From 4826f981d78274a895a76676b7468dd1d2915bf3 Mon Sep 17 00:00:00 2001 From: David Reed Date: Sat, 6 May 2017 20:22:22 +0100 Subject: [PATCH 1/9] Fixes handler and file issues with ES templates Fixes an issue with handlers in Ansible 2.2.1+ [https://github.com/ansible/ansible/issues/20603](). Moves the load-templates handler to the top of the file to get around this issue. Fixes an issue loading installed templates into ES. The use of file lookup meant that the template files are checked on the machine that initiated the Ansible play, this only works if Ansible has been run locally, breaking for remote machines. Switched to using the slurp module to grab file contents on the target machine. --- handlers/elasticsearch-templates.yml | 20 ++++++++++---------- handlers/main.yml | 16 +++++++++------- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/handlers/elasticsearch-templates.yml b/handlers/elasticsearch-templates.yml index b1ff63a..09bee24 100644 --- a/handlers/elasticsearch-templates.yml +++ b/handlers/elasticsearch-templates.yml @@ -6,29 +6,29 @@ - name: Wait for elasticsearch to startup wait_for: host={{es_api_host}} port={{es_api_port}} delay=10 -- name: Get template files - find: paths="/etc/elasticsearch/templates" patterns="*.json" - register: templates - - name: Install templates without auth uri: - url: "http://{{es_api_host}}:{{es_api_port}}/_template/{{item.path | filename}}" + url: "http://{{es_api_host}}:{{es_api_port}}/_template/{{item | filename}}" method: PUT status_code: 200 body_format: json - body: "{{ lookup('file', item.path) }}" + body: "{{ lookup('file', item) }}" when: not es_enable_xpack or not es_xpack_features is defined or "security" not in es_xpack_features - with_items: "{{ templates.files }}" + with_fileglob: + - "{{ es_templates_fileglob | default('') }}" + run_once: True - name: Install templates with auth uri: - url: "http://{{es_api_host}}:{{es_api_port}}/_template/{{item.path | filename}}" + url: "http://{{es_api_host}}:{{es_api_port}}/_template/{{item | filename}}" method: PUT status_code: 200 user: "{{es_api_basic_auth_username}}" password: "{{es_api_basic_auth_password}}" force_basic_auth: yes body_format: json - body: "{{ lookup('file', item.path) }}" + body: "{{ lookup('file', item) }}" when: es_enable_xpack and es_xpack_features is defined and "security" in es_xpack_features - with_items: "{{ templates.files }}" + with_fileglob: + - "{{ es_templates_fileglob | default('') }}" + run_once: True diff --git a/handlers/main.yml b/handlers/main.yml index 55b95af..25921f9 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,10 +1,4 @@ -- name: reload systemd configuration - command: systemctl daemon-reload - -# Restart service and ensure it is enabled -- name: restart elasticsearch - service: name={{instance_init_script | basename}} state=restarted enabled=yes - when: es_restart_on_change and es_start_service and ((plugin_installed is defined and plugin_installed.changed) or (config_updated is defined and config_updated.changed) or (xpack_state.changed) or (debian_elasticsearch_install_from_repo.changed or redhat_elasticsearch_install_from_repo.changed or elasticsearch_install_from_package.changed)) +--- #Templates are a handler as they need to come after a restart e.g. suppose user removes security on a running node and doesn't #specify es_api_basic_auth_username and es_api_basic_auth_password. The templates will subsequently not be removed if we don't wait for the node to restart. @@ -13,3 +7,11 @@ - name: load-templates include: ./handlers/elasticsearch-templates.yml when: es_templates + +- name: reload systemd configuration + command: systemctl daemon-reload + +# Restart service and ensure it is enabled +- name: restart elasticsearch + service: name={{instance_init_script | basename}} state=restarted enabled=yes + when: es_restart_on_change and es_start_service and ((plugin_installed is defined and plugin_installed.changed) or (config_updated is defined and config_updated.changed) or (xpack_state.changed) or (debian_elasticsearch_install_from_repo.changed or redhat_elasticsearch_install_from_repo.changed or elasticsearch_install_from_package.changed)) From 77f5a7bf3cdc6abda4ba4cddc88db0b29a6ad9e9 Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Tue, 15 Aug 2017 15:00:43 +0100 Subject: [PATCH 2/9] Moving to 5.5.1 --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 59f01af..112f841 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,6 @@ --- es_major_version: "5.x" -es_version: "5.2.2" +es_version: "5.5.1" es_version_lock: false es_use_repository: true es_apt_key: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" From 88c272e2b27fd81417e9aaba1f08785135ed9d77 Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Tue, 15 Aug 2017 18:42:08 +0100 Subject: [PATCH 3/9] New x-pack test --- test/integration/xpack-limited.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 test/integration/xpack-limited.yml diff --git a/test/integration/xpack-limited.yml b/test/integration/xpack-limited.yml new file mode 100644 index 0000000..3e391a1 --- /dev/null +++ b/test/integration/xpack-limited.yml @@ -0,0 +1 @@ +#no security \ No newline at end of file From 0e2a0a5e995ef3fec42c3b8e62c56a82f59755fe Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Wed, 16 Aug 2017 11:05:40 +0100 Subject: [PATCH 4/9] Updated init, systemd, jvm.options and tests --- handlers/main.yml | 3 +- tasks/main.yml | 7 +++-- templates/elasticsearch.j2 | 5 ++- templates/elasticsearch.repo | 2 ++ templates/init/debian/elasticsearch.j2 | 31 ++++++++++--------- templates/init/redhat/elasticsearch.j2 | 7 +++-- templates/jvm.options.j2 | 22 +++++++------ templates/systemd/elasticsearch.j2 | 6 ++++ .../config-5x/serverspec/default_spec.rb | 2 +- .../multi-5x/serverspec/default_spec.rb | 2 +- .../package-5x/serverspec/default_spec.rb | 2 +- .../standard-5x/serverspec/default_spec.rb | 2 +- .../xpack-5x/serverspec/default_spec.rb | 2 +- 13 files changed, 58 insertions(+), 35 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index e233aae..fbfcfa5 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -16,4 +16,5 @@ - name: load-templates include: ./handlers/elasticsearch-templates.yml - when: es_templates + #only do templates if we're starting + when: es_templates and es_start_service \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 19d9633..9beffa1 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -46,15 +46,16 @@ - name: Make sure elasticsearch is started service: name={{instance_init_script | basename}} state=started enabled=yes + when: es_start_service - name: Wait for elasticsearch to startup wait_for: host={{es_api_host}} port={{es_api_port}} delay=5 connect_timeout=1 - when: es_restarted is defined and es_restarted.changed + when: es_restarted is defined and es_restarted.changed and es_start_service - name: activate-license include: ./xpack/security/elasticsearch-xpack-activation.yml - when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != '' + when: es_start_service and es_enable_xpack and es_xpack_license is defined and es_xpack_license != '' #perform security actions here now elasticsearch is started - include: ./xpack/security/elasticsearch-security-native.yml - when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined)) + when: es_start_service and (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined)) diff --git a/templates/elasticsearch.j2 b/templates/elasticsearch.j2 index 0c7f4a6..cb2341a 100644 --- a/templates/elasticsearch.j2 +++ b/templates/elasticsearch.j2 @@ -5,6 +5,9 @@ # Elasticsearch home directory ES_HOME={{es_home}} +# Elasticsearch Java path +#JAVA_HOME= + # Elasticsearch configuration directory CONF_DIR={{conf_dir}} @@ -56,7 +59,7 @@ MAX_OPEN_FILES={{es_max_open_files}} # The maximum number of bytes of memory that may be locked into RAM # Set to "unlimited" if you use the 'bootstrap.memory_lock: true' option -# in elasticsearch.yml (ES_HEAP_SIZE must also be set). +# in elasticsearch.yml # When using Systemd, the LimitMEMLOCK property must be set # in /usr/lib/systemd/system/elasticsearch.service #MAX_LOCKED_MEMORY= diff --git a/templates/elasticsearch.repo b/templates/elasticsearch.repo index 562f74e..b629904 100644 --- a/templates/elasticsearch.repo +++ b/templates/elasticsearch.repo @@ -4,6 +4,8 @@ baseurl=https://artifacts.elastic.co/packages/{{ es_major_version }}/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 +autorefresh=1 +type=rpm-md {% if es_proxy_host is defined and es_proxy_host != '' and es_proxy_port is defined %} proxy=http://{{ es_proxy_host }}:{{es_proxy_port}} {% endif %} diff --git a/templates/init/debian/elasticsearch.j2 b/templates/init/debian/elasticsearch.j2 index 5a21e47..64c2f0a 100755 --- a/templates/init/debian/elasticsearch.j2 +++ b/templates/init/debian/elasticsearch.j2 @@ -84,16 +84,30 @@ if [ ! -z "$CONF_FILE" ]; then exit 1 fi +if [ "$ES_USER" != "elasticsearch" ] || [ "$ES_GROUP" != "elasticsearch" ]; then + echo "WARNING: ES_USER and ES_GROUP are deprecated and will be removed in the next major version of Elasticsearch, got: [$ES_USER:$ES_GROUP]" +fi + # Define other required variables PID_FILE="$PID_DIR/$NAME.pid" -DAEMON={{es_home}}/bin/elasticsearch -DAEMON_OPTS="-d -p $PID_FILE -Edefault.path.home=$ES_HOME -Edefault.path.logs=$LOG_DIR -Edefault.path.data=$DATA_DIR -Edefault.path.conf=$CONF_DIR" +DAEMON=$ES_HOME/bin/elasticsearch +DAEMON_OPTS="-d -p $PID_FILE -Edefault.path.logs=$LOG_DIR -Edefault.path.data=$DATA_DIR -Edefault.path.conf=$CONF_DIR" export ES_JAVA_OPTS export JAVA_HOME export ES_INCLUDE export ES_JVM_OPTIONS +# export unsupported variables so bin/elasticsearch can reject them and inform the user these are unsupported +if test -n "$ES_MIN_MEM"; then export ES_MIN_MEM; fi +if test -n "$ES_MAX_MEM"; then export ES_MAX_MEM; fi +if test -n "$ES_HEAP_SIZE"; then export ES_HEAP_SIZE; fi +if test -n "$ES_HEAP_NEWSIZE"; then export ES_HEAP_NEWSIZE; fi +if test -n "$ES_DIRECT_SIZE"; then export ES_DIRECT_SIZE; fi +if test -n "$ES_USE_IPV4"; then export ES_USE_IPV4; fi +if test -n "$ES_GC_OPTS"; then export ES_GC_OPTS; fi +if test -n "$ES_GC_LOG_FILE"; then export ES_GC_LOG_FILE; fi + # Check DAEMON exists if [ ! -x "$DAEMON" ]; then echo "The elasticsearch startup script does not exists or it is not executable, tried: $DAEMON" @@ -117,13 +131,6 @@ case "$1" in start) checkJava -{% if es_version | version_compare('5.0', '<') %} - if [ -n "$MAX_LOCKED_MEMORY" -a -z "$ES_HEAP_SIZE" ]; then - log_failure_msg "MAX_LOCKED_MEMORY is set - ES_HEAP_SIZE must also be set" - exit 1 - fi -{% endif %} - log_daemon_msg "Starting $DESC" pid=`pidofproc -p $PID_FILE elasticsearch` @@ -133,9 +140,6 @@ case "$1" in exit 0 fi - # Prepare environment - mkdir -p "$LOG_DIR" "$DATA_DIR" && chown "$ES_USER":"$ES_GROUP" "$LOG_DIR" "$DATA_DIR" - # Ensure that the PID_DIR exists (it is cleaned at OS startup time) if [ -n "$PID_DIR" ] && [ ! -e "$PID_DIR" ]; then mkdir -p "$PID_DIR" && chown "$ES_USER":"$ES_GROUP" "$PID_DIR" @@ -157,7 +161,7 @@ case "$1" in fi # Start Daemon - start-stop-daemon -d $ES_HOME --start -b --user "$ES_USER" -c "$ES_USER" --pidfile "$PID_FILE" --exec $DAEMON -- $DAEMON_OPTS + start-stop-daemon -d $ES_HOME --start --user "$ES_USER" -c "$ES_USER" --pidfile "$PID_FILE" --exec $DAEMON -- $DAEMON_OPTS return=$? if [ $return -eq 0 ]; then i=0 @@ -203,7 +207,6 @@ case "$1" in restart|force-reload) if [ -f "$PID_FILE" ]; then $0 stop - sleep 1 fi $0 start ;; diff --git a/templates/init/redhat/elasticsearch.j2 b/templates/init/redhat/elasticsearch.j2 index f906074..e093a85 100755 --- a/templates/init/redhat/elasticsearch.j2 +++ b/templates/init/redhat/elasticsearch.j2 @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # # elasticsearch # @@ -48,7 +48,6 @@ DATA_DIR={{ data_dirs | array_to_str }} CONF_DIR="{{conf_dir}}" PID_DIR="{{pid_dir}}" -ES_JVM_OPTIONS="{{conf_dir}}/jvm.options" # Source the default env file ES_ENV_FILE="{{instance_default_file}}" @@ -56,6 +55,10 @@ if [ -f "$ES_ENV_FILE" ]; then . "$ES_ENV_FILE" fi +if [ "$ES_USER" != "elasticsearch" ] || [ "$ES_GROUP" != "elasticsearch" ]; then + echo "WARNING: ES_USER and ES_GROUP are deprecated and will be removed in the next major version of Elasticsearch, got: [$ES_USER:$ES_GROUP]" +fi + # CONF_FILE setting was removed if [ ! -z "$CONF_FILE" ]; then echo "CONF_FILE setting is no longer supported. elasticsearch.yml must be placed in the config directory and cannot be renamed." diff --git a/templates/jvm.options.j2 b/templates/jvm.options.j2 index 0cf7394..ad30851 100644 --- a/templates/jvm.options.j2 +++ b/templates/jvm.options.j2 @@ -20,13 +20,9 @@ # Xmx represents the maximum size of total heap space {% if es_heap_size is defined %} -Xms{{ es_heap_size }} -{% else %} --Xms2g -{% endif %} - -{% if es_heap_size is defined %} -Xmx{{ es_heap_size }} {% else %} +-Xms2g -Xmx2g {% endif %} @@ -47,9 +43,6 @@ ## optimizations -# disable calls to System#gc --XX:+DisableExplicitGC - # pre-touch memory pages used by the JVM during initialization -XX:+AlwaysPreTouch @@ -67,7 +60,10 @@ # use our provided JNA always versus the system one -Djna.nosys=true -# flags to keep Netty from being unsafe +# use old-style file permissions on JDK9 +-Djdk.io.permissionsUseCanonicalPath=true + +# flags to configure Netty -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 @@ -100,6 +96,14 @@ # ensure the directory exists #-Xloggc:${loggc} + +# By default, the GC log file will not rotate. +# By uncommenting the lines below, the GC log file +# will be rotated every 128MB at most 32 times. +#-XX:+UseGCLogFileRotation +#-XX:NumberOfGCLogFiles=32 +#-XX:GCLogFileSize=128M + # Elasticsearch 5.0.0 will throw an exception on unquoted field names in JSON. # If documents were already indexed with unquoted fields in a previous version # of Elasticsearch, some operations may throw errors. diff --git a/templates/systemd/elasticsearch.j2 b/templates/systemd/elasticsearch.j2 index dafae58..6473fa3 100644 --- a/templates/systemd/elasticsearch.j2 +++ b/templates/systemd/elasticsearch.j2 @@ -41,6 +41,9 @@ StandardError=inherit LimitNOFILE={{es_max_open_files}} {% endif %} +# Specifies the maximum number of processes +LimitNPROC=2048 + # Specifies the maximum number of bytes of memory that may be locked into RAM # Set to "infinity" if you use the 'bootstrap.memory_lock: true' option # in elasticsearch.yml and 'MAX_LOCKED_MEMORY=unlimited' in {{instance_default_file}} @@ -54,6 +57,9 @@ TimeoutStopSec=0 # SIGTERM signal is used to stop the Java process KillSignal=SIGTERM +# Send the signal only to the JVM rather than its control group +KillMode=process + # Java process is never killed SendSIGKILL=no diff --git a/test/integration/config-5x/serverspec/default_spec.rb b/test/integration/config-5x/serverspec/default_spec.rb index 785614b..ade4b54 100644 --- a/test/integration/config-5x/serverspec/default_spec.rb +++ b/test/integration/config-5x/serverspec/default_spec.rb @@ -1,6 +1,6 @@ require 'config_spec' describe 'Config Tests v 5.x' do - include_examples 'config::init', "5.2.2", ["ingest-attachment","ingest-user-agent"] + include_examples 'config::init', "5.5.1", ["ingest-attachment","ingest-user-agent"] end diff --git a/test/integration/multi-5x/serverspec/default_spec.rb b/test/integration/multi-5x/serverspec/default_spec.rb index 7020270..fcf6ee5 100644 --- a/test/integration/multi-5x/serverspec/default_spec.rb +++ b/test/integration/multi-5x/serverspec/default_spec.rb @@ -2,7 +2,7 @@ require 'multi_spec' describe 'Multi Tests v 5.x' do - include_examples 'multi::init', "5.2.2", ["ingest-geoip"] + include_examples 'multi::init', "5.5.1", ["ingest-geoip"] end diff --git a/test/integration/package-5x/serverspec/default_spec.rb b/test/integration/package-5x/serverspec/default_spec.rb index 6c553ae..225541a 100644 --- a/test/integration/package-5x/serverspec/default_spec.rb +++ b/test/integration/package-5x/serverspec/default_spec.rb @@ -2,5 +2,5 @@ require 'package_spec' describe 'Package Tests v 5.x' do - include_examples 'package::init', "5.2.2", ["ingest-attachment","ingest-geoip"] + include_examples 'package::init', "5.5.1", ["ingest-attachment","ingest-geoip"] end \ No newline at end of file diff --git a/test/integration/standard-5x/serverspec/default_spec.rb b/test/integration/standard-5x/serverspec/default_spec.rb index f219dfc..729b306 100644 --- a/test/integration/standard-5x/serverspec/default_spec.rb +++ b/test/integration/standard-5x/serverspec/default_spec.rb @@ -2,7 +2,7 @@ require 'standard_spec' describe 'Standard Tests v 5.x' do - include_examples 'standard::init', "5.2.2", ["ingest-geoip"] + include_examples 'standard::init', "5.5.1", ["ingest-geoip"] end diff --git a/test/integration/xpack-5x/serverspec/default_spec.rb b/test/integration/xpack-5x/serverspec/default_spec.rb index aa7e697..ab0946b 100644 --- a/test/integration/xpack-5x/serverspec/default_spec.rb +++ b/test/integration/xpack-5x/serverspec/default_spec.rb @@ -1,5 +1,5 @@ require 'xpack_spec' describe 'Xpack Tests v 5.x' do - include_examples 'xpack::init', "5.2.2", ["ingest-attachment"] + include_examples 'xpack::init', "5.5.1", ["ingest-attachment"] end From 87e32dc2417a4cfb929c8c8baead4202fa980d05 Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Wed, 16 Aug 2017 12:41:10 +0100 Subject: [PATCH 5/9] Reworking of templates --- defaults/main.yml | 1 + handlers/main.yml | 19 +++++++++++-------- meta/main.yml | 3 +-- ...es.yml => elasticsearch-template-copy.yml} | 7 +------ .../elasticsearch-template-insert.yml | 10 ++++++---- tasks/main.yml | 19 ++++++------------- test/integration/package.yml | 4 ++-- 7 files changed, 28 insertions(+), 35 deletions(-) rename tasks/{elasticsearch-templates.yml => elasticsearch-template-copy.yml} (57%) rename handlers/elasticsearch-templates.yml => tasks/elasticsearch-template-insert.yml (62%) diff --git a/defaults/main.yml b/defaults/main.yml index 112f841..48f85c3 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,6 +3,7 @@ es_major_version: "5.x" es_version: "5.5.1" es_version_lock: false es_use_repository: true +es_templates_fileglob: "./files/templates/*" es_apt_key: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" es_apt_url: "deb https://artifacts.elastic.co/packages/{{ es_major_version }}/apt stable main" es_apt_url_old: "deb http://packages.elastic.co/elasticsearch/{{ es_major_version }}/debian stable main" diff --git a/handlers/main.yml b/handlers/main.yml index 1db4471..a7faa52 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,10 +1,13 @@ -#Templates are a handler as they need to come after a restart e.g. suppose user removes security on a running node and doesn't -#specify es_api_basic_auth_username and es_api_basic_auth_password. The templates will subsequently not be removed if we don't wait for the node to restart. -#Templates done after restart therefore - as a handler. +- name: reload systemd configuration + command: systemctl daemon-reload -- name: load-templates - include: ./handlers/elasticsearch-templates.yml - #only do templates if we're starting - when: es_templates and es_start_service - when: es_templates \ No newline at end of file +# Restart service and ensure it is enabled + +- name: restart elasticsearch + service: name={{instance_init_script | basename}} state=restarted enabled=yes + when: + - es_restart_on_change + - es_start_service + - ((plugin_installed is defined and plugin_installed.changed) or (config_updated is defined and config_updated.changed) or (xpack_state.changed) or (debian_elasticsearch_install_from_repo.changed or redhat_elasticsearch_install_from_repo.changed or elasticsearch_install_from_package.changed)) + register: es_restarted \ No newline at end of file diff --git a/meta/main.yml b/meta/main.yml index edd7295..aeecec7 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -7,8 +7,7 @@ galaxy_info: description: Elasticsearch for Linux company: "Elastic.co" license: "license (Apache)" - # Require 1.6 for apt deb install - min_ansible_version: 2.2.0 + min_ansible_version: 2.3.2 platforms: - name: EL versions: diff --git a/tasks/elasticsearch-templates.yml b/tasks/elasticsearch-template-copy.yml similarity