diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 076d6dc6..de93a1eb 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -13,14 +13,12 @@ on: - warning - debug pull_request: - push: - branches: - - 'main' merge_group: schedule: - cron: '15 6 * * 4' jobs: kics: + if: github.event.pull_request.draft == false runs-on: ubuntu-latest steps: diff --git a/.github/workflows/test_full_stack.yml b/.github/workflows/test_full_stack.yml deleted file mode 100644 index c065a334..00000000 --- a/.github/workflows/test_full_stack.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -name: Test ElasticStack -on: - workflow_dispatch: - inputs: - logLevel: - description: 'Log level' - required: true - default: 'warning' - type: choice - options: - - info - - warning - - debug - schedule: - - cron: "0 4 * * *" - -jobs: - lint_full: - uses: ./.github/workflows/test_linting.yml - with: - rolename: '' - - molecule_full_stack_every_os: - runs-on: ubuntu-latest - needs: lint_full - - env: - COLLECTION_NAMESPACE: netways - COLLECTION_NAME: elasticstack - - strategy: - fail-fast: false - max-parallel: 1 - matrix: - distro: - - rockylinux9 - - ubuntu2204 - scenario: - - elasticstack_default - release: - - 7 - - 8 - ansible_version: - - "ansible-core>=2.19,<2.20" #Correspond ansible>=12.0,<13.0 - python_version: - - "3.11" - - steps: - - name: Check out code - uses: actions/checkout@v6 - - - name: Set up Python ${{ matrix.python_version }} - uses: actions/setup-python@v6 - with: - python-version: ${{ matrix.python_version }} - - - name: Install dependencies - run: | - python3 -m pip install --upgrade pip - python3 -m pip install "${{ matrix.ansible_version }}" - python3 -m pip install -r requirements-test.txt - - - name: Install collection - run: | - mkdir -p ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE - cp -a ../ansible-collection-$COLLECTION_NAME ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME - - - name: Test with molecule - run: | - ansible --version - molecule --version - molecule test -s ${{ matrix.scenario }} - env: - MOLECULE_DISTRO: ${{ matrix.distro }} - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - ELASTIC_RELEASE: ${{ matrix.release }} diff --git a/.github/workflows/test_linting.yml b/.github/workflows/test_linting.yml index 91b56e40..c8c1497e 100644 --- a/.github/workflows/test_linting.yml +++ b/.github/workflows/test_linting.yml @@ -17,12 +17,10 @@ on: rolename: required: true type: string - pull_request: - branches: - - '*' jobs: lint: + if: github.event.pull_request.draft == false runs-on: ubuntu-latest steps: - name: Check out the codebase. @@ -38,6 +36,10 @@ jobs: python3 -m pip install --upgrade pip python3 -m pip install -r requirements-test.txt + - name: Install Ansible collections + run: | + ansible-galaxy collection install community.crypto community.general + - name: Lint code (yamllint). run: | yamllint . diff --git a/.github/workflows/test_plugins.yml b/.github/workflows/test_plugins.yml index 0045ca84..c043865d 100644 --- a/.github/workflows/test_plugins.yml +++ b/.github/workflows/test_plugins.yml @@ -13,8 +13,6 @@ on: - warning - debug pull_request: - branches: - - 'main' paths: - 'plugins/**' - 'tests/**' @@ -23,6 +21,7 @@ on: jobs: sanity_ansible_18_19: + if: github.event.pull_request.draft == false runs-on: ubuntu-latest env: COLLECTION_NAMESPACE: netways @@ -65,6 +64,7 @@ jobs: ANSIBLE_FORCE_COLOR: '1' sanity_ansible_20: + if: github.event.pull_request.draft == false runs-on: ubuntu-latest env: COLLECTION_NAMESPACE: netways @@ -158,7 +158,7 @@ jobs: fail-fast: false matrix: distro: - - ubuntu2204 + - debian13 scenario: - plugins release: diff --git a/.github/workflows/test_role_beats.yml b/.github/workflows/test_role_beats.yml index 13cd7dc4..6db949e2 100644 --- a/.github/workflows/test_role_beats.yml +++ b/.github/workflows/test_role_beats.yml @@ -13,10 +13,6 @@ on: - warning - debug pull_request: - branches: - - 'feature/**' - - 'fix/**' - - '!doc/**' paths: - 'roles/beats/**' - '.github/workflows/test_role_beats.yml' @@ -24,6 +20,7 @@ on: jobs: lint_beats: + if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: rolename: beats @@ -40,15 +37,14 @@ jobs: fail-fast: false matrix: distro: - - ubuntu2204 + - debian13 scenario: - beats_default - beats_peculiar release: - - 7 - 8 ansible_version: - - "ansible>=9.0,<10.0" #Correspond ansible-core>=2.16,<2.17 + - "ansible-core>=2.19,<2.20" #Correspond ansible>=12.0,<13.0 python_version: - "3.11" diff --git a/.github/workflows/test_role_elasticsearch.yml b/.github/workflows/test_role_elasticsearch.yml index 2ab6adf4..af73ecc3 100644 --- a/.github/workflows/test_role_elasticsearch.yml +++ b/.github/workflows/test_role_elasticsearch.yml @@ -13,10 +13,6 @@ on: - warning - debug pull_request: - branches: - - 'feature/**' - - 'fix/**' - - '!doc/**' paths: - 'roles/elasticsearch/**' - '.github/workflows/test_role_elasticsearch.yml' @@ -24,6 +20,7 @@ on: jobs: lint_elasticsearch: + if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: rolename: elasticsearch @@ -40,14 +37,11 @@ jobs: fail-fast: false matrix: distro: - - ubuntu2204 + - debian13 scenario: - elasticsearch_default - elasticsearch_roles_calculation - - elasticsearch_cluster-oss - - elasticsearch_no-security release: - - 7 - 8 ansible_version: - "ansible-core>=2.19,<2.20" #Correspond ansible>=12.0,<13.0 diff --git a/.github/workflows/test_role_kibana.yml b/.github/workflows/test_role_kibana.yml index c36322c0..dd11e841 100644 --- a/.github/workflows/test_role_kibana.yml +++ b/.github/workflows/test_role_kibana.yml @@ -13,10 +13,6 @@ on: - warning - debug pull_request: - branches: - - 'feature/**' - - 'fix/**' - - '!doc/**' paths: - 'roles/kibana/**' - '.github/workflows/test_role_kibana.yml' @@ -24,6 +20,7 @@ on: jobs: lint_kibana: + if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: rolename: kibana @@ -34,18 +31,17 @@ jobs: runs-on: ubuntu-latest env: - COLLECTION_NAMESPACE: NETWAYS + COLLECTION_NAMESPACE: netways COLLECTION_NAME: elasticstack strategy: fail-fast: false matrix: distro: - - ubuntu2204 + - debian13 scenario: - kibana_default release: - - 7 - 8 ansible_version: - "ansible-core>=2.19,<2.20" #Correspond ansible>=12.0,<13.0 diff --git a/.github/workflows/test_role_logstash.yml b/.github/workflows/test_role_logstash.yml index 4eb2cbe4..9f133ed0 100644 --- a/.github/workflows/test_role_logstash.yml +++ b/.github/workflows/test_role_logstash.yml @@ -13,10 +13,6 @@ on: - warning - debug pull_request: - branches: - - 'feature/**' - - 'fix/**' - - '!doc/**' paths: - 'roles/logstash/**' - '.github/workflows/test_role_logstash.yml' @@ -24,6 +20,7 @@ on: jobs: lint_logstash: + if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: rolename: logstash @@ -40,13 +37,11 @@ jobs: strategy: fail-fast: false matrix: - distro: [ubuntu2204] + distro: [debian13] scenario: - - logstash_full_stack-oss - logstash_specific_version - logstash_pipelines release: - - 7 - 8 ansible_version: - "ansible-core>=2.19,<2.20" #Correspond ansible>=12.0,<13.0 diff --git a/.github/workflows/test_role_repos.yml b/.github/workflows/test_role_repos.yml index 979a709f..4b9a4bae 100644 --- a/.github/workflows/test_role_repos.yml +++ b/.github/workflows/test_role_repos.yml @@ -12,10 +12,6 @@ on: - warning - debug pull_request: - branches: - - 'feature/**' - - 'fix/**' - - '!doc/**' paths: - 'roles/repos/**' - '.github/workflows/test_role_repos.yml' @@ -23,6 +19,7 @@ on: jobs: lint_repos: + if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: rolename: repos @@ -48,7 +45,6 @@ jobs: - repos_default - repos_oss release: - - 7 - 8 ansible_version: - "ansible-core>=2.19,<2.20" #Correspond ansible>=12.0,<13.0 diff --git a/.github/workflows/test_roles_pr.yml b/.github/workflows/test_roles_pr.yml index f0d0245e..b7438c97 100644 --- a/.github/workflows/test_roles_pr.yml +++ b/.github/workflows/test_roles_pr.yml @@ -13,15 +13,24 @@ on: - warning - debug pull_request: + paths: + - 'roles/**' + - 'molecule/elasticstack_default/**' + - 'requirements-test.txt' + - '.yamllint' + - '.config/ansible-lint.yml' + - 'galaxy.yml' + - '.github/workflows/test_roles_pr.yml' merge_group: jobs: lint_full: + if: github.event.pull_request.draft == false uses: ./.github/workflows/test_linting.yml with: rolename: '' - molecule_full_stack: + molecule_full_stack_ansible_19: runs-on: ubuntu-latest needs: lint_full @@ -38,7 +47,6 @@ jobs: scenario: - elasticstack_default release: - - 7 - 8 python_version: - "3.11" @@ -75,3 +83,58 @@ jobs: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' ELASTIC_RELEASE: ${{ matrix.release }} + + + molecule_full_stack_ansible_20: + runs-on: ubuntu-latest + needs: lint_full + + env: + COLLECTION_NAMESPACE: netways + COLLECTION_NAME: elasticstack + + strategy: + fail-fast: false + matrix: + distro: + - rockylinux9 + - ubuntu2204 + scenario: + - elasticstack_default + release: + - 8 + python_version: + - "3.14" + ansible_version: + - "ansible-core>=2.20,<2.21" #Correspond ansible>=13.0,<14.0 + + steps: + - name: Check out code + uses: actions/checkout@v6 + + - name: Set up Python ${{ matrix.python_version }} + uses: actions/setup-python@v6 + with: + python-version: ${{ matrix.python_version }} + + - name: Install dependencies + run: | + python3 -m pip install --upgrade pip + python3 -m pip install "${{ matrix.ansible_version }}" + python3 -m pip install -r requirements-test.txt + + - name: Install collection + run: | + mkdir -p ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE + cp -a ../ansible-collection-$COLLECTION_NAME ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME + + - name: Test with molecule + run: | + ansible --version + molecule --version + molecule test -s ${{ matrix.scenario }} + env: + MOLECULE_DISTRO: ${{ matrix.distro }} + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + ELASTIC_RELEASE: ${{ matrix.release }} diff --git a/README.md b/README.md index b5dad47e..e1bfcd67 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ # Ansible Collection - netways.elasticstack -![Test ElasticStack](https://github.com/NETWAYS/ansible-collection-elasticstack/actions/workflows/test_full_stack.yml/badge.svg) > [!CAUTION] > The current main branch has some breaking changes. Be careful using it! Everything after commit 3d6673f6d526afeb0fd7ba382d067d76bd10bbd6 is affected! @@ -65,16 +64,8 @@ You may want the following Ansible roles installed. There other ways to achieve We test the collection on the following Linux distributions. Each one with Elastic Stack 7 and 8. * Rocky Linux 9 -* Rocky Linux 8 * Ubuntu 22.04 LTS -* Ubuntu 20.04 LTS -* Debian 11 -* Debian 10 -* CentOS 8 - -We know from personal experience, that the collections work in following combinations. Missing tests mostly come from incompatibilties between the distribution and our testing environment, not from problems with the collection itself. - -* CentOS 7 - Elastic Stack 7 +* Debian 13 ## Caveats and information for long time users @@ -230,12 +221,6 @@ The execution order of the roles is important! (see below) Every kind of contribution is very welcome. Open [issues](https://github.com/NETWAYS/ansible-collection-elasticstack/issues) or provide [pull requests](https://github.com/NETWAYS/ansible-collection-elasticstack/pulls). -Please note that we have some actions bound to specific names of branches. So please stick to the following naming scheme: - -* `fix/` as a prefix for every branch that fixes a problem -* `feature/` for every branch that enhances the code with new features -* `doc/` as a prefix for every branch that only changes documentation - For now we open pull requests against `main`. We are planning to introduce dedicated branches to support older versions without breaking changes. Since we don't need them for now, please check back with this section because when we decided on how to proceed, you will find the information here. For now `main` always has the newest changes and if you want a stable version, please use the newest release. ## Testing diff --git a/docs/role-elasticsearch.md b/docs/role-elasticsearch.md index 1be8ce3b..177e337a 100644 --- a/docs/role-elasticsearch.md +++ b/docs/role-elasticsearch.md @@ -29,7 +29,7 @@ Role Variables * *elasticsearch_disable_systemcallfilterchecks*: Disable system call filter checks. This has a security impact but is necessary on some systems. Please refer to the [docs](https://www.elastic.co/guide/en/elasticsearch/reference/7.17/_system_call_filter_check.html) for details. (default: `false`) * *elasticsearch_http_publish_host*: (String) The network address for HTTP clients to contact the node using sniffing. Accepts an IP address, a hostname, or a special value. (default: `not set`) * *elasticsearch_http_publish_port*: (integer) The port of the HTTP publish address. Configure this setting only if you need the publish port to be different from http.port. (default: `not set`) -* *elasticsearch_check_calculation*: End play in checks (Default: `false`) +* *elasticsearch_check_calculation*: When set to `true`, the elasticsearch Ansible role runs **only** the node role validation checks and then immediately stops execution on each host via `meta: end_host`. Elasticsearch is **not installed, configured, or started**. The validation checks include: deriving the node role (`master`, `data`, or `other`) from `elasticsearch_node_types`, grouping nodes accordingly, and asserting that the number of master-eligible nodes is odd (required for a valid quorum). This is useful both in production (e.g. as a pre-flight validation before scaling or reconfiguring a cluster) and in CI to quickly verify your inventory topology without the cost of a full deployment. (Default: `false`) * *elasticsearch_network_host*: You can configure multipe network addresses where the networking is bind to. You can assign IP addresses or interfaces by their names. You can also use elasticsearch internal variabels as it set as default. Example: `"_ens190_,_local_"` (Default: `"_local_,"_site_"`) (Optional; if not defined `default` is used) * *elasticsearch_api_host*: Hostname or IP elasticsearch is listening on. Only used for connection checks by ansible role. (Default: `localhost`) * *elasticsearch_extra_config*: You can set additional configuration in YAML-notation as you would write in the `elasaticsearch.yml`. Example: diff --git a/molecule/beats_default/molecule.yml b/molecule/beats_default/molecule.yml index 0ed92435..a6458a8d 100644 --- a/molecule/beats_default/molecule.yml +++ b/molecule/beats_default/molecule.yml @@ -1,10 +1,14 @@ --- dependency: name: galaxy + options: + requirements-file: requirements.yml driver: name: docker platforms: - name: beats_default_${MOLECULE_DISTRO:-debian13} + groups: + - elasticsearch image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: @@ -14,5 +18,7 @@ platforms: pre_build_image: true provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: $MOLECULE_EPHEMERAL_DIRECTORY/roles:${HOME}/.ansible/roles:$MOLECULE_PROJECT_DIRECTORY/roles verifier: name: ansible diff --git a/molecule/beats_default/requirements.yml b/molecule/beats_default/requirements.yml new file mode 100644 index 00000000..6a2f32cb --- /dev/null +++ b/molecule/beats_default/requirements.yml @@ -0,0 +1,4 @@ +--- +collections: + - name: community.crypto + version: ">=2.15.0,<3.0.0" # Support python 3.9 on target host e.g. Rocky 9 diff --git a/molecule/beats_default/verify.yml b/molecule/beats_default/verify.yml index 86afba4f..e26d1989 100644 --- a/molecule/beats_default/verify.yml +++ b/molecule/beats_default/verify.yml @@ -1,9 +1,29 @@ --- -# This is an example playbook to execute Ansible tests. - -- name: Verify +- name: Verify Beats deployment hosts: all tasks: - - name: Example assertion - ansible.builtin.assert: - that: true + - name: Check filebeat binary exists + ansible.builtin.stat: + path: /usr/share/filebeat/bin/filebeat + register: filebeat_binary + + - name: Assert filebeat binary exists + ansible.builtin.assert: + that: filebeat_binary.stat.exists + fail_msg: "Filebeat binary not found" + + - name: Check filebeat configuration file exists + ansible.builtin.stat: + path: /etc/filebeat/filebeat.yml + register: filebeat_config + + - name: Assert filebeat config exists + ansible.builtin.assert: + that: filebeat_config.stat.exists + fail_msg: "Filebeat configuration file not found" + + - name: Run filebeat config syntax check + ansible.builtin.command: filebeat test config -c /etc/filebeat/filebeat.yml + register: filebeat_config_test + changed_when: false + failed_when: filebeat_config_test.rc != 0 diff --git a/molecule/beats_peculiar/converge.yml b/molecule/beats_peculiar/converge.yml index e5a46244..fd020406 100644 --- a/molecule/beats_peculiar/converge.yml +++ b/molecule/beats_peculiar/converge.yml @@ -40,12 +40,6 @@ elasticstack_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" tasks: - - name: Set Filebeat version for 7.x - ansible.builtin.set_fact: - elasticstack_version: "7.17.1" - when: - - elasticstack_release == 7 - - name: Set Filebeat version for 8.x ansible.builtin.set_fact: elasticstack_version: "8.4.1" diff --git a/molecule/beats_peculiar/molecule.yml