From 356438c9d29a174e533eb973f1ae83d40af4c077 Mon Sep 17 00:00:00 2001 From: Tomoyuki Sakurai Date: Tue, 8 Oct 2019 16:55:10 +0900 Subject: [PATCH] initial import --- .kitchen.yml | 4 +- Gemfile.lock | 228 +++++++++++++++++++++++++++++++ README.md | 39 +++++- ansible.cfg | 2 + defaults/main.yml | 20 ++- handlers/main.yml | 8 +- meta/main.yml | 4 +- requirements.yml | 4 + tasks/configure-jvm-Debian.yml | 8 ++ tasks/configure-jvm-FreeBSD.yml | 23 ++++ tasks/configure-jvm-OpenBSD.yml | 14 ++ tasks/configure-jvm-RedHat.yml | 8 ++ tasks/configure.yml | 43 ++++++ tasks/install-Debian.yml | 21 +++ tasks/install-FreeBSD.yml | 4 +- tasks/install-OpenBSD.yml | 6 + tasks/install-RedHat.yml | 11 ++ tasks/main.yml | 46 +++---- tasks/plugins.yml | 52 +++++++ templates/FreeBSD.rc.j2 | 3 + templates/elasticsearch.yml.j2 | 4 + templates/jvm.options.j2 | 1 + templates/raw.j2 | 3 + templates/yaml.j2 | 3 + tests/serverspec/default.yml | 117 +++++++++++++++- tests/serverspec/default_spec.rb | 191 ++++++++++++++++++++++---- vars/FreeBSD.yml | 14 +- 27 files changed, 809 insertions(+), 72 deletions(-) create mode 100644 Gemfile.lock create mode 100644 ansible.cfg create mode 100644 requirements.yml create mode 100644 tasks/configure-jvm-Debian.yml create mode 100644 tasks/configure-jvm-FreeBSD.yml create mode 100644 tasks/configure-jvm-OpenBSD.yml create mode 100644 tasks/configure-jvm-RedHat.yml create mode 100644 tasks/configure.yml create mode 100644 tasks/install-Debian.yml create mode 100644 tasks/install-OpenBSD.yml create mode 100644 tasks/install-RedHat.yml create mode 100644 tasks/plugins.yml create mode 100644 templates/FreeBSD.rc.j2 create mode 100644 templates/elasticsearch.yml.j2 create mode 100644 templates/jvm.options.j2 create mode 100644 templates/raw.j2 create mode 100644 templates/yaml.j2 diff --git a/.kitchen.yml b/.kitchen.yml index 1a769ab..7f52748 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -1,6 +1,8 @@ --- driver: name: vagrant + customize: + memory: 2048 transport: name: rsync @@ -13,7 +15,7 @@ provisioner: ansible_verbosity: 1 ansible_verbose: true ansible_extra_flags: <%= ENV['ANSIBLE_EXTRA_FLAGS'] %> - # requirements_path: requirements.yml + requirements_path: requirements.yml http_proxy: <%= ENV['ANSIBLE_PROXY'] %> idempotency_test: true additional_copy_path: diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..a2bbf1a --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,228 @@ +GIT + remote: https://github.com/trombik/infrataster.git + revision: 1cc9b77126d5e1e7a445456cdbf6fee4f0ab4bd4 + branch: reallyenglish + specs: + infrataster (0.3.2) + capybara + faraday + faraday_middleware (>= 0.10.0) + net-ssh + net-ssh-gateway + poltergeist + rspec (>= 2.0, < 4.0) + thor + +GIT + remote: https://github.com/trombik/kitchen-sync.git + revision: d1d14052e3f401d87986eaffdf5d117518c8bd68 + branch: without_full_path_to_rsync + specs: + kitchen-sync (2.1.2.pre) + net-sftp + test-kitchen (>= 1.0.0) + +GEM + remote: https://rubygems.org/ + specs: + addressable (2.7.0) + public_suffix (>= 2.0.2, < 5.0) + ast (2.4.0) + builder (3.2.3) + capybara (3.29.0) + addressable + mini_mime (>= 0.1.3) + nokogiri (~> 1.8) + rack (>= 1.6.0) + rack-test (>= 0.6.3) + regexp_parser (~> 1.5) + xpath (~> 3.2) + cliver (0.3.2) + diff-lcs (1.3) + equatable (0.6.1) + erubis (2.7.0) + faraday (0.16.2) + multipart-post (>= 1.2, < 3) + faraday_middleware (0.13.1) + faraday (>= 0.7.4, < 1.0) + ffi (1.11.1) + gssapi (1.3.0) + ffi (>= 1.0.1) + gyoku (1.3.1) + builder (>= 2.1.2) + httpclient (2.8.3) + kitchen-ansible (0.50.1) + net-ssh (>= 3) + test-kitchen (>= 1.4) + kitchen-vagrant (1.6.0) + test-kitchen (>= 1.4, < 3) + kitchen-verifier-serverspec (0.7.0) + net-ssh (>= 3) + test-kitchen (>= 1.4) + kitchen-verifier-shell (0.2.0) + test-kitchen (~> 1.4) + license-acceptance (1.0.13) + pastel (~> 0.7) + tomlrb (~> 1.2) + tty-box (~> 0.3) + tty-prompt (~> 0.18) + little-plugger (1.1.4) + logging (2.2.2) + little-plugger (~> 1.1) + multi_json (~> 1.10) + mini_mime (1.0.2) + mini_portile2 (2.4.0) + mixlib-install (3.11.21) + mixlib-shellout + mixlib-versioning + thor + mixlib-shellout (2.4.4) + mixlib-versioning (1.2.7) + multi_json (1.13.1) + multipart-post (2.1.1) + necromancer (0.5.0) + net-scp (2.0.0) + net-ssh (>= 2.6.5, < 6.0.0) + net-sftp (2.1.2) + net-ssh (>= 2.6.5) + net-ssh (4.2.0) + net-ssh-gateway (2.0.0) + net-ssh (>= 4.0.0) + net-telnet (0.1.1) + nokogiri (1.10.4) + mini_portile2 (~> 2.4.0) + nori (2.6.0) + parallel (1.18.0) + parser (2.6.5.0) + ast (~> 2.4.0) + pastel (0.7.3) + equatable (~> 0.6) + tty-color (~> 0.5) + poltergeist (1.18.1) + capybara (>= 2.1, < 4) + cliver (~> 0.3.1) + websocket-driver (>= 0.2.0) + powerpack (0.1.2) + public_suffix (4.0.1) + rack (2.0.7) + rack-test (1.1.0) + rack (>= 1.0, < 3) + rainbow (2.2.2) + rake + rake (13.0.0) + regexp_parser (1.6.0) + rspec (3.8.0) + rspec-core (~> 3.8.0) + rspec-expectations (~> 3.8.0) + rspec-mocks (~> 3.8.0) + rspec-core (3.8.2) + rspec-support (~> 3.8.0) + rspec-expectations (3.8.5) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.8.0) + rspec-its (1.3.0) + rspec-core (>= 3.0.0) + rspec-expectations (>= 3.0.0) + rspec-mocks (3.8.2) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.8.0) + rspec-support (3.8.3) + rubocop (0.51.0) + parallel (~> 1.10) + parser (>= 2.3.3.1, < 3.0) + powerpack (~> 0.1) + rainbow (>= 2.2.2, < 3.0) + ruby-progressbar (~> 1.7) + unicode-display_width (~> 1.0, >= 1.0.1) + ruby-progressbar (1.10.1) + rubyntlm (0.6.2) + rubyzip (1.3.0) + serverspec (2.41.5) + multi_json + rspec (~> 3.0) + rspec-its + specinfra (~> 2.72) + sfl (2.3) + specinfra (2.82.2) + net-scp + net-ssh (>= 2.7) + net-telnet (= 0.1.1) + sfl + strings (0.1.6) + strings-ansi (~> 0.1) + unicode-display_width (~> 1.5) + unicode_utils (~> 1.4) + strings-ansi (0.1.0) + test-kitchen (1.25.0) + license-acceptance (~> 1.0, >= 1.0.11) + mixlib-install (~> 3.6) + mixlib-shellout (>= 1.2, < 3.0) + net-scp (>= 1.1, < 3.0) + net-ssh (>= 2.9, < 5.0) + net-ssh-gateway (>= 1.2, < 3.0) + thor (~> 0.19) + winrm (~> 2.0) + winrm-elevated (~> 1.0) + winrm-fs (~> 1.1) + thor (0.20.3) + tomlrb (1.2.8) + tty-box (0.4.1) + pastel (~> 0.7.2) + strings (~> 0.1.6) + tty-cursor (~> 0.7) + tty-color (0.5.0) + tty-cursor (0.7.0) + tty-prompt (0.19.0) + necromancer (~> 0.5.0) + pastel (~> 0.7.0) + tty-reader (~> 0.6.0) + tty-reader (0.6.0) + tty-cursor (~> 0.7) + tty-screen (~> 0.7) + wisper (~> 2.0.0) + tty-screen (0.7.0) + unicode-display_width (1.6.0) + unicode_utils (1.4.0) + websocket-driver (0.7.1) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.4) + winrm (2.3.2) + builder (>= 2.1.2) + erubis (~> 2.7) + gssapi (~> 1.2) + gyoku (~> 1.0) + httpclient (~> 2.2, >= 2.2.0.2) + logging (>= 1.6.1, < 3.0) + nori (~> 2.0) + rubyntlm (~> 0.6.0, >= 0.6.1) + winrm-elevated (1.1.1) + winrm (~> 2.0) + winrm-fs (~> 1.0) + winrm-fs (1.3.2) + erubis (~> 2.7) + logging (>= 1.6.1, < 3.0) + rubyzip (~> 1.1) + winrm (~> 2.0) + wisper (2.0.0) + xpath (3.2.0) + nokogiri (~> 1.8) + +PLATFORMS + ruby + +DEPENDENCIES + infrataster (~> 0.3.2)! + kitchen-ansible + kitchen-sync (~> 2.1.1)! + kitchen-vagrant + kitchen-verifier-serverspec + kitchen-verifier-shell + rake + rspec + rubocop (~> 0.51.0) + serverspec + specinfra + test-kitchen + +BUNDLED WITH + 2.0.2 diff --git a/README.md b/README.md index 9011778..c7187ec 100644 --- a/README.md +++ b/README.md @@ -8,9 +8,44 @@ None # Role Variables -| variable | description | default | +| Variable | Description | Default | |----------|-------------|---------| - +| `opendistroforelasticsearch_user` | | `{{ __opendistroforelasticsearch_user }}` | +| `opendistroforelasticsearch_group` | | `{{ __opendistroforelasticsearch_group }}` | +| `opendistroforelasticsearch_log_dir` | | `{{ __opendistroforelasticsearch_log_dir }}` | +| `opendistroforelasticsearch_db_dir` | | `{{ __opendistroforelasticsearch_db_dir }}` | +| `opendistroforelasticsearch_scripts_dir` | | `{{ __opendistroforelasticsearch_scripts_dir }}` | +| `opendistroforelasticsearch_plugins_dir` | | `{{ __opendistroforelasticsearch_plugins_dir }}` | +| `opendistroforelasticsearch_plugin_command` | | `{{ __opendistroforelasticsearch_plugin_command }}` | +| `opendistroforelasticsearch_plugins` | | `[]` | +| `opendistroforelasticsearch_service` | | `{{ __opendistroforelasticsearch_service }}` | +| `opendistroforelasticsearch_package` | | `{{ __opendistroforelasticsearch_package }}` | +| `opendistroforelasticsearch_conf_dir` | | `{{ __opendistroforelasticsearch_conf_dir }}` | +| `opendistroforelasticsearch_jvm_options` | | `""` | +| `opendistroforelasticsearch_conf_file` | | `{{ opendistroforelasticsearch_conf_dir }}/elasticsearch.yml` | +| `opendistroforelasticsearch_flags` | | `""` | +| `opendistroforelasticsearch_config` | | `""` | +| `opendistroforelasticsearch_http_port` | | `9200` | +| `opendistroforelasticsearch_java_home` | | `{{ __opendistroforelasticsearch_java_home }}` | +| `opendistroforelasticsearch_extra_files` | | `[]` | + + +## FreeBSD + +| Variable | Default | +|----------|---------| +| `__opendistroforelasticsearch_user` | `elasticsearch` | +| `__opendistroforelasticsearch_group` | `elasticsearch` | +| `__opendistroforelasticsearch_log_dir` | `/var/log/elasticsearch` | +| `__opendistroforelasticsearch_db_dir` | `/var/db/elasticsearch` | +| `__opendistroforelasticsearch_package` | `textproc/opendistroforelasticsearch` | +| `__opendistroforelasticsearch_conf_dir` | `/usr/local/etc/elasticsearch` | +| `__opendistroforelasticsearch_scripts_dir` | `""` | +| `__opendistroforelasticsearch_plugins_dir` | `/usr/local/lib/elasticsearch/plugins` | +| `__opendistroforelasticsearch_plugin_command` | `/usr/local/lib/elasticsearch/bin/elasticsearch-plugin` | +| `__opendistroforelasticsearch_service` | `elasticsearch` | +| `__opendistroforelasticsearch_jvm_options_dir` | `/usr/local/etc` | +| `__opendistroforelasticsearch_java_home` | `/usr/local` | # Dependencies diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..3efd4c3 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +stdout_callback = yaml diff --git a/defaults/main.yml b/defaults/main.yml index 7901079..35ca253 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,9 +1,19 @@ --- -opendistroforelasticsearch_user: opendistroforelasticsearch -opendistroforelasticsearch_group: opendistroforelasticsearch -opendistroforelasticsearch_log_dir: /var/log/opendistroforelasticsearch +opendistroforelasticsearch_user: "{{ __opendistroforelasticsearch_user }}" +opendistroforelasticsearch_group: "{{ __opendistroforelasticsearch_group }}" +opendistroforelasticsearch_log_dir: "{{ __opendistroforelasticsearch_log_dir }}" opendistroforelasticsearch_db_dir: "{{ __opendistroforelasticsearch_db_dir }}" -opendistroforelasticsearch_service: opendistroforelasticsearch +opendistroforelasticsearch_scripts_dir: "{{ __opendistroforelasticsearch_scripts_dir }}" +opendistroforelasticsearch_plugins_dir: "{{ __opendistroforelasticsearch_plugins_dir }}" +opendistroforelasticsearch_plugin_command: "{{ __opendistroforelasticsearch_plugin_command }}" +opendistroforelasticsearch_plugins: [] +opendistroforelasticsearch_service: "{{ __opendistroforelasticsearch_service }}" +opendistroforelasticsearch_package: "{{ __opendistroforelasticsearch_package }}" opendistroforelasticsearch_conf_dir: "{{ __opendistroforelasticsearch_conf_dir }}" -opendistroforelasticsearch_conf_file: "{{ __opendistroforelasticsearch_conf_dir }}/opendistroforelasticsearch.conf" +opendistroforelasticsearch_jvm_options: "" +opendistroforelasticsearch_conf_file: "{{ opendistroforelasticsearch_conf_dir }}/elasticsearch.yml" opendistroforelasticsearch_flags: "" +opendistroforelasticsearch_config: "" +opendistroforelasticsearch_http_port: 9200 +opendistroforelasticsearch_java_home: "{{ __opendistroforelasticsearch_java_home }}" +opendistroforelasticsearch_extra_files: [] diff --git a/handlers/main.yml b/handlers/main.yml index d4eb8a8..e0b25b1 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -2,5 +2,11 @@ - name: Restart opendistroforelasticsearch service: - name: opendistroforelasticsearch + name: "{{ opendistroforelasticsearch_service }}" state: restarted + notify: Wait for elasticsearch to start in handler + +- name: Wait for elasticsearch to start in handler + wait_for: + host: localhost + port: "{{ opendistroforelasticsearch_http_port }}" diff --git a/meta/main.yml b/meta/main.yml index f47aa68..86b314c 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -2,7 +2,7 @@ galaxy_info: role_name: opendistroforelasticsearch author: Tomoyuki Sakurai - description: Configures something + description: Configures opendistroforelasticsearch company: N/A license: BSD min_ansible_version: 2.0 @@ -11,4 +11,4 @@ galaxy_info: versions: - 12.0 galaxy_tags: - - system + - elasticsearch diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..3f0c0d1 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,4 @@ +--- +- name: trombik.sysctl +- name: trombik.java +- name: trombik.freebsd_pkg_repo diff --git a/tasks/configure-jvm-Debian.yml b/tasks/configure-jvm-Debian.yml new file mode 100644 index 0000000..212e85b --- /dev/null +++ b/tasks/configure-jvm-Debian.yml @@ -0,0 +1,8 @@ +--- + +- name: Add ES_JAVA_OPTS to /etc/default/elasticsearch + lineinfile: + dest: /etc/default/elasticsearch + regexp: '^#?ES_JAVA_OPTS=' + line: 'ES_JAVA_OPTS="{{ elasticsearch_jvm_options | join(" ") }}"' + notify: Restart elasticsearch diff --git a/tasks/configure-jvm-FreeBSD.yml b/tasks/configure-jvm-FreeBSD.yml new file mode 100644 index 0000000..1cbc4dd --- /dev/null +++ b/tasks/configure-jvm-FreeBSD.yml @@ -0,0 +1,23 @@ +--- + +- name: Create /etc/rc.conf.d if it does not exist + file: + path: /etc/rc.conf.d + mode: 0755 + state: directory + +- name: Create rc.subr flagment + template: + src: FreeBSD.rc.j2 + dest: /etc/rc.conf.d/opendistroforelasticsearch + mode: 0644 + validate: sh -n %s + notify: + - Restart opendistroforelasticsearch + +- name: Create jvm.options + template: + src: jvm.options.j2 + dest: "{{ opendistroforelasticsearch_conf_dir }}/jvm.options" + notify: + - Restart opendistroforelasticsearch diff --git a/tasks/configure-jvm-OpenBSD.yml b/tasks/configure-jvm-OpenBSD.yml new file mode 100644 index 0000000..c9fa50b --- /dev/null +++ b/tasks/configure-jvm-OpenBSD.yml @@ -0,0 +1,14 @@ +--- + +- name: Create jvm.in + template: + src: jvm.in.OpenBSD.j2 + dest: /etc/elasticsearch/jvm.in + mode: 0644 + +- name: Add `source` to /etc/elasticsearch/elasticsearch.in.sh + lineinfile: + dest: /etc/elasticsearch/elasticsearch.in.sh + insertafter: "^#!/bin/sh" + line: ". /etc/elasticsearch/jvm.in" + state: present diff --git a/tasks/configure-jvm-RedHat.yml b/tasks/configure-jvm-RedHat.yml new file mode 100644 index 0000000..7234a63 --- /dev/null +++ b/tasks/configure-jvm-RedHat.yml @@ -0,0 +1,8 @@ +--- + +- name: Add ES_JAVA_OPTS to /etc/sysconfig/elasticsearch + lineinfile: + dest: /etc/sysconfig/elasticsearch + regexp: '^#?ES_JAVA_OPTS=' + line: 'ES_JAVA_OPTS="{{ elasticsearch_jvm_options | join(" ") }}"' + notify: Restart elasticsearch diff --git a/tasks/configure.yml b/tasks/configure.yml new file mode 100644 index 0000000..38409fd --- /dev/null +++ b/tasks/configure.yml @@ -0,0 +1,43 @@ +--- + +- name: Create data directory + file: + path: "{{ opendistroforelasticsearch_db_dir }}" + state: directory + owner: "{{ opendistroforelasticsearch_user }}" + group: "{{ opendistroforelasticsearch_group }}" + mode: 0750 + +- name: Create opendistroforelasticsearch_log_dir directory + file: + path: "{{ opendistroforelasticsearch_log_dir }}" + state: directory + owner: "{{ opendistroforelasticsearch_user }}" + group: "{{ opendistroforelasticsearch_group }}" + mode: 0755 + +- name: Create path.scripts directory if specified + # XXX this should have been created by package + file: + path: "{{ opendistroforelasticsearch_scripts_dir }}" + state: directory + when: + - opendistroforelasticsearch_scripts_dir | length > 0 + +- name: Create opendistroforelasticsearch_conf_dir + file: + path: "{{ opendistroforelasticsearch_conf_dir }}" + mode: 0755 + owner: "{{ opendistroforelasticsearch_user }}" + group: "{{ opendistroforelasticsearch_group }}" + state: directory + +- name: Create elasticsearch.yml + template: + src: elasticsearch.yml.j2 + dest: "{{ opendistroforelasticsearch_conf_file }}" + mode: 0440 + owner: "{{ opendistroforelasticsearch_user }}" + group: "{{ opendistroforelasticsearch_group }}" + notify: + - Restart opendistroforelasticsearch diff --git a/tasks/install-Debian.yml b/tasks/install-Debian.yml new file mode 100644 index 0000000..60c0f9b --- /dev/null +++ b/tasks/install-Debian.yml @@ -0,0 +1,21 @@ +--- + +- name: Install apt-transport-https + apt: + name: apt-transport-https + state: present + +- name: Add public key from elasticsearch + apt_key: + url: https://artifacts.elastic.co/GPG-KEY-elasticsearch + state: present + +- name: Add elasticsearch apt repository + apt_repository: + repo: deb https://packages.elastic.co/elasticsearch/2.x/debian stable main + state: present + +- name: Install elasticsearch + apt: + name: "{{ elasticsearch_package }}" + state: present diff --git a/tasks/install-FreeBSD.yml b/tasks/install-FreeBSD.yml index 5a6a2a2..5b3fdec 100644 --- a/tasks/install-FreeBSD.yml +++ b/tasks/install-FreeBSD.yml @@ -1,6 +1,6 @@ --- -- name: Install opendistroforelasticsearch +- name: Install elasticsearch pkgng: - name: opendistroforelasticsearch + name: "{{ opendistroforelasticsearch_package }}" state: present diff --git a/tasks/install-OpenBSD.yml b/tasks/install-OpenBSD.yml new file mode 100644 index 0000000..30f09f2 --- /dev/null +++ b/tasks/install-OpenBSD.yml @@ -0,0 +1,6 @@ +--- + +- name: Install elasticsearch + openbsd_pkg: + name: "{{ elasticsearch_package }}" + state: present diff --git a/tasks/install-RedHat.yml b/tasks/install-RedHat.yml new file