From da58c5f0dd54c49beb5a191179028ecb5b23f8f7 Mon Sep 17 00:00:00 2001 From: Michael Russell Date: Tue, 19 Jun 2018 10:39:16 +0200 Subject: [PATCH] Move to new testing suite names This commit is just moving the tests to their new names. The config, packge and issue test suites have been removed and the tests from these will be incorporated into the oss and xpack tests. oss: Standard elasticsearch-oss role with idempotency test oss-upgrade: Upgrade from previous minor version oss to current minor version oss oss-to-xpack-upgrade: Upgrade from previous minor version oss to current minor version xpack xpack: Standard elasticsearch (with xpack) role with idempotency test xpack-upgrade: Upgrade from previous minor version xpack to current minor version xpack multi: Tests multiple instances of elasticsearch on a single machine --- .kitchen.yml | 51 ++-- .../helpers/serverspec/config_spec.rb | 163 ----------- .../{standard_spec.rb => oss_spec.rb} | 2 +- .../serverspec/oss_to_xpack_upgrade_spec.rb | 12 + .../helpers/serverspec/package_spec.rb | 112 -------- .../helpers/serverspec/xpack_spec.rb | 180 ++---------- .../helpers/serverspec/xpack_standard_spec.rb | 138 ---------- .../helpers/serverspec/xpack_upgrade_spec.rb | 260 ++++++++++++++++++ test/integration/oss-to-xpack-upgrade.yml | 25 ++ .../oss-to-xpack-upgrade.yml} | 0 .../serverspec/default_spec.rb | 7 + test/integration/{standard.yml => oss.yml} | 0 .../xpack-standard.yml => oss/oss.yml} | 0 .../oss/serverspec/default_spec.rb | 10 + .../standard/serverspec/default_spec.rb | 10 - test/integration/xpack-standard.yml | 16 -- .../xpack-standard/serverspec/default_spec.rb | 7 - test/integration/xpack-upgrade.yml | 158 +++++++++++ .../xpack-upgrade/serverspec/default_spec.rb | 7 + .../xpack-upgrade/xpack-upgrade.yml | 2 + test/integration/xpack.yml | 158 +---------- .../xpack/serverspec/default_spec.rb | 2 +- test/matrix.yml | 12 +- 23 files changed, 542 insertions(+), 790 deletions(-) delete mode 100644 test/integration/helpers/serverspec/config_spec.rb rename test/integration/helpers/serverspec/{standard_spec.rb => oss_spec.rb} (98%) create mode 100644 test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb delete mode 100644 test/integration/helpers/serverspec/package_spec.rb delete mode 100644 test/integration/helpers/serverspec/xpack_standard_spec.rb create mode 100644 test/integration/helpers/serverspec/xpack_upgrade_spec.rb create mode 100644 test/integration/oss-to-xpack-upgrade.yml rename test/integration/{standard/standard.yml => oss-to-xpack-upgrade/oss-to-xpack-upgrade.yml} (100%) create mode 100644 test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb rename test/integration/{standard.yml => oss.yml} (100%) rename test/integration/{xpack-standard/xpack-standard.yml => oss/oss.yml} (100%) create mode 100644 test/integration/oss/serverspec/default_spec.rb delete mode 100644 test/integration/standard/serverspec/default_spec.rb delete mode 100644 test/integration/xpack-standard.yml delete mode 100644 test/integration/xpack-standard/serverspec/default_spec.rb create mode 100644 test/integration/xpack-upgrade.yml create mode 100644 test/integration/xpack-upgrade/serverspec/default_spec.rb create mode 100644 test/integration/xpack-upgrade/xpack-upgrade.yml diff --git a/.kitchen.yml b/.kitchen.yml index 5087feff..834c150b 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -41,6 +41,7 @@ platforms: use_sudo: false volume: - <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json + - /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers - name: ubuntu-16.04 driver_config: image: dliappis/ubuntu-devopsci:16.04 @@ -54,6 +55,7 @@ platforms: use_sudo: false volume: - <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json + - /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers run_command: "/sbin/init" - name: debian-8 driver_config: @@ -69,6 +71,7 @@ platforms: - pip uninstall -y ansible volume: - <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json + - /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers use_sudo: false run_command: "/sbin/init" - name: centos-7 @@ -85,53 +88,33 @@ platforms: - pip install jmespath volume: - <%=ENV['ES_XPACK_LICENSE_FILE']%>:/tmp/license.json + - /etc # This fixes certain java file actions that check the mount point. Without this adding users fails for some docker storage drivers run_command: "/usr/sbin/init" privileged: true use_sudo: false suites: - - name: standard + - name: oss provisioner: idempotency_test: true - playbook: test/integration/standard.yml - run_list: - attributes: - - name: package - run_list: - attributes: - provisioner: - playbook: test/integration/package.yml - - name: config - run_list: - attributes: + playbook: test/integration/oss.yml + - name: oss-upgrade provisioner: - playbook: test/integration/config.yml - - name: multi - run_list: - attributes: + playbook: test/integration/oss-upgrade.yml + idempotency_test: false + - name: oss-to-xpack-upgrade provisioner: - playbook: test/integration/multi.yml - idempotency_test: true + playbook: test/integration/oss-to-xpack-upgrade.yml + idempotency_test: false - name: xpack - run_list: - attributes: provisioner: playbook: test/integration/xpack.yml - - name: xpack-standard - run_list: - attributes: - provisioner: - playbook: test/integration/xpack-standard.yml idempotency_test: true - - name: issue-test - run_list: - attributes: + - name: xpack-upgrade provisioner: - playbook: test/integration/issue-test.yml + playbook: test/integration/xpack-upgrade.yml idempotency_test: false - - name: oss-upgrade - run_list: - attributes: + - name: multi provisioner: - playbook: test/integration/oss-upgrade.yml - idempotency_test: false + playbook: test/integration/multi.yml + idempotency_test: true diff --git a/test/integration/helpers/serverspec/config_spec.rb b/test/integration/helpers/serverspec/config_spec.rb deleted file mode 100644 index d84a280e..00000000 --- a/test/integration/helpers/serverspec/config_spec.rb +++ /dev/null @@ -1,163 +0,0 @@ -require 'spec_helper' - -shared_examples 'config::init' do |vars| - - describe user('elasticsearch') do - it { should exist } - end - - describe group('elasticsearch') do - it { should have_gid 333 } - end - - describe user('elasticsearch') do - it { should have_uid 333 } - end - - describe service('node1_elasticsearch') do - it { should be_running } - end - - describe package(vars['es_package_name']) do - it { should be_installed } - end - - describe file('/etc/elasticsearch/node1/elasticsearch.yml') do - it { should be_file } - end - - #test configuration parameters have been set - test all appropriately set in config file - describe file('/etc/elasticsearch/node1/elasticsearch.yml') do - it { should contain 'http.port: 9401' } - it { should contain 'transport.tcp.port: 9501' } - it { should contain 'node.data: true' } - it { should contain 'node.master: true' } - it { should contain 'cluster.name: custom-cluster' } - it { should contain 'node.name: node1' } - it { should contain 'bootstrap.memory_lock: true' } - it { should contain 'discovery.zen.ping.unicast.hosts: localhost:9501' } - if vars['es_major_version'] == '6.x' - it { should_not contain 'path.conf: /etc/elasticsearch/node1' } - else - it { should contain 'path.conf: /etc/elasticsearch/node1' } - end - it { should contain 'path.data: /opt/elasticsearch/data-1/localhost-node1,/opt/elasticsearch/data-2/localhost-node1' } - it { should contain 'path.logs: /opt/elasticsearch/logs/localhost-node1' } - end - - #test directories exist - describe file('/etc/elasticsearch/node1') do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end - - describe file('/opt/elasticsearch/data-1/localhost-node1') do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end - - describe file('/opt/elasticsearch/data-2/localhost-node1') do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end - - describe file('/opt/elasticsearch/logs/localhost-node1') do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end - - #test we started on the correct port was used - describe command('curl -s "localhost:9401"') do - #TODO: This is returning an empty string - #its(:stdout) { should match /\"status\" : 200/ } - its(:exit_status) { should eq 0 } - end - - #test to make sure mlock was applied - describe command('curl -s "localhost:9401/_nodes/process?pretty" | grep mlockall') do - its(:stdout) { should match /true/ } - its(:exit_status) { should eq 0 } - end - - - describe 'version check' do - it 'should be reported as version '+vars['es_version'] do - command = command('curl -s localhost:9401 | grep number') - expect(command.stdout).to match(vars['es_version']) - expect(command.exit_status).to eq(0) - end - end - - for plugin in vars['es_plugins'] - plugin = plugin['plugin'] - describe file('/usr/share/elasticsearch/plugins/'+plugin) do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end - #confirm plugins are installed and the correct version - describe command('curl -s localhost:9401/_nodes/plugins | grep \'"name":"'+plugin+'","version":"'+vars['es_version']+'"\'') do - its(:exit_status) { should eq 0 } - end - end - - #explit test to make sure ingest-geoip is not installed - describe file('/usr/share/elasticsearch/plugins/ingest-geoip') do - it { should_not exist } - end - #confirm plugins are installed and the correct version - describe command('curl -s localhost:9200/_nodes/plugins | grep \'"name":"ingest-geoip","version":"'+vars['es_version']+'"\'') do - its(:exit_status) { should eq 1 } - end - - describe file('/etc/init.d/elasticsearch') do - it { should_not exist } - end - - if ['debian', 'ubuntu'].include?(os[:family]) - describe file('/etc/default/elasticsearch') do - its(:content) { should match '' } - end - end - - if ['centos', 'redhat'].include?(os[:family]) - describe file('/etc/sysconfig/elasticsearch') do - its(:content) { should match '' } - end - end - - describe file('/etc/elasticsearch/elasticsearch.yml') do - it { should_not exist } - end - - describe file('/etc/elasticsearch/logging.yml') do - it { should_not exist } - end - - #Init vs Systemd tests - #Ubuntu 15 and up - #Debian 8 and up - #Centos 7 and up - - if (((os[:family] == 'redhat' || os[:family] == 'centos') && os[:release].to_f >= 7.0) || - (os[:family] == 'ubuntu' && os[:release].to_f >= 15.0) || - (os[:family] == 'debian' && os[:release].to_f >= 8.0)) - describe file('/usr/lib/systemd/system/node1_elasticsearch.service') do - it { should be_file } - it { should contain 'LimitMEMLOCK=infinity' } - it { should contain 'LimitNPROC=3000' } - end - else - describe file('/etc/init.d/node1_elasticsearch') do - it { should be_file } - end - end - - describe file('/etc/elasticsearch/node1/log4j2.properties') do - it { should be_file } - it { should be_owned_by 'elasticsearch' } - it { should contain 'CUSTOM LOG4J FILE' } - end - - -end - diff --git a/test/integration/helpers/serverspec/standard_spec.rb b/test/integration/helpers/serverspec/oss_spec.rb similarity index 98% rename from test/integration/helpers/serverspec/standard_spec.rb rename to test/integration/helpers/serverspec/oss_spec.rb index 1fd6c11d..be2cb7b5 100644 --- a/test/integration/helpers/serverspec/standard_spec.rb +++ b/test/integration/helpers/serverspec/oss_spec.rb @@ -1,6 +1,6 @@ require 'spec_helper' -shared_examples 'standard::init' do |vars| +shared_examples 'oss::init' do |vars| describe user('elasticsearch') do it { should exist } diff --git a/test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb b/test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb new file mode 100644 index 00000000..8cb5c05a --- /dev/null +++ b/test/integration/helpers/serverspec/oss_to_xpack_upgrade_spec.rb @@ -0,0 +1,12 @@ +require 'spec_helper' + +shared_examples 'oss_to_xpack_upgrade::init' do |vars| + describe 'version check' do + it 'should be reported as version '+vars['es_version'] do + expect(curl_json('http://localhost:9200', username='elastic', password='changeme')['version']['number']).to eq(vars['es_version']) + end + it 'should be be running the standard (xpack) version' do + expect(curl_json('http://localhost:9200/_xpack', username='elastic', password='changeme')['tagline']).to eq('You know, for X') + end + end +end diff --git a/test/integration/helpers/serverspec/package_spec.rb b/test/integration/helpers/serverspec/package_spec.rb deleted file mode 100644 index 788cd93a..00000000 --- a/test/integration/helpers/serverspec/package_spec.rb +++ /dev/null @@ -1,112 +0,0 @@ -require 'spec_helper' -require 'json' -vars = JSON.parse(File.read('/tmp/vars.json')) - -shared_examples 'package::init' do |vars| - - describe user('elasticsearch') do - it { should exist } - end - - describe service('node1_elasticsearch') do - it { should be_running } - end - - describe package(vars['es_package_name']) do - it { should be_installed } - end - - describe file('/etc/elasticsearch/node1/elasticsearch.yml') do - it { should be_file } - it { should contain 'http.port: 9200' } - it { should contain 'transport.tcp.port: 9300' } - it { should contain 'discovery.zen.ping.unicast.hosts: localhost:9300' } - end - - describe file('/etc/elasticsearch/node1/scripts') do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end - - describe file('/etc/elasticsearch/node1/scripts/calculate-score.groovy') do - it { should be_file } - it { should be_owned_by 'elasticsearch' } - end - - describe 'Node listening' do - it 'listening in port 9200' do - expect(port 9200).to be_listening - end - end - - describe file('/etc/elasticsearch/templates') do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end - - describe file('/etc/elasticsearch/templates/basic.json') do - it { should be_file } - it { should be_owned_by 'elasticsearch' } - end - - describe 'Template Installed' do - it 'should be reported as being installed', :retry => 3, :retry_wait => 10 do - command = command('curl -s "localhost:9200/_template/basic"') - expect(command.stdout).to match(/basic/) - expect(command.exit_status).to eq(0) - end - end - - describe 'version check' do - it 'should be reported as version '+vars['es_version'] do - command = command('curl -s localhost:9200 | grep number') - expect(command.stdout).to match(vars['es_version']) - expect(command.exit_status).to eq(0) - end - end - - describe file('/usr/share/elasticsearch/plugins') do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end - - - for plugin in vars['es_plugins'] - plugin = plugin['plugin'] - describe file('/usr/share/elasticsearch/plugins/'+plugin) do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end - #confirm plugins are installed and the correct version - describe command('curl -s localhost:9200/_nodes/plugins | grep \'"name":"'+plugin+'","version":"'+vars['es_version']+'"\'') do - its(:exit_status) { should eq 0 } - end - end - - - describe file('/etc/init.d/elasticsearch') do - it { should_not exist } - end - - if ['debian', 'ubuntu'].include?(os[:family]) - describe file('/etc/default/elasticsearch') do - its(:content) { should match '' } - end - end - - if ['centos', 'redhat'].include?(os[:family]) - describe file('/etc/sysconfig/elasticsearch') do - its(:content) { should match '' } - end - end - - describe file('/etc/elasticsearch/elasticsearch.yml') do - it { should_not exist } - end - - describe file('/etc/elasticsearch/logging.yml') do - it { should_not exist } - end - -end - diff --git a/test/integration/helpers/serverspec/xpack_spec.rb b/test/integration/helpers/serverspec/xpack_spec.rb index d3548acb..f50694ee 100644 --- a/test/integration/helpers/serverspec/xpack_spec.rb +++ b/test/integration/helpers/serverspec/xpack_spec.rb @@ -1,6 +1,4 @@ require 'spec_helper' -require 'json' -vars = JSON.parse(File.read('/tmp/vars.json')) shared_examples 'xpack::init' do |vars| @@ -36,6 +34,9 @@ end it { should contain 'path.data: /var/lib/elasticsearch/localhost-security_node' } it { should contain 'path.logs: /var/log/elasticsearch/localhost-security_node' } + it { should contain 'xpack.security.enabled: false' } + it { should contain 'xpack.watcher.enabled: false' } + end describe 'Node listening' do @@ -46,7 +47,7 @@ describe 'version check' do it 'should be reported as version '+vars['es_version'] do - command = command('curl -s localhost:9200 -u es_admin:changeMeAgain | grep number') + command = command('curl -s localhost:9200 | grep number') expect(command.stdout).to match(vars['es_version']) expect(command.exit_status).to eq(0) end @@ -76,30 +77,31 @@ it { should_not exist } end - # X-Pack is no longer installed as a plugin in elasticsearch - if vars['es_major_version'] == '5.x' - describe file('/usr/share/elasticsearch/plugins') do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end - - describe file('/usr/share/elasticsearch/plugins/x-pack') do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end + #Xpack specific tests + describe file('/usr/share/elasticsearch/plugins') do + it { should be_directory } + it { should be_owned_by 'elasticsearch' } + end - describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMeAgain | grep x-pack') do - its(:exit_status) { should eq 0 } + #Test if x-pack is activated + describe 'x-pack activation' do + it 'should be activated and valid' do + command = command('curl -s localhost:9200/_license?pretty=true') + expect(command.stdout).to match('"status" : "active"') + expect(command.exit_status).to eq(0) end + end + # X-Pack is no longer installed as a plugin in elasticsearch + if vars['es_major_version'] == '5.x' describe file('/usr/share/elasticsearch/plugins/x-pack') do it { should be_directory } it { should be_owned_by 'elasticsearch' } end - describe 'xpack plugin' do + describe 'x-pack-core plugin' do it 'should be installed with the correct version' do - plugins = curl_json('http://localhost:9200/_nodes/plugins', username='es_admin', password='changeMeAgain') + plugins = curl_json('http://localhost:9200/_nodes/plugins') node, data = plugins['nodes'].first version = 'plugin not found' name = 'x-pack' @@ -112,149 +114,25 @@ expect(version).to eql(vars['es_version']) end end - end - #Test if x-pack is activated - describe 'x-pack activation' do - it 'should be activated and valid' do - command = command('curl -s localhost:9200/_license?pretty=true -u es_admin:changeMeAgain') - expect(command.stdout).to match('"status" : "active"') - expect(command.exit_status).to eq(0) - end - end - - describe file('/etc/elasticsearch/security_node/x-pack') do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end - - for plugin in vars['es_plugins'] - plugin = plugin['plugin'] - - describe file('/usr/share/elasticsearch/plugins/'+plugin) do + describe file('/etc/elasticsearch/security_node/x-pack') do it { should be_directory } it { should be_owned_by 'elasticsearch' } end - describe command('curl -s localhost:9200/_nodes/plugins -u es_admin:changeMeAgain | grep \'"name":"'+plugin+'","version":"'+vars['es_version']+'"\'') do - its(:exit_status) { should eq 0 } - end - end - - #Test users file, users_roles and roles.yml - describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/users_roles') do - it { should be_owned_by 'elasticsearch' } - it { should contain 'admin:es_admin' } - it { should contain 'power_user:testUser' } end - describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/users') do - it { should be_owned_by 'elasticsearch' } - it { should contain 'testUser:' } - it { should contain 'es_admin:' } + describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMeAgain | grep x-pack') do + its(:exit_status) { should eq 0 } end - describe 'security roles' do - it 'should list the security roles' do - roles = curl_json('http://localhost:9200/_xpack/security/role', username='es_admin', password='changeMeAgain') - expect(roles.key?