Install a specific version of all tools

README.md

@@ -39,6 +39,10 @@ You may want the following Ansible roles installed. There other ways to achieve
 
 ## Usage
 
+* *elastic_version*: Version number of tools to install Only set if you don't want the latest. (default: none). For OSS version see `elastic_variant` below. **IMPORTANT** Do not change the version once you have set up the stack. There are unpredictable effects to be expected when using this for upgrades. And upgrade mechanism is already on it's way. (default: none. Example: `7.17.2`
+*elastic_release*: Major release version of Elastic stack to configure. (default: `7`)
+*elastic_variant*: Variant of the stack to install. Valid values: `elastic` or `oss`. (default: `elastic`)
+
 ### Default Passwords 
 
 Default Passwords  can be seen during generation, or found later in `/usr/share/elasticsearch/initial_passwords`

docs/role-beats.md

@@ -14,7 +14,7 @@ Role Variables
 --------------
 
 * *beats_filebeat*: Install and manage filebeat (Default: `true`)
-* *beats_filebeat_version*: Install specific version (Default: none. Possible values: e.g. `-7.10.1` for RedHat compatible systems or `=1:7.10.1-1` for Debian compatible systems or `latest`)
+* *elastic_version*: Install specific version (Default: none. Possible values: e.g. `-7.10.1` for RedHat compatible systems or `=1:7.10.1-1` for Debian compatible systems or `latest`)
 * *filebeat_enable*: Automatically start Filebeat (Default: `true`)
 * *filebeat_output*: Set to `logstash` or `elasticsearch`. (default: `logstash`)
 * *filebeat_syslog_udp*: Use UDP Syslog input (Default: `false`)
@@ -66,14 +66,14 @@ filebeat_journald_inputs:
 * *filebeat_modules*: **EXPERIMENTAL**: Give a list of modules to enable. (default: none)
 
 * *beats_auditbeat*: Install and manage filebeat (Default: `false`)
-* *beats_auditbeat_version*: Install specific version (Default: none. Possible values: e.g. `-7.10.1` for RedHat compatible systems or `=1:7.10.1-1` for Debian compatible systems or `latest`)
+* *elastic_version*: Install specific version (Default: none. Possible values: e.g. `-7.10.1` for RedHat compatible systems or `=1:7.10.1-1` for Debian compatible systems or `latest`)
 * *auditbeat_output*: Output for Auditbeat Set to `logstash` or `elasticsearch`. (default: `elasticsearch`)
 * *auditbeat_enable*: Automatically start Auditbeat (Default: `true`)
 * *auditbeat_setup*: Run Auditbeat Setup (Default: `true`) (Only works with Elasticsearch output)
 * *auditbeat_loadbalance*: Enable loadbalancing for Auditbeats Logstash output (default: `true`)
 
 * *beats_metricbeat*: Enable installation and management of Metricbeat (Default: `false`)
-* *beats_metricbeat_version*: Install specific version (Default: none. Possible values: e.g. `-7.10.1` for RedHat compatible systems or `=1:7.10.1-1` for Debian compatible systems or `latest`)
+* *elastic_version*: Install specific version (Default: none. Possible values: e.g. `-7.10.1` for RedHat compatible systems or `=1:7.10.1-1` for Debian compatible systems or `latest`)
 * *metricbeat_enable*: Start Metricbeat automatically (Default: `true`)
 * *metricbeat_output*: Set to `logstash` or `elasticsearch`. (default: `elasticsearch`)
 * *metricbeat_modules*: List of modules to enable. (Default: `- system`)

docs/role-logstash.md

@@ -29,7 +29,7 @@ If you want to use the default pipeline (or other pipelines communicating via Re
 Role Variables
 --------------
 
-* *logstash_version*: Version number of Logstash to install (use os specific version string. e.g. `-7.10.1` for RedHat compatible systems or `=1:7.10.1-1` for Debian compatible systems). Only set if you don't want the latest. (default: none). For OSS version see `elastic_variant` below.
+* *elastic_version*: Version number of Logstash to install (use os specific version string. e.g. `-7.10.1` for RedHat compatible systems or `=1:7.10.1-1` for Debian compatible systems). Only set if you don't want the latest. (default: none). For OSS version see `elastic_variant` below.
 * *logstash_enable*: Start and enable Logstash service (default: `true`)
 * *logstash_config_backup*: Keep backups of all changed configuration (default: `no`)
 * *logstash_manage_yaml*: Manage and overwrite `logstash.yml` (default: `true`)

molecule/beats_peculiar/converge.yml

@@ -23,7 +23,6 @@
     elastic_stack_full_stack: false
     filebeat_mysql_slowlog_input: true
     beats_auditbeat: true
-    beats_auditbeat_version: latest
     auditbeat_output: logstash
     auditbeat_enable: false # can't run on GitHub because of permissions
     filebeat_journald_inputs:
@@ -36,18 +35,18 @@
     #filebeat_docker: true
     elastic_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}"
   tasks:
-    # Looks like Elastic isn't providing all old releases
-    # anymore
-    #
-    #- name: Set Filebeat version on RedHat
-    #  set_fact:
-    #    beats_filebeat_version: "-7.16.1"
-    #  when: ansible_os_family == "RedHat"
 
