├── .ackrc ├── .github ├── ISSUE_TEMPLATE.md └── workflows │ ├── qansible.yml │ ├── release.yml │ ├── rubocop.yml │ └── yamllint.yml ├── .gitignore ├── .kitchen.yml ├── .rubocop.yml ├── .rubocop_todo.yml ├── .travis.yml ├── .yamllint.yml ├── CHANGELOG.md ├── Gemfile ├── Gemfile.lock ├── Jenkinsfile ├── LICENSE ├── README.md ├── Rakefile ├── ansible.cfg ├── defaults ├── .keepme └── main.yml ├── extra_modules └── .keepme ├── files └── .keepme ├── filter_plugins └── .keepme ├── handlers ├── .keepme └── main.yml ├── library └── .keepme ├── meta ├── .keepme └── main.yml ├── requirements.yml ├── tasks ├── .keepme ├── install-Debian.yml ├── install-FreeBSD.yml ├── install-RedHat.yml └── main.yml ├── templates ├── .keepme ├── Debian.default.j2 ├── FreeBSD.rc.j2 ├── RedHat.sysconfig.j2 ├── elasticsearch.yml.j2 ├── jvm.options.j2 ├── log4j2.properties.j2 ├── raw.j2 └── yaml.j2 ├── tests ├── .keepme ├── integration │ ├── .keepme │ └── example │ │ ├── .gitignore │ │ ├── .rspec │ │ ├── Rakefile │ │ ├── Vagrantfile │ │ ├── client.yml │ │ ├── example.yml │ │ ├── group_vars │ │ └── .keepme │ │ ├── host_vars │ │ └── .keepme │ │ ├── inventories │ │ ├── .keepme │ │ └── staging │ │ ├── roles │ │ └── .keepme │ │ ├── server.yml │ │ ├── site.yml │ │ └── spec │ │ ├── .keepme │ │ ├── default_spec.rb │ │ └── spec_helper.rb ├── serverspec │ ├── .keepme │ ├── default.yml │ ├── default_spec.rb │ └── spec_helper.rb └── travisci │ ├── .keepme │ ├── inventory │ └── tests.yml └── vars ├── .keepme ├── Debian.yml ├── FreeBSD.yml └── RedHat.yml /.ackrc: -------------------------------------------------------------------------------- 1 | --ignore-dir=vendor 2 | --ignore-dir=.kitchen 3 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 6 | 7 | ##### ISSUE TYPE 8 | 9 | - Bug Report 10 | - Feature Idea 11 | - Documentation Report 12 | 13 | ##### ROLE VERSION 14 | 15 | ``` 16 | 17 | ``` 18 | 19 | ##### CONFIGURATION 20 | 24 | 25 | ##### OS / ENVIRONMENT 26 | 31 | 32 | ##### SUMMARY 33 | 34 | 35 | ##### STEPS TO REPRODUCE 36 | 40 | 41 | 42 | 43 | ```yaml 44 | 45 | ``` 46 | 47 | 48 | 49 | 50 | ``` 51 | ``` 52 | 53 | ##### EXPECTED RESULTS 54 | 55 | 56 | ##### ACTUAL RESULTS 57 | 58 | -------------------------------------------------------------------------------- /.github/workflows/qansible.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: qansible 3 | on: 4 | - pull_request 5 | - push 6 | jobs: 7 | qansible: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - name: Checkout 11 | uses: actions/checkout@v2 12 | 13 | - name: Install ruby 14 | uses: ruby/setup-ruby@v1 15 | with: 16 | ruby-version: 2.6 17 | bundler-cache: true 18 | 19 | - name: Checkout the latest release of qansible 20 | run: | 21 | git clone https://github.com/trombik/qansible.git 22 | ( cd qansible && git checkout $(git describe --tags $(git rev-list --tags --max-count=1)) ) 23 | ( cd qansible && bundle install --with "test" && bundle exec rake build && gem install pkg/*.gem ) 24 | rm -rf qansible 25 | GEM_DIR=`gem env gemdir` 26 | ls ${GEM_DIR}/bin 27 | echo "PATH=${PATH}:${GEM_DIR}/bin" >> $GITHUB_ENV 28 | 29 | - name: Run qansible 30 | run: | 31 | 32 | # surpress a warning from `qansible qa because .kitchen.local.yml is 33 | # meant to local environment, not CI. 34 | touch .kitchen.local.yml 35 | qansible qa 36 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Publish on Ansible Galaxy 3 | 4 | on: 5 | push: 6 | tags: 7 | - "v*" 8 | branches: 9 | - master 10 | 11 | jobs: 12 | publish: 13 | name: Publish on Ansible Galaxy 14 | runs-on: ubuntu-latest 15 | 16 | steps: 17 | - name: Checkout Code 18 | uses: actions/checkout@v2 19 | 20 | - name: Release Ansible Role to Galaxy 21 | uses: hspaans/ansible-galaxy-action@v0.2.9 22 | with: 23 | api_key: ${{ secrets.galaxy_api_key }} 24 | -------------------------------------------------------------------------------- /.github/workflows/rubocop.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: rubocop 3 | on: 4 | - pull_request 5 | - push 6 | jobs: 7 | rubocop: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - name: Checkout 11 | uses: actions/checkout@v2 12 | 13 | - name: Install ruby 14 | uses: ruby/setup-ruby@v1 15 | with: 16 | ruby-version: 2.6 17 | bundler-cache: true 18 | 19 | - name: Run rubocop 20 | run: | 21 | bundle exec rubocop --display-cop-names --extra-details 22 | -------------------------------------------------------------------------------- /.github/workflows/yamllint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: yamllint 3 | on: 4 | - pull_request 5 | - push 6 | jobs: 7 | yamllint: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - name: Checkout 11 | uses: actions/checkout@v2 12 | 13 | - name: Install python 14 | uses: actions/setup-python@v2 15 | 16 | - name: Install dependencies 17 | run: | 18 | sudo apt-get install \ 19 | yamllint 20 | 21 | - name: Run yamllint 22 | run: | 23 | yamllint -c .yamllint.yml . 24 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.kitchen/ 2 | .kitchen.local.yml 3 | *.swp 4 | .bundle/ 5 | vendor/ 6 | -------------------------------------------------------------------------------- /.kitchen.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver: 3 | name: vagrant 4 | customize: 5 | memory: 2048 6 | 7 | transport: 8 | name: rsync 9 | 10 | provisioner: 11 | hosts: test-kitchen 12 | name: ansible_playbook 13 | require_chef_for_busser: false 14 | require_ruby_for_busser: false 15 | ansible_verbosity: 1 16 | ansible_verbose: true 17 | ansible_extra_flags: <%= ENV['ANSIBLE_EXTRA_FLAGS'] %> 18 | requirements_path: requirements.yml 19 | http_proxy: <%= ENV['ANSIBLE_PROXY'] %> 20 | idempotency_test: true 21 | additional_copy_path: 22 | - extra_modules 23 | - filter_plugins 24 | 25 | platforms: 26 | - name: freebsd-13.0-amd64 27 | driver: 28 | box: trombik/ansible-freebsd-13.0-amd64 29 | box_check_update: false 30 | driver_config: 31 | ssh: 32 | shell: '/bin/sh' 33 | provisioner: 34 | extra_vars: 35 | ansible_python_interpreter: '/usr/local/bin/python3' 36 | 37 | - name: ubuntu-18.04-amd64 38 | driver: 39 | box: trombik/ansible-ubuntu-18.04-amd64 40 | box_check_update: false 41 | 42 | - name: ubuntu-20.04-amd64 43 | driver: 44 | box: trombik/ansible-ubuntu-20.04-amd64 45 | box_check_update: false 46 | 47 | - name: centos-7.8-amd64 48 | driver: 49 | box: trombik/ansible-centos-7.8-x86_64 50 | box_check_update: false 51 | 52 | suites: 53 | - name: default 54 | provisioner: 55 | name: ansible_playbook 56 | playbook: tests/serverspec/default.yml 57 | verifier: 58 | name: shell 59 | command: rspec -c -f d -I tests/serverspec tests/serverspec/default_spec.rb 60 | -------------------------------------------------------------------------------- /.rubocop.yml: -------------------------------------------------------------------------------- 1 | --- 2 | inherit_from: .rubocop_todo.yml 3 | 4 | AllCops: 5 | Exclude: 6 | # there is no reason to test external files 7 | - "roles.galaxy/**/*" 8 | - "vendor/**/*" 9 | - "tests/integration/**/roles/*" 10 | - "extra_roles/**/*" 11 | - "qansible" 12 | # enable detailed explanations available in cops 13 | # the default output is not enough to understand what is wrong 14 | DisplayCopNames: true 15 | ExtraDetails: true 16 | DisplayStyleGuide: true 17 | 18 | # the default CacheRootDirectory is no longer `/tmp`, but a directory under 19 | # `$HOME` and some Unix platforms use symlink to that path 20 | AllowSymlinksInCacheRootDirectory: true 21 | 22 | Style/StringLiterals: 23 | # https://github.com/reallyenglish/ansible-role-example/issues/60#issuecomment-280573231 24 | EnforcedStyle: double_quotes 25 | 26 | Style/SymbolArray: 27 | # perefer brackets for `grep-ability` 28 | EnforcedStyle: brackets 29 | 30 | Metrics/BlockLength: 31 | Exclude: 32 | # Vagrantfile is not application code, rather, configuration file and 33 | # blocks in it tends to be long 34 | - "**/Vagrantfile" 35 | ExcludedMethods: 36 | # these two exclude long blocks in `_spec.rb` 37 | - describe 38 | - context 39 | 40 | Metrics/LineLength: 41 | Exclude: 42 | # `_spec.rb` often contains one-liner shell command 43 | - "**/*_spec.rb" 44 | # same as in Metrics/BlockLength 45 | - "**/Vagrantfile" 46 | # Gemfile is not application code 47 | - "Gemfile" 48 | # ignore heredoc for readability 49 | AllowHeredoc: true 50 | # URLs are almost always long 51 | AllowURI: true 52 | URISchemes: 53 | - http 54 | - https 55 | - git 56 | - ftp 57 | IgnoreCopDirectives: true 58 | -------------------------------------------------------------------------------- /.rubocop_todo.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/.rubocop_todo.yml -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | os: linux 3 | dist: focal 4 | language: python 5 | python: "3.6" 6 | 7 | # Install ansible 8 | addons: 9 | apt: 10 | update: true 11 | packages: 12 | - python3-pip 13 | - curl 14 | cache: 15 | directories: 16 | - $HOME/.rvm/ 17 | - $HOME/.bundler/ 18 | - $HOME/.cache/pip/ 19 | - $HOME/.vagrant.d/boxes/ 20 | pip: true 21 | 22 | env: 23 | - PLATFORM=freebsd 24 | - PLATFORM=openbsd 25 | - PLATFORM=centos 26 | - PLATFORM=ubuntu 27 | 28 | before_install: 29 | # XXX update RubyGem to fix build in Travis CI. when ruby 2.6.3 or later is 30 | # available in travis environment, this can be removed. 31 | # see details at: 32 | # https://bundler.io/blog/2019/05/14/solutions-for-cant-find-gem-bundler-with-executable-bundle.html 33 | - yes | gem update --system --force 34 | - gem install bundler 35 | - wget https://releases.hashicorp.com/vagrant/2.2.9/vagrant_2.2.9_x86_64.deb 36 | - sudo dpkg -i vagrant_2.2.9_x86_64.deb 37 | - vagrant --version 38 | 39 | # for virtualbox 40 | - sudo apt-get install "linux-headers-`uname -r`" 41 | - wget -q https://github.com/trombik/ansible-role-sensu_go_backend/releases/download/1.4.0/oracle_vbox_2016.asc -O - | sudo apt-key add - 42 | - sudo add-apt-repository -y "deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian `lsb_release -cs` contrib" 43 | - sudo apt-get update 44 | - sudo apt-get install virtualbox-6.1 45 | 46 | install: 47 | # Install ansible 2.9 because 2.10 changed its options, ignores "src" in 48 | # requirements.yml. 49 | - pip install 'ansible<2.10' yamllint molecule docker 50 | 51 | # Check versions 52 | - ansible --version 53 | - molecule --version 54 | 55 | # Create ansible.cfg with correct roles_path 56 | - mkdir -p extra_roles 57 | - printf '[defaults]\nstdout_callback = yaml\nroles_path=../:extra_roles' >ansible.cfg 58 | 59 | script: 60 | # See if the repo is private 61 | - if curl --silent --output /dev/null --dump-header - "https://github.com/${TRAVIS_REPO_SLUG}" | grep "Status:[[:space:]]*404"; then touch .private_repo; fi 62 | 63 | # Download depended roles 64 | - if [ -f requirements.yml ]; then ansible-galaxy install -r requirements.yml -p extra_roles; fi 65 | - if [ -f requirements.yml ]; then ansible-galaxy collection install -r requirements.yml -p collections; fi 66 | 67 | # Basic role syntax check 68 | # 69 | # If it is a private repo, it _usually_ has secret information, or encrypted 70 | # file. As the information security policy does not allow decryption key to 71 | # be transfered to third-party, encrypted files cannot be decrypted in travis 72 | # CI environment. Skip syntax check when it is a private repo. 73 | # 74 | - "if [ ! -f .private_repo ]; then ANSIBLE_COLLECTIONS_PATHS=${PWD}/collections ansible-playbook tests/travisci/tests.yml -i tests/travisci/inventory --syntax-check; fi" 75 | 76 | # download the QA scripts 77 | - git clone https://github.com/trombik/qansible.git 78 | 79 | # checkout the latest release 80 | - ( cd qansible && git checkout $(git describe --tags $(git rev-list --tags --max-count=1)) ) 81 | 82 | # install it 83 | - ( cd qansible && bundle install --path ${HOME}/.bundler --with "test" && bundle exec rake build && gem install pkg/*.gem ) 84 | - rm -rf qansible 85 | 86 | # git complains if user and email are not set 87 | - git config --global user.name "Your Name" 88 | - git config --global user.email "you@example.com" 89 | 90 | # surpress a warning from `qansible qa 91 | - touch .kitchen.local.yml 92 | 93 | # export PATH 94 | - export PATH="${PATH}:`rvm gemdir`/bin" 95 | 96 | # bundle up because rubocop is installed via Gemfile 97 | - bundle install --path ${HOME}/.bundler 98 | 99 | # run rubocop 100 | - bundle exec rubocop 101 | 102 | # run yamllint 103 | - yamllint -c .yamllint.yml . 104 | 105 | # run the QA test 106 | - qansible qa 107 | - export VAGRANT_PROVIDER=virtualbox 108 | - bundle exec kitchen list 109 | - | 110 | platforms=`bundle exec kitchen list --json | jq ".[] | select(.instance | match(\"${PLATFORM}\")).instance" | tr -d '"'` 111 | if [ x"${platforms}" != "x" ]; then 112 | for i in ${platforms}; do 113 | bundle exec kitchen test $i || exit 1 114 | done 115 | fi 116 | 117 | notifications: 118 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 119 | -------------------------------------------------------------------------------- /.yamllint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | rules: 5 | line-length: disable 6 | truthy: disable 7 | 8 | ignore: | 9 | # yamllint does not understand erb template 10 | .kitchen.local.yml 11 | .kitchen/ 12 | extra_roles/ 13 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## Release 1.1.4 2 | 3 | * 7526ba8 bugfix: add release GitHub Actions workflow 4 | * f28b7a7 bugfix: support log4j2.properties 5 | * ea01a54 bugfix: update to 1.13.2 on CentOS 6 | * da93915 bugfix: QA 7 | * 6ccf6bc bugfix: fix regexp in tests 8 | * 20c91ca bugfix: update elasticsearch and plugins 9 | * c463ce6 bugfix: QA 10 | * 0b9bd93 bugfix: QA 11 | * 7f07957 ci: add Github Actions workflows 12 | * 1c0c1f4 bugfix: update README 13 | * a591f80 bugfix: replace hard-coded numbers with variables 14 | * 8586cdb bugfix: update CentOS to 7.8, Ubuntu to 20.04 15 | 16 | ## Release 1.1.3 17 | 18 | * 8c06a6f doc: update README 19 | * ec568e2 bugfix: update elasticsearch-oss version for Ubuntu 20 | 21 | ## Release 1.1.2 22 | 23 | * f1cf850 bugfix: always set "mode" in file and template modules 24 | * dad0e64 bugfix: QA 25 | * 875df7a bugfix: lint 26 | * 35c7c2e bugfix: update gems 27 | * 5e5ae0a bugfix: bump box version, use my package tree, and fix ubuntu build 28 | * c26b41b bugfix: update my pkg repo URL 29 | * 3cba9c3 bugfix: replace obsolete `| search()` 30 | * 4b9339f bugfix: update the test to opendistroforelasticsearch 1.3.0 31 | * e3f9d36 bugfix: QA 32 | * 507dc67 bugfix: QA 33 | * 28b33b7 bugfix: update gems 34 | 35 | ## Release 1.1.1 36 | 37 | * 183cdf0 bugfix: update directory permission 38 | 39 | ## Release 1.1.0 40 | 41 | * 6096b28 doc: update README 42 | * 5cd8ec0 doc: document how to create the keys 43 | * 7de57f7 feature: support TLS 44 | 45 | ## Release 1.0.0 46 | 47 | * Initial release 48 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source "https://rubygems.org" 2 | 3 | # collection support 4 | gem "kitchen-ansible", ">= 0.56.0" 5 | gem "kitchen-sync", "~> 2.1.1", git: "https://github.com/trombik/kitchen-sync.git", branch: "without_full_path_to_rsync" 6 | gem "kitchen-vagrant" 7 | gem "kitchen-verifier-serverspec" 8 | gem "rake" 9 | gem "rspec" 10 | gem "rubocop", "~> 0.51.0" 11 | gem "serverspec" 12 | gem "specinfra" 13 | gem "test-kitchen" 14 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GIT 2 | remote: https://github.com/trombik/kitchen-sync.git 3 | revision: d1d14052e3f401d87986eaffdf5d117518c8bd68 4 | branch: without_full_path_to_rsync 5 | specs: 6 | kitchen-sync (2.1.2.pre) 7 | net-sftp 8 | test-kitchen (>= 1.0.0) 9 | 10 | GEM 11 | remote: https://rubygems.org/ 12 | specs: 13 | ast (2.4.2) 14 | builder (3.2.4) 15 | diff-lcs (1.4.4) 16 | erubi (1.10.0) 17 | ffi (1.15.1) 18 | gssapi (1.3.1) 19 | ffi (>= 1.0.1) 20 | gyoku (1.3.1) 21 | builder (>= 2.1.2) 22 | httpclient (2.8.3) 23 | kitchen-ansible (0.56.0) 24 | net-ssh (>= 3) 25 | test-kitchen (>= 1.4) 26 | kitchen-vagrant (1.8.0) 27 | test-kitchen (>= 1.4, < 3) 28 | kitchen-verifier-serverspec (0.7.1) 29 | net-ssh (>= 3) 30 | test-kitchen (>= 1.4) 31 | license-acceptance (1.0.19) 32 | pastel (~> 0.7) 33 | tomlrb (~> 1.2) 34 | tty-box (~> 0.3) 35 | tty-prompt (~> 0.18) 36 | little-plugger (1.1.4) 37 | logging (2.3.0) 38 | little-plugger (~> 1.1) 39 | multi_json (~> 1.14) 40 | mixlib-install (3.12.11) 41 | mixlib-shellout 42 | mixlib-versioning 43 | thor 44 | mixlib-shellout (2.4.4) 45 | mixlib-versioning (1.2.12) 46 | multi_json (1.15.0) 47 | net-scp (2.0.0) 48 | net-ssh (>= 2.6.5, < 6.0.0) 49 | net-sftp (2.1.2) 50 | net-ssh (>= 2.6.5) 51 | net-ssh (4.2.0) 52 | net-ssh-gateway (2.0.0) 53 | net-ssh (>= 4.0.0) 54 | net-telnet (0.1.1) 55 | nori (2.6.0) 56 | parallel (1.20.1) 57 | parser (2.7.2.0) 58 | ast (~> 2.4.1) 59 | pastel (0.8.0) 60 | tty-color (~> 0.5) 61 | powerpack (0.1.3) 62 | rainbow (2.2.2) 63 | rake 64 | rake (13.0.3) 65 | rspec (3.10.0) 66 | rspec-core (~> 3.10.0) 67 | rspec-expectations (~> 3.10.0) 68 | rspec-mocks (~> 3.10.0) 69 | rspec-core (3.10.1) 70 | rspec-support (~> 3.10.0) 71 | rspec-expectations (3.10.1) 72 | diff-lcs (>= 1.2.0, < 2.0) 73 | rspec-support (~> 3.10.0) 74 | rspec-its (1.3.0) 75 | rspec-core (>= 3.0.0) 76 | rspec-expectations (>= 3.0.0) 77 | rspec-mocks (3.10.2) 78 | diff-lcs (>= 1.2.0, < 2.0) 79 | rspec-support (~> 3.10.0) 80 | rspec-support (3.10.2) 81 | rubocop (0.51.0) 82 | parallel (~> 1.10) 83 | parser (>= 2.3.3.1, < 3.0) 84 | powerpack (~> 0.1) 85 | rainbow (>= 2.2.2, < 3.0) 86 | ruby-progressbar (~> 1.7) 87 | unicode-display_width (~> 1.0, >= 1.0.1) 88 | ruby-progressbar (1.11.0) 89 | rubyntlm (0.6.3) 90 | rubyzip (2.3.0) 91 | serverspec (2.41.5) 92 | multi_json 93 | rspec (~> 3.0) 94 | rspec-its 95 | specinfra (~> 2.72) 96 | sfl (2.3) 97 | specinfra (2.82.25) 98 | net-scp 99 | net-ssh (>= 2.7) 100 | net-telnet (= 0.1.1) 101 | sfl 102 | strings (0.2.1) 103 | strings-ansi (~> 0.2) 104 | unicode-display_width (>= 1.5, < 3.0) 105 | unicode_utils (~> 1.4) 106 | strings-ansi (0.2.0) 107 | test-kitchen (1.25.0) 108 | license-acceptance (~> 1.0, >= 1.0.11) 109 | mixlib-install (~> 3.6) 110 | mixlib-shellout (>= 1.2, < 3.0) 111 | net-scp (>= 1.1, < 3.0) 112 | net-ssh (>= 2.9, < 5.0) 113 | net-ssh-gateway (>= 1.2, < 3.0) 114 | thor (~> 0.19) 115 | winrm (~> 2.0) 116 | winrm-elevated (~> 1.0) 117 | winrm-fs (~> 1.1) 118 | thor (0.20.3) 119 | tomlrb (1.3.0) 120 | tty-box (0.7.0) 121 | pastel (~> 0.8) 122 | strings (~> 0.2.0) 123 | tty-cursor (~> 0.7) 124 | tty-color (0.6.0) 125 | tty-cursor (0.7.1) 126 | tty-prompt (0.23.1) 127 | pastel (~> 0.8) 128 | tty-reader (~> 0.8) 129 | tty-reader (0.9.0) 130 | tty-cursor (~> 0.7) 131 | tty-screen (~> 0.8) 132 | wisper (~> 2.0) 133 | tty-screen (0.8.1) 134 | unicode-display_width (1.7.0) 135 | unicode_utils (1.4.0) 136 | winrm (2.3.6) 137 | builder (>= 2.1.2) 138 | erubi (~> 1.8) 139 | gssapi (~> 1.2) 140 | gyoku (~> 1.0) 141 | httpclient (~> 2.2, >= 2.2.0.2) 142 | logging (>= 1.6.1, < 3.0) 143 | nori (~> 2.0) 144 | rubyntlm (~> 0.6.0, >= 0.6.3) 145 | winrm-elevated (1.2.3) 146 | erubi (~> 1.8) 147 | winrm (~> 2.0) 148 | winrm-fs (~> 1.0) 149 | winrm-fs (1.3.5) 150 | erubi (~> 1.8) 151 | logging (>= 1.6.1, < 3.0) 152 | rubyzip (~> 2.0) 153 | winrm (~> 2.0) 154 | wisper (2.0.1) 155 | 156 | PLATFORMS 157 | amd64-freebsd-14 158 | x86_64-linux 159 | 160 | DEPENDENCIES 161 | kitchen-ansible (>= 0.56.0) 162 | kitchen-sync (~> 2.1.1)! 163 | kitchen-vagrant 164 | kitchen-verifier-serverspec 165 | rake 166 | rspec 167 | rubocop (~> 0.51.0) 168 | serverspec 169 | specinfra 170 | test-kitchen 171 | 172 | BUNDLED WITH 173 | 2.2.19 174 | -------------------------------------------------------------------------------- /Jenkinsfile: -------------------------------------------------------------------------------- 1 | node ('virtualbox') { 2 | 3 | def directory = "ansible-role-opendistroforelasticsearch" 4 | env.ANSIBLE_VAULT_PASSWORD_FILE = "~/.ansible_vault_key" 5 | stage 'Clean up' 6 | deleteDir() 7 | 8 | stage 'Checkout' 9 | sh "mkdir $directory" 10 | dir("$directory") { 11 | try { 12 | checkout scm 13 | sh "git submodule update --init" 14 | } catch (e) { 15 | currentBuild.result = 'FAILURE' 16 | notifyBuild(currentBuild.result) 17 | throw e 18 | } 19 | } 20 | dir("$directory") { 21 | stage 'bundle' 22 | try { 23 | sh "bundle install --path ${env.JENKINS_HOME}/vendor/bundle" 24 | } catch (e) { 25 | currentBuild.result = 'FAILURE' 26 | notifyBuild(currentBuild.result) 27 | throw e 28 | } 29 | 30 | stage 'bundle exec kitchen test' 31 | try { 32 | sh 'bundle exec kitchen test' 33 | } catch (e) { 34 | currentBuild.result = 'FAILURE' 35 | notifyBuild(currentBuild.result) 36 | throw e 37 | } finally { 38 | sh 'bundle exec kitchen destroy' 39 | } 40 | /* if you have integration tests, uncomment the stage below 41 | stage 'integration' 42 | try { 43 | // use native rake instead of bundle exec rake 44 | // https://github.com/docker-library/ruby/issues/73 45 | sh 'rake test' 46 | } catch (e) { 47 | currentBuild.result = 'FAILURE' 48 | notifyBuild(currentBuild.result) 49 | throw e 50 | } finally { 51 | sh 'rake clean' 52 | } 53 | */ 54 | stage 'Notify' 55 | notifyBuild(currentBuild.result) 56 | step([$class: 'GitHubCommitNotifier', resultOnFailure: 'FAILURE']) 57 | } 58 | } 59 | 60 | def notifyBuild(String buildStatus = 'STARTED') { 61 | // build status of null means successful 62 | buildStatus = buildStatus ?: 'SUCCESSFUL' 63 | 64 | // Default values 65 | def colorName = 'RED' 66 | def colorCode = '#FF0000' 67 | def subject = "${buildStatus}: Job '${env.JOB_NAME} build #${env.BUILD_NUMBER}'" 68 | def summary = "${subject} ${env.BUILD_URL}" 69 | def details = """

STARTED: Job '${env.JOB_NAME} [${env.BUILD_NUMBER}]':

70 |

Check console output at "${env.JOB_NAME} [${env.BUILD_NUMBER}]"

""" 71 | 72 | // Override default values based on build status 73 | if (buildStatus == 'STARTED') { 74 | color = 'YELLOW' 75 | colorCode = '#FFFF00' 76 | } else if (buildStatus == 'SUCCESSFUL') { 77 | color = 'GREEN' 78 | colorCode = '#00FF00' 79 | } else { 80 | color = 'RED' 81 | colorCode = '#FF0000' 82 | } 83 | 84 | hipchatSend (color: color, notify: true, message: summary) 85 | } 86 | /* vim: ft=groovy */ 87 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2019 Tomoyuki Sakurai 2 | 3 | Permission to use, copy, modify, and distribute this software for any 4 | purpose with or without fee is hereby granted, provided that the above 5 | copyright notice and this permission notice appear in all copies. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 12 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 13 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # `trombik.opendistroforelasticsearch` 2 | 3 | `ansible` role to manage `opendistroforelasticsearch`. 4 | 5 | ## for all users 6 | 7 | The role assumes the service is listening on `localhost`. 8 | 9 | ## for FreeBSD users 10 | 11 | `textproc/opendistroforelasticsearch` is not currently available in the 12 | official ports tree. A WIP port is available at 13 | [trombik/freebsd-ports-opendistroforelasticsearch](https://github.com/trombik/freebsd-ports-opendistroforelasticsearch). 14 | The package must be available for installation at somewhere, i.e. in YOUR 15 | package tree. 16 | 17 | # Requirements 18 | 19 | By default, the role uses `trombik.x509_certificate` to manage X509 20 | certificates. The role does not list `trombik.x509_certificate` as a 21 | dependency because TLS is not mandatory. 22 | 23 | # Role Variables 24 | 25 | | Variable | Description | Default | 26 | |----------|-------------|---------| 27 | | `opendistroforelasticsearch_user` | user name of `opendistroforelasticsearch` | `{{ __opendistroforelasticsearch_user }}` | 28 | | `opendistroforelasticsearch_group` | group name of `opendistroforelasticsearch` | `{{ __opendistroforelasticsearch_group }}` | 29 | | `opendistroforelasticsearch_log_dir` | path to log directory | `{{ __opendistroforelasticsearch_log_dir }}` | 30 | | `opendistroforelasticsearch_db_dir` | path to data directory | `{{ __opendistroforelasticsearch_db_dir }}` | 31 | | `opendistroforelasticsearch_scripts_dir` | path to script directory | `{{ __opendistroforelasticsearch_scripts_dir }}` | 32 | | `opendistroforelasticsearch_plugins_dir` | path to plug-in directory | `{{ __opendistroforelasticsearch_plugins_dir }}` | 33 | | `opendistroforelasticsearch_plugin_command` | path to `elasticsearch-plugin` command | `{{ __opendistroforelasticsearch_plugin_command }}` | 34 | | `opendistroforelasticsearch_plugins` | a list of plugins (see below) | `[]` | 35 | | `opendistroforelasticsearch_service` | service name of `opendistroforelasticsearch` | `{{ __opendistroforelasticsearch_service }}` | 36 | | `opendistroforelasticsearch_package` | package name of `opendistroforelasticsearch` | `{{ __opendistroforelasticsearch_package }}` | 37 | | `opendistroforelasticsearch_conf_dir` | path to configuration directory | `{{ __opendistroforelasticsearch_conf_dir }}` | 38 | | `opendistroforelasticsearch_jvm_options` | JVM options (see the example playbook) | `""` | 39 | | `opendistroforelasticsearch_conf_file` | path to `elasticsearch.yml` | `{{ opendistroforelasticsearch_conf_dir }}/elasticsearch.yml` | 40 | | `opendistroforelasticsearch_flags` | extra flags for startup scripts | `""` | 41 | | `opendistroforelasticsearch_config` | the content of `elasticsearch.yml` | `""` | 42 | | `opendistroforelasticsearch_config_log4j2_properties` | the content of `log4j2.properties` | `""` | 43 | | `opendistroforelasticsearch_http_port` | listen port of `elasticsearch` | `9200` | 44 | | `opendistroforelasticsearch_java_home` | `JAVA_HOME` environment variable | `{{ __opendistroforelasticsearch_java_home }}` | 45 | | `opendistroforelasticsearch_extra_plugin_files` | a list of extra files for plug-ins (see below) | `[]` | 46 | | `opendistroforelasticsearch_include_role_x509_certificate` | if true, include `trombik.x509_certificate` during the play (`trombik.x509_certificate` must be listed in `requirements.yml`) | `yes` | 47 | 48 | ## `opendistroforelasticsearch_plugins` 49 | 50 | This is a list of plug-ins. An element of the list is a dict. 51 | 52 | | Key | Description | Mandatory? | 53 | |-----|-------------|------------| 54 | | `name` | name of the plug-in | yes | 55 | | `src` | the source of the plug-in, usually an URL | no | 56 | 57 | ## `opendistroforelasticsearch_extra_plugin_files` 58 | 59 | This variable is a list of files for plug-ins. An element of the list is a 60 | dict. 61 | 62 | | Key | Description | Mandatory? | 63 | |-----|-------------|------------| 64 | | `path` | relative path to the file from `opendistroforelasticsearch_plugins_dir` | yes | 65 | | `type` | either `yaml` or `raw`. when the type is `yaml`, the value of `content` is rendered as YAML. when the type is `raw`, the value of `content` is rendered as-is. when the value of `state` is omitted, or `present`, `type` must be specified. | no | 66 | | `mode` | file mode of the file | no | 67 | | `owner` | owner of the file | no | 68 | | `group` | group of the file | no | 69 | | `state` | either `present` or `absent`. `present` creates the file. `absent` deletes the file. the default is `present` | no | 70 | | `content` | the content of the file (see also `type` above) | no | 71 | 72 | ## Debian 73 | 74 | | Variable | Default | 75 | |----------|---------| 76 | | `__opendistroforelasticsearch_user` | `elasticsearch` | 77 | | `__opendistroforelasticsearch_group` | `elasticsearch` | 78 | | `__opendistroforelasticsearch_log_dir` | `/var/log/elasticsearch` | 79 | | `__opendistroforelasticsearch_db_dir` | `/var/lib/elasticsearch` | 80 | | `__opendistroforelasticsearch_package` | `opendistroforelasticsearch` | 81 | | `__opendistroforelasticsearch_conf_dir` | `/etc/elasticsearch` | 82 | | `__opendistroforelasticsearch_scripts_dir` | `""` | 83 | | `__opendistroforelasticsearch_plugins_dir` | `/usr/share/elasticsearch/plugins` | 84 | | `__opendistroforelasticsearch_plugin_command` | `/usr/share/elasticsearch/bin/elasticsearch-plugin` | 85 | | `__opendistroforelasticsearch_service` | `elasticsearch` | 86 | | `__opendistroforelasticsearch_java_home` | `""` | 87 | 88 | ## FreeBSD 89 | 90 | | Variable | Default | 91 | |----------|---------| 92 | | `__opendistroforelasticsearch_user` | `elasticsearch` | 93 | | `__opendistroforelasticsearch_group` | `elasticsearch` | 94 | | `__opendistroforelasticsearch_log_dir` | `/var/log/elasticsearch` | 95 | | `__opendistroforelasticsearch_db_dir` | `/var/db/elasticsearch` | 96 | | `__opendistroforelasticsearch_package` | `textproc/opendistroforelasticsearch` | 97 | | `__opendistroforelasticsearch_conf_dir` | `/usr/local/etc/elasticsearch` | 98 | | `__opendistroforelasticsearch_scripts_dir` | `""` | 99 | | `__opendistroforelasticsearch_plugins_dir` | `/usr/local/lib/elasticsearch/plugins` | 100 | | `__opendistroforelasticsearch_plugin_command` | `/usr/local/lib/elasticsearch/bin/elasticsearch-plugin` | 101 | | `__opendistroforelasticsearch_service` | `elasticsearch` | 102 | | `__opendistroforelasticsearch_java_home` | `/usr/local` | 103 | 104 | ## RedHat 105 | 106 | | Variable | Default | 107 | |----------|---------| 108 | | `__opendistroforelasticsearch_user` | `elasticsearch` | 109 | | `__opendistroforelasticsearch_group` | `elasticsearch` | 110 | | `__opendistroforelasticsearch_log_dir` | `/var/log/elasticsearch` | 111 | | `__opendistroforelasticsearch_db_dir` | `/var/lib/elasticsearch` | 112 | | `__opendistroforelasticsearch_package` | `opendistroforelasticsearch` | 113 | | `__opendistroforelasticsearch_conf_dir` | `/etc/elasticsearch` | 114 | | `__opendistroforelasticsearch_scripts_dir` | `""` | 115 | | `__opendistroforelasticsearch_plugins_dir` | `/usr/share/elasticsearch/plugins` | 116 | | `__opendistroforelasticsearch_plugin_command` | `/usr/share/elasticsearch/bin/elasticsearch-plugin` | 117 | | `__opendistroforelasticsearch_service` | `elasticsearch` | 118 | | `__opendistroforelasticsearch_java_home` | `""` | 119 | 120 | # Dependencies 121 | 122 | - [`trombik.x509_certificate`](https://github.com/trombik/ansible-role-x509_certificate) when `opendistroforelasticsearch_include_role_x509_certificate` is true 123 | 124 | # Example Playbook 125 | 126 | ```yaml 127 | --- 128 | - hosts: localhost 129 | roles: 130 | - role: trombik.freebsd_pkg_repo 131 | when: ansible_os_family == "FreeBSD" 132 | - role: trombik.apt_repo 133 | when: ansible_os_family == "Debian" 134 | - role: trombik.redhat_repo 135 | when: ansible_os_family == "RedHat" 136 | - role: trombik.java 137 | - role: trombik.sysctl 138 | - ansible-role-opendistroforelasticsearch 139 | vars: 140 | freebsd_pkg_repo: 141 | local: 142 | enabled: "true" 143 | url: "http://pkg.i.trombik.org/{{ ansible_distribution_version | regex_replace('\\.') }}{{ ansible_architecture }}-default-default" 144 | mirror_type: none 145 | priority: 100 146 | state: present 147 | apt_repo_enable_apt_transport_https: yes 148 | apt_repo_to_add: 149 | - ppa:openjdk-r/ppa 150 | - deb [arch=amd64] https://d3g5vo6xdbdb9a.cloudfront.net/apt stable main 151 | - deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main 152 | apt_repo_keys_to_add: 153 | - https://artifacts.elastic.co/GPG-KEY-elasticsearch 154 | - https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch 155 | redhat_repo: 156 | elasticsearch7: 157 | baseurl: https://artifacts.elastic.co/packages/oss-7.x/yum 158 | gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch 159 | gpgcheck: yes 160 | enabled: yes 161 | opendistroforelasticsearch: 162 | baseurl: https://d3g5vo6xdbdb9a.cloudfront.net/yum/noarch/ 163 | gpgkey: https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch 164 | enabled: yes 165 | gpgcheck: yes 166 | os_opendistroforelasticsearch_extra_packages: 167 | FreeBSD: [] 168 | Debian: 169 | # XXX install elasticsearch-oss that opendistroforelasticsearch 170 | # requires. 