This commit introduces SSL/TLS support for the elastic search transport
layer. It assumes certificates are generated externally, and only
handles uploading and configuring the server accordingly.
- Stop forcing es_xpack_features variable in order to let elasticsearch install default features described in http://localhost:9200/_xpack
- Change xpack test scope to be able to test default xpack install
- xpack scenario will test xpack install with default features
- xpack upgrade scenario will fully test security feature
- oss-to-xpack-upgrade will test installing only other specific features
- Cleanup some duplicate serverspec tests
- Remove `system_key`feature (deprecated in 5.6 and removed in 6.0 - [Breaking Changes 6.0.0](https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking-6.0.0-xes.html))
- Cleanup some ansible code (especially in `when` conditions)
- add support for elasticsearch 7.x
- remove support for elasticsearch 5.x
- update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories)
- replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html)
- update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play)
- update index template structure for 7.x
- update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting)
Some popular artifact caches (e.g. Artifactory) do not provide HTTP
CONNECT endpoints and thus aren't supported by es_proxy_host and
es_proxy_port. This patch templates out the scheme and authority
components (i.e. "https://artifacts.elastic.co" ) of the apt and
yum repo URLs to accommodate the use of such artifact caches.
Previously, each of the calls generated a warning : "Using tests as
filters is deprecated. Instead of using `result|version_compare` use
`result is version_compare`. This feature will be removed in version
2.9.".
the default values are:
- es_enable_xpack: false
- es_xpack_features: ["alerting","monitoring","graph","ml","security"]
With the default values, XPACK is not installed
But the generated elasticsearch.yml contains the XPACK Settings.
Elasticsearch application refuses to start with these unknown settings
Previously if the proxy host was defined but empty, an invalid proxy was
config was added and the install would fail. This is likely to occur
for instances where you conditionally set the proxy.