b/molecule/beats_peculiar/molecule.yml index d3562ba4..d0466392 100644 --- a/molecule/beats_peculiar/molecule.yml +++ b/molecule/beats_peculiar/molecule.yml @@ -1,10 +1,14 @@ --- dependency: name: galaxy + options: + requirements-file: requirements.yml driver: name: docker platforms: - name: beats_peculiar_${MOLECULE_DISTRO:-debian13} + groups: + - elasticsearch image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: @@ -14,5 +18,7 @@ platforms: pre_build_image: true provisioner: name: ansible + env: + ANSIBLE_ROLES_PATH: $MOLECULE_EPHEMERAL_DIRECTORY/roles:${HOME}/.ansible/roles:$MOLECULE_PROJECT_DIRECTORY/roles verifier: name: ansible diff --git a/molecule/beats_peculiar/requirements.yml b/molecule/beats_peculiar/requirements.yml new file mode 100644 index 00000000..6a2f32cb --- /dev/null +++ b/molecule/beats_peculiar/requirements.yml @@ -0,0 +1,4 @@ +--- +collections: + - name: community.crypto + version: ">=2.15.0,<3.0.0" # Support python 3.9 on target host e.g. Rocky 9 diff --git a/molecule/beats_peculiar/verify.yml b/molecule/beats_peculiar/verify.yml index c7aa9fd5..d6334ab1 100644 --- a/molecule/beats_peculiar/verify.yml +++ b/molecule/beats_peculiar/verify.yml @@ -13,13 +13,6 @@ ansible.builtin.debug: var: beats_filebeat_version.stdout - - name: Fail if Filebeat has the wrong version - ansible.builtin.fail: - msg: "Filebeat has the wrong version" - when: - - beats_filebeat_version.stdout.find('7.17.1') == -1 - - elasticstack_release == 7 - - name: Fail if Filebeat has the wrong version ansible.builtin.fail: msg: "Filebeat has the wrong version" diff --git a/molecule/elasticsearch_cluster-oss/converge.yml b/molecule/elasticsearch_cluster-oss/converge.yml deleted file mode 100644 index ea69ec89..00000000 --- a/molecule/elasticsearch_cluster-oss/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# The workaround for arbitrarily named role directory is important because the git repo has one name and the role within it another -# Found at: https://github.com/ansible-community/molecule/issues/1567#issuecomment-436876722 -- name: Converge - collections: - - netways.elasticstack - hosts: all - vars: - elasticstack_variant: oss - elasticsearch_jna_workaround: true - elasticsearch_disable_systemcallfilterchecks: true - elasticstack_release: 7 - elasticsearch_heap: "1" - elasticstack_no_log: false - tasks: - - name: Include Elastics repos role - ansible.builtin.include_role: - name: repos - - name: Include Elasticsearch - ansible.builtin.include_role: - name: elasticsearch diff --git a/molecule/elasticsearch_cluster-oss/molecule.yml b/molecule/elasticsearch_cluster-oss/molecule.yml deleted file mode 100644 index 160c5275..00000000 --- a/molecule/elasticsearch_cluster-oss/molecule.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: requirements.yml -driver: - name: docker -platforms: - - name: "elasticsearch-cluster1-${MOLECULE_DISTRO:-debian13}" - groups: - - elasticsearch - image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - privileged: true - pre_build_image: true - - name: "elasticsearch-cluster2-${MOLECULE_DISTRO:-debian13}" - groups: - - elasticsearch - image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - privileged: true - pre_build_image: true -provisioner: - name: ansible -verifier: - name: ansible diff --git a/molecule/elasticsearch_cluster-oss/prepare.yml b/molecule/elasticsearch_cluster-oss/prepare.yml deleted file mode 100644 index 2bf1ed5e..00000000 --- a/molecule/elasticsearch_cluster-oss/prepare.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Prepare - hosts: all - tasks: - - name: Show discovered interpreter - debug: - var: ansible_facts.discovered_interpreter_python - - - name: Install packages for Debian - ansible.builtin.apt: - name: - - gpg - - gpg-agent - - procps - - curl - - iproute2 - - git - - openssl - update_cache: yes diff --git a/molecule/elasticsearch_cluster-oss/requirements.yml b/molecule/elasticsearch_cluster-oss/requirements.yml deleted file mode 100644 index 8dd51618..00000000 --- a/molecule/elasticsearch_cluster-oss/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -collections: - - community.general diff --git a/molecule/elasticsearch_default/verify.yml b/molecule/elasticsearch_default/verify.yml new file mode 100644 index 00000000..46c55b71 --- /dev/null +++ b/molecule/elasticsearch_default/verify.yml @@ -0,0 +1,53 @@ +--- +- name: Verify Elasticsearch deployment + hosts: elasticsearch + vars: + elasticstack_elasticsearch_http_port: 9200 + elasticstack_initial_passwords: /usr/share/elasticsearch/initial_passwords + tasks: + - name: Fetch Elastic password # noqa: risky-shell-pipe + ansible.builtin.shell: > + if test -n "$(ps -p $$ | grep bash)"; then set -o pipefail; fi; + grep "PASSWORD elastic" {{ elasticstack_initial_passwords }} | + awk {' print $4 '} + register: elastic_pass + changed_when: false + run_once: true + + - name: Check Elasticsearch cluster health + ansible.builtin.uri: + url: "https://localhost:{{ elasticstack_elasticsearch_http_port }}/_cluster/health" + method: GET + force_basic_auth: true + user: elastic + password: "{{ elastic_pass.stdout }}" + validate_certs: false + status_code: 200 + return_content: true + register: cluster_health + until: cluster_health.json is defined and cluster_health.json.status == "green" + retries: 20 + delay: 15 + + - name: Check all nodes are visible + ansible.builtin.uri: + url: "https://localhost:{{ elasticstack_elasticsearch_http_port }}/_cat/nodes" + method: GET + force_basic_auth: true + user: elastic + password: "{{ elastic_pass.stdout }}" + validate_certs: false + status_code: 200 + return_content: true + register: nodes_output + until: nodes_output.status == 200 + retries: 6 + delay: 15 + + - name: Assert all expected nodes are present by name + ansible.builtin.assert: + that: + - item | replace('_', '') in nodes_output.content + fail_msg: "{{ item }} was not found in cluster nodes" + success_msg: "{{ item }} found in cluster nodes" + loop: "{{ groups['elasticsearch'] }}" diff --git a/molecule/elasticsearch_no-security/converge.yml b/molecule/elasticsearch_no-security/converge.yml deleted file mode 100644 index b8fd37cc..00000000 --- a/molecule/elasticsearch_no-security/converge.