diff --git a/.github/workflows/test_full_stack.yml b/.github/workflows/test_full_stack.yml index 3663d4b4..725cf53f 100644 --- a/.github/workflows/test_full_stack.yml +++ b/.github/workflows/test_full_stack.yml @@ -29,6 +29,9 @@ jobs: - rockylinux8 scenario: - elasticstack_default + release: + - 7 + - 8 steps: - name: Check out code @@ -56,3 +59,4 @@ jobs: MOLECULE_DISTRO: ${{ matrix.distro }} PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' + ELASTIC_RELEASE: ${{ matrix.release }} diff --git a/.github/workflows/test_role_beats.yml b/.github/workflows/test_role_beats.yml index 9fde9e65..40837469 100644 --- a/.github/workflows/test_role_beats.yml +++ b/.github/workflows/test_role_beats.yml @@ -71,6 +71,7 @@ jobs: matrix: distro: [debian11, rockylinux8, ubuntu2204] scenario: [beats_default, beats_full_stack, beats_peculiar] + release: [ 7, 8 ] steps: - name: Check out code @@ -98,3 +99,4 @@ jobs: MOLECULE_DISTRO: ${{ matrix.distro }} PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' + ELASTIC_RELEASE: ${{ matrix.release }} diff --git a/.github/workflows/test_role_elasticsearch.yml b/.github/workflows/test_role_elasticsearch.yml index 99a06f43..d680c156 100644 --- a/.github/workflows/test_role_elasticsearch.yml +++ b/.github/workflows/test_role_elasticsearch.yml @@ -71,6 +71,7 @@ jobs: matrix: distro: [ubuntu2204] scenario: [elasticsearch_default, elasticsearch_cluster, elasticsearch_cluster-oss, elasticsearch_no-security] + release: [7, 8] steps: - name: Check out code @@ -96,5 +97,6 @@ jobs: molecule test -s ${{ matrix.scenario }} env: MOLECULE_DISTRO: ${{ matrix.distro }} + ELASTIC_RELEASE: ${{ matrix.release }} PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' diff --git a/.github/workflows/test_role_kibana.yml b/.github/workflows/test_role_kibana.yml index 9d28ab5b..00122650 100644 --- a/.github/workflows/test_role_kibana.yml +++ b/.github/workflows/test_role_kibana.yml @@ -71,6 +71,7 @@ jobs: matrix: distro: [ubuntu2204] scenario: [kibana_default, kibana_full_stack, kibana_full_stack-oss] + release: [ 7, 8 ] steps: - name: Check out code @@ -96,3 +97,4 @@ jobs: molecule test -s ${{ matrix.scenario }} env: MOLECULE_DISTRO: ${{ matrix.distro }} + ELASTIC_RELEASE: ${{ matrix.release }} diff --git a/.github/workflows/test_role_logstash.yml b/.github/workflows/test_role_logstash.yml index a0387503..e6765780 100644 --- a/.github/workflows/test_role_logstash.yml +++ b/.github/workflows/test_role_logstash.yml @@ -69,6 +69,7 @@ jobs: matrix: distro: [ubuntu2204] scenario: [logstash_default] + release: [ 7, 8 ] steps: - name: Check out code @@ -96,6 +97,7 @@ jobs: MOLECULE_DISTRO: ${{ matrix.distro }} PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' + ELASTIC_RELEASE: ${{ matrix.release }} molecule_tests: runs-on: ubuntu-latest @@ -115,6 +117,7 @@ jobs: logstash_full_stack-oss, logstash_specific_version, logstash_pipelines] + release: [ 7, 8 ] steps: - name: Check out code @@ -142,3 +145,4 @@ jobs: MOLECULE_DISTRO: ${{ matrix.distro }} PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' + ELASTIC_RELEASE: ${{ matrix.release }} diff --git a/.github/workflows/test_role_repos.yml b/.github/workflows/test_role_repos.yml index 8be30a8e..0baa39c0 100644 --- a/.github/workflows/test_role_repos.yml +++ b/.github/workflows/test_role_repos.yml @@ -70,7 +70,8 @@ jobs: matrix: distro: [centos7, debian10, debian11, rockylinux8, rockylinux9, ubuntu2004, ubuntu2204] - scenario: [repos_default, repos_oss, repos_elastic8] + scenario: [repos_default, repos_oss] + release: [ 7, 8 ] steps: - name: Check out code @@ -97,3 +98,4 @@ jobs: molecule test -s ${{ matrix.scenario }} env: MOLECULE_DISTRO: ${{ matrix.distro }} + ELASTIC_RELEASE: ${{ matrix.release }} diff --git a/.github/workflows/test_roles_pr.yml b/.github/workflows/test_roles_pr.yml index d3a57654..a06bcf54 100644 --- a/.github/workflows/test_roles_pr.yml +++ b/.github/workflows/test_roles_pr.yml @@ -28,6 +28,9 @@ jobs: - kibana_default - logstash_default - repos_default + release: + - 7 + - 8 steps: - name: Check out code @@ -55,3 +58,4 @@ jobs: MOLECULE_DISTRO: ${{ matrix.distro }} PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' + ELASTIC_RELEASE: ${{ matrix.release }} diff --git a/README.md b/README.md index 692e8fd3..bf25ca04 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,24 @@ You may want the following Ansible roles installed. There other ways to achieve ## Usage +### Default Passwords + +Default Passwords can be seen during generation, or found later in `/usr/share/elasticsearch/initial_passwords` + +To turn off security currently: +`elastic_override_beats_tls: true` +### Redis + +0) You need to install the redis role which is maintained by geerlingguy. + +``` +ansible-galaxy install geerlingguy.redis +``` + +1) Default: For general Elastic Stack installations using all features use the following. You will need Redis installed and running for the default setup to run. A viable way is using the `geerlingguy.redis` role. (You can install it with `ansible-galaxy install geerlingguy.redis) + +2) Specific: For OSS Installation without X-Pack features you can use the following. _Note_ this is only available for version `7.x`. + Our default configuration will collect filesystem logs placed by `rsyslog`. Therefor our example playbook makes sure, `rsyslog` is installed. If you don't want that, please change the configuration of the `beats` module. Without syslog you won't receive any messages with the default configuration. There are some comments in the Playbook. Either fill them with the correct values (`remote_user`) or consider them as a hint to commonly used options. @@ -46,6 +64,7 @@ There are some comments in the Playbook. Either fill them with the correct value _Note_: The roles rely on hardcoded group names for placing services on hosts. Please make sure you have groups named `elasticsearch`, `logstash` and `kibana` in your Ansible inventory. Hosts in these groups will get the respective services. Restricting your plays to the appropriate hosts will not work because the roles interact with hosts from other groups e.g. for certificate generation. The execution order of the roles is important! (see below) + ``` --- - hosts: all @@ -74,5 +93,4 @@ The execution order of the roles is important! (see below) - logstash - kibana - beats - ``` diff --git a/docs/role-elasticsearch.md b/docs/role-elasticsearch.md index de61f3a0..d5a81e3e 100644 --- a/docs/role-elasticsearch.md +++ b/docs/role-elasticsearch.md @@ -7,6 +7,8 @@ This role installs manages Elasticsearch on your hosts. Optionally it can config If you use the role to set up security you can use its CA to create certificates for Logstash and Kibana, too. +Please note that setting `elasticsearch_bootstrap_pw` as variable will only take effect when initialising Elasticsearch. Changes after starting elasticsearch for the first time will not change the bootstrap password for the instance and will lead to breaking tests. + Role Variables -------------- @@ -16,6 +18,7 @@ Role Variables * *elasticsearch_datapath*: Path where Elasticsearch will store it's data. (default: `/var/lib/elasticsearch` - the packages default) * *elasticsearch_create_datapath*: Create the path for data to store if it doesn't exist. (default: `false` - only useful if you change `elasticsearch_datapath`) * *elasticsearch_fs_repo*: List of paths that should be registered as repository for snapshots (only filesystem supported so far). (default: none) Remember, that every node needs access to the same share under the same path. +* *elasticsearch_bootstrap_pw*: Bootstrap password for Elasticsearch (Default: `PleaseChangeMe`) * *elasticsearch_disable_systemcallfilterchecks*: Disable system call filter checks. This has a security impact but is necessary on some systems. Please refer to the [docs](https://www.elastic.co/guide/en/elasticsearch/reference/7.17/_system_call_filter_check.html) for details. (default: `false`) * *elasticsearch_pamlimits*: Set pam_limits neccessary for Elasticsearch. (Default: `true`) diff --git a/molecule/beats_default/converge.yml