[Ansible] JFrog Platform 10.0.1 release (#166)

Ansible/ansible_collections/jfrog/platform/roles/insight/tasks/Debian.yml

@@ -0,0 +1,13 @@
+- name: Install prerequisite packages
+  become: yes
+  apt:
+    name: ["expect", "locales", "acl"]
+    state: present
+    update_cache: yes
+    cache_valid_time: 3600
+
+- name: Ensure UTF-8 locale exists
+  become: yes
+  locale_gen:
+    name: en_US.UTF-8
+    state: present

Ansible/ansible_collections/jfrog/platform/roles/insight/tasks/RedHat.yml

@@ -0,0 +1,5 @@
+- name: Install prerequisite packages
+  become: yes
+  yum:
+    name: ["expect", "acl"]
+    state: present

Ansible/ansible_collections/jfrog/platform/roles/insight/tasks/expect.yml

@@ -0,0 +1,45 @@
+- name: Prepare expect scenario script
+  set_fact:
+    expect_scenario: |
+        set timeout 300
+        spawn {{ exp_executable_cmd }}
+        expect_before timeout { exit 1 }
+        set CYCLE_END 0
+        set count 0
+
+        while { $CYCLE_END == 0 } {
+            expect {
+                {% for each_request in exp_scenarios %}
+                    -nocase -re {{ '{' }}{{ each_request.expecting }}.*} {
+                        send "{{ each_request.sending }}\n"
+                    }
+                {% endfor %}
+                eof {
+                    set CYCLE_END 1
+                }
+            }
+            set count "[expr $count + 1]"
+            if { $count > 16} {
+                exit 128
+            }
+        }
+
+        expect eof
+        lassign [wait] pid spawnid os_error_flag value
+
+        if {$os_error_flag == 0} {
+            puts "INSTALLER_EXIT_STATUS-$value"
+        } else {
+            puts "INSTALLER_EXIT_STATUS-$value"
+        }
+
+- name: Interactive with expect
+  become: yes
+  ignore_errors: yes
+  shell: |
+    {{ expect_scenario }}
+  args:
+    executable: /usr/bin/expect
+    chdir: "{{ exp_dir }}"
+  register: exp_result
+  changed_when: false

