OpenSearch/Vagrantfile

499 lines
16 KiB
Plaintext
Raw Normal View History

#
# SPDX-License-Identifier: Apache-2.0
#
# The OpenSearch Contributors require contributions made to
# this file be licensed under the Apache-2.0 license or a
# compatible open source license.
#
# -*- mode: ruby -*-
# vim: ft=ruby ts=2 sw=2 sts=2 et:
# This Vagrantfile exists to test packaging. Read more about its use in the
# vagrant section in TESTING.asciidoc.
# Licensed to Elasticsearch under one or more contributor
# license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright
# ownership. Elasticsearch licenses this file to you under
# the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# Modifications Copyright OpenSearch Contributors. See
# GitHub history for details.
#
define_opts = {
autostart: false
}.freeze
Vagrant.configure(2) do |config|
config.vm.provider 'virtualbox' do |vbox|
# Give the box more memory and cpu because our tests are beasts!
vbox.memory = Integer(ENV['VAGRANT_MEMORY'] || 8192)
vbox.cpus = Integer(ENV['VAGRANT_CPUS'] || 4)
# see https://github.com/hashicorp/vagrant/issues/9524
vbox.customize ["modifyvm", :id, "--audio", "none"]
end
# Switch the default share for the project root from /vagrant to
# /opensearch because /vagrant is confusing when there is a project inside
# the opensearch project called vagrant....
config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.synced_folder '.', '/opensearch'
# TODO: make these syncs work for windows!!!
config.vm.synced_folder "#{Dir.home}/.vagrant/gradle/caches/jars-3", "/root/.gradle/caches/jars-3",
create: true,
owner: "vagrant"
config.vm.synced_folder "#{Dir.home}/.vagrant/gradle/caches/modules-2", "/root/.gradle/caches/modules-2",
create: true,
owner: "vagrant"
config.vm.synced_folder "#{Dir.home}/.gradle/wrapper", "/root/.gradle/wrapper",
create: true,
owner: "vagrant"
# Expose project directory. Note that VAGRANT_CWD may not be the same as Dir.pwd
PROJECT_DIR = ENV['VAGRANT_PROJECT_DIR'] || Dir.pwd
config.vm.synced_folder PROJECT_DIR, '/project'
'ubuntu-1604'.tap do |box|
config.vm.define box, define_opts do |config|
config.vm.box = 'elastic/ubuntu-16.04-x86_64'
deb_common config, box, extra: <<-SHELL
# Install Jayatana so we can work around it being present.
[ -f /usr/share/java/jayatanaag.jar ] || install jayatana
SHELL
ubuntu_docker config
end
end
'ubuntu-1804'.tap do |box|
config.vm.define box, define_opts do |config|
config.vm.box = 'elastic/ubuntu-18.04-x86_64'
