Playbooks | 3.x | Changelog#

Latest#

Fixes:

  • Fixes issue where playbooks fail to connect to Elasticsearch via HTTPS, because xpack is not enabled.

    Older versions of the platform do not ship with Elasticsearch’s xpack feature enabled. This means that connecting to Elasticsearch with HTTPS, and attempting to access /_security endpoints fails, preventing us from performing user management via the REST API.

  • Fix RHEL9 OpenSSH / OpenSSL mismatch issue: https://access.redhat.com/solutions/7101587

  • Fix timeout starting worker services via systemd config

3x-1759151449 (29 Sep 2025)#

Changes:

  • Playbooks now install rsyslog in pb-pre_requisites.yml playbook.

  • Automatic configuration of worker CONCURRENCY values can now be disabled by setting EIQ_DYNAMIC_WORKER_SCALING_ENABLED="False".

    If you have custom or fine-tuned worker CONCURRENCY scaling in your deployment and you want to keep that, set this to "False"

Fixes:

  • Issue where block module in Logstash role was not correctly replacing the block, leading to duplicate lines from multiple task runs.

  • Issue where /etc/systemd/system/statsite.service.d/override.conf file would enforce outdated configuration. Playbooks now reconcile this configuration.

  • Issue where resulting Elasticsearch host list in elasticsearch.yml would not be readable by Elasticsearch.

  • Issue where ‘Set Elasticsearch URLs’ in the Logstash role was inadvertently adding newlines every task run.

  • Issue where es_url_list in group_vars/all/config.yml was not correctly handling cases where any of the EIQ_HOST_ELASTIC_NODE_* environment variables are unset.

  • Now allows specifying EIQ_ES_CUSTOM_CA_CERT_SOURCE_PATH and EIQ_ES_CUSTOM_CA_CERT_PATH to configure the application and Elasticsearch to use a specific CA certificate.

    • EIQ_ES_CUSTOM_CA_CERT_SOURCE_PATH should specify a path on the control node.

    • EIQ_ES_CUSTOM_CA_CERT_PATH specifies the path on managed nodes. The platform and Elasticsearch will be configured to look for the Elasticsearch CA cert at this path.

  • Elasticsearch user is now configurable using the EIQ_ES_ELASTIC_USER environment variable.

  • Issue where EIQ_POSTGRES_MANAGED_DB_CA_CERT_PATH would set the incorrect CA cert path for PG in platform_settings.py.

    Now, you should set EIQ_POSTGRES_MANAGED_DB_CA_CERT_PATH to the CA cert path on the controller, and use EIQ_POSTGRES_MANAGED_DB_CA_CERT_PATH_DEST to set the path to the PG CA cert on managed nodes. The file at EIQ_POSTGRES_MANAGED_DB_CA_CERT_PATH is copied to the path at EIQ_POSTGRES_MANAGED_DB_CA_CERT_PATH_DEST.

Removals:

  • IMPORTANT: Removes/replaces elasticsearch tags in Logstash role and eiq.ic/tasks/statsite.yml, as these tasks are required to configure Logstash and statsite services, even in the case where we skip Elasticsearch installation/configuration.

  • Removes all instances of es_hosts as it is not used.

3x-1754302751 (4th August 2025)#

  • Add EIQ_EXTENSIONS_UPGRADE environment variable. Defaults to "True". When upgrading platform patch versions e.g. 3.4.0 to 3.4.1, set to "False" to skip upgrading extensions. No effect in new platform installs, major or minor platform version upgrades e.g. 3.4.0 to 3.5.0.

  • Adds EIQ_ES_CUSTOM_PORT (default 9200), allowing users to specify a custom port for ES (Elasticsearch) nodes, e.g. when deploying with ECE (Elastic Cloud Enterprise) which recommends a default ES port of 9243.

3x-1753784886 (29th July 2025)#

  • Add root CA to all nodes for trusted PKI

  • Dynamically configure RAM and workers based on available resources (ElasticSearch, Celery, Gunicorn, Ingestion)

  • Remove unused deployment YAML

  • Increase MAX_SUPPORTED_VERSION to 3.6.

Fixes#

  • Logstash shutdown issue

  • RedHat bootstrapping issues with python and subscription-manager

Changed#

  • Playbooks no longer remove java-11-openjdk-headless and tzdata-java on deployments with ELK >= 8.

3x-1747397659 (16th May 2025)#

  • Added support for Red Hat Enterprise Linux 9 (RHEL9)

  • Add new a deployment, prod-small, a three node configuration supporting 100 million entities

  • Added optimizations to the install/upgrade process

Fixes#

  • Migration playbook now stops all platform workers and services before performing PG migration on prod-large deployments

  • Migration playbook now logs actual migration command output to /tmp/eiq-migration.log

3x-1746201062 (2nd May 2025)#

  • Added support to install ollama

  • Added support to configure elasticsearch memory usage

3x-1744032951 (27th March 2025)#

  • Increased MAX_SUPPORTED_VERSION for 3.5 release.

