use become: yes when root is needed
This commit is contained in:
Brad Pitcher
parent
3621561473
commit
024e6caa4b
16 changed files with 69 additions and 5 deletions
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
#Test if feature is installed
|
||||
- shell: "{{es_home}}/bin/elasticsearch-plugin list | grep x-pack"
|
||||
become: yes
|
||||
register: x_pack_installed
|
||||
changed_when: False
|
||||
failed_when: "'ERROR' in x_pack_installed.stdout"
|
||||
|
|
@ -14,6 +15,7 @@
|
|||
|
||||
#Remove X-Pack if installed and its not been requested or the ES version has changed
|
||||
- name: Remove x-pack plugin
|
||||
become: yes
|
||||
command: "{{es_home}}/bin/elasticsearch-plugin remove x-pack"
|
||||
register: xpack_state
|
||||
failed_when: "'ERROR' in xpack_state.stdout"
|
||||
|
|
@ -27,6 +29,7 @@
|
|||
|
||||
#Install plugin if not installed, or the es version has changed (so removed above), and its been requested
|
||||
- name: Install x-pack plugin
|
||||
become: yes
|
||||
command: >
|
||||
{{es_home}}/bin/elasticsearch-plugin install --silent --batch x-pack {% if es_proxy_host is defined and es_proxy_host != '' %} -Dhttp.proxyHost={{ es_proxy_host }} -Dhttp.proxyPort={{ es_proxy_port }} {% endif %}
|
||||
register: xpack_state
|
||||
|
|
|
|||
|
|
@ -9,4 +9,5 @@
|
|||
|
||||
#Add any feature specific configuration here
|
||||
- name: Set Plugin Directory Permissions
|
||||
become: yes
|
||||
file: state=directory path={{ es_home }}/plugins owner={{ es_user }} group={{ es_group }} recurse=yes
|
||||
|
|
|
|||
|
|
@ -3,12 +3,14 @@
|
|||
|
||||
#Ensure x-pack conf directory is created
|
||||
- name: Ensure x-pack conf directory exists (file)
|
||||
become: yes
|
||||
file: path={{ conf_dir }}/x-pack state=directory owner={{ es_user }} group={{ es_group }}
|
||||
changed_when: False
|
||||
when: es_enable_xpack and '"security" in es_xpack_features'
|
||||
|
||||
#List current users
|
||||
- name: List Users
|
||||
become: yes
|
||||
shell: cat {{conf_dir}}/x-pack/users | awk -F':' '{print $1}'
|
||||
register: current_file_users
|
||||
when: manage_file_users
|
||||
|
|
@ -19,6 +21,7 @@
|
|||
|
||||
#Remove users
|
||||
- name: Remove Users
|
||||
become: yes
|
||||
command: >
|
||||
{{es_home}}/bin/x-pack/users userdel {{item}}
|
||||
with_items: "{{users_to_remove | default([])}}"
|
||||
|
|
@ -33,6 +36,7 @@
|
|||
|
||||
#Add users
|
||||
- name: Add Users
|
||||
become: yes
|
||||
command: >
|
||||
{{es_home}}/bin/x-pack/users useradd {{item}} -p {{es_users.file[item].password}}
|
||||
with_items: "{{users_to_add | default([])}}"
|
||||
|
|
@ -44,6 +48,7 @@
|
|||
|
||||
#Set passwords for all users declared - Required as the useradd will not change existing user passwords
|
||||
- name: Set User Passwords
|
||||
become: yes
|
||||
command: >
|
||||
{{es_home}}/bin/x-pack/users passwd {{item.key}} -p {{item.value.password}}
|
||||
with_dict: "{{(es_users | default({'file':{}})).file}}"
|
||||
|
|
@ -60,14 +65,17 @@
|
|||
|
||||
#Copy Roles files
|
||||
- name: Copy roles.yml File for Instance
|
||||
become: yes
|
||||
template: src=security/roles.yml.j2 dest={{conf_dir}}/x-pack/roles.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
|
||||
when: es_roles is defined and es_roles.file is defined
|
||||
|
||||
#Overwrite users_roles file
|
||||
- name: Copy User Roles
|
||||
become: yes
|
||||
template: src=security/users_roles.j2 dest={{conf_dir}}/x-pack/users_roles mode=0644 force=yes
|
||||
when: manage_file_users and users_roles | length > 0
|
||||
|
||||
#Set permission on security directory. E.g. if 2 nodes are installed on the same machine, the second node will not get the users file created at install, causing the files being created at es_users call and then having the wrong Permissions.
|
||||
- name: Set Security Directory Permissions Recursive
|
||||
file: state=directory path={{conf_dir}}/x-pack/ owner={{ es_user }} group={{ es_group }} recurse=yes
|
||||
become: yes
|
||||
file: state=directory path={{conf_dir}}/x-pack/ owner={{ es_user }} group={{ es_group }} recurse=yes
|
||||
|
|
|
|||
|
|
@ -12,12 +12,14 @@
|
|||
|
||||
#Copy Roles files
|
||||
- name: Copy role_mapping.yml File for Instance
|
||||
become: yes
|
||||
template: src=security/role_mapping.yml.j2 dest={{conf_dir}}/x-pack/role_mapping.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
|
||||
when: es_role_mapping is defined
|
||||
|
||||
#-----------------------------AUTH FILE----------------------------------------
|
||||
|
||||
- name: Copy message auth key to elasticsearch
|
||||
become: yes
|
||||
copy: src={{ es_message_auth_file }} dest={{conf_dir}}/x-pack/system_key owner={{ es_user }} group={{ es_group }} mode=0600 force=yes
|
||||
when: es_message_auth_file is defined
|
||||
|
||||
|
|
@ -25,6 +27,7 @@
|
|||
|
||||
#Ensure security conf directory is created
|
||||
- name: Ensure security conf directory exists
|
||||
become: yes
|
||||
file: path={{ conf_dir }}/security state=directory owner={{ es_user }} group={{ es_group }}
|
||||
changed_when: False
|
||||
when: es_enable_xpack and '"security" in es_xpack_features'
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue