From 0316e7082193ef340a397b2353dad7e3f55a4c87 Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Mon, 6 Nov 2023 16:09:02 +0100
Subject: [PATCH 01/18] Add new Logstash Molecule scenario

---
 .github/workflows/molecule.yml     |   2 +-
 molecule/logstash/converge.yml     |  22 ++++++
 molecule/logstash/molecule.yml     |  32 ++++++++
 molecule/logstash/prepare.yml      |  22 ++++++
 molecule/logstash/requirements.yml |   7 ++
 molecule/logstash/verify.yml       | 118 +++++++++++++++++++++++++++++
 6 files changed, 202 insertions(+), 1 deletion(-)
 create mode 100644 molecule/logstash/converge.yml
 create mode 100644 molecule/logstash/molecule.yml
 create mode 100644 molecule/logstash/prepare.yml
 create mode 100644 molecule/logstash/requirements.yml
 create mode 100644 molecule/logstash/verify.yml

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index cf2c15e..bcf8eef 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -15,7 +15,7 @@ jobs:
     strategy:
       matrix:
         distro: [rockylinux8]
-        scenario: [default, renew, ca-renew]
+        scenario: [default, renew, ca-renew, logstash]
     steps:
       - name: Check out code
         uses: actions/checkout@v4
diff --git a/molecule/logstash/converge.yml b/molecule/logstash/converge.yml
new file mode 100644
index 0000000..d3e479e
--- /dev/null
+++ b/molecule/logstash/converge.yml
@@ -0,0 +1,22 @@
+---
+# The workaround for arbitrarily named role directory is important because the
+# git repo has one name and the role within it another
+# Found at:
+# https://github.com/ansible-community/molecule/issues/1567#issuecomment-436876722
+- name: Converge
+  hosts: all
+  collections:
+    - netways.elasticstack
+  vars:
+    ca_ca_host: ca_default
+    ca_logstash: true
+    ca_etcd: true
+    ca_etcd_group: molecule
+  tasks:
+    - name: "Include CA role"
+      include_role:
+        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
+
+    - name: "Include Logstash role"
+      include_role:
+        name: logstash
diff --git a/molecule/logstash/molecule.yml b/molecule/logstash/molecule.yml
new file mode 100644
index 0000000..12c8e3a
--- /dev/null
+++ b/molecule/logstash/molecule.yml
@@ -0,0 +1,32 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: ca_default
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+    pre_build_image: true
+    cgroupns_mode: host
+  - name: ca_default_client
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    privileged: true
+    pre_build_image: true
+    groups:
+      - molecule
+    cgroupns_mode: host
+provisioner:
+  name: ansible
+verifier:
+  name: ansible
+lint: |
+  set -e
+  yamllint .
+  ansible-lint .
diff --git a/molecule/logstash/prepare.yml b/molecule/logstash/prepare.yml
new file mode 100644
index 0000000..f18d0b1
--- /dev/null
+++ b/molecule/logstash/prepare.yml
@@ -0,0 +1,22 @@
+---
+- name: Prepare
+  hosts: all
+  tasks:
+
+    - name: Install Python libraries
+      pip:
+        name: cryptography>= 1.2.3
+
+    - name: Install packages for RHEL
+      package:
+        name:
+          - iproute
+          - NetworkManager
+      when: ansible_os_family == "RedHat"
+
+    - name: Start NetworkManager
+      service:
+        name: NetworkManager
+        state: started
+        enabled: yes
+      when: ansible_os_family == "RedHat"
diff --git a/molecule/logstash/requirements.yml b/molecule/logstash/requirements.yml
new file mode 100644
index 0000000..dae6038
--- /dev/null
+++ b/molecule/logstash/requirements.yml
@@ -0,0 +1,7 @@
+---
+roles:
+collections:
+  - community.crypto
+  - name: netways.elasticstack
+    source: https://github.com/NETWAYS/ansible-collection-elasticstack.git
+    scm: git
diff --git a/molecule/logstash/verify.yml b/molecule/logstash/verify.yml
new file mode 100644
index 0000000..789fab0
--- /dev/null
+++ b/molecule/logstash/verify.yml
@@ -0,0 +1,118 @@
+---
+
+- name: Verify
+  hosts: all
+  vars:
+    ca_ca_dir: /opt/ca
+    ca_client_ca_dir: /opt/ca
+  tasks:
+
+    - name: Verify signature on certificate
+      command: >
+        openssl verify
+        -verbose
+        -CAfile {{ ca_ca_dir }}/ca.crt
+        {{ ca_client_ca_dir }}/{{ inventory_hostname }}.crt
+
+    - name: Verify signature on server certificate
+      command: >
+        openssl verify
+        -verbose
+        -CAfile {{ ca_ca_dir }}/ca.crt
+        {{ ca_client_ca_dir }}/{{ inventory_hostname }}-server.crt
+
+    - name: Check if instance key is present
+      stat:
+        path: "{{ ca_client_ca_dir }}/{{ inventory_hostname }}.key"
+      register: instance_key_stat
+
+    - name: Fail if instance key is missing
+      fail:
+        msg: "Instance key is missing"
+      when:
+        - not instance_key_stat.stat.exists | bool
+
+    - name: Check if Logstash key is present
+      stat:
+        path: "{{ ca_client_ca_dir }}/{{ inventory_hostname }}-pkcs8.key"
+      register: logstash_key_stat
+
+    - name: Fail if Logstash key is missing
+      fail:
+        msg: "Logstash key is missing"
+      when:
+        - not logstash_key_stat.stat.exists | bool
+
+    - name: Verify signature on etcd peer certificate
+      command: >
+        openssl verify
+        -verbose
+        -CAfile {{ ca_ca_dir }}/ca.crt
+        {{ ca_client_ca_dir }}/{{ inventory_hostname }}-etcd.crt
+
+    - name: Verify signature on etcd server certificate
+      command: >
+        openssl verify
+        -verbose
+        -CAfile {{ ca_ca_dir }}/ca.crt
+        {{ ca_client_ca_dir }}/{{ inventory_hostname }}-etcd-server.crt
+
+    - name: Verify signature on etcd server certificate
+      command: >
+        openssl verify
+        -verbose
+        -CAfile {{ ca_ca_dir }}/ca.crt
+        {{ ca_client_ca_dir }}/{{ inventory_hostname }}-etcd-server.crt
+
+    - name: Register SAN of etcd peer certificate
+      command: >
+        openssl x509
+        -text -noout
+        -in {{ ca_client_ca_dir }}/{{ inventory_hostname }}-etcd.crt
+        -certopt "
+        no_subject,
+        no_header,
+        no_version,
+        no_serial,
+        no_signame,
+        no_validity,
+        no_issuer,
+        no_pubkey,
+        no_sigdump,
+        no_aux"
+      register: etcd_san_peer_stat
+
+    - name: Register SAN of etcd server certificate
+      command: >
+        openssl x509
+        -text
+        -noout
+        -in {{ ca_client_ca_dir }}/{{ inventory_hostname }}-etcd-server.crt
+        -certopt "
+        no_subject,
+        no_header,
+        no_version,
+        no_serial,
+        no_signame,
+        no_validity,
+        no_issuer,
+        no_pubkey,
+        no_sigdump,
+        no_aux"
+      register: etcd_san_server_stat
+
+    - name: Fail if SAN of etcd peer certificate is missing IP addresses
+      fail:
+        msg: "Default IPv4 address in etcd peer certifcate are missing"
+      when:
+        - hostvars['ca_default_client']['ansible_default_ipv4']['address']
+          not in etcd_san_peer_stat.stdout
+        - '"127.0.0.1" not in etcd_san_peer_stat.stdout'
+
+    - name: Fail if SAN of etcd server certificate is missing IP addresses
+      fail:
+        msg: "Default IPv4 address in etcd server certifcate are missing"
+      when:
+        - hostvars['ca_default_client']['ansible_default_ipv4']['address']
+          not in etcd_san_server_stat.stdout
+        - '"127.0.0.1" not in etcd_san_server_stat.stdout'