deb_common config, box, extra: <<-SHELL
# Install Jayatana so we can work around it being present.
[ -f /usr/share/java/jayatanaag.jar ] || install jayatana
SHELL
ubuntu_docker config
end
end
# Wheezy's backports don't contain Openjdk 8 and the backflips
# required to get the sun jdk on there just aren't worth it. We have
# jessie and stretch for testing debian and it works fine.
'debian-8'.tap do |box|
config.vm.define box, define_opts do |config|
config.vm.box = 'elastic/debian-8-x86_64'
deb_common config, box, extra: <<-SHELL
# this sometimes gets a bad ip, and doesn't appear to be needed
rm -f /etc/apt/sources.list.d/http_debian_net_debian.list
SHELL
end
end
'debian-9'.tap do |box|
config.vm.define box, define_opts do |config|
config.vm.box = 'elastic/debian-9-x86_64'
deb_common config, box
deb_docker config
end
end
'centos-6'.tap do |box|
config.vm.define box, define_opts do |config|
config.vm.box = 'elastic/centos-6-x86_64'
rpm_common config, box
end
end
'centos-7'.tap do |box|
config.vm.define box, define_opts do |config|
config.vm.box = 'elastic/centos-7-x86_64'
rpm_common config, box
rpm_docker config
end
end
'oel-6'.tap do |box|
config.vm.define box, define_opts do |config|
config.vm.box = 'elastic/oraclelinux-6-x86_64'
rpm_common config, box
end
end
'oel-7'.tap do |box|
config.vm.define box, define_opts do |config|
config.vm.box = 'elastic/oraclelinux-7-x86_64'
rpm_common config, box
end
end
'fedora-28'.tap do |box|
config.vm.define box, define_opts do |config|
config.vm.box = 'elastic/fedora-28-x86_64'
dnf_common config, box
dnf_docker config
end
end
'fedora-29'.tap do |box|
config.vm.define box, define_opts do |config|
config.vm.box = 'elastic/fedora-29-x86_64'
dnf_common config, box
dnf_docker config
end
end
'sles-12'.tap do |box|
config.vm.define box, define_opts do |config|
config.vm.box = 'elastic/sles-12-x86_64'
sles_common config, box
end
end
2019-05-01 18:53:33 -04:00
'rhel-8'.tap do |box|
config.vm.define box, define_opts do |config|
config.vm.box = 'elastic/rhel-8-x86_64'
rpm_common config, box
end
end
windows_2012r2_box = ENV['VAGRANT_WINDOWS_2012R2_BOX']
if windows_2012r2_box && windows_2012r2_box.empty? == false
'windows-2012r2'.tap do |box|
config.vm.define box, define_opts do |config|
config.vm.box = windows_2012r2_box
windows_common config, box
end
end
end
windows_2016_box = ENV['VAGRANT_WINDOWS_2016_BOX']
if windows_2016_box && windows_2016_box.empty? == false
'windows-2016'.tap do |box|
config.vm.define box, define_opts do |config|
config.vm.box = windows_2016_box
windows_common config, box
end
end
end
end
def deb_common(config, name, extra: '')
# http://foo-o-rama.com/vagrant--stdin-is-not-a-tty--fix.html
config.vm.provision 'fix-no-tty', type: 'shell' do |s|
s.privileged = false
s.inline = "sudo sed -i '/tty/!s/mesg n/tty -s \\&\\& mesg n/' /root/.profile"
end
extra_with_lintian = <<-SHELL
#{extra}
install lintian
SHELL
linux_common(
config,
name,
update_command: 'apt-get update',
update_tracking_file: '/var/cache/apt/archives/last_update',
install_command: 'apt-get install -y --force-yes',
extra: extra_with_lintian
)
end
def ubuntu_docker(config)
config.vm.provision 'install Docker using apt', type: 'shell', inline: <<-SHELL
# Install packages to allow apt to use a repository over HTTPS
apt-get install -y --force-yes \
apt-transport-https \
ca-certificates \
curl \
gnupg2 \
software-properties-common
# Add Dockers official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
# Set up the stable Docker repository
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
# Install Docker. Unlike Fedora and CentOS, this also start the daemon.
apt-get update
apt-get install -y --force-yes docker-ce docker-ce-cli containerd.io
# Add vagrant to the Docker group, so that it can run commands
usermod -aG docker vagrant
# Enable IPv4 forwarding
sed -i '/net.ipv4.ip_forward/s/^#//' /etc/sysctl.conf
systemctl restart networking
SHELL
end
def deb_docker(config)
config.vm.provision 'install Docker using apt', type: 'shell', inline: <<-SHELL
# Install packages to allow apt to use a repository over HTTPS
apt-get install -y --force-yes \
apt-transport-https \
ca-certificates \
curl \
gnupg2 \
software-properties-common
# Add Dockers official GPG key
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
# Set up the stable Docker repository
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/debian \
$(lsb_release -cs) \
stable"
# Install Docker. Unlike Fedora and CentOS, this also start the daemon.
apt-get update
apt-get install -y --force-yes docker-ce docker-ce-cli containerd.io
# Add vagrant to the Docker group, so that it can run commands
usermod -aG docker vagrant
SHELL
end
def rpm_common(config, name)
linux_common(
config,
name,
update_command: 'yum check-update',
update_tracking_file: '/var/cache/yum/last_update',
install_command: 'yum install -y'
)
end
def rpm_docker(config)
config.vm.provision 'install Docker using yum', type: 'shell', inline: <<-SHELL
# Install prerequisites
yum install -y yum-utils device-mapper-persistent-data lvm2
# Add repository
yum-config-manager -y --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# Install Docker
yum install -y docker-ce docker-ce-cli containerd.io
# Start Docker
systemctl enable --now docker
# Add vagrant to the Docker group, so that it can run commands
usermod -aG docker vagrant
SHELL
end
def dnf_common(config, name)