171 | - elasticsearch-oss=7.10.2 172 | - unzip 173 | RedHat: [] 174 | opendistroforelasticsearch_extra_packages: "{{ os_opendistroforelasticsearch_extra_packages[ansible_os_family] }}" 175 | os_java_packages: 176 | FreeBSD: [] 177 | Debian: 178 | - openjdk-11-jdk 179 | RedHat: 180 | - java-11-openjdk-devel 181 | java_packages: "{{ os_java_packages[ansible_os_family] }}" 182 | os_sysctl: 183 | FreeBSD: 184 | kern.maxfilesperproc: 65536 185 | security.bsd.unprivileged_mlock: 1 186 | Debian: [] 187 | RedHat: [] 188 | sysctl: "{{ os_sysctl[ansible_os_family] }}" 189 | 190 | 191 | os_opendistroforelasticsearch_package: 192 | FreeBSD: "{{ __opendistroforelasticsearch_package }}" 193 | Debian: "{{ __opendistroforelasticsearch_package }}" 194 | RedHat: opendistroforelasticsearch-1.13.2 195 | opendistroforelasticsearch_package: "{{ os_opendistroforelasticsearch_package[ansible_os_family] }}" 196 | os_opendistroforelasticsearch_flags: 197 | FreeBSD: | 198 | elasticsearch_java_home={{ opendistroforelasticsearch_java_home }} 199 | Debian: | 200 | ES_PATH_CONF={{ opendistroforelasticsearch_conf_dir }} 201 | ES_STARTUP_SLEEP_TIME=5 202 | MAX_OPEN_FILES=65535 203 | MAX_LOCKED_MEMORY=unlimited 204 | RedHat: | 205 | ES_PATH_CONF={{ opendistroforelasticsearch_conf_dir }} 206 | ES_STARTUP_SLEEP_TIME=5 207 | MAX_OPEN_FILES=65535 208 | MAX_LOCKED_MEMORY=unlimited 209 | opendistroforelasticsearch_flags: "{{ os_opendistroforelasticsearch_flags[ansible_os_family] }}" 210 | opendistroforelasticsearch_jvm_options: | 211 | -Xms1024m 212 | -Xmx1024m 213 | -Xmx1g 214 | -Des.networkaddress.cache.ttl=60 215 | -Des.networkaddress.cache.negative.ttl=10 216 | -XX:+AlwaysPreTouch 217 | -Xss1m 218 | -Djava.awt.headless=true 219 | -Dfile.encoding=UTF-8 220 | -Djna.nosys=true 221 | -XX:-OmitStackTraceInFastThrow 222 | -Dio.netty.noUnsafe=true 223 | -Dio.netty.noKeySetOptimization=true 224 | -Dio.netty.recycler.maxCapacityPerThread=0 225 | -Dlog4j.shutdownHookEnabled=false 226 | -Dlog4j2.disable.jmx=true 227 | -Djava.io.tmpdir=${ES_TMPDIR} 228 | -XX:+HeapDumpOnOutOfMemoryError 229 | -XX:HeapDumpPath=data 230 | -XX:ErrorFile={{ opendistroforelasticsearch_log_dir }}/hs_err_pid%p.log 231 | -XX:+UseCompressedOops 232 | opendistroforelasticsearch_config: 233 | opendistro_security.disabled: true 234 | discovery.type: single-node 235 | network.publish_host: ["10.0.2.15"] 236 | path.data: "{{ opendistroforelasticsearch_db_dir }}" 237 | http.port: "{{ opendistroforelasticsearch_http_port }}" 238 | path.logs: "{{ opendistroforelasticsearch_log_dir }}" 239 | node.data: "true" 240 | http.compression: "true" 241 | network.host: 242 | - _local_ 243 | - _site_ 244 | cluster.name: testcluster 245 | node.name: testnode 246 | http.cors.enabled: "true" 247 | http.cors.allow-origin: "*" 248 | http.cors.max-age: 86400 249 | http.cors.allow-methods: "OPTIONS, HEAD, GET, POST, PUT, DELETE" 250 | http.cors.allow-headers: "X-Requested-With, Content-Type, Content-Length" 251 | http.cors.allow-credentials: "true" 252 | # _________________________TLS 253 | opendistro_security.ssl.transport.pemcert_filepath: node.pem 254 | opendistro_security.ssl.transport.pemkey_filepath: node-key.pem 255 | opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem 256 | opendistro_security.ssl.transport.enforce_hostname_verification: false 257 | opendistro_security.ssl.http.enabled: true 258 | opendistro_security.ssl.http.pemcert_filepath: node.pem 259 | opendistro_security.ssl.http.pemkey_filepath: node-key.pem 260 | opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem 261 | opendistro_security.allow_default_init_securityindex: true 262 | opendistro_security.authcz.admin_dn: 263 | - CN=localhost,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU 264 | opendistro_security.nodes_dn: 265 | - CN=localhost,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU 266 | opendistro_security.audit.type: internal_elasticsearch 267 | opendistro_security.enable_snapshot_restore_privilege: true 268 | opendistro_security.check_snapshot_restore_write_privileges: true 269 | opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] 270 | cluster.routing.allocation.disk.threshold_enabled: false 271 | node.max_local_storage_nodes: 3 272 | opendistro_security.audit.config.disabled_rest_categories: NONE 273 | opendistro_security.audit.config.disabled_transport_categories: NONE 274 | project_opendistro_plugin_base_url: https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins 275 | 276 | # XXX see version matrix at https://opendistro.github.io/for-elasticsearch-docs/docs/install/plugins/ 277 | opendistroforelasticsearch_plugins: 278 | - name: opendistro_security 279 | src: "{{ project_opendistro_plugin_base_url }}/opendistro-security/opendistro-security-1.13.1.0.zip" 280 | opendistroforelasticsearch_extra_plugin_files: 281 | - path: opendistro_security/securityconfig/roles.yml 282 | type: yaml 283 | mode: "0640" 284 | group: "{{ opendistroforelasticsearch_user }}" 285 | content: 286 | _meta: 287 | type: roles 288 | config_version: 2 289 | - path: opendistro_security/securityconfig/roles_mapping.yml 290 | type: yaml 291 | mode: "0640" 292 | group: "{{ opendistroforelasticsearch_user }}" 293 | content: 294 | _meta: 295 | type: rolesmapping 296 | config_version: 2 297 | - path: opendistro_security/securityconfig/internal_users.yml 298 | type: yaml 299 | mode: "0640" 300 | group: "{{ opendistroforelasticsearch_user }}" 301 | content: 302 | _meta: 303 | type: "internalusers" 304 | config_version: 2 305 | new-user: 306 | # XXX the hash is created by tools/hash.sh 307 | hash: "$2y$12$88IFVl6IfIwCFh5aQYfOmuXVL9j2hz/GusQb35o.4sdTDAEMTOD.K" 308 | reserved: false 309 | hidden: false 310 | backend_roles: 311 | - "some-backend-role" 312 | attributes: 313 | attribute1: "value1" 314 | static: false 315 | admin: 316 | hash: "$2y$12$88IFVl6IfIwCFh5aQYfOmuXVL9j2hz/GusQb35o.4sdTDAEMTOD.K" 317 | reserved: true 318 | backend_roles: 319 | - admin 320 | description: "Demo admin user" 321 | - path: opendistro_security/securityconfig/config.yml 322 | type: yaml 323 | mode: "0640" 324 | group: "{{ opendistroforelasticsearch_user }}" 325 | content: 326 | http_authenticator: 327 | type: basic 328 | challenge: true 329 | 330 | # taken from config/log4j2.properties 331 | opendistroforelasticsearch_config_log4j2_properties: | 332 | status = error 333 | 334 | appender.console.type = Console 335 | appender.console.name = console 336 | appender.console.layout.type = PatternLayout 337 | appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n 338 | 339 | ######## Server JSON ############################ 340 | appender.rolling.type = RollingFile 341 | appender.rolling.name = rolling 342 | appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json 343 | appender.rolling.layout.type = ESJsonLayout 344 | appender.rolling.layout.type_name = server 345 | 346 | appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz 347 | appender.rolling.policies.type = Policies 348 | appender.rolling.policies.time.type = TimeBasedTriggeringPolicy 349 | appender.rolling.policies.time.interval = 1 350 | appender.rolling.policies.time.modulate = true 351 | appender.rolling.policies.size.type = SizeBasedTriggeringPolicy 352 | appender.rolling.policies.size.size = 128MB 353 | appender.rolling.strategy.type = DefaultRolloverStrategy 354 | appender.rolling.strategy.fileIndex = nomax 355 | appender.rolling.strategy.action.type = Delete 356 | appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path} 357 | appender.rolling.strategy.action.condition.type = IfFileName 358 | appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-* 359 | appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize 360 | appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB 361 | ################################################ 362 | ######## Server - old style pattern ########### 363 | appender.rolling_old.type = RollingFile 364 | appender.rolling_old.name = rolling_old 365 | appender.rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log 366 | appender.rolling_old.layout.type = PatternLayout 367 | appender.rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n 368 | 369 | appender.rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz 370 | appender.rolling_old.policies.type = Policies 371 | appender.rolling_old.policies.time.type = TimeBasedTriggeringPolicy 372 | appender.rolling_old.policies.time.interval = 1 373 | appender.rolling_old.policies.time.modulate = true 374 | appender.rolling_old.policies.size.type = SizeBasedTriggeringPolicy 375 | appender.rolling_old.policies.size.size = 128MB 376 | appender.rolling_old.strategy.type = DefaultRolloverStrategy 377 | appender.rolling_old.strategy.fileIndex = nomax 378 | appender.rolling_old.strategy.action.type = Delete 379 | appender.rolling_old.strategy.action.basepath = ${sys:es.logs.base_path} 380 | appender.rolling_old.strategy.action.condition.type = IfFileName 381 | appender.rolling_old.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-* 382 | appender.rolling_old.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize 383 | appender.rolling_old.strategy.action.condition.nested_condition.exceeds = 2GB 384 | ################################################ 385 | 386 | rootLogger.level = info 387 | rootLogger.appenderRef.console.ref = console 388 | rootLogger.appenderRef.rolling.ref = rolling 389 | rootLogger.appenderRef.rolling_old.ref = rolling_old 390 | 391 | ######## Deprecation JSON ####################### 392 | appender.deprecation_rolling.type = RollingFile 393 | appender.deprecation_rolling.name = deprecation_rolling 394 | appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.json 395 | appender.deprecation_rolling.layout.type = ESJsonLayout 396 | appender.deprecation_rolling.layout.type_name = deprecation 397 | appender.deprecation_rolling.layout.esmessagefields=x-opaque-id 398 | appender.deprecation_rolling.filter.rate_limit.type = RateLimitingFilter 399 | 400 | appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation-%i.json.gz 401 | appender.deprecation_rolling.policies.type = Policies 402 | appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy 403 | appender.deprecation_rolling.policies.size.size = 1GB 404 | appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy 405 | appender.deprecation_rolling.strategy.max = 4 406 | 407 | appender.header_warning.type = HeaderWarningAppender 408 | appender.header_warning.name = header_warning 409 | ################################################# 410 | ######## Deprecation - old style pattern ####### 411 | appender.deprecation_rolling_old.type = RollingFile 412 | appender.deprecation_rolling_old.name = deprecation_rolling_old 413 | appender.deprecation_rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.log 414 | appender.deprecation_rolling_old.layout.type = PatternLayout 415 | appender.deprecation_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n 416 | 417 | appender.deprecation_rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ 418 | _deprecation-%i.log.gz 419 | appender.deprecation_rolling_old.policies.type = Policies 420 | appender.deprecation_rolling_old.policies.size.type = SizeBasedTriggeringPolicy 421 | appender.deprecation_rolling_old.policies.size.size = 1GB 422 | appender.deprecation_rolling_old.strategy.type = DefaultRolloverStrategy 423 | appender.deprecation_rolling_old.strategy.max = 4 424 | ################################################# 425 | logger.deprecation.name = org.elasticsearch.deprecation 426 | logger.deprecation.level = deprecation 427 | logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling 428 | logger.deprecation.appenderRef.deprecation_rolling_old.ref = deprecation_rolling_old 429 | logger.deprecation.appenderRef.header_warning.ref = header_warning 430 | logger.deprecation.additivity = false 431 | 432 | ######## Search slowlog JSON #################### 433 | appender.index_search_slowlog_rolling.type = RollingFile 434 | appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling 435 | appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\ 436 | .cluster_name}_index_search_slowlog.json 437 | appender.index_search_slowlog_rolling.layout.type = ESJsonLayout 438 | appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog 439 | appender.index_search_slowlog_rolling.layout.esmessagefields=message,took,took_millis,total_hits,types,stats,search_type,total_shards,source,id 440 | 441 | appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\ 442 | .cluster_name}_index_search_slowlog-%i.json.gz 443 | appender.index_search_slowlog_rolling.policies.type = Policies 444 | appender.index_search_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy 445 | appender.index_search_slowlog_rolling.policies.size.size = 1GB 446 | appender.index_search_slowlog_rolling.strategy.type = DefaultRolloverStrategy 447 | appender.index_search_slowlog_rolling.strategy.max = 4 448 | ################################################# 449 | ######## Search slowlog - old style pattern #### 450 | appender.index_search_slowlog_rolling_old.type = RollingFile 451 | appender.index_search_slowlog_rolling_old.name = index_search_slowlog_rolling_old 452 | appender.index_search_slowlog_rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ 453 | _index_search_slowlog.log 454 | appender.index_search_slowlog_rolling_old.layout.type = PatternLayout 455 | appender.index_search_slowlog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n 456 | 457 | appender.index_search_slowlog_rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ 458 | _index_search_slowlog-%i.log.gz 459 | appender.index_search_slowlog_rolling_old.policies.type = Policies 460 | appender.index_search_slowlog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy 461 | appender.index_search_slowlog_rolling_old.policies.size.size = 1GB 462 | appender.index_search_slowlog_rolling_old.strategy.type = DefaultRolloverStrategy 463 | appender.index_search_slowlog_rolling_old.strategy.max = 4 464 | ################################################# 465 | logger.index_search_slowlog_rolling.name = index.search.slowlog 466 | logger.index_search_slowlog_rolling.level = trace 467 | logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling 468 | logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling_old.ref = index_search_slowlog_rolling_old 469 | logger.index_search_slowlog_rolling.additivity = false 470 | 471 | ######## Indexing slowlog JSON ################## 472 | appender.index_indexing_slowlog_rolling.type = RollingFile 473 | appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling 474 | appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ 475 | _index_indexing_slowlog.json 476 | appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout 477 | appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog 478 | appender.index_indexing_slowlog_rolling.layout.esmessagefields=message,took,took_millis,doc_type,id,routing,source 479 | 480 | appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ 481 | _index_indexing_slowlog-%i.json.gz 482 | appender.index_indexing_slowlog_rolling.policies.type = Policies 483 | appender.index_indexing_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy 484 | appender.index_indexing_slowlog_rolling.policies.size.size = 1GB 485 | appender.index_indexing_slowlog_rolling.strategy.type = DefaultRolloverStrategy 486 | appender.index_indexing_slowlog_rolling.strategy.max = 4 487 | ################################################# 488 | ######## Indexing slowlog - old style pattern ## 489 | appender.index_indexing_slowlog_rolling_old.type = RollingFile 490 | appender.index_indexing_slowlog_rolling_old.name = index_indexing_slowlog_rolling_old 491 | appender.index_indexing_slowlog_rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ 492 | _index_indexing_slowlog.log 493 | appender.index_indexing_slowlog_rolling_old.layout.type = PatternLayout 494 | appender.index_indexing_slowlog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n 495 | 496 | appender.index_indexing_slowlog_rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ 497 | _index_indexing_slowlog-%i.log.gz 498 | appender.index_indexing_slowlog_rolling_old.policies.type = Policies 499 | appender.index_indexing_slowlog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy 500 | appender.index_indexing_slowlog_rolling_old.policies.size.size = 1GB 501 | appender.index_indexing_slowlog_rolling_old.strategy.type = DefaultRolloverStrategy 502 | appender.index_indexing_slowlog_rolling_old.strategy.max = 4 503 | ################################################# 504 | 505 | logger.index_indexing_slowlog.name = index.indexing.slowlog.index 506 | logger.index_indexing_slowlog.level = trace 507 | logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling 508 | logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling_old.ref = index_indexing_slowlog_rolling_old 509 | logger.index_indexing_slowlog.additivity = false 510 | 511 | x509_certificate_debug_log: yes 512 | # XXX these keys were create by the following steps described at: 513 | # https://opendistro.github.io/for-elasticsearch-docs/docs/security-configuration/generate-certificates/ 514 | # 515 | # here is the copy of the steps: 516 | # 517 | # Root CA 518 | # openssl genrsa -out root-ca-key.pem 2048 519 | # openssl req -new -x509 -sha256 -key root-ca-key.pem -out root-ca.pem 520 | # 521 | # Admin cert 522 | # openssl genrsa -out admin-key-temp.pem 2048 523 | # openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem 524 | # openssl req -new -key admin-key.pem -out admin.csr 525 | # openssl x509 -req -in admin.