diff --git a/.gitignore b/.gitignore index 6e30d40a..39a8b804 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ __pycache__* .vscode .venv +.fuse_hidden* diff --git a/README.md b/README.md index 99b4389f..23f948d6 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,8 @@ The variable `elasticstack_no_log` can be set to `false` if you want to see the *elasticstack_version*: Version number of tools to install. Only set if you don't want the latest on new setups. (default: none). If you already have an installation of Elastic Stack, this collection will query the version of Elasticsearch on the CA host and use it for all further installations in the same setup. (Only if you run the `elasticsearch` role before all others) Example: `7.17.2` +All packages are installed with `state: present`. When `elasticstack_version` is set to a version number (e.g. `7.17.2`), that exact version is installed and pinned. When it is left unset, the package is installed without a version, so a new setup gets the newest available version and existing installations are not upgraded automatically on later runs. + *elasticstack_release*: Major release version of Elastic stack to configure. (default: `7`) Make sure it corresponds to `elasticstack_version` if you set both. For OSS version see `elasticstack_variant` below. diff --git a/docs/role-beats.md b/docs/role-beats.md index 5d742c82..beca290e 100644 --- a/docs/role-beats.md +++ b/docs/role-beats.md @@ -95,7 +95,7 @@ The following variables only apply if you use this role together with our other * *elasticstack_ca_dir*: Directory where on the Elasticsearch CA host certificates are stored. This is only useful in connection with out other Elastic Stack related roles. (default: `/opt/es-ca`) * *elasticstack_ca_pass*: Password for Elasticsearch CA (default: `PleaseChangeMe`) * *elasticstack_initial_passwords*: Path to file with initical elasticsearch passwords (default: `/usr/share/elasticsearch/initial_passwords`) -* *elasticstack_version*: Install specific version (Default: none. Possible values: e.g. `7.10.1` or `latest`) +* *elasticstack_version*: Install a (update to) specific version; leave unset to install the latest available. (Default: none. Example: `7.10.1`) If you want to use this role with your own TLS certificates, use these variables. diff --git a/roles/beats/tasks/auditbeat.yml b/roles/beats/tasks/auditbeat.yml index 46a84a00..7142168b 100644 --- a/roles/beats/tasks/auditbeat.yml +++ b/roles/beats/tasks/auditbeat.yml @@ -14,6 +14,7 @@ - name: Install Auditbeat - rpm - full stack ansible.builtin.package: name: "{{ beats_auditbeat_package }}" + state: present enablerepo: - 'elastic-{{ elasticstack_release }}.x' notify: @@ -25,6 +26,7 @@ - name: Install Auditbeat - rpm - standalone ansible.builtin.package: name: "{{ beats_auditbeat_package }}" + state: present notify: - Restart Auditbeat when: @@ -34,51 +36,12 @@ - name: Install Auditbeat - deb ansible.builtin.package: name: "{{ beats_auditbeat_package }}" + state: present notify: - Restart Auditbeat when: - ansible_os_family == "Debian" -# KICS complains about "latest" package but this is a dedicated update task - -- name: Install Auditbeat latest version - rpm - full stack - ansible.builtin.package: - name: auditbeat -# kics-scan ignore-line - state: latest - enablerepo: - - "elastic-{{ elasticstack_release }}.x" - notify: - - Restart Auditbeat - when: - - elasticstack_version is defined - - elasticstack_version == "latest" - - ansible_os_family == "RedHat" - - elasticstack_full_stack | bool - -- name: Install Auditbeat latest version - rpm - standalone - ansible.builtin.package: - name: auditbeat - state: latest - notify: - - Restart Auditbeat - when: - - elasticstack_version is defined - - elasticstack_version == "latest" - - ansible_os_family == "RedHat" - - not elasticstack_full_stack | bool - -- name: Install Auditbeat latest version - deb - ansible.builtin.package: - name: auditbeat - state: latest - notify: - - Restart Auditbeat - when: - - elasticstack_version is defined - - elasticstack_version == "latest" - - ansible_os_family == "Debian" - - name: Configure Auditbeat ansible.builtin.template: src: auditbeat.yml.j2 diff --git a/roles/beats/tasks/filebeat.yml b/roles/beats/tasks/filebeat.yml index 0fbce0cb..2cd28406 100644 --- a/roles/beats/tasks/filebeat.yml +++ b/roles/beats/tasks/filebeat.yml @@ -13,6 +13,7 @@ - name: Install Filebeat - rpm - full stack ansible.builtin.package: name: "{{ beats_filebeat_package }}" + state: present enablerepo: - 'elastic-{{ elasticstack_release }}.x' notify: @@ -24,6 +25,7 @@ - name: Install Filebeat - rpm - standalone ansible.builtin.package: name: "{{ beats_filebeat_package }}" + state: present notify: - Restart Filebeat when: @@ -33,48 +35,12 @@ - name: Install Filebeat - deb ansible.builtin.package: name: "{{ beats_filebeat_package }}" + state: present notify: - Restart Filebeat when: - ansible_os_family == "Debian" -- name: Install Filebeat latest version - rpm - full stack - ansible.builtin.package: - name: filebeat - state: latest - enablerepo: - - "elastic-{{ elasticstack_release }}.x" - notify: - - Restart Filebeat - when: - - elasticstack_version is defined - - elasticstack_version == "latest" - - ansible_os_family == "RedHat" - - elasticstack_full_stack | bool - -- name: Install Filebeat latest version - rpm - standalone - ansible.builtin.package: - name: filebeat - state: latest - notify: - - Restart Filebeat - when: - - elasticstack_version is defined - - elasticstack_version == "latest" - - ansible_os_family == "RedHat" - - not elasticstack_full_stack | bool - -- name: Install Filebeat latest version - deb - ansible.builtin.package: - name: filebeat - state: latest - notify: - - Restart Filebeat - when: - - elasticstack_version is defined - - elasticstack_version == "latest" - - ansible_os_family == "Debian" - - name: Configure Filebeat ansible.builtin.template: src: filebeat.yml.j2 diff --git a/roles/beats/tasks/metricbeat.yml b/roles/beats/tasks/metricbeat.yml index 4ca61cfb..3501ce01 100644 --- a/roles/beats/tasks/metricbeat.yml +++ b/roles/beats/tasks/metricbeat.yml @@ -14,6 +14,7 @@ - name: Install Metricbeat - rpm - full stack ansible.builtin.package: name: "{{ beats_metricbeat_package }}" + state: present enablerepo: - 'elastic-{{ elasticstack_release }}.x' notify: @@ -25,6 +26,7 @@ - name: Install Metricbeat - rpm - standalone ansible.builtin.package: name: "{{ beats_metricbeat_package }}" + state: present notify: - Restart Metricbeat when: @@ -34,49 +36,12 @@ - name: Install Metricbeat - deb ansible.builtin.package: name: "{{ beats_metricbeat_package }}" + state: present notify: - Restart Metricbeat when: - ansible_os_family == "Debian" -- name: Install Metricbeat latest version - rpm - full stack - ansible.builtin.package: - name: metricbeat - state: latest - enablerepo: - - "elastic-{{ elasticstack_release }}.x" - notify: - - Restart Metricbeat - when: - - elasticstack_version is defined - - elasticstack_version == "latest" - - ansible_os_family == "RedHat" - - elasticstack_full_stack | bool - -- name: Install Metricbeat latest version - rpm - standalone - ansible.builtin.package: - name: metricbeat - state: latest - notify: - - Restart Metricbeat - when: - - elasticstack_version is defined - - elasticstack_version == "latest" - - ansible_os_family == "RedHat" - - not elasticstack_full_stack | bool - - -- name: Install Metricbeat latest version - deb - ansible.builtin.package: - name: metricbeat - state: latest - notify: - - Restart Metricbeat - when: - - elasticstack_version is defined - - elasticstack_version == "latest" - - ansible_os_family == "Debian" - - name: Configure Metricbeat ansible.builtin.template: src: metricbeat.yml.j2 diff --git a/roles/elasticsearch/tasks/main.yml b/roles/elasticsearch/tasks/main.yml index e92085cd..37652624 100644 --- a/roles/elasticsearch/tasks/main.yml +++ b/roles/elasticsearch/tasks/main.yml @@ -141,6 +141,7 @@ - name: Install Elasticsearch - rpm - full stack ansible.builtin.package: name: "{{ elasticsearch_package }}" + state: present enablerepo: - 'elastic-{% if elasticstack_variant == "oss" %}oss-{% endif %}{{ elasticstack_release }}.x' when: @@ -150,6 +151,7 @@ - name: Install Elasticsearch - rpm - standalone ansible.builtin.package: name: "{{ elasticsearch_package }}" + state: present when: - ansible_os_family == "RedHat" - not elasticstack_full_stack | bool @@ -157,6 +159,7 @@ - name: Install Elasticsearch - deb ansible.builtin.package: name: "{{ elasticsearch_package }}" + state: present when: - ansible_os_family == "Debian" diff --git a/roles/kibana/tasks/main.yml b/roles/kibana/tasks/main.yml index 597ebce3..3e78d61e 100644 --- a/roles/kibana/tasks/main.yml +++ b/roles/kibana/tasks/main.yml @@ -54,6 +54,7 @@ - name: Install Kibana - rpm - full stack ansible.builtin.package: name: "{{ kibana_package }}" + state: present enablerepo: - 'elastic-{% if elasticstack_variant == "oss" %}oss-{% endif %}{{ elasticstack_release }}.x' notify: @@ -65,6 +66,7 @@ - name: Install Kibana - rpm - standalone ansible.builtin.package: name: "{{ kibana_package }}" + state: present notify: - Restart Kibana when: @@ -74,6 +76,7 @@ - name: Install Kibana - deb ansible.builtin.package: name: "{{ kibana_package }}" + state: present notify: - Restart Kibana when: diff --git a/roles/logstash/tasks/main.yml b/roles/logstash/tasks/main.yml index 0ba06dee..d43dc730 100644 --- a/roles/logstash/tasks/main.yml +++ b/roles/logstash/tasks/main.yml @@ -87,6 +87,7 @@ - name: Install Logstash - rpm - full stack ansible.builtin.package: name: "{{ logstash_package }}" + state: present enablerepo: - 'elastic-{% if elasticstack_variant == "oss" %}oss-{% endif %}{{ elasticstack_release }}.x' notify: @@ -98,6 +99,7 @@ - name: Install Logstash - rpm - standalone ansible.builtin.package: name: "{{ logstash_package }}" + state: present notify: - Restart Logstash when: @@ -107,6 +109,7 @@ - name: Install Logstash - deb ansible.builtin.package: name: "{{ logstash_package }}" + state: present notify: - Restart Logstash when: