diff --git a/.github/workflows/test_full_stack.yml b/.github/workflows/test_full_stack.yml index c065a334..953ad30b 100644 --- a/.github/workflows/test_full_stack.yml +++ b/.github/workflows/test_full_stack.yml @@ -39,7 +39,6 @@ jobs: scenario: - elasticstack_default release: - - 7 - 8 ansible_version: - "ansible-core>=2.19,<2.20" #Correspond ansible>=12.0,<13.0 diff --git a/.github/workflows/test_linting.yml b/.github/workflows/test_linting.yml index 91b56e40..ec484557 100644 --- a/.github/workflows/test_linting.yml +++ b/.github/workflows/test_linting.yml @@ -43,11 +43,7 @@ jobs: yamllint . if: ${{ inputs.rolename == '' }} - - name: Lint Role (yamllint). - run: | - ansible-lint roles/${{ inputs.rolename }} - if: ${{ inputs.rolename != '' }} - - name: Lint Role (ansible-lint). run: | ansible-lint roles/${{ inputs.rolename }} + if: ${{ inputs.rolename != '' }} diff --git a/.github/workflows/test_role_beats.yml b/.github/workflows/test_role_beats.yml index 13cd7dc4..b50b723e 100644 --- a/.github/workflows/test_role_beats.yml +++ b/.github/workflows/test_role_beats.yml @@ -45,7 +45,6 @@ jobs: - beats_default - beats_peculiar release: - - 7 - 8 ansible_version: - "ansible>=9.0,<10.0" #Correspond ansible-core>=2.16,<2.17 diff --git a/.github/workflows/test_role_elasticsearch.yml b/.github/workflows/test_role_elasticsearch.yml index 2ab6adf4..fab18efb 100644 --- a/.github/workflows/test_role_elasticsearch.yml +++ b/.github/workflows/test_role_elasticsearch.yml @@ -44,10 +44,7 @@ jobs: scenario: - elasticsearch_default - elasticsearch_roles_calculation - - elasticsearch_cluster-oss - - elasticsearch_no-security release: - - 7 - 8 ansible_version: - "ansible-core>=2.19,<2.20" #Correspond ansible>=12.0,<13.0 diff --git a/.github/workflows/test_role_kibana.yml b/.github/workflows/test_role_kibana.yml index c36322c0..704844fe 100644 --- a/.github/workflows/test_role_kibana.yml +++ b/.github/workflows/test_role_kibana.yml @@ -45,7 +45,6 @@ jobs: scenario: - kibana_default release: - - 7 - 8 ansible_version: - "ansible-core>=2.19,<2.20" #Correspond ansible>=12.0,<13.0 diff --git a/.github/workflows/test_role_logstash.yml b/.github/workflows/test_role_logstash.yml index 4eb2cbe4..b3a61821 100644 --- a/.github/workflows/test_role_logstash.yml +++ b/.github/workflows/test_role_logstash.yml @@ -42,11 +42,9 @@ jobs: matrix: distro: [ubuntu2204] scenario: - - logstash_full_stack-oss - logstash_specific_version - logstash_pipelines release: - - 7 - 8 ansible_version: - "ansible-core>=2.19,<2.20" #Correspond ansible>=12.0,<13.0 diff --git a/.github/workflows/test_role_repos.yml b/.github/workflows/test_role_repos.yml index 979a709f..57fb4fce 100644 --- a/.github/workflows/test_role_repos.yml +++ b/.github/workflows/test_role_repos.yml @@ -48,7 +48,6 @@ jobs: - repos_default - repos_oss release: - - 7 - 8 ansible_version: - "ansible-core>=2.19,<2.20" #Correspond ansible>=12.0,<13.0 diff --git a/.github/workflows/test_roles_pr.yml b/.github/workflows/test_roles_pr.yml index f0d0245e..efc2494d 100644 --- a/.github/workflows/test_roles_pr.yml +++ b/.github/workflows/test_roles_pr.yml @@ -38,7 +38,6 @@ jobs: scenario: - elasticstack_default release: - - 7 - 8 python_version: - "3.11" diff --git a/README.md b/README.md index b5dad47e..74db34ab 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ You may want the following Ansible roles installed. There other ways to achieve ### Supported systems -We test the collection on the following Linux distributions. Each one with Elastic Stack 7 and 8. +We test the collection on the following Linux distributions. Each one with Elastic Stack 8. * Rocky Linux 9 * Rocky Linux 8 @@ -72,10 +72,6 @@ We test the collection on the following Linux distributions. Each one with Elast * Debian 10 * CentOS 8 -We know from personal experience, that the collections work in following combinations. Missing tests mostly come from incompatibilties between the distribution and our testing environment, not from problems with the collection itself. - -* CentOS 7 - Elastic Stack 7 - ## Caveats and information for long time users ### Variable renaming @@ -98,9 +94,9 @@ The variable `elasticstack_no_log` can be set to `false` if you want to see the ### Versions and upgrades -*elasticstack_version*: Version number of tools to install. Only set if you don't want the latest on new setups. (default: none). If you already have an installation of Elastic Stack, this collection will query the version of Elasticsearch on the CA host and use it for all further installations in the same setup. (Only if you run the `elasticsearch` role before all others) Example: `7.17.2` +*elasticstack_version*: Version number of tools to install. Only set if you don't want the latest on new setups. (default: none). If you