santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move to new testing suite names

Browse source 
This commit is just moving the tests to their new names. The config,
packge and issue test suites have been removed and the tests from these
will be incorporated into the oss and xpack tests.

oss: Standard elasticsearch-oss role with idempotency test

oss-upgrade: Upgrade from previous minor version oss to current minor version oss

oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack

xpack: Standard elasticsearch (with xpack) role with idempotency test

xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack

multi: Tests multiple instances of elasticsearch on a single machine
This commit is contained in:
Michael Russell 2018-06-19 10:39:16 +02:00
parent f61cf5e590
commit da58c5f0dd
No known key found for this signature in database
GPG key ID: A90C1696496085FE
23 changed files with 548 additions and 796 deletions
Download patch file Download diff file Expand all files Collapse all files

163
test/integration/helpers/serverspec/config_spec.rb
View file

@ -1,163 +0,0 @@
require 'spec_helper'
shared_examples 'config::init' do |vars|
describe user('elasticsearch') do
it { should exist }
end
describe group('elasticsearch') do
it { should have_gid 333 }
end
describe user('elasticsearch') do
it { should have_uid 333 }
end
describe service('node1_elasticsearch') do
it { should be_running }
end
describe package(vars['es_package_name']) do
it { should be_installed }
end
describe file('/etc/elasticsearch/node1/elasticsearch.yml') do
it { should be_file }
end
#test configuration parameters have been set - test all appropriately set in config file
describe file('/etc/elasticsearch/node1/elasticsearch.yml') do
it { should contain 'http.port: 9401' }
it { should contain 'transport.tcp.port: 9501' }
it { should contain 'node.data: true' }
it { should contain 'node.master: true' }
it { should contain 'cluster.name: custom-cluster' }
it { should contain 'node.name: node1' }
it { should contain 'bootstrap.memory_lock: true' }
it { should contain 'discovery.zen.ping.unicast.hosts: localhost:9501' }
if vars['es_major_version'] == '6.x'
it { should_not contain 'path.conf: /etc/elasticsearch/node1' }
else
it { should contain 'path.conf: /etc/elasticsearch/node1' }
end
it { should contain 'path.data: /opt/elasticsearch/data-1/localhost-node1,/opt/elasticsearch/data-2/localhost-node1' }
it { should contain 'path.logs: /opt/elasticsearch/logs/localhost-node1' }
end
#test directories exist
describe file('/etc/elasticsearch/node1') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/opt/elasticsearch/data-1/localhost-node1') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/opt/elasticsearch/data-2/localhost-node1') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/opt/elasticsearch/logs/localhost-node1') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
#test we started on the correct port was used
describe command('curl -s "localhost:9401"') do
#TODO: This is returning an empty string
#its(:stdout) { should match /\"status\" : 200/ }
its(:exit_status) { should eq 0 }
end
#test to make sure mlock was applied
describe command('curl -s "localhost:9401/_nodes/process?pretty" | grep mlockall') do
its(:stdout) { should match /true/ }
its(:exit_status) { should eq 0 }
end
describe 'version check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9401 | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
for plugin in vars['es_plugins']
plugin = plugin['plugin']
describe file('/usr/share/elasticsearch/plugins/'+plugin) do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
#confirm plugins are installed and the correct version
describe command('curl -s localhost:9401/_nodes/plugins | grep \'"name":"'+plugin+'","version":"'+vars['es_version']+'"\'') do
its(:exit_status) { should eq 0 }
end
end
#explit test to make sure ingest-geoip is not installed
describe file('/usr/share/elasticsearch/plugins/ingest-geoip') do
it { should_not exist }
end
#confirm plugins are installed and the correct version
describe command('curl -s localhost:9200/_nodes/plugins | grep \'"name":"ingest-geoip","version":"'+vars['es_version']+'"\'') do
its(:exit_status) { should eq 1 }
end
describe file('/etc/init.d/elasticsearch') do
it { should_not exist }
end
if ['debian', 'ubuntu'].include?(os[:family])
describe file('/etc/default/elasticsearch') do
its(:content) { should match '' }
end
end
if ['centos', 'redhat'].include?(os[:family])
describe file('/etc/sysconfig/elasticsearch') do
its(:content) { should match '' }
end
end
describe file('/etc/elasticsearch/elasticsearch.yml') do
it { should_not exist }
end
describe file('/etc/elasticsearch/logging.yml') do
it { should_not exist }
end
#Init vs Systemd tests
#Ubuntu 15 and up
#Debian 8 and up
#Centos 7 and up
if (((os[:family] == 'redhat' || os[:family] == 'centos') && os[:release].to_f >= 7.0) ||
(os[:family] == 'ubuntu' && os[:release].to_f >= 15.0) ||
(os[:family] == 'debian' && os[:release].to_f >= 8.0))
describe file('/usr/lib/systemd/system/node1_elasticsearch.service') do
it { should be_file }
it { should contain 'LimitMEMLOCK=infinity' }
it { should contain 'LimitNPROC=3000' }
end
else
describe file('/etc/init.d/node1_elasticsearch') do
it { should be_file }
end
end
describe file('/etc/elasticsearch/node1/log4j2.properties') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
it { should contain 'CUSTOM LOG4J FILE' }
end
end

