ansible-role-elasticsearch/tasks/elasticsearch-ssl.yml

---
- name: ensure certificate directory exists
  file:
    dest: "{{ es_ssl_certificate_path }}"
    state: directory

- name: Upload SSL/TLS keystore and truststore
  copy:
    src: "{{ item }}"
    dest: "{{ es_ssl_certificate_path }}/{{ item | basename }}"
  with_items:
    - "{{ es_ssl_keystore }}"
    - "{{ es_ssl_truststore }}"
  when: es_ssl_keystore and es_ssl_truststore
  #Restart if these change
  notify: restart elasticsearch
  register: copy_keystores

- name: Upload SSL/TLS key and certificate
  copy:
    src: "{{ item }}"
    dest: "{{ es_ssl_certificate_path }}/{{ item | basename }}"
  with_items:
    - "{{ es_ssl_key }}"
    - "{{ es_ssl_certificate }}"
  when: es_ssl_key and es_ssl_certificate
  #Restart if these change
  notify: restart elasticsearch
  register: copy_certificates

- name: Upload SSL Certificate Authority
  copy:
    src: "{{ es_ssl_certificate_authority }}"
    dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_certificate_authority | basename }}"
  #Restart if this changes
  notify: restart elasticsearch
  when: es_ssl_certificate_authority | bool

- name: Set transport keystore password
  shell: echo "{{es_ssl_keystore_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.keystore.secure_password'
  no_log: True
  when: es_ssl_keystore_password and copy_keystores.changed
  with_items:
    - http
    - transport

- name: Set transport truststore password
  shell: echo "{{es_ssl_truststore_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.truststore.secure_password'
  no_log: True
  when: es_ssl_truststore_password and copy_keystores.changed
  with_items:
    - http
    - transport

- name: Set transport key password
  shell: echo "{{es_ssl_key_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.secure_key_passphrase'
  no_log: True
  when: es_ssl_key_password and copy_certificates.changed
  with_items:
    - http
    - transport

- name: Remove transport keystore password
  shell: "{{es_home}}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.keystore.secure_password'"
  no_log: True
  when: es_ssl_keystore_password == "" and copy_keystores.changed
  with_items:
    - http
    - transport

- name: Remove transport truststore password
  shell: "{{es_home}}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.truststore.secure_password'"
  no_log: True
  when: es_ssl_truststore_password == "" and copy_keystores.changed
  with_items:
    - http
    - transport

- name: Remove transport key password
  shell: "{{es_home}}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.secure_key_passphrase'"
  no_log: True
  when: es_ssl_key_password == "" and copy_certificates.changed
  with_items:
    - http
    - transport
Add SSL/TLS support This commit introduces SSL/TLS support for the elastic search transport layer. It assumes certificates are generated externally, and only handles uploading and configuring the server accordingly. 2019-06-27 13:53:23 -07:00			`---`
			`- name: ensure certificate directory exists`
			`file:`
			`dest: "{{ es_ssl_certificate_path }}"`
			`state: directory`

Add SSL keystore and truststore 2019-10-11 16:09:05 +01:00			`- name: Upload SSL/TLS keystore and truststore`
Add SSL/TLS support This commit introduces SSL/TLS support for the elastic search transport layer. It assumes certificates are generated externally, and only handles uploading and configuring the server accordingly. 2019-06-27 13:53:23 -07:00			`copy:`
			`src: "{{ item }}"`
			`dest: "{{ es_ssl_certificate_path }}/{{ item \| basename }}"`
			`with_items:`
Fix copy variables 2019-10-11 16:33:09 +01:00			`- "{{ es_ssl_keystore }}"`
			`- "{{ es_ssl_truststore }}"`
Add SSL keystore and truststore 2019-10-11 16:09:05 +01:00			`when: es_ssl_keystore and es_ssl_truststore`
Fix copy variables 2019-10-11 16:33:09 +01:00			`#Restart if these change`
			`notify: restart elasticsearch`
Add SSL keystore and truststore 2019-10-11 16:09:05 +01:00			`register: copy_keystores`
Add SSL/TLS support This commit introduces SSL/TLS support for the elastic search transport layer. It assumes certificates are generated externally, and only handles uploading and configuring the server accordingly. 2019-06-27 13:53:23 -07:00
Add SSL keystore and truststore 2019-10-11 16:09:05 +01:00			`- name: Upload SSL/TLS key and certificate`
			`copy:`
			`src: "{{ item }}"`
			`dest: "{{ es_ssl_certificate_path }}/{{ item \| basename }}"`
			`with_items:`
			`- "{{ es_ssl_key }}"`
			`- "{{ es_ssl_certificate }}"`
			`when: es_ssl_key and es_ssl_certificate`
Fix copy variables 2019-10-11 16:33:09 +01:00			`#Restart if these change`
			`notify: restart elasticsearch`
Add SSL keystore and truststore 2019-10-11 16:09:05 +01:00			`register: copy_certificates`
Add SSL/TLS support This commit introduces SSL/TLS support for the elastic search transport layer. It assumes certificates are generated externally, and only handles uploading and configuring the server accordingly. 2019-06-27 13:53:23 -07:00
			`- name: Upload SSL Certificate Authority`
			`copy:`
			`src: "{{ es_ssl_certificate_authority }}"`
			`dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_certificate_authority \| basename }}"`
Add option for invalid certificates 2019-10-12 00:03:47 +01:00			`#Restart if this changes`
			`notify: restart elasticsearch`
			`when: es_ssl_certificate_authority \| bool`
Add ability to use key and truststore passwords 2019-10-12 00:57:49 +01:00
			`- name: Set transport keystore password`
			`shell: echo "{{es_ssl_keystore_password}}" \| {{es_home}}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.keystore.secure_password'`
			`no_log: True`
			`when: es_ssl_keystore_password and copy_keystores.changed`
			`with_items:`
			`- http`
			`- transport`

			`- name: Set transport truststore password`
			`shell: echo "{{es_ssl_truststore_password}}" \| {{es_home}}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.truststore.secure_password'`
			`no_log: True`
			`when: es_ssl_truststore_password and copy_keystores.changed`
			`with_items:`
			`- http`
			`- transport`

			`- name: Set transport key password`
			`shell: echo "{{es_ssl_key_password}}" \| {{es_home}}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.secure_key_passphrase'`
			`no_log: True`
			`when: es_ssl_key_password and copy_certificates.changed`
			`with_items:`
			`- http`
			`- transport`

			`- name: Remove transport keystore password`
			`shell: "{{es_home}}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.keystore.secure_password'"`
			`no_log: True`
			`when: es_ssl_keystore_password == "" and copy_keystores.changed`
			`with_items:`
			`- http`
			`- transport`

			`- name: Remove transport truststore password`
			`shell: "{{es_home}}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.truststore.secure_password'"`
			`no_log: True`
			`when: es_ssl_truststore_password == "" and copy_keystores.changed`
			`with_items:`
			`- http`
			`- transport`

			`- name: Remove transport key password`
			`shell: "{{es_home}}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.secure_key_passphrase'"`
			`no_log: True`
			`when: es_ssl_key_password == "" and copy_certificates.changed`
			`with_items:`
			`- http`
			`- transport`