('superuser')) - end + describe command('curl -s localhost:9200/_xpack') do + its(:stdout_as_json) { should include('features' => include('security' => include('enabled' => false))) } + its(:stdout_as_json) { should include('features' => include('watcher' => include('enabled' => false))) } + its(:stdout_as_json) { should include('features' => include('graph' => include('enabled' => true))) } + its(:stdout_as_json) { should include('features' => include('monitoring' => include('enabled' => true))) } + its(:stdout_as_json) { should include('features' => include('ml' => include('enabled' => true))) } end - describe file('/etc/elasticsearch/templates') do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end - - describe file('/etc/elasticsearch/templates/basic.json') do - it { should be_file } - it { should be_owned_by 'elasticsearch' } - end - - describe 'Template Installed' do - it 'should be reported as being installed', :retry => 3, :retry_wait => 10 do - command = command('curl -s "localhost:9200/_template/basic" -u es_admin:changeMeAgain') - expect(command.stdout).to match(/basic/) - expect(command.exit_status).to eq(0) - end - end - - #This is possibly subject to format changes in the response across versions so may fail in the future - describe 'Template Contents Correct' do - it 'should be reported as being installed', :retry => 3, :retry_wait => 10 do - template = curl_json('http://localhost:9200/_template/basic', username='es_admin', password='changeMeAgain') - expect(template.key?('basic')) - expect(template['basic']['settings']['index']['number_of_shards']).to eq("1") - expect(template['basic']['mappings']['type1']['_source']['enabled']).to eq(false) - end - end - - #Test contents of Elasticsearch.yml file - describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do - it { should contain 'security.authc.realms.file1.order: 0' } - it { should contain 'security.authc.realms.file1.type: file' } - it { should contain 'security.authc.realms.native1.order: 1' } - it { should contain 'security.authc.realms.native1.type: native' } - end - - #Test contents of role_mapping.yml - describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/role_mapping.yml') do - it { should be_owned_by 'elasticsearch' } - it { should contain 'power_user:' } - it { should contain '- cn=admins,dc=example,dc=com' } - it { should contain 'user:' } - it { should contain '- cn=admins,dc=example,dc=com' } - end - - #check accounts are correct i.e. we can auth and they have the correct roles - - describe 'kibana4_server access check' do - it 'should be reported as version '+vars['es_version'] do - command = command('curl -s localhost:9200/ -u kibana4_server:changeMe | grep number') - expect(command.stdout).to match(vars['es_version']) - expect(command.exit_status).to eq(0) - end - end - - describe 'security users' do - result = curl_json('http://localhost:9200/_xpack/security/user', username='elastic', password='elasticChanged') - it 'should have the elastic user' do - expect(result['elastic']['username']).to eq('elastic') - expect(result['elastic']['roles']).to eq(['superuser']) - expect(result['elastic']['enabled']).to eq(true) - end - it 'should have the kibana user' do - expect(result['kibana']['username']).to eq('kibana') - expect(result['kibana']['roles']).to eq(['kibana_system']) - expect(result['kibana']['enabled']).to eq(true) - end - it 'should have the kibana_server user' do - expect(result['kibana4_server']['username']).to eq('kibana4_server') - expect(result['kibana4_server']['roles']).to eq(['kibana4_server']) - expect(result['kibana4_server']['enabled']).to eq(true) - end - it 'should have the logstash user' do - expect(result['logstash_system']['username']).to eq('logstash_system') - expect(result['logstash_system']['roles']).to eq(['logstash_system']) - expect(result['logstash_system']['enabled']).to eq(true) - end - end - - describe 'logstash_system access check' do - it 'should be reported as version '+vars['es_version'] do - command = command('curl -s localhost:9200/ -u logstash_system:aNewLogstashPassword | grep number') - expect(command.stdout).to match(vars['es_version']) - expect(command.exit_status).to eq(0) - end - end - - if vars['es_major_version'] == '5.x' # kibana default password has been removed in 6.x - describe 'kibana access check' do - it 'should be reported as version '+vars['es_version'] do - result = curl_json('http://localhost:9200/', username='kibana', password='changeme') - expect(result['version']['number']).to eq(vars['es_version']) - end - end - end end diff --git a/test/integration/helpers/serverspec/xpack_standard_spec.rb b/test/integration/helpers/serverspec/xpack_standard_spec.rb deleted file mode 100644 index 9c35ae5e..00000000 --- a/test/integration/helpers/serverspec/xpack_standard_spec.rb +++ /dev/null @@ -1,138 +0,0 @@ -require 'spec_helper' - -shared_examples 'xpack_standard::init' do |vars| - - describe user('elasticsearch') do - it { should exist } - end - - describe service('security_node_elasticsearch') do - it { should be_running } - end - - describe package(vars['es_package_name']) do - it { should be_installed } - end - - describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do - it { should be_file } - it { should be_owned_by 'elasticsearch' } - end - - describe file('/etc/elasticsearch/security_node/log4j2.properties') do - it { should be_file } - it { should be_owned_by 'elasticsearch' } - end - - describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do - it { should contain 'node.name: localhost-security_node' } - it { should contain 'cluster.name: elasticsearch' } - if vars['es_major_version'] == '6.x' - it { should_not contain 'path.conf: /etc/elasticsearch/security_node' } - else - it { should contain 'path.conf: /etc/elasticsearch/security_node' } - end - it { should contain 'path.data: /var/lib/elasticsearch/localhost-security_node' } - it { should contain 'path.logs: /var/log/elasticsearch/localhost-security_node' } - it { should contain 'xpack.security.enabled: false' } - it { should contain 'xpack.watcher.enabled: false' } - - end - - describe 'Node listening' do - it 'listening in port 9200' do - expect(port 9200).to be_listening - end - end - - describe 'version check' do - it 'should be reported as version '+vars['es_version'] do - command = command('curl -s localhost:9200 | grep number') - expect(command.stdout).to match(vars['es_version']) - expect(command.exit_status).to eq(0) - end - end - - describe file('/etc/init.d/elasticsearch') do - it { should_not exist } - end - - if ['debian', 'ubuntu'].include?