2
test/integration/helpers/serverspec/standard_spec.rb → test/integration/helpers/serverspec/oss_spec.rb
View file

@ -1,6 +1,6 @@
require 'spec_helper'
shared_examples 'standard::init' do |vars|
shared_examples 'oss::init' do |vars|
describe user('elasticsearch') do
it { should exist }

12
test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb Normal file
View file

@ -0,0 +1,12 @@
require 'spec_helper'
shared_examples 'oss_to_xpack_upgrade::init' do |vars|
describe 'version check' do
it 'should be reported as version '+vars['es_version'] do
expect(curl_json('http://localhost:9200', username='elastic', password='changeme')['version']['number']).to eq(vars['es_version'])
end
it 'should be be running the standard (xpack) version' do
expect(curl_json('http://localhost:9200/_xpack', username='elastic', password='changeme')['tagline']).to eq('You know, for X')
end
end
end

112
test/integration/helpers/serverspec/package_spec.rb
View file

@ -1,112 +0,0 @@
require 'spec_helper'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
shared_examples 'package::init' do |vars|
describe user('elasticsearch') do
it { should exist }
end
describe service('node1_elasticsearch') do
it { should be_running }
end
describe package(vars['es_package_name']) do
it { should be_installed }
end
describe file('/etc/elasticsearch/node1/elasticsearch.yml') do
it { should be_file }
it { should contain 'http.port: 9200' }
it { should contain 'transport.tcp.port: 9300' }
it { should contain 'discovery.zen.ping.unicast.hosts: localhost:9300' }
end
describe file('/etc/elasticsearch/node1/scripts') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/node1/scripts/calculate-score.groovy') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe 'Node listening' do
it 'listening in port 9200' do
expect(port 9200).to be_listening
end
end
describe file('/etc/elasticsearch/templates') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/templates/basic.json') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe 'Template Installed' do
it 'should be reported as being installed', :retry => 3, :retry_wait => 10 do
command = command('curl -s "localhost:9200/_template/basic"')
expect(command.stdout).to match(/basic/)
expect(command.exit_status).to eq(0)
end
end
describe 'version check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200 | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
describe file('/usr/share/elasticsearch/plugins') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
for plugin in vars['es_plugins']
plugin = plugin['plugin']
describe file('/usr/share/elasticsearch/plugins/'+plugin) do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
#confirm plugins are installed and the correct version
describe command('curl -s localhost:9200/_nodes/plugins | grep \'"name":"'+plugin+'","version":"'+vars['es_version']+'"\'') do
its(:exit_status) { should eq 0 }
end
end
describe file('/etc/init.d/elasticsearch') do
it { should_not exist }
end
if ['debian', 'ubuntu'].include?(os[:family])
describe file('/etc/default/elasticsearch') do
its(:content) { should match '' }
end
end
if ['centos', 'redhat'].include?(os[:family])
describe file('/etc/sysconfig/elasticsearch') do
its(:content) { should match '' }
end
end
describe file('/etc/elasticsearch/elasticsearch.yml') do
it { should_not exist }
end
describe file('/etc/elasticsearch/logging.yml') do
it { should_not exist }
end
end

