--- - name: Elasticsearch Xpack tests hosts: localhost roles: - { role: elasticsearch, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300", "shield.authc.realms.file1.type": "file","shield.authc.realms.file1.order": 0, "shield.authc.realms.native1.type": "native","shield.authc.realms.native1.order": 1 }, es_instance_name: "shield_node" } vars: es_templates: true es_enable_xpack: true es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" es_plugins: - plugin: mapper-murmur3 es_xpack_features: - shield - watcher es_api_basic_auth_username: es_admin es_api_basic_auth_password: changeMe es_message_auth_file: system_key es_role_mapping: power_user: - "cn=admins,dc=example,dc=com" user: - "cn=users,dc=example,dc=com" - "cn=admins,dc=example,dc=com" es_users: native: kibana4_server: password: changeMe roles: - kibana4_server file: es_admin: password: changeMe roles: - admin testUser: password: changeMeAlso! roles: - power_user - user es_roles: file: admin: cluster: - all indices: - names: '*' privileges: - all power_user: cluster: - monitor indices: - names: '*' privileges: - all user: indices: - names: '*' privileges: - read kibana4_server: cluster: - monitor indices: - names: '.kibana' privileges: - all native: logstash: cluster: - manage_index_templates indices: - names: 'logstash-*' privileges: - write - delete - create_index