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out admin.pem 526 | # 527 | # Node cert 528 | # openssl genrsa -out node-key-temp.pem 204 529 | # openssl pkcs8 -inform PEM -outform PEM -in node-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node-key.pem 530 | # openssl req -new -key node-key.pem -out node.csr 531 | # openssl x509 -req -in node.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node.pem 532 | # 533 | # Cleanup 534 | # rm admin-key-temp.pem admin.csr node-key-temp.pem node.csr 535 | x509_certificate: 536 | - name: node 537 | state: present 538 | public: 539 | path: "{{ opendistroforelasticsearch_conf_dir }}/node.pem" 540 | mode: "0444" 541 | key: | 542 | -----BEGIN CERTIFICATE----- 543 | MIIDMzCCAhsCCQDFJMQePWLjHzANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJB 544 | VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 545 | cyBQdHkgTHRkMRcwFQYDVQQDDA5jYS5leG1hcGxlLm9yZzAeFw0xOTEwMTAwMjMx 546 | MThaFw0xOTExMDkwMjMxMThaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l 547 | LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV 548 | BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbc 549 | g+Wu9h+zSQDcY59exw2SYcoKCyjjICxU7dyV2UWDuwHMrp0hPKE6Ihd41ftgWVOl 550 | fIra3I0gmGteWztlaEP3wx0tnZdopBJgMegiPjmUcz/w3wqtzgSqH3fTKbQhO4qL 551 | jDnwJfOxpoUWdR69DXPFLTi5HrD1/GwmT3ra6ySJGVRKKGnl9ZukwnEqQs58e/+T 552 | GCwnGOjkItwE5kxEtPSNRqsm+zfJyy6hwoeCGHyqxwiRTwSNjRdL+rQjGzGPj/OU 553 | VDDuXV389+EmKYbTfH790VRULNsT22VjFCwW1yAsmJTFKVktjcGjdcH2iGtLN7CO 554 | QVLNR9QIl+x2+9XXSxUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAnZEGtf28tpzy 555 | 36hGJJxLHqewb7xRnoXnm5d5f3x1vTlmtU/Y3NZg4eqV8fBJr6Z9IpgAe4Mzmzna 556 | 4j4jcUHraKrat/UKxiCqqP+P3FggRhUz5c4aC/pCOF3MRzD4Q9hZHV3gLoZMzerv 557 | eza1HuWnaRg2hAIBOlb9Oyn7K4LgMdH3Un4L2tH3eyp0KsMQj/JAW0iZFtVuohzu 558 | R7jSBWvYE3+siM2mpHUw6sf5uevgPTyEZg3ionLsGg0M6XdpvgT61m/pE3+7xjQ1 559 | I9Eg8TdwRq5gAv0Ywl5BuXyIA40x7x87y4qPpqMpBsc8u7ESlffUs2mor0qfQvm7 560 | mzd3/gNRFw== 561 | -----END CERTIFICATE----- 562 | secret: 563 | path: "{{ opendistroforelasticsearch_conf_dir }}/node-key.pem" 564 | owner: "{{ opendistroforelasticsearch_user }}" 565 | group: "{{ opendistroforelasticsearch_group }}" 566 | mode: "0600" 567 | key: | 568 | -----BEGIN PRIVATE KEY----- 569 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCm3IPlrvYfs0kA 570 | 3GOfXscNkmHKCgso4yAsVO3cldlFg7sBzK6dITyhOiIXeNX7YFlTpXyK2tyNIJhr 571 | Xls7ZWhD98MdLZ2XaKQSYDHoIj45lHM/8N8Krc4Eqh930ym0ITuKi4w58CXzsaaF 572 | FnUevQ1zxS04uR6w9fxsJk962uskiRlUSihp5fWbpMJxKkLOfHv/kxgsJxjo5CLc 573 | BOZMRLT0jUarJvs3ycsuocKHghh8qscIkU8EjY0XS/q0Ixsxj4/zlFQw7l1d/Pfh 574 | JimG03x+/dFUVCzbE9tlYxQsFtcgLJiUxSlZLY3Bo3XB9ohrSzewjkFSzUfUCJfs 575 | dvvV10sVAgMBAAECggEAHG83isxl5MEIj7z+vQnJoeZwA53yiOUrdmKCpjRi8hWg 576 | qI3Ys64WRuNBK/7LeCrTDg4FSyRAsUv8rU9G/LgrLGnsNeywDj0muHrsBkLPl8BU 577 | Y3EIkSlNEj5rXl/9m1SOcO2W18i0rvJ3Dfblvnc486GGM0RYlo9UlJlysdzcdT0h 578 | ORjgSzREH2J6S6PB5T/waxZ6XGopy3qkF2Q+Bs7K+Rx1uIrztsPMfJ5YcdPTNEiD 579 | YDNwWCI5FGI1Wq/5YtpkYlkZx/z+CcAX5njoQKyyZdOJVzUwVRxdEtOPALOYnB8x 580 | pUmxugKbE8d2pAYbV513dG6r+BXGyA4QptvyGxWXgQKBgQDVqYL1u+DrbSDYCBjd 581 | s379CD64+vtBe6Yfq6QDQS9XGAtTyYcAj+9oUzTew63vOlgfSZ/xVKcOq4Re88mn 582 | +KIkl1DA7+O/l8os38lrzDgbZO8vLE+VFpS+TbUegkOFRFpldActyLV6JuyfO58D 583 | PsDO+xxtw4lneIlCIM9MOiqXbwKBgQDH7O456+XhYy2BMV1fB+BkTnX9M0SjlXwB 584 | Tv7WUfEEMLFJsHae7P+4q396gBAx4CD3gBH+zBULeRdW3wkJKc22QS5kSJaU0T59 585 | 1bL1n7hIeIu36m+Due+o2PLeda+Hx3hk56JQkXhTpDEZAx2WGOZ81lATOKtUTdDs 586 | bAISGyGjuwKBgDb2m0zRnwORGCDavGLT2PgIlfIKBnaK82o0QkXgD+iMs+VC82qu 587 | nDyvIuunVOg0jxTFYNK5HxyD/NJcTmTabgORtWFclK7lwkmW6/7CEzDg3zK4aGSG 588 | 4Y6u+Me3ZN00fziYB3y8pAqfVsGDmd1A2GKmcGLAKWmntU+AlzMZx3kbAoGBAIui 589 | Sry/qv4hc+3Q2aL+8FV+i1/+B8mtJUAQuWJdNtWzYI/UJPVZGD4V4eJgQW9kWAIl 590 | O+xXA7fQqmFtQ3VX8iqCGfHG1Q05m8jtkaGGHYLYVtVscthw7Bdk9zQyxBc0VT08 591 | nxxgjcb1XalXiLmFyK2WTbUvFlK6StplkYit1G/zAoGAYdYiIZmixKsrtdH/CKQY 592 | kGBqJY9H+3QQB9fckHROtdOalWrJJCUBF+jEa2e6rLbFSpzj2Dpot2QLiENBMZuH 593 | 6DAksJ9+B3lxbQxdssFaFa5NocS2v6oAyLbEGNIOEkQ54f0v5HfaPVeLElK4Hs18 594 | f5MIWEE6V+z+aNg7aXdrLtU= 595 | -----END PRIVATE KEY----- 596 | - name: root-ca 597 | state: present 598 | public: 599 | path: "{{ opendistroforelasticsearch_conf_dir }}/root-ca.pem" 600 | key: | 601 | -----BEGIN CERTIFICATE----- 602 | MIIDMzCCAhsCCQDFJMQePWLjHzANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJB 603 | VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 604 | cyBQdHkgTHRkMRcwFQYDVQQDDA5jYS5leG1hcGxlLm9yZzAeFw0xOTEwMTAwMjMx 605 | MThaFw0xOTExMDkwMjMxMThaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l 606 | LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV 607 | BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbc 608 | g+Wu9h+zSQDcY59exw2SYcoKCyjjICxU7dyV2UWDuwHMrp0hPKE6Ihd41ftgWVOl 609 | fIra3I0gmGteWztlaEP3wx0tnZdopBJgMegiPjmUcz/w3wqtzgSqH3fTKbQhO4qL 610 | jDnwJfOxpoUWdR69DXPFLTi5HrD1/GwmT3ra6ySJGVRKKGnl9ZukwnEqQs58e/+T 611 | GCwnGOjkItwE5kxEtPSNRqsm+zfJyy6hwoeCGHyqxwiRTwSNjRdL+rQjGzGPj/OU 612 | VDDuXV389+EmKYbTfH790VRULNsT22VjFCwW1yAsmJTFKVktjcGjdcH2iGtLN7CO 613 | QVLNR9QIl+x2+9XXSxUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAnZEGtf28tpzy 614 | 36hGJJxLHqewb7xRnoXnm5d5f3x1vTlmtU/Y3NZg4eqV8fBJr6Z9IpgAe4Mzmzna 615 | 4j4jcUHraKrat/UKxiCqqP+P3FggRhUz5c4aC/pCOF3MRzD4Q9hZHV3gLoZMzerv 616 | eza1HuWnaRg2hAIBOlb9Oyn7K4LgMdH3Un4L2tH3eyp0KsMQj/JAW0iZFtVuohzu 617 | R7jSBWvYE3+siM2mpHUw6sf5uevgPTyEZg3ionLsGg0M6XdpvgT61m/pE3+7xjQ1 618 | I9Eg8TdwRq5gAv0Ywl5BuXyIA40x7x87y4qPpqMpBsc8u7ESlffUs2mor0qfQvm7 619 | mzd3/gNRFw== 620 | -----END CERTIFICATE----- 621 | secret: 622 | path: "{{ opendistroforelasticsearch_conf_dir }}/root-ca-key.pem" 623 | owner: "{{ opendistroforelasticsearch_user }}" 624 | group: "{{ opendistroforelasticsearch_group }}" 625 | key: | 626 | -----BEGIN RSA PRIVATE KEY----- 627 | MIIEowIBAAKCAQEA2vu3zNFLi5s3afKZsjj4WYTqOyQeu7ajCSOVFWu3/rGUQCxY 628 | whaN8sZWJ4Tb3giSgFt9daxIAjFT0RNZm9HI9+hthlyQ6EmVtmHv8QOIjWTrIT1S 629 | 9pZuyHsWcnin2FMX/UM1VxJSZQ3lsKhzbqBlGqmRuWbYi4hqsRxAnDuU78frvqDC 630 | gzFgjIEnDZMJeooM+ZLUrXuIIPi+auEl/7n8u3C/anLtt+K5UMCvZrCUSwSycPx2 631 | qFdPGpDXedlsfkxzW+mk3s38dHOG/5+qxwZiIexTgRYBRmoASZe5ksSVxKjvEWfF 632 | Zv1WoOMivEDwXmgbxojXc1hWfKAT6ArgitTyrQIDAQABAoIBAQDQjgtutaYNP7Z2 633 | 4OYgJsHgAAZUbQIYJMkBWzIRRJXnq5hVxeaCcpieLua+nHoJ7IAaXwgNmha6f+Aj 634 | rxoYnKOZ93LYFDCuCebb3Ep4b7UNdJ+6+Hya/IplxVSLkP3JuNmQCwIx+vEd7S5k 635 | IQpOwdOIoRZ4TMrPmQyDwTSHlvcxpKJxVZ0XGSAg9jzqhFpmbn28/GUr8iQD2Mo0 636 | U9N6ToddHyDpll0eJouoXesIbvxwyFI0vdHki5fl6LmazKzKjGtr8yD8QqP5D403 637 | JdzSNqwElQd7QKpvMPaL1dXpdUUiF+9TUXjt8A1MBtVsSmXMwMiqOfuzPjAj7wkc 638 | smfTxjABAoGBAPJ8wjWzZV1QDxzYRYMRCuVSuJrLn4jA8jEEf3X5ej3SMyaVaBOJ 639 | YtSuoV4C66jtgHRiQTcUIewiZAurmemeR/VRsW2RPC/w2SYZRytKKm8l5YM2iXSK 640 | /VgWTdVSbOhzJYfV0Azp47pY2yW3WZop3lnzcXPM/jthI6NnX4KcdI9BAoGBAOcv 641 | qIw8DSXYJUStIJ4wf5jfP2jmjeepA0d007XfZCkLE3ltlrxN2llAf/fq+sbhEtTf 642 | vpFnEcRqSvw4y8jd0G2IrvFZoSdr1SbtF6UfdixcB9Br2kqElNxzSX2eNHFOxOPw 643 | L+snKT+i1pFAXCOlMBedqZNetyWqBnWSvARUKvRtAoGAQoLl4kTqsMWc35SSvHiY 644 | PH6MFCl2ANSrmbZaH8nmNb7KOPMSMQmmCiA8MsUqTpOWgFXS/YCQLWzhdDIFbYb0 645 | xd06hYsorx2o8kJMuxsEuKf0ZCE5YrYc92RmxPRu2vN6f9+tyVz+Ecb9lULNWPPT 646 | AWk83T6FHVRvqgpYsEKp1gECgYBZ6R8T6wbyAO39l5dn7lSxj6GJmqD1x7WOxNDR 647 | mt/JVpVsVEKbWWvh6kPal3iQgFhikeH7iqpOSUiAb1ZR+HJnJxFirAkQ2886JFtd 648 | zK6Y8fHYDRoIgSej1PJv+GdM6eWJAJCiU8inBx2LwAwVkNjzVk3tEpkH/OgmMbsN 649 | s+5AwQKBgDXibuSSsisvdIN9hsSdCm2TBAx2yiVS/Jm64lVjr+PJpswTG0OY9YLO 650 | vN7YiVwEifmpgjwYqwbygU47h3OH22fn+A04geI5XPQJytWOgVfzh2oBWoHcFApi 651 | zrAM2P/g2Lnw/ttxnFUHpLe+f2uq+PTgidDl58R2tbt8kTO5QpGG 652 | -----END RSA PRIVATE KEY----- 653 | - name: admin 654 | state: present 655 | public: 656 | path: "{{ opendistroforelasticsearch_conf_dir }}/admin.pem" 657 | key: | 658 | -----BEGIN CERTIFICATE----- 659 | MIIDMzCCAhsCCQDFJMQePWLjHjANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJB 660 | VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 661 | cyBQdHkgTHRkMRcwFQYDVQQDDA5jYS5leG1hcGxlLm9yZzAeFw0xOTEwMTAwMjI2 662 | MDlaFw0xOTExMDkwMjI2MDlaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l 663 | LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV 664 | BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMsB 665 | G8zk8zYLb7KswWprNaAVBnGyNkbBa3eWH3NjsP6TIiSQWii80aSPk4OxI2juLvqX 666 | BACS3sqAd0qW1HUuFfYqOMW4zCPyxPiBBY+3qZP3VlmDWhVZeRnH9RuEuvp24+TX 667 | uRv8efri2I3BbKlRObaGwYuwz/S7mCZJX+QkLgOwnkZtjkkoMHQ80UF1C98iroUB 668 | qASfVOYtNSWZXj3WsR07qI8Juas2ebenMeRMizZIq2M/APJbawZhw1THOUJpL4Jx 669 | sPr/cJkL3n5HU3S7KLaeePItxmWC1oYq452CDytGFAQoL1U8J2JpJ4XJrqPhiEec 670 | 3JvWD53p8ViSjoNVXkECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAUfCvEv7D9j+7 671 | heOYop/OsY6hFHaPIaeYeHnDkZUGcS+9THjYjoZwML0HzsNbunmE9xw6nj6Fp9lh 672 | Zz+ds93JU4uthIcR5FJrvGJr3cCgkx0CyTMaVMZ3aUYszuWWv/ztF0KbeX5g0OmY 673 | MDhfH0QLh7crp4vymPuxgzECiyTizuOfb41FaIx32ks3fEUNe6DhGPyjeXjB8AEW 674 | noZYNT2Iys06qjpIiPa3yKrk38wALRsnY5eJw844YOmTZodlx+rrjCqkwzsPAO52 675 | quywFajsDuy+FwnxJSibPCgbRqJfOYmCKsWJrPc9LyvEEy9l+1yxFNp2z1Zy7iUe 676 | qcmtZpbkfg== 677 | -----END CERTIFICATE----- 678 | secret: 679 | path: "{{ opendistroforelasticsearch_conf_dir }}/admin-key.pem" 680 | owner: "{{ opendistroforelasticsearch_user }}" 681 | group: "{{ opendistroforelasticsearch_group }}" 682 | key: | 683 | -----BEGIN PRIVATE KEY----- 684 | MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDLARvM5PM2C2+y 685 | rMFqazWgFQZxsjZGwWt3lh9zY7D+kyIkkFoovNGkj5ODsSNo7i76lwQAkt7KgHdK 686 | ltR1LhX2KjjFuMwj8sT4gQWPt6mT91ZZg1oVWXkZx/UbhLr6duPk17kb/Hn64tiN 687 | wWypUTm2hsGLsM/0u5gmSV/kJC4DsJ5GbY5JKDB0PNFBdQvfIq6FAagEn1TmLTUl 688 | mV491rEdO6iPCbmrNnm3pzHkTIs2SKtjPwDyW2sGYcNUxzlCaS+CcbD6/3CZC95+ 689 | R1N0uyi2nnjyLcZlgtaGKuOdgg8rRhQEKC9VPCdiaSeFya6j4YhHnNyb1g+d6fFY 690 | ko6DVV5BAgMBAAECggEAJYuh8aZSmSdKVFiBOUZ015Or6nFUeoehca+xR20juiHK 691 | Scrs8eXiPDZVySCE9Q5AYBZ4JgcD754M8h2tU7LfWvT6JQ+Fqgxng7KRLcCBO52e 692 | OdYCXjp7HFqQKbPFxTch9Rw030k14kH8XVNt3m7oZqrLtyNPgusDO+mMM6zBWesG 693 | yhEtrzXFF+mskOLl7xp/0n/WDO7hsz3PZkEx/hGyNpxHikE+or13lRtSogeZEybv 694 | 4Y1hhKcZwsVQOtsoSG7fcBwk4F0hJlesOO1M9UPCE8kUjs97oJfLQukuWqap+T4r 695 | USECJsVwcsjsruqhr+UQmvDp22PqRGRh6kuZbZwh5QKBgQD8GuWOMAC8R19DPgc3 696 | ggfQz97uYwBb2cw/xwCCHVjhF/WQfgPg7g7MNsVr256imZuzsjQIQJEX8tmBgdb1 697 | p9Ebs8C+L8xeIfsi7GqlPOaHm80q8sF1SpeQZ36+23SthHN1JT6pLMl8D8WscBZo 698 | Kt5NlzpcNCtQ8aqqV/FXyPPp3wKBgQDOJANZPTfWOQO68hm7Zj2sihQTvFb1yxBU 699 | F89ol8kvajKYw0Mef/IsTEtRS08pE6AVWvjJC9Wi5JSBxdtaGxDje/4fXj1Ili3u 700 | I/DKIJVCz9uq4y8vaqO4npw7/nTGCeqfZHh19pzMuwHxPEfSvjqzr/5fyecSYzL/ 701 | +0EZz1H73wKBgA89qQcRi9nWDsJH67PFXqeXCYkr3weugRSR+Uvkbk0dX7EejSl5 702 | +tcJsKG2oz59PtZ8PX0KOjtSaSfVK6OqQ5ADK/HTfe1q7H3OARyANAeauaqRBnUK 703 | z2Lhft4W8lTTHw/D8qfTl1KyuWaVWCVwAgR60gJk/QFlusWVj3eZJHXNAoGAHFiv 704 | bTIR349vh+GK0E465OMH577aZmpKEIZFqyhULgT4eDFBpYwKjTTglok4lXlxZf5g 705 | f6T097VfBolipH1cUSvXwhB/dN/R6RFgJytb2xgiKNmcv3R2lwiYi1duT11Fui1i 706 | szX6UdzVY4rahYxLHjJxVFK7R7gEZ1bxmM79gxkCgYBfeU0SNr9oUL8Rw7pf1pe6 707 | H5f1zyPDIKWhzU6aaIdGKr5wUIcQT0/Z75O/JBxXeq3bBkH/eZU/giUE33kpVPsv 708 | fx/baNmdyVXvHEn9dQd7i/0LUXF1QgJoreYDz9QV4gYzDOtyWiA/XR+snNsTBH7R 709 | 0YX6LjQg646+IyFoK6qw+w== 710 | -----END PRIVATE KEY----- 711 | ``` 712 | 713 | # License 714 | 715 | ``` 716 | Copyright (c) 2019 Tomoyuki Sakurai 717 | 718 | Permission to use, copy, modify, and distribute this software for any 719 | purpose with or without fee is hereby granted, provided that the above 720 | copyright notice and this permission notice appear in all copies. 721 | 722 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 723 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 724 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 725 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 726 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 727 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 728 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 729 | ``` 730 | 731 | # Author Information 732 | 733 | Tomoyuki Sakurai 734 | 735 | This README was created by [qansible](https://github.com/trombik/qansible) 736 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | require "pathname" 2 | 3 | root_dir = Pathname.new(__FILE__).dirname 4 | 5 | # XXX use "/" instead of "+" because rubocop complains 6 | # Style/StringConcatenation: 7 | integration_test_dir = root_dir / "tests" / "integration" 8 | integration_test_dirs = Pathname.new(integration_test_dir) 9 | .children.select(&:directory?) 10 | task default: %w[test] 11 | 12 | desc "test kitchen test and integration test" 13 | task test: ["kitchen:test", "integration:test"] 14 | 15 | namespace :kitchen do 16 | desc "run test-kitchen" 17 | task :test do 18 | begin 19 | puts "running kitchen test" 20 | sh "kitchen test" 21 | ensure 22 | sh "kitchen destroy" 23 | end 24 | end 25 | end 26 | 27 | # rubocop:disable Metrics/BlockLength 28 | namespace :integration do 29 | desc "run all tests" 30 | task :test do 31 | integration_test_dirs.each do |d| 32 | rakefile = d / "Rakefile" 33 | if rakefile.exist? && rakefile.file? 34 | Dir.chdir(d) do 35 | puts format("entering to %s", directory: d) 36 | begin 37 | puts "running rake" 38 | sh "rake" 39 | ensure 40 | sh "rake clean" 41 | end 42 | end 43 | else 44 | puts "Rakefile does not exist, skipping" 45 | end 46 | end 47 | end 48 | 49 | desc "clean after test" 50 | task :clean do 51 | integration_test_dirs.each do |d| 52 | rakefile = d / "Rakefile" 53 | next unless rakefile.exist? && rakefile.file? 54 | 55 | Dir.chdir(d) do 56 | puts format("entering to %s", directory: d) 57 | begin 58 | puts "running rake clean" 59 | sh "rake clean" 60 | rescue StandardError => e 61 | puts "rake clean clean failed:" 62 | puts e.message 63 | puts e.backtrace.inspect 64 | end 65 | end 66 | end 67 | end 68 | end 69 | # rubocop:enable Metrics/BlockLength 70 | -------------------------------------------------------------------------------- /ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | stdout_callback = yaml 3 | -------------------------------------------------------------------------------- /defaults/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/defaults/.keepme -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | opendistroforelasticsearch_user: "{{ __opendistroforelasticsearch_user }}" 3 | opendistroforelasticsearch_group: "{{ __opendistroforelasticsearch_group }}" 4 | opendistroforelasticsearch_log_dir: "{{ __opendistroforelasticsearch_log_dir }}" 5 | opendistroforelasticsearch_db_dir: "{{ __opendistroforelasticsearch_db_dir }}" 6 | opendistroforelasticsearch_scripts_dir: "{{ __opendistroforelasticsearch_scripts_dir }}" 7 | opendistroforelasticsearch_plugins_dir: "{{ __opendistroforelasticsearch_plugins_dir }}" 8 | opendistroforelasticsearch_plugin_command: "{{ __opendistroforelasticsearch_plugin_command }}" 9 | opendistroforelasticsearch_plugins: [] 10 | opendistroforelasticsearch_service: "{{ __opendistroforelasticsearch_service }}" 11 | opendistroforelasticsearch_package: "{{ __opendistroforelasticsearch_package }}" 12 | opendistroforelasticsearch_extra_packages: [] 13 | opendistroforelasticsearch_conf_dir: "{{ __opendistroforelasticsearch_conf_dir }}" 14 | opendistroforelasticsearch_jvm_options: "" 15 | opendistroforelasticsearch_conf_file: "{{ opendistroforelasticsearch_conf_dir }}/elasticsearch.yml" 16 | opendistroforelasticsearch_flags: "" 17 | opendistroforelasticsearch_config: "" 18 | opendistroforelasticsearch_config_log4j2_properties: "" 19 | opendistroforelasticsearch_http_port: 9200 20 | opendistroforelasticsearch_java_home: "{{ __opendistroforelasticsearch_java_home }}" 21 | opendistroforelasticsearch_extra_plugin_files: [] 22 | opendistroforelasticsearch_include_role_x509_certificate: yes 23 | -------------------------------------------------------------------------------- /extra_modules/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/extra_modules/.keepme -------------------------------------------------------------------------------- /files/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/files/.keepme -------------------------------------------------------------------------------- /filter_plugins/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/filter_plugins/.keepme -------------------------------------------------------------------------------- /handlers/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/handlers/.keepme -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Restart opendistroforelasticsearch 4 | service: 5 | name: "{{ opendistroforelasticsearch_service }}" 6 | state: restarted 7 | notify: Wait for elasticsearch to start in handler 8 | 9 | - name: Wait for elasticsearch to start in handler 10 | wait_for: 11 | host: localhost 12 | port: "{{ opendistroforelasticsearch_http_port }}" 13 | -------------------------------------------------------------------------------- /library/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/library/.keepme -------------------------------------------------------------------------------- /meta/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/meta/.keepme -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | role_name: opendistroforelasticsearch 4 | author: Tomoyuki Sakurai 5 | description: Configures opendistroforelasticsearch 6 | company: N/A 7 | license: BSD 8 | min_ansible_version: 2.0 9 | platforms: 10 | - name: FreeBSD 11 | versions: 12 | - 13.0 13 | - name: Ubuntu 14 | versions: 15 | - bionic 16 | - focal 17 | - name: EL 18 | versions: 19 | - 7 20 | galaxy_tags: 21 | - elasticsearch 22 | -------------------------------------------------------------------------------- /requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: trombik.sysctl 3 | - name: trombik.java 4 | - name: trombik.freebsd_pkg_repo 5 | - name: trombik.apt_repo 6 | - name: trombik.redhat_repo 7 | - name: trombik.x509_certificate 8 | -------------------------------------------------------------------------------- /tasks/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/tasks/.keepme -------------------------------------------------------------------------------- /tasks/install-Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Install opendistroforelasticsearch_extra_packages 4 | apt: 5 | name: "{{ opendistroforelasticsearch_extra_packages }}" 6 | state: present 7 | 8 | - name: Install opendistroforelasticsearch_package 9 | apt: 10 | name: "{{ opendistroforelasticsearch_package }}" 11 | state: present 12 | 13 | - name: Create default/elasticsearch 14 | template: 15 | src: Debian.default.j2 16 | dest: /etc/default/elasticsearch 17 | owner: root 18 | group: root 19 | validate: sh -n %s 20 | mode: 0644 21 | -------------------------------------------------------------------------------- /tasks/install-FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Install opendistroforelasticsearch_extra_packages 4 | pkgng: 5 | name: "{{ opendistroforelasticsearch_extra_packages }}" 6 | state: present 7 | 8 | - name: Install elasticsearch 9 | pkgng: 10 | name: "{{ opendistroforelasticsearch_package }}" 11 | state: present 12 | 13 | - name: Create rc.subr flagment 14 | template: 15 | src: FreeBSD.rc.j2 16 | dest: /etc/rc.conf.d/opendistroforelasticsearch 17 | mode: 0644 18 | validate: sh -n %s 19 | notify: 20 | - Restart opendistroforelasticsearch 21 | -------------------------------------------------------------------------------- /tasks/install-RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Install opendistroforelasticsearch_extra_packages 4 | yum: 5 | name: "{{ opendistroforelasticsearch_extra_packages }}" 6 | state: present 7 | 8 | - name: Install opendistroforelasticsearch_package 9 | yum: 10 | name: "{{ opendistroforelasticsearch_package }}" 11 | state: present 12 | 13 | - name: Create /etc/sysconfig/elasticsearch 14 | template: 15 | src: RedHat.sysconfig.j2 16 | dest: /etc/sysconfig/elasticsearch 17 | owner: root 18 | group: root 19 | mode: 0644 20 | validate: sh -n %s 21 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for ansible-role-elasticsearch 3 | 4 | - name: "Include {{ ansible_os_family }}.yml" 5 | include_vars: "{{ ansible_os_family }}.yml" 6 | 7 | - name: "Include install-{{ ansible_os_family }}.yml" 8 | include: "install-{{ ansible_os_family }}.yml" 9 | 10 | - name: Include trombik.x509_certificate if opendistroforelasticsearch_include_role_x509_certificate is true 11 | include_role: 12 | name: trombik.x509_certificate 13 | when: opendistroforelasticsearch_include_role_x509_certificate 14 | 15 | - name: Create data directory 16 | file: 17 | path: "{{ opendistroforelasticsearch_db_dir }}" 18 | state: directory 19 | owner: "{{ opendistroforelasticsearch_user }}" 20 | group: "{{ opendistroforelasticsearch_group }}" 21 | mode: 0755 22 | 23 | - name: Create opendistroforelasticsearch_log_dir directory 24 | file: 25 | path: "{{ opendistroforelasticsearch_log_dir }}" 26 | state: directory 27 | owner: "{{ opendistroforelasticsearch_user }}" 28 | group: "{{ opendistroforelasticsearch_group }}" 29 | mode: 0755 30 | 31 | - name: Create path.scripts directory if specified 32 | # XXX this should have been created by package 33 | file: 34 | path: "{{ opendistroforelasticsearch_scripts_dir }}" 35 | state: directory 36 | mode: 0755 37 | when: 38 | - opendistroforelasticsearch_scripts_dir | length > 0 39 | 40 | - name: Create opendistroforelasticsearch_conf_dir 41 | file: 42 | path: "{{ opendistroforelasticsearch_conf_dir }}" 43 | # XXX OpenDistroSecurityPlugin insists it should be 0700 44 | # [c.a.o.s.OpenDistroSecurityPlugin] [testnode] Directory /etc/elasticsearch has insecure file permissions (should be 0700) 45 | # XXX opendistro_security 1.3.0.0 does not. 46 | mode: 0755 47 | owner: "{{ opendistroforelasticsearch_user }}" 48 | group: "{{ opendistroforelasticsearch_group }}" 49 | state: directory 50 | 51 | - name: Create jvm.options 52 | template: 53 | src: jvm.options.j2 54 | dest: "{{ opendistroforelasticsearch_conf_dir }}/jvm.options" 55 | owner: "{{ opendistroforelasticsearch_user }}" 56 | group: "{{ opendistroforelasticsearch_group }}" 57 | mode: 0644 58 | notify: 59 | - Restart opendistroforelasticsearch 60 | 61 | - name: Create log4j2.properties 62 | template: 63 | src: log4j2.properties.j2 64 | dest: "{{ opendistroforelasticsearch_conf_dir }}/log4j2.properties" 65 | owner: "{{ opendistroforelasticsearch_user }}" 66 | group: "{{ opendistroforelasticsearch_group }}" 67 | mode: 0644 68 | notify: 69 | - Restart opendistroforelasticsearch 70 | 71 | - name: Create elasticsearch.yml 72 | template: 73 | src: elasticsearch.yml.j2 74 | dest: "{{ opendistroforelasticsearch_conf_file }}" 75 | mode: 0440 76 | owner: "{{ opendistroforelasticsearch_user }}" 77 | group: "{{ opendistroforelasticsearch_group }}" 78 | notify: 79 | - Restart opendistroforelasticsearch 80 | 81 | - name: Register installed plugins 82 | shell: "{{ opendistroforelasticsearch_plugin_command }} list" 83 | environment: 84 | JAVA_HOME: "{{ opendistroforelasticsearch_java_home }}" 85 | register: shell_output 86 | changed_when: False 87 | 88 | - name: Create plugins directory 89 | file: 90 | path: "{{ opendistroforelasticsearch_plugins_dir }}" 91 | # owner: "{{ opendistroforelasticsearch_user }}" 92 | # group: "{{ opendistroforelasticsearch_group }}" 93 | mode: 0755 94 | state: directory 95 | 96 | - name: Install plugins 97 | command: "{{ opendistroforelasticsearch_plugin_command }} install --batch {% if 'src' in item %}{{ item.src }}{% else %}{{ item.name }}{% endif %}" 98 | environment: 99 | JAVA_HOME: "{{ opendistroforelasticsearch_java_home }}" 100 | with_items: "{{ opendistroforelasticsearch_plugins }}" 101 | when: 102 | - "(not 'state' in item ) or (item['state'] == 'present')" 103 | - "not (shell_output.stdout is search(item['name']))" 104 | 105 | - name: Create basedir of opendistroforelasticsearch_extra_plugin_files 106 | file: 107 | path: "{{ opendistroforelasticsearch_plugins_dir }}/{{ item.path | dirname }}" 108 | state: directory 109 | mode: 0755 110 | with_items: "{{ opendistroforelasticsearch_extra_plugin_files }}" 111 | when: 112 | - "(not 'state' in item) or (item['state'] == 'present')" 113 | 114 | - name: Create opendistroforelasticsearch_extra_plugin_files 115 | template: 116 | src: "{{ item.type }}.j2" 117 | dest: "{{ opendistroforelasticsearch_plugins_dir }}/{{ item.path }}" 118 | mode: "{{ item.mode | default(omit) }}" 119 | owner: "{{ item.owner | default(omit) }}" 120 | group: "{{ item.group | default(omit) }}" 121 | with_items: "{{ opendistroforelasticsearch_extra_plugin_files }}" 122 | when: 123 | - "(not 'state' in item) or (item['state'] == 'present')" 124 | 125 | - name: Delete opendistroforelasticsearch_extra_plugin_files 126 | file: 127 | path: "{{ opendistroforelasticsearch_plugins_dir }}/{{ item.path }}" 128 | state: absent 129 | mode: 0755 130 | with_items: "{{ opendistroforelasticsearch_extra_plugin_files }}" 131 | when: 132 | - "'state' in item" 133 | - "item['state'] == 'absent'" 134 | 135 | - name: Start opendistroforelasticsearch 136 | service: 137 | name: "{{ opendistroforelasticsearch_service }}" 138 | state: started 139 | enabled: yes 140 | register: register_elasticsearch_start 141 | 142 | - name: Wait for elasticsearch to start in task 143 | wait_for: 144 | host: localhost 145 | port: "{{ opendistroforelasticsearch_http_port }}" 146 | when: 147 | - register_elasticsearch_start.changed 148 | -------------------------------------------------------------------------------- /templates/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/templates/.keepme -------------------------------------------------------------------------------- /templates/Debian.default.j2: -------------------------------------------------------------------------------- 1 | # Managed by ansible 2 | 3 | {{ opendistroforelasticsearch_flags }} 4 | -------------------------------------------------------------------------------- /templates/FreeBSD.rc.j2: -------------------------------------------------------------------------------- 1 | # Managed by ansible 2 | 3 | {{ opendistroforelasticsearch_flags }} 4 | -------------------------------------------------------------------------------- /templates/RedHat.sysconfig.j2: -------------------------------------------------------------------------------- 1 | # Managed by ansible 2 | 3 | {{ opendistroforelasticsearch_flags }} 4 | -------------------------------------------------------------------------------- /templates/elasticsearch.yml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by ansible 3 | 4 | {{ opendistroforelasticsearch_config | to_nice_yaml }} 5 | -------------------------------------------------------------------------------- /templates/jvm.options.j2: -------------------------------------------------------------------------------- 1 | {{ opendistroforelasticsearch_jvm_options }} 2 | -------------------------------------------------------------------------------- /templates/log4j2.properties.j2: -------------------------------------------------------------------------------- 1 | # Managed by ansible 2 | 3 | {{ opendistroforelasticsearch_config_log4j2_properties }} 4 | -------------------------------------------------------------------------------- /templates/raw.j2: -------------------------------------------------------------------------------- 1 | # Managed by ansible 2 | 3 | {{ item.content }} 4 | -------------------------------------------------------------------------------- /templates/yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | # Managed by ansible 3 | {{ item.content | to_nice_yaml }} 4 | -------------------------------------------------------------------------------- /tests/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/tests/.keepme -------------------------------------------------------------------------------- /tests/integration/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/tests/integration/.keepme -------------------------------------------------------------------------------- /tests/integration/example/.gitignore: -------------------------------------------------------------------------------- 1 | *.retry 2 | roles/*/ 3 | .vagrant/ 4 | -------------------------------------------------------------------------------- /tests/integration/example/.rspec: -------------------------------------------------------------------------------- 1 | --format documentation 2 | -------------------------------------------------------------------------------- /tests/integration/example/Rakefile: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require "tempfile" 4 | require "pathname" 5 | 6 | ENV["TERM"] = "xterm" # XXX TERM must be defined or pkg_add fails 7 | 8 | test_dir = Pathname.new(__FILE__).dirname 9 | role_dir = Pathname.new(test_dir).parent.parent.parent 10 | role_name = Pathname.new(role_dir).basename 11 | 12 | def vagrant(cmd) 13 | Bundler.with_clean_env do 14 | sh "vagrant #{cmd}" 15 | end 16 | end 17 | 18 | task default: %w[test] 19 | 20 | desc "run rspec" 21 | task test: [:clean, :prepare, :do_test, :ensure_clean] do 22 | end 23 | 24 | desc "clean" 25 | task clean: [:clean_vagrant, :clean_role] do 26 | end 27 | 28 | desc "destroy vagrant nodes" 29 | task :clean_vagrant do 30 | # XXX `vagrant destroy` failes with exit status 1 when there is no VM to 31 | # destroy 32 | vagrant "destroy -f || true" 33 | end 34 | 35 | desc "rm roles/*" 36 | task :clean_role do 37 | sh "rm -rf roles/*" 38 | sh "rm -f *.retry" 39 | end 40 | 41 | desc "prepare the test environment" 42 | task prepare: [:prepare_role, :prepare_roles, :vagrant_up] do 43 | end 44 | 45 | desc "import required roles" 46 | task :prepare_roles do 47 | sh "ansible-galaxy install -r requirements.yml -p roles" 48 | end 49 | 50 | desc "prepare role" 51 | task :prepare_role do 52 | ignore = %w[vendor .kitchen .git tests spec].map { |f| "#{role_name}/#{f}" } 53 | tmpfile = Tempfile.new(".tarignore") 54 | tmpfile.write ignore.join("\n") 55 | tmpfile.close 56 | sh "tar -c -X #{tmpfile.path} -C #{role_dir.parent} -f - #{role_name} | " \ 57 | + "tar -x -C #{test_dir}/roles -f -" 58 | end 59 | 60 | desc "vagrant up" 61 | task :vagrant_up do 62 | vagrant "up" 63 | end 64 | 65 | desc "do clean task even if it has been executed" 66 | task :ensure_clean do 67 | Rake::Task["clean"].all_prerequisite_tasks.each(&:reenable) 68 | Rake::Task["clean"].reenable 69 | Rake::Task["clean"].invoke 70 | end 71 | 72 | desc "Do the test" 73 | task :do_test do 74 | sh "bundle exec rspec" 75 | end 76 | -------------------------------------------------------------------------------- /tests/integration/example/Vagrantfile: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require "socket" 4 | # @return [String] public IP address of workstation used for egress traffic 5 | def local_ip 6 | @local_ip ||= begin 7 | # turn off reverse DNS resolution temporarily 8 | orig = Socket.do_not_reverse_lookup 9 | Socket.do_not_reverse_lookup = true 10 | 11 | # open UDP socket so that it never send anything over the network 12 | UDPSocket.open do |s| 13 | s.connect "8.8.8.8", 1 # any global IP address works here 14 | s.addr.last 15 | end 16 | ensure 17 | Socket.do_not_reverse_lookup = orig 18 | end 19 | end 20 | 21 | # @return [Integer] default listening port 22 | def local_port 23 | ENV["VAGRANT_PROXY_PORT"] || 8080 24 | end 25 | 26 | # @return [String] the proxy URL 27 | def http_proxy_url 28 | "http://#{local_ip}:#{local_port}" 29 | end 30 | 31 | # @return [TrueClass,FalseClass] whether or not the port is listening 32 | def proxy_running? 33 | socket = TCPSocket.new(local_ip, local_port) 34 | true 35 | rescue SocketError, Errno::ECONNREFUSED, 36 | Errno::EHOSTUNREACH, Errno::ENETUNREACH, IOError 37 | false 38 | rescue Errno::EPERM, Errno::ETIMEDOUT 39 | false 40 | ensure 41 | socket.close 42 | end 43 | http_proxy = proxy_running? ? http_proxy_url : "" 44 | 45 | # Vagrantfile 46 | Vagrant.configure("2") do |config| 47 | config.ssh.shell = "/bin/sh" 48 | config.vm.provider "virtualbox" do |v| 49 | v.memory = 256 50 | v.cpus = 1 51 | end 52 | config.vm.box = "trombik/ansible-freebsd-12.0-amd64" 53 | 54 | config.vm.define "client1" do |c| 55 | c.vm.network "private_network", ip: "192.168.21.100" 56 | c.vm.hostname = "client1.virtualbox.reallyenglish.com" 57 | c.vm.provision :ansible do |ansible| 58 | ansible.limit = "192.168.21.100" 59 | ansible.playbook = "site.yml" 60 | ansible.extra_vars = { 61 | ansible_python_interpreter: "/usr/local/bin/python", 62 | http_proxy: http_proxy, 63 | https_proxy: http_proxy, 64 | no_proxy: "localhost,127.0.0.1,.example.com" 65 | } 66 | ansible.inventory_path = "inventories/staging" 67 | ansible.verbose = "v" 68 | end 69 | end 70 | 71 | config.vm.define "server1" do |c| 72 | c.vm.network "private_network", ip: "192.168.21.200" 73 | c.vm.hostname = "server1.virtualbox.reallyenglish.com" 74 | c.vm.provision :ansible do |ansible| 75 | ansible.limit = "192.168.21.200" 76 | ansible.playbook = "site.yml" 77 | ansible.extra_vars = { 78 | ansible_python_interpreter: "/usr/local/bin/python", 79 | http_proxy: http_proxy, 80 | https_proxy: http_proxy, 81 | no_proxy: "localhost,127.0.0.1,.example.com" 82 | } 83 | ansible.inventory_path = "inventories/staging" 84 | ansible.verbose = "v" 85 | end 86 | end 87 | end 88 | # vim: ft=ruby 89 | -------------------------------------------------------------------------------- /tests/integration/example/client.