-    #- name: Set Filebeat version on Debian
-    #  set_fact:
-    #    beats_filebeat_version: "=7.16.1"
-    #  when: ansible_os_family == "Debian"
+    - name: Set Filebeat version for 7.x
+      set_fact:
+        elastic_version: "7.17.1"
+      when:
+        - elastic_release == 7
+
+    - name: Set Filebeat version for 8.x
+      set_fact:
+        elastic_version: "8.4.1"
+      when:
+        - elastic_release == 8
 
     - name: "Include Elastics repos role"
       include_role:

molecule/beats_peculiar/verify.yml

@@ -11,8 +11,16 @@
     debug:
       var: filebeat_version.stdout
 
-  #- name: Fail if Filebeat has the wrong version
-  #  fail:
-  #    msg: "Filebeat has the wrong version"
+  - name: Fail if Filebeat has the wrong version
+    fail:
+      msg: "Filebeat has the wrong version"
+    when:
+      - filebeat_version.stdout.find('7.17.1') == -1
+      - elastic_release == 7
 
-  #  when: filebeat_version.stdout.find('7.16.1') == -1
+  - name: Fail if Filebeat has the wrong version
+    fail:
+      msg: "Filebeat has the wrong version"
+    when:
+      - filebeat_version.stdout.find('8.4.1') == -1
+      - elastic_release == 8

molecule/logstash_specific_version/converge.yml

@@ -18,12 +18,12 @@
 
   - name: Set Logstash version on RedHat
     set_fact:
-      logstash_version: "-7.10.1"
+      elastic_version: "-7.10.1"
     when: ansible_os_family == "RedHat"
 
   - name: Set Logstash version on Debian
     set_fact:
-      logstash_version: "=1:7.10.1-1"
+      elastic_version: "=1:7.10.1-1"
     when: ansible_os_family == "Debian"
 
   - name: "Include Elastics repos role"

molecule/logstash_specific_version/molecule.yml

@@ -4,7 +4,7 @@ dependency:
 driver:
   name: docker
 platforms:
-  - name: logstash_version
+  - name: elastic_version
     image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:

molecule/logstash_specific_version/verify.yml

@@ -6,8 +6,8 @@
   tasks:
   - name: Run syntax check
     command: "/usr/share/logstash/bin/logstash --version | grep ^logstash"
-    register: logstash_version
+    register: elastic_version
   - name: Fail if Logstash has the wrong version
     fail:
       msg: "Logstash has the wrong version"
-    when: not "logstash 7.10.1" in logstash_version.stdout_lines
+    when: not "logstash 7.10.1" in elastic_version.stdout_lines

roles/beats/tasks/auditbeat.yml

@@ -2,16 +2,16 @@
 - name: Install Auditbeat
   package:
     name: auditbeat
-  when: beats_auditbeat_version is not defined
+  when: elastic_version is not defined
 
 - name: Install Auditbeat specific version
   package:
-    name: "auditbeat{{ beats_auditbeat_version }}"
+    name: "auditbeat{{ elastic_versionseparator }}{{ elastic_version }}"
   notify:
     - Restart Auditbeat
   when:
-    - beats_auditbeat_version is defined
-    - beats_auditbeat_version != "latest"
+    - elastic_version is defined
+    - elastic_version != "latest"
 
 - name: Install Auditbeat latest version
   package:
@@ -20,8 +20,8 @@
   notify:
     - Restart Auditbeat
   when:
-    - beats_auditbeat_version is defined
-    - beats_auditbeat_version == "latest"
+    - elastic_version is defined
+    - elastic_version == "latest"
 
 - name: Configure Auditbeat
   template:

roles/beats/tasks/filebeat.yml

@@ -2,16 +2,16 @@
 - name: Install Filebeat
   package:
     name: filebeat
-  when: beats_filebeat_version is not defined
+  when: elastic_version is not defined
 
 - name: Install Filebeat specific version
   package:
-    name: "filebeat{{ beats_filebeat_version }}"
+    name: "filebeat{{ elastic_versionseparator }}{{ elastic_version }}"
   notify:
     - Restart Filebeat
   when:
-    - beats_filebeat_version is defined
-    - beats_filebeat_version != "latest"
+    - elastic_version is defined
+    - elastic_version != "latest"
 
 - name: Install Filebeat latest version
   package:
@@ -20,8 +20,8 @@
   notify:
     - Restart Filebeat
   when:
-    - beats_filebeat_version is defined
-    - beats_filebeat_version == "latest"
+    - elastic_version is defined
+    - elastic_version == "latest"
 
 - name: Configure Filebeat
   template:

roles/beats/tasks/main.yml

@@ -1,5 +1,11 @@
 ---
 
+- name: Include OS specific vars
+  include_vars: '{{ item }}'
+  with_first_found:
+    - '{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml'
+    - '{{ ansible_os_family }}.yml'
+
 - name: Prepare for whole stack roles if used
   when:
   - elastic_stack_full_stack | bool

roles/beats/tasks/metricbeat.yml

@@ -2,16 +2,16 @@
 - name: Install Metricbeat
   package:
     name: metricbeat
-  when: beats_metricbeat_version is not defined
+  when: elastic_version is not defined
 