Ansible/ansible_collections/jfrog/platform/roles/insight/tasks/install.yml

@@ -0,0 +1,170 @@
+- name: Install prerequisite packages
+  include_tasks: "{{ ansible_os_family }}.yml"
+
+- name: Ensure group insight exist
+  become: yes
+  group:
+    name: "{{ insight_group }}"
+    state: present
+
+- name: Ensure user insight exist
+  become: yes
+  user:
+    name: "{{ insight_user }}"
+    group: "{{ insight_group }}"
+    create_home: yes
+    home: "{{ insight_home }}"
+    shell: /bin/bash
+    state: present
+
+- name: Check if insight tar already exists
+  become: yes
+  stat:
+    path: "{{ jfrog_home_directory }}/{{ insight_tar_file_name }}"
+  register: insight_tar_check
+
+- name: Download insight
+  become: yes
+  get_url:
+    url: "{{ insight_tar }}"
+    timeout: "{{ insight_download_timeout }}"
+    dest: "{{ jfrog_home_directory }}"
+  register: download_insight
+  until: download_insight is succeeded
+  retries: 3
+  when: not insight_tar_check.stat.exists
+
+- name: Extract insight tar
+  become: yes
+  unarchive:
+    src: "{{ jfrog_home_directory }}/{{ insight_tar_file_name }}"
+    dest: "{{ jfrog_home_directory }}"
+    owner: "{{ insight_user }}"
+    group: "{{ insight_group }}"
+    creates: "{{ insight_untar_home }}"
+    remote_src: true
+  when: download_insight is succeeded
+
+- name: Check if app directory exists
+  become: yes
+  stat:
+    path: "{{ insight_home }}/app"
+  register: app_dir_check
+
+- name: Copy untar directory to insight home
+  become: yes
+  copy:
+    src: "{{ insight_untar_home }}/"
+    dest: "{{ insight_home }}"
+    owner: "{{ insight_user }}"
+    group: "{{ insight_group }}"
+    mode: 0755
+    remote_src: yes
+  when: not app_dir_check.stat.exists
+
+- name: Create required directories
+  become: yes
+  file:
+    path: "{{ item }}"
+    state: directory
+    recurse: yes
+    owner: "{{ insight_user }}"
+    group: "{{ insight_group }}"
+  loop:
+    - "{{ insight_home }}/var/etc"
+    - "{{ insight_home }}/var/etc/security/"
+    - "{{ insight_home }}/var/etc/info/"
+
+- name: Configure master key
+  become: yes
+  copy:
+    dest: "{{ insight_home }}/var/etc/security/master.key"
+    content: "{{ master_key }}"
+    owner: "{{ insight_user }}"
+    group: "{{ insight_group }}"
+    mode: 0640
+
+- name: Setup elasticsearch
+  import_tasks: setup-elasticsearch.yml
+
+- name: Check if install.sh wrapper script exist
+  become: yes
+  stat:
+    path: "{{ insight_install_script_path }}/install.sh"
+  register: install_wrapper_script
+
+- name: Include interactive installer scripts
+  include_vars: script/archive.yml
+
+- name: Install Insight
+  include_tasks: expect.yml
+  vars:
+    exp_executable_cmd: "./install.sh -u {{ insight_user }} -g {{ insight_group }}"
+    exp_dir: "{{ insight_install_script_path }}"
+    exp_scenarios: "{{ insight_installer_scenario['main'] }}"
+  args:
+    apply:
+      environment:
+        YQ_PATH: "{{ insight_thirdparty_path }}/yq"
+  when: install_wrapper_script.stat.exists
+
+- name: Configure installer info
+  become: yes
+  template:
+    src: installer-info.json.j2
+    dest: "{{ insight_home }}/var/etc/info/installer-info.json"
+    owner: "{{ insight_user }}"
+    group: "{{ insight_group }}"
+    mode: 0644
+  notify: restart insight
+
+- name: Check if system.yaml exists
+  become: yes
+  stat:
+    path: "{{ insight_home }}/var/etc/system.yaml"
+  register: systemyaml
+
+- name: Configure system.yaml
+  become: yes
+  template:
+    src: "{{ insight_system_yaml_template }}"
+    dest: "{{ insight_home }}/var/etc/system.yaml"
+    owner: "{{ insight_user }}"
+    group: "{{ insight_group }}"
+    mode: 0644
+  when:
+    - insight_systemyaml is defined
+    - insight_systemyaml | length > 0
+    - insight_systemyaml_override or (not systemyaml.stat.exists)
+  notify: restart insight
+
+- name: Update correct permissions
+  become: yes
+  file:
+    path: "{{ insight_home }}"
+    state: directory
+    recurse: yes
+    owner: "{{ insight_user }}"
+    group: "{{ insight_group }}"
+
+- name: Install insight as a service
+  become: yes
+  command: "{{ insight_archive_service_cmd }}"
+  args:
+    chdir: "{{ insight_install_script_path }}"
+    creates: "{{ insight_service_file }}"
+  register: check_service_status_result
+
+- name: Restart insight
+  meta: flush_handlers
+
+- name: Make sure insight is up and running
+  uri:
+    url: http://127.0.0.1:8082/router/api/v1/system/health
+    timeout: 130
+    status_code: 200
+  register: result
+  until: result is succeeded
+  retries: 25
+  delay: 5
+  when: not ansible_check_mode

