a1c81884e2
- add support for elasticsearch 7.x - remove support for elasticsearch 5.x - update kitchen-ansible configuration (install ansible and jmespath dependencies using os repositories) - replace geoip plugin in tests as this one is now embeded in elasticsearch since 6.7.0 (cf. https://www.elastic.co/guide/en/elasticsearch/plugins/6.7/ingest-geoip.html) - update discovery configuration for 7.x (in ES 7.x, discovery.zen.ping.unicast.hosts is replaced by discovery.seed_hosts and transport.tcp.port is replaced by transport.port, also discovery.seed_hosts is disabled on master nodes to avoid "master_not_discovered_exception" error when creating templates in the same play) - update index template structure for 7.x - update security realms settings for 7.x (cf. https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking-changes-7.0.html#include-realm-type-in-setting)
174 lines
4.8 KiB
YAML
174 lines
4.8 KiB
YAML
---
|
|
- name: Elasticsearch Xpack tests initial
|
|
hosts: localhost
|
|
post_tasks:
|
|
- include: elasticsearch/test/integration/debug.yml
|
|
roles:
|
|
- elasticsearch
|
|
vars:
|
|
es_instance_name: "node1"
|
|
es_api_port: 9200
|
|
es_config_6x:
|
|
http.port: 9200
|
|
xpack.security.authc.realms.file1.order: 0
|
|
xpack.security.authc.realms.file1.type: file
|
|
xpack.security.authc.realms.native1.order: 1
|
|
xpack.security.authc.realms.native1.type: native
|
|
es_config_7x:
|
|
http.port: 9200
|
|
xpack.security.enabled: True
|
|
xpack.security.authc.realms.file.file1.order: 0
|
|
xpack.security.authc.realms.native.native1.order: 1
|
|
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
|
|
es_heap_size: "1g"
|
|
es_templates: true
|
|
es_major_version: "7.x"
|
|
es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
|
|
es_enable_xpack: true
|
|
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
|
|
es_plugins:
|
|
- plugin: ingest-attachment
|
|
es_xpack_features:
|
|
- security
|
|
- alerting
|
|
es_api_basic_auth_username: elastic
|
|
es_api_basic_auth_password: changeme
|
|
es_message_auth_file: system_key
|
|
es_role_mapping:
|
|
power_user:
|
|
- "cn=admins,dc=example,dc=com"
|
|
user:
|
|
- "cn=users,dc=example,dc=com"
|
|
- "cn=admins,dc=example,dc=com"
|
|
es_users:
|
|
native:
|
|
kibana4_server:
|
|
password: changeMe
|
|
roles:
|
|
- kibana4_server
|
|
logstash_system:
|
|
#this should be successfully modified
|
|
password: aNewLogstashPassword
|
|
#this will be ignored
|
|
roles:
|
|
- kibana4_server
|
|
elastic:
|
|
password: elasticChanged
|
|
file:
|
|
es_admin:
|
|
password: changeMe
|
|
roles:
|
|
- admin
|
|
testUser:
|
|
password: changeMeAlso!
|
|
roles:
|
|
- power_user
|
|
- user
|
|
es_roles:
|
|
file:
|
|
admin:
|
|
cluster:
|
|
- all
|
|
indices:
|
|
- names: '*'
|
|
privileges:
|
|
- all
|
|
power_user:
|
|
cluster:
|
|
- monitor
|
|
indices:
|
|
- names: '*'
|
|
privileges:
|
|
- all
|
|
user:
|
|
indices:
|
|
- names: '*'
|
|
privileges:
|
|
- read
|
|
kibana4_server:
|
|
cluster:
|
|
- monitor
|
|
indices:
|
|
- names: '.kibana'
|
|
privileges:
|
|
- all
|
|
native:
|
|
logstash:
|
|
cluster:
|
|
- manage_index_templates
|
|
indices:
|
|
- names: 'logstash-*'
|
|
privileges:
|
|
- write
|
|
- delete
|
|
- create_index
|
|
#this will be ignored - its reserved
|
|
logstash_system:
|
|
cluster:
|
|
- manage_index_templates
|
|
indices:
|
|
- names: 'logstash-*'
|
|
privileges:
|
|
- write
|
|
- delete
|
|
- create_index
|
|
|
|
#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed.
|
|
- name: Elasticsearch Xpack modify
|
|
hosts: localhost
|
|
post_tasks:
|
|
- include: elasticsearch/test/integration/debug.yml
|
|
roles:
|
|
- elasticsearch
|
|
vars:
|
|
es_api_port: 9200
|
|
es_instance_name: "node1"
|
|
es_config_6x:
|
|
http.port: 9200
|
|
xpack.security.authc.realms.file1.order: 0
|
|
xpack.security.authc.realms.file1.type: file
|
|
xpack.security.authc.realms.native1.order: 1
|
|
xpack.security.authc.realms.native1.type: native
|
|
es_config_7x:
|
|
http.port: 9200
|
|
xpack.security.enabled: True
|
|
xpack.security.authc.realms.file.file1.order: 0
|
|
xpack.security.authc.realms.native.native1.order: 1
|
|
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
|
|
es_heap_size: "1g"
|
|
es_templates: true
|
|
es_enable_xpack: true
|
|
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
|
|
es_plugins:
|
|
- plugin: ingest-attachment
|
|
es_xpack_features:
|
|
- security
|
|
- alerting
|
|
es_api_basic_auth_username: elastic
|
|
es_api_basic_auth_password: elasticChanged
|
|
es_role_mapping:
|
|
power_user:
|
|
- "cn=admins,dc=example,dc=com"
|
|
user:
|
|
- "cn=users,dc=example,dc=com"
|
|
- "cn=admins,dc=example,dc=com"
|
|
es_users:
|
|
native:
|
|
kibana4_server:
|
|
password: changeMe
|
|
roles:
|
|
- kibana4_server
|
|
logstash_system:
|
|
#this will be ignored
|
|
roles:
|
|
- kibana4_server
|
|
file:
|
|
es_admin:
|
|
password: changeMeAgain
|
|
roles:
|
|
- admin
|
|
testUser:
|
|
password: changeMeAlso!
|
|
roles:
|
|
- power_user
|
|
- user
|