Elasticsearch requires its temp directory to be mounted as executable (see executable-jna-tmpdir). However, the CIS guidelines (e.g., CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v2.1.1, 1.1.5) recommend mounting /tmp with noexec. Therefore, users of this ansible role may have reason to set elasticsearch's temp dir to a non-default location.
(The elasticsearch environment variable ES_TMPDIR gets set to /tmp by default. This PR preserves this default behavior.)
- rename es_enable_xpack variable to oss_version
this variable name should be more explicit and consistent with the xpack changes made in 6.3
es_enable_xpack can still be used but is deprecated and will be removed in a later version.
- remove es_xpack-features variables
this variable was not working anymore since 6.3 [0]
[0]: https://github.com/elastic/ansible-elasticsearch/issues/608
This option doesn't seem to exists anymore in elasticsearch. It's not present in current versions of system configuration provided by recent elasticsearch packages and there is no code using it inside elasticsearch.
The log4j configuration template provided by this ansible role doesn't reflect current log4j configuration in elasticsearch 6.x and 7.x.
Also this template doesn't contain any variable so everything is hardcoded inside.
As we don't need to override any value inside, let's use standard elasticsearch log4j configuration file provided by elasticsearch package and stop overriding it with this role.
This commit introduces SSL/TLS support for the elastic search transport
layer. It assumes certificates are generated externally, and only
handles uploading and configuring the server accordingly.
- Stop forcing es_xpack_features variable in order to let elasticsearch install default features described in http://localhost:9200/_xpack
- Change xpack test scope to be able to test default xpack install
- xpack scenario will test xpack install with default features
- xpack upgrade scenario will fully test security feature
- oss-to-xpack-upgrade will test installing only other specific features
- Cleanup some duplicate serverspec tests
- Remove `system_key`feature (deprecated in 5.6 and removed in 6.0 - [Breaking Changes 6.0.0](https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking-6.0.0-xes.html))
- Cleanup some ansible code (especially in `when` conditions)
- add support for elasticsearch 7.x
- remove support for elasticsearch 5.x
- update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories)
- replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html)
- update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play)
- update index template structure for 7.x
- update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting)