182
test/integration/helpers/serverspec/xpack_spec.rb
View file

@ -1,6 +1,4 @@
require 'spec_helper'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
shared_examples 'xpack::init' do |vars|
@ -36,6 +34,9 @@ shared_examples 'xpack::init' do |vars|
end
it { should contain 'path.data: /var/lib/elasticsearch/localhost-security_node' }
it { should contain 'path.logs: /var/log/elasticsearch/localhost-security_node' }
it { should contain 'xpack.security.enabled: false' }
it { should contain 'xpack.watcher.enabled: false' }
end
describe 'Node listening' do
@ -46,7 +47,7 @@ shared_examples 'xpack::init' do |vars|
describe 'version check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200 -u es_admin:changeMeAgain | grep number')
command = command('curl -s localhost:9200 | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
@ -76,30 +77,31 @@ shared_examples 'xpack::init' do |vars|
it { should_not exist }
end
#Xpack specific tests
describe file('/usr/share/elasticsearch/plugins') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
#Test if x-pack is activated
describe 'x-pack activation' do
it 'should be activated and valid' do
command = command('curl -s localhost:9200/_license?pretty=true')
expect(command.stdout).to match('"status" : "active"')
expect(command.exit_status).to eq(0)
end
end
# X-Pack is no longer installed as a plugin in elasticsearch
if vars['es_major_version'] == '5.x'
describe file('/usr/share/elasticsearch/plugins') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/usr/share/elasticsearch/plugins/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMeAgain | grep x-pack') do
its(:exit_status) { should eq 0 }
end
describe file('/usr/share/elasticsearch/plugins/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe 'xpack plugin' do
describe 'x-pack-core plugin' do
it 'should be installed with the correct version' do
plugins = curl_json('http://localhost:9200/_nodes/plugins', username='es_admin', password='changeMeAgain')
plugins = curl_json('http://localhost:9200/_nodes/plugins')
node, data = plugins['nodes'].first
version = 'plugin not found'
name = 'x-pack'
@ -112,149 +114,25 @@ shared_examples 'xpack::init' do |vars|
expect(version).to eql(vars['es_version'])
end
end
end
#Test if x-pack is activated
describe 'x-pack activation' do
it 'should be activated and valid' do
command = command('curl -s localhost:9200/_license?pretty=true -u es_admin:changeMeAgain')
expect(command.stdout).to match('"status" : "active"')
expect(command.exit_status).to eq(0)
end
end
describe file('/etc/elasticsearch/security_node/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
for plugin in vars['es_plugins']
plugin = plugin['plugin']
describe file('/usr/share/elasticsearch/plugins/'+plugin) do
describe file('/etc/elasticsearch/security_node/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe command('curl -s localhost:9200/_nodes/plugins -u es_admin:changeMeAgain | grep \'"name":"'+plugin+'","version":"'+vars['es_version']+'"\'') do
its(:exit_status) { should eq 0 }
end
end
#Test users file, users_roles and roles.yml
describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/users_roles') do
it { should be_owned_by 'elasticsearch' }
it { should contain 'admin:es_admin' }
it { should contain 'power_user:testUser' }
describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMeAgain | grep x-pack') do
its(:exit_status) { should eq 0 }
end
describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/users') do
it { should be_owned_by 'elasticsearch' }
it { should contain 'testUser:' }
it { should contain 'es_admin:' }
describe command('curl -s localhost:9200/_xpack') do
its(:stdout_as_json) { should include('features' => include('security' => include('enabled' => false))) }
its(:stdout_as_json) { should include('features' => include('watcher' => include('enabled' => false))) }
its(:stdout_as_json) { should include('features' => include('graph' => include('enabled' => true))) }
its(:stdout_as_json) { should include('features' => include('monitoring' => include('enabled' => true))) }
its(:stdout_as_json) { should include('features' => include('ml' => include('enabled' => true))) }
end
describe 'security roles' do
it 'should list the security roles' do
roles = curl_json('http://localhost:9200/_xpack/security/role', username='es_admin', password='changeMeAgain')
expect(roles.key?('superuser'))
end
end
describe file('/etc/elasticsearch/templates') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/templates/basic.json') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe 'Template Installed' do
it 'should be reported as being installed', :retry => 3, :retry_wait => 10 do
command = command('curl -s "localhost:9200/_template/basic" -u es_admin:changeMeAgain')
expect(command.stdout).to match(/basic/)
expect(command.exit_status).to eq(0)
end
end
#This is possibly subject to format changes in the response across versions so may fail in the future
describe 'Template Contents Correct' do
it 'should be reported as being installed', :retry => 3, :retry_wait => 10 do
template = curl_json('http://localhost:9200/_template/basic', username='es_admin', password='changeMeAgain')
expect(template.key?('basic'))
expect(template['basic']['settings']['index']['number_of_shards']).to eq("1")
expect(template['basic']['mappings']['type1']['_source']['enabled']).to eq(false)
end
end
#Test contents of Elasticsearch.yml file
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
it { should contain 'security.authc.realms.file1.order: 0' }
it { should contain 'security.authc.realms.file1.type: file' }
it { should contain 'security.authc.realms.native1.order: 1' }
it { should contain 'security.authc.realms.native1.type: native' }
end
#Test contents of role_mapping.yml
describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/role_mapping.yml') do
it { should be_owned_by 'elasticsearch' }
it { should contain 'power_user:' }
it { should contain '- cn=admins,dc=example,dc=com' }
it { should contain 'user:' }
it { should contain '- cn=admins,dc=example,dc=com' }
end
#check accounts are correct i.e. we can auth and they have the correct roles
describe 'kibana4_server access check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200/ -u kibana4_server:changeMe | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
describe 'security users' do
result = curl_json('http://localhost:9200/_xpack/security/user', username='elastic', password='elasticChanged')
it 'should have the elastic user' do
expect(result['elastic']['username']).to eq('elastic')
expect(result['elastic']['roles']).to eq(['superuser'])
expect(result['elastic']['enabled']).to eq(true)
end
it 'should have the kibana user' do
expect(result['kibana']['username']).to eq('kibana')
expect(result['kibana']['roles']).to eq(['kibana_system'])
expect(result['kibana']['enabled']).to eq(true)
end
it 'should have the kibana_server user' do
expect(result['kibana4_server']['username']).to eq('kibana4_server')
expect(result['kibana4_server']['roles']).to eq(['kibana4_server'])
expect(result['kibana4_server']['enabled']).to eq(true)
end
it 'should have the logstash user' do
expect(result['logstash_system']['username']).to eq('logstash_system')
expect(result['logstash_system']['roles']).to eq(['logstash_system'])
expect(result['logstash_system']['enabled']).to eq(true)
end
end
describe 'logstash_system access check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200/ -u logstash_system:aNewLogstashPassword | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
if vars['es_major_version'] == '5.x' # kibana default password has been removed in 6.x
describe 'kibana access check' do
it 'should be reported as version '+vars['es_version'] do
result = curl_json('http://localhost:9200/', username='kibana', password='changeme')
expect(result['version']['number']).to eq(vars['es_version'])
end
end
end
end

138
test/integration/helpers/serverspec/xpack_standard_spec.rb
View file

@ -1,138 +0,0 @@
require 'spec_helper'
shared_examples 'xpack_standard::init' do |vars|
describe user('elasticsearch') do
it { should exist }
end
describe service('security_node_elasticsearch') do
it { should be_running }
end
describe package(vars['es_package_name']) do
it { should be_installed }
end
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/security_node/log4j2.properties') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
it { should contain 'node.name: localhost-security_node' }
it { should contain 'cluster.name: elasticsearch' }
if vars['es_major_version'] == '6.x'
it { should_not contain 'path.conf: /etc/elasticsearch/security_node' }
else
it { should contain 'path.conf: /etc/elasticsearch/security_node' }
end
it { should contain 'path.data: /var/lib/elasticsearch/localhost-security_node' }
it { should contain 'path.logs: /var/log/elasticsearch/localhost-security_node' }
it { should contain 'xpack.security.enabled: false' }
it { should contain 'xpack.watcher.enabled: false' }
end
describe 'Node listening' do
it 'listening in port 9200' do
expect(port 9200).to be_listening
end
end
describe 'version check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200 | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
describe file('/etc/init.d/elasticsearch') do
it { should_not exist }
end
if ['debian', 'ubuntu'].include?(os[:family])
describe file('/etc/default/elasticsearch') do
its(:content) { should match '' }
end
end
if ['centos', 'redhat'].include?(os[:family])
describe file('/etc/sysconfig/elasticsearch') do
its(:content) { should match '' }
end
end
describe file('/etc/elasticsearch/elasticsearch.yml') do
it { should_not exist }
end
describe file('/etc/elasticsearch/logging.yml') do
it { should_not exist }
end
#Xpack specific tests
describe file('/usr/share/elasticsearch/plugins') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
#Test if x-pack is activated
describe 'x-pack activation' do
it 'should be activated and valid' do
command = command('curl -s localhost:9200/_license?pretty=true')
expect(command.stdout).to match('"status" : "active"')
expect(command.exit_status).to eq(0)
end
end
# X-Pack is no longer installed as a plugin in elasticsearch
if vars['es_major_version'] == '5.x'
describe file('/usr/share/elasticsearch/plugins/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe 'x-pack-core plugin' do
it 'should be installed with the correct version' do
plugins = curl_json('http://localhost:9200/_nodes/plugins')
node, data = plugins['nodes'].first
version = 'plugin not found'
name = 'x-pack'
data['plugins'].each do |plugin|
if plugin['name'] == name
version = plugin['version']
end
end
expect(version).to eql(vars['es_version'])
end
end
describe file('/etc/elasticsearch/security_node/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
end
describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMeAgain | grep x-pack') do
its(:exit_status) { should eq 0 }
end
describe command('curl -s localhost:9200/_xpack') do
its(:stdout_as_json) { should include('features' => include('security' => include('enabled' => false))) }
its(:stdout_as_json) { should include('features' => include('watcher' => include('enabled' => false))) }
its(:stdout_as_json) { should include('features' => include('graph' => include('enabled' => true))) }
its(:stdout_as_json) { should include('features' => include('monitoring' => include('enabled' => true))) }
its(:stdout_as_json) { should include('features' => include('ml' => include('enabled' => true))) }
end
end