index 57% rename from tasks/elasticsearch-templates.yml rename to tasks/elasticsearch-template-copy.yml index 27c0c42..98a3e06 100644 --- a/tasks/elasticsearch-templates.yml +++ b/tasks/elasticsearch-template-copy.yml @@ -2,13 +2,8 @@ - file: path=/etc/elasticsearch/templates state=directory owner={{ es_user }} group={{ es_group }} -- name: Copy default templates to elasticsearch - copy: src=templates dest=/etc/elasticsearch/ owner={{ es_user }} group={{ es_group }} - notify: load-templates - when: es_templates_fileglob is not defined - - name: Copy templates to elasticsearch copy: src={{ item }} dest=/etc/elasticsearch/templates owner={{ es_user }} group={{ es_group }} - notify: load-templates + register: load_templates with_fileglob: - "{{ es_templates_fileglob | default('') }}" \ No newline at end of file diff --git a/handlers/elasticsearch-templates.yml b/tasks/elasticsearch-template-insert.yml similarity index 62% rename from handlers/elasticsearch-templates.yml rename to tasks/elasticsearch-template-insert.yml index 09bee24..de1d770 100644 --- a/handlers/elasticsearch-templates.yml +++ b/tasks/elasticsearch-template-insert.yml @@ -1,10 +1,12 @@ ---- +#Templates done after restart therefore. e.g. suppose user removes security on a running node and doesn't specify es_api_basic_auth_username and es_api_basic_auth_password. The templates will subsequently not be removed if we don't wait for the node to restart. - name: Ensure elasticsearch is started service: name={{instance_init_script | basename}} state=started enabled=yes + when: es_start_service - name: Wait for elasticsearch to startup wait_for: host={{es_api_host}} port={{es_api_port}} delay=10 + when: es_start_service - name: Install templates without auth uri: @@ -13,7 +15,7 @@ status_code: 200 body_format: json body: "{{ lookup('file', item) }}" - when: not es_enable_xpack or not es_xpack_features is defined or "security" not in es_xpack_features + when: es_start_service and not es_enable_xpack or not es_xpack_features is defined or "security" not in es_xpack_features with_fileglob: - "{{ es_templates_fileglob | default('') }}" run_once: True @@ -28,7 +30,7 @@ force_basic_auth: yes body_format: json body: "{{ lookup('file', item) }}" - when: es_enable_xpack and es_xpack_features is defined and "security" in es_xpack_features + when: es_start_service and es_enable_xpack and es_xpack_features is defined and "security" in es_xpack_features with_fileglob: - "{{ es_templates_fileglob | default('') }}" - run_once: True + run_once: True \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 220a136..7f13202 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -37,25 +37,18 @@ tags: - xpack -- include: elasticsearch-templates.yml +- include: elasticsearch-template-copy.yml when: es_templates tags: - templates -- name: reload systemd configuration - command: systemctl daemon-reload - -# Restart service and ensure it is enabled -- name: restart elasticsearch - service: name={{instance_init_script | basename}} state=restarted enabled=yes - when: - - es_restart_on_change - - es_start_service - - ((plugin_installed is defined and plugin_installed.changed) or (config_updated is defined and config_updated.changed) or (xpack_state.changed) or (debian_elasticsearch_install_from_repo.changed or redhat_elasticsearch_install_from_repo.changed or elasticsearch_install_from_package.changed)) - register: es_restarted - - meta: flush_handlers +- include: elasticsearch-template-insert.yml + when: load_templates + tags: + - templates + - name: Make sure elasticsearch is started service: name={{instance_init_script | basename}} state=started enabled=yes when: es_start_service diff --git a/test/integration/package.yml b/test/integration/package.yml index 4cfd73c..77168c4 100644 --- a/test/integration/package.yml +++ b/test/integration/package.yml @@ -8,7 +8,7 @@ es_templates: true es_heap_size: "1g" es_api_port: 9200 - es_version: "5.1.2" + es_version: "5.5.1" es_plugins: - plugin: ingest-geoip @@ -21,7 +21,7 @@ vars: es_scripts: true es_templates: true - es_version: "5.2.2" + es_version: "5.5.1" es_heap_size: "1g" es_api_port: 9200 es_plugins: From ec27bc3fe4dbf738effb31637044efdc6cba7c27 Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Wed, 16 Aug 2017 13:07:38 +0100 Subject: [PATCH 6/9] keep current version of pip --- .kitchen.