From 799040a95f86d6e9b72ed1ad0d6a0bda030e5efc Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Mon, 6 Nov 2023 16:21:40 +0100
Subject: [PATCH 02/18] Set common certifcates directory

---
 molecule/logstash/converge.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/molecule/logstash/converge.yml b/molecule/logstash/converge.yml
index d3e479e..a7e236c 100644
--- a/molecule/logstash/converge.yml
+++ b/molecule/logstash/converge.yml
@@ -12,6 +12,9 @@
     ca_logstash: true
     ca_etcd: true
     ca_etcd_group: molecule
+    ca_openssl_cipher: auto
+    ca_ca_dir: /opt/logstash-ca
+    logstash_certs_dir: /opt/logstash-ca
   tasks:
     - name: "Include CA role"
       include_role:

From 1862d70f2db5cc1225a2332bdc1c31713330e395 Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Mon, 6 Nov 2023 16:32:53 +0100
Subject: [PATCH 03/18] Add version to elastic stack collection

---
 molecule/logstash/requirements.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/molecule/logstash/requirements.yml b/molecule/logstash/requirements.yml
index dae6038..e10ebe9 100644
--- a/molecule/logstash/requirements.yml
+++ b/molecule/logstash/requirements.yml
@@ -5,3 +5,4 @@ collections:
   - name: netways.elasticstack
     source: https://github.com/NETWAYS/ansible-collection-elasticstack.git
     scm: git
+    version: main

From c2dd158cf94d3a7f58f3be257a14cb9956edcc4a Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Thu, 9 Nov 2023 12:13:08 +0100
Subject: [PATCH 04/18] Workaround for broken galaxy info in collection

---
 .github/workflows/molecule.yml     | 3 +++
 molecule/logstash/requirements.yml | 8 ++++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index bcf8eef..c296901 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -29,6 +29,9 @@ jobs:
         run: |
           python3 -m pip install --upgrade pip
           python3 -m pip install -r requirements-test.txt
+          # workaround for broken galaxy information in the collection
+          mkdir -p ~/.ansible/collections/ansible-collections/netways
+          git clone https://github.com/NETWAYS/ansible-collection-elasticstack.git ~/.ansible/collections/ansible-collections/netways/elasticstack
 
       - name: ${{ matrix.scenario }} molecule test
         run: |
diff --git a/molecule/logstash/requirements.yml b/molecule/logstash/requirements.yml
index e10ebe9..887c57b 100644
--- a/molecule/logstash/requirements.yml
+++ b/molecule/logstash/requirements.yml
@@ -2,7 +2,7 @@
 roles:
 collections:
   - community.crypto
-  - name: netways.elasticstack
-    source: https://github.com/NETWAYS/ansible-collection-elasticstack.git
-    scm: git
-    version: main
+    #- name: netways.elasticstack
+    #  source: https://github.com/NETWAYS/ansible-collection-elasticstack.git
+    #  scm: git
+    #  version: main

From 031a672e0822b698cd2d5c8a261a2f49606c62a3 Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Thu, 9 Nov 2023 12:24:13 +0100
Subject: [PATCH 05/18] Make Logstash its own Step in GitHub