already have an installation of Elastic Stack, this collection will query the version of Elasticsearch on the CA host and use it for all further installations in the same setup. (Only if you run the `elasticsearch` role before all others) Example: `8.11.2` -*elasticstack_release*: Major release version of Elastic stack to configure. (default: `7`) Make sure it corresponds to `elasticstack_version` if you set both. +*elasticstack_release*: Major release version of Elastic stack to configure. (default: `8`) Make sure it corresponds to `elasticstack_version` if you set both. For OSS version see `elasticstack_variant` below. @@ -142,8 +138,6 @@ ansible-galaxy install geerlingguy.redis 1) Default: For general Elastic Stack installations using all features use the following. You will need Redis installed and running for the default setup to run. A viable way is using the `geerlingguy.redis` role. -2) Specific: For OSS Installation without X-Pack features you can use the following. _Note_: this is only available for version `7.x`. - Our default configuration will collect filesystem logs placed by `rsyslog`. Therefor our example playbook makes sure, `rsyslog` is installed. If you don't want that, please change the configuration of the `beats` module. Without syslog you won't receive any messages with the default configuration. There are some comments in the Playbook. Either fill them with the correct values (`remote_user`) or consider them as a hint to commonly used options. @@ -163,7 +157,7 @@ The execution order of the roles is important! (see below) - netways.elasticstack vars: elasticstack_variant: elastic #oss - # elasticstack_release: 8 #7 + # elasticstack_release: 8 roles: - repos @@ -175,7 +169,7 @@ The execution order of the roles is important! (see below) vars: elasticstack_variant: elastic #oss elasticsearch_jna_workaround: true - # elasticstack_release: 8 #7 + # elasticstack_release: 8 roles: - elasticsearch @@ -187,7 +181,7 @@ The execution order of the roles is important! (see below) vars: elasticstack_variant: elastic #oss elasticstack_override_beats_tls: true - # elasticstack_release: 8 #7 + # elasticstack_release: 8 roles: - geerlingguy.redis - logstash @@ -199,7 +193,7 @@ The execution order of the roles is important! (see below) - netways.elasticstack vars: elasticstack_variant: elastic #oss - # elasticstack_release: 8 #7 + # elasticstack_release: 8 roles: - kibana @@ -211,7 +205,7 @@ The execution order of the roles is important! (see below) vars: elasticstack_variant: elastic #oss elasticstack_override_beats_tls: true - # elasticstack_release: 8 #7 + # elasticstack_release: 8 pre_tasks: - name: Install Rsyslog ansible.builtin.package: diff --git a/docs/getting-started.md b/docs/getting-started.md index 79569b50..289264b4 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -59,5 +59,5 @@ Variables Every role got its own set of variables, in addition a few variables are useable on any role. Below are all general collection vars. -* *elasticstack_release*: Major release version of Elastic stack to configure. (default: `7`) +* *elasticstack_release*: Major release version of Elastic stack to configure. (default: `8`) * *elasticstack_variant*: Variant of the stack to install. Valid values: `elastic` or `oss`. (default: `elastic`) diff --git a/docs/role-beats.md b/docs/role-beats.md index 5d742c82..b88ce91a 100644 --- a/docs/role-beats.md +++ b/docs/role-beats.md @@ -53,7 +53,7 @@ beats_filebeat_log_inputs: negate: false match: after ``` -* *beats_filebeat_journald*: Enable collection of JournalD logs (default: `false`) - available since Filebeat 7.16 +* *beats_filebeat_journald*: Enable collection of JournalD logs (default: `false`) * *beats_filebeat_journald_inputs*: List of journald inputs. Use for different filters on events. You can add a list of `include_matches` entries for filtering. Default of `beats_filebeat_journald_inputs`: ``` @@ -61,7 +61,7 @@ beats_filebeat_journald_inputs: everything: id: everything ``` -* *beats_filebeat_docker*: Enable collection of Docker logs (default: `false`) **ONLY WORKS ON RELEASE 7 SO FAR** +* *beats_filebeat_docker*: Enable collection of Docker logs (default: `false`) * *beats_filebeat_docker_ids*: IDs of containers to collect. (default: `*`) * *beats_filebeat_loadbalance*: Enable loadbalancing for Filebeats Logstash output (default: `true`) @@ -95,7 +95,7 @@ The following variables only apply if you use this role together with our other * *elasticstack_ca_dir*: Directory where on the Elasticsearch CA host certificates are stored. This is only useful in connection with out other Elastic Stack related roles. (default: `/opt/es-ca`) * *elasticstack_ca_pass*: Password for Elasticsearch CA (default: `PleaseChangeMe`) * *elasticstack_initial_passwords*: Path to file with initical elasticsearch passwords (default: `/usr/share/elasticsearch/initial_passwords`) -* *elasticstack_version*: Install specific version (Default: none. Possible values: e.g. `7.10.1` or `latest`) +* *elasticstack_version*: Install specific version (Default: none. Possible values: e.g. `8.10.1` or `latest`) If you want to use this role with your own TLS certificates, use these variables. diff --git a/docs/role-elasticsearch.md b/docs/role-elasticsearch.md index 1be8ce3b..95e66d13 100644 --- a/docs/role-elasticsearch.md +++ b/docs/role-elasticsearch.md @@ -65,8 +65,8 @@ These variables are identical over all our elastic related roles, hence the diff * *elasticstack_ca_validity_period*: number of days that the generated CA are valid (default: 1095). * *elasticstack_ca_expiration_buffer*: Ansible will renew the CA if its validity is shorter than this value, which should be number of days. (default: 30) * *elasticstack_ca_will_expire_soon*: Set it to true to renew the CA and the certificate of all Elastic Stack components (default: `false`), Or run the playbook with `--tags renew_ca` to do that. -* *elasticstack_release*: Major release version of Elastic stack to configure. (default: `7`) -* *elasticstack_variant*: Variant of the stack to install. Valid values: `elastic` or `oss`. (default: `elastic`) +* *elasticstack_release*: Major release version of Elastic stack to configure. (default: `8`) +* *elasticstack_variant*: Variant of the stack to install. Valid values: `elastic`. (default: `elastic`) * *elasticstack_elasticsearch_http_port*: Port of Elasticsearch http (Default: `9200`) ``` @@ -75,7 +75,7 @@ These variables are identical over all our elastic related roles, hence the diff - netways.elasticstack hosts: elasticsearch-hosts vars: - elasticstack_variant: oss + elasticstack_variant: elastic elasticsearch_jna_workaround: true elasticsearch_disable_systemcallfilterchecks: true roles: diff --git a/docs/role-kibana.md b/docs/role-kibana.md index f1df2640..5030a5fa 100644 --- a/docs/role-kibana.md +++ b/docs/role-kibana.md @@ -36,8 +36,8 @@ These variables are identical over all our elastic related roles, hence the diff * *elasticstack_ca_dir*: Directory where on the Elasticsearch CA host certificates are stored. This is only useful in connection with out other Elastic Stack related roles. (default: `/opt/es-ca`) * *elasticstack_ca_pass*: Password for Elasticsearch CA (default: `PleaseChangeMe`) * *elasticstack_initial_passwords*: Path to file with initical elasticsearch passwords (default: `/usr/share/elasticsearch/initial_passwords`) -* *elasticstack_release*: Major release version of Elastic stack to configure. (default: `7`) -* *elasticstack_variant*: Variant of the stack to install. Valid values: `elastic` or `oss` (default: `elastic`) +* *elasticstack_release*: Major release version of Elastic stack to configure. (default: `8`) +* *elasticstack_variant*: Variant of the stack to install. Valid values: `elastic`. (default: `elastic`) If you use `localhost` in `kibana_elasticsearch_hosts` , certificate verification will skip hostname checks @@ -51,7 +51,7 @@ If you use `localhost` in `kibana_elasticsearch_hosts` , certificate verificatio hosts: kibana-host vars: elasticstack_full_stack: true - elasticstack_variant: oss + elasticstack_variant: elastic roles: - repos - kibana diff --git a/docs/role-logstash.md b/docs/role-logstash.md index 1b4e4b78..dc2c31e5 100644 --- a/docs/role-logstash.md +++ b/docs/role-logstash.md @@ -35,7 +35,7 @@ If you want to use the default pipeline (or other pipelines communicating via Re Role Variables -------------- -* *elasticstack_version*: Version number of Logstash to install (e.g. `7.10.1`). Only set if you don't want the latest. (default: none). For OSS version see `elasticstack_variant` below. +* *elasticstack_version*: Version number of Logstash to install (e.g. `8.10.1`). Only set if you don't want the latest. (default: none). For OSS version see `elasticstack_variant` below. * *logstash_enable*: Start and enable Logstash service (default: `true`) * *logstash_config_backup*: Keep backups of all changed configuration (default: `no`) * *logstash_manage_yaml*: Manage and overwrite `logstash.yml` (default: `true`) @@ -109,7 +109,7 @@ The following variables configure extra fields in your events that help with ide The following variables are identical over all our elastic related roles, hence the different naming scheme. -*elasticstack_release*: Major release version of Elastic stack to configure. (default: `7`) +*elasticstack_release*: Major release version of Elastic stack to configure. (default: `8`) *elasticstack_variant*: Variant of the stack to install. Valid values: `elastic` or `oss`. (default: `elastic`) The