Add tests for elasticsearch, kibana and logstash cookbooks

diff --git a/.github/workflows/test-kitchen.yml b/.github/workflows/test-kitchen.yml
index 5345c0ed3ebd9675b030e84f641fff8bfc6f9de1..7cb3e874a33c6d64e4e91d66144e09c8b77c036a 100644 (file)
--- a/.github/workflows/test-kitchen.yml
+++ b/.github/workflows/test-kitchen.yml
@@ -26,6 +26,7 @@ jobs:
           - dhcpd
           - dmca
           - donate
+          - elasticsearch
           - exim
           - fail2ban
           - forum
@@ -39,7 +40,10 @@ jobs:
           - hardware
           - hot
           - incron
+          - kibana
           - letsencrypt
+          - logstash
+          - logstash-forwarder
           - mailman
           - memcached
           - munin

diff --git a/.kitchen.yml b/.kitchen.yml
index 4195d7e0d7246c2ee2724b6403520dcc02be084a..c21b1a1773395ee67bb082d222098bd2cbe15d27 100644 (file)
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -93,6 +93,9 @@ suites:
   - name: donate
     run_list:
       - recipe[donate::default]
+  - name: elasticsearch
+    run_list:
+      - recipe[elasticsearch::default]
   - name: exim
     run_list:
       - recipe[exim::default]
@@ -138,6 +141,9 @@ suites:
   - name: incron
     run_list:
       - recipe[incron::default]
+  - name: kibana
+    run_list:
+      - recipe[kibana::default]
   - name: letsencrypt
     run_list:
       - recipe[letsencrypt::default]
@@ -145,6 +151,20 @@ suites:
       apt:
         sources:
           - openstreetmap
+  - name: logstash
+    run_list:
+      - recipe[logstash::default]
+  - name: logstash-forwarder
+    run_list:
+      - recipe[logstash::forwarder]
+    attributes:
+      logstash:
+        forwarder:
+          filebeat.prospectors:
+            - input_type: log
+              paths:
+                - /var/log/apache2/access.log
+              type: apache
   - name: mailman
     run_list:
       - recipe[mailman::default]

diff --git a/cookbooks/elasticsearch/attributes/default.rb b/cookbooks/elasticsearch/attributes/default.rb
index a2a643412d568305b6c98022938f9e93653e6c7d..1de57c968b7eb6c4148fc96ddd9279dd256237df 100644 (file)
--- a/cookbooks/elasticsearch/attributes/default.rb
+++ b/cookbooks/elasticsearch/attributes/default.rb
@@ -1,4 +1,5 @@
-default[:elasticsearch][:version] = "1.7"
+default[:elasticsearch][:version] = "6.x"
+default[:elasticsearch][:cluster][:name] = "default"
 default[:elasticsearch][:cluster][:routing][:allocation][:disk][:watermark][:low] = "85%"
 default[:elasticsearch][:cluster][:routing][:allocation][:disk][:watermark][:high] = "90%"
 default[:elasticsearch][:cluster][:routing][:allocation][:disk][:watermark][:flood_stage] = "95%"

diff --git a/cookbooks/elasticsearch/metadata.rb b/cookbooks/elasticsearch/metadata.rb
index 9bab57ae284c0241541563328cce4a559905dc16..37f38ee1a5052f10020f1bcc64d00df82b355814 100644 (file)
--- a/cookbooks/elasticsearch/metadata.rb
+++ b/cookbooks/elasticsearch/metadata.rb
@@ -6,3 +6,4 @@ description       "Installs and configures a elasticsearch server"
 
 version           "1.0.0"
 supports          "ubuntu"
+depends           "apt"

diff --git a/cookbooks/elasticsearch/recipes/default.rb b/cookbooks/elasticsearch/recipes/default.rb
index d2ba1d31b6a1fb5f1527cca3c44f25f3ec85c66b..7feaa4a4cb269d5caa4daf075641c37ace455d1d 100644 (file)
--- a/cookbooks/elasticsearch/recipes/default.rb
+++ b/cookbooks/elasticsearch/recipes/default.rb
@@ -17,10 +17,10 @@
 # limitations under the License.
 #
 
-package %w[
-  default-jre-headless
-  elasticsearch
-]
+include_recipe "apt"
+
+package "default-jre-headless"
+package "elasticsearch"
 
 template "/etc/elasticsearch/elasticsearch.yml" do
   source "elasticsearch.yml.erb"

diff --git a/cookbooks/kibana/attributes/default.rb b/cookbooks/kibana/attributes/default.rb
index 46dda49ceb4c3410bde5960a0a915dc1fa162617..bb431975a25e25f1a51828f22779b874cec4dcf6 100644 (file)
--- a/cookbooks/kibana/attributes/default.rb
+++ b/cookbooks/kibana/attributes/default.rb
@@ -1,2 +1,4 @@
 default[:kibana][:version] = "4.1.1"
 default[:kibana][:sites] = {}
+
+default[:accounts][:users][:kibana][:status] = :role