(os[:family]) - describe file('/etc/default/elasticsearch') do - its(:content) { should match '' } - end - end - - if ['centos', 'redhat'].include?(os[:family]) - describe file('/etc/sysconfig/elasticsearch') do - its(:content) { should match '' } - end - end - - describe file('/etc/elasticsearch/elasticsearch.yml') do - it { should_not exist } - end - - describe file('/etc/elasticsearch/logging.yml') do - it { should_not exist } - end - - #Xpack specific tests - describe file('/usr/share/elasticsearch/plugins') do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end - - #Test if x-pack is activated - describe 'x-pack activation' do - it 'should be activated and valid' do - command = command('curl -s localhost:9200/_license?pretty=true') - expect(command.stdout).to match('"status" : "active"') - expect(command.exit_status).to eq(0) - end - end - - # X-Pack is no longer installed as a plugin in elasticsearch - if vars['es_major_version'] == '5.x' - describe file('/usr/share/elasticsearch/plugins/x-pack') do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end - - describe 'x-pack-core plugin' do - it 'should be installed with the correct version' do - plugins = curl_json('http://localhost:9200/_nodes/plugins') - node, data = plugins['nodes'].first - version = 'plugin not found' - name = 'x-pack' - - data['plugins'].each do |plugin| - if plugin['name'] == name - version = plugin['version'] - end - end - expect(version).to eql(vars['es_version']) - end - end - - describe file('/etc/elasticsearch/security_node/x-pack') do - it { should be_directory } - it { should be_owned_by 'elasticsearch' } - end - - end - - describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMeAgain | grep x-pack') do - its(:exit_status) { should eq 0 } - end - - describe command('curl -s localhost:9200/_xpack') do - its(:stdout_as_json) { should include('features' => include('security' => include('enabled' => false))) } - its(:stdout_as_json) { should include('features' => include('watcher' => include('enabled' => false))) } - its(:stdout_as_json) { should include('features' => include('graph' => include('enabled' => true))) } - its(:stdout_as_json) { should include('features' => include('monitoring' => include('enabled' => true))) } - its(:stdout_as_json) { should include('features' => include('ml' => include('enabled' => true))) } - end - -end - diff --git a/test/integration/helpers/serverspec/xpack_upgrade_spec.rb b/test/integration/helpers/serverspec/xpack_upgrade_spec.rb new file mode 100644 index 00000000..a3658858 --- /dev/null +++ b/test/integration/helpers/serverspec/xpack_upgrade_spec.rb @@ -0,0 +1,260 @@ +require 'spec_helper' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +shared_examples 'xpack_upgrade::init' do |vars| + + describe user('elasticsearch') do + it { should exist } + end + + describe service('security_node_elasticsearch') do + it { should be_running } + end + + describe package(vars['es_package_name']) do + it { should be_installed } + end + + describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do + it { should be_file } + it { should be_owned_by 'elasticsearch' } + end + + describe file('/etc/elasticsearch/security_node/log4j2.properties') do + it { should be_file } + it { should be_owned_by 'elasticsearch' } + end + + describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do + it { should contain 'node.name: localhost-security_node' } + it { should contain 'cluster.name: elasticsearch' } + if vars['es_major_version'] == '6.x' + it { should_not contain 'path.conf: /etc/elasticsearch/security_node' } + else + it { should contain 'path.conf: /etc/elasticsearch/security_node' } + end + it { should contain 'path.data: /var/lib/elasticsearch/localhost-security_node' } + it { should contain 'path.logs: /var/log/elasticsearch/localhost-security_node' } + end + + describe 'Node listening' do + it 'listening in port 9200' do + expect(port 9200).to be_listening + end + end + + describe 'version check' do + it 'should be reported as version '+vars['es_version'] do + command = command('curl -s localhost:9200 -u es_admin:changeMeAgain | grep number') + expect(command.stdout).to match(vars['es_version']) + expect(command.exit_status).to eq(0) + end + end + + describe file('/etc/init.d/elasticsearch') do + it { should_not exist } + end + + if ['debian', 'ubuntu'].include?(os[:family]) + describe file('/etc/default/elasticsearch') do + its(:content) { should match '' } + end + end + + if ['centos', 'redhat'].include?(os[:family]) + describe file('/etc/sysconfig/elasticsearch') do + its(:content) { should match '' } + end + end + + describe file('/etc/elasticsearch/elasticsearch.yml') do + it { should_not exist } + end + + describe file('/etc/elasticsearch/logging.yml') do + it { should_not exist } + end + + # X-Pack is no longer installed as a plugin in elasticsearch + if vars['es_major_version'] == '5.x' + describe file('/usr/share/elasticsearch/plugins') do + it { should be_directory } + it { should be_owned_by 'elasticsearch' } + end + + describe file('/usr/share/elasticsearch/plugins/x-pack') do + it { should be_directory } + it { should be_owned_by 'elasticsearch' } + end + + describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMeAgain | grep x-pack') do + its(:exit_status) { should eq 0 } + end + + describe file('/usr/share/elasticsearch/plugins/x-pack') do + it { should be_directory } + it { should be_owned_by 'elasticsearch' } + end + + describe 'xpack plugin' do + it 'should be installed with the correct version' do + plugins = curl_json('http://localhost:9200/_nodes/plugins', username='es_admin', password='changeMeAgain') + node, data = plugins['nodes'].first + version = 'plugin not found' + name = 'x-pack' + + data['plugins'].each do |plugin| + if plugin['name'] == name + version = plugin['version'] + end + end + expect(version).to eql(vars['es_version']) + end + end + end + + #Test if x-pack is activated + describe 'x-pack activation' do + it 'should be activated and valid' do + command = command('curl -s localhost:9200/_license?pretty=true -u es_admin:changeMeAgain') + expect(command.stdout).to match('"status" : "active"') + expect(command.exit_status).to eq(0) + end + end + + describe file('/etc/elasticsearch/security_node/x-pack') do + it { should be_directory } + it { should be_owned_by 'elasticsearch' } + end + + for plugin in vars['es_plugins'] + plugin = plugin['plugin'] + + describe file('/usr/share/elasticsearch/plugins/'+plugin) do + it { should be_directory } + it { should be_owned_by 'elasticsearch' } + end + + describe command('curl -s localhost:9200/_nodes/plugins -u es_admin:changeMeAgain | grep \'"name":"'+plugin+'","version":"'+vars['es_version']+'"\'') do + its(:exit_status) { should eq 0 } + end + end + + #Test users file, users_roles and roles.yml + describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/users_roles') do + it { should be_owned_by 'elasticsearch' } + it { should contain 'admin:es_admin' } + it { should contain 'power_user:testUser' } + end + + describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/users') do + it { should be_owned_by 'elasticsearch' } + it { should contain 'testUser:' } + it { should contain 'es_admin:' } + end + + describe 'security roles' do + it 'should list the security roles' do + roles = curl_json('http://localhost:9200/_xpack/security/role', username='es_admin', password='changeMeAgain') + expect(roles.key?('superuser')) + end + end + + describe file('/etc/elasticsearch/templates') do + it { should be_directory } + it { should be_owned_by 'elasticsearch' } + end + + describe file('/etc/elasticsearch/templates/basic.json') do + it { should be_file } + it { should be_owned_by 'elasticsearch' } + end + + describe 'Template Installed' do + it 'should be reported as being installed', :retry => 3, :retry_wait => 10 do + command = command('curl -s "localhost:9200/_template/basic" -u es_admin:changeMeAgain') + expect(command.stdout).to match(/basic/) + expect(command.exit_status).to eq(0) + end + end + + #This is possibly subject to format changes in the response across versions so may fail in the future + describe 'Template Contents Correct' do + it 'should be reported as being installed', :retry => 3, :retry_wait => 10 do + template = curl_json('http://localhost:9200/_template/basic', username='es_admin', password='changeMeAgain') + expect(template.key?('basic')) + expect(template['basic']['settings']['index']['number_of_shards']).to eq("1") + expect(template['basic']['mappings']['type1']['_source']['enabled']).to eq(false) + end + end + + #Test contents of Elasticsearch.yml file + describe file('/etc/elasticsearch/security_node/elasticsearch.yml') do + it { should contain 'security.authc.realms.file1.order: 0' } + it { should contain 'security.authc.realms.file1.type: file' } + it { should contain 'security.authc.realms.native1.order: 1' } + it { should contain 'security.authc.realms.native1.type: native' } + end + + #Test contents of role_mapping.yml + describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/role_mapping.yml') do + it { should be_owned_by 'elasticsearch' } + it { should contain 'power_user:' } + it { should contain '- cn=admins,dc=example,dc=com' } + it { should contain 'user:' } + it { should contain '- cn=admins,dc=example,dc=com' } + end + + #check accounts are correct i.e. we can auth and they have the correct roles + + describe 'kibana4_server access check' do + it 'should be reported as version '+vars['es_version'] do + command = command('curl -s localhost:9200/ -u kibana4_server:changeMe | grep number') + expect(command.stdout).to match(vars['es_version']) + expect(command.exit_status).to eq(0) + end + end + + describe 'security users' do + result = curl_json('http://localhost:9200/_xpack/security/user', username='elastic', password='elasticChanged') + it 'should have the elastic user' do + expect(result['elastic']['username']).to eq('elastic') + expect(result['elastic']['roles']).to eq(['superuser']) + expect(result['elastic']['enabled']).to eq(true) + end + it 'should have the kibana user' do + expect(result['kibana']['username']).to eq('kibana') + expect(result['kibana']['roles']).to eq(['kibana_system']) + expect(result['kibana']['enabled']).to eq(true) + end + it 'should have the kibana_server user' do + expect(result['kibana4_server']['username']).to eq('kibana4_server') + expect(result['kibana4_server']['roles']).to eq(['kibana4_server']) + expect(result['kibana4_server']['enabled']).to eq(true) + end + it 'should have the logstash user' do + expect(result['logstash_system']['username']).to eq('logstash_system') + expect(result['logstash_system']['roles']).to eq(['logstash_system']) + expect(result['logstash_system']['enabled']).to eq(true) + end + end + + describe 'logstash_system access check' do + it 'should be reported as version '+vars['es_version'] do + command = command('curl -s localhost:9200/ -u logstash_system:aNewLogstashPassword | grep number') + expect(command.stdout).to match(vars['es_version']) + expect(command.exit_status).to eq(0) + end + end + + if vars['es_major_version'] == '5.x' # kibana default password has been removed in 6.x + describe 'kibana access check' do + it 'should be reported as version '+vars['es_version'] do + result = curl_json('http://localhost:9200/', username='kibana', password='changeme') + expect(result['version']['number']).to eq(vars['es_version']) + end + end + end +end + diff --git a/test/integration/oss-to-xpack-upgrade.yml b/test/integration/oss-to-xpack-upgrade.yml new file mode 100644 index 00000000..1c74c0f8 --- /dev/null +++ b/test/integration/oss-to-xpack-upgrade.yml @@ -0,0 +1,25 @@ +--- +- name: Standard test for single node setup. Tests idempotence. + hosts: localhost + tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - { role: elasticsearch, es_instance_name: "node1" } + vars: + es_version: "{{ '6.2.4' if es_major_version == '6.x' else '5.6.9' }}" # This is set to an older version than the current default to force an upgrade + es_enable_xpack: false + es_heap_size: "1g" + +- name: Standard test for single node setup. Tests idempotence. + hosts: localhost + tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - { role: elasticsearch, es_instance_name: "node1" } + vars: + es_enable_xpack: true + es_api_basic_auth_username: elastic + es_api_basic_auth_password: changeme + es_heap_size: "1g" + es_xpack_features: + - security diff --git a/test/integration/standard/standard.yml b/test/integration/oss-to-xpack-upgrade/oss-to-xpack-upgrade.yml similarity index 100% rename from test/integration/standard/standard.yml rename to test/integration/oss-to-xpack-upgrade/oss-to-xpack-upgrade.yml diff --git a/test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb b/test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb new file mode 100644 index 00000000..ff79e845 --- /dev/null +++ b/test/integration/oss-to-xpack-upgrade/serverspec/default_spec.rb @@ -0,0 +1,7 @@ +require 'oss_to_xpack_upgrade_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'oss to xpack upgrade Tests' do + include_examples 'oss_to_xpack_upgrade::init', vars +end diff --git a/test/integration/standard.yml b/test/integration/oss.yml similarity index 100% rename from test/integration/standard.yml rename to test/integration/oss.yml diff --git a/test/integration/xpack-standard/xpack-standard.yml b/test/integration/oss/oss.yml similarity index 100% rename from test/integration/xpack-standard/xpack-standard.yml rename to test/integration/oss/oss.yml diff --git a/test/integration/oss/serverspec/default_spec.rb b/test/integration/oss/serverspec/default_spec.rb new file mode 100644 index 00000000..a5d0f02d --- /dev/null +++ b/test/integration/oss/serverspec/default_spec.rb @@ -0,0 +1,10 @@ +require 'oss_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'OSS Tests' do + include_examples 'oss::init', vars +end + + + diff --git a/test/integration/standard/serverspec/default_spec.rb b/test/integration/standard/serverspec/default_spec.rb deleted file mode 100644 index 449a1c02..00000000 --- a/test/integration/standard/serverspec/default_spec.rb +++ /dev/null @@ -1,10 +0,0 @@ -require 'standard_spec' -require 'json' -vars = JSON.parse(File.read('/tmp/vars.json')) - -describe 'Standard Tests' do - include_examples 'standard::init', vars -end - - - diff --git a/test/integration/xpack-standard.yml b/test/integration/xpack-standard.yml deleted file mode 100644 index 6789a7e2..00000000 --- a/test/integration/xpack-standard.yml +++ /dev/null @@ -1,16 +0,0 @@ -#Tests x-pack is idempotent and works when security is not enabled ---- -- name: Elasticsearch Xpack tests - no security and manual download - hosts: localhost - tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - { role: elasticsearch, es_api_port: 9200, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300" }, es_instance_name: "security_node" } - vars: - es_xpack_custom_url: "https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-{{ es_version }}.zip" - es_heap_size: 2g - es_enable_xpack: true - es_xpack_features: - - monitoring - - graph - - ml diff --git a/test/integration/xpack-standard/serverspec/default_spec.rb b/test/integration/xpack-standard/serverspec/default_spec.rb deleted file mode 100644 index 771c7c3a..00000000 --- a/test/integration/xpack-standard/serverspec/default_spec.rb +++ /dev/null @@ -1,7 +0,0 @@ -require 'xpack_standard_spec' -require 'json' -vars = JSON.parse(File.read('/tmp/vars.json')) - -describe 'Xpack Standard Tests' do - include_examples 'xpack_standard::init', vars -end diff --git a/test/integration/xpack-upgrade.yml b/test/integration/xpack-upgrade.yml new file mode 100644 index 00000000..5668dfd0 --- /dev/null +++ b/test/integration/xpack-upgrade.yml @@ -0,0 +1,158 @@ +--- +- name: Elasticsearch Xpack tests initial + hosts: localhost + tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - { role: elasticsearch, es_api_port: 9200, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300", + "xpack.security.authc.realms.file1.type": "file","xpack.security.authc.realms.file1.order": 0, "xpack.security.authc.realms.native1.type": "native","xpack.security.authc.realms.native1.order": 1 }, + es_instance_name: "security_node" } + vars: + es_heap_size: "1g" + es_templates: true + es_version: "{{ '6.2.4' if es_major_version == '6.x' else '5.6.9' }}" # This is set to an older version than the current default to force an upgrade + es_enable_xpack: true + es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" + es_plugins: + - plugin: ingest-geoip + es_xpack_features: + - security + - alerting + es_api_basic_auth_username: elastic + es_api_basic_auth_password: changeme + es_message_auth_file: system_key + es_role_mapping: + power_user: + - "cn=admins,dc=example,dc=com" + user: + - "cn=users,dc=example,dc=com" + - "cn=admins,dc=example,dc=com" + es_users: + native: + kibana4_server: + password: changeMe + roles: + - kibana4_server + logstash_system: + #this should be successfully modified + password: aNewLogstashPassword + #this will be ignored + roles: + - kibana4_server + elastic: + password: elasticChanged + file: + es_admin: + password: changeMe + roles: + - admin + testUser: + password: changeMeAlso! + roles: + - power_user + - user + es_roles: + file: + admin: + cluster: + - all + indices: + - names: '*' + privileges: + - all + power_user: + cluster: + - monitor + indices: + - names: '*' + privileges: + - all + user: + indices: + - names: '*' + privileges: + - read + kibana4_server: + cluster: + - monitor + indices: + - names: '.kibana' + privileges: + - all + native: + logstash: + cluster: + - manage_index_templates + indices: + - names: 'logstash-*' + privileges: + - write + - delete + - create_index + #this will be ignored - its reserved + logstash_system: + cluster: + - manage_index_templates + indices: + - names: 'logstash-*' + privileges: + - write + - delete + - create_index + +#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed. +- name: Elasticsearch Xpack modify + hosts: localhost + tasks: + - include: elasticsearch/test/integration/debug.yml + roles: + - role: elasticsearch + es_api_port: 9200 + es_instance_name: "security_node" + es_config: + http.port: 9200 + transport.tcp.port: 9300 + discovery.zen.ping.unicast.hosts: "localhost:9300" + xpack.security.enabled: True + xpack.security.authc.realms.file1.type: "file" + xpack.security.authc.realms.file1.order: 0 + xpack.security.authc.realms.native1.type: "native" + xpack.security.authc.realms.native1.order: 1 + vars: + es_heap_size: "1g" + es_templates: true + es_enable_xpack: true + es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" + es_plugins: + - plugin: ingest-attachment + es_xpack_features: + - security + - alerting + es_api_basic_auth_username: elastic + es_api_basic_auth_password: elasticChanged + es_role_mapping: + power_user: + - "cn=admins,dc=example,dc=com" + user: + - "cn=users,dc=example,dc=com" + - "cn=admins,dc=example,dc=com" + es_users: + native: + kibana4_server: + password: changeMe + roles: + - kibana4_server + logstash_system: + #this will be ignored + roles: + - kibana4_server + file: + es_admin: + password: changeMeAgain + roles: + - admin + testUser: + password: changeMeAlso! + roles: + - power_user + - user diff --git a/test/integration/xpack-upgrade/serverspec/default_spec.rb b/test/integration/xpack-upgrade/serverspec/default_spec.rb new file mode 100644 index 00000000..c2452eec --- /dev/null +++ b/test/integration/xpack-upgrade/serverspec/default_spec.rb @@ -0,0 +1,7 @@ +require 'xpack_upgrade_spec' +require 'json' +vars = JSON.parse(File.read('/tmp/vars.json')) + +describe 'Xpack upgrade Tests' do + include_examples 'xpack_upgrade::init', vars +end diff --git a/test/integration/xpack-upgrade/xpack-upgrade.yml b/test/integration/xpack-upgrade/xpack-upgrade.yml new file mode 100644 index 00000000..a3c37e19 --- /dev/null +++ b/test/integration/xpack-upgrade/xpack-upgrade.yml @@ -0,0 +1,2 @@ +--- +- host: test-kitchen diff --git a/test/integration/xpack.yml b/test/integration/xpack.yml index 5668dfd0..6789a7e2 100644 --- a/test/integration/xpack.yml +++ b/test/integration/xpack.yml @@ -1,158 +1,16 @@ +#Tests x-pack is idempotent and works when security is not enabled --- -- name: Elasticsearch Xpack tests initial +- name: Elasticsearch Xpack tests - no security and manual download hosts: localhost tasks: - include: elasticsearch/test/integration/debug.yml roles: - - { role: elasticsearch, es_api_port: 9200, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300", - "xpack.security.authc.realms.file1.type": "file","xpack.security.authc.realms.file1.order": 0, "xpack.security.authc.realms.native1.type": "native","xpack.security.authc.realms.native1.order": 1 }, - es_instance_name: "security_node" } + - { role: elasticsearch, es_api_port: 9200, es_config: { "http.port": 9200, "transport.tcp.port":9300, discovery.zen.ping.unicast.hosts: "localhost:9300" }, es_instance_name: "security_node" } vars: - es_heap_size: "1g" - es_templates: true - es_version: "{{ '6.2.4' if es_major_version == '6.x' else '5.6.9' }}" # This is set to an older version than the current default to force an upgrade + es_xpack_custom_url: "https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-{{ es_version }}.zip" + es_heap_size: 2g es_enable_xpack: true - es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" - es_plugins: - - plugin: ingest-geoip es_xpack_features: - - security - - alerting - es_api_basic_auth_username: elastic - es_api_basic_auth_password: changeme - es_message_auth_file: system_key - es_role_mapping: - power_user: - - "cn=admins,dc=example,dc=com" - user: - - "cn=users,dc=example,dc=com" - - "cn=admins,dc=example,dc=com" - es_users: - native: - kibana4_server: - password: changeMe - roles: - - kibana4_server - logstash_system: - #this should be successfully modified - password: aNewLogstashPassword - #this will be ignored - roles: - - kibana4_server - elastic: - password: elasticChanged - file: - es_admin: - password: changeMe - roles: - - admin - testUser: - password: changeMeAlso! - roles: - - power_user - - user - es_roles: - file: - admin: - cluster: - - all - indices: - - names: '*' - privileges: - - all - power_user: - cluster: - - monitor - indices: - - names: '*' - privileges: - - all - user: - indices: - - names: '*' - privileges: - - read - kibana4_server: - cluster: - - monitor - indices: - - names: '.kibana' - privileges: - - all - native: - logstash: - cluster: - - manage_index_templates - indices: - - names: 'logstash-*' - privileges: - - write - - delete - - create_index - #this will be ignored - its reserved - logstash_system: - cluster: - - manage_index_templates - indices: - - names: 'logstash-*' - privileges: - - write - - delete - - create_index - -#modifies the installation. Changes es_admin password and upgrades ES. Tests confirm the correct version is installed. -- name: Elasticsearch Xpack modify - hosts: localhost - tasks: - - include: elasticsearch/test/integration/debug.yml - roles: - - role: elasticsearch - es_api_port: 9200 - es_instance_name: "security_node" - es_config: - http.port: 9200 - transport.tcp.port: 9300 - discovery.zen.ping.unicast.hosts: "localhost:9300" - xpack.security.enabled: True - xpack.security.authc.realms.file1.type: "file" - xpack.security.authc.realms.file1.order: 0 - xpack.security.authc.realms.native1.type: "native" - xpack.security.authc.realms.native1.order: 1 - vars: - es_heap_size: "1g" - es_templates: true - es_enable_xpack: true - es_xpack_license: "{{ lookup('file', '/tmp/license.json') }}" - es_plugins: - - plugin: ingest-attachment - es_xpack_features: - - security - - alerting - es_api_basic_auth_username: elastic - es_api_basic_auth_password: elasticChanged - es_role_mapping: - power_user: - - "cn=admins,dc=example,dc=com" - user: - - "cn=users,dc=example,dc=com" - - "cn=admins,dc=example,dc=com" - es_users: - native: - kibana4_server: - password: changeMe - roles: - - kibana4_server - logstash_system: - #this will be ignored - roles: - - kibana4_server - file: - es_admin: - password: changeMeAgain - roles: - - admin - testUser: - password: changeMeAlso! - roles: - - power_user - - user + - monitoring + - graph + - ml diff --git a/test/integration/xpack/serverspec/default_spec.rb b/test/integration/xpack/serverspec/default_spec.rb index 8a3791a4..5f57e819 100644 --- a/test/integration/xpack/serverspec/default_spec.rb +++ b/test/integration/xpack/serverspec/default_spec.rb @@ -2,6 +2,6 @@ require 'json' vars = JSON.parse(File.read('/tmp/vars.json')) -describe 'Xpack Tests' do +describe 'Xpack upgrade Tests' do include_examples 'xpack::init', vars end diff --git a/test/matrix.yml b/test/matrix.yml index 56740704..91070204 100644 --- a/test/matrix.yml +++ b/test/matrix.yml @@ -7,11 +7,9 @@ OS: - debian-8 - centos-7 TEST_TYPE: - - standard - - package - - config - - multi - - xpack - - xpack-standard - - issue-test + - oss - oss-upgrade + - oss-to-xpack-upgrade + - xpack + - xpack-upgrade + - multi