2cb020a4c2
* remove multi instances support The goal is to stop supporting installation of more than one node in the same host. This commit update the Ansible role README documentation and remove the multi instances kitchen test. * remove systemd and init.d templates As we no more need to support more than one node on the same host, we no more need to override init files provided by elasticsearch official packages. * remove file script feature File scripts have been removed since elasticsearch 6.0 (https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking_60_scripting_changes.html#_file_scripts_removed) * remove custom user and custom group ES_USER and ES_GROUP settings are no longer supported (https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking_60_packaging_changes.html#_configuring_custom_user_and_group_for_package_is_no_longer_allowed) * add upgrade procedure * use same task for license activation with and without authentication
165 lines
4.6 KiB
YAML
165 lines
4.6 KiB
YAML
---
|
|
- name: Elasticsearch Xpack tests initial
|
|
hosts: localhost
|
|
post_tasks:
|
|
- include: elasticsearch/test/integration/debug.yml
|
|
roles:
|
|
- elasticsearch
|
|
vars:
|
|
es_config_6x:
|
|
http.port: 9200
|
|
xpack.security.authc.realms.file1.order: 0
|
|
xpack.security.authc.realms.file1.type: file
|
|
xpack.security.authc.realms.native1.order: 1
|
|
xpack.security.authc.realms.native1.type: native
|
|
es_config_7x:
|
|
http.port: 9200
|
|
xpack.security.authc.realms.file.file1.order: 0
|
|
xpack.security.authc.realms.native.native1.order: 1
|
|
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
|
|
es_heap_size: "1g"
|
|
es_templates: true
|
|
es_major_version: "7.x"
|
|
es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
|
|
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
|
|
es_plugins:
|
|
- plugin: ingest-attachment
|
|
es_xpack_features:
|
|
- security
|
|
- alerting
|
|
es_api_basic_auth_username: elastic
|
|
es_api_basic_auth_password: changeme
|
|
es_role_mapping:
|
|
power_user:
|
|
- "cn=admins,dc=example,dc=com"
|
|
user:
|
|
- "cn=users,dc=example,dc=com"
|
|
- "cn=admins,dc=example,dc=com"
|
|
es_users:
|
|
native:
|
|
kibana4_server:
|
|
password: changeMe
|
|
roles:
|
|
- kibana4_server
|
|
logstash_system:
|
|
#this should be successfully modified
|
|
password: aNewLogstashPassword
|
|
#this will be ignored
|
|
roles:
|
|
- kibana4_server
|
|
elastic:
|
|
password: elasticChanged
|
|
file:
|
|
es_admin:
|
|
password: changeMe
|
|
roles:
|
|
- admin
|
|
testUser:
|
|
password: changeMeAlso!
|
|
roles:
|
|
- power_user
|
|
- user
|
|
es_roles:
|
|
file:
|
|
admin:
|
|
cluster:
|
|
- all
|
|
indices:
|
|
- names: '*'
|
|
privileges:
|
|
- all
|
|
power_user:
|
|
cluster:
|
|
- monitor
|
|
indices:
|
|
- names: '*'
|
|
privileges:
|
|
- all
|
|
user:
|
|
indices:
|
|
- names: '*'
|
|
privileges:
|
|
- read
|
|
kibana4_server:
|
|
cluster:
|
|
- monitor
|
|
indices:
|
|
- names: '.kibana'
|
|
privileges:
|
|
- all
|
|
native:
|
|
logstash:
|
|
cluster:
|
|
- manage_index_templates
|
|
indices:
|
|
- names: 'logstash-*'
|
|
privileges:
|
|
- write
|
|
- delete
|
|
- create_index
|
|
#this will be ignored - its reserved
|
|
logstash_system:
|
|
cluster:
|
|
- manage_index_templates
|
|
indices:
|
|
- names: 'logstash-*'
|
|
privileges:
|
|
- write
|
|
- delete
|
|
- create_index
|
|
|
|
#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed.
|
|
- name: Elasticsearch Xpack modify
|
|
hosts: localhost
|
|
post_tasks:
|
|
- include: elasticsearch/test/integration/debug.yml
|
|
roles:
|
|
- elasticsearch
|
|
vars:
|
|
es_config_6x:
|
|
http.port: 9200
|
|
xpack.security.authc.realms.file1.order: 0
|
|
xpack.security.authc.realms.file1.type: file
|
|
xpack.security.authc.realms.native1.order: 1
|
|
xpack.security.authc.realms.native1.type: native
|
|
es_config_7x:
|
|
http.port: 9200
|
|
xpack.security.authc.realms.file.file1.order: 0
|
|
xpack.security.authc.realms.native.native1.order: 1
|
|
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
|
|
es_heap_size: "1g"
|
|
es_templates: true
|
|
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
|
|
es_plugins:
|
|
- plugin: ingest-attachment
|
|
es_xpack_features:
|
|
- security
|
|
- alerting
|
|
es_api_basic_auth_username: elastic
|
|
es_api_basic_auth_password: elasticChanged
|
|
es_role_mapping:
|
|
power_user:
|
|
- "cn=admins,dc=example,dc=com"
|
|
user:
|
|
- "cn=users,dc=example,dc=com"
|
|
- "cn=admins,dc=example,dc=com"
|
|
es_users:
|
|
native:
|
|
kibana4_server:
|
|
password: changeMe
|
|
roles:
|
|
- kibana4_server
|
|
logstash_system:
|
|
#this will be ignored
|
|
roles:
|
|
- kibana4_server
|
|
file:
|
|
es_admin:
|
|
password: changeMeAgain
|
|
roles:
|
|
- admin
|
|
testUser:
|
|
password: changeMeAlso!
|
|
roles:
|
|
- power_user
|
|
- user
|