Ansible/ansible_collections/jfrog/platform/roles/insight/tasks/main.yml

@@ -0,0 +1,11 @@
+- name: Perform installation
+  include_tasks: "install.yml"
+  when:
+    - insight_enabled
+    - not insight_upgrade_only
+
+- name: Perform upgrade
+  include_tasks: "upgrade.yml"
+  when:
+    - insight_enabled
+    - insight_upgrade_only

Ansible/ansible_collections/jfrog/platform/roles/insight/tasks/setup-elasticsearch.yml

@@ -0,0 +1,185 @@
+- name: Ensure group elasticsearch exists
+  become: yes
+  group:
+    name: elasticsearch
+    state: present
+
+- name: Ensure user elasticsearch exists
+  become: yes
+  user:
+    name: elasticsearch
+    group: elasticsearch
+    create_home: yes
+    home: "{{ insight_es_home }}"
+    shell: /bin/bash
+    state: present
+
+- name: Create required directories
+  become: yes
+  file:
+    path: "{{ item }}"
+    state: directory
+    recurse: yes
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0644
+  loop:
+    - "{{ insight_es_conf_base }}"
+    - "{{ insight_es_data_dir }}"
+    - "{{ insight_es_log_dir }}"
+    - "{{ insight_es_home }}"
+
+- name: Set max file descriptors limit
+  become: yes
+  pam_limits:
+    domain: 'elasticsearch'
+    limit_type: '-'
+    limit_item: nofile
+    value: '65536'
+
+- name: Update nproc limit
+  become: yes
+  pam_limits:
+    domain: 'elasticsearch'
+    limit_type: '-'
+    limit_item: nproc
+    value: '4096'
+
+- name: Set vm.max_map_count in /etc/sysctl.conf
+  become: yes
+  sysctl:
+    name: vm.max_map_count
+    value: '262144'
+    sysctl_set: yes
+
+- name: Find elasticsearch package
+  become: yes
+  find:
+    paths: "{{ insight_home }}/app/third-party/elasticsearch"
+    patterns: "^elasticsearch-.+\\.tar.gz$"
+    use_regex: yes
+    file_type: file
+  register: check_elasticsearch_package_result
+
+- name: Set elasticsearch package file name
+  set_fact:
+    insight_elasticsearch_package: "{{ check_elasticsearch_package_result.files[0].path }}"
+  when: check_elasticsearch_package_result.matched > 0
+
+- name: Ensure elasticsearch home exists
+  become: yes
+  file:
+    path: "{{ insight_es_home }}"
+    state: directory
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0644
+
+- name: Extract elasticsearch package
+  become: yes
+  unarchive:
+    src: "{{ insight_elasticsearch_package }}"
+    dest: "{{ insight_es_home }}"
+    remote_src: yes
+    extra_opts:
+      - --strip-components=1
+    owner: elasticsearch
+    group: elasticsearch
+    creates: "{{ insight_es_java_home }}"
+  register: unarchive_result
+  when: check_elasticsearch_package_result.matched > 0
+
+- name: Copy elasticsearch config files to ES_PATH_CONF dir
+  become: yes
+  command: "cp -r {{ insight_es_home }}/config/. {{ insight_es_conf_base }}/"
+  when: unarchive_result.changed
+
+- name: Remove elasticsearch config dir
+  become: yes
+  file:
+    path: "{{ insight_es_home }}/config"
+    state: absent
+  when: unarchive_result.changed
+
+- name: Generate HA elasticsearch.yml template file
+  become: yes
+  template:
+    src: templates/ha/{{ insight_ha_node_type }}.elasticsearch.yml.j2
+    dest: "{{ insight_es_conf_base }}/elasticsearch.yml"
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0644
+  when: unarchive_result.extract_results.rc | default(128) == 0
+
+- name: Generate elasticsearch.yml template file
+  become: yes
+  template:
+    src: templates/elasticsearch.yml.j2
+    dest: "{{ insight_es_conf_base }}/elasticsearch.yml"
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0644
+  when: unarchive_result.extract_results.rc | default(128) == 0
+
+- name: Create empty unicast_hosts.txt file
+  become: yes
+  file:
+    path: "{{ insight_es_conf_base }}/unicast_hosts.txt"
+    state: touch
+    mode: 0664
+    owner: elasticsearch
+    group: elasticsearch
+
+- name: Setup searchguard plugin
+  import_tasks: setup-searchguard.yml
+
+- name: Update directories permissions
+  become: yes
+  file:
+    path: "{{ item }}"
+    state: directory
+    recurse: yes
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0755
+  loop:
+    - "{{ insight_es_conf_base }}"
+    - "{{ insight_es_data_dir }}"
+    - "{{ insight_es_log_dir }}"
+    - "{{ insight_es_home }}"
+
+- name: Start elasticsearch
+  become: yes
+  become_user: elasticsearch
+  shell: |
+    nohup {{ insight_es_script_path }}/elasticsearch -d
+  environment:
+    ES_JAVA_HOME: "{{ insight_es_java_home }}"
+    ES_PATH_CONF: "{{ insight_es_conf_base }}/"
+  register: start_elasticsearch
+  when: unarchive_result.extract_results.rc | default(128) == 0
+
+- name: Wait for elasticsearch to start
+  pause:
+    seconds: 30
+  when: start_elasticsearch.changed
+
+- name: Check if elasticsearch is running
+  wait_for: 
+    host: localhost
+    port: "{{ insight_es_transport_port }}"
+    delay: 5
+    connect_timeout: 1
+
+- name: Init searchguard plugin
+  become: yes
+  become_user: elasticsearch
+  shell: |
+    ./sgadmin.sh -p {{ insight_es_transport_port }} -cacert root-ca.pem \
+    -cert sgadmin.pem -key sgadmin.key -cd {{ insight_es_searchgaurd_home }}/sgconfig/ -nhnv -icl
+  args:
+    chdir: "{{ insight_es_searchgaurd_home }}/tools/"
+  environment:
+    JAVA_HOME: "{{ insight_es_java_home }}"
+  register: install_searchguard_result
+  when: check_searchguard_bundle_result.matched == 1

