--- - name: Elasticsearch Xpack HTTP different keystore and truststore with password hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml roles: - elasticsearch vars: es_config_6x: xpack.security.authc.realms.file1.order: 0 xpack.security.authc.realms.file1.type: file xpack.security.authc.realms.native1.order: 1 xpack.security.authc.realms.native1.type: native es_config_7x: xpack.security.authc.realms.file.file1.order: 0 xpack.security.authc.realms.native.native1.order: 1 es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" es_heap_size: "1g" es_templates: true es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json" es_major_version: "7.x" es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade es_xpack_license: "" es_xpack_trial: true es_plugins: - plugin: ingest-attachment es_api_basic_auth_username: elastic es_api_basic_auth_password: changeme es_api_sleep: 5 es_enable_http_ssl: false es_enable_transport_ssl: true es_ssl_keystore: "test/integration/files/certs/keystore-password.p12" es_ssl_truststore: "test/integration/files/certs/truststore-password.p12" es_ssl_keystore_password: password1 es_ssl_truststore_password: password2 es_validate_certs: no es_role_mapping: power_user: - "cn=admins,dc=example,dc=com" user: - "cn=users,dc=example,dc=com" - "cn=admins,dc=example,dc=com" es_users: native: kibana4_server: password: changeMe roles: - kibana4_server logstash_system: #this should be successfully modified password: aNewLogstashPassword #this will be ignored roles: - kibana4_server elastic: password: elasticChanged file: es_admin: password: changeMe roles: - admin testUser: password: changeMeAlso! roles: - power_user - user es_roles: file: admin: cluster: - all indices: - names: '*' privileges: - all power_user: cluster: - monitor indices: - names: '*' privileges: - all user: indices: - names: '*' privileges: - read kibana4_server: cluster: - monitor indices: - names: '.kibana' privileges: - all native: logstash: cluster: - manage_index_templates indices: - names: 'logstash-*' privileges: - write - delete - create_index #this will be ignored - its reserved logstash_system: cluster: - manage_index_templates indices: - names: 'logstash-*' privileges: - write - delete - create_index #modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed. - name: Elasticsearch Xpack HTTP SSL and shared keystore without password hosts: localhost post_tasks: - include: elasticsearch/test/integration/debug.yml roles: - elasticsearch vars: es_config_6x: xpack.security.authc.realms.file1.order: 0 xpack.security.authc.realms.file1.type: file xpack.security.authc.realms.native1.order: 1 xpack.security.authc.realms.native1.type: native es_config_7x: xpack.security.authc.realms.file.file1.order: 0 xpack.security.authc.realms.native.native1.order: 1 es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}" es_heap_size: "1g" es_templates: true es_templates_fileglob: "test/integration/files/templates-{{ es_major_version }}/*.json" es_xpack_license: "" es_xpack_trial: false es_plugins: - plugin: ingest-attachment es_api_basic_auth_username: elastic es_api_basic_auth_password: elasticChanged es_api_sleep: 5 es_enable_http_ssl: true es_enable_transport_ssl: true es_ssl_keystore: "test/integration/files/certs/shared-store-no-password.p12" es_ssl_truststore: "test/integration/files/certs/shared-store-no-password.p12" es_ssl_keystore_password: "" es_ssl_truststore_password: "" es_validate_certs: no es_role_mapping: power_user: - "cn=admins,dc=example,dc=com" user: - "cn=users,dc=example,dc=com" - "cn=admins,dc=example,dc=com" es_users: native: kibana4_server: password: changeMe roles: - kibana4_server logstash_system: #this will be ignored roles: - kibana4_server file: es_admin: password: changeMeAgain roles: - admin testUser: password: changeMeAlso! roles: - power_user - user