when: update_java == true
 - name: RedHat - Ensure Java is installed
@ -35,7 +37,8 @@
  apt: name={{ java }} state={{java_state}}
  when: ansible_os_family == 'Debian'
- shell: java -version 2>&1 | grep OpenJDK
+- name: register open_jdk version
  shell: java -version 2>&1 | grep OpenJDK
  register: open_jdk
  ignore_errors: yes
  changed_when: false
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -9,35 +9,42 @@
  tags:
      - always
- include: java.yml
+- name: include java.yml
  include: java.yml
  when: es_java_install
  tags:
      - java
- include: elasticsearch.yml
+- name: include elasticsearch.yml
  include: elasticsearch.yml
  tags:
      - install
- include: elasticsearch-config.yml
+- name: include elasticsearch-config.yml
  include: elasticsearch-config.yml
  tags:
      - config
- include: elasticsearch-scripts.yml
+- name: include elasticsearch-scripts.yml
  include: elasticsearch-scripts.yml
  when: es_scripts
  tags:
      - scripts
- include: elasticsearch-plugins.yml
+- name: include elasticsearch-plugins.yml
  include: elasticsearch-plugins.yml
  when: es_plugins is defined or es_plugins_reinstall
  tags:
      - plugins
  #We always execute xpack as we may need to remove features
- include: xpack/elasticsearch-xpack.yml
+- name: include xpack/elasticsearch-xpack.yml
  include: xpack/elasticsearch-xpack.yml
  tags:
      - xpack
- meta: flush_handlers
+- name: flush handlers
  meta: flush_handlers
 - name: Make sure elasticsearch is started
  service: name={{instance_init_script | basename}} state=started enabled=yes
@ -47,9 +54,11 @@
  wait_for: host={{es_api_host}} port={{es_api_port}} delay=5 connect_timeout=1
  when: es_restarted is defined and es_restarted.changed and es_start_service
- set_fact: manage_native_realm=false
+- name: set fact manage_native_realm to false
  set_fact: manage_native_realm=false
- set_fact: manage_native_realm=true
+- name: set fact manage_native_realm to true
  set_fact: manage_native_realm=true
  when: es_start_service and (es_enable_xpack and "security" in es_xpack_features) and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined))
 # If playbook runs too fast, Native commands could fail as the Native Realm is not yet up
@ -62,12 +71,14 @@
  when: es_start_service and es_enable_xpack and es_xpack_license is defined and es_xpack_license != ''
 #perform security actions here now elasticsearch is started
- include: ./xpack/security/elasticsearch-security-native.yml
+- name: include xpack/security/elasticsearch-security-native.yml
  include: ./xpack/security/elasticsearch-security-native.yml
  when: manage_native_realm
 #Templates done after restart - handled by flushing the handlers. e.g. suppose user removes security on a running node and doesn't specify es_api_basic_auth_username and es_api_basic_auth_password.  The templates will subsequently not be removed if we don't wait for the node to restart.
 #We also do after the native realm to ensure any changes are applied here first and its denf up.
- include: elasticsearch-template.yml
+- name: include elasticsearch-template.yml
  include: elasticsearch-template.yml
  when: es_templates
  tags:
      - templates
--- a/tasks/xpack/elasticsearch-xpack-install.yml
+++ b/tasks/xpack/elasticsearch-xpack-install.yml
@ -1,7 +1,8 @@
 ---
 #Test if feature is installed
- shell: "{{es_home}}/bin/elasticsearch-plugin list | grep x-pack"
+- name: Test if x-pack is installed
  shell: "{{es_home}}/bin/elasticsearch-plugin list | grep x-pack"
  become: yes
  register: x_pack_installed
  changed_when: False
--- a/tasks/xpack/elasticsearch-xpack.yml
+++ b/tasks/xpack/elasticsearch-xpack.yml
@ -1,11 +1,14 @@
 ---
- set_fact: es_version_changed={{ ((elasticsearch_install_from_package is defined and (debian_elasticsearch_install_from_repo.changed or redhat_elasticsearch_install_from_repo.changed)) or (elasticsearch_install_from_package is defined and elasticsearch_install_from_package.changed)) }}
+- name: set fact es_version_changed
  set_fact: es_version_changed={{ ((elasticsearch_install_from_package is defined and ((debian_elasticsearch_install_from_repo is defined and debian_elasticsearch_install_from_repo.changed) or (redhat_elasticsearch_install_from_repo is defined and redhat_elasticsearch_install_from_repo.changed))) or (elasticsearch_install_from_package is defined and elasticsearch_install_from_package.changed)) }}
