Elasticsearch requires its temp directory to be mounted as executable (see executable-jna-tmpdir). However, the CIS guidelines (e.g., CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v2.1.1, 1.1.5) recommend mounting /tmp with noexec. Therefore, users of this ansible role may have reason to set elasticsearch's temp dir to a non-default location.
(The elasticsearch environment variable ES_TMPDIR gets set to /tmp by default. This PR preserves this default behavior.)
- rename es_enable_xpack variable to oss_version
this variable name should be more explicit and consistent with the xpack changes made in 6.3
es_enable_xpack can still be used but is deprecated and will be removed in a later version.
- remove es_xpack-features variables
this variable was not working anymore since 6.3 [0]
[0]: https://github.com/elastic/ansible-elasticsearch/issues/608
The jvm options template provided by this ansible role doesn't reflect current log4j configuration in elasticsearch 6.x and 7.x. This commit update it to default version provided in 6.x and 7.x elasticsearch standard packages.
This option doesn't seem to exists anymore in elasticsearch. It's not present in current versions of system configuration provided by recent elasticsearch packages and there is no code using it inside elasticsearch.
The log4j configuration template provided by this ansible role doesn't reflect current log4j configuration in elasticsearch 6.x and 7.x.
Also this template doesn't contain any variable so everything is hardcoded inside.
As we don't need to override any value inside, let's use standard elasticsearch log4j configuration file provided by elasticsearch package and stop overriding it with this role.
This commit introduces SSL/TLS support for the elastic search transport
layer. It assumes certificates are generated externally, and only
handles uploading and configuring the server accordingly.
- Stop forcing es_xpack_features variable in order to let elasticsearch install default features described in http://localhost:9200/_xpack
- Change xpack test scope to be able to test default xpack install
- xpack scenario will test xpack install with default features
- xpack upgrade scenario will fully test security feature
- oss-to-xpack-upgrade will test installing only other specific features
- Cleanup some duplicate serverspec tests
- Remove `system_key`feature (deprecated in 5.6 and removed in 6.0 - [Breaking Changes 6.0.0](https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking-6.0.0-xes.html))
- Cleanup some ansible code (especially in `when` conditions)
- add support for elasticsearch 7.x
- remove support for elasticsearch 5.x
- update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories)
- replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html)
- update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play)
- update index template structure for 7.x
- update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting)
Some popular artifact caches (e.g. Artifactory) do not provide HTTP
CONNECT endpoints and thus aren't supported by es_proxy_host and
es_proxy_port. This patch templates out the scheme and authority
components (i.e. "https://artifacts.elastic.co" ) of the apt and
yum repo URLs to accommodate the use of such artifact caches.
Previously, each of the calls generated a warning : "Using tests as
filters is deprecated. Instead of using `result|version_compare` use
`result is version_compare`. This feature will be removed in version
2.9.".