260
test/integration/helpers/serverspec/xpack_upgrade_spec.rb Normal file
View file

@ -0,0 +1,260 @@
require 'spec_helper'
require 'json'
vars = JSON.parse(File.read('/tmp/vars.json'))
shared_examples 'xpack_upgrade::init' do |vars|
describe user('elasticsearch') do
it { should exist }
end
describe service('security_node_elasticsearch') do
it { should be_running }
end
describe package(vars['es_package_name']) do
it { should be_installed }
end
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/security_node/log4j2.properties') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
it { should contain 'node.name: localhost-security_node' }
it { should contain 'cluster.name: elasticsearch' }
if vars['es_major_version'] == '6.x'
it { should_not contain 'path.conf: /etc/elasticsearch/security_node' }
else
it { should contain 'path.conf: /etc/elasticsearch/security_node' }
end
it { should contain 'path.data: /var/lib/elasticsearch/localhost-security_node' }
it { should contain 'path.logs: /var/log/elasticsearch/localhost-security_node' }
end
describe 'Node listening' do
it 'listening in port 9200' do
expect(port 9200).to be_listening
end
end
describe 'version check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200 -u es_admin:changeMeAgain | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
describe file('/etc/init.d/elasticsearch') do
it { should_not exist }
end
if ['debian', 'ubuntu'].include?(os[:family])
describe file('/etc/default/elasticsearch') do
its(:content) { should match '' }
end
end
if ['centos', 'redhat'].include?(os[:family])
describe file('/etc/sysconfig/elasticsearch') do
its(:content) { should match '' }
end
end
describe file('/etc/elasticsearch/elasticsearch.yml') do
it { should_not exist }
end
describe file('/etc/elasticsearch/logging.yml') do
it { should_not exist }
end
# X-Pack is no longer installed as a plugin in elasticsearch
if vars['es_major_version'] == '5.x'
describe file('/usr/share/elasticsearch/plugins') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/usr/share/elasticsearch/plugins/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMeAgain | grep x-pack') do
its(:exit_status) { should eq 0 }
end
describe file('/usr/share/elasticsearch/plugins/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe 'xpack plugin' do
it 'should be installed with the correct version' do
plugins = curl_json('http://localhost:9200/_nodes/plugins', username='es_admin', password='changeMeAgain')
node, data = plugins['nodes'].first
version = 'plugin not found'
name = 'x-pack'
data['plugins'].each do |plugin|
if plugin['name'] == name
version = plugin['version']
end
end
expect(version).to eql(vars['es_version'])
end
end
end
#Test if x-pack is activated
describe 'x-pack activation' do
it 'should be activated and valid' do
command = command('curl -s localhost:9200/_license?pretty=true -u es_admin:changeMeAgain')
expect(command.stdout).to match('"status" : "active"')
expect(command.exit_status).to eq(0)
end
end
describe file('/etc/elasticsearch/security_node/x-pack') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
for plugin in vars['es_plugins']
plugin = plugin['plugin']
describe file('/usr/share/elasticsearch/plugins/'+plugin) do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe command('curl -s localhost:9200/_nodes/plugins -u es_admin:changeMeAgain | grep \'"name":"'+plugin+'","version":"'+vars['es_version']+'"\'') do
its(:exit_status) { should eq 0 }
end
end
#Test users file, users_roles and roles.yml
describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/users_roles') do
it { should be_owned_by 'elasticsearch' }
it { should contain 'admin:es_admin' }
it { should contain 'power_user:testUser' }
end
describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/users') do
it { should be_owned_by 'elasticsearch' }
it { should contain 'testUser:' }
it { should contain 'es_admin:' }
end
describe 'security roles' do
it 'should list the security roles' do
roles = curl_json('http://localhost:9200/_xpack/security/role', username='es_admin', password='changeMeAgain')
expect(roles.key?('superuser'))
end
end
describe file('/etc/elasticsearch/templates') do
it { should be_directory }
it { should be_owned_by 'elasticsearch' }
end
describe file('/etc/elasticsearch/templates/basic.json') do
it { should be_file }
it { should be_owned_by 'elasticsearch' }
end
describe 'Template Installed' do
it 'should be reported as being installed', :retry => 3, :retry_wait => 10 do
command = command('curl -s "localhost:9200/_template/basic" -u es_admin:changeMeAgain')
expect(command.stdout).to match(/basic/)
expect(command.exit_status).to eq(0)
end
end
#This is possibly subject to format changes in the response across versions so may fail in the future
describe 'Template Contents Correct' do
it 'should be reported as being installed', :retry => 3, :retry_wait => 10 do
template = curl_json('http://localhost:9200/_template/basic', username='es_admin', password='changeMeAgain')
expect(template.key?('basic'))
expect(template['basic']['settings']['index']['number_of_shards']).to eq("1")
expect(template['basic']['mappings']['type1']['_source']['enabled']).to eq(false)
end
end
#Test contents of Elasticsearch.yml file
describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do
it { should contain 'security.authc.realms.file1.order: 0' }
it { should contain 'security.authc.realms.file1.type: file' }
it { should contain 'security.authc.realms.native1.order: 1' }
it { should contain 'security.authc.realms.native1.type: native' }
end
#Test contents of role_mapping.yml
describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/role_mapping.yml') do
it { should be_owned_by 'elasticsearch' }
it { should contain 'power_user:' }
it { should contain '- cn=admins,dc=example,dc=com' }
it { should contain 'user:' }
it { should contain '- cn=admins,dc=example,dc=com' }
end
#check accounts are correct i.e. we can auth and they have the correct roles
describe 'kibana4_server access check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200/ -u kibana4_server:changeMe | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
describe 'security users' do
result = curl_json('http://localhost:9200/_xpack/security/user', username='elastic', password='elasticChanged')
it 'should have the elastic user' do
expect(result['elastic']['username']).to eq('elastic')
expect(result['elastic']['roles']).to eq(['superuser'])
expect(result['elastic']['enabled']).to eq(true)
end
it 'should have the kibana user' do
expect(result['kibana']['username']).to eq('kibana')
expect(result['kibana']['roles']).to eq(['kibana_system'])
expect(result['kibana']['enabled']).to eq(true)
end
it 'should have the kibana_server user' do
expect(result['kibana4_server']['username']).to eq('kibana4_server')
expect(result['kibana4_server']['roles']).to eq(['kibana4_server'])
expect(result['kibana4_server']['enabled']).to eq(true)
end
it 'should have the logstash user' do
expect(result['logstash_system']['username']).to eq('logstash_system')
expect(result['logstash_system']['roles']).to eq(['logstash_system'])
expect(result['logstash_system']['enabled']).to eq(true)
end
end
describe 'logstash_system access check' do
it 'should be reported as version '+vars['es_version'] do
command = command('curl -s localhost:9200/ -u logstash_system:aNewLogstashPassword | grep number')
expect(command.stdout).to match(vars['es_version'])
expect(command.exit_status).to eq(0)
end
end
if vars['es_major_version'] == '5.x' # kibana default password has been removed in 6.x
describe 'kibana access check' do
it 'should be reported as version '+vars['es_version'] do
result = curl_json('http://localhost:9200/', username='kibana', password='changeme')
expect(result['version']['number']).to eq(vars['es_version'])
end
end
end
end