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: client 3 | become: yes 4 | become_method: sudo 5 | environment: 6 | http_proxy: "{{ http_proxy | default() }}" 7 | https_proxy: "{{ https_proxy | default() }}" 8 | no_proxy: "{{ no_proxy | default() }}" 9 | 10 | pre_tasks: 11 | roles: 12 | - opendistroforelasticsearch 13 | -------------------------------------------------------------------------------- /tests/integration/example/example.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: example 3 | become: yes 4 | become_method: sudo 5 | environment: 6 | http_proxy: "{{ http_proxy | default() }}" 7 | https_proxy: "{{ https_proxy | default() }}" 8 | no_proxy: "{{ no_proxy | default() }}" 9 | 10 | pre_tasks: 11 | roles: 12 | - opendistroforelasticsearch 13 | -------------------------------------------------------------------------------- /tests/integration/example/group_vars/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/tests/integration/example/group_vars/.keepme -------------------------------------------------------------------------------- /tests/integration/example/host_vars/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/tests/integration/example/host_vars/.keepme -------------------------------------------------------------------------------- /tests/integration/example/inventories/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/tests/integration/example/inventories/.keepme -------------------------------------------------------------------------------- /tests/integration/example/inventories/staging: -------------------------------------------------------------------------------- 1 | [client] 2 | 192.168.21.100 3 | 4 | [server] 5 | 192.168.21.200 6 | 7 | [all:children] 8 | server 9 | client 10 | -------------------------------------------------------------------------------- /tests/integration/example/roles/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/tests/integration/example/roles/.keepme -------------------------------------------------------------------------------- /tests/integration/example/server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: server 3 | become: yes 4 | become_method: sudo 5 | environment: 6 | http_proxy: "{{ http_proxy | default() }}" 7 | https_proxy: "{{ https_proxy | default() }}" 8 | no_proxy: "{{ no_proxy | default() }}" 9 | 10 | pre_tasks: 11 | roles: 12 | - opendistroforelasticsearch 13 | -------------------------------------------------------------------------------- /tests/integration/example/site.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: server.yml 3 | - include: client.yml 4 | -------------------------------------------------------------------------------- /tests/integration/example/spec/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/tests/integration/example/spec/.keepme -------------------------------------------------------------------------------- /tests/integration/example/spec/default_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require "spec_helper" 4 | 5 | class ServiceNotReady < StandardError 6 | end 7 | 8 | sleep 10 if ENV["JENKINS_HOME"] 9 | 10 | context "after provisioning finished" do 11 | describe server(:client1) do 12 | it "should be able to ping server" do 13 | result = current_server.ssh_exec("ping -c 1 #{server(:server1).server.address} && echo OK") 14 | expect(result).to match(/OK/) 15 | end 16 | end 17 | 18 | describe server(:server1) do 19 | it "should be able to ping client" do 20 | result = current_server.ssh_exec("ping -c 1 #{server(:client1).server.address} && echo OK") 21 | expect(result).to match(/OK/) 22 | end 23 | end 24 | end 25 | -------------------------------------------------------------------------------- /tests/integration/example/spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require "infrataster/rspec" 4 | require "capybara" 5 | 6 | ENV["VAGRANT_CWD"] = File.dirname(__FILE__) 7 | ENV["LANG"] = "C" 8 | 9 | if ENV["JENKINS_HOME"] 10 | # rubocop:disable Metrics/LineLength 11 | # 12 | # XXX "bundle exec vagrant" fails to load. 13 | # https://github.com/bundler/bundler/issues/4602 14 | # 15 | # > bundle exec vagrant --version 16 | # bundler: failed to load command: vagrant (/usr/local/bin/vagrant) 17 | # Gem::Exception: can't find executable vagrant 18 | # /usr/local/lib/ruby/gems/2.2/gems/bundler-1.12.1/lib/bundler/rubygems_integration.rb:373:in `block in replace_bin_path' 19 | # /usr/local/lib/ruby/gems/2.2/gems/bundler-1.12.1/lib/bundler/rubygems_integration.rb:387:in `block in replace_bin_path' 20 | # /usr/local/bin/vagrant:23:in `' 21 | # 22 | # this causes "vagrant ssh-config" to fail, invoked in a spec file, i.e. when 23 | # you need to ssh to a vagrant host. 24 | # 25 | # include the path of bin to vagrant 26 | # 27 | vagrant_real_path = `pkg info -l vagrant | grep -v '/usr/local/bin/vagrant' | grep -E 'bin\/vagrant$'| sed -e 's/^[[:space:]]*//'` 28 | # rubocop:enable Metrics/LineLength 29 | vagrant_bin_dir = File.dirname(vagrant_real_path) 30 | ENV["PATH"] = "#{vagrant_bin_dir}:#{ENV['PATH']}" 31 | end 32 | 33 | Infrataster::Server.define( 34 | :client1, 35 | "192.168.21.100", 36 | vagrant: true 37 | ) 38 | Infrataster::Server.define( 39 | :server1, 40 | "192.168.21.200", 41 | vagrant: true 42 | ) 43 | 44 | RSpec.configure do |config| 45 | config.expect_with :rspec do |expectations| 46 | expectations.include_chain_clauses_in_custom_matcher_descriptions = true 47 | end 48 | config.mock_with :rspec do |mocks| 49 | mocks.verify_partial_doubles = true 50 | end 51 | end 52 | -------------------------------------------------------------------------------- /tests/serverspec/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/tests/serverspec/.keepme -------------------------------------------------------------------------------- /tests/serverspec/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | roles: 4 | - role: trombik.freebsd_pkg_repo 5 | when: ansible_os_family == "FreeBSD" 6 | - role: trombik.apt_repo 7 | when: ansible_os_family == "Debian" 8 | - role: trombik.redhat_repo 9 | when: ansible_os_family == "RedHat" 10 | - role: trombik.java 11 | - role: trombik.sysctl 12 | - ansible-role-opendistroforelasticsearch 13 | vars: 14 | freebsd_pkg_repo: 15 | local: 16 | enabled: "true" 17 | url: "http://pkg.i.trombik.org/{{ ansible_distribution_version | regex_replace('\\.') }}{{ ansible_architecture }}-default-default" 18 | mirror_type: none 19 | priority: 100 20 | state: present 21 | apt_repo_enable_apt_transport_https: yes 22 | apt_repo_to_add: 23 | - ppa:openjdk-r/ppa 24 | - deb [arch=amd64] https://d3g5vo6xdbdb9a.cloudfront.net/apt stable main 25 | - deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main 26 | apt_repo_keys_to_add: 27 | - https://artifacts.elastic.co/GPG-KEY-elasticsearch 28 | - https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch 29 | redhat_repo: 30 | elasticsearch7: 31 | baseurl: https://artifacts.elastic.co/packages/oss-7.x/yum 32 | gpgkey: https://artifacts.elastic.co/GPG-KEY-elasticsearch 33 | gpgcheck: yes 34 | enabled: yes 35 | opendistroforelasticsearch: 36 | baseurl: https://d3g5vo6xdbdb9a.cloudfront.net/yum/noarch/ 37 | gpgkey: https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch 38 | enabled: yes 39 | gpgcheck: yes 40 | os_opendistroforelasticsearch_extra_packages: 41 | FreeBSD: [] 42 | Debian: 43 | # XXX install elasticsearch-oss that opendistroforelasticsearch 44 | # requires. 45 | - elasticsearch-oss=7.10.2 46 | - unzip 47 | RedHat: [] 48 | opendistroforelasticsearch_extra_packages: "{{ os_opendistroforelasticsearch_extra_packages[ansible_os_family] }}" 49 | os_java_packages: 50 | FreeBSD: [] 51 | Debian: 52 | - openjdk-11-jdk 53 | RedHat: 54 | - java-11-openjdk-devel 55 | java_packages: "{{ os_java_packages[ansible_os_family] }}" 56 | os_sysctl: 57 | FreeBSD: 58 | kern.maxfilesperproc: 65536 59 | security.bsd.unprivileged_mlock: 1 60 | Debian: [] 61 | RedHat: [] 62 | sysctl: "{{ os_sysctl[ansible_os_family] }}" 63 | 64 | 65 | os_opendistroforelasticsearch_package: 66 | FreeBSD: "{{ __opendistroforelasticsearch_package }}" 67 | Debian: "{{ __opendistroforelasticsearch_package }}" 68 | RedHat: opendistroforelasticsearch-1.13.2 69 | opendistroforelasticsearch_package: "{{ os_opendistroforelasticsearch_package[ansible_os_family] }}" 70 | os_opendistroforelasticsearch_flags: 71 | FreeBSD: | 72 | elasticsearch_java_home={{ opendistroforelasticsearch_java_home }} 73 | Debian: | 74 | ES_PATH_CONF={{ opendistroforelasticsearch_conf_dir }} 75 | ES_STARTUP_SLEEP_TIME=5 76 | MAX_OPEN_FILES=65535 77 | MAX_LOCKED_MEMORY=unlimited 78 | RedHat: | 79 | ES_PATH_CONF={{ opendistroforelasticsearch_conf_dir }} 80 | ES_STARTUP_SLEEP_TIME=5 81 | MAX_OPEN_FILES=65535 82 | MAX_LOCKED_MEMORY=unlimited 83 | opendistroforelasticsearch_flags: "{{ os_opendistroforelasticsearch_flags[ansible_os_family] }}" 84 | opendistroforelasticsearch_jvm_options: | 85 | -Xms1024m 86 | -Xmx1024m 87 | -Xmx1g 88 | -Des.networkaddress.cache.ttl=60 89 | -Des.networkaddress.cache.negative.ttl=10 90 | -XX:+AlwaysPreTouch 91 | -Xss1m 92 | -Djava.awt.headless=true 93 | -Dfile.encoding=UTF-8 94 | -Djna.nosys=true 95 | -XX:-OmitStackTraceInFastThrow 96 | -Dio.netty.noUnsafe=true 97 | -Dio.netty.noKeySetOptimization=true 98 | -Dio.netty.recycler.maxCapacityPerThread=0 99 | -Dlog4j.shutdownHookEnabled=false 100 | -Dlog4j2.disable.jmx=true 101 | -Djava.io.tmpdir=${ES_TMPDIR} 102 | -XX:+HeapDumpOnOutOfMemoryError 103 | -XX:HeapDumpPath=data 104 | -XX:ErrorFile={{ opendistroforelasticsearch_log_dir }}/hs_err_pid%p.log 105 | -XX:+UseCompressedOops 106 | opendistroforelasticsearch_config: 107 | opendistro_security.disabled: true 108 | discovery.type: single-node 109 | network.publish_host: ["10.0.2.15"] 110 | path.data: "{{ opendistroforelasticsearch_db_dir }}" 111 | http.port: "{{ opendistroforelasticsearch_http_port }}" 112 | path.logs: "{{ opendistroforelasticsearch_log_dir }}" 113 | node.data: "true" 114 | http.compression: "true" 115 | network.host: 116 | - _local_ 117 | - _site_ 118 | cluster.name: testcluster 119 | node.name: testnode 120 | http.cors.enabled: "true" 121 | http.cors.allow-origin: "*" 122 | http.cors.max-age: 86400 123 | http.cors.allow-methods: "OPTIONS, HEAD, GET, POST, PUT, DELETE" 124 | http.cors.allow-headers: "X-Requested-With, Content-Type, Content-Length" 125 | http.cors.allow-credentials: "true" 126 | # _________________________TLS 127 | opendistro_security.ssl.transport.pemcert_filepath: node.pem 128 | opendistro_security.ssl.transport.pemkey_filepath: node-key.pem 129 | opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem 130 | opendistro_security.ssl.transport.enforce_hostname_verification: false 131 | opendistro_security.ssl.http.enabled: true 132 | opendistro_security.ssl.http.pemcert_filepath: node.pem 133 | opendistro_security.ssl.http.pemkey_filepath: node-key.pem 134 | opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem 135 | opendistro_security.allow_default_init_securityindex: true 136 | opendistro_security.authcz.admin_dn: 137 | - CN=localhost,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU 138 | opendistro_security.nodes_dn: 139 | - CN=localhost,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU 140 | opendistro_security.audit.type: internal_elasticsearch 141 | opendistro_security.enable_snapshot_restore_privilege: true 142 | opendistro_security.check_snapshot_restore_write_privileges: true 143 | opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] 144 | cluster.routing.allocation.disk.threshold_enabled: false 145 | node.max_local_storage_nodes: 3 146 | opendistro_security.audit.config.disabled_rest_categories: NONE 147 | opendistro_security.audit.config.disabled_transport_categories: NONE 148 | project_opendistro_plugin_base_url: https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins 149 | 150 | # XXX see version matrix at https://opendistro.github.io/for-elasticsearch-docs/docs/install/plugins/ 151 | opendistroforelasticsearch_plugins: 152 | - name: opendistro_security 153 | src: "{{ project_opendistro_plugin_base_url }}/opendistro-security/opendistro-security-1.13.1.0.zip" 154 | opendistroforelasticsearch_extra_plugin_files: 155 | - path: opendistro_security/securityconfig/roles.yml 156 | type: yaml 157 | mode: "0640" 158 | group: "{{ opendistroforelasticsearch_user }}" 159 | content: 160 | _meta: 161 | type: roles 162 | config_version: 2 163 | - path: opendistro_security/securityconfig/roles_mapping.yml 164 | type: yaml 165 | mode: "0640" 166 | group: "{{ opendistroforelasticsearch_user }}" 167 | content: 168 | _meta: 169 | type: rolesmapping 170 | config_version: 2 171 | - path: opendistro_security/securityconfig/internal_users.yml 172 | type: yaml 173 | mode: "0640" 174 | group: "{{ opendistroforelasticsearch_user }}" 175 | content: 176 | _meta: 177 | type: "internalusers" 178 | config_version: 2 179 | new-user: 180 | # XXX the hash is created by tools/hash.sh 181 | hash: "$2y$12$88IFVl6IfIwCFh5aQYfOmuXVL9j2hz/GusQb35o.4sdTDAEMTOD.K" 182 | reserved: false 183 | hidden: false 184 | backend_roles: 185 | - "some-backend-role" 186 | attributes: 187 | attribute1: "value1" 188 | static: false 189 | admin: 190 | hash: "$2y$12$88IFVl6IfIwCFh5aQYfOmuXVL9j2hz/GusQb35o.4sdTDAEMTOD.K" 191 | reserved: true 192 | backend_roles: 193 | - admin 194 | description: "Demo admin user" 195 | - path: opendistro_security/securityconfig/config.yml 196 | type: yaml 197 | mode: "0640" 198 | group: "{{ opendistroforelasticsearch_user }}" 199 | content: 200 | http_authenticator: 201 | type: basic 202 | challenge: true 203 | 204 | # taken from config/log4j2.properties 205 | opendistroforelasticsearch_config_log4j2_properties: | 206 | status = error 207 | 208 | appender.console.type = Console 209 | appender.console.name = console 210 | appender.console.layout.type = PatternLayout 211 | appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n 212 | 213 | ######## Server JSON ############################ 214 | appender.rolling.type = RollingFile 215 | appender.rolling.name = rolling 216 | appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json 217 | appender.rolling.layout.type = ESJsonLayout 218 | appender.rolling.layout.type_name = server 219 | 220 | appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz 221 | appender.rolling.policies.type = Policies 222 | appender.rolling.policies.time.type = TimeBasedTriggeringPolicy 223 | appender.rolling.policies.time.interval = 1 224 | appender.rolling.policies.time.modulate = true 225 | appender.rolling.policies.size.type = SizeBasedTriggeringPolicy 226 | appender.rolling.policies.size.size = 128MB 227 | appender.rolling.strategy.type = DefaultRolloverStrategy 228 | appender.rolling.strategy.fileIndex = nomax 229 | appender.rolling.strategy.action.type = Delete 230 | appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path} 231 | appender.rolling.strategy.action.condition.type = IfFileName 232 | appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-* 233 | appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize 234 | appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB 235 | ################################################ 236 | ######## Server - old style pattern ########### 237 | appender.rolling_old.type = RollingFile 238 | appender.rolling_old.name = rolling_old 239 | appender.rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log 240 | appender.rolling_old.layout.type = PatternLayout 241 | appender.rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n 242 | 243 | appender.rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz 244 | appender.rolling_old.policies.type = Policies 245 | appender.rolling_old.policies.time.type = TimeBasedTriggeringPolicy 246 | appender.rolling_old.policies.time.interval = 1 247 | appender.rolling_old.policies.time.modulate = true 248 | appender.rolling_old.policies.size.type = SizeBasedTriggeringPolicy 249 | appender.rolling_old.policies.size.size = 128MB 250 | appender.rolling_old.strategy.type = DefaultRolloverStrategy 251 | appender.rolling_old.strategy.fileIndex = nomax 252 | appender.rolling_old.strategy.action.type = Delete 253 | appender.rolling_old.strategy.action.basepath = ${sys:es.logs.base_path} 254 | appender.rolling_old.strategy.action.condition.type = IfFileName 255 | appender.rolling_old.