- include: elasticsearch-xpack-install.yml
+- name: include elasticsearch-xpack-install.yml
  include: elasticsearch-xpack-install.yml
 #Security configuration
- include: security/elasticsearch-security.yml
+- name: include security/elasticsearch-security.yml
  include: security/elasticsearch-security.yml
 #Add any feature specific configuration here
 - name: Set Plugin Directory Permissions
--- a/tasks/xpack/security/elasticsearch-security-file.yml
+++ b/tasks/xpack/security/elasticsearch-security-file.yml
@ -1,5 +1,6 @@
 ---
- set_fact: manage_file_users=es_users is defined and es_users.file is defined and es_users.file.keys() | length > 0
+- name: set fact manage_file_users
  set_fact: manage_file_users=es_users is defined and es_users.file is defined and es_users.file.keys() | length > 0
 #List current users
 - name: List Users
@ -9,7 +10,8 @@
  when: manage_file_users
  changed_when: False
- set_fact: users_to_remove={{ current_file_users.stdout_lines | difference (es_users.file.keys()) }}
+- name: set fact users_to_remove
  set_fact: users_to_remove={{ current_file_users.stdout_lines | difference (es_users.file.keys()) }}
  when: manage_file_users
 #Remove users
@ -24,7 +26,8 @@
    ES_PATH_CONF: "{{ conf_dir }}"
    ES_HOME: "{{es_home}}"
- set_fact: users_to_add={{ es_users.file.keys() | difference (current_file_users.stdout_lines) }}
+- name: set fact users_to_add
  set_fact: users_to_add={{ es_users.file.keys() | difference (current_file_users.stdout_lines) }}
  when: manage_file_users
 #Add users
@ -55,7 +58,8 @@
    ES_PATH_CONF: "{{ conf_dir }}"
    ES_HOME: "{{es_home}}"
- set_fact: users_roles={{es_users.file | extract_role_users () }}
+- name: set fact users_roles
  set_fact: users_roles={{es_users.file | extract_role_users () }}
  when: manage_file_users
 #Copy Roles files
--- a/tasks/xpack/security/elasticsearch-security-native.yml
+++ b/tasks/xpack/security/elasticsearch-security-native.yml
@ -1,14 +1,19 @@
 ---
- set_fact: change_api_password=false
+- name: set fact change_api_password to false
  set_fact: change_api_password=false
- set_fact: manage_native_users=false
+- name: set fact manage_native_users to false
  set_fact: manage_native_users=false
- set_fact: manage_native_users=true
+- name: set fact manage_native_users to true
  set_fact: manage_native_users=true
  when: es_users is defined and es_users.native is defined and es_users.native.keys() | length > 0
- set_fact: manage_native_roles=false
+- name: set fact manage_native_role to false
  set_fact: manage_native_roles=false
- set_fact: manage_native_roles=true
+- name: set fact manange_native_roles to true
  set_fact: manage_native_roles=true
  when: es_roles is defined and es_roles.native is defined and es_roles.native.keys() | length > 0
 #If the node has just has security installed it maybe either stopped or started 1. if stopped, we need to start to load native realms 2. if started, we need to restart to load
@ -25,18 +30,22 @@
  register: user_list_response
  when: manage_native_users
- set_fact: reserved_users={{ user_list_response.json | filter_reserved }}
+- name: set fact reserved_users equals user_list_response.json
  set_fact: reserved_users={{ user_list_response.json | filter_reserved }}
  when: manage_native_users
 #Current users not inc. those reserved
- set_fact: current_users={{ user_list_response.json.keys() | difference (reserved_users) }}
+- name: set fact current_users equals user_list_response.json.keys not including reserved
  set_fact: current_users={{ user_list_response.json.keys() | difference (reserved_users) }}
  when: manage_native_users
 #We are changing the es_api_basic_auth_username password, so we need to do it first and update the param
- set_fact: native_users={{ es_users.native }}
+- name: set fact native_users
  set_fact: native_users={{ es_users.native }}
  when: manage_native_users
- set_fact: change_api_password=true
+- name: set fact change_api_password to true
  set_fact: change_api_password=true
