molecule/elasticstack_default/verify.yml

---

- name: Verify outcome of collection
  hosts: all
  vars:
    elasticstack_elasticsearch_http_port: 9200
    elasticstack_initial_passwords: /usr/share/elasticsearch/initial_passwords
    elasticstack_elasticsearch_group_name: elasticsearch
  tasks:

    - name: Run Logstash syntax check
      ansible.builtin.command: "/usr/share/logstash/bin/logstash --path.settings=/etc/logstash -t"
      when: "'logstash' in group_names"

    - name: Check for open port 5044/tcp
      ansible.builtin.wait_for:
        port: 5044
      when: "'logstash' in group_names"

    - name: Wait for syslog port to open
      ansible.builtin.wait_for:
        port: 514

    - name: Set elasticsearch_ca variable if not already done by user
      ansible.builtin.set_fact:
        elasticsearch_ca: "{{ groups[elasticstack_elasticsearch_group_name][0] }}"
      when: elasticsearch_ca is undefined

    - name: fetch Elastic password
      ansible.builtin.shell: |
        grep "PASSWORD elastic " /usr/share/elasticsearch/initial_passwords |
        awk {' print $4 '}
      register: elastic_pass
      changed_when: false
      delegate_to: "{{ elasticsearch_ca }}"

    - name: Query for Logstash indices
      ansible.builtin.shell: >
        curl -ks -uelastic:{{ elastic_pass.stdout }}
        https://localhost:{{ elasticstack_elasticsearch_http_port }}/_cat/indices |
        grep logstash |
        awk {' print $7 '} |
        sort -n |
        tail -1
      register: logstash_count
      when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names"

    - name: Show full output
      ansible.builtin.debug:
        var: logstash_count
      when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names"

    - name: Fail when logstash index is empty
      ansible.builtin.fail:
        msg: "Logstash Index is empty"
      when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names and logstash_count.stdout == 0"

    - name: Show number of received events
      ansible.builtin.debug:
        msg: "Elasticsearch received {{ logstash_count.stdout }} events so far"
      when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names"

    - name: Run Kibana checks
      when: "'kibana' in group_names"
      block:

        - name: Fetch kibana.yml
          ansible.builtin.command: cat /etc/kibana/kibana.yml
          register: kibanayml

        - name: Show kibana.yml
          ansible.builtin.debug:
            var: kibanayml.stdout_lines

        - name: Check for Kibana port
          ansible.builtin.wait_for:
            port: 5601
            timeout: 120

        - name: Connect to Kibana
          ansible.builtin.command:
            curl
            -s
            -u elastic:{{ elastic_pass.stdout }}
            http://{{ ansible_hostname }}:5601/api/status
          register: curl_out
          failed_when:
            - "'green' not in curl_out.stdout"
            - "'Elasticsearch is available' not in curl_out.stdout"

          # The following might be nicer but doesn't work
          #- name: Connect to Kibana
          #  ansible.builtin.uri:
          #    url: http://ansible-role-kibana_full_stack:5601/api/status
          #    user: elastic
          #    password: "{{ elastic_password.stdout }}"
          #    return_content: yes
          #  register: kibana_status
          #  #failed_when: "'"title": "Green"' not in kibana_status.content"
          #  failed_when: "'Green' not in kibana_status.content"

    - name: Elasticsearch health check
      ansible.builtin.uri:
        url: https://localhost:{{ elasticstack_elasticsearch_http_port }}/_cluster/health
        method: GET
        force_basic_auth: yes
        user: elastic
        password: "{{ elastic_pass.stdout }}"
        return_content: yes
        status_code: 200
        validate_certs: false
      register: result
      until: result.json.status == "green"
      retries: 6
      delay: 10
      when: groups[elasticstack_elasticsearch_group_name] | length > 1

    - name: Elasticsearch Node check
      ansible.builtin.uri:
        url: https://localhost:{{ elasticstack_elasticsearch_http_port }}/_cat/nodes
        method: GET
        force_basic_auth: yes
        user: elastic
        password: "{{ elastic_pass.stdout }}"
        return_content: yes
        status_code: 200
        validate_certs: false
      register: nodes
      when: groups[elasticstack_elasticsearch_group_name] | length > 1

    - name: Check if all Nodes see each other
      ansible.builtin.assert:
        that:
          - "'{{ item }}' in nodes.content"
        fail_msg: "'{{ item }}' was not found in nodes.content"
        success_msg: "'{{ item }}' was found in nodes.content"
      with_inventory_hostnames: all
      when: groups[elasticstack_elasticsearch_group_name] | length > 1