---
 .github/workflows/molecule.yml | 33 ++++++++++++++++++++++++++++++++-
 molecule/logstash/converge.yml |  1 +
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index c296901..e953e4e 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -15,7 +15,37 @@ jobs:
     strategy:
       matrix:
         distro: [rockylinux8]
-        scenario: [default, renew, ca-renew, logstash]
+        scenario: [default, renew, ca-renew]
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3.9
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.9
+
+      - name: Install dependencies
+        run: |
+          python3 -m pip install --upgrade pip
+          python3 -m pip install -r requirements-test.txt
+
+      - name: ${{ matrix.scenario }} molecule test
+        run: |
+          molecule test -s ${{ matrix.scenario }}
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+          MOLECULE_DISTRO: ${{ matrix.distro }}
+
+  build:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        distro: [rockylinux8]
+        scenario: [logstash]
+        release: [7,8]
     steps:
       - name: Check out code
         uses: actions/checkout@v4
@@ -40,3 +70,4 @@ jobs:
           PY_COLORS: '1'
           ANSIBLE_FORCE_COLOR: '1'
           MOLECULE_DISTRO: ${{ matrix.distro }}
+          ELASTIC_RELEASE: ${{ matrix.release }}
diff --git a/molecule/logstash/converge.yml b/molecule/logstash/converge.yml
index a7e236c..5f6581d 100644
--- a/molecule/logstash/converge.yml
+++ b/molecule/logstash/converge.yml
@@ -15,6 +15,7 @@
     ca_openssl_cipher: auto
     ca_ca_dir: /opt/logstash-ca
     logstash_certs_dir: /opt/logstash-ca
+    elasticstack_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}"
   tasks:
     - name: "Include CA role"
       include_role:

From 7bc99701800294945fbeef99849a8a4f01d9fd82 Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Thu, 9 Nov 2023 14:01:32 +0100
Subject: [PATCH 06/18] Add passphrase and dependencies

---
 molecule/logstash/converge.yml | 5 +++++
 molecule/logstash/prepare.yml  | 6 ++++++
 tasks/main.yml                 | 2 ++
 3 files changed, 13 insertions(+)

diff --git a/molecule/logstash/converge.yml b/molecule/logstash/converge.yml
index 5f6581d..1cc00e8 100644
--- a/molecule/logstash/converge.yml
+++ b/molecule/logstash/converge.yml
@@ -14,6 +14,7 @@
     ca_etcd_group: molecule
     ca_openssl_cipher: auto
     ca_ca_dir: /opt/logstash-ca
+    ca_keypassphrase: "moleculetest"
     logstash_certs_dir: /opt/logstash-ca
     elasticstack_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}"
   tasks:
@@ -21,6 +22,10 @@
       include_role:
         name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
 
+    - name: "Include Elastic repos role"
+      include_role:
+        name: repos
+
     - name: "Include Logstash role"
       include_role:
         name: logstash
diff --git a/molecule/logstash/prepare.yml b/molecule/logstash/prepare.yml
index f18d0b1..4b8b0b2 100644
--- a/molecule/logstash/prepare.yml
+++ b/molecule/logstash/prepare.yml
@@ -20,3 +20,9 @@
         state: started
         enabled: yes
       when: ansible_os_family == "RedHat"
+
+    - name: Install common packages
+      package:
+        name:
+          - gpg-agent
+      when: ansible_os_family == "Debian"
diff --git a/tasks/main.yml b/tasks/main.yml
index 89465a4..7447710 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -261,6 +261,7 @@
       community.crypto.openssl_csr:
         path: "{{ ca_client_ca_dir }}/{{ inventory_hostname }}-etcd.csr"
         privatekey_path: "{{ ca_client_ca_dir }}/{{ inventory_hostname }}.key"
+        privatekey_passphrase: "{{ ca_keypassphrase | default(omit, true) }}"
         country_name: "{{ ca_country }}"
         organization_name: "{{ ca_organization }}"
         common_name: "{{ inventory_hostname }}"
@@ -328,6 +329,7 @@
       community.crypto.openssl_csr:
         path: "{{ ca_client_ca_dir }}/{{ inventory_hostname }}-etcd-server.csr"
         privatekey_path: "{{ ca_client_ca_dir }}/{{ inventory_hostname }}.key"
+        privatekey_passphrase: "{{ ca_keypassphrase | default(omit, true) }}"
         country_name: "{{ ca_country }}"
         organization_name: "{{ ca_organization }}"
         common_name: "{{ inventory_hostname }}"

From cdb696574ec15214eb1c89afd7577d21c80b744a Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Thu, 9 Nov 2023 14:04:23 +0100
Subject: [PATCH 07/18] Add extra distros from main