following variables only apply if you use this role together with our Elasticsearch and Kibana roles. diff --git a/docs/role-repos.md b/docs/role-repos.md index a47e62ce..eab7f266 100644 --- a/docs/role-repos.md +++ b/docs/role-repos.md @@ -16,11 +16,11 @@ Requirements Role Variables -------------- -* *elasticstack_release*: Major release version of Elastic stack to configure. (default: `7`). `7` and `8` are supported. +* *elasticstack_release*: Major release version of Elastic stack to configure. (default: `8`). * *elasticstack_variant*: Variant of the stack to install. Valid values: `elastic` or `oss`. (default: `elastic`). * *elasticstack_enable_repos*: Enable repositories after creating them. (default: `true`) Only works on RPM based distributions! -Please note that no `oss` versions are available for Elastic Stack later than `7`. This role will fail if you try to install them. +Please note that not all tool have `oss` versions available for Elastic Stack later than `7`. This role will fail if you try to install them. Elasticsearch and Kibana are not available as OSS > 7. Usage -------- diff --git a/molecule/beats_peculiar/converge.yml b/molecule/beats_peculiar/converge.yml index e5a46244..fd020406 100644 --- a/molecule/beats_peculiar/converge.yml +++ b/molecule/beats_peculiar/converge.yml @@ -40,12 +40,6 @@ elasticstack_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" tasks: - - name: Set Filebeat version for 7.x - ansible.builtin.set_fact: - elasticstack_version: "7.17.1" - when: - - elasticstack_release == 7 - - name: Set Filebeat version for 8.x ansible.builtin.set_fact: elasticstack_version: "8.4.1" diff --git a/molecule/beats_peculiar/verify.yml b/molecule/beats_peculiar/verify.yml index c7aa9fd5..d6334ab1 100644 --- a/molecule/beats_peculiar/verify.yml +++ b/molecule/beats_peculiar/verify.yml @@ -13,13 +13,6 @@ ansible.builtin.debug: var: beats_filebeat_version.stdout - - name: Fail if Filebeat has the wrong version - ansible.builtin.fail: - msg: "Filebeat has the wrong version" - when: - - beats_filebeat_version.stdout.find('7.17.1') == -1 - - elasticstack_release == 7 - - name: Fail if Filebeat has the wrong version ansible.builtin.fail: msg: "Filebeat has the wrong version" diff --git a/molecule/elasticsearch_cluster-oss/converge.yml b/molecule/elasticsearch_cluster-oss/converge.yml deleted file mode 100644 index ea69ec89..00000000 --- a/molecule/elasticsearch_cluster-oss/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# The workaround for arbitrarily named role directory is important because the git repo has one name and the role within it another -# Found at: https://github.com/ansible-community/molecule/issues/1567#issuecomment-436876722 -- name: Converge - collections: - - netways.elasticstack - hosts: all - vars: - elasticstack_variant: oss - elasticsearch_jna_workaround: true - elasticsearch_disable_systemcallfilterchecks: true - elasticstack_release: 7 - elasticsearch_heap: "1" - elasticstack_no_log: false - tasks: - - name: Include Elastics repos role - ansible.builtin.include_role: - name: repos - - name: Include Elasticsearch - ansible.builtin.include_role: - name: elasticsearch diff --git a/molecule/elasticsearch_cluster-oss/molecule.yml b/molecule/elasticsearch_cluster-oss/molecule.yml deleted file mode 100644 index 160c5275..00000000 --- a/molecule/elasticsearch_cluster-oss/molecule.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: requirements.yml -driver: - name: docker -platforms: - - name: "elasticsearch-cluster1-${MOLECULE_DISTRO:-debian13}" - groups: - - elasticsearch - image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - privileged: true - pre_build_image: true - - name: "elasticsearch-cluster2-${MOLECULE_DISTRO:-debian13}" - groups: - - elasticsearch - image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - privileged: true - pre_build_image: true -provisioner: - name: ansible -verifier: - name: ansible diff --git a/molecule/elasticsearch_cluster-oss/prepare.yml b/molecule/elasticsearch_cluster-oss/prepare.yml deleted file mode 100644 index 2bf1ed5e..00000000 --- a/molecule/elasticsearch_cluster-oss/prepare.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Prepare - hosts: all - tasks: - - name: Show discovered interpreter - debug: - var: ansible_facts.discovered_interpreter_python - - - name: Install packages for Debian - ansible.builtin.apt: - name: - - gpg - - gpg-agent - - procps - - curl - - iproute2 - - git - - openssl - update_cache: yes diff --git a/molecule/elasticsearch_cluster-oss/requirements.yml b/molecule/elasticsearch_cluster-oss/requirements.yml deleted file mode 100644 index 8dd51618..00000000 --- a/molecule/elasticsearch_cluster-oss/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -collections: - - community.general diff --git a/molecule/elasticsearch_no-security/converge.yml b/molecule/elasticsearch_no-security/converge.yml deleted file mode 100644 index b8fd37cc..00000000 --- a/molecule/elasticsearch_no-security/converge.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# The workaround for arbitrarily named role directory is important because the git repo has one name and the role within it another -# Found at: https://github.com/ansible-community/molecule/issues/1567#issuecomment-436876722 -- name: Converge - collections: - - netways.elasticstack - hosts: all - vars: - elasticsearch_security: false - elasticstack_security: false - elasticsearch_jna_workaround: true - elasticsearch_disable_systemcallfilterchecks: true - elasticsearch_heap: "1" - elasticstack_release: 7 - elasticstack_no_log: false - elasticstack_elasticsearch_group_name: elasticsearchXYZ - tasks: - - name: Include Elastics repos role - ansible.builtin.include_role: - name: repos - - name: Include Elasticsearch - ansible.builtin.include_role: - name: elasticsearch diff --git a/molecule/elasticsearch_no-security/molecule.yml b/molecule/elasticsearch_no-security/molecule.yml deleted file mode 100644 index 112b7cdb..00000000 --- a/molecule/elasticsearch_no-security/molecule.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: requirements.yml -driver: - name: docker -platforms: - - name: "elasticsearch-nosecurity1-${MOLECULE_DISTRO:-debian13}" - groups: - - elasticsearchXYZ - image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - privileged: true - pre_build_image: true - - name: "elasticsearch-nosecurity2-${MOLECULE_DISTRO:-debian13}" - groups: - - elasticsearchXYZ - image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - privileged: true - pre_build_image: true -provisioner: - name: ansible -verifier: - name: ansible diff --git a/molecule/elasticsearch_no-security/prepare.yml b/molecule/elasticsearch_no-security/prepare.yml deleted file mode 100644 index a4d70b7d..00000000 --- a/molecule/elasticsearch_no-security/prepare.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Prepare - hosts: all - tasks: - - name: Show discovered interpreter - debug: - var: ansible_facts.discovered_interpreter_python - - - name: Install packages for Debian - ansible.builtin.apt: - name: - - gpg - - gpg-agent - - procps - - curl - - iproute2 - - git - update_cache: yes - when: ansible_os_family == "Debian" diff --git a/molecule/elasticsearch_no-security/requirements.yml b/molecule/elasticsearch_no-security/requirements.yml deleted file mode 100644 index 8dd51618..00000000 --- a/molecule/elasticsearch_no-security/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -collections: - - community.general diff --git a/molecule/elasticsearch_no-security/verify.yml b/molecule/elasticsearch_no-security/verify.yml deleted file mode 100644 index 83c81352..00000000 --- a/molecule/elasticsearch_no-security/verify.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - vars: - elasticstack_elasticsearch_http_port: 9200 - elasticstack_elasticsearch_group_name: elasticsearchXYZ - tasks: - -# Remember, this is the no-security scenario. So no https -# The comment below will create an exception for KICS security scan - - name: Health check - ansible.builtin.uri: -# kics-scan ignore-line - url: http://localhost:{{ elasticstack_elasticsearch_http_port }}/_cluster/health - method: GET - return_content: yes - status_code: 200 - validate_certs: false - register: result - until: result.json.status == "green" - retries: 6 - delay: 10 - when: groups[elasticstack_elasticsearch_group_name] | length > 1 - - - name: Node check - ansible.builtin.uri: -# kics-scan ignore-line - url: http://localhost:{{ elasticstack_elasticsearch_http_port }}/_cat/nodes - method: GET - return_content: yes - status_code: 200 - validate_certs: false - register: nodes - when: groups[elasticstack_elasticsearch_group_name] | length > 1 - - - name: Check if all Nodes see each other - ansible.builtin.assert: - that: - - "'{{ item }}' in nodes.content" - fail_msg: "'{{ item }}' was not found in nodes.content" - success_msg: "'{{ item }}' was found in nodes.content" - with_inventory_hostnames: all - when: groups[elasticstack_elasticsearch_group_name] | length > 1 diff --git a/molecule/elasticstack_default/converge.yml b/molecule/elasticstack_default/converge.yml index 58119e39..18420b16 100644 --- a/molecule/elasticstack_default/converge.yml +++ b/molecule/elasticstack_default/converge.yml @@ -12,7 +12,6 @@ vars: elasticsearch_jna_workaround: true elasticsearch_disable_systemcallfilterchecks: true - elasticsearch_monitoring_enabled: false elasticstack_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" elasticsearch_heap: "1" elasticstack_full_stack: true diff --git a/molecule/logstash_full_stack-oss/converge.yml b/molecule/logstash_full_stack-oss/converge.yml deleted file mode 100644 index 5f163e7a..00000000 --- a/molecule/logstash_full_stack-oss/converge.