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# The workaround for arbitrarily named role directory is important because the git repo has one name and the role within it another -# Found at: https://github.com/ansible-community/molecule/issues/1567#issuecomment-436876722 -- name: Converge - collections: - - netways.elasticstack - hosts: all - vars: - elasticsearch_security: false - elasticstack_security: false - elasticsearch_jna_workaround: true - elasticsearch_disable_systemcallfilterchecks: true - elasticsearch_heap: "1" - elasticstack_release: 7 - elasticstack_no_log: false - elasticstack_elasticsearch_group_name: elasticsearchXYZ - tasks: - - name: Include Elastics repos role - ansible.builtin.include_role: - name: repos - - name: Include Elasticsearch - ansible.builtin.include_role: - name: elasticsearch diff --git a/molecule/elasticsearch_no-security/molecule.yml b/molecule/elasticsearch_no-security/molecule.yml deleted file mode 100644 index 112b7cdb..00000000 --- a/molecule/elasticsearch_no-security/molecule.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: requirements.yml -driver: - name: docker -platforms: - - name: "elasticsearch-nosecurity1-${MOLECULE_DISTRO:-debian13}" - groups: - - elasticsearchXYZ - image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - privileged: true - pre_build_image: true - - name: "elasticsearch-nosecurity2-${MOLECULE_DISTRO:-debian13}" - groups: - - elasticsearchXYZ - image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - privileged: true - pre_build_image: true -provisioner: - name: ansible -verifier: - name: ansible diff --git a/molecule/elasticsearch_no-security/prepare.yml b/molecule/elasticsearch_no-security/prepare.yml deleted file mode 100644 index a4d70b7d..00000000 --- a/molecule/elasticsearch_no-security/prepare.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Prepare - hosts: all - tasks: - - name: Show discovered interpreter - debug: - var: ansible_facts.discovered_interpreter_python - - - name: Install packages for Debian - ansible.builtin.apt: - name: - - gpg - - gpg-agent - - procps - - curl - - iproute2 - - git - update_cache: yes - when: ansible_os_family == "Debian" diff --git a/molecule/elasticsearch_no-security/requirements.yml b/molecule/elasticsearch_no-security/requirements.yml deleted file mode 100644 index 8dd51618..00000000 --- a/molecule/elasticsearch_no-security/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -collections: - - community.general diff --git a/molecule/elasticsearch_no-security/verify.yml b/molecule/elasticsearch_no-security/verify.yml deleted file mode 100644 index 83c81352..00000000 --- a/molecule/elasticsearch_no-security/verify.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Verify - hosts: all - vars: - elasticstack_elasticsearch_http_port: 9200 - elasticstack_elasticsearch_group_name: elasticsearchXYZ - tasks: - -# Remember, this is the no-security scenario. So no https -# The comment below will create an exception for KICS security scan - - name: Health check - ansible.builtin.uri: -# kics-scan ignore-line - url: http://localhost:{{ elasticstack_elasticsearch_http_port }}/_cluster/health - method: GET - return_content: yes - status_code: 200 - validate_certs: false - register: result - until: result.json.status == "green" - retries: 6 - delay: 10 - when: groups[elasticstack_elasticsearch_group_name] | length > 1 - - - name: Node check - ansible.builtin.uri: -# kics-scan ignore-line - url: http://localhost:{{ elasticstack_elasticsearch_http_port }}/_cat/nodes - method: GET - return_content: yes - status_code: 200 - validate_certs: false - register: nodes - when: groups[elasticstack_elasticsearch_group_name] | length > 1 - - - name: Check if all Nodes see each other - ansible.builtin.assert: - that: - - "'{{ item }}' in nodes.content" - fail_msg: "'{{ item }}' was not found in nodes.content" - success_msg: "'{{ item }}' was found in nodes.content" - with_inventory_hostnames: all - when: groups[elasticstack_elasticsearch_group_name] | length > 1 diff --git a/molecule/elasticsearch_roles_calculation/converge.yml b/molecule/elasticsearch_roles_calculation/converge.yml index e64a9e0f..dd206828 100644 --- a/molecule/elasticsearch_roles_calculation/converge.yml +++ b/molecule/elasticsearch_roles_calculation/converge.yml @@ -8,7 +8,7 @@ vars: elasticsearch_jna_workaround: true elasticsearch_disable_systemcallfilterchecks: true - elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" + elasticstack_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" elasticsearch_node_types: - master - data diff --git a/molecule/kibana_default/molecule.yml b/molecule/kibana_default/molecule.yml index 26455953..06044bca 100644 --- a/molecule/kibana_default/molecule.yml +++ b/molecule/kibana_default/molecule.yml @@ -5,6 +5,8 @@ driver: name: docker platforms: - name: "kibana_default-${MOLECULE_DISTRO:-debian13}" + groups: + - elasticsearch image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: diff --git a/molecule/kibana_default/verify.yml b/molecule/kibana_default/verify.yml new file mode 100644 index 00000000..5859b447 --- /dev/null +++ b/molecule/kibana_default/verify.yml @@ -0,0 +1,16 @@ +--- +- name: Verify Kibana deployment + hosts: all + tasks: + - name: Gather service facts + ansible.builtin.service_facts: + + - name: Assert Kibana service is running + ansible.builtin.assert: + that: ansible_facts.services['kibana.service'].state == 'running' + fail_msg: "Kibana service is not running" + + - name: Wait for Kibana port to be available + ansible.builtin.wait_for: + port: 5601 + timeout: 120 diff --git a/molecule/logstash_full_stack-oss/converge.yml b/molecule/logstash_full_stack-oss/converge.yml deleted file mode 100644 index 5f163e7a..00000000 --- a/molecule/logstash_full_stack-oss/converge.