This commit introduces SSL/TLS support for the elastic search transport
layer. It assumes certificates are generated externally, and only
handles uploading and configuring the server accordingly.
In Python2, the dict.keys(), dict.values(), and dict.items() methods returns a list. Jinja2 returns that to Ansible via a string representation that Ansible can turn back into a list. In Python3, those methods return a dictionary view object.
resource: https://docs.ansible.com/ansible/2.4/playbooks_python_version.html#dictionary-views
- Stop forcing es_xpack_features variable in order to let elasticsearch install default features described in http://localhost:9200/_xpack
- Change xpack test scope to be able to test default xpack install
- xpack scenario will test xpack install with default features
- xpack upgrade scenario will fully test security feature
- oss-to-xpack-upgrade will test installing only other specific features
- Cleanup some duplicate serverspec tests
- Remove `system_key`feature (deprecated in 5.6 and removed in 6.0 - [Breaking Changes 6.0.0](https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking-6.0.0-xes.html))
- Cleanup some ansible code (especially in `when` conditions)
- add support for elasticsearch 7.x
- remove support for elasticsearch 5.x
- update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories)
- replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html)
- update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play)
- update index template structure for 7.x
- update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting)
Some popular artifact caches (e.g. Artifactory) do not provide HTTP
CONNECT endpoints and thus aren't supported by es_proxy_host and
es_proxy_port. This patch templates out the scheme and authority
components (i.e. "https://artifacts.elastic.co" ) of the apt and
yum repo URLs to accommodate the use of such artifact caches.