diff --git a/cookbooks/kibana/metadata.rb b/cookbooks/kibana/metadata.rb
index 83c575e9bc058893ad6393eb95193ecf5f810e7b..ec3e6f4c60b80e857e15a8223ea04edfbd6eb743 100644 (file)
--- a/cookbooks/kibana/metadata.rb
+++ b/cookbooks/kibana/metadata.rb
@@ -6,5 +6,6 @@ description       "Installs and configures a kibana server"
 
 version           "1.0.0"
 supports          "ubuntu"
+depends           "accounts"
 depends           "apache"
 depends           "systemd"

diff --git a/cookbooks/kibana/recipes/default.rb b/cookbooks/kibana/recipes/default.rb
index 8f20eb5238382f964b6547117b77f4d3a4fc5c46..ceeaf13df57603f5aebe04a3e79fc33e37d6feb5 100644 (file)
--- a/cookbooks/kibana/recipes/default.rb
+++ b/cookbooks/kibana/recipes/default.rb
@@ -19,6 +19,7 @@
 
 require "yaml"
 
+include_recipe "accounts"
 include_recipe "apache"
 
 apache_module "proxy_http"
@@ -26,7 +27,7 @@ apache_module "proxy_http"
 version = node[:kibana][:version]
 
 remote_file "#{Chef::Config[:file_cache_path]}/kibana-#{version}.tar.gz" do
-  source "https://download.elastic.co/kibana/kibana/kibana-4.1.1-linux-x64.tar.gz"
+  source "https://download.elastic.co/kibana/kibana/kibana-#{version}-linux-x64.tar.gz"
   not_if { ::File.exist?("/opt/kibana-#{version}/bin/kibana") }
 end
 

diff --git a/cookbooks/logstash/attributes/default.rb b/cookbooks/logstash/attributes/default.rb
index 4014b7207bc99a5e8e53f917901b44b3ffe5befa..ff9cace3ef453fc814b8fd12b9fdbf3d7e719708 100644 (file)
--- a/cookbooks/logstash/attributes/default.rb
+++ b/cookbooks/logstash/attributes/default.rb
@@ -2,3 +2,5 @@ default[:logstash][:forwarder]["output.logstash"]["hosts"] = ["logstash.openstre
 default[:logstash][:forwarder]["output.logstash"]["ssl.certificate_authorities"] = "/etc/filebeat/filebeat.crt"
 default[:logstash][:forwarder]["output.logstash"]["ssl.verification_mode"] = "none"
 default[:logstash][:forwarder]["filebeat.prospectors"] = []
+
+default[:elasticsearch][:cluster][:name] = "logstash"

diff --git a/cookbooks/logstash/metadata.rb b/cookbooks/logstash/metadata.rb
index e13ece1b0ebca6e6ccbfbbc8f8f2d5dcb3ee97e5..a1a7d387bc4385f451f2f29c107816480fc25608 100644 (file)
--- a/cookbooks/logstash/metadata.rb
+++ b/cookbooks/logstash/metadata.rb
@@ -6,4 +6,6 @@ description       "Installs and configures a elasticsearch server"
 
 version           "1.0.0"
 supports          "ubuntu"
+depends           "apt"
+depends           "elasticsearch"
 depends           "networking"

diff --git a/cookbooks/logstash/recipes/default.rb b/cookbooks/logstash/recipes/default.rb
index babff56df277c1532a6249251a4fad18b68d59aa..e58df226bfe14e983f4bb13d896b756f0d9a848e 100644 (file)
--- a/cookbooks/logstash/recipes/default.rb
+++ b/cookbooks/logstash/recipes/default.rb
@@ -17,6 +17,7 @@
 # limitations under the License.
 #
 
+include_recipe "elasticsearch"
 include_recipe "networking"
 
 keys = data_bag_item("logstash", "keys")
@@ -47,7 +48,7 @@ template "/etc/logstash/conf.d/chef.conf" do
   user "root"
   group "root"
   mode 0o644
-  notifies :reload, "service[logstash]"
+  notifies :start, "service[logstash]"
 end
 
 file "/etc/logrotate.d/logstash" do
@@ -64,7 +65,6 @@ end
 
 service "logstash" do
   action [:enable, :start]
-  supports :status => true, :restart => true, :reload => true
 end
 
 template "/etc/cron.daily/expire-logstash" do

diff --git a/cookbooks/logstash/recipes/forwarder.rb b/cookbooks/logstash/recipes/forwarder.rb
index 14866558b3fc40e27d33d1b11d2aba7ab8eeacb2..c87b9edf13f4a2893946fafc04277fdb15751b90 100644 (file)
--- a/cookbooks/logstash/recipes/forwarder.rb
+++ b/cookbooks/logstash/recipes/forwarder.rb
@@ -19,6 +19,8 @@
 
 require "yaml"
 