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-* 256 | appender.rolling_old.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize 257 | appender.rolling_old.strategy.action.condition.nested_condition.exceeds = 2GB 258 | ################################################ 259 | 260 | rootLogger.level = info 261 | rootLogger.appenderRef.console.ref = console 262 | rootLogger.appenderRef.rolling.ref = rolling 263 | rootLogger.appenderRef.rolling_old.ref = rolling_old 264 | 265 | ######## Deprecation JSON ####################### 266 | appender.deprecation_rolling.type = RollingFile 267 | appender.deprecation_rolling.name = deprecation_rolling 268 | appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.json 269 | appender.deprecation_rolling.layout.type = ESJsonLayout 270 | appender.deprecation_rolling.layout.type_name = deprecation 271 | appender.deprecation_rolling.layout.esmessagefields=x-opaque-id 272 | appender.deprecation_rolling.filter.rate_limit.type = RateLimitingFilter 273 | 274 | appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation-%i.json.gz 275 | appender.deprecation_rolling.policies.type = Policies 276 | appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy 277 | appender.deprecation_rolling.policies.size.size = 1GB 278 | appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy 279 | appender.deprecation_rolling.strategy.max = 4 280 | 281 | appender.header_warning.type = HeaderWarningAppender 282 | appender.header_warning.name = header_warning 283 | ################################################# 284 | ######## Deprecation - old style pattern ####### 285 | appender.deprecation_rolling_old.type = RollingFile 286 | appender.deprecation_rolling_old.name = deprecation_rolling_old 287 | appender.deprecation_rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.log 288 | appender.deprecation_rolling_old.layout.type = PatternLayout 289 | appender.deprecation_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n 290 | 291 | appender.deprecation_rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ 292 | _deprecation-%i.log.gz 293 | appender.deprecation_rolling_old.policies.type = Policies 294 | appender.deprecation_rolling_old.policies.size.type = SizeBasedTriggeringPolicy 295 | appender.deprecation_rolling_old.policies.size.size = 1GB 296 | appender.deprecation_rolling_old.strategy.type = DefaultRolloverStrategy 297 | appender.deprecation_rolling_old.strategy.max = 4 298 | ################################################# 299 | logger.deprecation.name = org.elasticsearch.deprecation 300 | logger.deprecation.level = deprecation 301 | logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling 302 | logger.deprecation.appenderRef.deprecation_rolling_old.ref = deprecation_rolling_old 303 | logger.deprecation.appenderRef.header_warning.ref = header_warning 304 | logger.deprecation.additivity = false 305 | 306 | ######## Search slowlog JSON #################### 307 | appender.index_search_slowlog_rolling.type = RollingFile 308 | appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling 309 | appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\ 310 | .cluster_name}_index_search_slowlog.json 311 | appender.index_search_slowlog_rolling.layout.type = ESJsonLayout 312 | appender.index_search_slowlog_rolling.layout.type_name = index_search_slowlog 313 | appender.index_search_slowlog_rolling.layout.esmessagefields=message,took,took_millis,total_hits,types,stats,search_type,total_shards,source,id 314 | 315 | appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs\ 316 | .cluster_name}_index_search_slowlog-%i.json.gz 317 | appender.index_search_slowlog_rolling.policies.type = Policies 318 | appender.index_search_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy 319 | appender.index_search_slowlog_rolling.policies.size.size = 1GB 320 | appender.index_search_slowlog_rolling.strategy.type = DefaultRolloverStrategy 321 | appender.index_search_slowlog_rolling.strategy.max = 4 322 | ################################################# 323 | ######## Search slowlog - old style pattern #### 324 | appender.index_search_slowlog_rolling_old.type = RollingFile 325 | appender.index_search_slowlog_rolling_old.name = index_search_slowlog_rolling_old 326 | appender.index_search_slowlog_rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ 327 | _index_search_slowlog.log 328 | appender.index_search_slowlog_rolling_old.layout.type = PatternLayout 329 | appender.index_search_slowlog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n 330 | 331 | appender.index_search_slowlog_rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ 332 | _index_search_slowlog-%i.log.gz 333 | appender.index_search_slowlog_rolling_old.policies.type = Policies 334 | appender.index_search_slowlog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy 335 | appender.index_search_slowlog_rolling_old.policies.size.size = 1GB 336 | appender.index_search_slowlog_rolling_old.strategy.type = DefaultRolloverStrategy 337 | appender.index_search_slowlog_rolling_old.strategy.max = 4 338 | ################################################# 339 | logger.index_search_slowlog_rolling.name = index.search.slowlog 340 | logger.index_search_slowlog_rolling.level = trace 341 | logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling 342 | logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling_old.ref = index_search_slowlog_rolling_old 343 | logger.index_search_slowlog_rolling.additivity = false 344 | 345 | ######## Indexing slowlog JSON ################## 346 | appender.index_indexing_slowlog_rolling.type = RollingFile 347 | appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling 348 | appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ 349 | _index_indexing_slowlog.json 350 | appender.index_indexing_slowlog_rolling.layout.type = ESJsonLayout 351 | appender.index_indexing_slowlog_rolling.layout.type_name = index_indexing_slowlog 352 | appender.index_indexing_slowlog_rolling.layout.esmessagefields=message,took,took_millis,doc_type,id,routing,source 353 | 354 | appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ 355 | _index_indexing_slowlog-%i.json.gz 356 | appender.index_indexing_slowlog_rolling.policies.type = Policies 357 | appender.index_indexing_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy 358 | appender.index_indexing_slowlog_rolling.policies.size.size = 1GB 359 | appender.index_indexing_slowlog_rolling.strategy.type = DefaultRolloverStrategy 360 | appender.index_indexing_slowlog_rolling.strategy.max = 4 361 | ################################################# 362 | ######## Indexing slowlog - old style pattern ## 363 | appender.index_indexing_slowlog_rolling_old.type = RollingFile 364 | appender.index_indexing_slowlog_rolling_old.name = index_indexing_slowlog_rolling_old 365 | appender.index_indexing_slowlog_rolling_old.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ 366 | _index_indexing_slowlog.log 367 | appender.index_indexing_slowlog_rolling_old.layout.type = PatternLayout 368 | appender.index_indexing_slowlog_rolling_old.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %m%n 369 | 370 | appender.index_indexing_slowlog_rolling_old.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}\ 371 | _index_indexing_slowlog-%i.log.gz 372 | appender.index_indexing_slowlog_rolling_old.policies.type = Policies 373 | appender.index_indexing_slowlog_rolling_old.policies.size.type = SizeBasedTriggeringPolicy 374 | appender.index_indexing_slowlog_rolling_old.policies.size.size = 1GB 375 | appender.index_indexing_slowlog_rolling_old.strategy.type = DefaultRolloverStrategy 376 | appender.index_indexing_slowlog_rolling_old.strategy.max = 4 377 | ################################################# 378 | 379 | logger.index_indexing_slowlog.name = index.indexing.slowlog.index 380 | logger.index_indexing_slowlog.level = trace 381 | logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling 382 | logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling_old.ref = index_indexing_slowlog_rolling_old 383 | logger.index_indexing_slowlog.additivity = false 384 | 385 | x509_certificate_debug_log: yes 386 | # XXX these keys were create by the following steps described at: 387 | # https://opendistro.github.io/for-elasticsearch-docs/docs/security-configuration/generate-certificates/ 388 | # 389 | # here is the copy of the steps: 390 | # 391 | # Root CA 392 | # openssl genrsa -out root-ca-key.pem 2048 393 | # openssl req -new -x509 -sha256 -key root-ca-key.pem -out root-ca.pem 394 | # 395 | # Admin cert 396 | # openssl genrsa -out admin-key-temp.pem 2048 397 | # openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem 398 | # openssl req -new -key admin-key.pem -out admin.csr 399 | # openssl x509 -req -in admin.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out admin.pem 400 | # 401 | # Node cert 402 | # openssl genrsa -out node-key-temp.pem 204 403 | # openssl pkcs8 -inform PEM -outform PEM -in node-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node-key.pem 404 | # openssl req -new -key node-key.pem -out node.csr 405 | # openssl x509 -req -in node.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node.pem 406 | # 407 | # Cleanup 408 | # rm admin-key-temp.pem admin.csr node-key-temp.pem node.csr 409 | x509_certificate: 410 | - name: node 411 | state: present 412 | public: 413 | path: "{{ opendistroforelasticsearch_conf_dir }}/node.pem" 414 | mode: "0444" 415 | key: | 416 | -----BEGIN CERTIFICATE----- 417 | MIIDMzCCAhsCCQDFJMQePWLjHzANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJB 418 | VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 419 | cyBQdHkgTHRkMRcwFQYDVQQDDA5jYS5leG1hcGxlLm9yZzAeFw0xOTEwMTAwMjMx 420 | MThaFw0xOTExMDkwMjMxMThaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l 421 | LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV 422 | BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbc 423 | g+Wu9h+zSQDcY59exw2SYcoKCyjjICxU7dyV2UWDuwHMrp0hPKE6Ihd41ftgWVOl 424 | fIra3I0gmGteWztlaEP3wx0tnZdopBJgMegiPjmUcz/w3wqtzgSqH3fTKbQhO4qL 425 | jDnwJfOxpoUWdR69DXPFLTi5HrD1/GwmT3ra6ySJGVRKKGnl9ZukwnEqQs58e/+T 426 | GCwnGOjkItwE5kxEtPSNRqsm+zfJyy6hwoeCGHyqxwiRTwSNjRdL+rQjGzGPj/OU 427 | VDDuXV389+EmKYbTfH790VRULNsT22VjFCwW1yAsmJTFKVktjcGjdcH2iGtLN7CO 428 | QVLNR9QIl+x2+9XXSxUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAnZEGtf28tpzy 429 | 36hGJJxLHqewb7xRnoXnm5d5f3x1vTlmtU/Y3NZg4eqV8fBJr6Z9IpgAe4Mzmzna 430 | 4j4jcUHraKrat/UKxiCqqP+P3FggRhUz5c4aC/pCOF3MRzD4Q9hZHV3gLoZMzerv 431 | eza1HuWnaRg2hAIBOlb9Oyn7K4LgMdH3Un4L2tH3eyp0KsMQj/JAW0iZFtVuohzu 432 | R7jSBWvYE3+siM2mpHUw6sf5uevgPTyEZg3ionLsGg0M6XdpvgT61m/pE3+7xjQ1 433 | I9Eg8TdwRq5gAv0Ywl5BuXyIA40x7x87y4qPpqMpBsc8u7ESlffUs2mor0qfQvm7 434 | mzd3/gNRFw== 435 | -----END CERTIFICATE----- 436 | secret: 437 | path: "{{ opendistroforelasticsearch_conf_dir }}/node-key.pem" 438 | owner: "{{ opendistroforelasticsearch_user }}" 439 | group: "{{ opendistroforelasticsearch_group }}" 440 | mode: "0600" 441 | key: | 442 | -----BEGIN PRIVATE KEY----- 443 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCm3IPlrvYfs0kA 444 | 3GOfXscNkmHKCgso4yAsVO3cldlFg7sBzK6dITyhOiIXeNX7YFlTpXyK2tyNIJhr 445 | Xls7ZWhD98MdLZ2XaKQSYDHoIj45lHM/8N8Krc4Eqh930ym0ITuKi4w58CXzsaaF 446 | FnUevQ1zxS04uR6w9fxsJk962uskiRlUSihp5fWbpMJxKkLOfHv/kxgsJxjo5CLc 447 | BOZMRLT0jUarJvs3ycsuocKHghh8qscIkU8EjY0XS/q0Ixsxj4/zlFQw7l1d/Pfh 448 | JimG03x+/dFUVCzbE9tlYxQsFtcgLJiUxSlZLY3Bo3XB9ohrSzewjkFSzUfUCJfs 449 | dvvV10sVAgMBAAECggEAHG83isxl5MEIj7z+vQnJoeZwA53yiOUrdmKCpjRi8hWg 450 | qI3Ys64WRuNBK/7LeCrTDg4FSyRAsUv8rU9G/LgrLGnsNeywDj0muHrsBkLPl8BU 451 | Y3EIkSlNEj5rXl/9m1SOcO2W18i0rvJ3Dfblvnc486GGM0RYlo9UlJlysdzcdT0h 452 | ORjgSzREH2J6S6PB5T/waxZ6XGopy3qkF2Q+Bs7K+Rx1uIrztsPMfJ5YcdPTNEiD 453 | YDNwWCI5FGI1Wq/5YtpkYlkZx/z+CcAX5njoQKyyZdOJVzUwVRxdEtOPALOYnB8x 454 | pUmxugKbE8d2pAYbV513dG6r+BXGyA4QptvyGxWXgQKBgQDVqYL1u+DrbSDYCBjd 455 | s379CD64+vtBe6Yfq6QDQS9XGAtTyYcAj+9oUzTew63vOlgfSZ/xVKcOq4Re88mn 456 | +KIkl1DA7+O/l8os38lrzDgbZO8vLE+VFpS+TbUegkOFRFpldActyLV6JuyfO58D 457 | PsDO+xxtw4lneIlCIM9MOiqXbwKBgQDH7O456+XhYy2BMV1fB+BkTnX9M0SjlXwB 458 | Tv7WUfEEMLFJsHae7P+4q396gBAx4CD3gBH+zBULeRdW3wkJKc22QS5kSJaU0T59 459 | 1bL1n7hIeIu36m+Due+o2PLeda+Hx3hk56JQkXhTpDEZAx2WGOZ81lATOKtUTdDs 460 | bAISGyGjuwKBgDb2m0zRnwORGCDavGLT2PgIlfIKBnaK82o0QkXgD+iMs+VC82qu 461 | nDyvIuunVOg0jxTFYNK5HxyD/NJcTmTabgORtWFclK7lwkmW6/7CEzDg3zK4aGSG 462 | 4Y6u+Me3ZN00fziYB3y8pAqfVsGDmd1A2GKmcGLAKWmntU+AlzMZx3kbAoGBAIui 463 | Sry/qv4hc+3Q2aL+8FV+i1/+B8mtJUAQuWJdNtWzYI/UJPVZGD4V4eJgQW9kWAIl 464 | O+xXA7fQqmFtQ3VX8iqCGfHG1Q05m8jtkaGGHYLYVtVscthw7Bdk9zQyxBc0VT08 465 | nxxgjcb1XalXiLmFyK2WTbUvFlK6StplkYit1G/zAoGAYdYiIZmixKsrtdH/CKQY 466 | kGBqJY9H+3QQB9fckHROtdOalWrJJCUBF+jEa2e6rLbFSpzj2Dpot2QLiENBMZuH 467 | 6DAksJ9+B3lxbQxdssFaFa5NocS2v6oAyLbEGNIOEkQ54f0v5HfaPVeLElK4Hs18 468 | f5MIWEE6V+z+aNg7aXdrLtU= 469 | -----END PRIVATE KEY----- 470 | - name: root-ca 471 | state: present 472 | public: 473 | path: "{{ opendistroforelasticsearch_conf_dir }}/root-ca.pem" 474 | key: | 475 | -----BEGIN CERTIFICATE----- 476 | MIIDMzCCAhsCCQDFJMQePWLjHzANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJB 477 | VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 478 | cyBQdHkgTHRkMRcwFQYDVQQDDA5jYS5leG1hcGxlLm9yZzAeFw0xOTEwMTAwMjMx 479 | MThaFw0xOTExMDkwMjMxMThaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l 480 | LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV 481 | BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbc 482 | g+Wu9h+zSQDcY59exw2SYcoKCyjjICxU7dyV2UWDuwHMrp0hPKE6Ihd41ftgWVOl 483 | fIra3I0gmGteWztlaEP3wx0tnZdopBJgMegiPjmUcz/w3wqtzgSqH3fTKbQhO4qL 484 | jDnwJfOxpoUWdR69DXPFLTi5HrD1/GwmT3ra6ySJGVRKKGnl9ZukwnEqQs58e/+T 485 | GCwnGOjkItwE5kxEtPSNRqsm+zfJyy6hwoeCGHyqxwiRTwSNjRdL+rQjGzGPj/OU 486 | VDDuXV389+EmKYbTfH790VRULNsT22VjFCwW1yAsmJTFKVktjcGjdcH2iGtLN7CO 487 | QVLNR9QIl+x2+9XXSxUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAnZEGtf28tpzy 488 | 36hGJJxLHqewb7xRnoXnm5d5f3x1vTlmtU/Y3NZg4eqV8fBJr6Z9IpgAe4Mzmzna 489 | 4j4jcUHraKrat/UKxiCqqP+P3FggRhUz5c4aC/pCOF3MRzD4Q9hZHV3gLoZMzerv 490 | eza1HuWnaRg2hAIBOlb9Oyn7K4LgMdH3Un4L2tH3eyp0KsMQj/JAW0iZFtVuohzu 491 | R7jSBWvYE3+siM2mpHUw6sf5uevgPTyEZg3ionLsGg0M6XdpvgT61m/pE3+7xjQ1 492 | I9Eg8TdwRq5gAv0Ywl5BuXyIA40x7x87y4qPpqMpBsc8u7ESlffUs2mor0qfQvm7 493 | mzd3/gNRFw== 494 | -----END CERTIFICATE----- 495 | secret: 496 | path: "{{ opendistroforelasticsearch_conf_dir }}/root-ca-key.pem" 497 | owner: "{{ opendistroforelasticsearch_user }}" 498 | group: "{{ opendistroforelasticsearch_group }}" 499 | key: | 500 | -----BEGIN RSA PRIVATE KEY----- 501 | MIIEowIBAAKCAQEA2vu3zNFLi5s3afKZsjj4WYTqOyQeu7ajCSOVFWu3/rGUQCxY 502 | whaN8sZWJ4Tb3giSgFt9daxIAjFT0RNZm9HI9+hthlyQ6EmVtmHv8QOIjWTrIT1S 503 | 9pZuyHsWcnin2FMX/UM1VxJSZQ3lsKhzbqBlGqmRuWbYi4hqsRxAnDuU78frvqDC 504 | gzFgjIEnDZMJeooM+ZLUrXuIIPi+auEl/7n8u3C/anLtt+K5UMCvZrCUSwSycPx2 505 | qFdPGpDXedlsfkxzW+mk3s38dHOG/5+qxwZiIexTgRYBRmoASZe5ksSVxKjvEWfF 506 | Zv1WoOMivEDwXmgbxojXc1hWfKAT6ArgitTyrQIDAQABAoIBAQDQjgtutaYNP7Z2 507 | 4OYgJsHgAAZUbQIYJMkBWzIRRJXnq5hVxeaCcpieLua+nHoJ7IAaXwgNmha6f+Aj 508 | rxoYnKOZ93LYFDCuCebb3Ep4b7UNdJ+6+Hya/IplxVSLkP3JuNmQCwIx+vEd7S5k 509 | IQpOwdOIoRZ4TMrPmQyDwTSHlvcxpKJxVZ0XGSAg9jzqhFpmbn28/GUr8iQD2Mo0 510 | U9N6ToddHyDpll0eJouoXesIbvxwyFI0vdHki5fl6LmazKzKjGtr8yD8QqP5D403 511 | JdzSNqwElQd7QKpvMPaL1dXpdUUiF+9TUXjt8A1MBtVsSmXMwMiqOfuzPjAj7wkc 512 | smfTxjABAoGBAPJ8wjWzZV1QDxzYRYMRCuVSuJrLn4jA8jEEf3X5ej3SMyaVaBOJ 513 | YtSuoV4C66jtgHRiQTcUIewiZAurmemeR/VRsW2RPC/w2SYZRytKKm8l5YM2iXSK 514 | /VgWTdVSbOhzJYfV0Azp47pY2yW3WZop3lnzcXPM/jthI6NnX4KcdI9BAoGBAOcv 515 | qIw8DSXYJUStIJ4wf5jfP2jmjeepA0d007XfZCkLE3ltlrxN2llAf/fq+sbhEtTf 516 | vpFnEcRqSvw4y8jd0G2IrvFZoSdr1SbtF6UfdixcB9Br2kqElNxzSX2eNHFOxOPw 