xpack features refactoring (#653)

- rename es_enable_xpack variable to oss_version
  this variable name should be more explicit and consistent with the xpack changes made in 6.3
  es_enable_xpack can still be used but is deprecated and will be removed in a later version.
- remove es_xpack-features variables
  this variable was not working anymore since 6.3 [0]

[0]: #608

Author: jmlrt

README.md

@@ -288,11 +288,6 @@ ansible-playbook -i hosts ./your-playbook.yml
 
 ### Installing X-Pack Features
 
-X-Pack features, such as Security, are supported.
-
-The parameter `es_xpack_features` allows to list xpack features to install (example: `["alerting","monitoring","graph","security","ml"]`).
-When the list is empty, it installs all features available with the current licence.
-
 * ```es_role_mapping``` Role mappings file declared as yml as described [here](https://www.elastic.co/guide/en/x-pack/current/mapping-roles.html)
 
 
@@ -400,7 +395,7 @@ These can either be set to a user declared in the file based realm, with admin p
 
 In addition to es_config, the following parameters allow the customization of the Java and Elasticsearch versions as well as the role behaviour. Options include:
 
-* ```es_enable_xpack```  Default `true`. Setting this to `false` will install the oss release of elasticsearch
+* ```oss_version```  Default `false`. Setting this to `true` will install the oss release of elasticsearch
 * `es_xpack_trial` Default `false`. Setting this to `true` will start the 30-day trail once the cluster starts.
 * ```es_version``` (e.g. "7.7.1").
 * ```es_api_host``` The host name used for actions requiring HTTP e.g. installing templates. Defaults to "localhost".

defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 es_version: "7.7.1"
 es_use_snapshot_release: false
-es_enable_xpack: true
+oss_version: false
 es_package_name: "elasticsearch"
 es_version_lock: false
 es_use_repository: true
@@ -33,7 +33,6 @@ es_action_auto_create_index: true
 es_max_open_files: 65536
 es_max_map_count: 262144
 es_allow_downgrades: false
-es_xpack_features: []
 es_xpack_trial: false
 #These are used for internal operations performed by ansible.
 #They do not affect the current configuration

tasks/compatibility-variables.yml

@@ -5,6 +5,14 @@
 # 2. When running multiple plays with the same role the defaults are not re-evaluated. An example of this
 # can be seen in our the https://github.com/elastic/ansible-elasticsearch/blob/master/test/integration/xpack.yml
 # integration test and in the Multi Node server documentation examples https://github.com/elastic/ansible-elasticsearch/blob/master/test/integration/xpack.yml
+- name: Set backward compatibility for deprecated es_enable_xpack variable
+  when: es_enable_xpack is defined and not es_enable_xpack
+  block:
+  - name: Set fact oss_version when using es_enable_xpack
+    set_fact: oss_version=true
+  - name: Warn about deprecated es_enable_xpack variable
+    debug:
+      msg: "WARNING: es_enable_xpack variable is now deprecated. You should use oss_version instead"
 
 - name: Set the defaults here otherwise they can't be overriden in the same play if the role is called twice
   set_fact:
@@ -14,15 +22,15 @@
     es_other_repo_name: "{{ 'oss-' + es_major_version }}"
     es_other_apt_url: "deb {{ es_repo_base }}/packages/{{ 'oss-' + es_major_version }}/apt stable main"
 
-- name: Use the oss repo and package if xpack is not being used
+- name: Use the oss repo and package
   set_fact:
     es_repo_name: "{{ 'oss-' + es_major_version }}"
     es_other_repo_name: "{{ es_major_version }}"
     es_other_apt_url: "deb {{ es_repo_base }}/packages/{{ es_major_version }}/apt stable main"
     es_package_name: "elasticsearch-oss"
     es_other_package_name: "elasticsearch"
   when:
-    - not es_enable_xpack
+    - oss_version
 
 - name: Set the URL scheme to https if SSL/TLS is enabled
   set_fact:

tasks/elasticsearch-parameters.yml

@@ -1,5 +1,10 @@