Ansible/ansible_collections/jfrog/platform/roles/insight/tasks/setup-searchguard.yml

@@ -0,0 +1,67 @@
+- name: Copy elasticsearch cert files
+  become: yes
+  copy:
+    src: "files/searchguard/{{ item }}"
+    dest: "{{ insight_es_conf_base }}/{{ item }}"
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0600
+  loop:
+    - "localhost.pem"
+    - "localhost.key"
+    - "root-ca.pem"
+
+- name: Find searchguard bundle
+  become: yes
+  find:
+    paths: "{{ insight_home }}/app/third-party/elasticsearch/"
+    patterns: "^search-guard-.+\\.zip$"
+    use_regex: yes
+    file_type: file
+  register: check_searchguard_bundle_result
+
+- name: Install searchguard plugin
+  become: yes
+  ignore_errors: yes
+  shell: |
+    {{ insight_es_script_path }}/elasticsearch-plugin install \
+    -b file://{{ check_searchguard_bundle_result.files[0].path }}
+  environment:
+    ES_JAVA_HOME: "{{ insight_es_java_home }}"
+    ES_PATH_CONF: "{{ insight_es_conf_base }}/"
+  register: install_searchguard_result
+  when: check_searchguard_bundle_result.matched == 1
+
+- name: Copy searchguard certificate files
+  become: yes
+  copy:
+    src: "files/searchguard/{{ item }}"
+    dest: "{{ insight_es_searchgaurd_home }}/tools/{{ item }}"
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0600
+  loop:
+    - "sgadmin.pem"
+    - "sgadmin.key"
+    - "root-ca.pem"
+
+- name: Copy SG roles files
+  become: yes
+  copy:
+    src: "files/searchguard/{{ item }}"
+    dest: "{{ insight_es_searchgaurd_home }}/sgconfig/{{ item }}"
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0600
+  loop:
+    - "sg_roles.yml"
+    - "sg_roles_mapping.yml"
+    - "sg_config.yml"
+
+- name: Check execution bit
+  become: yes
+  file:
+    path: "{{ insight_es_searchgaurd_home }}/tools/sgadmin.sh"
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0700

