santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move to new testing suite names

Browse source 
This commit is just moving the tests to their new names. The config,
packge and issue test suites have been removed and the tests from these
will be incorporated into the oss and xpack tests.

oss: Standard elasticsearch-oss role with idempotency test

oss-upgrade: Upgrade from previous minor version oss to current minor version oss

oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack

xpack: Standard elasticsearch (with xpack) role with idempotency test

xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack

multi: Tests multiple instances of elasticsearch on a single machine
This commit is contained in:
Michael Russell 2018-06-19 10:39:16 +02:00
parent f61cf5e590
commit da58c5f0dd
No known key found for this signature in database
GPG key ID: A90C1696496085FE
23 changed files with 548 additions and 796 deletions
Download patch file Download diff file Expand all files Collapse all files

61
.kitchen.yml
View file

@ -41,6 +41,7 @@ platforms:
use_sudo: false
volume:
- <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
- /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers
- name: ubuntu-16.04
driver_config:
image: dliappis/ubuntu-devopsci:16.04
@ -54,6 +55,7 @@ platforms:
use_sudo: false
volume:
- <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
- /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers
run_command: "/sbin/init"
- name: debian-8
driver_config:
@ -69,6 +71,7 @@ platforms:
- pip uninstall -y ansible
volume:
- <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
- /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers
use_sudo: false
run_command: "/sbin/init"
- name: centos-7
@ -85,53 +88,33 @@ platforms:
- pip install jmespath
volume:
- <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json
- /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers
run_command: "/usr/sbin/init"
privileged: true
use_sudo: false
suites:
- name: standard
- name: oss
provisioner:
idempotency_test: true
playbook: test/integration/standard.yml
run_list:
attributes:
- name: package
run_list:
attributes:
provisioner:
playbook: test/integration/package.yml
- name: config
run_list:
attributes:
provisioner:
playbook: test/integration/config.yml
- name: multi
run_list:
attributes:
provisioner:
playbook: test/integration/multi.yml
idempotency_test: true
- name: xpack
run_list:
attributes:
provisioner:
playbook: test/integration/xpack.yml
- name: xpack-standard
run_list:
attributes:
provisioner:
playbook: test/integration/xpack-standard.yml
idempotency_test: true
- name: issue-test
run_list:
attributes:
provisioner:
playbook: test/integration/issue-test.yml
idempotency_test: false
playbook: test/integration/oss.yml
- name: oss-upgrade
run_list:
attributes:
provisioner:
playbook: test/integration/oss-upgrade.yml
idempotency_test: false
- name: oss-to-xpack-upgrade
provisioner:
playbook: test/integration/oss-to-xpack-upgrade.yml
idempotency_test: false
- name: xpack
provisioner:
playbook: test/integration/xpack.yml
idempotency_test: true
- name: xpack-upgrade
provisioner:
playbook: test/integration/xpack-upgrade.yml
idempotency_test: false
- name: multi
provisioner:
playbook: test/integration/multi.yml
idempotency_test: true