---
 .github/workflows/molecule.yml | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index cdc7a87..077f134 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -14,8 +14,14 @@ jobs:
 
     strategy:
       matrix:
-        distro: [rockylinux8, rockylinux9, ubuntu2204]
-        scenario: [default, renew, ca-renew]
+        distro: 
+          - rockylinux8
+          - rockylinux9
+          - ubuntu2204
+        scenario: 
+          - default
+          - renew
+          - ca-renew
     steps:
       - name: Check out code
         uses: actions/checkout@v4
@@ -43,9 +49,15 @@ jobs:
 
     strategy:
       matrix:
-        distro: [rockylinux8]
-        scenario: [logstash]
-        release: [7,8]
+        distro: 
+          - rockylinux8
+          - rockylinux9
+          - ubuntu2204
+        scenario: 
+          - logstash
+        release: 
+          - 7
+          - 8
     steps:
       - name: Check out code
         uses: actions/checkout@v4

From 4927ecc5483b8bdab583f472b618359a1406f0b6 Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Thu, 9 Nov 2023 14:44:59 +0100
Subject: [PATCH 08/18] Install dependencies

---
 molecule/logstash/converge.yml | 2 ++
 molecule/logstash/prepare.yml  | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/molecule/logstash/converge.yml b/molecule/logstash/converge.yml
index 1cc00e8..301c755 100644
--- a/molecule/logstash/converge.yml
+++ b/molecule/logstash/converge.yml
@@ -17,6 +17,8 @@
     ca_keypassphrase: "moleculetest"
     logstash_certs_dir: /opt/logstash-ca
     elasticstack_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}"
+    elasticstack_no_log: false
+    elasticstack_full_stack: false
   tasks:
     - name: "Include CA role"
       include_role:
diff --git a/molecule/logstash/prepare.yml b/molecule/logstash/prepare.yml
index 4b8b0b2..0e2fd87 100644
--- a/molecule/logstash/prepare.yml
+++ b/molecule/logstash/prepare.yml
@@ -24,5 +24,7 @@
     - name: Install common packages
       package:
         name:
+          - gpg
           - gpg-agent
+        update_cache: yes
       when: ansible_os_family == "Debian"

From e7b17e79daf4ee52d4a9b0e11d949a0e97b633c8 Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Thu, 9 Nov 2023 15:06:48 +0100
Subject: [PATCH 09/18] Remove etcd from Logstash tests

---
 molecule/logstash/converge.yml |  2 -
 molecule/logstash/verify.yml   | 74 ----------------------------------
 2 files changed, 76 deletions(-)