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# The workaround for arbitrarily named role directory is important because the -# git repo has one name and the role within it another -# Found at: -# https://github.com/ansible-community/molecule/issues/1567#issuecomment-436876722 -# -# Currently security is not implemented with OSS. We leave the variable set -# to check for handling of misconfiguration (and be prepared for upcoming -# implementations) -# But we need to deactivate security in Elasticsearch to not lock out -# Logstash -- name: Converge - hosts: all - collections: - - netways.elasticstack - vars: - elasticstack_full_stack: true - elasticstack_variant: oss - logstash_security: false - logstash_pipeline_unsafe_shutdown: true - elasticstack_security: false - beats_filebeat_journald: true - logstash_beats_tls: false - elasticstack_release: 7 - elasticstack_no_log: false - tasks: - - name: "Include Elastics repos role" - ansible.builtin.include_role: - name: repos - - name: "Include Elasticsearch role" - ansible.builtin.include_role: - name: elasticsearch - - name: "Include Beats" - ansible.builtin.include_role: - name: beats - - name: "Include Redis" - ansible.builtin.include_role: - name: geerlingguy.redis - - name: "Include Logstash" - ansible.builtin.include_role: - name: logstash diff --git a/molecule/logstash_full_stack-oss/molecule.yml b/molecule/logstash_full_stack-oss/molecule.yml deleted file mode 100644 index 2f3cd65a..00000000 --- a/molecule/logstash_full_stack-oss/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: requirements.yml -driver: - name: docker -platforms: - - name: "logstash-full-oss-${MOLECULE_DISTRO:-debian13}" - groups: - - elasticsearch - - logstash - - filebeat - image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - privileged: true - pre_build_image: true -provisioner: - name: ansible - env: - ANSIBLE_ROLES_PATH: $MOLECULE_EPHEMERAL_DIRECTORY/roles:${HOME}/.ansible/roles:$MOLECULE_PROJECT_DIRECTORY/roles -verifier: - name: ansible diff --git a/molecule/logstash_full_stack-oss/prepare.yml b/molecule/logstash_full_stack-oss/prepare.yml deleted file mode 100644 index 9cc68f65..00000000 --- a/molecule/logstash_full_stack-oss/prepare.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Prepare - hosts: all - tasks: - - name: Show discovered interpreter - debug: - var: ansible_facts.discovered_interpreter_python - - - name: Install packages for Debian - ansible.builtin.apt: - name: - - gpg - - gpg-agent - - procps - - curl - - git - update_cache: yes diff --git a/molecule/logstash_full_stack-oss/requirements.yml b/molecule/logstash_full_stack-oss/requirements.yml deleted file mode 100644 index 1c0204d5..00000000 --- a/molecule/logstash_full_stack-oss/requirements.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -roles: - # Versions higher than 1.6.0 seem to have a problem with idempotency on rocky 9 python 3.9, NOT on ubuntu2204 python 3.10 - - name: geerlingguy.redis - version: "1.6.0" - -collections: - - community.general diff --git a/molecule/logstash_full_stack-oss/verify.yml b/molecule/logstash_full_stack-oss/verify.yml deleted file mode 100644 index fc4bcc65..00000000 --- a/molecule/logstash_full_stack-oss/verify.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Check if Logstash configuration does what it should - hosts: all - vars: - elasticstack_elasticsearch_http_port: 9200 - elasticstack_beats_port: 5044 - tasks: - - name: Give some time for tools to connect - ansible.builtin.wait_for: - timeout: 120 - - name: Run syntax check - ansible.builtin.command: "/usr/share/logstash/bin/logstash --path.settings=/etc/logstash -t" - when: "'logstash' in group_names" - - name: Query for Logstasch indices - ansible.builtin.shell: > - curl -s http://localhost:{{ elasticstack_elasticsearch_http_port }}/_cat/indices | - grep logstash | - awk {' print $7 '} | - sort -n | - tail -1 - register: logstash_count - when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names" - - name: Show full output - ansible.builtin.debug: - var: logstash_count - when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names" - - name: Fail when logstash is empty - ansible.builtin.fail: - msg: "Logstash Index is empty" - when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names and logstash_count.stdout == 0" - - name: Show number of received events - ansible.builtin.debug: - msg: "Elasticsearch received {{ logstash_count.stdout }} events so far" - when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names" diff --git a/molecule/logstash_specific_version/converge.yml b/molecule/logstash_specific_version/converge.yml index cabf8ae4..4c129cfd 100644 --- a/molecule/logstash_specific_version/converge.yml +++ b/molecule/logstash_specific_version/converge.yml @@ -18,12 +18,6 @@ elasticstack_no_log: false tasks: - - name: Set Filebeat version for 7.x - ansible.builtin.set_fact: - elasticstack_version: "7.17.1" - when: - - elasticstack_release == 7 - - name: Set Filebeat version for 8.x ansible.builtin.set_fact: elasticstack_version: "8.4.1" diff --git a/molecule/logstash_specific_version/verify.yml b/molecule/logstash_specific_version/verify.yml index 788e70f4..d29c102a 100644 --- a/molecule/logstash_specific_version/verify.yml +++ b/molecule/logstash_specific_version/verify.yml @@ -9,13 +9,6 @@ ansible.builtin.command: "/usr/share/logstash/bin/logstash --version | grep ^logstash" register: logstash_version - - name: Fail if Logstash has the wrong version - ansible.builtin.fail: - msg: "Logstash has the wrong version" - when: - - logstash_version.stdout.find('7.17.1') == -1 - - elasticstack_release == 7 - - name: Fail if Logstash has the wrong version ansible.builtin.fail: msg: "Logstash has the wrong version" diff --git a/molecule/repos_oss/converge.yml b/molecule/repos_oss/converge.yml index 49416223..d17b5ce4 100644 --- a/molecule/repos_oss/converge.yml +++ b/molecule/repos_oss/converge.yml @@ -8,7 +8,6 @@ vars: elasticstack_variant: oss elasticstack_rpm_workaround: true - elasticstack_release: 7 elasticstack_no_log: false tasks: - name: "Include Elastic Repos" diff --git a/roles/beats/tasks/filebeat.yml b/roles/beats/tasks/filebeat.yml index 0fbce0cb..9d2de066 100644 --- a/roles/beats/tasks/filebeat.yml +++ b/roles/beats/tasks/filebeat.yml @@ -110,8 +110,6 @@ owner: root group: root mode: 0644 - when: - - elasticstack_release | int > 7 - name: Enable Ingest Pipelines ansible.builtin.shell: > diff --git a/roles/elasticsearch/defaults/main.yml b/roles/elasticsearch/defaults/main.yml index 29aaa0c6..7b725ccd 100644 --- a/roles/elasticsearch/defaults/main.yml +++ b/roles/elasticsearch/defaults/main.yml @@ -4,7 +4,6 @@ elasticsearch_enable: true elasticsearch_ml_enabled: true elasticsearch_config_backup: false elasticsearch_manage_yaml: true -elasticsearch_monitoring_enabled: true elasticsearch_security: true elasticsearch_bootstrap_pw: PleaseChangeMe elasticsearch_http_security: true diff --git a/roles/elasticsearch/tasks/elasticsearch-parameters.yml b/roles/elasticsearch/tasks/elasticsearch-parameters.yml deleted file mode 100644 index 796c1054..00000000 --- a/roles/elasticsearch/tasks/elasticsearch-parameters.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Fail when security is not declared when elasticsearch >= 8 - ansible.builtin.fail: - msg: "Elasticsearch >= 8 requires enabled security. Set elasticsearch_security to true" - when: - - elasticstack_release | int >= 8 - - elasticstack_variant == 'elastic' - - elasticsearch_security is not defined or not elasticsearch_security diff --git a/roles/elasticsearch/tasks/elasticsearch-rolling-upgrade.yml b/roles/elasticsearch/tasks/elasticsearch-rolling-upgrade.yml index 19801a76..cf7ea1c6 100644 --- a/roles/elasticsearch/tasks/elasticsearch-rolling-upgrade.yml +++ b/roles/elasticsearch/tasks/elasticsearch-rolling-upgrade.yml @@ -28,7 +28,7 @@ ansible.builtin.package: name: "{{ elasticsearch_package }}" enablerepo: - - 'elastic-{% if elasticstack_variant == "oss" %}oss-{% endif %}{{ elasticstack_release }}.x' + - 'elastic-{{ elasticstack_release }}.x' when: - ansible_os_family == "RedHat" - elasticstack_full_stack | bool @@ -57,7 +57,7 @@ ansible.builtin.package: name: "{{ elasticsearch_package }}" enablerepo: - - 'elastic-{% if elasticstack_variant == "oss" %}oss-{% endif %}{{ elasticstack_release }}.x' + - 'elastic-{{ elasticstack_release }}.x' when: - ansible_os_family == "RedHat" - elasticstack_full_stack | bool @@ -135,7 +135,7 @@ ansible.builtin.package: name: "{{ elasticsearch_package }}" enablerepo: - - 'elastic-{% if elasticstack_variant == "oss" %}oss-{% endif %}{{ elasticstack_release }}.x' + - 'elastic-{{ elasticstack_release }}.x' when: - ansible_os_family == "RedHat" - elasticstack_full_stack | bool diff --git a/roles/elasticsearch/tasks/main.yml b/roles/elasticsearch/tasks/main.yml index f1e3f71b..dd165927 100644 --- a/roles/elasticsearch/tasks/main.yml +++ b/roles/elasticsearch/tasks/main.yml @@ -1,12 +1,5 @@ --- -- name: Check for versions - ansible.builtin.fail: - msg: "No OSS package with version later than 7 is available for Elasticsearch" - when: - - elasticstack_release | int > 7 - - elasticstack_variant == "oss" - - name: Include global role ansible.builtin.import_role: name: netways.elasticstack.elasticstack @@ -19,9 +12,6 @@ changed_when: false when: ansible_os_family == 'Debian' -- name: Check-set-parameters - ansible.builtin.include_tasks: elasticsearch-parameters.yml - - name: Include OS specific vars ansible.builtin.include_vars: '{{ item }}' with_first_found: @@ -142,7 +132,7 @@ ansible.builtin.package: name: "{{ elasticsearch_package }}" enablerepo: - - 'elastic-{% if elasticstack_variant == "oss" %}oss-{% endif %}{{ elasticstack_release }}.x' + - 'elastic-{{ elasticstack_release }}.x' when: - ansible_os_family == "RedHat" - elasticstack_full_stack | bool diff --git a/roles/elasticsearch/templates/elasticsearch.yml.j2 b/roles/elasticsearch/templates/elasticsearch.yml.j2 index 1d4238cd..f3b471bb 100644 --- a/roles/elasticsearch/templates/elasticsearch.yml.j2 +++ b/roles/elasticsearch/templates/elasticsearch.yml.j2 @@ -27,7 +27,7 @@ http.publish_port: {{ elasticsearch_http_publish_port }} node.roles: [ {% for type in elasticsearch_node_types %}{{ type }}{% if not loop.last %}, {% endif %}{% endfor %} ] {% endif %} -{% if elasticstack_release | int > 7 and groups[elasticstack_elasticsearch_group_name] | length == 1 %} +{% if groups[elasticstack_elasticsearch_group_name] | length == 1 %} discovery.type: single-node {% endif %} @@ -35,7 +35,7 @@ discovery.type: single-node {% if elasticsearch_seed_hosts is defined %} discovery.seed_hosts: {{ elasticsearch_seed_hosts }} {% else %} -{% if elasticstack_release | int < 8 or groups[elasticstack_elasticsearch_group_name] | length > 1 %} +{% if groups[elasticstack_elasticsearch_group_name] | length > 1 %} discovery.seed_hosts: [ {% for host in groups[elasticstack_elasticsearch_group_name] %} "{{ hostvars[host].ansible_default_ipv4.address | default(hostvars[host].ansible_all_ipv4_addresses[0]) }}"{% if not loop.last %},{% endif %} {% endfor %} ] @@ -57,14 +57,8 @@ cluster.initial_master_nodes: [ {% for host in groups[elasticstack_elasticsearch {% if elasticstack_temperature is defined %} node.attr.temp: "{{ elasticstack_temperature }}" {% endif %} -{% if elasticsearch_disable_systemcallfilterchecks | bool and elasticstack_release == 7 %} -bootstrap.system_call_filter: false -{% endif %} {% if elasticstack_variant == "elastic" %} xpack.ml.enabled: {{ elasticsearch_ml_enabled }} -{% if elasticstack_release == 7 %} -xpack.monitoring.collection.enabled: {{ elasticsearch_monitoring_enabled }} -{% endif %} {% if elasticsearch_security | bool %} xpack.security.enabled: true {% if elasticsearch_security_enrollment is defined %} diff --git a/roles/kibana/tasks/main.yml b/roles/kibana/tasks/main.yml index 597ebce3..1107deda 100644 --- a/roles/kibana/tasks/main.yml +++ b/roles/kibana/tasks/main.yml @@ -1,12 +1,5 @@ --- -- name: Check for versions - ansible.builtin.fail: - msg: "No OSS package with version later than 7 is available for Kibana" - when: - - elasticstack_release | int > 7 - - elasticstack_variant == "oss" - - name: Include global role ansible.builtin.import_role: name: netways.elasticstack.elasticstack @@ -45,7 +38,6 @@ kibana_package: >- {{ 'kibana' + - ('-oss' if elasticstack_variant == 'oss' else '') + ((elasticstack_versionseparator + elasticstack_version | string ) if (elasticstack_version is defined and elasticstack_version | length > 0)) | @@ -55,7 +47,7 @@ ansible.builtin.package: name: "{{ kibana_package }}" enablerepo: - - 'elastic-{% if elasticstack_variant == "oss" %}oss-{% endif %}{{ elasticstack_release }}.x' + - 'elastic-{{ elasticstack_release }}.x' notify: - Restart Kibana when: diff --git a/roles/logstash/templates/logstash.yml.j2 b/roles/logstash/templates/logstash.yml.j2 index c7d6aced..3a3c5af5 100644 --- a/roles/logstash/templates/logstash.yml.j2 +++ b/roles/logstash/templates/logstash.yml.j2 @@ -16,7 +16,10 @@ pipeline.ecs_compatibility: {{ logstash_global_ecs }} {% if logstash_pipeline_unsafe_shutdown is defined %} pipeline.unsafe_shutdown: {{ logstash_pipeline_unsafe_shutdown }} {% endif %} -{% if logstash_legacy_monitoring | bool and elasticstack_full_stack | bool and elasticstack_variant == "elastic" and elasticstack_release | int < 8 %} +{% if logstash_legacy_monitoring | bool and elasticstack_full_stack | bool and elasticstack_variant == "elastic" %} +{% if elasticstack_release | int >= 9 %} +xpack.monitoring.allow_legacy_collection: true +{% endif %} xpack.monitoring.enabled: true xpack.monitoring.elasticsearch.hosts: [ {% for host in logstash_elasticsearch %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %} ] xpack.monitoring.elasticsearch.username: elastic diff --git a/roles/repos/tasks/debian.yml b/roles/repos/tasks/debian.yml index 225322c3..99515b13 100644 --- a/roles/repos/tasks/debian.yml +++ b/roles/repos/tasks/debian.yml @@ -64,8 +64,6 @@ path: /etc/apt/sources.list.d/artifacts_elastic_co_packages_{{ item }}_x_apt.list state: absent with_items: - - "7" - - "oss-7" - "8" - "oss-8"