Ansible/ansible_collections/jfrog/platform/roles/insight/tasks/upgrade-elasticsearch.yml

@@ -0,0 +1,136 @@
+- name: Kill elasticsearch process
+  become: yes
+  shell: |
+    set -o pipefail
+    ps -ef | grep -v grep | grep -w elasticsearch | awk '{print $2}' | while read curr_ps_id
+    do
+        echo "process ${curr_ps_id} still running"
+        echo "$(ps -ef | grep -v grep | grep ${curr_ps_id})"
+        kill -9 ${curr_ps_id}
+    done
+  args:
+    executable: /bin/bash
+  changed_when: false
+
+- name: Find searchguard bundle for removal
+  become: yes
+  find:
+    paths: "{{ insight_home }}/app/third-party/elasticsearch/"
+    patterns: "^search-guard-.+\\.zip$"
+    use_regex: yes
+    file_type: file
+  register: check_searchguard_bundle_result
+
+- name: Remove searchguard plugin
+  become: yes
+  become_user: elasticsearch
+  ignore_errors: yes
+  shell: |
+    {{ insight_es_script_path }}/elasticsearch-plugin remove {{ check_searchguard_bundle_result.files[0].path }}
+  environment:
+    ES_JAVA_HOME: "{{ insight_es_java_home }}"
+    ES_PATH_CONF: "{{ insight_es_conf_base }}/config"
+  register: remove_searchguard_result
+  when: check_searchguard_bundle_result.matched == 1
+
+- name: Delete elasticsearch home dir
+  become: yes
+  file:
+    path: "{{ insight_es_home }}"
+    state: absent
+
+- name: Create elasticsearch home dir
+  become: yes
+  file:
+    path: "{{ insight_es_home }}"
+    state: directory
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0755
+
+- name: Find elasticsearch package
+  become: yes
+  find:
+    paths: "{{ insight_home }}/app/third-party/elasticsearch"
+    patterns: "^elasticsearch-.+\\.tar.gz$"
+    use_regex: yes
+    file_type: file
+  register: check_elasticsearch_package_result
+
+- name: Set elasticsearch package file name
+  set_fact:
+    insight_elasticsearch_package: "{{ check_elasticsearch_package_result.files[0].path }}"
+  when: check_elasticsearch_package_result.matched > 0
+
+- name: Extract elasticsearch package
+  become: yes
+  unarchive:
+    src: "{{ insight_elasticsearch_package }}"
+    dest: "{{ insight_es_home }}"
+    remote_src: yes
+    extra_opts:
+      - --strip-components=1
+      - --exclude=config
+    owner: elasticsearch
+    group: elasticsearch
+    creates: "{{ insight_es_java_home }}"
+  register: unarchive_result
+  when: check_elasticsearch_package_result.matched > 0
+
+- name: Generate HA elasticsearch.yml template file
+  become: yes
+  template:
+    src: templates/ha/{{ insight_ha_node_type }}.elasticsearch.yml.j2
+    dest: "{{ insight_es_conf_base }}/elasticsearch.yml"
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0644
+  when: unarchive_result.extract_results.rc | default(128) == 0
+
+- name: Create empty unicast_hosts.txt file
+  become: yes
+  file:
+    path: "{{ insight_es_conf_base }}/unicast_hosts.txt"
+    state: touch
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0644
+
+- name: Upgrade searchguard plugin
+  import_tasks: upgrade-searchguard.yml
+
+- name: Start elasticsearch
+  become: yes
+  become_user: elasticsearch
+  shell: |
+    nohup {{ insight_es_script_path }}/elasticsearch -d
+  environment:
+    ES_JAVA_HOME: "{{ insight_es_java_home }}"
+    ES_PATH_CONF: "{{ insight_es_conf_base }}/"
+  when: unarchive_result.extract_results.rc | default(128) == 0
+  register: start_elastcsearch
+
+- name: Wait for elasticsearch to start
+  pause:
+    seconds: 30
+  when: start_elasticsearch.changed
+
+- name: Check if elasticsearch is running
+  wait_for:
+    host: localhost
+    port: "{{ insight_es_transport_port }}"
+    delay: 5
+    connect_timeout: 1
+
+- name: Init searchguard plugin
+  become: yes
+  become_user: elasticsearch
+  shell: |
+    ./sgadmin.sh -p {{ insight_es_transport_port }} -cacert root-ca.pem \
+    -cert sgadmin.pem -key sgadmin.key -cd {{ insight_es_searchgaurd_home }}/sgconfig/ -nhnv -icl
+  args:
+    chdir: "{{ insight_es_searchgaurd_home }}/tools/"
+  environment:
+    JAVA_HOME: "{{ insight_es_java_home }}"
+  register: install_searchguard_result
+  when: check_searchguard_bundle_result.matched == 1