diff --git a/molecule/logstash/converge.yml b/molecule/logstash/converge.yml
index 301c755..820f48c 100644
--- a/molecule/logstash/converge.yml
+++ b/molecule/logstash/converge.yml
@@ -10,8 +10,6 @@
   vars:
     ca_ca_host: ca_default
     ca_logstash: true
-    ca_etcd: true
-    ca_etcd_group: molecule
     ca_openssl_cipher: auto
     ca_ca_dir: /opt/logstash-ca
     ca_keypassphrase: "moleculetest"
diff --git a/molecule/logstash/verify.yml b/molecule/logstash/verify.yml
index 789fab0..b1337de 100644
--- a/molecule/logstash/verify.yml
+++ b/molecule/logstash/verify.yml
@@ -42,77 +42,3 @@
         msg: "Logstash key is missing"
       when:
         - not logstash_key_stat.stat.exists | bool
-
-    - name: Verify signature on etcd peer certificate
-      command: >
-        openssl verify
-        -verbose
-        -CAfile {{ ca_ca_dir }}/ca.crt
-        {{ ca_client_ca_dir }}/{{ inventory_hostname }}-etcd.crt
-
-    - name: Verify signature on etcd server certificate
-      command: >
-        openssl verify
-        -verbose
-        -CAfile {{ ca_ca_dir }}/ca.crt
-        {{ ca_client_ca_dir }}/{{ inventory_hostname }}-etcd-server.crt
-
-    - name: Verify signature on etcd server certificate
-      command: >
-        openssl verify
-        -verbose
-        -CAfile {{ ca_ca_dir }}/ca.crt
-        {{ ca_client_ca_dir }}/{{ inventory_hostname }}-etcd-server.crt
-
-    - name: Register SAN of etcd peer certificate
-      command: >
-        openssl x509
-        -text -noout
-        -in {{ ca_client_ca_dir }}/{{ inventory_hostname }}-etcd.crt
-        -certopt "
-        no_subject,
-        no_header,
-        no_version,
-        no_serial,
-        no_signame,
-        no_validity,
-        no_issuer,
-        no_pubkey,
-        no_sigdump,
-        no_aux"
-      register: etcd_san_peer_stat
-
-    - name: Register SAN of etcd server certificate
-      command: >
-        openssl x509
-        -text
-        -noout
-        -in {{ ca_client_ca_dir }}/{{ inventory_hostname }}-etcd-server.crt
-        -certopt "
-        no_subject,
-        no_header,
-        no_version,
-        no_serial,
-        no_signame,
-        no_validity,
-        no_issuer,
-        no_pubkey,
-        no_sigdump,
-        no_aux"
-      register: etcd_san_server_stat
-
-    - name: Fail if SAN of etcd peer certificate is missing IP addresses
-      fail:
-        msg: "Default IPv4 address in etcd peer certifcate are missing"
-      when:
-        - hostvars['ca_default_client']['ansible_default_ipv4']['address']
-          not in etcd_san_peer_stat.stdout
-        - '"127.0.0.1" not in etcd_san_peer_stat.stdout'
-
-    - name: Fail if SAN of etcd server certificate is missing IP addresses
-      fail:
-        msg: "Default IPv4 address in etcd server certifcate are missing"
-      when:
-        - hostvars['ca_default_client']['ansible_default_ipv4']['address']
-          not in etcd_san_server_stat.stdout
-        - '"127.0.0.1" not in etcd_san_server_stat.stdout'

From ac9cd7895cadbafaf4bdc9aff9834cc7676d2195 Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Thu, 9 Nov 2023 15:07:24 +0100
Subject: [PATCH 10/18] Check for running Logstash

---
 molecule/logstash/verify.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/molecule/logstash/verify.yml b/molecule/logstash/verify.yml
index b1337de..d0476b4 100644
--- a/molecule/logstash/verify.yml
+++ b/molecule/logstash/verify.yml
@@ -42,3 +42,7 @@
         msg: "Logstash key is missing"
       when:
         - not logstash_key_stat.stat.exists | bool
+
+    - name: Check for running Logstash
+      wait_for:
+        port: 5044

From 40ba5024fa77288639fdc09842b7d38fb50c9f56 Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Thu, 9 Nov 2023 15:27:24 +0100
Subject: [PATCH 11/18] Typo

---
 .github/workflows/molecule.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index 077f134..8b611eb 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -44,7 +44,7 @@ jobs:
           ANSIBLE_FORCE_COLOR: '1'
           MOLECULE_DISTRO: ${{ matrix.distro }}
 
-  build:
+  logstash:
     runs-on: ubuntu-latest
 
     strategy:

From 0fd9160ed1caae9e0b57d6aed80c7886403ec08c Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Thu, 9 Nov 2023 15:48:40 +0100
Subject: [PATCH 12/18] More workaround

---
 .github/workflows/molecule.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index 8b611eb..94f8776 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -74,6 +74,9 @@ jobs:
           # workaround for broken galaxy information in the collection
           mkdir -p ~/.ansible/collections/ansible-collections/netways
           git clone https://github.com/NETWAYS/ansible-collection-elasticstack.git ~/.ansible/collections/ansible-collections/netways/elasticstack
+          mkdir -p /home/runner/.ansible/roles
+          ln -s ~/.ansible/collections/ansible-collections/netways/elasticstack/roles/repos /home/runner/.ansible/roles/
+          ln -s ~/.ansible/collections/ansible-collections/netways/elasticstack/roles/logstash /home/runner/.ansible/roles/
 