mode 100644 index 0000000..633f015 --- /dev/null +++ b/tasks/install-RedHat.yml @@ -0,0 +1,11 @@ +--- + +- name: Install Java 8 + yum: + name: java-1.8.0-openjdk.x86_64 + state: present + +- name: Install elasticsearch + yum: + name: elasticsearch + state: present diff --git a/tasks/main.yml b/tasks/main.yml index 4270583..d507588 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,37 +1,31 @@ --- -# tasks file for ansible-role-opendistroforelasticsearch +# tasks file for ansible-role-elasticsearch -- include_vars: "{{ ansible_os_family }}.yml" +- name: "Include {{ ansible_os_family }}.yml" + include_vars: "{{ ansible_os_family }}.yml" -- include: "install-{{ ansible_os_family }}.yml" +- name: "Include install-{{ ansible_os_family }}.yml" + include: "install-{{ ansible_os_family }}.yml" -- name: Create log directory - file: - path: "{{ opendistroforelasticsearch_log_dir }}" - mode: 0755 - owner: "{{ opendistroforelasticsearch_user }}" - group: "{{ opendistroforelasticsearch_group }}" - state: directory - notify: Restart opendistroforelasticsearch +- name: "Include configure.yml" + include: configure.yml -- name: Create db directory - file: - path: "{{ opendistroforelasticsearch_db_dir }}" - mode: 0755 - owner: "{{ opendistroforelasticsearch_user }}" - group: "{{ opendistroforelasticsearch_group }}" - state: directory - notify: Restart opendistroforelasticsearch +- name: "Include configure-jvm-{{ ansible_os_family }}.yml" + include: "configure-jvm-{{ ansible_os_family }}.yml" -- name: Create opendistroforelasticsearch.conf - template: - src: opendistroforelasticsearch.conf.j2 - dest: "{{ opendistroforelasticsearch_conf_file }}" - validate: echo %s - notify: Restart opendistroforelasticsearch +- name: "Include plugins.yml" + include: plugins.yml - name: Start opendistroforelasticsearch service: name: "{{ opendistroforelasticsearch_service }}" - enabled: true state: started + enabled: yes + register: register_elasticsearch_start + +- name: Wait for elasticsearch to start in task + wait_for: + host: localhost + port: "{{ opendistroforelasticsearch_http_port }}" + when: + - register_elasticsearch_start.changed diff --git a/tasks/plugins.yml b/tasks/plugins.yml new file mode 100644 index 0000000..a8a195d --- /dev/null +++ b/tasks/plugins.yml @@ -0,0 +1,52 @@ +--- + +- name: Register installed plugins + shell: "{{ opendistroforelasticsearch_plugin_command }} list" + environment: + JAVA_HOME: "{{ opendistroforelasticsearch_java_home }}" + register: shell_output + changed_when: False + +- name: Create plugins directory + file: + path: "{{ opendistroforelasticsearch_plugins_dir }}" + # owner: "{{ opendistroforelasticsearch_user }}" + # group: "{{ opendistroforelasticsearch_group }}" + state: directory + +- name: Install plugins + command: "{{ opendistroforelasticsearch_plugin_command }} install --batch {% if 'src' in item %}{{ item.src }}{% else %}{{ item.name }}{% endif %}" + environment: + JAVA_HOME: "{{ opendistroforelasticsearch_java_home }}" + with_items: "{{ opendistroforelasticsearch_plugins }}" + when: + - "(not 'state' in item ) or (item['state'] == 'present')" + - "not (shell_output.stdout | search(item['name']))" + +- name: Create basedir of opendistroforelasticsearch_extra_files + file: + path: "{{ opendistroforelasticsearch_plugins_dir }}/{{ item.path | dirname }}" + state: directory + with_items: "{{ opendistroforelasticsearch_extra_files }}" + when: + - "(not 'state' in item) or (item['state'] == 'present')" + +- name: Create opendistroforelasticsearch_extra_files + template: + src: "{{ item.type }}.j2" + dest: "{{ opendistroforelasticsearch_plugins_dir }}/{{ item.path }}" + mode: "{{ item.mode | default(omit) }}" + owner: "{{ item.owner | default(omit) }}" + group: "{{ item.group | default(omit) }}" + with_items: "{{ opendistroforelasticsearch_extra_files }}" + when: + - "(not 'state' in item) or (item['state'] == 'present')" + +- name: Delete opendistroforelasticsearch_extra_files + file: + path: "{{ opendistroforelasticsearch_plugins_dir }}/{{ item.path }}" + state: absent + with_items: "{{ opendistroforelasticsearch_extra_files }}" + when: + - "'state' in item" + - "item['state'] == 'absent'" diff --git a/templates/FreeBSD.rc.j2 b/templates/FreeBSD.rc.j2 new file mode 100644 index 0000000..b83fa7e --- /dev/null +++ b/templates/FreeBSD.rc.j2 @@ -0,0 +1,3 @@ +# Managed by ansible + +{{ opendistroforelasticsearch_flags }} diff --git a/templates/elasticsearch.yml.j2 