diff --git a/bootstrap-embedded-ansible/bootstrap-embedded-ansible.sh b/bootstrap-embedded-ansible/bootstrap-embedded-ansible.sh index 39c4c97e..d6988273 100755 --- a/bootstrap-embedded-ansible/bootstrap-embedded-ansible.sh +++ b/bootstrap-embedded-ansible/bootstrap-embedded-ansible.sh @@ -20,7 +20,7 @@ export OPTS=() export CLONE_DIR="$(dirname $(readlink -f ${BASH_SOURCE[0]}))" OPTS+=('CLONE_DIR') -export ANSIBLE_VERSION="${ANSIBLE_VERSION:-2.7.5.0}" +export ANSIBLE_VERSION="${ANSIBLE_VERSION:-2.10.5}" OPTS+=('ANSIBLE_VERSION') export ANSIBLE_EMBED_HOME="${HOME}/ansible_venv" @@ -38,20 +38,21 @@ export ID="$(echo ${ID} | awk -F'-' '{print $1}')" if [[ ! -e "${ANSIBLE_EMBED_HOME}/bin/ansible" ]]; then if [ ${ID} = "ubuntu" ]; then apt-get update - apt-get -y install python-virtualenv + apt-get -y install virtualenv elif [ ${ID} = "opensuse" ] || [ ${ID} = "suse" ]; then + zypper install -y insserv zypper install -y python-virtualenv elif [ ${ID} = "centos" ] || [ ${ID} = "redhat" ] || [ ${ID} = "rhel" ]; then - yum install -y python-virtualenv + yum install -y python3-virtualenv else echo "Unknown operating system" exit 99 fi echo "done installing python-virtualenv" - if [[ -f "/usr/bin/python2" ]]; then - virtualenv --system-site-packages --python="/usr/bin/python2" "${ANSIBLE_EMBED_HOME}" - elif [[ -f "/usr/bin/python3" ]]; then + if [[ -f "/usr/bin/python3" ]]; then virtualenv --system-site-packages --python="/usr/bin/python3" "${ANSIBLE_EMBED_HOME}" + elif [[ -f "/usr/bin/python2" ]]; then + virtualenv --system-site-packages --python="/usr/bin/python2" "${ANSIBLE_EMBED_HOME}" else virtualenv "${ANSIBLE_EMBED_HOME}" fi diff --git a/elk_metrics_6x/createElasticIndexes.yml b/elk_metrics_6x/createElasticIndexes.yml index dd04128d..3ffdc098 100644 --- a/elk_metrics_6x/createElasticIndexes.yml +++ b/elk_metrics_6x/createElasticIndexes.yml @@ -17,7 +17,7 @@ vars: _elastic_refresh_interval: "{{ (elasticsearch_number_of_replicas | int) * 5 }}" - elastic_refresh_interval: "{{ (_elastic_refresh_interval > 0) | ternary(30, _elastic_refresh_interval) }}" + elastic_refresh_interval: "{{ (_elastic_refresh_interval | int > 0) | ternary(30, _elastic_refresh_interval) }}" vars_files: - vars/variables.yml @@ -186,7 +186,7 @@ - role: elastic_retention post_tasks: - - name: Create kibana indexe patterns + - name: Create kibana index patterns uri: url: "http://127.0.0.1:5601/api/saved_objects/index-pattern/{{ item.name }}" method: POST @@ -227,24 +227,30 @@ delay: 30 run_once: true - - name: Create basic indexes - uri: - url: "http://127.0.0.1:5601/api/kibana/settings/defaultIndex" - method: POST - body: "{{ item.index_options | to_json }}" - status_code: 200 - body_format: json - headers: - Content-Type: "application/json" - kbn-xsrf: "{{ inventory_hostname | to_uuid }}" - with_items: - - name: "default" - index_options: - value: "default" - register: kibana_indexes - until: kibana_indexes is success - retries: 6 - delay: 30 + - block: + - name: Set default index + uri: + url: "http://127.0.0.1:5601/api/kibana/settings/defaultIndex" + method: POST + body: "{{ item.index_options | to_json }}" + status_code: 200 + body_format: json + headers: + Content-Type: "application/json" + kbn-xsrf: "{{ inventory_hostname | to_uuid }}" + with_items: + - name: "default" + index_options: + value: "default" + register: _kibana_default_index + rescue: + - debug: + msg: "{{ message.split('\n') }}" + vars: + message: | + Failed to set the defaultIndex, most likely due to a timeout. + It's not a big deal, and you'll find that it usually gets set + at some point whenever elastic gets around to it. run_once: true tags: diff --git a/elk_metrics_6x/roles/elastic_curator/tasks/main.yml b/elk_metrics_6x/roles/elastic_curator/tasks/main.yml index 1c014d3e..75b8e680 100644 --- a/elk_metrics_6x/roles/elastic_curator/tasks/main.yml +++ b/elk_metrics_6x/roles/elastic_curator/tasks/main.yml @@ -47,7 +47,7 @@ - name: Ensure curator is installed pip: - name: "elasticsearch-curator<6" + name: "elasticsearch-curator<=5.7.0" state: "{{ elk_package_state | default('present') }}" extra_args: --isolated virtualenv: /opt/elasticsearch-curator diff --git a/elk_metrics_6x/roles/elastic_curator/vars/ubuntu.yml b/elk_metrics_6x/roles/elastic_curator/vars/ubuntu.yml index 363a2210..15209aa9 100644 --- a/elk_metrics_6x/roles/elastic_curator/vars/ubuntu.yml +++ b/elk_metrics_6x/roles/elastic_curator/vars/ubuntu.yml @@ -16,3 +16,4 @@ curator_distro_packages: - python-virtualenv - virtualenv + - libyaml-dev diff --git a/elk_metrics_7x/createElasticIndexes.yml b/elk_metrics_7x/createElasticIndexes.yml index fcf683bf..22e4c4b6 100644 --- a/elk_metrics_7x/createElasticIndexes.yml +++ b/elk_metrics_7x/createElasticIndexes.yml @@ -20,7 +20,7 @@ vars: _elastic_refresh_interval: "{{ (elasticsearch_beat_settings.number_of_replicas | int) * 5 }}" - elastic_refresh_interval: "{{ (_elastic_refresh_interval > 0) | ternary(30, _elastic_refresh_interval) }}" + elastic_refresh_interval: "{{ (_elastic_refresh_interval | int > 0) | ternary(30, _elastic_refresh_interval) }}" vars_files: - vars/variables.yml @@ -227,25 +227,41 @@ delay: 30 run_once: true - - name: Create basic indexes - uri: - url: "http://127.0.0.1:5601/api/kibana/settings/defaultIndex" - method: POST - body: "{{ item.index_options | to_json }}" - status_code: 200 - body_format: json - headers: - Content-Type: "application/json" - kbn-xsrf: "{{ inventory_hostname | to_uuid }}" - with_items: - - name: "default" - index_options: - value: "default" - register: kibana_indexes - until: kibana_indexes is success - retries: 6 - delay: 30 - run_once: true + - block: + - name: find objects of type config + uri: + url: "http://127.0.0.1:5601/api/saved_objects/_find?type=config" + headers: + Content-Type: "application/json" + kbn-xsrf: "{{ inventory_hostname | to_uuid }}" + return_content: true + register: _objects + - name: fail if we're not getting exactly 1 config object back + assert: + that: _objects.json.saved_objects | length == 1 + + - name: set fact for config object + set_fact: + config: "{{ _objects.json.saved_objects[0] }}" + + - name: Set default index + uri: + url: "http://127.0.0.1:5601/api/saved_objects/config/{{ config.id }}" + method: PUT + body: + attributes: + defaultIndex: "default" + headers: + Content-Type: "application/json" + kbn-xsrf: "{{ inventory_hostname | to_uuid }}" + register: _kibana_default_index + until: _kibana_default_index is success + retries: 6 + delay: 30 + when: + - config.attributes.defaultIndex is defined + - config.attributes.defaultIndex != "default" + run_once: true tags: - server-install diff --git a/elk_metrics_7x/roles/elastic_beat_setup/tasks/main.yml b/elk_metrics_7x/roles/elastic_beat_setup/tasks/main.yml index 2124c413..83eb9f6b 100644 --- a/elk_metrics_7x/roles/elastic_beat_setup/tasks/main.yml +++ b/elk_metrics_7x/roles/elastic_beat_setup/tasks/main.yml @@ -37,8 +37,8 @@ - name: Load templates shell: >- {% if item == '--dashboards' %} - sed -i 's@\\\"index\\\": \\\"{{ elastic_beat_name }}-\*\\\"@\\\"index\\\": \\\"{{ elastic_beat_name }}\\\"@g' /usr/share/{{ elastic_beat_name }}/kibana/6/dashboard/*.json - sed -i 's@"id": "{{ elastic_beat_name }}\-\*",@"id": "{{ elastic_beat_name }}",@g' /usr/share/{{ elastic_beat_name }}/kibana/6/index-pattern/*.json + sed -i 's@\\\"index\\\": \\\"{{ elastic_beat_name }}-\*\\\"@\\\"index\\\": \\\"{{ elastic_beat_name }}\\\"@g' /usr/share/{{ elastic_beat_name }}/kibana/7/dashboard/*.json + sed -i 's@"id": "{{ elastic_beat_name }}\-\*",@"id": "{{ elastic_beat_name }}",@g' /usr/share/{{ elastic_beat_name }}/kibana/7/index-pattern/*.json {% endif %} {{ elastic_beat_name }} setup {% if elastic_beat_name == "heartbeat" and item == "--index-management" -%} diff --git a/elk_metrics_7x/roles/elastic_ilm/tasks/elastic_ilm_update_policy.yml b/elk_metrics_7x/roles/elastic_ilm/tasks/elastic_ilm_update_policy.yml index 268e0831..9b30ef8a 100644 --- a/elk_metrics_7x/roles/elastic_ilm/tasks/elastic_ilm_update_policy.yml +++ b/elk_metrics_7x/roles/elastic_ilm/tasks/elastic_ilm_update_policy.yml @@ -4,7 +4,6 @@ url: "http://{{ elasticsearch_data_node_details[0] }}/_ilm/policy/{{ ilm_policy_name }}" method: GET status_code: 200,404 - body_format: json register: check_policy when: ilm_policy_name is defined and ilm_policy is defined @@ -34,7 +33,6 @@ url: "http://{{ elasticsearch_data_node_details[0] }}/_template/{{ ilm_policy_template }}/" method: GET status_code: 200,404 - body_format: json register: template when: ilm_policy_template is defined and ilm_policy_name is defined diff --git a/osquery/ansible-role-requirements.yml b/osquery/ansible-role-requirements.yml index e0a8a6b5..44665079 100644 --- a/osquery/ansible-role-requirements.yml +++ b/osquery/ansible-role-requirements.yml @@ -15,11 +15,10 @@ scm: git src: https://opendev.org/openstack/openstack-ansible-galera_client version: master -# Galera server is using a forked role until https://review.openstack.org/#/c/633321/ is merged - name: galera_server scm: git - src: https://github.com/os-cloud/openstack-ansible-galera_server - version: xinetd-check + src: https://opendev.org/openstack/openstack-ansible-galera_server + version: master - name: apt_package_pinning scm: git src: https://opendev.org/openstack/openstack-ansible-apt_package_pinning diff --git a/osquery/installDB.yml b/osquery/installDB.yml index 76474632..7ed9bba9 100644 --- a/osquery/installDB.yml +++ b/osquery/installDB.yml @@ -34,6 +34,8 @@ roles: - role: galera_server + galera_install_client: True + galera_install_server: True galera_cluster_members: "{{ groups['kolide-db_all'] }}" galera_wsrep_node_name: "{{ inventory_hostname }}" galera_cluster_name: telemetry_galera_cluster diff --git a/osquery/tests/inventory/test-metal-inventory.yml b/osquery/tests/inventory/test-metal-inventory.yml index f97b50d0..0dfce233 100644 --- a/osquery/tests/inventory/test-metal-inventory.yml +++ b/osquery/tests/inventory/test-metal-inventory.yml @@ -6,6 +6,7 @@ all: ansible_connection: local ansible_host: 127.0.0.1 ansible_user: root + ansible_python_interpreter: /usr/bin/python3 osquery_all: diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 3ebca22a..97bbdd96 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -14,11 +14,12 @@ # limitations under the License. - job: - name: "openstack-ansible-ops:elk_metrics_6x-ubuntu-xenial" + name: "openstack-ansible-ops:elk_metrics_6x-ubuntu-bionic" parent: base description: "Runs a gate test on the elk_metrics_6x project." run: "elk_metrics_6x/tests/test.yml" post-run: "elk_metrics_6x/tests/post-run.yml" + nodeset: ubuntu-bionic files: - ^elk_metrics_6x/.* - ^bootstrap-embedded-ansible/.* @@ -40,53 +41,30 @@ osa_test_repo: "openstack/openstack-ansible-ops" test_clustered_elk: false +- job: + name: "openstack-ansible-ops:elk_metrics_7x-ubuntu-focal" + parent: "openstack-ansible-ops:elk_metrics_7x-ubuntu-bionic" + nodeset: ubuntu-focal + voting: false + - job: name: "openstack-ansible-ops:elk_metrics_6x-centos-7" - parent: "openstack-ansible-ops:elk_metrics_6x-ubuntu-xenial" + parent: "openstack-ansible-ops:elk_metrics_6x-ubuntu-bionic" nodeset: centos-7 - voting: true + voting: false - job: name: "openstack-ansible-ops:elk_metrics_6x-centos-7-clustered" - parent: "openstack-ansible-ops:elk_metrics_6x-ubuntu-xenial" + parent: "openstack-ansible-ops:elk_metrics_6x-ubuntu-bionic" nodeset: centos-7 voting: false vars: osa_test_repo: "openstack/openstack-ansible-ops" test_clustered_elk: true -- job: - name: "openstack-ansible-ops:elk_metrics_6x-opensuse-15" - parent: "openstack-ansible-ops:elk_metrics_6x-ubuntu-xenial" - nodeset: opensuse-15 - voting: false - -- job: - name: "openstack-ansible-ops:elk_metrics_6x-opensuse-15-clustered" - parent: "openstack-ansible-ops:elk_metrics_6x-ubuntu-xenial" - nodeset: opensuse-15 - voting: false - vars: - osa_test_repo: "openstack/openstack-ansible-ops" - test_clustered_elk: true - -- job: - name: "openstack-ansible-ops:elk_metrics_6x-ubuntu-bionic" - parent: "openstack-ansible-ops:elk_metrics_6x-ubuntu-xenial" - nodeset: ubuntu-bionic - voting: true - -- job: - name: "openstack-ansible-ops:elk_metrics_6x-ubuntu-xenial-clustered" - parent: "openstack-ansible-ops:elk_metrics_6x-ubuntu-xenial" - voting: false - vars: - osa_test_repo: "openstack/openstack-ansible-ops" - test_clustered_elk: true - - job: name: "openstack-ansible-ops:elk_metrics_6x-ubuntu-bionic-clustered" - parent: "openstack-ansible-ops:elk_metrics_6x-ubuntu-xenial" + parent: "openstack-ansible-ops:elk_metrics_6x-ubuntu-bionic" nodeset: ubuntu-bionic voting: false vars: @@ -94,8 +72,9 @@ test_clustered_elk: true - job: - name: "openstack-ansible-ops:osquery-ubuntu-xenial" + name: "openstack-ansible-ops:osquery-ubuntu-bionic" parent: base + nodeset: ubuntu-bionic description: "Runs a gate test on the osquery project." run: "osquery/tests/test.yml" post-run: "osquery/tests/post-run.yml" @@ -104,30 +83,18 @@ - ^osquery/.