 - name: Install Metricbeat specific version
   package:
-    name: "metricbeat{{ beats_metricbeat_version }}"
+    name: "metricbeat{{ elastic_versionseparator }}{{ elastic_version }}"
   notify:
     - Restart Metricbeat
   when:
-    - beats_metricbeat_version is defined
-    - beats_metricbeat_version != "latest"
+    - elastic_version is defined
+    - elastic_version != "latest"
 
 - name: Install Metricbeat latest version
   package:
@@ -20,8 +20,8 @@
   notify:
     - Restart Metricbeat
   when:
-    - beats_metricbeat_version is defined
-    - beats_metricbeat_version == "latest"
+    - elastic_version is defined
+    - elastic_version == "latest"
 
 - name: Configure Metricbeat
   template:

roles/beats/vars/Debian.yml

@@ -0,0 +1,4 @@
+---
+
+elasticsearch_sysconfig_file: /etc/default/elasticsearch
+elastic_versionseparator: "="

roles/beats/vars/RedHat.yml

@@ -0,0 +1,4 @@
+---
+
+elasticsearch_sysconfig_file: /etc/sysconfig/elasticsearch
+elastic_versionseparator: "-"

roles/elasticsearch/tasks/main.yml

@@ -32,12 +32,30 @@
 - name: Ensure Elasticsearch is installed
   package:
     name: elasticsearch
-  when: elastic_variant == "elastic"
+  when:
+    - elastic_variant == "elastic"
+    - elastic_version is undefined
 
 - name: Ensure Elasticsearch OSS is installed
   package:
     name: elasticsearch-oss
-  when: elastic_variant == "oss"
+  when:
+    - elastic_variant == "oss"
+    - elastic_version is undefined
+
+- name: Ensure Elasticsearch is installed (specific version)
+  package:
+    name: elasticsearch{{ elastic_versionseparator }}{{ elastic_version }}
+  when:
+    - elastic_variant == "elastic"
+    - elastic_version is defined
+
+- name: Ensure Elasticsearch OSS is installed (specific version)
+  package:
+    name: elasticsearch-oss{{ elastic_versionseparator }}{{ elastic_version }}
+  when:
+    - elastic_variant == "oss"
+    - elastic_version is defined
 
 - name: Configure Elasticsearch
   template:

roles/elasticsearch/vars/Debian.yml

@@ -1,3 +1,4 @@
 ---
 
 elasticsearch_sysconfig_file: /etc/default/elasticsearch
+elastic_versionseparator: "="

roles/elasticsearch/vars/RedHat.yml

@@ -1,3 +1,4 @@
 ---
 
 elasticsearch_sysconfig_file: /etc/sysconfig/elasticsearch
+elastic_versionseparator: "-"

roles/kibana/tasks/main.yml

@@ -1,12 +1,17 @@
 ---
 
+- name: Include OS specific vars
+  include_vars: '{{ item }}'
+  with_first_found:
+    - '{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml'
+    - '{{ ansible_os_family }}.yml'
+
 - name: Set common password for common certificates
   set_fact:
     kibana_tls_key_passphrase: "{{ elastic_cert_pass }}"
   when:
     - elastic_cert_pass is defined
 
-# tasks file for kibana
 - name: Set Elasticsearch hosts if used with other roles
   set_fact:
     kibana_elasticsearch_hosts: "{{ groups['elasticsearch'] }}"
@@ -25,12 +30,31 @@
 - name: Install Kibana
   package:
     name: kibana
-  when: elastic_variant == "elastic"
+  when:
+    - elastic_variant == "elastic"
+    - elastic_version is undefined
 
 - name: Install Kibana OSS
   package:
     name: kibana-oss
-  when: elastic_variant == "oss"
+  when:
+    - elastic_variant == "oss"
+    - elastic_version is undefined
+
+- name: Install Kibana (specific version)
+  package:
+    name: kibana{{ elastic_versionseparator }}{{ elastic_version }}
+  when:
+    - elastic_variant == "elastic"
+    - elastic_version is defined
+
+- name: Install Kibana OSS (specific version)
+  package:
+    name: kibana-oss{{ elastic_versionseparator }}{{ elastic_version }}
+  when:
+    - elastic_variant == "oss"
+    - elastic_version is defined
+
 
 - name: Import security related tasks
   import_tasks: kibana-security.yml

roles/kibana/vars/Debian.yml

@@ -0,0 +1,4 @@
+---
+
+elasticsearch_sysconfig_file: /etc/default/elasticsearch
+elastic_versionseparator: "="

roles/kibana/vars/RedHat.yml

@@ -0,0 +1,4 @@
+---
+
+elasticsearch_sysconfig_file: /etc/sysconfig/elasticsearch
+elastic_versionseparator: "-"

roles/logstash/defaults/main.yml

@@ -1,6 +1,5 @@
 ---
 # defaults file for logstash
-logstash_version: ""
 logstash_enable: true
 logstash_config_backup: no
 logstash_manage_yaml: true