2016-07-22 23:44:27 +01:00
---
2017-09-19 20:11:09 +01:00
- set_fact : manage_file_users=es_users is defined and es_users.file is defined and es_users.file.keys() | length > 0
2016-07-22 23:44:27 +01:00
#List current users
- name : List Users
2017-05-12 13:31:50 -07:00
become : yes
2017-01-11 13:02:23 +00:00
shell : cat {{conf_dir}}/x-pack/users | awk -F':' '{print $1}'
2016-07-22 23:44:27 +01:00
register : current_file_users
when : manage_file_users
2016-07-23 16:41:37 +01:00
changed_when : False
2016-07-22 23:44:27 +01:00
2016-07-23 16:41:37 +01:00
- set_fact : users_to_remove={{ current_file_users.stdout_lines | difference (es_users.file.keys()) }}
2016-07-22 23:44:27 +01:00
when : manage_file_users
#Remove users
- name : Remove Users
2017-05-12 13:31:50 -07:00
become : yes
2016-07-22 23:44:27 +01:00
command : >
2017-01-11 13:02:23 +00:00
{{es_home}}/bin/x-pack/users userdel {{item}}
2016-11-02 15:02:51 +01:00
with_items : "{{users_to_remove | default([])}}"
2017-09-20 22:58:17 +01:00
when : manage_file_users
2016-07-22 23:44:27 +01:00
environment :
CONF_DIR : "{{ conf_dir }}"
ES_HOME : "{{es_home}}"
2016-07-23 16:41:37 +01:00
- set_fact : users_to_add={{ es_users.file.keys() | difference (current_file_users.stdout_lines) }}
when : manage_file_users
2016-07-22 23:44:27 +01:00
#Add users
- name : Add Users
2017-05-12 13:31:50 -07:00
become : yes
2016-07-22 23:44:27 +01:00
command : >
2017-01-11 13:02:23 +00:00
{{es_home}}/bin/x-pack/users useradd {{item}} -p {{es_users.file[item].password}}
2017-09-20 22:58:17 +01:00
with_items : "{{ users_to_add | default([]) }}"
when : manage_file_users
2016-09-19 17:41:24 +02:00
no_log : True
2016-07-22 23:44:27 +01:00
environment :
CONF_DIR : "{{ conf_dir }}"
ES_HOME : "{{es_home}}"
#Set passwords for all users declared - Required as the useradd will not change existing user passwords
- name : Set User Passwords
2017-05-12 13:31:50 -07:00
become : yes
2016-07-22 23:44:27 +01:00
command : >
2017-09-19 20:11:09 +01:00
{{es_home}}/bin/x-pack/users passwd {{ item }} -p {{es_users.file[item].password}}
2017-09-20 22:58:17 +01:00
with_items : "{{ es_users.file.keys() | default([]) }}"
when : manage_file_users
2016-07-23 16:41:37 +01:00
#Currently no easy way to figure out if the password has changed or to know what it currently is so we can skip.
changed_when : False
2016-09-19 17:41:24 +02:00
no_log : True
2016-07-22 23:44:27 +01:00
environment :
CONF_DIR : "{{ conf_dir }}"
ES_HOME : "{{es_home}}"
2017-09-20 22:58:17 +01:00
- set_fact : users_roles={{es_users.file | extract_role_users () }}
2016-07-22 23:44:27 +01:00
when : manage_file_users
#Copy Roles files
- name : Copy roles.yml File for Instance
2017-05-12 13:31:50 -07:00
become : yes
2017-01-11 13:02:23 +00:00
template : src=security/roles.yml.j2 dest={{conf_dir}}/x-pack/roles.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
2016-07-22 23:44:27 +01:00
when : es_roles is defined and es_roles.file is defined
#Overwrite users_roles file
- name : Copy User Roles
2017-05-12 13:31:50 -07:00
become : yes
2017-01-11 13:02:23 +00:00
template : src=security/users_roles.j2 dest={{conf_dir}}/x-pack/users_roles mode=0644 force=yes
2016-07-22 23:44:27 +01:00
when : manage_file_users and users_roles | length > 0
2017-01-11 13:02:23 +00:00
#Set permission on security directory. E.g. if 2 nodes are installed on the same machine, the second node will not get the users file created at install, causing the files being created at es_users call and then having the wrong Permissions.
- name : Set Security Directory Permissions Recursive
2017-05-12 13:31:50 -07:00
become : yes
file : state=directory path={{conf_dir}}/x-pack/ owner={{ es_user }} group={{ es_group }} recurse=yes