# Autodetect doesn't work....
if Vagrant.has_plugin?('vagrant-cachier')
config.cache.auto_detect = false
config.cache.enable :generic, { :cache_dir => '/var/cache/dnf' }
end
linux_common(
config,
name,
update_command: 'dnf check-update',
update_tracking_file: '/var/cache/dnf/last_update',
install_command: 'dnf install -y',
install_command_retries: 5
)
end
def dnf_docker(config)
config.vm.provision 'install Docker using dnf', type: 'shell', inline: <<-SHELL
# Install prerequisites
dnf -y install dnf-plugins-core
# Add repository
dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
# Install Docker
dnf install -y docker-ce docker-ce-cli containerd.io
# Start Docker
systemctl enable --now docker
# Add vagrant to the Docker group, so that it can run commands
usermod -aG docker vagrant
SHELL
end
def suse_common(config, name, extra: '')
linux_common(
config,
name,
update_command: 'zypper --non-interactive list-updates',
update_tracking_file: '/var/cache/zypp/packages/last_update',
install_command: 'zypper --non-interactive --quiet install --no-recommends',
extra: extra
)
end
def sles_common(config, name)
extra = <<-SHELL
zypper rr systemsmanagement_puppet puppetlabs-pc1 devel_tools_scm
zypper ar http://download.opensuse.org/distribution/12.3/repo/oss/ oss
zypper --non-interactive --gpg-auto-import-keys refresh
zypper --non-interactive install git-core
# choose to "ignore some dependencies" of expect, which has a problem with tcl...
zypper --non-interactive install --force-resolution expect
SHELL
suse_common config, name, extra: extra
end
# Configuration needed for all linux boxes
# @param config Vagrant's config object. Required.
# @param name [String] The box name. Required.
# @param update_command [String] The command used to update the package
# manager. Required. Think `apt-get update`.
# @param update_tracking_file [String] The location of the file tracking the
# last time the update command was run. Required. Should be in a place that
# is cached by vagrant-cachier.
# @param install_command [String] The command used to install a package.
# Required. Think `apt-get install #{package}`.
# @param install_command_retries [Integer] Number of times to retry
# a failed install command
# @param extra [String] Additional script to run before installing
# dependencies
#
def linux_common(config,
name,
update_command: 'required',
update_tracking_file: 'required',
install_command: 'required',
install_command_retries: 0,
extra: '')
raise ArgumentError, 'update_command is required' if update_command == 'required'
raise ArgumentError, 'update_tracking_file is required' if update_tracking_file == 'required'
raise ArgumentError, 'install_command is required' if install_command == 'required'
if Vagrant.has_plugin?('vagrant-cachier')
config.cache.scope = :box
end
config.vm.provision 'markerfile', type: 'shell', inline: <<-SHELL
touch /etc/is_vagrant_vm
touch /is_vagrant_vm # for consistency between linux and windows
SHELL
# This prevents leftovers from previous tests using the
# same VM from messing up the current test
config.vm.provision 'clean es installs in tmp', run: 'always', type: 'shell', inline: <<-SHELL
rm -rf /tmp/opensearch*
SHELL
sh_set_prompt config, name
sh_install_deps(
config,
update_command,
update_tracking_file,
install_command,
install_command_retries,
extra
)