b/molecule/beats_default/converge.yml index 72255217..f87e95dc 100644 --- a/molecule/beats_default/converge.yml +++ b/molecule/beats_default/converge.yml @@ -8,8 +8,10 @@ collections: - NETWAYS.elasticstack vars: + elastic_stack_full_stack: false elasticsearch_jna_workaround: true elasticsearch_disable_systemcallfilterchecks: true + elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" tasks: - name: Include Elastics repos role include_role: diff --git a/molecule/beats_full_stack/converge.yml b/molecule/beats_full_stack/converge.yml index 28fab1f4..41ff09e1 100644 --- a/molecule/beats_full_stack/converge.yml +++ b/molecule/beats_full_stack/converge.yml @@ -17,6 +17,7 @@ - "testbed: molecule" elasticsearch_jna_workaround: true elasticsearch_disable_systemcallfilterchecks: true + elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" tasks: - name: Include Elastics repos role include_role: diff --git a/molecule/beats_peculiar/converge.yml b/molecule/beats_peculiar/converge.yml index fa7fd830..b71ef0fd 100644 --- a/molecule/beats_peculiar/converge.yml +++ b/molecule/beats_peculiar/converge.yml @@ -33,6 +33,7 @@ beats_metricbeat: true metricbeat_output: logstash filebeat_docker: true + elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" tasks: - name: Set Filebeat version on RedHat set_fact: diff --git a/molecule/elasticsearch_cluster-8/converge.yml b/molecule/elasticsearch_cluster-8/converge.yml deleted file mode 100644 index 8b3aaa6b..00000000 --- a/molecule/elasticsearch_cluster-8/converge.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# The workaround for arbitrarily named role directory is important because the git repo has one name and the role within it another -# Found at: https://github.com/ansible-community/molecule/issues/1567#issuecomment-436876722 -- name: Converge - hosts: all - collections: - - NETWAYS.elasticstack - vars: - # elasticsearch_disable_systemcallfilterchecks: true - elastic_release: 8 - elasticsearch_jna_workaround: true - tasks: - - name: "Include Elastics repos role" - include_role: - name: repos - - name: "Include Elasticsearch" - include_role: - name: elasticsearch diff --git a/molecule/elasticsearch_cluster-8/molecule.yml b/molecule/elasticsearch_cluster-8/molecule.yml deleted file mode 100644 index 0a4e67ab..00000000 --- a/molecule/elasticsearch_cluster-8/molecule.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: elasticsearch-cluster81 - groups: - - elasticsearch - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - privileged: true - pre_build_image: true - - name: elasticsearch-cluster82 - groups: - - elasticsearch - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - privileged: true - pre_build_image: true -provisioner: - name: ansible -verifier: - name: ansible diff --git a/molecule/elasticsearch_cluster-8/prepare.yml b/molecule/elasticsearch_cluster-8/prepare.yml deleted file mode 100644 index d6abc016..00000000 --- a/molecule/elasticsearch_cluster-8/prepare.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Prepare - hosts: all - tasks: - - name: Refresh apt cache - apt: - update_cache: yes - when: ansible_os_family == "Debian" - - - name: Install git - package: - name: git - - - name: Install packages for RHEL - package: - name: - - iproute - - NetworkManager - when: ansible_os_family == "RedHat" - - - name: Start NetworkManager - service: - name: NetworkManager - state: started - enabled: yes - when: ansible_os_family == "RedHat" - - - name: Install packages for Debian - package: - name: - - gpg - - gpg-agent - - procps - - curl - - iproute2 - when: ansible_os_family == "Debian" diff --git a/molecule/elasticsearch_cluster-8/requirements.yml b/molecule/elasticsearch_cluster-8/requirements.yml deleted file mode 100644 index 8dd51618..00000000 --- a/molecule/elasticsearch_cluster-8/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -collections: - - community.general diff --git a/molecule/elasticsearch_cluster-oss/converge.yml b/molecule/elasticsearch_cluster-oss/converge.yml index 4160b128..fcfa00f9 100644 --- a/molecule/elasticsearch_cluster-oss/converge.yml +++ b/molecule/elasticsearch_cluster-oss/converge.yml @@ -9,6 +9,7 @@ elastic_variant: oss elasticsearch_jna_workaround: true elasticsearch_disable_systemcallfilterchecks: true + elastic_release: 7 tasks: - name: Include Elastics repos role include_role: diff --git a/molecule/elasticsearch_cluster/converge.yml b/molecule/elasticsearch_cluster/converge.yml index abe83483..b8578b08 100644 --- a/molecule/elasticsearch_cluster/converge.yml +++ b/molecule/elasticsearch_cluster/converge.yml @@ -8,6 +8,7 @@ vars: elasticsearch_jna_workaround: true elasticsearch_disable_systemcallfilterchecks: true + elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" tasks: - name: Include Elastics repos role include_role: diff --git a/molecule/elasticsearch_default/converge.yml b/molecule/elasticsearch_default/converge.yml index df3ce033..a60272aa 100644 --- a/molecule/elasticsearch_default/converge.yml +++ b/molecule/elasticsearch_default/converge.yml @@ -6,10 +6,11 @@ - NETWAYS.elasticstack hosts: all vars: - elasticsearch_enable: false - elasticsearch_security: false + #elasticsearch_security: true # needed for tests of > 7 releases + elastic_stack_full_stack: false elasticsearch_jna_workaround: true elasticsearch_disable_systemcallfilterchecks: true + elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" tasks: - name: Include Elastics repos role include_role: diff --git a/molecule/elasticsearch_no-security/converge.yml b/molecule/elasticsearch_no-security/converge.yml index 70361213..dc3f1e68 100644 --- a/molecule/elasticsearch_no-security/converge.yml +++ b/molecule/elasticsearch_no-security/converge.yml @@ -7,8 +7,10 @@ hosts: all vars: elasticsearch_security: false + elastic_security: false elasticsearch_jna_workaround: true elasticsearch_disable_systemcallfilterchecks: true + elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" tasks: - name: Include Elastics repos role include_role: diff --git a/molecule/elasticsearch_no-security/molecule.yml b/molecule/elasticsearch_no-security/molecule.yml index f980152b..83ba94da 100644 --- a/molecule/elasticsearch_no-security/molecule.yml +++ b/molecule/elasticsearch_no-security/molecule.yml @@ -4,7 +4,17 @@ dependency: driver: name: docker platforms: - - name: elasticsearch_no_security + - name: elasticsearch-nosecurity1 + groups: + - elasticsearch + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + - name: elasticsearch-nosecurity2 groups: - elasticsearch image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" diff --git a/molecule/elasticsearch_no-security/verify.yml b/molecule/elasticsearch_no-security/verify.yml index b7c3aac2..93d20b44 100644 --- a/molecule/elasticsearch_no-security/verify.yml +++ b/molecule/elasticsearch_no-security/verify.yml @@ -7,18 +7,6 @@ elastic_initial_passwords: /usr/share/elasticsearch/initial_passwords tasks: - - name: Set elasticsearch_ca variable if not already done by user - set_fact: - elasticsearch_ca: "{{ groups['elasticsearch'][0] }}" - when: elasticsearch_ca is undefined - - - name: Fetch Elastic password - shell: grep "PASSWORD elastic" {{ elastic_initial_passwords }} | awk {' print $4 '} - register: elastic_password - changed_when: false - delegate_to: "{{ elasticsearch_ca }}" - - # Remember, this is the no-security scenario. So no https - name: Health check uri: diff --git a/molecule/elasticstack_default/converge.yml b/molecule/elasticstack_default/converge.yml index b8b54f6c..630a8377 100644 --- a/molecule/elasticstack_default/converge.yml +++ b/molecule/elasticstack_default/converge.yml @@ -8,6 +8,7 @@ elasticsearch_disable_systemcallfilterchecks: true elastic_stack_full_stack: true elastic_variant: oss + elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" tasks: - name: Include Elastic Repos include_role: diff --git a/molecule/kibana_default/converge.yml b/molecule/kibana_default/converge.yml index 0be4ad7a..7fcf730d 100644 --- a/molecule/kibana_default/converge.yml +++ b/molecule/kibana_default/converge.yml @@ -5,6 +5,9 @@ # https://github.com/ansible-community/molecule/issues/1567#issuecomment-436876722 - name: Converge hosts: all + vars: + elastic_stack_full_stack: false + elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" collections: - NETWAYS.elasticstack tasks: diff --git a/molecule/kibana_full_stack-oss/converge.yml b/molecule/kibana_full_stack-oss/converge.yml index 604a7ae9..6ba41220 100644 --- a/molecule/kibana_full_stack-oss/converge.yml +++ b/molecule/kibana_full_stack-oss/converge.yml @@ -10,6 +10,7 @@ vars: elastic_stack_full_stack: true elastic_variant: oss + elastic_release: 7 tasks: - name: Include Elastic Repos include_role: diff --git a/molecule/kibana_full_stack/converge.yml b/molecule/kibana_full_stack/converge.yml index af39cc3b..cac315c4 100644 --- a/molecule/kibana_full_stack/converge.yml +++ b/molecule/kibana_full_stack/converge.yml @@ -9,6 +9,7 @@ - NETWAYS.elasticstack vars: elastic_stack_full_stack: true + elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" tasks: - name: Include Elastic Repos include_role: diff --git a/molecule/logstash_default/converge.yml b/molecule/logstash_default/converge.yml index a0e058a0..5e26daf1 100644 --- a/molecule/logstash_default/converge.yml +++ b/molecule/logstash_default/converge.yml @@ -5,6 +5,9 @@ # https://github.com/ansible-community/molecule/issues/1567#issuecomment-436876722 - name: Converge hosts: all + vars: + elastic_stack_full_stack: false + elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" collections: - NETWAYS.elasticstack tasks: diff --git a/molecule/logstash_full_stack-oss/converge.yml b/molecule/logstash_full_stack-oss/converge.yml index 651e89b2..c4eb598f 100644 --- a/molecule/logstash_full_stack-oss/converge.yml +++ b/molecule/logstash_full_stack-oss/converge.yml @@ -21,6 +21,7 @@ filebeat_syslog_udp: true filebeat_syslog_tcp: true logstash_beats_tls: false + elastic_release: 7 tasks: - name: "Include Elastics repos role" include_role: diff --git a/molecule/logstash_full_stack/converge.yml b/molecule/logstash_full_stack/converge.yml index 30185bdd..d251bf98 100644 --- a/molecule/logstash_full_stack/converge.yml +++ b/molecule/logstash_full_stack/converge.yml @@ -11,6 +11,7 @@ elastic_stack_full_stack: true filebeat_syslog_udp: true filebeat_syslog_tcp: true + elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" tasks: - name: Include repos role include_role: diff --git a/molecule/logstash_pipelines/converge.yml b/molecule/logstash_pipelines/converge.yml index 7ba9141d..908315c9 100644 --- a/molecule/logstash_pipelines/converge.yml +++ b/molecule/logstash_pipelines/converge.yml @@ -29,6 +29,7 @@ key: forwarder logstash_pipeline_identifier_field_name: "[mytest][pipelines]" logstash_pipeline_identifier_defaults: true + elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" tasks: - name: "Include Elastics repos role" include_role: diff --git a/molecule/logstash_run_logstash/converge.yml b/molecule/logstash_run_logstash/converge.yml index 0dcb72ec..fd852af0 100644 --- a/molecule/logstash_run_logstash/converge.yml +++ b/molecule/logstash_run_logstash/converge.yml @@ -40,6 +40,7 @@ output: - name: forwarder key: forwarder + elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" tasks: - name: Include Elastics repos role include_role: diff --git a/molecule/logstash_specific_version/converge.yml b/molecule/logstash_specific_version/converge.yml index b4910eaf..aab57eef 100644 --- a/molecule/logstash_specific_version/converge.yml +++ b/molecule/logstash_specific_version/converge.yml @@ -12,6 +12,7 @@ logstash_logging_console: false logstash_logging_slow_file: false logstash_pipeline_identifier: false + elastic_release: 7 tasks: - name: Set Logstash version on RedHat diff --git a/molecule/repos_default/converge.yml b/molecule/repos_default/converge.yml index 12597e29..32a5d243 100644 --- a/molecule/repos_default/converge.yml +++ b/molecule/repos_default/converge.yml @@ -5,6 +5,8 @@ - NETWAYS.elasticstack vars: elastic_rpm_workaround: true + elastic_stack_full_stack: false + elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" tasks: - name: Include Elastic Repos ansible.builtin.include_role: diff --git a/molecule/repos_elastic8/converge.yml b/molecule/repos_elastic8/converge.yml deleted file mode 100644 index 6c71e2b2..00000000 --- a/molecule/repos_elastic8/converge.