b/templates/elasticsearch.yml.j2 new file mode 100644 index 0000000..8838d7b --- /dev/null +++ b/templates/elasticsearch.yml.j2 @@ -0,0 +1,4 @@ +--- +# Managed by ansible + +{{ opendistroforelasticsearch_config | to_nice_yaml }} diff --git a/templates/jvm.options.j2 b/templates/jvm.options.j2 new file mode 100644 index 0000000..710f444 --- /dev/null +++ b/templates/jvm.options.j2 @@ -0,0 +1 @@ +{{ opendistroforelasticsearch_jvm_options }} diff --git a/templates/raw.j2 b/templates/raw.j2 new file mode 100644 index 0000000..85b3969 --- /dev/null +++ b/templates/raw.j2 @@ -0,0 +1,3 @@ +# Managed by ansible + +{{ item.content }} diff --git a/templates/yaml.j2 b/templates/yaml.j2 new file mode 100644 index 0000000..cb2f0e7 --- /dev/null +++ b/templates/yaml.j2 @@ -0,0 +1,3 @@ +--- +# Managed by ansible +{{ item.content | to_nice_yaml }} diff --git a/tests/serverspec/default.yml b/tests/serverspec/default.yml index 136dde7..933f7d6 100644 --- a/tests/serverspec/default.yml +++ b/tests/serverspec/default.yml @@ -1,6 +1,121 @@ --- - hosts: localhost roles: + - role: trombik.freebsd_pkg_repo + when: ansible_os_family == "FreeBSD" + - role: trombik.sysctl - ansible-role-opendistroforelasticsearch vars: - opendistroforelasticsearch_config: "" + freebsd_pkg_repo: + local: + enabled: "true" + url: http://192.168.43.75/packages/12_0-trombik/ + mirror_type: none + priority: 100 + state: present + os_sysctl: + FreeBSD: + kern.maxfilesperproc: 65536 + security.bsd.unprivileged_mlock: 1 + sysctl: "{{ os_sysctl[ansible_os_family] }}" + opendistroforelasticsearch_flags: | + elasticsearch_java_home='{{ opendistroforelasticsearch_java_home }}' + opendistroforelasticsearch_jvm_options: | + -Xms1024m + -Xmx1024m + -Xmx1g + -XX:+UseConcMarkSweepGC + -XX:CMSInitiatingOccupancyFraction=75 + -XX:+UseCMSInitiatingOccupancyOnly + -Des.networkaddress.cache.ttl=60 + -Des.networkaddress.cache.negative.ttl=10 + -XX:+AlwaysPreTouch + -Xss1m + -Djava.awt.headless=true + -Dfile.encoding=UTF-8 + -Djna.nosys=true + -XX:-OmitStackTraceInFastThrow + -Dio.netty.noUnsafe=true + -Dio.netty.noKeySetOptimization=true + -Dio.netty.recycler.maxCapacityPerThread=0 + -Dlog4j.shutdownHookEnabled=false + -Dlog4j2.disable.jmx=true + -Djava.io.tmpdir=${ES_TMPDIR} + -XX:+HeapDumpOnOutOfMemoryError + -XX:HeapDumpPath=data + -XX:ErrorFile=logs/hs_err_pid%p.log + -XX:+UseCompressedOops + 8:-XX:+PrintGCDetails + 8:-XX:+PrintGCDateStamps + 8:-XX:+PrintTenuringDistribution + 8:-XX:+PrintGCApplicationStoppedTime + 8:-Xloggc:${ES_TMPDIR}/gc.log + 8:-XX:+UseGCLogFileRotation + 8:-XX:NumberOfGCLogFiles=32 + 8:-XX:GCLogFileSize=64m + 9-:-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m + 9-:-Djava.locale.providers=COMPAT + opendistroforelasticsearch_config: + opendistro_security.disabled: true + discovery.type: single-node + network.publish_host: ["10.0.2.15"] + path.data: "{{ opendistroforelasticsearch_db_dir }}" + http.port: "{{ opendistroforelasticsearch_http_port }}" + path.logs: "{{ opendistroforelasticsearch_log_dir }}" + node.data: "true" + http.compression: "true" + network.host: + - _local_ + - _site_ + cluster.name: testcluster + node.name: testnode + http.cors.enabled: "true" + http.cors.allow-origin: "*" + http.cors.max-age: 86400 + http.cors.allow-methods: "OPTIONS, HEAD, GET, POST, PUT, DELETE" + http.cors.allow-headers: "X-Requested-With, Content-Type, Content-Length" + http.cors.allow-credentials: "true" + opendistroforelasticsearch_plugins: + - name: opendistro_security + src: https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-1.2.0.0.zip + opendistroforelasticsearch_extra_files: + - path: opendistro_security/securityconfig/roles.yml + type: yaml + content: + _meta: + type: roles + config_version: 2 + - path: opendistro_security/securityconfig/roles_mapping.yml + type: yaml + content: + _meta: + type: rolesmapping + config_version: 2 + - path: opendistro_security/securityconfig/internal_users.yml + type: yaml + content: + _meta: + type: "internalusers" + config_version: 2 + new-user: + # XXX the hash is created by tools/hash.sh + hash: "$2y$12$88IFVl6IfIwCFh5aQYfOmuXVL9j2hz/GusQb35o.4sdTDAEMTOD.K" + reserved: false + hidden: false + backend_roles: + - "some-backend-role" + attributes: + attribute1: "value1" + static: false + admin: + hash: "$2y$12$88IFVl6IfIwCFh5aQYfOmuXVL9j2hz/GusQb35o.4sdTDAEMTOD.K" + reserved: true + backend_roles: + - admin + description: "Demo admin user" + - path: opendistro_security/securityconfig/config.yml + type: yaml + content: + http_authenticator: + type: basic + challenge: true diff --git a/tests/serverspec/default_spec.rb b/tests/serverspec/default_spec.rb index 72e892a..38190f8 100644 --- a/tests/serverspec/default_spec.rb +++ b/tests/serverspec/default_spec.rb @@ -1,58 +1,189 @@ require "spec_helper" require "serverspec" -package = "opendistroforelasticsearch" -service = "opendistroforelasticsearch" -config = "/etc/opendistroforelasticsearch/opendistroforelasticsearch.conf" -user = "opendistroforelasticsearch" -group = "opendistroforelasticsearch" -ports = [PORTS] -log_dir = "/var/log/opendistroforelasticsearch" -db_dir = "/var/lib/opendistroforelasticsearch" +default_user = "root" +default_group = "root" +es_package_name = "opendistroforelasticsearch" +es_service_name = "elasticsearch" +es_config_path = "/etc/elasticsearch" +es_user_name = "elasticsearch" +es_user_group = "elasticsearch" +java_home = "" +plugins = [ + "opendistro_security" +] +extra_files = %w[ + opendistro_security/securityconfig/roles.yml + opendistro_security/securityconfig/roles_mapping.yml + opendistro_security/securityconfig/internal_users.yml + opendistro_security/securityconfig/config.yml +] + +es_plugin_command = "/usr/share/elasticsearch/bin/plugin" +es_plugins_directory = "/usr/share/elasticsearch/plugins" +es_data_directory = "/var/lib/elasticsearch" +es_log_directory = "/var/log/elasticsearch" case os[:family] when "freebsd" - config = "/usr/local/etc/opendistroforelasticsearch.conf" - db_dir = "/var/db/opendistroforelasticsearch" + default_group = "wheel" + es_package_name = "opendistroforelasticsearch" + es_config_path = "/usr/local/etc/elasticsearch" + es_plugin_command = "/usr/local/lib/elasticsearch/bin/elasticsearch-plugin" + es_plugins_directory = "/usr/local/lib/elasticsearch/plugins" + es_data_directory = "/var/db/elasticsearch" + java_home = "/usr/local" +when "openbsd" + default_group = "wheel" + es_user_name = "_elasticsearch" + es_user_group = "_elasticsearch" + es_plugin_command = "/usr/local/elasticsearch/bin/plugin" + es_plugins_directory = "/usr/local/elasticsearch/plugins" + es_data_directory = "/var/elasticsearch" end -describe package(package) do - it { should be_installed } +describe file(es_data_directory) do + it { should be_directory } + it { should be_owned_by es_user_name } + it { should be_grouped_into es_user_group } + it { should be_mode 750 } end -describe file(config) do - it { should be_file } - its(:content) { should match Regexp.escape("opendistroforelasticsearch") } +describe file(es_log_directory) do + it { should be_directory } + it { should be_owned_by es_user_name } + it { should be_grouped_into es_user_group } + it { should be_mode 755 } end -describe file(log_dir) do - it { should exist } - it { should be_mode 755 } - it { should be_owned_by user } - it { should be_grouped_into group } +describe service(es_service_name) do + it { should be_running } end -describe file(db_dir) do - it { should exist } - it { should be_mode 755 } - it { should be_owned_by user } - it { should be_grouped_into group } +describe package(es_package_name) do + it { should be_installed } end case os[:family] when "freebsd" + describe file("/etc/rc.conf.d") do + it { should be_directory } + it { should be_mode 755 } + it { should be_owned_by default_user } + it { should be_grouped_into default_group } + end + describe file("/etc/rc.conf.d/opendistroforelasticsearch") do it { should be_file } + it { should be_mode 644 } + it { should be_owned_by default_user } + it { should be_grouped_into default_group } + its(:content) { should match(/^elasticsearch_java_home=/) } end -end -describe service(service) do - it { should be_running } - it { should be_enabled } + describe file("/usr/local/etc/elasticsearch/jvm.options") do + its(:content) { should match Regexp.escape("-XX:+UseCompressedOops") } + end + + # XXX `process` does not support FreeBSD's `ps(1)` + # + # describe process("/usr/local/openjdk8/bin/java") do + # it { should be_running } + # its(:args) { should match(Regexp.escape("-XX:+UseCompressedOops")) } + # end + describe command("ps axww") do + its(:stdout) { should match(/#{ Regexp.escape("/usr/local/openjdk8/bin/java") }\s+.