* - ^bootstrap-embedded-ansible/.* -- job: - name: "openstack-ansible-ops:osquery-ubuntu-xenial-clustered" - parent: "openstack-ansible-ops:osquery-ubuntu-xenial" - nodeset: ubuntu-bionic - vars: - osa_test_repo: "openstack/openstack-ansible-ops" - test_clustered_kolide: true - -- job: - name: "openstack-ansible-ops:osquery-ubuntu-bionic" - parent: "openstack-ansible-ops:osquery-ubuntu-xenial" - nodeset: ubuntu-bionic - - job: name: "openstack-ansible-ops:osquery-ubuntu-bionic-clustered" - parent: "openstack-ansible-ops:osquery-ubuntu-xenial" + parent: "openstack-ansible-ops:osquery-ubuntu-bionic" nodeset: ubuntu-bionic vars: osa_test_repo: "openstack/openstack-ansible-ops" test_clustered_kolide: true - job: - name: "openstack-ansible-ops:skydive-ubuntu-xenial" + name: "openstack-ansible-ops:skydive-ubuntu-bionic" parent: base + nodeset: ubuntu-bionic description: "Runs a gate test on the skydive project." run: "skydive/tests/test.yml" post-run: "skydive/tests/post-run.yml" @@ -136,17 +103,7 @@ - ^skydive/.* - ^bootstrap-embedded-ansible/.* -- job: - name: "openstack-ansible-ops:skydive-ubuntu-bionic" - parent: "openstack-ansible-ops:skydive-ubuntu-xenial" - nodeset: ubuntu-bionic - - job: name: "openstack-ansible-ops:skydive-centos-7" - parent: "openstack-ansible-ops:skydive-ubuntu-xenial" + parent: "openstack-ansible-ops:skydive-ubuntu-bionic" nodeset: centos-7 - -- job: - name: "openstack-ansible-ops:skydive-opensuse-15" - parent: "openstack-ansible-ops:skydive-ubuntu-xenial" - nodeset: opensuse-15 diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 8931dafd..4dcfa75d 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -22,24 +22,20 @@ - openstack-ansible-linters - openstack-ansible-ops:elk_metrics_6x-centos-7 # - openstack-ansible-ops:elk_metrics_6x-centos-7-clustered - - openstack-ansible-ops:elk_metrics_6x-opensuse-15 - # - openstack-ansible-ops:elk_metrics_6x-opensuse-15-clustered - - openstack-ansible-ops:elk_metrics_6x-ubuntu-xenial - openstack-ansible-ops:elk_metrics_6x-ubuntu-bionic - openstack-ansible-ops:elk_metrics_7x-ubuntu-bionic + - openstack-ansible-ops:elk_metrics_7x-ubuntu-focal # - openstack-ansible-ops:elk_metrics_6x-ubuntu-xenial-clustered # - openstack-ansible-ops:elk_metrics_6x-ubuntu-bionic-clustered - - openstack-ansible-ops:osquery-ubuntu-xenial # - openstack-ansible-ops:osquery-ubuntu-xenial-clustered - openstack-ansible-ops:osquery-ubuntu-bionic # - openstack-ansible-ops:osquery-ubuntu-bionic-clustered - - openstack-ansible-ops:skydive-ubuntu-xenial - openstack-ansible-ops:skydive-ubuntu-bionic - openstack-ansible-ops:skydive-centos-7 - - openstack-ansible-ops:skydive-opensuse-15 gate: jobs: - openstack-ansible-linters - openstack-ansible-ops:elk_metrics_6x-ubuntu-bionic + - openstack-ansible-ops:elk_metrics_7x-ubuntu-bionic - openstack-ansible-ops:osquery-ubuntu-bionic - openstack-ansible-ops:skydive-ubuntu-bionic