a879b74def
- Stop forcing es_xpack_features variable in order to let elasticsearch install default features described in http://localhost:9200/_xpack - Change xpack test scope to be able to test default xpack install - xpack scenario will test xpack install with default features - xpack upgrade scenario will fully test security feature - oss-to-xpack-upgrade will test installing only other specific features - Cleanup some duplicate serverspec tests - Remove `system_key`feature (deprecated in 5.6 and removed in 6.0 - [Breaking Changes 6.0.0](https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking-6.0.0-xes.html)) - Cleanup some ansible code (especially in `when` conditions)
171 lines
4.7 KiB
YAML
171 lines
4.7 KiB
YAML
---
|
|
- name: Elasticsearch Xpack tests initial
|
|
hosts: localhost
|
|
post_tasks:
|
|
- include: elasticsearch/test/integration/debug.yml
|
|
roles:
|
|
- elasticsearch
|
|
vars:
|
|
es_instance_name: "node1"
|
|
es_api_port: 9200
|
|
es_config_6x:
|
|
http.port: 9200
|
|
xpack.security.authc.realms.file1.order: 0
|
|
xpack.security.authc.realms.file1.type: file
|
|
xpack.security.authc.realms.native1.order: 1
|
|
xpack.security.authc.realms.native1.type: native
|
|
es_config_7x:
|
|
http.port: 9200
|
|
xpack.security.authc.realms.file.file1.order: 0
|
|
xpack.security.authc.realms.native.native1.order: 1
|
|
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
|
|
es_heap_size: "1g"
|
|
es_templates: true
|
|
es_major_version: "7.x"
|
|
es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
|
|
es_enable_xpack: true
|
|
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
|
|
es_plugins:
|
|
- plugin: ingest-attachment
|
|
es_xpack_features:
|
|
- security
|
|
- alerting
|
|
es_api_basic_auth_username: elastic
|
|
es_api_basic_auth_password: changeme
|
|
es_role_mapping:
|
|
power_user:
|
|
- "cn=admins,dc=example,dc=com"
|
|
user:
|
|
- "cn=users,dc=example,dc=com"
|
|
- "cn=admins,dc=example,dc=com"
|
|
es_users:
|
|
native:
|
|
kibana4_server:
|
|
password: changeMe
|
|
roles:
|
|
- kibana4_server
|
|
logstash_system:
|
|
#this should be successfully modified
|
|
password: aNewLogstashPassword
|
|
#this will be ignored
|
|
roles:
|
|
- kibana4_server
|
|
elastic:
|
|
password: elasticChanged
|
|
file:
|
|
es_admin:
|
|
password: changeMe
|
|
roles:
|
|
- admin
|
|
testUser:
|
|
password: changeMeAlso!
|
|
roles:
|
|
- power_user
|
|
- user
|
|
es_roles:
|
|
file:
|
|
admin:
|
|
cluster:
|
|
- all
|
|
indices:
|
|
- names: '*'
|
|
privileges:
|
|
- all
|
|
power_user:
|
|
cluster:
|
|
- monitor
|
|
indices:
|
|
- names: '*'
|
|
privileges:
|
|
- all
|
|
user:
|
|
indices:
|
|
- names: '*'
|
|
privileges:
|
|
- read
|
|
kibana4_server:
|
|
cluster:
|
|
- monitor
|
|
indices:
|
|
- names: '.kibana'
|
|
privileges:
|
|
- all
|
|
native:
|
|
logstash:
|
|
cluster:
|
|
- manage_index_templates
|
|
indices:
|
|
- names: 'logstash-*'
|
|
privileges:
|
|
- write
|
|
- delete
|
|
- create_index
|
|
#this will be ignored - its reserved
|
|
logstash_system:
|
|
cluster:
|
|
- manage_index_templates
|
|
indices:
|
|
- names: 'logstash-*'
|
|
privileges:
|
|
- write
|
|
- delete
|
|
- create_index
|
|
|
|
#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed.
|
|
- name: Elasticsearch Xpack modify
|
|
hosts: localhost
|
|
post_tasks:
|
|
- include: elasticsearch/test/integration/debug.yml
|
|
roles:
|
|
- elasticsearch
|
|
vars:
|
|
es_api_port: 9200
|
|
es_instance_name: "node1"
|
|
es_config_6x:
|
|
http.port: 9200
|
|
xpack.security.authc.realms.file1.order: 0
|
|
xpack.security.authc.realms.file1.type: file
|
|
xpack.security.authc.realms.native1.order: 1
|
|
xpack.security.authc.realms.native1.type: native
|
|
es_config_7x:
|
|
http.port: 9200
|
|
xpack.security.authc.realms.file.file1.order: 0
|
|
xpack.security.authc.realms.native.native1.order: 1
|
|
es_config: "{{ es_config_7x if es_major_version == '7.x' else es_config_6x }}"
|
|
es_heap_size: "1g"
|
|
es_templates: true
|
|
es_enable_xpack: true
|
|
es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}"
|
|
es_plugins:
|
|
- plugin: ingest-attachment
|
|
es_xpack_features:
|
|
- security
|
|
- alerting
|
|
es_api_basic_auth_username: elastic
|
|
es_api_basic_auth_password: elasticChanged
|
|
es_role_mapping:
|
|
power_user:
|
|
- "cn=admins,dc=example,dc=com"
|
|
user:
|
|
- "cn=users,dc=example,dc=com"
|
|
- "cn=admins,dc=example,dc=com"
|
|
es_users:
|
|
native:
|
|
kibana4_server:
|
|
password: changeMe
|
|
roles:
|
|
- kibana4_server
|
|
logstash_system:
|
|
#this will be ignored
|
|
roles:
|
|
- kibana4_server
|
|
file:
|
|
es_admin:
|
|
password: changeMeAgain
|
|
roles:
|
|
- admin
|
|
testUser:
|
|
password: changeMeAlso!
|
|
roles:
|
|
- power_user
|
|
- user
|