diff --git a/handlers/elasticsearch-templates.yml b/handlers/elasticsearch-templates.yml index b1ff63a..c8cc2d4 100644 --- a/handlers/elasticsearch-templates.yml +++ b/handlers/elasticsearch-templates.yml @@ -1,12 +1,15 @@ --- - name: Ensure elasticsearch is started + become: yes service: name={{instance_init_script | basename}} state=started enabled=yes - name: Wait for elasticsearch to startup + become: yes wait_for: host={{es_api_host}} port={{es_api_port}} delay=10 - name: Get template files + become: yes find: paths="/etc/elasticsearch/templates" patterns="*.json" register: templates diff --git a/handlers/main.yml b/handlers/main.yml index 55b95af..fe392de 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,8 +1,10 @@ - name: reload systemd configuration + become: yes command: systemctl daemon-reload # Restart service and ensure it is enabled - name: restart elasticsearch + become: yes service: name={{instance_init_script | basename}} state=restarted enabled=yes when: es_restart_on_change and es_start_service and ((plugin_installed is defined and plugin_installed.changed) or (config_updated is defined and config_updated.changed) or (xpack_state.changed) or (debian_elasticsearch_install_from_repo.changed or redhat_elasticsearch_install_from_repo.changed or elasticsearch_install_from_package.changed)) diff --git a/tasks/elasticsearch-Debian-version-lock.yml b/tasks/elasticsearch-Debian-version-lock.yml index a932af7..d9fdd69 100644 --- a/tasks/elasticsearch-Debian-version-lock.yml +++ b/tasks/elasticsearch-Debian-version-lock.yml @@ -1,5 +1,6 @@ --- - name: Debian - hold elasticsearch version + become: yes command: apt-mark hold elasticsearch register: hold_elasticsearch_result - changed_when: "hold_elasticsearch_result.stdout != 'elasticsearch was already set on hold.'" \ No newline at end of file + changed_when: "hold_elasticsearch_result.stdout != 'elasticsearch was already set on hold.'" diff --git a/tasks/elasticsearch-Debian.yml b/tasks/elasticsearch-Debian.yml index 83748b0..13e12db 100644 --- a/tasks/elasticsearch-Debian.yml +++ b/tasks/elasticsearch-Debian.yml @@ -6,14 +6,17 @@ when: es_allow_downgrades - name: Debian - Install apt-transport-https to support https APT downloads + become: yes apt: name=apt-transport-https state=present when: es_use_repository - name: Debian - Add Elasticsearch repository key + become: yes apt_key: url="{{ es_apt_key }}" state=present when: es_use_repository and es_apt_key - name: Debian - Add elasticsearch repository + become: yes apt_repository: repo={{ item.repo }} state={{ item.state}} with_items: - { repo: "{{ es_apt_url_old }}", state: "absent" } @@ -25,6 +28,7 @@ when: es_version_lock - name: Debian - Ensure elasticsearch is installed + become: yes apt: name=elasticsearch{% if es_version is defined and es_version != "" %}={{ es_version }}{% endif %} state=present force={{force_install}} allow_unauthenticated={{ 'no' if es_apt_key else 'yes' }} cache_valid_time=86400 when: es_use_repository register: debian_elasticsearch_install_from_repo @@ -34,6 +38,7 @@ when: not es_use_repository - name: Debian - Ensure elasticsearch is installed from downloaded package + become: yes apt: deb=/tmp/elasticsearch-{{ es_version }}.deb when: not es_use_repository register: elasticsearch_install_from_package diff --git a/tasks/elasticsearch-RedHat-version-lock.yml b/tasks/elasticsearch-RedHat-version-lock.yml index e6fd838..b5711a2 100644 --- a/tasks/elasticsearch-RedHat-version-lock.yml +++ b/tasks/elasticsearch-RedHat-version-lock.yml @@ -1,6 +1,7 @@ --- - name: RedHat - install yum-version-lock + become: yes yum: name=yum-plugin-versionlock