 # Check for mandatory parameters
 
+- name: Warn about deprecated  es_xpack_features variable
+  debug:
+    msg: "WARNING: es_xpack_features variable is now deprecated. All feature are now enabled by default"
+  when: es_xpack_features is defined and not oss_version
+
 - name: fail when es_proxy_port is not defined or is blank
   fail: msg="es_proxy_port must be specified and cannot be blank when es_proxy_host is defined"
   when: (es_proxy_port is not defined or es_proxy_port == '') and (es_proxy_host is defined and es_proxy_host != '')
@@ -13,8 +18,8 @@
 - name: fail when api credentials are not declared when using security
   fail: msg="Enabling security requires an es_api_basic_auth_username and es_api_basic_auth_password to be provided to allow cluster operations"
   when:
-    - es_enable_xpack and "security" in es_xpack_features
-    - es_api_basic_auth_username is not defined
+    - not oss_version
+    - es_api_basic_auth_username is defined
     - es_api_basic_auth_password is not defined
 
 - name: fail when ssl enabled without defining a key and certificate
@@ -38,4 +43,3 @@
 
 - name: set fact use_system_d
   set_fact: use_system_d={{(ansible_distribution == 'Debian' and ansible_distribution_version is version('8', '>=')) or (ansible_distribution in ['RedHat','CentOS'] and ansible_distribution_version is version('7', '>=')) or (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('15', '>=')) }}
-

tasks/main.yml

@@ -78,7 +78,7 @@
   set_fact: manage_native_realm=true
   when:
    - es_start_service
-   - es_enable_xpack
+   - not oss_version
    - (es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined)
 
 # If playbook runs too fast, Native commands could fail as the Native Realm is not yet up
@@ -88,11 +88,11 @@
 
 - name: activate-license
   include: ./xpack/security/elasticsearch-xpack-activation.yml
-  when: es_start_service and es_enable_xpack and es_xpack_license is defined and es_xpack_license != ''
+  when: es_start_service and not oss_version and es_xpack_license is defined and es_xpack_license != ''
 
 - name: activate-trial
   include: ./xpack/security/elasticsearch-xpack-trial-activation.yml
-  when: es_start_service and es_enable_xpack and es_xpack_trial
+  when: es_start_service and not oss_version and es_xpack_trial
 
 #perform security actions here now elasticsearch is started
 - name: include xpack/security/elasticsearch-security-native.yml

tasks/xpack/elasticsearch-xpack.yml

@@ -3,7 +3,7 @@
 #Security configuration
 - name: include security/elasticsearch-security.yml
   include: security/elasticsearch-security.yml
-  when: es_enable_xpack
+  when: not oss_version
 
 #Make sure elasticsearch.keystore has correct Permissions
 - name: Set elasticsearch.keystore Permissions

templates/elasticsearch.yml.j2

@@ -31,7 +31,7 @@ action.auto_create_index: false
 action.auto_create_index: {{ es_action_auto_create_index }}
 {% endif %}
 
-{% if es_enable_xpack and es_api_basic_auth_username is defined and es_api_basic_auth_password is defined %}
+{% if not oss_version and es_api_basic_auth_username is defined and es_api_basic_auth_password is defined %}
 xpack.security.enabled: true
 
 {% if es_enable_transport_ssl and es_enable_auto_ssl_configuration %}

test/integration/helpers/serverspec/shared_spec.rb

@@ -44,43 +44,13 @@
     end
   end
   describe 'xpack checks' do
-    if vars['es_enable_xpack']
-      it 'should be be running the xpack version' do
+    if not vars['oss_version']
+      it 'should be be running the basic version' do
         expect(curl_json("#{es_api_url}/_xpack", username=username, password=password)['tagline']).to eq('You know, for X')
       end
       it 'xpack should be activated' do
         expect(curl_json("#{es_api_url}/_license", username=username, password=password)['license']['status']).to eq('active')
       end
-      if vars.key?('es_xpack_features')
-        curl_json("#{es_api_url}/_xpack", username=username, password=password)['features'].each do |feature,values|