+include_recipe "apt"
+
 package "filebeat"
 
 cookbook_file "/etc/filebeat/filebeat.crt" do

diff --git a/roles/kibana.rb b/roles/kibana.rb
index 6198120cfd7c65f680a4923fc97a0c95ce403b11..d45d4e53f9e2a3421710f6bb5bd4709022e60f26 100644 (file)
--- a/roles/kibana.rb
+++ b/roles/kibana.rb
@@ -1,14 +1,6 @@
 name "kibana"
 description "Role applied to all kibana servers"
 
-default_attributes(
-  :accounts => {
-    :users => {
-      :kibana => { :status => :role }
-    }
-  }
-)
-
 run_list(
   "recipe[kibana]"
 )

diff --git a/roles/logstash.rb b/roles/logstash.rb
index 9e421fc8d2ad5ec7eb7ef53334684df6eec242e6..b5cbac83630910bb098a2a944afa92d9d7c38ae1 100644 (file)
--- a/roles/logstash.rb
+++ b/roles/logstash.rb
@@ -2,12 +2,6 @@ name "logstash"
 description "Role applied to all logstash servers"
 
 default_attributes(
-  :elasticsearch => {
-    :cluster => {
-      :name => "logstash"
-    },
-    :version => "6.x"
-  },
   :kibana => {
     :sites => {
       :logstash => {

diff --git a/test/data_bags/accounts/kibana.json b/test/data_bags/accounts/kibana.json
new file mode 100644 (file)
index 0000000..1d2fc53
--- /dev/null
+++ b/test/data_bags/accounts/kibana.json
@@ -0,0 +1,6 @@
+{
+  "id": "kibana",
+  "uid": "521",
+  "comment": "Kibana",
+  "manage_home": false
+}

diff --git a/test/data_bags/logstash/keys.json b/test/data_bags/logstash/keys.json
new file mode 100644 (file)
index 0000000..69f7fe5
--- /dev/null
+++ b/test/data_bags/logstash/keys.json
@@ -0,0 +1,11 @@
+{
+  "id": "keys",
+  "lumberjack": [
+    "-----BEGIN PRIVATE KEY-----",
+    "-----END PRIVATE KEY-----"
+  ],
+  "beats": [
+    "-----BEGIN PRIVATE KEY-----",
+    "-----END PRIVATE KEY-----"
+  ]
+}

diff --git a/test/integration/elasticsearch/serverspec/elasticsearch_spec.rb b/test/integration/elasticsearch/serverspec/elasticsearch_spec.rb
new file mode 100644 (file)
index 0000000..b4e9fa7
--- /dev/null
+++ b/test/integration/elasticsearch/serverspec/elasticsearch_spec.rb
@@ -0,0 +1,17 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("elasticsearch") do
+  it { should be_installed }
+end
+
+describe service("elasticsearch") do
+  it { should be_enabled }
+  it { should be_running }
+end
+
+# describe port(9200) do
+#  it { should be_listening.with("tcp") }
+# end

diff --git a/test/integration/kibana/serverspec/apache_spec.rb b/test/integration/kibana/serverspec/apache_spec.rb
new file mode 100644 (file)
index 0000000..446d3b9
--- /dev/null
+++ b/test/integration/kibana/serverspec/apache_spec.rb
@@ -0,0 +1,21 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("apache2") do
+  it { should be_installed }
+end
+
+describe service("apache2") do
+  it { should be_enabled }
+  it { should be_running }
+end
+
+describe port(80) do
+  it { should be_listening.with("tcp") }
+end
+
+describe port(443) do
+  it { should be_listening.with("tcp") }
+end

diff --git a/test/integration/logstash-forwarder/serverspec/filebeat_spec.rb b/test/integration/logstash-forwarder/serverspec/filebeat_spec.rb
new file mode 100644 (file)
index 0000000..6ac089a
--- /dev/null
+++ b/test/integration/logstash-forwarder/serverspec/filebeat_spec.rb
@@ -0,0 +1,13 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("filebeat") do
+  it { should be_installed }
+end
+
+describe service("filebeat") do
+  it { should be_enabled }
+  it { should be_running }
+end

diff --git a/test/integration/logstash/serverspec/elasticsearch_spec.rb b/test/integration/logstash/serverspec/elasticsearch_spec.rb
new file mode 100644 (file)
index 0000000..b4e9fa7
--- /dev/null
+++ b/test/integration/logstash/serverspec/elasticsearch_spec.rb
@@ -0,0 +1,17 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("elasticsearch") do
+  it { should be_installed }
+end
+
+describe service("elasticsearch") do
+  it { should be_enabled }
+  it { should be_running }
+end
+
+# describe port(9200) do
+#  it { should be_listening.with("tcp") }
+# end

diff --git a/test/integration/logstash/serverspec/logstash_spec.rb b/test/integration/logstash/serverspec/logstash_spec.rb
new file mode 100644 (file)
index 0000000..c339de5
--- /dev/null
+++ b/test/integration/logstash/serverspec/logstash_spec.rb
@@ -0,0 +1,17 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("logstash") do
+  it { should be_installed }
+end
+
+describe service("logstash") do
+  it { should be_enabled }
+  it { should be_running }
+end
+
+# describe port(5044) do
+#  it { should be_listening.with("tcp") }
+# end