state=present update_cache=yes - name: RedHat - lock elasticsearch version + become: yes shell: yum versionlock delete 0:elasticsearch* ; yum versionlock add elasticsearch{% if es_version is defined and es_version != "" %}-{{ es_version }}{% endif %} - diff --git a/tasks/elasticsearch-RedHat.yml b/tasks/elasticsearch-RedHat.yml index 18cfe4e..885b910 100644 --- a/tasks/elasticsearch-RedHat.yml +++ b/tasks/elasticsearch-RedHat.yml @@ -1,9 +1,11 @@ --- - name: Ensure libselinux-python on CentOS 6.x + become: yes yum: name=libselinux-python state=present update_cache=yes when: ( ansible_distribution == "CentOS" ) and ( ansible_distribution_major_version == "6" ) - name: RedHat - add Elasticsearch repo + become: yes template: src=elasticsearch.repo dest=/etc/yum.repos.d/elasticsearch-{{ es_major_version }}.repo when: es_use_repository @@ -12,6 +14,7 @@ when: es_version_lock - name: RedHat - Install Elasticsearch + become: yes yum: name=elasticsearch{% if es_version is defined and es_version != "" %}-{{ es_version }}{% endif %} state=present update_cache=yes when: es_use_repository register: redhat_elasticsearch_install_from_repo @@ -20,6 +23,7 @@ delay: 10 - name: RedHat - Install Elasticsearch from url + become: yes yum: name={% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_package_url }}-{{ es_version }}.noarch.rpm{% endif %} state=present when: not es_use_repository register: elasticsearch_install_from_package diff --git a/tasks/elasticsearch-config.yml b/tasks/elasticsearch-config.yml index 6debfaf..ba71b19 100644 --- a/tasks/elasticsearch-config.yml +++ b/tasks/elasticsearch-config.yml @@ -3,6 +3,7 @@ #Create required directories - name: Create Directories + become: yes file: path={{ item }} state=directory owner={{ es_user }} group={{ es_group }} with_items: - "{{pid_dir}}" @@ -10,6 +11,7 @@ - "{{conf_dir}}" - name: Create Data Directories + become: yes file: path={{ item }} state=directory owner={{ es_user }} group={{ es_group }} with_items: - "{{data_dirs}}" @@ -17,29 +19,34 @@ #Copy the config template - name: Copy Configuration File + become: yes template: src=elasticsearch.yml.j2 dest={{conf_dir}}/elasticsearch.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes register: config_updated notify: restart elasticsearch #Copy the instance specific default file - name: Copy Default File for Instance + become: yes template: src=elasticsearch.j2 dest={{instance_default_file}} mode=0644 force=yes notify: restart elasticsearch #Copy the instance specific init file - name: Copy Debian Init File for Instance + become: yes template: src=init/debian/elasticsearch.j2 dest={{instance_init_script}} mode=0755 force=yes when: ansible_os_family == 'Debian' and not use_system_d notify: restart elasticsearch #Copy the instance specific init file - name: Copy Redhat Init File for Instance + become: yes template: src=init/redhat/elasticsearch.j2 dest={{instance_init_script}} mode=0755 force=yes when: ansible_os_family == 'RedHat' and not use_system_d notify: restart elasticsearch #Copy the systemd specific file if systemd is installed - name: Copy Systemd File for Instance + become: yes template: src=systemd/elasticsearch.j2 dest={{instance_sysd_script}} mode=0644 force=yes when: use_system_d notify: @@ -48,37 +55,47 @@ #Copy the logging.yml - name: Copy log4j2.properties File for Instance + become: yes template: src=log4j2.properties.j2 dest={{conf_dir}}/log4j2.properties owner={{ es_user }} group={{ es_group }} mode=0644 force=yes notify: restart elasticsearch - name: Copy jvm.options File for Instance + become: yes template: src=jvm.options.j2 dest={{conf_dir}}/jvm.options owner={{ es_user }} group={{ es_group }} mode=0644 force=yes notify: restart elasticsearch #Clean up un-wanted package scripts to avoid confusion - name: Delete Default Init + become: yes file: dest=/etc/init.d/elasticsearch state=absent - name: Delete Default Environment File + become: yes file: dest=/etc/default/elasticsearch state=absent when: ansible_os_family == 'Debian' - name: Delete Default Environment File + become: yes file: dest=/etc/sysconfig/elasticsearch state=absent when: ansible_os_family == 'RedHat' - name: Delete Default Sysconfig File + become: yes file: dest="{{ sysd_script }}" state=absent - name: Delete Default Configuration File + become: yes file: dest=/etc/elasticsearch/elasticsearch.yml state=absent - name: Delete Default Logging File + become: yes file: dest=/etc/elasticsearch/logging.yml state=absent - name: Delete Default Logging File + become: yes file: dest=/etc/elasticsearch/log4j2.properties state=absent - name: Delete Default JVM Options File + become: yes file: dest=/etc/elasticsearch/jvm.options state=absent diff --git a/tasks/elasticsearch-optional-user.yml b/tasks/elasticsearch-optional-user.yml index 5cf1d38..5b2644b 100644 --- a/tasks/elasticsearch-optional-user.yml +++ b/tasks/elasticsearch-optional-user.yml @@ -1,6 +1,7 @@ --- #Add the elasticsearch user before installing from packages. - name: Ensure optional elasticsearch group is created with the correct id. + become: yes group: state: present name: "{{ es_group }}" @@ -8,6 +9,7 @@ gid: "{{ es_group_id }}" - name: Ensure optional elasticsearch user is created with the correct id. + become: yes user: state: present name: "{{ es_user }}" diff --git a/tasks/elasticsearch-plugins.yml b/tasks/elasticsearch-plugins.yml index 8ec9e25..4cf337a 100644 --- a/tasks/elasticsearch-plugins.yml +++ b/tasks/elasticsearch-plugins.yml @@ -12,6 +12,7 @@ #List currently installed plugins. We have to list the directories as the list commmand fails if the ES version is different than the plugin version. - name: Check installed elasticsearch plugins + become: yes shell: "ls {{es_home}}/plugins {{list_command}}" register: installed_plugins changed_when: False @@ -30,6 +31,7 @@ # This removes any currently installed plugins (to prevent errors when reinstalling) - name: Remove elasticsearch plugins + become: yes command: "{{es_home}}/bin/elasticsearch-plugin remove {{item}} --silent" ignore_errors: yes with_items: "{{ plugins_to_remove | default([]) }}" @@ -41,6 +43,7 @@ ES_INCLUDE: "{{ instance_default_file }}" - name: Install elasticsearch plugins + become: yes command: "{{es_home}}/bin/elasticsearch-plugin install {{ item.plugin }} --batch --silent {% if item.proxy_host is defined and item.proxy_host != '' and item.proxy_port is defined and item.proxy_port != ''%} -DproxyHost={{ item.proxy_host }} -DproxyPort={{ item.proxy_port }} {% elif es_proxy_host is defined and es_proxy_host != '' %} -DproxyHost={{ es_proxy_host }} -DproxyPort={{ es_proxy_port }} {% endif %}" register: plugin_installed failed_when: "'ERROR' in plugin_installed.stdout" @@ -57,4 +60,5 @@ #Set permissions on plugins directory - name: Set Plugin Directory Permissions + become: yes file: state=directory path={{ es_home }}/plugins owner={{ es_user }} group={{ es_group }} recurse=yes diff --git a/tasks/elasticsearch-scripts.yml b/tasks/elasticsearch-scripts.yml index 30867f5..91708f9 100644 --- a/tasks/elasticsearch-scripts.yml +++ b/tasks/elasticsearch-scripts.yml @@ -10,12 +10,15 @@ - always - name: Create script dir + become: yes file: state=directory path={{ es_script_dir }} owner={{ es_user }} group={{ es_group }} recurse=yes - name: Copy default scripts to