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# The workaround for arbitrarily named role directory is important because the -# git repo has one name and the role within it another -# Found at: -# https://github.com/ansible-community/molecule/issues/1567#issuecomment-436876722 -# -# Currently security is not implemented with OSS. We leave the variable set -# to check for handling of misconfiguration (and be prepared for upcoming -# implementations) -# But we need to deactivate security in Elasticsearch to not lock out -# Logstash -- name: Converge - hosts: all - collections: - - netways.elasticstack - vars: - elasticstack_full_stack: true - elasticstack_variant: oss - logstash_security: false - logstash_pipeline_unsafe_shutdown: true - elasticstack_security: false - beats_filebeat_journald: true - logstash_beats_tls: false - elasticstack_release: 7 - elasticstack_no_log: false - tasks: - - name: "Include Elastics repos role" - ansible.builtin.include_role: - name: repos - - name: "Include Elasticsearch role" - ansible.builtin.include_role: - name: elasticsearch - - name: "Include Beats" - ansible.builtin.include_role: - name: beats - - name: "Include Redis" - ansible.builtin.include_role: - name: geerlingguy.redis - - name: "Include Logstash" - ansible.builtin.include_role: - name: logstash diff --git a/molecule/logstash_full_stack-oss/molecule.yml b/molecule/logstash_full_stack-oss/molecule.yml deleted file mode 100644 index 2f3cd65a..00000000 --- a/molecule/logstash_full_stack-oss/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: requirements.yml -driver: - name: docker -platforms: - - name: "logstash-full-oss-${MOLECULE_DISTRO:-debian13}" - groups: - - elasticsearch - - logstash - - filebeat - image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian13}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - cgroupns_mode: host - privileged: true - pre_build_image: true -provisioner: - name: ansible - env: - ANSIBLE_ROLES_PATH: $MOLECULE_EPHEMERAL_DIRECTORY/roles:${HOME}/.ansible/roles:$MOLECULE_PROJECT_DIRECTORY/roles -verifier: - name: ansible diff --git a/molecule/logstash_full_stack-oss/prepare.yml b/molecule/logstash_full_stack-oss/prepare.yml deleted file mode 100644 index 9cc68f65..00000000 --- a/molecule/logstash_full_stack-oss/prepare.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Prepare - hosts: all - tasks: - - name: Show discovered interpreter - debug: - var: ansible_facts.discovered_interpreter_python - - - name: Install packages for Debian - ansible.builtin.apt: - name: - - gpg - - gpg-agent - - procps - - curl - - git - update_cache: yes diff --git a/molecule/logstash_full_stack-oss/requirements.yml b/molecule/logstash_full_stack-oss/requirements.yml deleted file mode 100644 index 1c0204d5..00000000 --- a/molecule/logstash_full_stack-oss/requirements.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -roles: - # Versions higher than 1.6.0 seem to have a problem with idempotency on rocky 9 python 3.9, NOT on ubuntu2204 python 3.10 - - name: geerlingguy.redis - version: "1.6.0" - -collections: - - community.general diff --git a/molecule/logstash_full_stack-oss/verify.yml b/molecule/logstash_full_stack-oss/verify.yml deleted file mode 100644 index fc4bcc65..00000000 --- a/molecule/logstash_full_stack-oss/verify.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# This is an example playbook to execute Ansible tests. - -- name: Check if Logstash configuration does what it should - hosts: all - vars: - elasticstack_elasticsearch_http_port: 9200 - elasticstack_beats_port: 5044 - tasks: - - name: Give some time for tools to connect - ansible.builtin.wait_for: - timeout: 120 - - name: Run syntax check - ansible.builtin.command: "/usr/share/logstash/bin/logstash --path.settings=/etc/logstash -t" - when: "'logstash' in group_names" - - name: Query for Logstasch indices - ansible.builtin.shell: > - curl -s http://localhost:{{ elasticstack_elasticsearch_http_port }}/_cat/indices | - grep logstash | - awk {' print $7 '} | - sort -n | - tail -1 - register: logstash_count - when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names" - - name: Show full output - ansible.builtin.debug: - var: logstash_count - when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names" - - name: Fail when logstash is empty - ansible.builtin.fail: - msg: "Logstash Index is empty" - when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names and logstash_count.stdout == 0" - - name: Show number of received events - ansible.builtin.debug: - msg: "Elasticsearch received {{ logstash_count.stdout }} events so far" - when: "elasticstack_elasticsearch_group_name is defined and elasticstack_elasticsearch_group_name in group_names" diff --git a/molecule/logstash_pipelines/converge.yml b/molecule/logstash_pipelines/converge.yml index 34843d35..4c2c8cce 100644 --- a/molecule/logstash_pipelines/converge.yml +++ b/molecule/logstash_pipelines/converge.yml @@ -13,8 +13,12 @@ logstash_pipelines: - name: syslog exclusive: false - source: https://github.com/widhalmt/syslog-logstash-pipeline.git - version: bca66fd6f086a89a4b737103f5c339f66782c78e + source: https://github.com/NETWAYS/syslog-logstash-pipeline.git + version: 1183c7544d07487ab24c70213b7172133e9bbb6d + - name: filebeat + exclusive: false + source: https://github.com/NETWAYS/filebeat-logstash-pipeline.git + version: 97a85f140e0be8d941085b210f7ca9a604088455 - name: icinga exclusive: false source: https://github.com/Icinga/icinga-logstash-pipeline.git diff --git a/molecule/logstash_pipelines/verify.yml b/molecule/logstash_pipelines/verify.yml index 133e16cd..208b65a3 100644 --- a/molecule/logstash_pipelines/verify.yml +++ b/molecule/logstash_pipelines/verify.yml @@ -1,51 +1,43 @@ --- -# This is an example playbook to execute Ansible tests. - - name: Check if Logstash configuration does what it should hosts: all vars: elasticstack_beats_port: 5044 tasks: - - name: Run syntax check - ansible.builtin.command: "/usr/share/logstash/bin/logstash --path.settings=/etc/logstash -t" - changed_when: false + - name: Run syntax check + ansible.builtin.command: "/usr/share/logstash/bin/logstash --path.settings=/etc/logstash -t" + changed_when: false + + - name: Check for open port tcp {{ elasticstack_beats_port }} + ansible.builtin.wait_for: + port: "{{ elasticstack_beats_port }}" + + - name: Check syslog pipeline directory exists + ansible.builtin.stat: + path: /etc/logstash/conf.d/syslog + register: syslog_pipeline_dir + + - name: Assert syslog pipeline directory exists + ansible.builtin.assert: + that: syslog_pipeline_dir.stat.isdir + fail_msg: "Syslog pipeline directory not found" - - name: Check for open port tcp {{ elasticstack_beats_port }} - ansible.builtin.wait_for: - port: "{{ elasticstack_beats_port }}" + - name: Check filebeat pipeline directory exists + ansible.builtin.stat: + path: /etc/logstash/conf.d/filebeat + register: filebeat_pipeline_dir - - name: Create Syslog input - ansible.builtin.copy: - dest: /etc/logstash/conf.d/syslog/input.conf - content: | - input { - redis { - key => "input" - host => "localhost" - data_type => "list" - } - } - mode: preserve - owner: root - group: root + - name: Assert filebeat pipeline directory exists + ansible.builtin.assert: + that: filebeat_pipeline_dir.stat.isdir + fail_msg: "Filebeat pipeline directory not found" - - name: Create Syslog output - ansible.builtin.copy: - dest: /etc/logstash/conf.d/syslog/output.conf - content: | - output { - redis { - key => "input" - host => "localhost" - data_type => "list" - } - } - mode: preserve - owner: root - group: root + - name: Check icinga pipeline directory exists + ansible.builtin.stat: + path: /etc/logstash/conf.d/icinga + register: icinga_pipeline_dir - - name: Update Pipeline code - ansible.builtin.git: - repo: https://github.com/widhalmt/syslog-logstash-pipeline.git - dest: /etc/logstash/conf.d/syslog/ - version: master + - name: Assert icinga pipeline directory exists + ansible.builtin.assert: + that: icinga_pipeline_dir.stat.isdir + fail_msg: "Icinga pipeline directory not found" diff --git a/molecule/logstash_specific_version/converge.yml b/molecule/logstash_specific_version/converge.yml index cabf8ae4..4c129cfd 100644 --- a/molecule/logstash_specific_version/converge.yml +++ b/molecule/logstash_specific_version/converge.yml @@ -18,12 +18,6 @@ elasticstack_no_log: false tasks: - - name: Set Filebeat version for 7.x - ansible.builtin.set_fact: - elasticstack_version: "7.17.1" - when: - - elasticstack_release == 7 - - name: Set Filebeat version for 8.x ansible.builtin.set_fact: elasticstack_version: "8.4.1" diff --git a/molecule/logstash_specific_version/verify.yml b/molecule/logstash_specific_version/verify.yml index 788e70f4..d29c102a 100644 --- a/molecule/logstash_specific_version/verify.yml +++ b/molecule/logstash_specific_version/verify.yml @@ -9,13 +9,6 @@ ansible.builtin.command: "/usr/share/logstash/bin/logstash --version | grep ^logstash" register: logstash_version - - name: Fail if Logstash has the wrong version - ansible.builtin.fail: - msg: "Logstash has the wrong version" - when: - - logstash_version.stdout.find('7.17.1') == -1 - - elasticstack_release == 7 - - name: Fail if Logstash has the wrong version ansible.builtin.fail: msg: "Logstash has the wrong version" diff --git a/molecule/repos_default/molecule.yml b/molecule/repos_default/molecule.yml index 0ef3c688..a2e83a8a 100644 --- a/molecule/repos_default/molecule.yml +++ b/molecule/repos_default/molecule.yml @@ -1,8 +1,6 @@ --- dependency: name: galaxy - options: - requirements-file: requirements.yml driver: name: docker platforms: diff --git a/molecule/repos_default/requirements.yml b/molecule/repos_default/requirements.yml deleted file mode 100644 index f212a672..00000000 --- a/molecule/repos_default/requirements.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -collections: - - community.general diff --git a/molecule/repos_default/verify.yml b/molecule/repos_default/verify.yml index d0511758..afc9e532 100644 --- a/molecule/repos_default/verify.yml +++ b/molecule/repos_default/verify.yml @@ -1,9 +1,43 @@ --- -# This is an example playbook to execute Ansible tests. - -- name: Verify +- name: Verify Elastic repositories are configured hosts: all tasks: - - name: Install Kibana - ansible.builtin.package: - name: kibana + - name: Check Elastic apt repo file exists (Debian) + ansible.builtin.stat: + path: /etc/apt/sources.list.d/elasticstack.list + register: apt_repo_file + when: ansible_os_family == "Debian" + + - name: Assert Elastic apt repo file exists (Debian) + ansible.builtin.assert: + that: apt_repo_file.stat.exists + fail_msg: "Elastic apt repository file not found" + when: ansible_os_family == "Debian" + + - name: Check Elastic GPG key exists (Debian) + ansible.builtin.stat: + path: /usr/share/keyrings/elasticsearch.asc + register: apt_gpg_key + when: ansible_os_family == "Debian" + + - name: Assert Elastic GPG key exists (Debian) + ansible.builtin.assert: + that: apt_gpg_key.stat.exists + fail_msg: "Elastic GPG key not found" + when: ansible_os_family == "Debian" + + - name: Check Elastic yum repo file exists (RedHat) + ansible.builtin.stat: + path: /etc/yum.repos.d/elastic-release.repo + register: yum_repo_file + when: ansible_os_family == "RedHat" + + - name: Assert Elastic yum repo file exists (RedHat) + ansible.builtin.assert: + that: yum_repo_file.stat.exists + fail_msg: "Elastic yum repository file not found" + when: ansible_os_family == "RedHat" + + - name: Install Kibana + ansible.builtin.package: + name: kibana diff --git a/molecule/repos_oss/converge.yml b/molecule/repos_oss/converge.yml index 49416223..a3efb7ef 100644 --- a/molecule/repos_oss/converge.yml +++ b/molecule/repos_oss/converge.yml @@ -8,7 +8,7 @@ vars: elasticstack_variant: oss elasticstack_rpm_workaround: true - elasticstack_release: 7 + elasticstack_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}" elasticstack_no_log: false tasks: - name: "Include Elastic Repos" diff --git a/molecule/repos_oss/molecule.yml b/molecule/repos_oss/molecule.yml index c5a34bfe..208559b6 100644 --- a/molecule/repos_oss/molecule.yml +++ b/molecule/repos_oss/molecule.yml @@ -1,8 +1,6 @@ --- dependency: name: galaxy - options: - requirements-file: requirements.yml driver: name: docker platforms: diff --git a/molecule/repos_oss/requirements.yml b/molecule/repos_oss/requirements.yml deleted file mode 100644 index f212a672..00000000 --- a/molecule/repos_oss/requirements.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -collections: - - community.general diff --git a/molecule/repos_oss/verify.yml b/molecule/repos_oss/verify.yml index da54380e..098032eb 100644 --- a/molecule/repos_oss/verify.yml +++ b/molecule/repos_oss/verify.yml @@ -1,9 +1,43 @@ --- -# This is an example playbook to execute Ansible tests. - -- name: Verify +- name: Verify Elastic OSS repositories are configured hosts: all tasks: - - name: Install logstash-oss - ansible.builtin.package: - name: logstash-oss + - name: Check Elastic OSS apt repo file exists (Debian) + ansible.builtin.stat: + path: /etc/apt/sources.list.d/elasticstack.list + register: apt_repo_file + when: ansible_os_family == "Debian" + + - name: Assert Elastic OSS apt repo file exists (Debian) + ansible.builtin.assert: + that: apt_repo_file.stat.exists + fail_msg: "Elastic OSS apt repository file not found" + when: ansible_os_family == "Debian" + + - name: Check Elastic GPG key exists (Debian) + ansible.builtin.stat: + path: /usr/share/keyrings/elasticsearch.asc + register: apt_gpg_key + when: ansible_os_family == "Debian" + + - name: Assert Elastic GPG key exists (Debian) + ansible.builtin.assert: + that: apt_gpg_key.stat.exists + fail_msg: "Elastic GPG key not found" + when: ansible_os_family == "Debian" + + - name: Check Elastic OSS yum repo file exists (RedHat) + ansible.builtin.stat: + path: /etc/yum.repos.d/elastic-oss-release.repo + register: yum_repo_file + when: ansible_os_family == "RedHat" + + - name: Assert Elastic OSS yum repo file exists (RedHat) + ansible.builtin.assert: + that: yum_repo_file.stat.exists + fail_msg: "Elastic OSS yum repository file not found" + when: ansible_os_family == "RedHat" + + - name: Install logstash-oss + ansible.builtin.package: + name: logstash-oss diff --git a/roles/beats/meta/main.yml b/roles/beats/meta/main.yml index ff8fd4d9..944440e2 100644 --- a/roles/beats/meta/main.yml +++ b/roles/beats/meta/main.yml @@ -13,7 +13,10 @@ galaxy_info: - "9" - name: Ubuntu versions: - - "22.04" + - "jammy" + - name: Debian + versions: + - "trixie" galaxy_tags: - beats - filebeat diff --git a/roles/elasticsearch/meta/main.yml b/roles/elasticsearch/meta/main.yml index 428762b2..ffc7f24c 100644 --- a/roles/elasticsearch/meta/main.yml +++ b/roles/elasticsearch/meta/main.yml @@ -13,7 +13,10 @@ galaxy_info: - "9" - name: Ubuntu versions: - - "22.04" + - "jammy" + - name: Debian + versions: + - "trixie" galaxy_tags: - elasticsearch - elk diff --git a/roles/elasticsearch/tasks/main.yml b/roles/elasticsearch/tasks/main.yml index f1e3f71b..e92085cd 100644 --- a/roles/elasticsearch/tasks/main.yml +++ b/roles/elasticsearch/tasks/main.yml @@ -121,7 +121,7 @@ ansible.builtin.set_fact: elasticsearch_package: > {{ - 'elasticsearch' + + ('elasticsearch-oss' if elasticstack_variant == 'oss' else 'elasticsearch') + ((elasticstack_versionseparator + elasticstack_version | string ) if (elasticstack_version is defined and elasticstack_version | length > 0)) | diff --git a/roles/kibana/meta/main.yml b/roles/kibana/meta/main.yml index bebbf67c..24df5cd9 100644 --- a/roles/kibana/meta/main.yml +++ b/roles/kibana/meta/main.yml @@ -12,7 +12,10 @@ galaxy_info: - "9" - name: Ubuntu versions: - - "22.04" + - "jammy" + - name: Debian + versions: + - "trixie" galaxy_tags: - kibana - elk diff --git a/roles/logstash/meta/main.yml b/roles/logstash/meta/main.yml index 8ce4270a..3689e848 100644 --- a/roles/logstash/meta/main.yml +++ b/roles/logstash/meta/main.yml @@ -12,7 +12,10 @@ galaxy_info: - "9" - name: Ubuntu versions: - - "22.04" + - "jammy" + - name: Debian + versions: + - "trixie" galaxy_tags: - logstash - elk diff --git a/roles/repos/meta/main.yml b/roles/repos/meta/main.yml index 80ef8524..6466e0a4 100644 --- a/roles/repos/meta/main.yml +++ b/roles/repos/meta/main.yml @@ -12,7 +12,10 @@ galaxy_info: - "9" - name: Ubuntu versions: - - "22.04" + - "jammy" + - name: Debian + versions: + - "trixie" galaxy_tags: - repositories - linux diff --git a/test.md b/test.md new file mode 100644 index 00000000..e69de29b