       - name: ${{ matrix.scenario }} molecule test
         run: |

From 210f952c914fe63181a040db51200847e657c5f7 Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Thu, 9 Nov 2023 15:58:32 +0100
Subject: [PATCH 13/18] Remove useless workaround

---
 .github/workflows/molecule.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index 94f8776..8b611eb 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -74,9 +74,6 @@ jobs:
           # workaround for broken galaxy information in the collection
           mkdir -p ~/.ansible/collections/ansible-collections/netways
           git clone https://github.com/NETWAYS/ansible-collection-elasticstack.git ~/.ansible/collections/ansible-collections/netways/elasticstack
-          mkdir -p /home/runner/.ansible/roles
-          ln -s ~/.ansible/collections/ansible-collections/netways/elasticstack/roles/repos /home/runner/.ansible/roles/
-          ln -s ~/.ansible/collections/ansible-collections/netways/elasticstack/roles/logstash /home/runner/.ansible/roles/
 
       - name: ${{ matrix.scenario }} molecule test
         run: |

From 3950b995c3c90940ea9574bf63a57972782d003d Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Thu, 9 Nov 2023 16:13:27 +0100
Subject: [PATCH 14/18] Trying without workaround

---
 .github/workflows/molecule.yml     | 4 ++--
 molecule/logstash/requirements.yml | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index 8b611eb..20dc9e2 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -72,8 +72,8 @@ jobs:
           python3 -m pip install --upgrade pip
           python3 -m pip install -r requirements-test.txt
           # workaround for broken galaxy information in the collection
-          mkdir -p ~/.ansible/collections/ansible-collections/netways
-          git clone https://github.com/NETWAYS/ansible-collection-elasticstack.git ~/.ansible/collections/ansible-collections/netways/elasticstack
+          #mkdir -p ~/.ansible/collections/ansible-collections/netways
+          #git clone https://github.com/NETWAYS/ansible-collection-elasticstack.git ~/.ansible/collections/ansible-collections/netways/elasticstack
 
       - name: ${{ matrix.scenario }} molecule test
         run: |
diff --git a/molecule/logstash/requirements.yml b/molecule/logstash/requirements.yml
index 887c57b..e10ebe9 100644
--- a/molecule/logstash/requirements.yml
+++ b/molecule/logstash/requirements.yml
@@ -2,7 +2,7 @@
 roles:
 collections:
   - community.crypto
-    #- name: netways.elasticstack
-    #  source: https://github.com/NETWAYS/ansible-collection-elasticstack.git
-    #  scm: git
-    #  version: main
+  - name: netways.elasticstack
+    source: https://github.com/NETWAYS/ansible-collection-elasticstack.git
+    scm: git
+    version: main

From 89085a0cc8aa9c3b33c92e671eb22bdfbcb873b8 Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Thu, 9 Nov 2023 16:25:40 +0100
Subject: [PATCH 15/18] Manual installation as workaround

---
 .github/workflows/molecule.yml     | 1 +
 molecule/logstash/requirements.yml | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index 20dc9e2..44ee9d5 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -72,6 +72,7 @@ jobs:
           python3 -m pip install --upgrade pip
           python3 -m pip install -r requirements-test.txt
           # workaround for broken galaxy information in the collection
+          ansible-galaxy collection install git+https://github.com/NETWAYS/ansible-collection-elasticstack.git
           #mkdir -p ~/.ansible/collections/ansible-collections/netways
           #git clone https://github.com/NETWAYS/ansible-collection-elasticstack.git ~/.ansible/collections/ansible-collections/netways/elasticstack
 
diff --git a/molecule/logstash/requirements.yml b/molecule/logstash/requirements.yml
index e10ebe9..887c57b 100644
--- a/molecule/logstash/requirements.yml
+++ b/molecule/logstash/requirements.yml
@@ -2,7 +2,7 @@
 roles:
 collections:
   - community.crypto
-  - name: netways.elasticstack
-    source: https://github.com/NETWAYS/ansible-collection-elasticstack.git
-    scm: git
-    version: main
+    #- name: netways.elasticstack
+    #  source: https://github.com/NETWAYS/ansible-collection-elasticstack.git
+    #  scm: git
+    #  version: main