517 | L+snKT+i1pFAXCOlMBedqZNetyWqBnWSvARUKvRtAoGAQoLl4kTqsMWc35SSvHiY 518 | PH6MFCl2ANSrmbZaH8nmNb7KOPMSMQmmCiA8MsUqTpOWgFXS/YCQLWzhdDIFbYb0 519 | xd06hYsorx2o8kJMuxsEuKf0ZCE5YrYc92RmxPRu2vN6f9+tyVz+Ecb9lULNWPPT 520 | AWk83T6FHVRvqgpYsEKp1gECgYBZ6R8T6wbyAO39l5dn7lSxj6GJmqD1x7WOxNDR 521 | mt/JVpVsVEKbWWvh6kPal3iQgFhikeH7iqpOSUiAb1ZR+HJnJxFirAkQ2886JFtd 522 | zK6Y8fHYDRoIgSej1PJv+GdM6eWJAJCiU8inBx2LwAwVkNjzVk3tEpkH/OgmMbsN 523 | s+5AwQKBgDXibuSSsisvdIN9hsSdCm2TBAx2yiVS/Jm64lVjr+PJpswTG0OY9YLO 524 | vN7YiVwEifmpgjwYqwbygU47h3OH22fn+A04geI5XPQJytWOgVfzh2oBWoHcFApi 525 | zrAM2P/g2Lnw/ttxnFUHpLe+f2uq+PTgidDl58R2tbt8kTO5QpGG 526 | -----END RSA PRIVATE KEY----- 527 | - name: admin 528 | state: present 529 | public: 530 | path: "{{ opendistroforelasticsearch_conf_dir }}/admin.pem" 531 | key: | 532 | -----BEGIN CERTIFICATE----- 533 | MIIDMzCCAhsCCQDFJMQePWLjHjANBgkqhkiG9w0BAQsFADBeMQswCQYDVQQGEwJB 534 | VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 535 | cyBQdHkgTHRkMRcwFQYDVQQDDA5jYS5leG1hcGxlLm9yZzAeFw0xOTEwMTAwMjI2 536 | MDlaFw0xOTExMDkwMjI2MDlaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l 537 | LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV 538 | BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMsB 539 | G8zk8zYLb7KswWprNaAVBnGyNkbBa3eWH3NjsP6TIiSQWii80aSPk4OxI2juLvqX 540 | BACS3sqAd0qW1HUuFfYqOMW4zCPyxPiBBY+3qZP3VlmDWhVZeRnH9RuEuvp24+TX 541 | uRv8efri2I3BbKlRObaGwYuwz/S7mCZJX+QkLgOwnkZtjkkoMHQ80UF1C98iroUB 542 | qASfVOYtNSWZXj3WsR07qI8Juas2ebenMeRMizZIq2M/APJbawZhw1THOUJpL4Jx 543 | sPr/cJkL3n5HU3S7KLaeePItxmWC1oYq452CDytGFAQoL1U8J2JpJ4XJrqPhiEec 544 | 3JvWD53p8ViSjoNVXkECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAUfCvEv7D9j+7 545 | heOYop/OsY6hFHaPIaeYeHnDkZUGcS+9THjYjoZwML0HzsNbunmE9xw6nj6Fp9lh 546 | Zz+ds93JU4uthIcR5FJrvGJr3cCgkx0CyTMaVMZ3aUYszuWWv/ztF0KbeX5g0OmY 547 | MDhfH0QLh7crp4vymPuxgzECiyTizuOfb41FaIx32ks3fEUNe6DhGPyjeXjB8AEW 548 | noZYNT2Iys06qjpIiPa3yKrk38wALRsnY5eJw844YOmTZodlx+rrjCqkwzsPAO52 549 | quywFajsDuy+FwnxJSibPCgbRqJfOYmCKsWJrPc9LyvEEy9l+1yxFNp2z1Zy7iUe 550 | qcmtZpbkfg== 551 | -----END CERTIFICATE----- 552 | secret: 553 | path: "{{ opendistroforelasticsearch_conf_dir }}/admin-key.pem" 554 | owner: "{{ opendistroforelasticsearch_user }}" 555 | group: "{{ opendistroforelasticsearch_group }}" 556 | key: | 557 | -----BEGIN PRIVATE KEY----- 558 | MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDLARvM5PM2C2+y 559 | rMFqazWgFQZxsjZGwWt3lh9zY7D+kyIkkFoovNGkj5ODsSNo7i76lwQAkt7KgHdK 560 | ltR1LhX2KjjFuMwj8sT4gQWPt6mT91ZZg1oVWXkZx/UbhLr6duPk17kb/Hn64tiN 561 | wWypUTm2hsGLsM/0u5gmSV/kJC4DsJ5GbY5JKDB0PNFBdQvfIq6FAagEn1TmLTUl 562 | mV491rEdO6iPCbmrNnm3pzHkTIs2SKtjPwDyW2sGYcNUxzlCaS+CcbD6/3CZC95+ 563 | R1N0uyi2nnjyLcZlgtaGKuOdgg8rRhQEKC9VPCdiaSeFya6j4YhHnNyb1g+d6fFY 564 | ko6DVV5BAgMBAAECggEAJYuh8aZSmSdKVFiBOUZ015Or6nFUeoehca+xR20juiHK 565 | Scrs8eXiPDZVySCE9Q5AYBZ4JgcD754M8h2tU7LfWvT6JQ+Fqgxng7KRLcCBO52e 566 | OdYCXjp7HFqQKbPFxTch9Rw030k14kH8XVNt3m7oZqrLtyNPgusDO+mMM6zBWesG 567 | yhEtrzXFF+mskOLl7xp/0n/WDO7hsz3PZkEx/hGyNpxHikE+or13lRtSogeZEybv 568 | 4Y1hhKcZwsVQOtsoSG7fcBwk4F0hJlesOO1M9UPCE8kUjs97oJfLQukuWqap+T4r 569 | USECJsVwcsjsruqhr+UQmvDp22PqRGRh6kuZbZwh5QKBgQD8GuWOMAC8R19DPgc3 570 | ggfQz97uYwBb2cw/xwCCHVjhF/WQfgPg7g7MNsVr256imZuzsjQIQJEX8tmBgdb1 571 | p9Ebs8C+L8xeIfsi7GqlPOaHm80q8sF1SpeQZ36+23SthHN1JT6pLMl8D8WscBZo 572 | Kt5NlzpcNCtQ8aqqV/FXyPPp3wKBgQDOJANZPTfWOQO68hm7Zj2sihQTvFb1yxBU 573 | F89ol8kvajKYw0Mef/IsTEtRS08pE6AVWvjJC9Wi5JSBxdtaGxDje/4fXj1Ili3u 574 | I/DKIJVCz9uq4y8vaqO4npw7/nTGCeqfZHh19pzMuwHxPEfSvjqzr/5fyecSYzL/ 575 | +0EZz1H73wKBgA89qQcRi9nWDsJH67PFXqeXCYkr3weugRSR+Uvkbk0dX7EejSl5 576 | +tcJsKG2oz59PtZ8PX0KOjtSaSfVK6OqQ5ADK/HTfe1q7H3OARyANAeauaqRBnUK 577 | z2Lhft4W8lTTHw/D8qfTl1KyuWaVWCVwAgR60gJk/QFlusWVj3eZJHXNAoGAHFiv 578 | bTIR349vh+GK0E465OMH577aZmpKEIZFqyhULgT4eDFBpYwKjTTglok4lXlxZf5g 579 | f6T097VfBolipH1cUSvXwhB/dN/R6RFgJytb2xgiKNmcv3R2lwiYi1duT11Fui1i 580 | szX6UdzVY4rahYxLHjJxVFK7R7gEZ1bxmM79gxkCgYBfeU0SNr9oUL8Rw7pf1pe6 581 | H5f1zyPDIKWhzU6aaIdGKr5wUIcQT0/Z75O/JBxXeq3bBkH/eZU/giUE33kpVPsv 582 | fx/baNmdyVXvHEn9dQd7i/0LUXF1QgJoreYDz9QV4gYzDOtyWiA/XR+snNsTBH7R 583 | 0YX6LjQg646+IyFoK6qw+w== 584 | -----END PRIVATE KEY----- 585 | -------------------------------------------------------------------------------- /tests/serverspec/default_spec.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require "spec_helper" 4 | require "serverspec" 5 | 6 | default_user = "root" 7 | default_group = "root" 8 | es_package_name = "opendistroforelasticsearch" 9 | es_service_name = "elasticsearch" 10 | es_config_dir = "/etc/elasticsearch" 11 | es_user_name = "elasticsearch" 12 | es_user_group = "elasticsearch" 13 | java_home = "" 14 | 15 | plugins = [ 16 | # XXX depending on versions, some plugins have -, others `_`. 17 | "opendistro[-_]security", 18 | "opendistro[-_]alerting" 19 | ] 20 | es_extra_packages = [] 21 | extra_files = %w[ 22 | opendistro_security/securityconfig/roles.yml 23 | opendistro_security/securityconfig/roles_mapping.yml 24 | opendistro_security/securityconfig/internal_users.yml 25 | opendistro_security/securityconfig/config.yml 26 | ] 27 | 28 | es_plugin_command = "/usr/share/elasticsearch/bin/elasticsearch-plugin" 29 | es_plugins_directory = "/usr/share/elasticsearch/plugins" 30 | es_data_directory = "/var/lib/elasticsearch" 31 | es_log_directory = "/var/log/elasticsearch" 32 | public_certs = [ 33 | "admin.pem", 34 | "node.pem", 35 | "root-ca.pem" 36 | ] 37 | private_certs = [ 38 | "admin-key.pem", 39 | "node-key.pem", 40 | "root-ca-key.pem" 41 | ] 42 | 43 | case os[:family] 44 | when "freebsd" 45 | default_group = "wheel" 46 | es_package_name = "opendistroforelasticsearch" 47 | es_config_dir = "/usr/local/etc/elasticsearch" 48 | es_plugin_command = "/usr/local/lib/elasticsearch/bin/elasticsearch-plugin" 49 | es_plugins_directory = "/usr/local/lib/elasticsearch/plugins" 50 | es_data_directory = "/var/db/elasticsearch" 51 | java_home = "/usr/local" 52 | when "openbsd" 53 | default_group = "wheel" 54 | es_user_name = "_elasticsearch" 55 | es_user_group = "_elasticsearch" 56 | es_plugin_command = "/usr/local/elasticsearch/bin/plugin" 57 | es_plugins_directory = "/usr/local/elasticsearch/plugins" 58 | es_data_directory = "/var/elasticsearch" 59 | when "ubuntu" 60 | es_extra_packages = ["elasticsearch-oss"] 61 | end 62 | 63 | jvm_option = "#{es_config_dir}/jvm.options" 64 | log4j2_properties = "#{es_config_dir}/log4j2.properties" 65 | 66 | describe file es_config_dir do 67 | it { should exist } 68 | it { should be_directory } 69 | it { should be_mode 755 } 70 | it { should be_owned_by es_user_name } 71 | it { should be_grouped_into es_user_group } 72 | end 73 | 74 | describe file(es_data_directory) do 75 | it { should be_directory } 76 | it { should be_owned_by es_user_name } 77 | it { should be_grouped_into es_user_group } 78 | it { should be_mode 755 } 79 | end 80 | 81 | describe file(es_log_directory) do 82 | it { should be_directory } 83 | it { should be_owned_by es_user_name } 84 | it { should be_grouped_into es_user_group } 85 | it { should be_mode 755 } 86 | end 87 | 88 | describe service(es_service_name) do 89 | it { should be_running } 90 | end 91 | 92 | es_extra_packages.each do |p| 93 | describe package p do 94 | it { should be_installed } 95 | end 96 | end 97 | 98 | describe package(es_package_name) do 99 | it { should be_installed } 100 | end 101 | 102 | describe file jvm_option do 103 | it { should be_file } 104 | it { should be_mode 644 } 105 | it { should be_owned_by es_user_name } 106 | it { should be_grouped_into es_user_group } 107 | its(:content) { should match(Regexp.escape("-XX:+UseCompressedOops")) } 108 | end 109 | 110 | describe file log4j2_properties do 111 | it { should be_file } 112 | it { should be_mode 644 } 113 | it { should be_owned_by es_user_name } 114 | it { should be_grouped_into es_user_group } 115 | its(:content) { should match(/Managed by ansible/) } 116 | end 117 | 118 | case os[:family] 119 | when "freebsd" 120 | describe file("/etc/rc.conf.d") do 121 | it { should be_directory } 122 | it { should be_mode 755 } 123 | it { should be_owned_by default_user } 124 | it { should be_grouped_into default_group } 125 | end 126 | 127 | describe file("/etc/rc.conf.d/opendistroforelasticsearch") do 128 | it { should be_file } 129 | it { should be_mode 644 } 130 | it { should be_owned_by default_user } 131 | it { should be_grouped_into default_group } 132 | its(:content) { should match(/^elasticsearch_java_home=/) } 133 | end 134 | when "ubuntu" 135 | describe file("/etc/default/elasticsearch") do 136 | it { should be_file } 137 | it { should be_mode 644 } 138 | it { should be_owned_by default_user } 139 | it { should be_grouped_into default_group } 140 | its(:content) { should match(/Managed by ansible/) } 141 | its(:content) { should match(/MAX_OPEN_FILES=65535/) } 142 | end 143 | when "redhat" 144 | describe file("/etc/sysconfig/elasticsearch") do 145 | it { should be_file } 146 | it { should be_mode 644 } 147 | it { should be_owned_by default_user } 148 | it { should be_grouped_into default_group } 149 | its(:content) { should match(/Managed by ansible/) } 150 | its(:content) { should match(/MAX_OPEN_FILES=65535/) } 151 | end 152 | when "openbsd" 153 | describe file("/etc/elasticsearch/jvm.in") do 154 | it { should be_file } 155 | it { should be_mode 644 } 156 | it { should be_owned_by default_user } 157 | it { should be_grouped_into default_group } 158 | its(:content) { should match(/JAVA_OPTS="#{Regexp.escape("-XX:+UseCompressedOops")}"$/) } 159 | end 160 | end 161 | 162 | [9200, 9300].each do |p| 163 | describe port(p) do 164 | it { should be_listening } 165 | end 166 | end 167 | 168 | describe file("#{es_config_dir}/elasticsearch.yml") do 169 | it { should be_file } 170 | it { should be_owned_by es_user_name } 171 | it { should be_grouped_into es_user_group } 172 | it { should be_mode 440 } 173 | its(:content_as_yaml) { should include("cluster.name" => "testcluster") } 174 | its(:content_as_yaml) { should include("node.name" => "testnode") } 175 | its(:content_as_yaml) { should include("network.publish_host" => ["10.0.2.15"]) } 176 | its(:content_as_yaml) { should include("http.cors.enabled" => "true") } 177 | its(:content_as_yaml) { should include("http.cors.allow-origin" => "*") } 178 | its(:content_as_yaml) { should include("http.cors.max-age" => 86_400) } 179 | its(:content_as_yaml) { should include("http.cors.allow-methods" => "OPTIONS, HEAD, GET, POST, PUT, DELETE") } 180 | its(:content_as_yaml) { should include("http.cors.allow-headers" => "X-Requested-With, Content-Type, Content-Length") } 181 | its(:content_as_yaml) { should include("http.cors.allow-credentials" => "true") } 182 | end 183 | 184 | describe file(es_plugins_directory) do 185 | it { should be_directory } 186 | it { should be_owned_by default_user } 187 | it { should be_grouped_into default_group } 188 | it { should be_mode 755 } 189 | end 190 | 191 | plugins.each do |p| 192 | describe command("env JAVA_HOME=#{java_home} #{es_plugin_command} list") do 193 | its(:stdout) { should match(/^#{p}$/) } 194 | its(:stderr) { should eq "" } 195 | its(:exit_status) { should eq 0 } 196 | end 197 | end 198 | 199 | extra_files.each do |f| 200 | describe file "#{es_plugins_directory}/#{f}" do 201 | it { should be_file } 202 | it { should be_owned_by default_user } 203 | it { should be_grouped_into es_user_group } 204 | it { should be_mode 640 } 205 | its(:content) { should match(/Managed by ansible/) } 206 | end 207 | end 208 | 209 | public_certs.each do |c| 210 | describe file "#{es_config_dir}/#{c}" do 211 | it { should be_file } 212 | it { should be_mode 444 } 213 | it { should be_owned_by default_user } 214 | it { should be_grouped_into default_group } 215 | its(:content) { should match(/-----BEGIN CERTIFICATE-----/) } 216 | its(:content) { should match(/-----END CERTIFICATE-----/) } 217 | end 218 | end 219 | 220 | private_certs.each do |c| 221 | describe file "#{es_config_dir}/#{c}" do 222 | it { should be_file } 223 | it { should be_owned_by es_user_name } 224 | it { should be_grouped_into es_user_group } 225 | it { should be_mode c == "node-key.pem" ? 600 : 400 } 226 | its(:content) { should match(/-----BEGIN (?:RSA )?PRIVATE KEY-----/) } 227 | its(:content) { should match(/-----END (?:RSA )?PRIVATE KEY-----/) } 228 | end 229 | end 230 | -------------------------------------------------------------------------------- /tests/serverspec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | # frozen_string_literal: true 2 | 3 | require "serverspec" 4 | 5 | set :backend, :ssh 6 | 7 | options = Net::SSH::Config.for(host) 8 | options[:host_name] = ENV["KITCHEN_HOSTNAME"] 9 | options[:user] = ENV["KITCHEN_USERNAME"] 10 | options[:port] = ENV["KITCHEN_PORT"] 11 | options[:keys] = ENV["KITCHEN_SSH_KEY"] 12 | 13 | set :host, options[:host_name] 14 | set :ssh_options, options 15 | set :env, LANG: "C", LC_ALL: "C" 16 | -------------------------------------------------------------------------------- /tests/travisci/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/tests/travisci/.keepme -------------------------------------------------------------------------------- /tests/travisci/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | -------------------------------------------------------------------------------- /tests/travisci/tests.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - ansible-role-opendistroforelasticsearch 6 | -------------------------------------------------------------------------------- /vars/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trombik/ansible-role-opendistroforelasticsearch/927525ef9ac87401d6fdf8785a7afcabaa7e2ee9/vars/.keepme -------------------------------------------------------------------------------- /vars/Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | __opendistroforelasticsearch_user: elasticsearch 3 | __opendistroforelasticsearch_group: elasticsearch 4 | __opendistroforelasticsearch_log_dir: /var/log/elasticsearch 5 | __opendistroforelasticsearch_db_dir: /var/lib/elasticsearch 6 | __opendistroforelasticsearch_package: opendistroforelasticsearch 7 | __opendistroforelasticsearch_conf_dir: /etc/elasticsearch 8 | __opendistroforelasticsearch_scripts_dir: "" 9 | __opendistroforelasticsearch_plugins_dir: /usr/share/elasticsearch/plugins 10 | __opendistroforelasticsearch_plugin_command: /usr/share/elasticsearch/bin/elasticsearch-plugin 11 | __opendistroforelasticsearch_service: elasticsearch 12 | __opendistroforelasticsearch_java_home: "" 13 | -------------------------------------------------------------------------------- /vars/FreeBSD.yml: -------------------------------------------------------------------------------- 1 | --- 2 | __opendistroforelasticsearch_user: elasticsearch 3 | __opendistroforelasticsearch_group: elasticsearch 4 | __opendistroforelasticsearch_log_dir: /var/log/elasticsearch 5 | __opendistroforelasticsearch_db_dir: /var/db/elasticsearch 6 | __opendistroforelasticsearch_package: textproc/opendistroforelasticsearch 7 | __opendistroforelasticsearch_conf_dir: /usr/local/etc/elasticsearch 8 | __opendistroforelasticsearch_scripts_dir: "" 9 | __opendistroforelasticsearch_plugins_dir: "/usr/local/lib/elasticsearch/plugins" 10 | __opendistroforelasticsearch_plugin_command: /usr/local/lib/elasticsearch/bin/elasticsearch-plugin 11 | __opendistroforelasticsearch_service: elasticsearch 12 | __opendistroforelasticsearch_java_home: /usr/local 13 | -------------------------------------------------------------------------------- /vars/RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | __opendistroforelasticsearch_user: elasticsearch 3 | __opendistroforelasticsearch_group: elasticsearch 4 | __opendistroforelasticsearch_log_dir: /var/log/elasticsearch 5 | __opendistroforelasticsearch_db_dir: /var/lib/elasticsearch 6 | __opendistroforelasticsearch_package: opendistroforelasticsearch 7 | __opendistroforelasticsearch_conf_dir: /etc/elasticsearch 8 | __opendistroforelasticsearch_scripts_dir: "" 9 | __opendistroforelasticsearch_plugins_dir: /usr/share/elasticsearch/plugins 10 | __opendistroforelasticsearch_plugin_command: /usr/share/elasticsearch/bin/elasticsearch-plugin 11 | __opendistroforelasticsearch_service: elasticsearch 12 | __opendistroforelasticsearch_java_home: "" 13 | --------------------------------------------------------------------------------