end
# Sets up a consistent prompt for all users. Or tries to. The VM might
# contain overrides for root and vagrant but this attempts to work around
# them by re-source-ing the standard prompt file.
def sh_set_prompt(config, name)
config.vm.provision 'set prompt', type: 'shell', inline: <<-SHELL
cat \<\<PROMPT > /etc/profile.d/opensearch_prompt.sh
export PS1='#{name}:\\w$ '
PROMPT
grep 'source /etc/profile.d/opensearch_prompt.sh' ~/.bashrc |
cat \<\<SOURCE_PROMPT >> ~/.bashrc
# Replace the standard prompt with a consistent one
source /etc/profile.d/opensearch_prompt.sh
SOURCE_PROMPT
grep 'source /etc/profile.d/opensearch_prompt.sh' ~vagrant/.bashrc |
cat \<\<SOURCE_PROMPT >> ~vagrant/.bashrc
# Replace the standard prompt with a consistent one
source /etc/profile.d/opensearch_prompt.sh
SOURCE_PROMPT
SHELL
end
def sh_install_deps(config,
update_command,
update_tracking_file,
install_command,
install_command_retries,
extra)
config.vm.provision 'install dependencies', type: 'shell', inline: <<-SHELL
set -e
set -o pipefail
# Retry install command up to $2 times, if failed
retry_installcommand() {
n=0
while true; do
#{install_command} $1 && break
let n=n+1
if [ $n -ge $2 ]; then
echo "==> Exhausted retries to install $1"
return 1
fi
echo "==> Retrying installing $1, attempt $((n+1))"
# Add a small delay to increase chance of metalink providing updated list of mirrors
sleep 5
done
}
installed() {
command -v $1 2>&1 >/dev/null
}
install() {
# Only apt-get update if we haven't in the last day
if [ ! -f #{update_tracking_file} ] || [ "x$(find #{update_tracking_file} -mtime +0)" == "x#{update_tracking_file}" ]; then
[test] Gradle-ify vagrant tests This gets the tar and tar_plugins tests working in gradle. It does so by adding a subproject, qa/vagrant, which adds the following tasks: Verification ------------ checkPackages - Check the packages against a representative sample of the linux distributions we have in our Vagrantfile checkPackagesAllDistros - Check the packages against all the linux distributions we have in our Vagrantfile Package Verification -------------------- checkCentos6 - Run packaging tests against centos-6 checkCentos7 - Run packaging tests against centos-7 checkDebian8 - Run packaging tests against debian-8 checkFedora22 - Run packaging tests against fedora-22 checkOel7 - Run packaging tests against oel-7 checkOpensuse13 - Run packaging tests against opensuse-13 checkSles12 - Run packaging tests against sles-12 checkUbuntu1204 - Run packaging tests against ubuntu-1204 checkUbuntu1404 - Run packaging tests against ubuntu-1404 checkUbuntu1504 - Run packaging tests against ubuntu-1504 Vagrant ------- smokeTestCentos6 - Smoke test the centos-6 VM smokeTestCentos7 - Smoke test the centos-7 VM smokeTestDebian8 - Smoke test the debian-8 VM smokeTestFedora22 - Smoke test the fedora-22 VM smokeTestOel7 - Smoke test the oel-7 VM smokeTestOpensuse13 - Smoke test the opensuse-13 VM smokeTestSles12 - Smoke test the sles-12 VM smokeTestUbuntu1204 - Smoke test the ubuntu-1204 VM smokeTestUbuntu1404 - Smoke test the ubuntu-1404 VM smokeTestUbuntu1504 - Smoke test the ubuntu-1504 VM vagrantHaltCentos6 - Shutdown the vagrant VM running centos-6 vagrantHaltCentos7 - Shutdown the vagrant VM running centos-7 vagrantHaltDebian8 - Shutdown the vagrant VM running debian-8 vagrantHaltFedora22 - Shutdown the vagrant VM running fedora-22 vagrantHaltOel7 - Shutdown the vagrant VM running oel-7 vagrantHaltOpensuse13 - Shutdown the vagrant VM running opensuse-13 vagrantHaltSles12 - Shutdown the vagrant VM running sles-12 vagrantHaltUbuntu1204 - Shutdown the vagrant VM running ubuntu-1204 vagrantHaltUbuntu1404 - Shutdown the vagrant VM running ubuntu-1404 vagrantHaltUbuntu1504 - Shutdown the vagrant VM running ubuntu-1504 vagrantSmokeTest - Smoke test some representative distros from the Vagrantfile vagrantSmokeTestAllDistros - Smoke test all distros from the Vagrantfile vagrantUpCentos6 - Startup a vagrant VM running centos-6 vagrantUpCentos7 - Startup a vagrant VM running centos-7 vagrantUpDebian8 - Startup a vagrant VM running debian-8 vagrantUpFedora22 - Startup a vagrant VM running fedora-22 vagrantUpOel7 - Startup a vagrant VM running oel-7 vagrantUpOpensuse13 - Startup a vagrant VM running opensuse-13 vagrantUpSles12 - Startup a vagrant VM running sles-12 vagrantUpUbuntu1204 - Startup a vagrant VM running ubuntu-1204 vagrantUpUbuntu1404 - Startup a vagrant VM running ubuntu-1404 vagrantUpUbuntu1504 - Startup a vagrant VM running ubuntu-1504 It does not make the "check" task depend on "checkPackages" so running the vagrant tests is still optional. They are slow and depend on vagrant and virtualbox. The Package Verification tasks are useful for testing individual distros. The Vagrant tasks are listed in `gradle tasks` primarily for discoverability.