*#{ Regexp.escape("-XX:+UseCompressedOops") }/) } + end +when "ubuntu" + describe file("/etc/default/elasticsearch") do + it { should be_file } + it { should be_mode 644 } + it { should be_owned_by default_user } + it { should be_grouped_into default_group } + its(:content) { should match(/^ES_JAVA_OPTS=\"#{ Regexp.escape("-XX:+UseCompressedOops") }\"$/) } + end + + describe process("java") do + it { should be_running } + its(:args) { should match(Regexp.escape("-XX:+UseCompressedOops")) } + end +when "redhat" + describe file("/etc/sysconfig/elasticsearch") do + it { should be_file } + it { should be_mode 644 } + it { should be_owned_by default_user } + it { should be_grouped_into default_group } + its(:content) { should match(/^ES_JAVA_OPTS=\"#{ Regexp.escape("-XX:+UseCompressedOops") }\"$/) } + end + + describe process("java") do + it { should be_running } + its(:args) { should match(Regexp.escape("-XX:+UseCompressedOops")) } + end +when "openbsd" + describe file("/etc/elasticsearch/jvm.in") do + it { should be_file } + it { should be_mode 644 } + it { should be_owned_by default_user } + it { should be_grouped_into default_group } + its(:content) { should match(/JAVA_OPTS=\"#{ Regexp.escape("-XX:+UseCompressedOops") }\"$/) } + end + + # XXX same issue as FreeBSD + # -Xms257m -Xmx1024m + describe command("ps axww") do + its(:stdout) { should match(/#{ Regexp.escape("/usr/local/jdk-1.8.0/bin/java") }\s+.*#{ Regexp.escape("-XX:+UseCompressedOops") }/) } + its(:stdout) { should match(/#{ Regexp.escape("/usr/local/jdk-1.8.0/bin/java") }\s+.*#{ Regexp.escape("-Xms257m") }/) } + its(:stdout) { should match(/#{ Regexp.escape("/usr/local/jdk-1.8.0/bin/java") }\s+.*#{ Regexp.escape("-Xmx1024m") }/) } + end end -ports.each do |p| +[9200, 9300].each do |p| describe port(p) do it { should be_listening } end end + +describe file("#{es_config_path}/elasticsearch.yml") do + it { should be_file } + it { should be_owned_by es_user_name } + it { should be_grouped_into es_user_group } + it { should be_mode 440 } + its(:content_as_yaml) { should include("cluster.name" => "testcluster") } + its(:content_as_yaml) { should include("node.name" => "testnode") } + its(:content_as_yaml) { should include("network.publish_host" => ["10.0.2.15"]) } + its(:content_as_yaml) { should include("http.cors.enabled" => "true") } + its(:content_as_yaml) { should include("http.cors.allow-origin" => "*") } + its(:content_as_yaml) { should include("http.cors.max-age" => 86_400) } + its(:content_as_yaml) { should include("http.cors.allow-methods" => "OPTIONS, HEAD, GET, POST, PUT, DELETE") } + its(:content_as_yaml) { should include("http.cors.allow-headers" => "X-Requested-With, Content-Type, Content-Length") } + its(:content_as_yaml) { should include("http.cors.allow-credentials" => "true") } +end + +describe file(es_plugins_directory) do + it { should be_directory } + it { should be_owned_by default_user } + it { should be_grouped_into default_group } + it { should be_mode 755 } +end + +plugins.each do |p| + describe command("env JAVA_HOME=#{java_home} #{es_plugin_command} list") do + its(:stdout) { should match(/^#{p}$/) } + its(:stderr) do + pending "ES warns that future versions of Elasticsearch will require Java 11; your Java version from [/usr/local/openjdk8/jre] does not meet this requirement" + should eq "" + end + its(:exit_status) { should eq 0 } + end +end + +extra_files.each do |f| + describe file "#{es_plugins_directory}/#{f}" do + it { should be_file } + it { should be_owned_by default_user } + it { should be_grouped_into default_group } + it { should be_mode 644 } + its(:content) { should match(/Managed by ansible/) } + end +end diff --git a/vars/FreeBSD.yml b/vars/FreeBSD.yml index e7f3c19..8f6994c 100644 --- a/vars/FreeBSD.yml +++ b/vars/FreeBSD.yml @@ -1,3 +1,13 @@ --- -__opendistroforelasticsearch_db_dir: /var/db/opendistroforelasticsearch -__opendistroforelasticsearch_conf_dir: /usr/local/etc/opendistroforelasticsearch +__opendistroforelasticsearch_user: elasticsearch +__opendistroforelasticsearch_group: elasticsearch +__opendistroforelasticsearch_log_dir: /var/log/elasticsearch +__opendistroforelasticsearch_db_dir: /var/db/elasticsearch +__opendistroforelasticsearch_package: textproc/opendistroforelasticsearch +__opendistroforelasticsearch_conf_dir: /usr/local/etc/elasticsearch +__opendistroforelasticsearch_scripts_dir: "" +__opendistroforelasticsearch_plugins_dir: "/usr/local/lib/elasticsearch/plugins" +__opendistroforelasticsearch_plugin_command: /usr/local/lib/elasticsearch/bin/elasticsearch-plugin +__opendistroforelasticsearch_service: elasticsearch +__opendistroforelasticsearch_jvm_options_dir: /usr/local/etc +__opendistroforelasticsearch_java_home: /usr/local