163
test/integration/helpers/serverspec/config_spec.rb
View file

@ -1,163 +0,0 @@
require 'spec_helper'
shared_examples 'config::init' do |vars|
describe user('elasticsearch') do
it { should exist }
end
describe group('elasticsearch') do
it { should have_gid 333 }
end
describe user('elasticsearch') do
it { should have_uid 333 }
end
describe service('node1_elasticsearch') do
it { should be_running }
end
describe package(vars['es_package_name']) do
it { should be_installed }
end
describe file('/etc/elasticsearch/node1/elasticsearch.yml') do
it { should be_file }
end
#test configuration parameters have been set - test all appropriately set in config file
describe file('/etc/elasticsearch/node1/elasticsearch.yml') do
it { should contain 'http.port: 9401' }
it { should contain 'transport.tcp.port: 9501' }
it { should contain 'node.data: true' }
it { should contain 'node.master: true' }
it { should contain 'cluster.name: custom-cluster' }
it { should contain 'node.name: node1' }
it { should contain 'bootstrap.memory_lock: true' }
it { should contain 'discovery.zen.ping.unicast.hosts: localhost:9501' }
if vars['es_major_version'] == '6.x'
it { should_not contain 'path.conf: /etc/elasticsearch/node1' }
else
it { should contain 'path.conf: /etc/elasticsearch/node1' }
end
it { should contain 'path.data: /opt/elasticsearch/data-1/localhost-node1,/opt/elasticsearch/data-2/localhost-node1' }
it { should contain 'path.logs: /opt/elasticsearch/logs/localhost-node1' }
end
#test directories exist
describe file('/etc/elasticsearch/node1') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/opt/elasticsearch/data-1/localhost-node1') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/opt/elasticsearch/data-2/localhost-node1') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/opt/elasticsearch/logs/localhost-node1') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
#test we started on the correct port was used
describe command('curl -s "localhost:9401"') do
#TODO: This is returning an empty string
#its(:stdout) { should match /\"status\" : 200/ }
its(:exit_status) { should eq 0 }
end
#test to make sure mlock was applied
describe command('curl -s "localhost:9401/_nodes/process?pretty" | grep mlockall') do
its(:stdout) { should match /true/ }
its(:exit_status) { should eq 0 }
end
describe 'version check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9401 | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
for plugin in vars['es_plugins']
plugin = plugin['plugin']
describe file('/usr/share/elasticsearch/plugins/'+plugin) do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
#confirm plugins are installed and the correct version
describe command('curl -s localhost:9401/_nodes/plugins | grep \'"name":"'+plugin+'","version":"'+vars['es_version']+'"\'') do
its(:exit_status) { should eq 0 }
end
end
#explit test to make sure ingest-geoip is not installed
describe file('/usr/share/elasticsearch/plugins/ingest-geoip') do
it { should_not exist }
end
#confirm plugins are installed and the correct version
describe command('curl -s localhost:9200/_nodes/plugins | grep \'"name":"ingest-geoip","version":"'+vars['es_version']+'"\'') do
its(:exit_status) { should eq 1 }
end
describe file('/etc/init.d/elasticsearch') do
it { should_not exist }
end
if ['debian', 'ubuntu'].include?(os[:family])
describe file('/etc/default/elasticsearch') do
its(:content) { should match '' }
end
end
if ['centos', 'redhat'].include?(os[:family])
describe file('/etc/sysconfig/elasticsearch') do
its(:content) { should match '' }
end
end
describe file('/etc/elasticsearch/elasticsearch.yml') do
it { should_not exist }
end
describe file('/etc/elasticsearch/logging.yml') do
it { should_not exist }
end
#Init vs Systemd tests
#Ubuntu 15 and up
#Debian 8 and up
#Centos 7 and up
if (((os[:family] == 'redhat' || os[:family] == 'centos') && os[:release].to_f >= 7.0) ||
(os[:family] == 'ubuntu' && os[:release].to_f >= 15.0) ||
(os[:family] == 'debian' && os[:release].to_f >= 8.0))
describe file('/usr/lib/systemd/system/node1_elasticsearch.service') do
it { should be_file }
it { should contain 'LimitMEMLOCK=infinity' }
it { should contain 'LimitNPROC=3000' }
end
else
describe file('/etc/init.d/node1_elasticsearch') do
it { should be_file }
end
end
describe file('/etc/elasticsearch/node1/log4j2.properties') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
it { should contain 'CUSTOM LOG4J FILE' }
end
end

2
test/integration/helpers/serverspec/standard_spec.rb → test/integration/helpers/serverspec/oss_spec.rb
View file

@ -1,6 +1,6 @@
require 'spec_helper'
shared_examples 'standard::init' do |vars|
shared_examples 'oss::init' do |vars|
describe user('elasticsearch') do
it { should exist }

12
test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb Normal file
View file

@ -0,0 +1,12 @@
require 'spec_helper'
shared_examples 'oss_to_xpack_upgrade::init' do |vars|
describe 'version check' do
it 'should be reported as version '+vars['es_version'] do
expect(curl_json('http://localhost:9200', username='elastic', password='changeme')['version']['number']).to eq(vars['es_version'])
end
it 'should be be running the standard (xpack) version' do
expect(curl_json('http://localhost:9200/_xpack', username='elastic', password='changeme')['tagline']).to eq('You know, for X')
end
end
end

112
test/integration/helpers/serverspec/package_spec.rb
View file

@ -1,112 +0,0 @@
require 'spec_helper'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
shared_examples 'package::init' do |vars|
describe user('elasticsearch') do
it { should exist }
end
describe service('node1_elasticsearch') do
it { should be_running }
end
describe package(vars['es_package_name']) do
it { should be_installed }
end
describe file('/etc/elasticsearch/node1/elasticsearch.yml') do
it { should be_file }
it { should contain 'http.port: 9200' }
it { should contain 'transport.tcp.port: 9300' }
it { should contain 'discovery.zen.ping.unicast.hosts: localhost:9300' }
end
describe file('/etc/elasticsearch/node1/scripts') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/node1/scripts/calculate-score.groovy') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe 'Node listening' do
it 'listening in port 9200' do
expect(port 9200).to be_listening
end
end
describe file('/etc/elasticsearch/templates') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/templates/basic.json') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe 'Template Installed' do
it 'should be reported as being installed', :retry => 3, :retry_wait => 10 do
command = command('curl -s "localhost:9200/_template/basic"')
expect(command.stdout).to match(/basic/)
expect(command.exit_status).to eq(0)
end
end
describe 'version check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200 | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
describe file('/usr/share/elasticsearch/plugins') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
for plugin in vars['es_plugins']
plugin = plugin['plugin']
describe file('/usr/share/elasticsearch/plugins/'+plugin) do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
#confirm plugins are installed and the correct version
describe command('curl -s localhost:9200/_nodes/plugins | grep \'"name":"'+plugin+'","version":"'+vars['es_version']+'"\'') do
its(:exit_status) { should eq 0 }
end
end
describe file('/etc/init.d/elasticsearch') do
it { should_not exist }
end
if ['debian', 'ubuntu'].include?(os[:family])
describe file('/etc/default/elasticsearch') do
its(:content) { should match '' }
end
end
if ['centos', 'redhat'].include?(os[:family])
describe file('/etc/sysconfig/elasticsearch') do
its(:content) { should match '' }
end
end
describe file('/etc/elasticsearch/elasticsearch.yml') do
it { should_not exist }
end
describe file('/etc/elasticsearch/logging.yml') do
it { should_not exist }
end
end

182
test/integration/helpers/serverspec/xpack_spec.rb
View file

@ -1,6 +1,4 @@
require 'spec_helper'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
shared_examples 'xpack::init' do |vars|
@ -36,6 +34,9 @@ shared_examples 'xpack::init' do |vars|
end
it { should contain 'path.data: /var/lib/elasticsearch/localhost-security_node' }
it { should contain 'path.logs: /var/log/elasticsearch/localhost-security_node' }
it { should contain 'xpack.security.enabled: false' }
it { should contain 'xpack.watcher.enabled: false' }
end
describe 'Node listening' do
@ -46,7 +47,7 @@ shared_examples 'xpack::init' do |vars|
describe 'version check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200 -u es_admin:changeMeAgain | grep number')
command = command('curl -s localhost:9200 | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
@ -76,30 +77,31 @@ shared_examples 'xpack::init' do |vars|
it { should_not exist }
end
#Xpack specific tests
describe file('/usr/share/elasticsearch/plugins') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
#Test if x-pack is activated
describe 'x-pack activation' do
it 'should be activated and valid' do
command = command('curl -s localhost:9200/_license?pretty=true')
expect(command.stdout).to match('"status" : "active"')
expect(command.exit_status).to eq(0)
end
end
# X-Pack is no longer installed as a plugin in elasticsearch
if vars['es_major_version'] == '5.x'
describe file('/usr/share/elasticsearch/plugins') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/usr/share/elasticsearch/plugins/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMeAgain | grep x-pack') do
its(:exit_status) { should eq 0 }
end
describe file('/usr/share/elasticsearch/plugins/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe 'xpack plugin' do
describe 'x-pack-core plugin' do
it 'should be installed with the correct version' do
plugins = curl_json('http://localhost:9200/_nodes/plugins', username='es_admin', password='changeMeAgain')
plugins = curl_json('http://localhost:9200/_nodes/plugins')
node, data = plugins['nodes'].first
version = 'plugin not found'
name = 'x-pack'
@ -112,149 +114,25 @@ shared_examples 'xpack::init' do |vars|
expect(version).to eql(vars['es_version'])
end
end
end
#Test if x-pack is activated
describe 'x-pack activation' do
it 'should be activated and valid' do
command = command('curl -s localhost:9200/_license?pretty=true -u es_admin:changeMeAgain')
expect(command.stdout).to match('"status" : "active"')
expect(command.exit_status).to eq(0)
end
end
describe file('/etc/elasticsearch/security_node/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
for plugin in vars['es_plugins']
plugin = plugin['plugin']
describe file('/usr/share/elasticsearch/plugins/'+plugin) do
describe file('/etc/elasticsearch/security_node/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe command('curl -s localhost:9200/_nodes/plugins -u es_admin:changeMeAgain | grep \'"name":"'+plugin+'","version":"'+vars['es_version']+'"\'') do
its(:exit_status) { should eq 0 }
end
end
#Test users file, users_roles and roles.yml
describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/users_roles') do
it { should be_owned_by 'elasticsearch' }
it { should contain 'admin:es_admin' }
it { should contain 'power_user:testUser' }
describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMeAgain | grep x-pack') do
its(:exit_status) { should eq 0 }
end
describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/users') do
it { should be_owned_by 'elasticsearch' }
it { should contain 'testUser:' }
it { should contain 'es_admin:' }
describe command('curl -s localhost:9200/_xpack') do
its(:stdout_as_json) { should include('features' => include('security' => include('enabled' => false))) }
its(:stdout_as_json) { should include('features' => include('watcher' => include('enabled' => false))) }
its(:stdout_as_json) { should include('features' => include('graph' => include('enabled' => true))) }
its(:stdout_as_json) { should include('features' => include('monitoring' => include('enabled' => true))) }
its(:stdout_as_json) { should include('features' => include('ml' => include('enabled' => true))) }
end
describe 'security roles' do
it 'should list the security roles' do
roles = curl_json('http://localhost:9200/_xpack/security/role', username='es_admin', password='changeMeAgain')
expect(roles.key?('superuser'))
end
end
describe file('/etc/elasticsearch/templates') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/templates/basic.json') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe 'Template Installed' do
it 'should be reported as being installed', :retry => 3, :retry_wait => 10 do
command = command('curl -s "localhost:9200/_template/basic" -u es_admin:changeMeAgain')
expect(command.stdout).to match(/basic/)
expect(command.exit_status).to eq(0)
end
end
#This is possibly subject to format changes in the response across versions so may fail in the future
describe 'Template Contents Correct' do
it 'should be reported as being installed', :retry => 3, :retry_wait => 10 do
template = curl_json('http://localhost:9200/_template/basic', username='es_admin', password='changeMeAgain')
expect(template.key?('basic'))
expect(template['basic']['settings']['index']['number_of_shards']).to eq("1")
expect(template['basic']['mappings']['type1']['_source']['enabled']).to eq(false)
end
end
#Test contents of Elasticsearch.yml file
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
it { should contain 'security.authc.realms.file1.order: 0' }
it { should contain 'security.authc.realms.file1.type: file' }
it { should contain 'security.authc.realms.native1.order: 1' }
it { should contain 'security.authc.realms.native1.type: native' }
end
#Test contents of role_mapping.yml
describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/role_mapping.yml') do
it { should be_owned_by 'elasticsearch' }
it { should contain 'power_user:' }
it { should contain '- cn=admins,dc=example,dc=com' }
it { should contain 'user:' }
it { should contain '- cn=admins,dc=example,dc=com' }
end
#check accounts are correct i.e. we can auth and they have the correct roles
describe 'kibana4_server access check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200/ -u kibana4_server:changeMe | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
describe 'security users' do
result = curl_json('http://localhost:9200/_xpack/security/user', username='elastic', password='elasticChanged')
it 'should have the elastic user' do
expect(result['elastic']['username']).to eq('elastic')
expect(result['elastic']['roles']).to eq(['superuser'])
expect(result['elastic']['enabled']).to eq(true)
end
it 'should have the kibana user' do
expect(result['kibana']['username']).to eq('kibana')
expect(result['kibana']['roles']).to eq(['kibana_system'])
expect(result['kibana']['enabled']).to eq(true)
end
it 'should have the kibana_server user' do
expect(result['kibana4_server']['username']).to eq('kibana4_server')
expect(result['kibana4_server']['roles']).to eq(['kibana4_server'])
expect(result['kibana4_server']['enabled']).to eq(true)
end
it 'should have the logstash user' do
expect(result['logstash_system']['username']).to eq('logstash_system')
expect(result['logstash_system']['roles']).to eq(['logstash_system'])
expect(result['logstash_system']['enabled']).to eq(true)
end
end
describe 'logstash_system access check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200/ -u logstash_system:aNewLogstashPassword | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
if vars['es_major_version'] == '5.x' # kibana default password has been removed in 6.x
describe 'kibana access check' do
it 'should be reported as version '+vars['es_version'] do
result = curl_json('http://localhost:9200/', username='kibana', password='changeme')
expect(result['version']['number']).to eq(vars['es_version'])
end
end
end
end

138
test/integration/helpers/serverspec/xpack_standard_spec.rb
View file

@ -1,138 +0,0 @@
require 'spec_helper'
shared_examples 'xpack_standard::init' do |vars|
describe user('elasticsearch') do
it { should exist }
end
describe service('security_node_elasticsearch') do
it { should be_running }
end
describe package(vars['es_package_name']) do
it { should be_installed }
end
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/security_node/log4j2.properties') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
it { should contain 'node.name: localhost-security_node' }
it { should contain 'cluster.name: elasticsearch' }
if vars['es_major_version'] == '6.x'
it { should_not contain 'path.conf: /etc/elasticsearch/security_node' }
else
it { should contain 'path.conf: /etc/elasticsearch/security_node' }
end
it { should contain 'path.data: /var/lib/elasticsearch/localhost-security_node' }
it { should contain 'path.logs: /var/log/elasticsearch/localhost-security_node' }
it { should contain 'xpack.security.enabled: false' }
it { should contain 'xpack.watcher.enabled: false' }
end
describe 'Node listening' do
it 'listening in port 9200' do
expect(port 9200).to be_listening
end
end
describe 'version check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200 | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
describe file('/etc/init.d/elasticsearch') do
it { should_not exist }
end
if ['debian', 'ubuntu'].include?(os[:family])
describe file('/etc/default/elasticsearch') do
its(:content) { should match '' }
end
end
if ['centos', 'redhat'].include?(os[:family])
describe file('/etc/sysconfig/elasticsearch') do
its(:content) { should match '' }
end
end
describe file('/etc/elasticsearch/elasticsearch.yml') do
it { should_not exist }
end
describe file('/etc/elasticsearch/logging.yml') do
it { should_not exist }
end
#Xpack specific tests
describe file('/usr/share/elasticsearch/plugins') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
#Test if x-pack is activated
describe 'x-pack activation' do
it 'should be activated and valid' do
command = command('curl -s localhost:9200/_license?pretty=true')
expect(command.stdout).to match('"status" : "active"')
expect(command.exit_status).to eq(0)
end
end
# X-Pack is no longer installed as a plugin in elasticsearch
if vars['es_major_version'] == '5.x'
describe file('/usr/share/elasticsearch/plugins/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe 'x-pack-core plugin' do
it 'should be installed with the correct version' do
plugins = curl_json('http://localhost:9200/_nodes/plugins')
node, data = plugins['nodes'].first
version = 'plugin not found'
name = 'x-pack'
data['plugins'].each do |plugin|
if plugin['name'] == name
version = plugin['version']
end
end
expect(version).to eql(vars['es_version'])
end
end
describe file('/etc/elasticsearch/security_node/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
end
describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMeAgain | grep x-pack') do
its(:exit_status) { should eq 0 }
end
describe command('curl -s localhost:9200/_xpack') do
its(:stdout_as_json) { should include('features' => include('security' => include('enabled' => false))) }
its(:stdout_as_json) { should include('features' => include('watcher' => include('enabled' => false))) }
its(:stdout_as_json) { should include('features' => include('graph' => include('enabled' => true))) }
its(:stdout_as_json) { should include('features' => include('monitoring' => include('enabled' => true))) }
its(:stdout_as_json) { should include('features' => include('ml' => include('enabled' => true))) }
end
end

260
test/integration/helpers/serverspec/xpack_upgrade_spec.rb Normal file
View file