2015-11-02 12:40:47 -05:00
echo "==> Updating repository"
#{update_command} || true
touch #{update_tracking_file}
fi
[test] Gradle-ify vagrant tests This gets the tar and tar_plugins tests working in gradle. It does so by adding a subproject, qa/vagrant, which adds the following tasks: Verification ------------ checkPackages - Check the packages against a representative sample of the linux distributions we have in our Vagrantfile checkPackagesAllDistros - Check the packages against all the linux distributions we have in our Vagrantfile Package Verification -------------------- checkCentos6 - Run packaging tests against centos-6 checkCentos7 - Run packaging tests against centos-7 checkDebian8 - Run packaging tests against debian-8 checkFedora22 - Run packaging tests against fedora-22 checkOel7 - Run packaging tests against oel-7 checkOpensuse13 - Run packaging tests against opensuse-13 checkSles12 - Run packaging tests against sles-12 checkUbuntu1204 - Run packaging tests against ubuntu-1204 checkUbuntu1404 - Run packaging tests against ubuntu-1404 checkUbuntu1504 - Run packaging tests against ubuntu-1504 Vagrant ------- smokeTestCentos6 - Smoke test the centos-6 VM smokeTestCentos7 - Smoke test the centos-7 VM smokeTestDebian8 - Smoke test the debian-8 VM smokeTestFedora22 - Smoke test the fedora-22 VM smokeTestOel7 - Smoke test the oel-7 VM smokeTestOpensuse13 - Smoke test the opensuse-13 VM smokeTestSles12 - Smoke test the sles-12 VM smokeTestUbuntu1204 - Smoke test the ubuntu-1204 VM smokeTestUbuntu1404 - Smoke test the ubuntu-1404 VM smokeTestUbuntu1504 - Smoke test the ubuntu-1504 VM vagrantHaltCentos6 - Shutdown the vagrant VM running centos-6 vagrantHaltCentos7 - Shutdown the vagrant VM running centos-7 vagrantHaltDebian8 - Shutdown the vagrant VM running debian-8 vagrantHaltFedora22 - Shutdown the vagrant VM running fedora-22 vagrantHaltOel7 - Shutdown the vagrant VM running oel-7 vagrantHaltOpensuse13 - Shutdown the vagrant VM running opensuse-13 vagrantHaltSles12 - Shutdown the vagrant VM running sles-12 vagrantHaltUbuntu1204 - Shutdown the vagrant VM running ubuntu-1204 vagrantHaltUbuntu1404 - Shutdown the vagrant VM running ubuntu-1404 vagrantHaltUbuntu1504 - Shutdown the vagrant VM running ubuntu-1504 vagrantSmokeTest - Smoke test some representative distros from the Vagrantfile vagrantSmokeTestAllDistros - Smoke test all distros from the Vagrantfile vagrantUpCentos6 - Startup a vagrant VM running centos-6 vagrantUpCentos7 - Startup a vagrant VM running centos-7 vagrantUpDebian8 - Startup a vagrant VM running debian-8 vagrantUpFedora22 - Startup a vagrant VM running fedora-22 vagrantUpOel7 - Startup a vagrant VM running oel-7 vagrantUpOpensuse13 - Startup a vagrant VM running opensuse-13 vagrantUpSles12 - Startup a vagrant VM running sles-12 vagrantUpUbuntu1204 - Startup a vagrant VM running ubuntu-1204 vagrantUpUbuntu1404 - Startup a vagrant VM running ubuntu-1404 vagrantUpUbuntu1504 - Startup a vagrant VM running ubuntu-1504 It does not make the "check" task depend on "checkPackages" so running the vagrant tests is still optional. They are slow and depend on vagrant and virtualbox. The Package Verification tasks are useful for testing individual distros. The Vagrant tasks are listed in `gradle tasks` primarily for discoverability.