Ansible/ansible_collections/jfrog/platform/roles/insight/tasks/upgrade-searchguard.yml

@@ -0,0 +1,76 @@
+- name: Create elasticsearch config path folder
+  become: yes
+  file:
+    path: "{{ insight_es_conf_base }}"
+    state: directory
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0755
+
+- name: Copy elasticsearch cert files
+  become: yes
+  copy:
+    src: "files/searchguard/{{ item }}"
+    dest: "{{ insight_es_conf_base }}/{{ item }}"
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0600
+  loop:
+    - "localhost.pem"
+    - "localhost.key"
+    - "root-ca.pem"
+
+- name: Find searchguard bundle
+  become: yes
+  find:
+    paths: "{{ insight_home }}/app/third-party/elasticsearch/"
+    patterns: "^search-guard-.+\\.zip$"
+    use_regex: yes
+    file_type: file
+  register: check_searchguard_bundle_result
+
+- name: Install searchguard plugin
+  become: yes
+  ignore_errors: yes
+  shell: |
+    {{ insight_es_script_path }}/elasticsearch-plugin install \
+    -b file://{{ check_searchguard_bundle_result.files[0].path }}
+  environment:
+    ES_JAVA_HOME: "{{ insight_es_java_home }}"
+    ES_PATH_CONF: "{{ insight_es_conf_base }}/"
+  register: install_searchguard_result
+  when: check_searchguard_bundle_result.matched == 1
+
+- name: Copy searchguard cert files
+  become: yes
+  copy:
+    src: "files/searchguard/{{ item }}"
+    dest: "{{ insight_es_searchgaurd_home }}/tools/{{ item }}"
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0600
+  loop:
+    - "sgadmin.pem"
+    - "sgadmin.key"
+    - "root-ca.pem"
+
+- name: Copy SG roles files
+  become: yes
+  copy:
+    src: "files/searchguard/{{ item }}"
+    dest: "{{ insight_es_searchgaurd_home }}/sgconfig/{{ item }}"
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0600
+  loop:
+    - "sg_roles.yml"
+    - "sg_roles_mapping.yml"
+    - "sg_config.yml"
+
+- name: Check execution bit
+  become: yes
+  file:
+    path: "{{ insight_es_searchgaurd_home }}/tools/sgadmin.sh"
+    owner: elasticsearch
+    group: elasticsearch
+    mode: 0700