  • You can now configure managed DB skipping DB deployment in nodes.

  • Added support for Rocky 9, Alma 9 Operating Systems.

  • Added a single global playbook pb-full-install-upgrade.yml to install/upgrade IC.

  • Added NOCLOBBER option to allow upgrading without modifying PKI or database configuration.

  • Added support for configuring managed PostgreSQL

3x-1728904914 (14 October 2024)#

  • Suport essential Elastisearch upgrades

3x-1727954075 (03 October 2024)#

  • Centralized all yum/pip repository configurations into environment variables to facilitate installation via mirrored local repositories.

  • Added configurable statsd port.

3x-1727157972 (25 September 2024)#

Changes#

  • Centralized all ENV vars under group_vars/all/*.yml.

  • Updated installations for versions >3.3 to use Elasticsearch version 8.15 instead of 8.14.

3x-1724146991 (20 August 2024)#

Changes#

  • Increased MAX_SUPPORTED_VERSION for the 3.4 release.

3x-1718641237 (17 June 2024)#

Changes#

  • Fix ElasticSearch deployment using Fully-Qualified Domain Names (as opposed to IP addresses).

  • Remove un-needed PG URLs from configuration.

  • Fix statsd and syslog configuration

3x-1718267874 (13 June 2024)#

Changes#

  • Fix PostgreSQL issue during upgrade where master is configured as a replica.

3x-1710502964 (15 Mar 2024)#

Changes#

  • Set default release to 3.3 and update README file.

  • PostgreSQL is configured to accept SSL connections. Both SSL and plaintext connections are accepted on the same port (5432). Intelligence Center and replication use SSL connection by default.

  • Redis is configured to accept SSL connections on port 6680. Port 6679 is still available for plaintext connections for debugging purposes. Intelligence Center and replication use SSL connection by default.

Added#

  • Added .env variables to automatically configure email addresses and server hostname. This is done in a new playbook called pb-configure_intelligence_center.yml, which has to be executed when Intelligence is already running (done automatically by the deploy-from-inventory.sh script).

  • Added BUNDLE_VERSION.env to each ansible bundle, which contains the following values:

BUNDLE_VERSION=<version>
GIT_HASH=<git hash>
MAX_SUPPORTED_VERSION=3.3

Fixes#

  • Fixed Playbooks fail for some users due to “undefined” on RHEL

3x-1702283632 (11 Dec 2023)#

Fixes#

  • Fixed issue in PG14 replication

3x-1701862198 (06 Dec 2023)#

Changes#

  • Set default release to 3.2 and update README file.

Fixes#

  • Fixed issue in Kibana export

  • Fixed issue in Kibana to force kibana restore to overwrite duplicate objects

3x-1700648360 (Nov 2023)#

Breaking changes#

  • Playbook sequence is different. Please read the documentation carefully.

  • Environment variables have been changed. Please update your configuration following the provided env-example file.

Added#

  • Playbooks are provided to upgrade to PostgreSQL 14.

  • Playbooks are provided to upgrade to Elasticsearch 8.

  • Backup & Restore playbooks for Kibana.

  • Allows automatic provisioning of authentication for Elasticsearch (on by default for IC 3.2+).

  • Playbooks automatically provision certificates for Elasticsearch. You may manually replace these certs later.

  • You can now configure network addresses of managed nodes through environment variables or by editing group_vars/all/config.yml, instead of editing inventory files.

    You must still run ansible-playbook with inventory files. E.g.:

    EIQ_HOST_IC_APP_01="10.10.2.95" ansible-playbook -i inventories/ic-test-small pb-pre_requisites.yml -vv

Improvements#

  • ansible-example.cfg has optional minor changes for session reliability.

  • Removed EIQ_IS_UPGRADE environment variable. No longer used. Playbooks now detect if you are performing a fresh install or an upgrade.

  • Removed legacy Elasticsearch playbooks.

Fixes#

  • Numerous fixes to PG clustering.

3x-1690533376 (28 Jul 2023)#

Changed:

  • Playbooks now use .env file instead of .envrc to set environment variables.

Fixed:

  • Fixed issue introduced by new version of java-11-openjdk-headless, where the package drops tzdata-java from its list of dependencies, causing Elasticsearch and Logstash services to fail to start because it depends on it. Playbooks now explicitly install tzdata-java.

3x-1689088308 (11 Jul 2023)#

Fixed:

  • Issue where statsite service would fail to reload as part of playbook run.

3x-1688978882 (10 Jul 2023)#

Added:

  • Support for EclecticIQ Intelligence Center 3.x.

  • Playbook and inventory files for Neo4j removal.

  • Various fixes and improvements to deployment reliability.