Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix current problems with molecule checks #360

Merged
merged 6 commits into from
Jan 31, 2025
Merged

Fix current problems with molecule checks #360

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
1652dab
Remove local `become`
widhalmt Jan 23, 2025
06a9cfe
Add debug tasks
widhalmt Jan 23, 2025
50765d4
Typo
widhalmt Jan 23, 2025
0644791
Trying to replace syslog input with journald
widhalmt Jan 23, 2025
dee986d
Replace syslog input with journald for tests
widhalmt Jan 23, 2025
bb90066
Don't check for disabled port
widhalmt Jan 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 1 addition & 18 deletions molecule/elasticstack_default/converge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,7 @@
logstash_pipeline_unsafe_shutdown: true
logstash_redis_password: "{{ lookup('ansible.builtin.password', '/tmp/redispassword', chars=['ascii_letters'], length=15) }}"
redis_requirepass: "{{ logstash_redis_password }}"
beats_filebeat_syslog_udp: true
beats_filebeat_syslog_tcp: true
beats_filebeat_journald: true
beats_filebeat_modules:
- system
beats_fields:
Expand Down Expand Up @@ -51,19 +50,3 @@
- name: Include Beats
ansible.builtin.include_role:
name: beats
- name: Install rsyslog
ansible.builtin.package:
name: rsyslog
- name: Remove cache # noqa: risky-shell-pipe
ansible.builtin.shell: >
if test -n "$(ps -p $$ | grep bash)"; then set -o pipefail; fi;
rm -rf /var/cache/*
changed_when: false
- name: Configure rsyslog
ansible.builtin.lineinfile:
line: "*.* @@localhost:514"
path: /etc/rsyslog.conf
- name: Start rsyslog
ansible.builtin.service:
name: rsyslog
state: started
4 changes: 0 additions & 4 deletions molecule/elasticstack_default/verify.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,6 @@
port: 5044
when: "'logstash' in group_names"

- name: Wait for syslog port to open
ansible.builtin.wait_for:
port: 514

- name: Set elasticsearch_ca variable if not already done by user
ansible.builtin.set_fact:
elasticsearch_ca: "{{ groups[elasticstack_elasticsearch_group_name][0] }}"
Expand Down
19 changes: 1 addition & 18 deletions molecule/logstash_full_stack-oss/converge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,22 +19,14 @@
logstash_security: false
logstash_pipeline_unsafe_shutdown: true
elasticstack_security: false
beats_filebeat_syslog_udp: true
beats_filebeat_syslog_tcp: true
beats_filebeat_journald: true
logstash_beats_tls: false
elasticstack_release: 7
elasticstack_no_log: false
tasks:
- name: "Include Elastics repos role"
ansible.builtin.include_role:
name: repos
- name: Install rsyslog
ansible.builtin.package:
name: rsyslog
- name: Start rsyslog
ansible.builtin.service:
name: rsyslog
state: started
- name: "Include Elasticsearch role"
ansible.builtin.include_role:
name: elasticsearch
Expand All @@ -47,12 +39,3 @@
- name: "Include Logstash"
ansible.builtin.include_role:
name: logstash
- name: Configure rsyslog
ansible.builtin.lineinfile:
line: "*.* @@localhost:514"
path: /etc/rsyslog.conf
- name: Restart rsyslog
ansible.builtin.service:
name: rsyslog
state: restarted
changed_when: false
4 changes: 0 additions & 4 deletions molecule/logstash_full_stack-oss/verify.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,6 @@
- name: Run syntax check
ansible.builtin.command: "/usr/share/logstash/bin/logstash --path.settings=/etc/logstash -t"
when: "'logstash' in group_names"
- name: Check for open port tcp {{ elasticstack_beats_port }}
ansible.builtin.wait_for:
port: "{{ elasticstack_beats_port }}"
when: "'logstash' in group_names"
- name: Query for Logstasch indices
ansible.builtin.shell: >
curl -s http://localhost:{{ elasticstack_elasticsearch_http_port }}/_cat/indices |
Expand Down
3 changes: 0 additions & 3 deletions roles/elasticsearch/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,6 @@
when: elasticsearch_jna_workaround | bool

- name: Set jvm heap size
become: yes
ansible.builtin.template:
src: "jvm.options.d/heap.options.j2"
dest: "{{ elasticsearch_conf_dir }}/jvm.options.d/10-heap.options"
Expand All @@ -216,7 +215,6 @@
when: (elasticsearch_heap)

- name: Set jvm paths
become: yes
ansible.builtin.template:
src: "jvm.options.d/paths.options.j2"
dest: "{{ elasticsearch_conf_dir }}/jvm.options.d/50-paths.options"
Expand All @@ -227,7 +225,6 @@
notify: Restart Elasticsearch

- name: Set jvm custom options
become: yes
ansible.builtin.template:
src: "jvm.options.d/custom.options.j2"
dest: "{{ elasticsearch_conf_dir }}/jvm.options.d/90-custom.options"
Expand Down Expand Up @@ -278,7 +275,7 @@
- name: Check for cluster status without security
ansible.builtin.uri:
# kics-scan ignore-line
url: "http://{{ elasticsearch_api_host }}:{{ elasticstack_elasticsearch_http_port }}/_cluster/health?pretty"

Check warning on line 278 in roles/elasticsearch/tasks/main.yml

View workflow job for this annotation

GitHub Actions / kics

[MEDIUM] Communication Over HTTP 

Using HTTP URLs (without encryption) could lead to security vulnerabilities and risks
register: elasticsearch_cluster_status
ignore_errors: "{{ ansible_check_mode }}"
until: elasticsearch_cluster_status.json.status == "green"
Expand Down
Loading