2015-11-02 12:40:47 -05:00
echo "==> Installing $1"
if [ #{install_command_retries} -eq 0 ]
then
#{install_command} $1
else
retry_installcommand $1 #{install_command_retries}
fi
}
ensure() {
installed $1 || install $1
}
#{extra}
ensure tar
ensure curl
ensure unzip
ensure rsync
Password-protected Keystore Feature Branch PR (#51123) (#51510) * Reload secure settings with password (#43197) If a password is not set, we assume an empty string to be compatible with previous behavior. Only allow the reload to be broadcast to other nodes if TLS is enabled for the transport layer. * Add passphrase support to elasticsearch-keystore (#38498) This change adds support for keystore passphrases to all subcommands of the elasticsearch-keystore cli tool and adds a subcommand for changing the passphrase of an existing keystore. The work to read the passphrase in Elasticsearch when loading, which will be addressed in a different PR. Subcommands of elasticsearch-keystore can handle (open and create) passphrase protected keystores When reading a keystore, a user is only prompted for a passphrase only if the keystore is passphrase protected. When creating a keystore, a user is allowed (default behavior) to create one with an empty passphrase Passphrase can be set to be empty when changing/setting it for an existing keystore Relates to: #32691 Supersedes: #37472 * Restore behavior for force parameter (#44847) Turns out that the behavior of `-f` for the add and add-file sub commands where it would also forcibly create the keystore if it didn't exist, was by design - although undocumented. This change restores that behavior auto-creating a keystore that is not password protected if the force flag is used. The force OptionSpec is moved to the BaseKeyStoreCommand as we will presumably want to maintain the same behavior in any other command that takes a force option. * Handle pwd protected keystores in all CLI tools (#45289) This change ensures that `elasticsearch-setup-passwords` and `elasticsearch-saml-metadata` can handle a password protected elasticsearch.keystore. For setup passwords the user would be prompted to add the elasticsearch keystore password upon running the tool. There is no option to pass the password as a parameter as we assume the user is present in order to enter the desired passwords for the built-in users. For saml-metadata, we prompt for the keystore password at all times even though we'd only need to read something from the keystore when there is a signing or encryption configuration. * Modify docs for setup passwords and saml metadata cli (#45797) Adds a sentence in the documentation of `elasticsearch-setup-passwords` and `elasticsearch-saml-metadata` to describe that users would be prompted for the keystore's password when running these CLI tools, when the keystore is password protected. Co-Authored-By: Lisa Cawley <lcawley@elastic.co> * Elasticsearch keystore passphrase for startup scripts (#44775) This commit allows a user to provide a keystore password on Elasticsearch startup, but only prompts when the keystore exists and is encrypted. The entrypoint in Java code is standard input. When the Bootstrap class is checking for secure keystore settings, it checks whether or not the keystore is encrypted. If so, we read one line from standard input and use this as the password. For simplicity's sake, we allow a maximum passphrase length of 128 characters. (This is an arbitrary limit and could be increased or eliminated. It is also enforced in the keystore tools, so that a user can't create a password that's too long to enter at startup.) In order to provide a password on standard input, we have to account for four different ways of starting Elasticsearch: the bash startup script, the Windows batch startup script, systemd startup, and docker startup. We use wrapper scripts to reduce systemd and docker to the bash case: in both cases, a wrapper script can read a passphrase from the filesystem and pass it to the bash script. In order to simplify testing the need for a passphrase, I have added a has-passwd command to the keystore tool. This command can run silently, and exit with status 0 when the keystore has a password. It exits with status 1 if the keystore doesn't exist or exists and is unencrypted. A good deal of the code-change in this commit has to do with refactoring packaging tests to cleanly use the same tests for both the "archive" and the "package" cases. This required not only moving tests around, but also adding some convenience methods for an abstraction layer over distribution-specific commands. * Adjust docs for password protected keystore (#45054) This commit adds relevant parts in the elasticsearch-keystore sub-commands reference docs and in the reload secure settings API doc. * Fix failing Keystore Passphrase test for feature branch (#50154) One problem with the passphrase-from-file tests, as written, is that they would leave a SystemD environment variable set when they failed, and this setting would cause elasticsearch startup to fail for other tests as well. By using a try-finally, I hope that these tests will fail more gracefully. It appears that our Fedora and Ubuntu environments may be configured to store journald information under /var rather than under /run, so that it will persist between boots. Our destructive tests that read from the journal need to account for this in order to avoid trying to limit the output we check in tests. * Run keystore management tests on docker distros (#50610) * Add Docker handling to PackagingTestCase Keystore tests need to be able to run in the Docker case. We can do this by using a DockerShell instead of a plain Shell when Docker is running. * Improve ES startup check for docker Previously we were checking truncated output for the packaged JDK as an indication that Elasticsearch had started. With new preliminary password checks, we might get a false positive from ES keystore commands, so we have to check specifically that the Elasticsearch class from the Bootstrap package is what's running. * Test password-protected keystore with Docker (#50803) This commit adds two tests for the case where we mount a password-protected keystore into a Docker container and provide a password via a Docker environment variable. We also fix a logging bug where we were logging the identifier for an array of strings rather than the contents of that array. * Add documentation for keystore startup prompting (#50821) When a keystore is password-protected, Elasticsearch will prompt at startup. This commit adds documentation for this prompt for the archive, systemd, and Docker cases. Co-authored-by: Lisa Cawley <lcawley@elastic.co> * Warn when unable to upgrade keystore on debian (#51011) For Red Hat RPM upgrades, we warn if we can't upgrade the keystore. This commit brings the same logic to the code for Debian packages. See the posttrans file for gets executed for RPMs. * Restore handling of string input Adds tests that were mistakenly removed. One of these tests proved we were not handling the the stdin (-x) option correctly when no input was added. This commit restores the original approach of reading stdin one char at a time until there is no more (-1, \r, \n) instead of using readline() that might return null * Apply spotless reformatting * Use '--since' flag to get recent journal messages When we get Elasticsearch logs from journald, we want to fetch only log messages from the last run. There are two reasons for this. First, if there are many logs, we might get a string that's too large for our utility methods. Second, when we're looking for a specific message or error, we almost certainly want to look only at messages from the last execution. Previously, we've been trying to do this by clearing out the physical files under the journald process. But there seems to be some contention over these directories: if journald writes a log file in between when our deletion command deletes the file and when it deletes the log directory, the deletion will fail. It seems to me that we might be able to use journald's "--since" flag to retrieve only log messages from the last run, and that this might be less likely to fail due to race conditions in file deletion. Unfortunately, it looks as if the "--since" flag has a granularity of one-second. I've added a two-second sleep to make sure that there's a sufficient gap between the test that will read from journald and the test before it. * Use new journald wrapper pattern * Update version added in secure settings request Co-authored-by: Lisa Cawley <lcawley@elastic.co> Co-authored-by: Ioannis Kakavas <ikakavas@protonmail.com>
2020-01-28 05:32:32 -05:00
ensure expect
cat \<\<SUDOERS_VARS > /etc/sudoers.d/opensearch_vars
Defaults env_keep += "JAVA_HOME"
Defaults env_keep += "SYSTEM_JAVA_HOME"
SUDOERS_VARS
chmod 0440 /etc/sudoers.d/opensearch_vars
SHELL
end
def windows_common(config, name)
config.vm.provision 'set prompt', type: 'shell', inline: <<-SHELL
$ErrorActionPreference = "Stop"
$ps_prompt = 'function Prompt { "#{name}:$($ExecutionContext.SessionState.Path.CurrentLocation)>" }'
$ps_prompt | Out-File $PsHome/Microsoft.PowerShell_profile.ps1
SHELL
end