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# The workaround for arbitrarily named role directory is important because the git repo has one name and the role within it another -# Found at: https://github.com/ansible-community/molecule/issues/1567#issuecomment-436876722 -- name: Converge - collections: - - NETWAYS.elasticstack - vars: - elastic_release: 8 - elastic_rpm_workaround: true - hosts: all - tasks: - - name: "Include Elastic Repos" - ansible.builtin.include_role: - name: repos diff --git a/molecule/repos_elastic8/molecule.yml b/molecule/repos_elastic8/molecule.yml deleted file mode 100644 index dbbe9ea0..00000000 --- a/molecule/repos_elastic8/molecule.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: elastic-repos-default - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - privileged: true - pre_build_image: true -provisioner: - name: ansible -verifier: - name: ansible diff --git a/molecule/repos_elastic8/prepare.yml b/molecule/repos_elastic8/prepare.yml deleted file mode 100644 index 619f7c2c..00000000 --- a/molecule/repos_elastic8/prepare.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Prepare - hosts: all - tasks: - - name: Install requirements for Debian - ansible.builtin.apt: - name: - - gpg - - apt-transport-https - update_cache: yes - when: ansible_os_family == "Debian" - - name: Install requirements for Ubuntu - ansible.builtin.apt: - name: - - gpg-agent - update_cache: yes - when: ansible_os_family == "Debian" and ansible_distribution == "Ubuntu" \ No newline at end of file diff --git a/molecule/repos_elastic8/verify.yml b/molecule/repos_elastic8/verify.yml deleted file mode 100644 index d0511758..00000000 --- a/molecule/repos_elastic8/verify.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - tasks: - - name: Install Kibana - ansible.builtin.package: - name: kibana diff --git a/molecule/repos_oss/converge.yml b/molecule/repos_oss/converge.yml index c98cf928..fe97b87e 100644 --- a/molecule/repos_oss/converge.yml +++ b/molecule/repos_oss/converge.yml @@ -8,6 +8,7 @@ vars: elastic_variant: oss elastic_rpm_workaround: true + elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" tasks: - name: "Include Elastic Repos" ansible.builtin.include_role: diff --git a/roles/beats/defaults/main.yml b/roles/beats/defaults/main.yml index e13ca19b..1f220762 100644 --- a/roles/beats/defaults/main.yml +++ b/roles/beats/defaults/main.yml @@ -60,7 +60,8 @@ metricbeat_modules: - system metricbeat_loadbalance: true -elastic_stack_full_stack: false +elastic_release: 8 +elastic_stack_full_stack: true elastic_variant: elastic elastic_security: true diff --git a/roles/elasticsearch/defaults/main.yml b/roles/elasticsearch/defaults/main.yml index c963d8a0..1c306de5 100644 --- a/roles/elasticsearch/defaults/main.yml +++ b/roles/elasticsearch/defaults/main.yml @@ -29,5 +29,6 @@ elastic_cert_pass: PleaseChangeMeIndividually # "global" variables for all roles -elastic_release: 7 +elastic_release: 8 +elastic_stack_full_stack: true elastic_variant: elastic diff --git a/roles/elasticsearch/tasks/elasticsearch-parameters.yml b/roles/elasticsearch/tasks/elasticsearch-parameters.yml index 8823c431..5f443b71 100644 --- a/roles/elasticsearch/tasks/elasticsearch-parameters.yml +++ b/roles/elasticsearch/tasks/elasticsearch-parameters.yml @@ -1,8 +1,8 @@ --- -- name: Fail when security is not declared when elasticsearch >= 8 - ansible.builtin.fail: - msg: "Elasticsearch >= 8 requires enabled security. Set elasticsearch_security to true" - when: - - elastic_release >= 8 - - elastic_variant == 'elastic' - - elasticsearch_security is not defined or not elasticsearch_security +#- name: Fail when security is not declared when elasticsearch >= 8 +# ansible.builtin.fail: +# msg: "Elasticsearch >= 8 requires enabled security. Set elasticsearch_security to true" +# when: +# - elastic_release | int >= 8 +# - elastic_variant == 'elastic' +# - elasticsearch_security is not defined or not elasticsearch_security diff --git a/roles/elasticsearch/tasks/main.yml b/roles/elasticsearch/tasks/main.yml index bea13223..fc31241a 100644 --- a/roles/elasticsearch/tasks/main.yml +++ b/roles/elasticsearch/tasks/main.yml @@ -96,7 +96,7 @@ - name: Show Info about heap debug: - msg: "Using {{ elasticsearch_heap * 1024 }} of {{ ansible_memtotal_mb }} MB as heap for Elasticsearch" + msg: "Using {{ elasticsearch_heap | int / 1024 }} of {{ ansible_memtotal_mb }} MB as heap for Elasticsearch" - name: Start Elasticsearch service: diff --git a/roles/elasticsearch/tasks/wait_for_instance.yml b/roles/elasticsearch/tasks/wait_for_instance.yml index c1eceb35..70c82caa 100644 --- a/roles/elasticsearch/tasks/wait_for_instance.yml +++ b/roles/elasticsearch/tasks/wait_for_instance.yml @@ -4,3 +4,4 @@ wait_for: host: "{{ hostvars[item].ansible_default_ipv4.address }}" port: 9200 + timeout: 600 diff --git a/roles/elasticsearch/templates/elasticsearch.yml.j2 b/roles/elasticsearch/templates/elasticsearch.yml.j2 index dd55dee2..43d93ba8 100644 --- a/roles/elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elasticsearch/templates/elasticsearch.yml.j2 @@ -2,7 +2,7 @@ node.name: "{{ ansible_hostname }}" path.data: {{ elasticsearch_datapath }} path.logs: /var/log/elasticsearch network.host: ["_local_","_site_"] -{% if elastic_release < 8 or groups['elasticsearch'] | length > 1 %} +{% if elastic_release | int < 8 or groups['elasticsearch'] | length > 1 %} discovery.seed_hosts: [ {% for host in groups['elasticsearch'] %} "{{ hostvars[host].ansible_default_ipv4.address | default(hostvars[host].ansible_all_ipv4_addresses[0]) }}"{% if not loop.last %},{% endif %} {% endfor %} ] @@ -13,7 +13,7 @@ cluster.initial_master_nodes: [ {% for host in groups['elasticsearch'] %} {% if elastic_temperature is defined %} node.attr.temp: "{{ elastic_temperature }}" {% endif %} -{% if elasticsearch_disable_systemcallfilterchecks | bool %} +{% if elasticsearch_disable_systemcallfilterchecks | bool and elastic_release == 7 %} bootstrap.system_call_filter: false {% endif %} {% if elastic_variant == "elastic" %} diff --git a/roles/kibana/defaults/main.yml b/roles/kibana/defaults/main.yml index d363b5c8..1ae2bd24 100644 --- a/roles/kibana/defaults/main.yml +++ b/roles/kibana/defaults/main.yml @@ -16,5 +16,6 @@ elastic_initial_passwords: /usr/share/elasticsearch/initial_passwords # "global" variables for all roles -elastic_release: 7 +elastic_release: 8 +elastic_stack_full_stack: true elastic_variant: elastic diff --git a/roles/logstash/defaults/main.yml b/roles/logstash/defaults/main.yml index 0b0308ac..6a899106 100644 --- a/roles/logstash/defaults/main.yml +++ b/roles/logstash/defaults/main.yml @@ -59,15 +59,14 @@ logstash_pipeline_identifier: true logstash_pipeline_identifier_field_name: "[netways][pipeline]" logstash_pipeline_identifier_defaults: false -# elastic full stack configuration -elastic_stack_full_stack: false elastic_ca_dir: /opt/es-ca elastic_initial_passwords: /usr/share/elasticsearch/initial_passwords elastic_ca_pass: PleaseChangeMe # "global" variables for all roles -elastic_release: 7 +elastic_release: 8 +elastic_stack_full_stack: true elastic_variant: elastic elastic_security: true diff --git a/roles/repos/defaults/main.yml b/roles/repos/defaults/main.yml index 6618d82c..de1b24cc 100644 --- a/roles/repos/defaults/main.yml +++ b/roles/repos/defaults/main.yml @@ -1,6 +1,7 @@ --- # defaults file for elastic-repos -elastic_release: 7 +elastic_release: 8 +elastic_stack_full_stack: true elastic_variant: elastic elastic_rpm_workaround: false diff --git a/roles/repos/tasks/main.yml b/roles/repos/tasks/main.yml index e0f1a181..f0d18b2c 100644 --- a/roles/repos/tasks/main.yml +++ b/roles/repos/tasks/main.yml @@ -4,7 +4,7 @@ ansible.builtin.fail: msg: "No OSS versions later than 7 are available" when: - - elastic_release > 7 + - elastic_release | int > 7 - elastic_variant == "oss" - import_tasks: redhat.yml