  when: manage_native_users and es_api_basic_auth_username in native_users and native_users[es_api_basic_auth_username].password is defined
 - name: Update API User Password
@ -51,11 +60,13 @@
    force_basic_auth: yes
  when: change_api_password
- set_fact: es_api_basic_auth_password={{native_users[es_api_basic_auth_username].password}}
+- name: set fact es_api_basic_auth_password
  set_fact: es_api_basic_auth_password={{native_users[es_api_basic_auth_username].password}}
  when: change_api_password
 #Identify users that are present in ES but not declared and thus should be removed
- set_fact: users_to_remove={{ current_users | difference ( native_users.keys() ) }}
+- name: set fact users_to_remove
  set_fact: users_to_remove={{ current_users | difference ( native_users.keys() ) }}
  when: manage_native_users
 #Delete all non required users NOT inc. reserved
@ -70,10 +81,12 @@
  when: manage_native_users
  with_items: "{{ users_to_remove | default([]) }}"
- set_fact: users_to_ignore={{ native_users.keys() | intersect (reserved_users) }}
+- name: set fact users_to_ignore
  set_fact: users_to_ignore={{ native_users.keys() | intersect (reserved_users) }}
  when: manage_native_users
- debug:
+- name: debug message
  debug:
    msg: "WARNING: YOU CAN ONLY CHANGE THE PASSWORD FOR RESERVED USERS IN THE NATIVE REALM. ANY ROLE CHANGES WILL BE IGNORED: {{users_to_ignore}}"
  when: manage_native_users and users_to_ignore | length > 0
@ -92,7 +105,8 @@
  no_log: True
  with_items: "{{ users_to_ignore | default([]) }}"
- set_fact: users_to_modify={{ native_users.keys() | difference (reserved_users) }}
+- name: set fact users_to_modify
  set_fact: users_to_modify={{ native_users.keys() | difference (reserved_users) }}
  when: manage_native_users
 #Overwrite all other users NOT inc. those reserved
@ -125,20 +139,25 @@
  register: role_list_response
  when: manage_native_roles
- set_fact: reserved_roles={{ role_list_response.json | filter_reserved }}
+- name: set fact reserved roles
  set_fact: reserved_roles={{ role_list_response.json | filter_reserved }}
  when: manage_native_roles
- set_fact: current_roles={{ role_list_response.json.keys() | difference (reserved_roles) }}
+- name: set fact current roles
  set_fact: current_roles={{ role_list_response.json.keys() | difference (reserved_roles) }}
  when: manage_native_roles
- set_fact: roles_to_ignore={{ es_roles.native.keys() | intersect (reserved_roles) | default([]) }}
+- name: set fact roles to ignore
  set_fact: roles_to_ignore={{ es_roles.native.keys() | intersect (reserved_roles) | default([]) }}
  when: manage_native_roles
- debug:
+- name: debug message
  debug:
    msg: "WARNING: YOU CANNOT CHANGE RESERVED ROLES. THE FOLLOWING WILL BE IGNORED: {{roles_to_ignore}}"
  when: manage_native_roles and roles_to_ignore | length > 0
- set_fact: roles_to_remove={{ current_roles | difference ( es_roles.native.keys()  ) }}
+- name: set fact roles_to_remove
  set_fact: roles_to_remove={{ current_roles | difference ( es_roles.native.keys()  ) }}
  when: manage_native_roles
 #Delete all non required roles NOT inc. reserved
@ -153,7 +172,8 @@
  when: manage_native_roles
  with_items: "{{roles_to_remove | default([]) }}"
- set_fact: roles_to_modify={{ es_roles.native.keys() | difference (reserved_roles) }}
+- name: set fact roles_to_modify
  set_fact: roles_to_modify={{ es_roles.native.keys() | difference (reserved_roles) }}
  when: manage_native_roles
 #Update other roles - NOT inc. reserved roles
--- a/test/integration/helpers/serverspec/config_spec.rb
+++ b/test/integration/helpers/serverspec/config_spec.rb
@ -113,12 +113,16 @@ shared_examples 'config::init' do |vars|
    it { should_not exist }
  end
  if ['debian', 'ubuntu'].include?(os[:family])
    describe file('/etc/default/elasticsearch') do
-    it { should_not exist }
+      its(:content) { should match '' }
    end
  end
  if ['centos', 'redhat'].include?(os[:family])
    describe file('/etc/sysconfig/elasticsearch') do
-    it { should_not exist }
+      its(:content) { should match '' }
    end
  end
  describe file('/usr/lib/systemd/system/elasticsearch.service') do
--- a/test/integration/helpers/serverspec/multi_spec.rb
+++ b/test/integration/helpers/serverspec/multi_spec.rb