Ansible/ansible_collections/jfrog/platform/roles/insight/tasks/upgrade.yml

@@ -0,0 +1,128 @@
+- name: Check if insight tar exists
+  become: yes
+  stat:
+    path: "{{ jfrog_home_directory }}/{{ insight_tar_file_name }}"
+  register: insight_tar_check
+
+- name: Download insight for upgrade
+  become: yes
+  get_url:
+    url: "{{ insight_tar }}"
+    timeout: "{{ insight_download_timeout }}"
+    dest: "{{ jfrog_home_directory }}"
+  register: download_insight
+  until: download_insight is succeeded
+  retries: 3
+  when: not insight_tar_check.stat.exists
+
+- name: Extract insight tar
+  become: yes
+  unarchive:
+    src: "{{ jfrog_home_directory }}/{{ insight_tar_file_name }}"
+    dest: "{{ jfrog_home_directory }}"
+    remote_src: true
+    owner: "{{ insight_user }}"
+    group: "{{ insight_group }}"
+    creates: "{{ insight_untar_home }}"
+  when: download_insight is succeeded
+
+- name: Stop insight
+  meta: flush_handlers
+
+- name: Delete current app folder
+  become: yes
+  file:
+    path: "{{ insight_home }}/app"
+    state: absent
+  when: download_insight.changed
+
+- name: Copy new app to insight app
+  command: "cp -r {{ insight_untar_home }}/app/. {{ insight_home }}/app"
+  become: yes
+  when: download_insight.changed
+
+- name: Delete untar directory
+  become: yes
+  file:
+    path: "{{ insight_untar_home }}"
+    state: absent
+  when: download_insight.changed
+
+- name: Upgrade elasticsearch
+  import_tasks: upgrade-elasticsearch.yml
+  when: download_insight.changed
+
+- name: Check if system.yaml exists
+  become: yes
+  stat:
+    path: "{{ insight_home }}/var/etc/system.yaml"
+  register: systemyaml
+
+- name: Configure system.yaml
+  become: yes
+  template:
+    src: "{{ insight_system_yaml_template }}"
+    dest: "{{ insight_home }}/var/etc/system.yaml"
+    owner: "{{ insight_user }}"
+    group: "{{ insight_group }}"
+    mode: 0644
+  when:
+    - insight_systemyaml is defined
+    - insight_systemyaml | length > 0
+    - insight_systemyaml_override or (not systemyaml.stat.exists)
+  notify: restart insight
+
+- name: Check if install.sh wrapper script exist
+  become: yes
+  stat:
+    path: "{{ insight_install_script_path }}/install.sh"
+  register: upgrade_wrapper_script
+  when: download_insight.changed
+
+- name: Include interactive installer scripts
+  include_vars: script/archive.yml
+
+- name: Upgrade Insight
+  include_tasks: expect.yml
+  vars:
+    exp_executable_cmd: "./install.sh -u {{ insight_user }} -g {{ insight_group }}"
+    exp_dir: "{{ insight_install_script_path }}"
+    exp_scenarios: "{{ insight_installer_scenario['main'] }}"
+  args:
+    apply:
+      environment:
+        YQ_PATH: "{{ insight_thirdparty_path }}/yq"
+  when:
+    - upgrade_wrapper_script.stat.exists
+    - download_insight.changed
+
+- name: Configure installer info
+  become: yes
+  template:
+    src: installer-info.json.j2
+    dest: "{{ insight_home }}/var/etc/info/installer-info.json"
+    mode: 0644
+  notify: restart insight
+
+- name: Update correct permissions
+  become: yes
+  file:
+    path: "{{ insight_home }}"
+    state: directory
+    recurse: yes
+    owner: "{{ insight_user }}"
+    group: "{{ insight_group }}"
+
+- name: Restart insight
+  meta: flush_handlers
+
+- name: Make sure insight is up and running
+  uri:
+    url: http://127.0.0.1:8082/router/api/v1/system/health
+    timeout: 130
+    status_code: 200
+  register: result
+  until: result is succeeded
+  retries: 25
+  delay: 5
+  when: not ansible_check_mode