@ -0,0 +1,260 @@
require 'spec_helper'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
shared_examples 'xpack_upgrade::init' do |vars|
describe user('elasticsearch') do
it { should exist }
end
describe service('security_node_elasticsearch') do
it { should be_running }
end
describe package(vars['es_package_name']) do
it { should be_installed }
end
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/security_node/log4j2.properties') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
it { should contain 'node.name: localhost-security_node' }
it { should contain 'cluster.name: elasticsearch' }
if vars['es_major_version'] == '6.x'
it { should_not contain 'path.conf: /etc/elasticsearch/security_node' }
else
it { should contain 'path.conf: /etc/elasticsearch/security_node' }
end
it { should contain 'path.data: /var/lib/elasticsearch/localhost-security_node' }
it { should contain 'path.logs: /var/log/elasticsearch/localhost-security_node' }
end
describe 'Node listening' do
it 'listening in port 9200' do
expect(port 9200).to be_listening
end
end
describe 'version check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200 -u es_admin:changeMeAgain | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
describe file('/etc/init.d/elasticsearch') do
it { should_not exist }
end
if ['debian', 'ubuntu'].include?(os[:family])
describe file('/etc/default/elasticsearch') do
its(:content) { should match '' }
end
end
if ['centos', 'redhat'].include?(os[:family])
describe file('/etc/sysconfig/elasticsearch') do
its(:content) { should match '' }
end
end
describe file('/etc/elasticsearch/elasticsearch.yml') do
it { should_not exist }
end
describe file('/etc/elasticsearch/logging.yml') do
it { should_not exist }
end
# X-Pack is no longer installed as a plugin in elasticsearch
if vars['es_major_version'] == '5.x'
describe file('/usr/share/elasticsearch/plugins') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/usr/share/elasticsearch/plugins/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMeAgain | grep x-pack') do
its(:exit_status) { should eq 0 }
end
describe file('/usr/share/elasticsearch/plugins/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe 'xpack plugin' do
it 'should be installed with the correct version' do
plugins = curl_json('http://localhost:9200/_nodes/plugins', username='es_admin', password='changeMeAgain')
node, data = plugins['nodes'].first
version = 'plugin not found'
name = 'x-pack'
data['plugins'].each do |plugin|
if plugin['name'] == name
version = plugin['version']
end
end
expect(version).to eql(vars['es_version'])
end
end
end
#Test if x-pack is activated
describe 'x-pack activation' do
it 'should be activated and valid' do
command = command('curl -s localhost:9200/_license?pretty=true -u es_admin:changeMeAgain')
expect(command.stdout).to match('"status" : "active"')
expect(command.exit_status).to eq(0)
end
end
describe file('/etc/elasticsearch/security_node/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
for plugin in vars['es_plugins']
plugin = plugin['plugin']
describe file('/usr/share/elasticsearch/plugins/'+plugin) do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe command('curl -s localhost:9200/_nodes/plugins -u es_admin:changeMeAgain | grep \'"name":"'+plugin+'","version":"'+vars['es_version']+'"\'') do
its(:exit_status) { should eq 0 }
end
end
#Test users file, users_roles and roles.yml
describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/users_roles') do
it { should be_owned_by 'elasticsearch' }
it { should contain 'admin:es_admin' }
it { should contain 'power_user:testUser' }
end
describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/users') do
it { should be_owned_by 'elasticsearch' }
it { should contain 'testUser:' }
it { should contain 'es_admin:' }
end
describe 'security roles' do
it 'should list the security roles' do
roles = curl_json('http://localhost:9200/_xpack/security/role', username='es_admin', password='changeMeAgain')
expect(roles.key?('superuser'))
end
end
describe file('/etc/elasticsearch/templates') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/templates/basic.json') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe 'Template Installed' do
it 'should be reported as being installed', :retry => 3, :retry_wait => 10 do
command = command('curl -s "localhost:9200/_template/basic" -u es_admin:changeMeAgain')
expect(command.stdout).to match(/basic/)
expect(command.exit_status).to eq(0)
end
end
#This is possibly subject to format changes in the response across versions so may fail in the future
describe 'Template Contents Correct' do
it 'should be reported as being installed', :retry => 3, :retry_wait => 10 do
template = curl_json('http://localhost:9200/_template/basic', username='es_admin', password='changeMeAgain')
expect(template.key?('basic'))
expect(template['basic']['settings']['index']['number_of_shards']).to eq("1")
expect(template['basic']['mappings']['type1']['_source']['enabled']).to eq(false)
end
end
#Test contents of Elasticsearch.yml file
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
it { should contain 'security.authc.realms.file1.order: 0' }
it { should contain 'security.authc.realms.file1.type: file' }
it { should contain 'security.authc.realms.native1.order: 1' }
it { should contain 'security.authc.realms.native1.type: native' }
end
#Test contents of role_mapping.yml
describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/role_mapping.yml') do
it { should be_owned_by 'elasticsearch' }
it { should contain 'power_user:' }
it { should contain '- cn=admins,dc=example,dc=com' }
it { should contain 'user:' }
it { should contain '- cn=admins,dc=example,dc=com' }
end
#check accounts are correct i.e. we can auth and they have the correct roles
describe 'kibana4_server access check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200/ -u kibana4_server:changeMe | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
describe 'security users' do
result = curl_json('http://localhost:9200/_xpack/security/user', username='elastic', password='elasticChanged')
it 'should have the elastic user' do
expect(result['elastic']['username']).to eq('elastic')
expect(result['elastic']['roles']).to eq(['superuser'])
expect(result['elastic']['enabled']).to eq(true)
end
it 'should have the kibana user' do
expect(result['kibana']['username']).to eq('kibana')
expect(result['kibana']['roles']).to eq(['kibana_system'])
expect(result['kibana']['enabled']).to eq(true)
end
it 'should have the kibana_server user' do
expect(result['kibana4_server']['username']).to eq('kibana4_server')
expect(result['kibana4_server']['roles']).to eq(['kibana4_server'])
expect(result['kibana4_server']['enabled']).to eq(true)
end
it 'should have the logstash user' do
expect(result['logstash_system']['username']).to eq('logstash_system')
expect(result['logstash_system']['roles']).to eq(['logstash_system'])
expect(result['logstash_system']['enabled']).to eq(true)
end
end
describe 'logstash_system access check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200/ -u logstash_system:aNewLogstashPassword | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
if vars['es_major_version'] == '5.x' # kibana default password has been removed in 6.x
describe 'kibana access check' do
it 'should be reported as version '+vars['es_version'] do
result = curl_json('http://localhost:9200/', username='kibana', password='changeme')
expect(result['version']['number']).to eq(vars['es_version'])
end
end
end
end

25
test/integration/oss-to-xpack-upgrade.yml Normal file
View file

@ -0,0 +1,25 @@
---
- name: Standard test for single node setup. Tests idempotence.
hosts: localhost
tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- { role: elasticsearch, es_instance_name: "node1" }
vars:
es_version: "{{ '6.2.4' if es_major_version == '6.x' else '5.6.9' }}" # This is set to an older version than the current default to force an upgrade
es_enable_xpack: false
es_heap_size: "1g"
- name: Standard test for single node setup. Tests idempotence.
hosts: localhost
tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- { role: elasticsearch, es_instance_name: "node1" }
vars:
es_enable_xpack: true
es_api_basic_auth_username: elastic
es_api_basic_auth_password: changeme
es_heap_size: "1g"
es_xpack_features:
- security

0
test/integration/standard/standard.yml → test/integration/oss-to-xpack-upgrade/oss-to-xpack-upgrade.yml
View file

7
test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb Normal file
View file

@ -0,0 +1,7 @@
require 'oss_to_xpack_upgrade_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'oss to xpack upgrade Tests' do
include_examples 'oss_to_xpack_upgrade::init', vars
end

0
test/integration/standard.yml → test/integration/oss.yml
View file

0
test/integration/xpack-standard/xpack-standard.yml → test/integration/oss/oss.yml
View file

10
test/integration/oss/serverspec/default_spec.rb Normal file
View file

@ -0,0 +1,10 @@
require 'oss_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'OSS Tests' do
include_examples 'oss::init', vars
end

10
test/integration/standard/serverspec/default_spec.rb
View file

@ -1,10 +0,0 @@
require 'standard_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'Standard Tests' do
include_examples 'standard::init', vars
end

16
test/integration/xpack-standard.yml
View file

@ -1,16 +0,0 @@
#Tests x-pack is idempotent and works when security is not enabled
---
- name: Elasticsearch Xpack tests - no security and manual download
hosts: localhost
tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- { role: elasticsearch, es_api_port: 9200, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300" }, es_instance_name: "security_node" }
vars:
es_xpack_custom_url: "https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-{{ es_version }}.zip"
es_heap_size: 2g
es_enable_xpack: true
es_xpack_features:
- monitoring
- graph
- ml

7
test/integration/xpack-standard/serverspec/default_spec.rb
View file

@ -1,7 +0,0 @@
require 'xpack_standard_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'Xpack Standard Tests' do
include_examples 'xpack_standard::init', vars
end

158
test/integration/xpack-upgrade.yml Normal file
View file

@ -0,0 +1,158 @@
---
- name: Elasticsearch Xpack tests initial
hosts: localhost
tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- { role: elasticsearch, es_api_port: 9200, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300",
"xpack.security.authc.realms.file1.type": "file","xpack.security.authc.realms.file1.order": 0, "xpack.security.authc.realms.native1.type": "native","xpack.security.authc.realms.native1.order": 1 },
es_instance_name: "security_node" }
vars:
es_heap_size: "1g"
es_templates: true
es_version: "{{ '6.2.4' if es_major_version == '6.x' else '5.6.9' }}" # This is set to an older version than the current default to force an upgrade
es_enable_xpack: true
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
es_plugins:
- plugin: ingest-geoip
es_xpack_features:
- security
- alerting
es_api_basic_auth_username: elastic
es_api_basic_auth_password: changeme
es_message_auth_file: system_key
es_role_mapping:
power_user:
- "cn=admins,dc=example,dc=com"
user:
- "cn=users,dc=example,dc=com"
- "cn=admins,dc=example,dc=com"
es_users:
native:
kibana4_server:
password: changeMe
roles:
- kibana4_server
logstash_system:
#this should be successfully modified
password: aNewLogstashPassword
#this will be ignored
roles:
- kibana4_server
elastic:
password: elasticChanged
file:
es_admin:
password: changeMe
roles:
- admin
testUser:
password: changeMeAlso!
roles:
- power_user
- user
es_roles:
file:
admin:
cluster:
- all
indices:
- names: '*'
privileges:
- all
power_user:
cluster:
- monitor
indices:
- names: '*'
privileges:
- all
user:
indices:
- names: '*'
privileges:
- read
kibana4_server:
cluster:
- monitor
indices:
- names: '.kibana'
privileges:
- all
native:
logstash:
cluster:
- manage_index_templates
indices:
- names: 'logstash-*'
privileges:
- write
- delete
- create_index
#this will be ignored - its reserved
logstash_system:
cluster:
- manage_index_templates
indices:
- names: 'logstash-*'
privileges:
- write
- delete
- create_index
#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed.
- name: Elasticsearch Xpack modify
hosts: localhost
tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- role: elasticsearch
es_api_port: 9200
es_instance_name: "security_node"
es_config:
http.port: 9200
transport.tcp.port: 9300
discovery.zen.ping.unicast.hosts: "localhost:9300"
xpack.security.enabled: True
xpack.security.authc.realms.file1.type: "file"
xpack.security.authc.realms.file1.order: 0
xpack.security.authc.realms.native1.type: "native"
xpack.security.authc.realms.native1.order: 1
vars:
es_heap_size: "1g"
es_templates: true
es_enable_xpack: true
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
es_plugins:
- plugin: ingest-attachment
es_xpack_features:
- security
- alerting
es_api_basic_auth_username: elastic
es_api_basic_auth_password: elasticChanged
es_role_mapping:
power_user:
- "cn=admins,dc=example,dc=com"
user:
- "cn=users,dc=example,dc=com"
- "cn=admins,dc=example,dc=com"
es_users:
native:
kibana4_server:
password: changeMe
roles:
- kibana4_server
logstash_system:
#this will be ignored
roles:
- kibana4_server
file:
es_admin:
password: changeMeAgain
roles:
- admin
testUser:
password: changeMeAlso!
roles:
- power_user
- user

7
test/integration/xpack-upgrade/serverspec/default_spec.rb Normal file
View file

@ -0,0 +1,7 @@
require 'xpack_upgrade_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'Xpack upgrade Tests' do
include_examples 'xpack_upgrade::init', vars
end

2
test/integration/xpack-upgrade/xpack-upgrade.yml Normal file
View file

@ -0,0 +1,2 @@
---
- host: test-kitchen

158
test/integration/xpack.yml
View file

@ -1,158 +1,16 @@
#Tests x-pack is idempotent and works when security is not enabled
---
- name: Elasticsearch Xpack tests initial
- name: Elasticsearch Xpack tests - no security and manual download
hosts: localhost
tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- { role: elasticsearch, es_api_port: 9200, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300",
"xpack.security.authc.realms.file1.type": "file","xpack.security.authc.realms.file1.order": 0, "xpack.security.authc.realms.native1.type": "native","xpack.security.authc.realms.native1.order": 1 },
es_instance_name: "security_node" }
- { role: elasticsearch, es_api_port: 9200, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300" }, es_instance_name: "security_node" }
vars:
es_heap_size: "1g"
es_templates: true
es_version: "{{ '6.2.4' if es_major_version == '6.x' else '5.6.9' }}" # This is set to an older version than the current default to force an upgrade
es_xpack_custom_url: "https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-{{ es_version }}.zip"
es_heap_size: 2g
es_enable_xpack: true
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
es_plugins:
- plugin: ingest-geoip
es_xpack_features:
- security
- alerting
es_api_basic_auth_username: elastic
es_api_basic_auth_password: changeme
es_message_auth_file: system_key
es_role_mapping:
power_user:
- "cn=admins,dc=example,dc=com"
user:
- "cn=users,dc=example,dc=com"
- "cn=admins,dc=example,dc=com"
es_users:
native:
kibana4_server:
password: changeMe
roles:
- kibana4_server
logstash_system:
#this should be successfully modified
password: aNewLogstashPassword
#this will be ignored
roles:
- kibana4_server
elastic:
password: elasticChanged
file:
es_admin:
password: changeMe
roles:
- admin
testUser:
password: changeMeAlso!
roles:
- power_user
- user
es_roles:
file:
admin:
cluster:
- all
indices:
- names: '*'
privileges:
- all
power_user:
cluster:
- monitor
indices:
- names: '*'
privileges:
- all
user:
indices:
- names: '*'
privileges:
- read
kibana4_server:
cluster:
- monitor
indices:
- names: '.kibana'
privileges:
- all
native:
logstash:
cluster:
- manage_index_templates
indices:
- names: 'logstash-*'
privileges:
- write
- delete
- create_index
#this will be ignored - its reserved
logstash_system:
cluster:
- manage_index_templates
indices:
- names: 'logstash-*'
privileges:
- write
- delete
- create_index
#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed.
- name: Elasticsearch Xpack modify
hosts: localhost
tasks:
- include: elasticsearch/test/integration/debug.yml
roles:
- role: elasticsearch
es_api_port: 9200
es_instance_name: "security_node"
es_config:
http.port: 9200
transport.tcp.port: 9300
discovery.zen.ping.unicast.hosts: "localhost:9300"
xpack.security.enabled: True
xpack.security.authc.realms.file1.type: "file"
xpack.security.authc.realms.file1.order: 0
xpack.security.authc.realms.native1.type: "native"
xpack.security.authc.realms.native1.order: 1
vars:
es_heap_size: "1g"
es_templates: true
es_enable_xpack: true
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
es_plugins:
- plugin: ingest-attachment
es_xpack_features:
- security
- alerting
es_api_basic_auth_username: elastic
es_api_basic_auth_password: elasticChanged
es_role_mapping:
power_user:
- "cn=admins,dc=example,dc=com"
user:
- "cn=users,dc=example,dc=com"
- "cn=admins,dc=example,dc=com"
es_users:
native:
kibana4_server:
password: changeMe
roles:
- kibana4_server
logstash_system:
#this will be ignored
roles:
- kibana4_server
file:
es_admin:
password: changeMeAgain
roles:
- admin
testUser:
password: changeMeAlso!
roles:
- power_user
- user
- monitoring
- graph
- ml

2
test/integration/xpack/serverspec/default_spec.rb
View file

@ -2,6 +2,6 @@ require 'xpack_spec'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
describe 'Xpack Tests' do
describe 'Xpack upgrade Tests' do
include_examples 'xpack::init', vars
end

12
test/matrix.yml
View file

@ -7,11 +7,9 @@ OS:
- debian-8
- centos-7
TEST_TYPE:
- standard
- package
- config
- multi
- xpack
- xpack-standard
- issue-test
- oss
- oss-upgrade
- oss-to-xpack-upgrade
- xpack
- xpack-upgrade
- multi