@ -200,12 +200,16 @@ shared_examples 'multi::init' do |vars|
    it { should_not exist }
  end
  if ['debian', 'ubuntu'].include?(os[:family])
    describe file('/etc/default/elasticsearch') do
-    it { should_not exist }
+      its(:content) { should match '' }
    end
  end
  if ['centos', 'redhat'].include?(os[:family])
    describe file('/etc/sysconfig/elasticsearch') do
-    it { should_not exist }
+      its(:content) { should match '' }
    end
  end
  describe file('/usr/lib/systemd/system/elasticsearch.service') do
--- a/test/integration/helpers/serverspec/package_spec.rb
+++ b/test/integration/helpers/serverspec/package_spec.rb
@ -88,12 +88,16 @@ shared_examples 'package::init' do |vars|
    it { should_not exist }
  end
  if ['debian', 'ubuntu'].include?(os[:family])
    describe file('/etc/default/elasticsearch') do
-    it { should_not exist }
+      its(:content) { should match '' }
    end
  end
  if ['centos', 'redhat'].include?(os[:family])
    describe file('/etc/sysconfig/elasticsearch') do
-    it { should_not exist }
+      its(:content) { should match '' }
    end
  end
  describe file('/usr/lib/systemd/system/elasticsearch.service') do
--- a/test/integration/helpers/serverspec/standard_spec.rb
+++ b/test/integration/helpers/serverspec/standard_spec.rb
@ -60,12 +60,16 @@ shared_examples 'standard::init' do |vars|
    it { should_not exist }
  end
  if ['debian', 'ubuntu'].include?(os[:family])
    describe file('/etc/default/elasticsearch') do
-    it { should_not exist }
+      its(:content) { should match '' }
    end
  end
  if ['centos', 'redhat'].include?(os[:family])
    describe file('/etc/sysconfig/elasticsearch') do
-    it { should_not exist }
+      its(:content) { should match '' }
    end
  end
  describe file('/usr/lib/systemd/system/elasticsearch.service') do
--- a/test/integration/helpers/serverspec/xpack_spec.rb
+++ b/test/integration/helpers/serverspec/xpack_spec.rb
@ -56,12 +56,16 @@ shared_examples 'xpack::init' do |vars|
    it { should_not exist }
  end
  if ['debian', 'ubuntu'].include?(os[:family])
    describe file('/etc/default/elasticsearch') do
-    it { should_not exist }
+      its(:content) { should match '' }
    end
  end
  if ['centos', 'redhat'].include?(os[:family])
    describe file('/etc/sysconfig/elasticsearch') do
-    it { should_not exist }
+      its(:content) { should match '' }
    end
  end
  describe file('/usr/lib/systemd/system/elasticsearch.service') do
--- a/test/integration/helpers/serverspec/xpack_standard_spec.rb
+++ b/test/integration/helpers/serverspec/xpack_standard_spec.rb
@ -57,12 +57,16 @@ shared_examples 'xpack_standard::init' do |vars|
    it { should_not exist }
  end
  if ['debian', 'ubuntu'].include?(os[:family])
    describe file('/etc/default/elasticsearch') do
-    it { should_not exist }
+      its(:content) { should match '' }
    end
  end
  if ['centos', 'redhat'].include?(os[:family])
    describe file('/etc/sysconfig/elasticsearch') do
-    it { should_not exist }
+      its(:content) { should match '' }
    end
  end
  describe file('/usr/lib/systemd/system/elasticsearch.service') do
@ -116,8 +120,25 @@ shared_examples 'xpack_standard::init' do |vars|
    it { should be_owned_by 'elasticsearch' }
  end
-  describe command('curl -s localhost:9200/_nodes/plugins | grep \'"name":"x-pack","version":"'+vars['es_version']+'"\'') do
+  describe 'x-pack-core plugin' do
-    its(:exit_status) { should eq 0 }
+    it 'should be installed with the correct version' do
      plugins = curl_json('http://localhost:9200/_nodes/plugins')
      node, data = plugins['nodes'].first
      version = 'plugin not found'
      if Gem::Version.new(vars['es_version']) >= Gem::Version.new('6.2')
        name = 'x-pack-core'
      else
        name = 'x-pack'
      end
      data['plugins'].each do |plugin|
        if plugin['name'] == name
          version = plugin['version']
        end
      end
      expect(version).to eql(vars['es_version'])
    end
  end
  #Test users file, users_roles and roles.yml
`@ -38,4 +38,4 @@ Please specify the full playbook used to reproduce this issue.`

	`Provide logs from Ansible:`	`Provide logs from Ansible:`

	`ES Logs if irrelevant:`	`ES Logs if relevant:`