From 1c59025eeaa33e379c97ddd972dbb3ace623a5b2 Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Thu, 9 Nov 2023 16:48:59 +0100
Subject: [PATCH 16/18] Uniquely name containers

---
 molecule/logstash/molecule.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/molecule/logstash/molecule.yml b/molecule/logstash/molecule.yml
index 12c8e3a..2068fd8 100644
--- a/molecule/logstash/molecule.yml
+++ b/molecule/logstash/molecule.yml
@@ -4,7 +4,7 @@ dependency:
 driver:
   name: docker
 platforms:
-  - name: ca_default
+  - name: ca-logstash-${MOLECULE_DISTRO}-${ELASTIC_RELEASE}
     image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:
@@ -12,7 +12,7 @@ platforms:
     privileged: true
     pre_build_image: true
     cgroupns_mode: host
-  - name: ca_default_client
+  - name: ca-logstash-client-${MOLECULE_DISTRO}-${ELASTIC_RELEASE}
     image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:

From c1287f9fbc0c039c72dbfbcddbb3bf59f28a2a24 Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Thu, 9 Nov 2023 17:08:07 +0100
Subject: [PATCH 17/18] Names hardcoded, so change undone

---
 molecule/logstash/converge.yml | 1 +
 molecule/logstash/molecule.yml | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/molecule/logstash/converge.yml b/molecule/logstash/converge.yml
index 820f48c..a9b256d 100644
--- a/molecule/logstash/converge.yml
+++ b/molecule/logstash/converge.yml
@@ -14,6 +14,7 @@
     ca_ca_dir: /opt/logstash-ca
     ca_keypassphrase: "moleculetest"
     logstash_certs_dir: /opt/logstash-ca
+    logstash_beats_tls: true
     elasticstack_release: "{{ lookup('env', 'ELASTIC_RELEASE') | int}}"
     elasticstack_no_log: false
     elasticstack_full_stack: false
diff --git a/molecule/logstash/molecule.yml b/molecule/logstash/molecule.yml
index 2068fd8..eb1564e 100644
--- a/molecule/logstash/molecule.yml
+++ b/molecule/logstash/molecule.yml
@@ -4,7 +4,7 @@ dependency:
 driver:
   name: docker
 platforms:
-  - name: ca-logstash-${MOLECULE_DISTRO}-${ELASTIC_RELEASE}
+  - name: ca_logstash
     image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:
@@ -12,7 +12,7 @@ platforms:
     privileged: true
     pre_build_image: true
     cgroupns_mode: host
-  - name: ca-logstash-client-${MOLECULE_DISTRO}-${ELASTIC_RELEASE}
+  - name: ca_logstash_client
     image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:

From 7ff43e19d505a4c453f852ee948da2f56209b91f Mon Sep 17 00:00:00 2001
From: Thomas Widhalm <thomas.widhalm@netways.de>
Date: Thu, 9 Nov 2023 17:10:06 +0100
Subject: [PATCH 18/18] Typo

---
 molecule/logstash/molecule.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/molecule/logstash/molecule.yml b/molecule/logstash/molecule.yml
index eb1564e..12c8e3a 100644
--- a/molecule/logstash/molecule.yml
+++ b/molecule/logstash/molecule.yml
@@ -4,7 +4,7 @@ dependency:
 driver:
   name: docker
 platforms:
-  - name: ca_logstash
+  - name: ca_default
     image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:
@@ -12,7 +12,7 @@ platforms:
     privileged: true
     pre_build_image: true
     cgroupns_mode: host
-  - name: ca_logstash_client
+  - name: ca_default_client
     image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes: