This commit introduces SSL/TLS support for the elastic search transport
layer. It assumes certificates are generated externally, and only
handles uploading and configuring the server accordingly.
- Stop forcing es_xpack_features variable in order to let elasticsearch install default features described in http://localhost:9200/_xpack
- Change xpack test scope to be able to test default xpack install
- xpack scenario will test xpack install with default features
- xpack upgrade scenario will fully test security feature
- oss-to-xpack-upgrade will test installing only other specific features
- Cleanup some duplicate serverspec tests
- Remove `system_key`feature (deprecated in 5.6 and removed in 6.0 - [Breaking Changes 6.0.0](https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking-6.0.0-xes.html))
- Cleanup some ansible code (especially in `when` conditions)
- add support for elasticsearch 7.x
- remove support for elasticsearch 5.x
- update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories)
- replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html)
- update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play)
- update index template structure for 7.x
- update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting)
Some popular artifact caches (e.g. Artifactory) do not provide HTTP
CONNECT endpoints and thus aren't supported by es_proxy_host and
es_proxy_port. This patch templates out the scheme and authority
components (i.e. "https://artifacts.elastic.co" ) of the apt and
yum repo URLs to accommodate the use of such artifact caches.
Previously, each of the calls generated a warning : "Using tests as
filters is deprecated. Instead of using `result|version_compare` use
`result is version_compare`. This feature will be removed in version
2.9.".
the default values are:
- es_enable_xpack: false
- es_xpack_features: ["alerting","monitoring","graph","ml","security"]
With the default values, XPACK is not installed
But the generated elasticsearch.yml contains the XPACK Settings.
Elasticsearch application refuses to start with these unknown settings
