ansible-role-elasticsearch/tasks/xpack/shield/elasticsearch-shield.yml

---

#Test if shield is installed
- shell: "{{es_home}}/bin/plugin list | sed -n '1!p' | grep shield"
  register: shield_installed
  changed_when: False
  ignore_errors: yes
  environment:
    CONF_DIR: "{{ conf_dir }}"
    ES_INCLUDE: "{{ instance_default_file }}"


#Remove Shield if installed and its not been requested or the ES version has changed
- name: Remove shield plugin
  command: >
    {{es_home}}/bin/plugin remove shield
  register: xpack_state
  failed_when: "'ERROR' in xpack_state.stdout"
  changed_when: xpack_state.rc == 0
  when: shield_installed.rc == 0 and (not es_enable_xpack or not '"shield" in es_xpack_features' or es_version_changed)
  notify: restart elasticsearch
  environment:
    CONF_DIR: "{{ conf_dir }}"
    ES_INCLUDE: "{{ instance_default_file }}"


#Install Shield if not installed, or the es version has changed (so removed above), and its been requested
- name: Install shield plugin
  command: >
    {{es_home}}/bin/plugin install shield
  register: xpack_state
  failed_when: "'ERROR' in xpack_state.stdout"
  changed_when: xpack_state.rc == 0
  when: (shield_installed.rc == 1 or es_version_changed) and es_enable_xpack and '"shield" in es_xpack_features'
  notify: restart elasticsearch
  environment:
    CONF_DIR: "{{ conf_dir }}"
    ES_INCLUDE: "{{ instance_default_file }}"

#TODO: 1. Skip users with no password defined or error 2. Passwords | length > 6

#-----------------------------FILE BASED REALM----------------------------------------

- include: elasticsearch-shield-file.yml
  when: (es_enable_xpack and '"shield" in es_xpack_features') and ((es_users is defined and es_users.file) or (es_roles is defined and es_roles.file is defined))

#-----------------------------NATIVE BASED REALM----------------------------------------
# The native realm requires the node to be started so we do as a handler
- command: /bin/true
  notify: load-native-realms
  when: (es_enable_xpack and '"shield" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined))

#---------------------------------------------------------------------

#Ensure shield conf directory is created
- name: Ensure shield conf directory exists
  file: path={{ conf_dir }}/shield state=directory owner={{ es_user }} group={{ es_group }}
  changed_when: False
  when: es_enable_xpack and '"shield" in es_xpack_features'
Initial Shield support + latest gems + single plugin dir + new port/host vars 2016-07-22 23:44:27 +01:00			`---`

Support for removal for shield and license 2016-07-23 21:47:27 +01:00			`#Test if shield is installed`
Initial Shield support + latest gems + single plugin dir + new port/host vars 2016-07-22 23:44:27 +01:00			`- shell: "{{es_home}}/bin/plugin list \| sed -n '1!p' \| grep shield"`
			`register: shield_installed`
			`changed_when: False`
			`ignore_errors: yes`
			`environment:`
			`CONF_DIR: "{{ conf_dir }}"`
			`ES_INCLUDE: "{{ instance_default_file }}"`


Change shield versions if ES changes version 2016-07-23 22:37:22 +01:00			`#Remove Shield if installed and its not been requested or the ES version has changed`
Support for removal for shield and license 2016-07-23 21:47:27 +01:00			`- name: Remove shield plugin`
			`command: >`
			`{{es_home}}/bin/plugin remove shield`
Shield now causes restart 2016-07-23 22:18:31 +01:00			`register: xpack_state`
			`failed_when: "'ERROR' in xpack_state.stdout"`
			`changed_when: xpack_state.rc == 0`
Change shield versions if ES changes version 2016-07-23 22:37:22 +01:00			`when: shield_installed.rc == 0 and (not es_enable_xpack or not '"shield" in es_xpack_features' or es_version_changed)`
Support for removal for shield and license 2016-07-23 21:47:27 +01:00			`notify: restart elasticsearch`
			`environment:`
			`CONF_DIR: "{{ conf_dir }}"`
			`ES_INCLUDE: "{{ instance_default_file }}"`


Change shield versions if ES changes version 2016-07-23 22:37:22 +01:00			`#Install Shield if not installed, or the es version has changed (so removed above), and its been requested`
Initial Shield support + latest gems + single plugin dir + new port/host vars 2016-07-22 23:44:27 +01:00			`- name: Install shield plugin`
			`command: >`
			`{{es_home}}/bin/plugin install shield`
Shield now causes restart 2016-07-23 22:18:31 +01:00			`register: xpack_state`
			`failed_when: "'ERROR' in xpack_state.stdout"`
			`changed_when: xpack_state.rc == 0`
Change shield versions if ES changes version 2016-07-23 22:37:22 +01:00			`when: (shield_installed.rc == 1 or es_version_changed) and es_enable_xpack and '"shield" in es_xpack_features'`
Initial Shield support + latest gems + single plugin dir + new port/host vars 2016-07-22 23:44:27 +01:00			`notify: restart elasticsearch`
			`environment:`
			`CONF_DIR: "{{ conf_dir }}"`
			`ES_INCLUDE: "{{ instance_default_file }}"`

			`#TODO: 1. Skip users with no password defined or error 2. Passwords \| length > 6`

			`#-----------------------------FILE BASED REALM----------------------------------------`

			`- include: elasticsearch-shield-file.yml`
Change shield versions if ES changes version 2016-07-23 22:37:22 +01:00			`when: (es_enable_xpack and '"shield" in es_xpack_features') and ((es_users is defined and es_users.file) or (es_roles is defined and es_roles.file is defined))`
Initial Shield support + latest gems + single plugin dir + new port/host vars 2016-07-22 23:44:27 +01:00
			`#-----------------------------NATIVE BASED REALM----------------------------------------`
			`# The native realm requires the node to be started so we do as a handler`
			`- command: /bin/true`
			`notify: load-native-realms`
Change shield versions if ES changes version 2016-07-23 22:37:22 +01:00			`when: (es_enable_xpack and '"shield" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined))`

			`#---------------------------------------------------------------------`
Initial Shield support + latest gems + single plugin dir + new port/host vars 2016-07-22 23:44:27 +01:00
Test fixes + ensuring node is started for templates 2016-07-23 16:41:37 +01:00			`#Ensure shield conf directory is created`
			`- name: Ensure shield conf directory exists`
			`file: path={{ conf_dir }}/shield state=directory owner={{ es_user }} group={{ es_group }}`
			`changed_when: False`
Support for removal for shield and license 2016-07-23 21:47:27 +01:00			`when: es_enable_xpack and '"shield" in es_xpack_features'`