-          enabled = vars['es_xpack_features'].include? feature
-          status = if enabled then 'enabled' else 'disabled' end
-          it "the xpack feature '#{feature}' to be #{status}" do
-            expect(values['enabled'] = enabled)
-          end
-        end
-      else
-        features.each do |feature, status|
-          feature_available = curl_json("#{es_api_url}/_xpack", username=username, password=password)['features'][feature]['available']
-          if feature_available == "true"
-            status = "available"
-          else
-            status = "unavailable"
-          end
-          it "the xpack feature '#{feature}' to be #{status}" do
-            expect(feature_available = status['available'])
-          end
-          feature_enabled = curl_json("#{es_api_url}/_xpack", username=username, password=password)['features'][feature]['enabled']
-          if feature_enabled == "true"
-            status = "enabled"
-          else
-            status = "disabled"
-          end
-          it "the xpack feature '#{feature}' to be #{status}" do
-            expect(feature_available = status['enabled'])
-          end
-        end
-      end
     end
   end
   describe user(vars['es_user']) do

test/integration/issue-test.yml

@@ -17,9 +17,6 @@
     es_heap_size: "1g"
     es_plugins:
       - plugin: ingest-attachment
-    es_xpack_features:
-      - security
-      - alerting
     es_api_basic_auth_username: elastic
     es_api_basic_auth_password: changeme
     es_users:

test/integration/oss-to-xpack-upgrade.yml

@@ -7,7 +7,7 @@
     - elasticsearch
   vars:
     es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
-    es_enable_xpack: false
+    oss_version: true
     es_heap_size: "1g"
 
 - name: Standard test for single node setup. Tests idempotence.
@@ -17,9 +17,5 @@
   roles:
     - elasticsearch
   vars:
-    es_enable_xpack: true
+    oss_version: false
     es_heap_size: "1g"
-    es_xpack_features:
-      - monitoring
-      - graph
-      - ml

test/integration/oss-upgrade.yml

@@ -7,7 +7,7 @@
     - elasticsearch
   vars:
     es_version: "{{ '7.0.0' if es_major_version == '7.x' else '6.7.1' }}" # This is set to an older version than the current default to force an upgrade
-    es_enable_xpack: false
+    oss_version: true
     es_heap_size: "1g"
 
 - name: Standard test for single node setup. Tests idempotence.
@@ -17,5 +17,5 @@
   roles:
     - elasticsearch
   vars:
-    es_enable_xpack: false
+    oss_version: true
     es_heap_size: "1g"

test/integration/oss.yml

@@ -6,7 +6,7 @@
   roles:
     - elasticsearch
   vars:
-    es_enable_xpack: false
+    oss_version: true
     es_heap_size: "1g"
     es_plugins:
       - plugin: ingest-attachment

test/integration/xpack-upgrade-trial.yml

@@ -24,9 +24,6 @@
     es_xpack_trial: true
     es_plugins:
       - plugin: ingest-attachment
-    es_xpack_features:
-      - security
-      - alerting
     es_api_basic_auth_username: elastic
     es_api_basic_auth_password: changeme
     es_api_sleep: 5
@@ -140,9 +137,6 @@
     es_xpack_trial: false
     es_plugins:
       - plugin: ingest-attachment
-    es_xpack_features:
-      - security
-      - alerting
     es_api_basic_auth_username: elastic
     es_api_basic_auth_password: elasticChanged
     es_api_sleep: 5

test/integration/xpack-upgrade.yml

@@ -23,9 +23,6 @@
     es_xpack_license: "{{ lookup('file', '/tmp/license.json')  }}"
     es_plugins:
       - plugin: ingest-attachment
-    es_xpack_features:
-      - security
-      - alerting
     es_api_basic_auth_username: elastic
     es_api_basic_auth_password: changeme
     es_api_sleep: 5
@@ -138,9 +135,6 @@
     es_xpack_license: "{{ lookup('file', '/tmp/license.json')  }}"
     es_plugins:
       - plugin: ingest-attachment
-    es_xpack_features:
-      - security
-      - alerting
     es_api_basic_auth_username: elastic
     es_api_basic_auth_password: elasticChanged
     es_api_sleep: 5