Lint fixes, platform cleanup, and Ubuntu 26.04 support#114
Merged
Conversation
Capitalize 'main' to 'Main' in two task names to satisfy the production profile's requirement that names start with uppercase. Closes #27
The *_cert_will_expire_soon flags are internal state set by the role during execution. Users should never set them. Moved from defaults/ (user-overridable) to vars/ (role-internal) in all 5 roles: beats, elasticsearch, kibana, logstash, elasticstack. Partial fix for #36
The Elasticsearch/Logstash output and logging configuration was duplicated across auditbeat.yml.j2, filebeat.yml.j2, and metricbeat.yml.j2 (~50 lines each, differing only in variable names). Extracted into two shared partials: - _beats_output.j2: ES and Logstash output with SSL config - _beats_logging.j2: logging configuration Each parent template sets _beat_output, _beat_loadbalance, and _beat_name before including the partials. Net reduction of ~80 lines. Partial fix for #35
Shared restart_and_verify_service.yml replaces the near-identical elasticsearch and logstash versions. Both now delegate to the shared file with _service_name and _daemon_reload parameters. Kibana kept separate (has extra HTTP readiness logic). Beats already parameterized. Shared cert_detect_content_mode.yml extracts the content-vs-file cert detection pattern from beats and kibana security tasks. Each caller includes the shared task and maps output facts to service- specific names. Elasticsearch kept separate (dual transport+HTTP layers with fallback logic don't fit the single-layer pattern). Partial fix for #34
The workflow was failing with "Resource not accessible by integration (createIssue)" because it only had contents:read. It needs issues:write to create or update the EOL tracking issue.
Rocky Linux 8 and Debian 11 are both past end-of-life and weren't in the CI matrix anyway. Ubuntu 26.04 LTS (Resolute Raccoon) releases on April 23 — added it to all CI workflow matrices, the EOL check, role meta files, README, and the molecule image map. The molecule-ubuntu-26.04 Incus image is already baked from Canonical's daily cloud rootfs.
Allows filtering to specific distros when triggering manually, e.g. gh workflow run test_full_stack.yml -f distros='["ubuntu2604"]' to run 8 jobs instead of 48. Defaults to the full matrix when empty.
Drop Debian 11 and Rocky Linux/RHEL 8 (both EOL), add Ubuntu 26.04 in CHANGELOG, docs index, and getting-started prerequisites.
Oddly
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cleans up lint warnings, reorganises some shared role patterns, and updates the supported platform matrix to drop EOL distros and add Ubuntu 26.04 LTS (Resolute Raccoon).
The lint and variable changes were already on this branch. The platform work adds Ubuntu 26.04 to all CI workflow matrices, role meta files, docs, and the EOL check, while removing Rocky Linux 8 and Debian 11 which are both past end-of-life. A pre-baked Incus image for 26.04 has been built from Canonical's daily cloud rootfs and tested — repos and ES modules pass on both Elastic 8.x and 9.x. Full stack tests are running.
Also fixes the EOL check workflow which was failing because it lacked issues:write permission, and adds an optional distros input to the full stack workflow dispatch so individual distros can be tested without running the entire matrix.