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.kitchen.yml b/.kitchen.yml index 3727dd4..44d127f 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -66,10 +66,9 @@ platforms: - sed -ri 's/^#?UsePAM .*/UsePAM no/' /etc/ssh/sshd_config - rm /etc/yum.repos.d/epel*repo /etc/yum.repos.d/puppetlabs-pc1.repo - yum -y install initscripts - - yum clean all - - pip install --upgrade pip - - pip install jmespath - yum -y remove ansible + - yum clean all + - pip install jmespath volume: <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json run_command: "/usr/sbin/init" privileged: true From 7d97b35d63add4e986370f31d90c7160d7469043 Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Thu, 17 Aug 2017 10:00:30 +0100 Subject: [PATCH 7/9] Remove x-pack limited - readd later --- test/integration/xpack-limited.yml | 1 - 1 file changed, 1 deletion(-) delete mode 100644 test/integration/xpack-limited.yml diff --git a/test/integration/xpack-limited.yml b/test/integration/xpack-limited.yml deleted file mode 100644 index 3e391a1..0000000 --- a/test/integration/xpack-limited.yml +++ /dev/null @@ -1 +0,0 @@ -#no security \ No newline at end of file From 979ef94f77bdf550ad110efa769d703dd935ec7a Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Thu, 17 Aug 2017 10:05:32 +0100 Subject: [PATCH 8/9] Fix feedback from @barryib --- defaults/main.yml | 2 +- handlers/main.yml | 2 +- tasks/elasticsearch-template-copy.yml | 2 +- tasks/elasticsearch-template-insert.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 48f85c3..f264ae1 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,7 +3,7 @@ es_major_version: "5.x" es_version: "5.5.1" es_version_lock: false es_use_repository: true -es_templates_fileglob: "./files/templates/*" +es_templates_fileglob: "files/templates/*.json" es_apt_key: "https://artifacts.elastic.co/GPG-KEY-elasticsearch" es_apt_url: "deb https://artifacts.elastic.co/packages/{{ es_major_version }}/apt stable main" es_apt_url_old: "deb http://packages.elastic.co/elasticsearch/{{ es_major_version }}/debian stable main" diff --git a/handlers/main.yml b/handlers/main.yml index a7faa52..d44c24d 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -10,4 +10,4 @@ - es_restart_on_change - es_start_service - ((plugin_installed is defined and plugin_installed.changed) or (config_updated is defined and config_updated.changed) or (xpack_state.changed) or (debian_elasticsearch_install_from_repo.changed or redhat_elasticsearch_install_from_repo.changed or elasticsearch_install_from_package.changed)) - register: es_restarted \ No newline at end of file + register: es_restarted diff --git a/tasks/elasticsearch-template-copy.yml b/tasks/elasticsearch-template-copy.yml index 98a3e06..a6665c3 100644 --- a/tasks/elasticsearch-template-copy.yml +++ b/tasks/elasticsearch-template-copy.yml @@ -6,4 +6,4 @@ copy: src={{ item }} dest=/etc/elasticsearch/templates owner={{ es_user }} group={{ es_group }} register: load_templates with_fileglob: - - "{{ es_templates_fileglob | default('') }}" \ No newline at end of file + - "{{ es_templates_fileglob | default('') }}" diff --git a/tasks/elasticsearch-template-insert.yml b/tasks/elasticsearch-template-insert.yml index de1d770..38cd9d7 100644 --- a/tasks/elasticsearch-template-insert.yml +++ b/tasks/elasticsearch-template-insert.yml @@ -33,4 +33,4 @@ when: es_start_service and es_enable_xpack and es_xpack_features is defined and "security" in es_xpack_features with_fileglob: - "{{ es_templates_fileglob | default('') }}" - run_once: True \ No newline at end of file + run_once: True From ce180520a896ab3402e5008c5a26d212a0b39d5d Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Thu, 17 Aug 2017 12:25:25 +0100 Subject: [PATCH 9/9] Single template file --- .gitignore | 1 + tasks/elasticsearch-template-copy.yml | 9 --------- ...-insert.yml => elasticsearch-template.yml} | 19 ++++++++++++++----- tasks/main.yml | 10 +++------- 4 files changed, 18 insertions(+), 21 deletions(-) delete mode 100644 tasks/elasticsearch-template-copy.yml rename tasks/{elasticsearch-template-insert.yml => elasticsearch-template.yml} (56%) diff --git a/.gitignore b/.gitignore index 9f43345..ff93046 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ Converging TODO .idea/ elasticsearch.iml +!/vars/RedHat.yml diff --git a/tasks/elasticsearch-template-copy.yml b/tasks/elasticsearch-template-copy.yml deleted file mode 100644 index a6665c3..0000000 --- a/tasks/elasticsearch-template-copy.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- file: path=/etc/elasticsearch/templates state=directory owner={{ es_user }} group={{ es_group }} - -- name: Copy templates to elasticsearch - copy: src={{ item }} dest=/etc/elasticsearch/templates owner={{ es_user }} group={{ es_group }} - register: load_templates - with_fileglob: - - "{{ es_templates_fileglob | default('') }}" diff --git a/tasks/elasticsearch-template-insert.yml b/tasks/elasticsearch-template.yml similarity index 56% rename from tasks/elasticsearch-template-insert.yml rename to tasks/elasticsearch-template.yml index 38cd9d7..e524043 100644 --- a/tasks/elasticsearch-template-insert.yml +++ b/tasks/elasticsearch-template.yml @@ -1,12 +1,21 @@ -#Templates done after restart therefore. e.g. suppose user removes security on a running node and doesn't specify es_api_basic_auth_username and es_api_basic_auth_password. The templates will subsequently not be removed if we don't wait for the node to restart. +--- + +- file: path=/etc/elasticsearch/templates state=directory owner={{ es_user }} group={{ es_group }} + +- name: Copy templates to elasticsearch + copy: src={{ item }} dest=/etc/elasticsearch/templates owner={{ es_user }} group={{ es_group }} + register: load_templates + with_fileglob: + - "{{ es_templates_fileglob | default('') }}" + - name: Ensure elasticsearch is started service: name={{instance_init_script | basename}} state=started enabled=yes - when: es_start_service + when: es_start_service and load_templates.changed - name: Wait for elasticsearch to startup wait_for: host={{es_api_host}} port={{es_api_port}} delay=10 - when: es_start_service + when: es_start_service and load_templates.changed - name: Install templates without auth uri: @@ -15,7 +24,7 @@ status_code: 200 body_format: json body: "{{ lookup('file', item) }}" - when: es_start_service and not es_enable_xpack or not es_xpack_features is defined or "security" not in es_xpack_features + when: load_templates.changed and es_start_service and not es_enable_xpack or not es_xpack_features is defined or "security" not in es_xpack_features with_fileglob: - "{{ es_templates_fileglob | default('') }}" run_once: True @@ -30,7 +39,7 @@ force_basic_auth: yes body_format: json body: "{{ lookup('file', item) }}" - when: es_start_service and es_enable_xpack and es_xpack_features is defined and "security" in es_xpack_features + when: load_templates.changed and es_start_service and es_enable_xpack and es_xpack_features is defined and "security" in es_xpack_features with_fileglob: - "{{ es_templates_fileglob | default('') }}" run_once: True diff --git a/tasks/main.yml b/tasks/main.yml index 7f13202..5b3953d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -37,15 +37,11 @@ tags: - xpack -- include: elasticsearch-template-copy.yml - when: es_templates - tags: - - templates - - meta: flush_handlers -- include: elasticsearch-template-insert.yml - when: load_templates +#Templates done after restart - handled by flushing the handlers. e.g. suppose user removes security on a running node and doesn't specify es_api_basic_auth_username and es_api_basic_auth_password. The templates will subsequently not be removed if we don't wait for the node to restart. +- include: elasticsearch-template.yml + when: es_templates tags: - templates