elasticsearch + become: yes copy: src=scripts dest={{ es_script_dir }} owner={{ es_user }} group={{ es_group }} when: es_scripts_fileglob is not defined - name: Copy scripts to elasticsearch + become: yes copy: src={{ item }} dest={{ es_script_dir }} owner={{ es_user }} group={{ es_group }} with_fileglob: "{{ es_scripts_fileglob | default('') }}" diff --git a/tasks/elasticsearch-templates.yml b/tasks/elasticsearch-templates.yml index 27c0c42..2004136 100644 --- a/tasks/elasticsearch-templates.yml +++ b/tasks/elasticsearch-templates.yml @@ -1,14 +1,17 @@ --- -- file: path=/etc/elasticsearch/templates state=directory owner={{ es_user }} group={{ es_group }} +- become: yes + file: path=/etc/elasticsearch/templates state=directory owner={{ es_user }} group={{ es_group }} - name: Copy default templates to elasticsearch + become: yes copy: src=templates dest=/etc/elasticsearch/ owner={{ es_user }} group={{ es_group }} notify: load-templates when: es_templates_fileglob is not defined - name: Copy templates to elasticsearch + become: yes copy: src={{ item }} dest=/etc/elasticsearch/templates owner={{ es_user }} group={{ es_group }} notify: load-templates with_fileglob: - - "{{ es_templates_fileglob | default('') }}" \ No newline at end of file + - "{{ es_templates_fileglob | default('') }}" diff --git a/tasks/java.yml b/tasks/java.yml index c0c63b8..a7d3e43 100644 --- a/tasks/java.yml +++ b/tasks/java.yml @@ -6,15 +6,18 @@ when: update_java == true - name: RedHat - Ensure Java is installed + become: yes yum: name={{ java }} state={{java_state}} when: ansible_os_family == 'RedHat' - name: Refresh java repo + become: yes apt: update_cache=yes changed_when: false when: ansible_os_family == 'Debian' - name: Debian - Ensure Java is installed + become: yes apt: name={{ java }} state={{java_state}} when: ansible_os_family == 'Debian' @@ -25,6 +28,7 @@ #https://github.com/docker-library/openjdk/issues/19 - ensures tests pass due to java 8 broken certs - name: refresh the java ca-certificates + become: yes command: /var/lib/dpkg/info/ca-certificates-java.postinst configure when: ansible_distribution == 'Ubuntu' and open_jdk.rc == 0 changed_when: false diff --git a/tasks/xpack/elasticsearch-xpack-install.yml b/tasks/xpack/elasticsearch-xpack-install.yml index 16bbc5a..ee61a62 100644 --- a/tasks/xpack/elasticsearch-xpack-install.yml +++ b/tasks/xpack/elasticsearch-xpack-install.yml @@ -2,6 +2,7 @@ #Test if feature is installed - shell: "{{es_home}}/bin/elasticsearch-plugin list | grep x-pack" + become: yes register: x_pack_installed changed_when: False failed_when: "'ERROR' in x_pack_installed.stdout" @@ -14,6 +15,7 @@ #Remove X-Pack if installed and its not been requested or the ES version has changed - name: Remove x-pack plugin + become: yes command: "{{es_home}}/bin/elasticsearch-plugin remove x-pack" register: xpack_state failed_when: "'ERROR' in xpack_state.stdout" @@ -27,6 +29,7 @@ #Install plugin if not installed, or the es version has changed (so removed above), and its been requested - name: Install x-pack plugin + become: yes command: > {{es_home}}/bin/elasticsearch-plugin install --silent --batch x-pack {% if es_proxy_host is defined and es_proxy_host != '' %} -Dhttp.proxyHost={{ es_proxy_host }} -Dhttp.proxyPort={{ es_proxy_port }} {% endif %} register: xpack_state diff --git a/tasks/xpack/elasticsearch-xpack.yml b/tasks/xpack/elasticsearch-xpack.yml index 1e54782..b629943 100644 --- a/tasks/xpack/elasticsearch-xpack.yml +++ b/tasks/xpack/elasticsearch-xpack.yml @@ -9,4 +9,5 @@ #Add any feature specific configuration here - name: Set Plugin Directory Permissions + become: yes file: state=directory path={{ es_home }}/plugins owner={{ es_user }} group={{ es_group }} recurse=yes diff --git a/tasks/xpack/security/elasticsearch-security-file.yml b/tasks/xpack/security/elasticsearch-security-file.yml index b09237c..fb9f55f 100644 --- a/tasks/xpack/security/elasticsearch-security-file.yml +++ b/tasks/xpack/security/elasticsearch-security-file.yml @@ -3,12 +3,14 @@ #Ensure x-pack conf directory is created - name: Ensure x-pack conf directory exists (file) + become: yes file: path={{ conf_dir }}/x-pack state=directory owner={{ es_user }} group={{ es_group }} changed_when: False when: es_enable_xpack and '"security" in es_xpack_features' #List current users - name: List Users + become: yes shell: cat {{conf_dir}}/x-pack/users | awk -F':' '{print $1}' register: current_file_users when: manage_file_users @@ -19,6 +21,7 @@ #Remove users - name: Remove Users + become: yes command: > {{es_home}}/bin/x-pack/users userdel {{item}} with_items: "{{users_to_remove | default([])}}" @@ -33,6 +36,7 @@ #Add users - name: Add Users + become: yes command: > {{es_home}}/bin/x-pack/users useradd {{item}} -p {{es_users.file[item].password}} with_items: "{{users_to_add | default([])}}" @@ -44,6 +48,7 @@ #Set passwords for all users declared - Required as the useradd will not change existing user passwords - name: Set User Passwords + become: yes command: > {{es_home}}/bin/x-pack/users passwd {{item.key}} -p {{item.value.password}} with_dict: "{{(es_users | default({'file':{}})).file}}" @@ -60,14 +65,17 @@ #Copy Roles files - name: Copy roles.yml File for Instance + become: yes template: src=security/roles.yml.j2 dest={{conf_dir}}/x-pack/roles.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes when: es_roles is defined and es_roles.file is defined #Overwrite users_roles file - name: Copy User Roles + become: yes template: src=security/users_roles.j2 dest={{conf_dir}}/x-pack/users_roles mode=0644 force=yes when: manage_file_users and users_roles | length > 0 #Set permission on security directory. E.g. if 2 nodes are installed on the same machine, the second node will not get the users file created at install, causing the files being created at es_users call and then having the wrong Permissions. - name: Set Security Directory Permissions Recursive - file: state=directory path={{conf_dir}}/x-pack/ owner={{ es_user }} group={{ es_group }} recurse=yes \ No newline at end of file + become: yes + file: state=directory path={{conf_dir}}/x-pack/ owner={{ es_user }} group={{ es_group }} recurse=yes diff --git a/tasks/xpack/security/elasticsearch-security.yml b/tasks/xpack/security/elasticsearch-security.yml index 820c7e3..bfb6b25 100644 --- a/tasks/xpack/security/elasticsearch-security.yml +++ b/tasks/xpack/security/elasticsearch-security.yml @@ -12,12 +12,14 @@ #Copy Roles files - name: Copy role_mapping.yml File for Instance + become: yes template: src=security/role_mapping.yml.j2 dest={{conf_dir}}/x-pack/role_mapping.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes when: es_role_mapping is defined #-----------------------------AUTH FILE---------------------------------------- - name: Copy message auth key to elasticsearch + become: yes copy: src={{ es_message_auth_file }} dest={{conf_dir}}/x-pack/system_key owner={{ es_user }} group={{ es_group }} mode=0600 force=yes when: es_message_auth_file is defined @@ -25,6 +27,7 @@ #Ensure security conf directory is created - name: Ensure security conf directory exists + become: yes file: path={{ conf_dir }}/security state=directory owner={{ es_user }} group={{ es_group }} changed_when: False when: es_enable_xpack and '"security" in es_xpack_features'