From 048fd636025a00379d2549c36f8b4bd271a8f832 Mon Sep 17 00:00:00 2001 From: Dale McDiarmid Date: Sat, 23 Jul 2016 22:37:22 +0100 Subject: [PATCH] Change shield versions if ES changes version --- tasks/xpack/elasticsearch-xpack.yml | 11 +++++++---- tasks/xpack/shield/elasticsearch-shield-file.yml | 6 +----- tasks/xpack/shield/elasticsearch-shield.yml | 14 ++++++++------ 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/tasks/xpack/elasticsearch-xpack.yml b/tasks/xpack/elasticsearch-xpack.yml index 5ce2a27..c68b79a 100644 --- a/tasks/xpack/elasticsearch-xpack.yml +++ b/tasks/xpack/elasticsearch-xpack.yml @@ -1,4 +1,7 @@ --- + +- set_fact: es_version_changed=((elasticsearch_install_from_package is defined and elasticsearch_install_from_repo.changed) or (elasticsearch_install_from_package is defined and elasticsearch_install_from_package.changed)) + #Check if license is installed - name: Check License is installed shell: > @@ -17,27 +20,27 @@ register: xpack_state failed_when: "'ERROR' in xpack_state.stdout" changed_when: xpack_state.rc == 0 - when: license_installed.rc == 0 and not es_enable_xpack + when: license_installed.rc == 0 and (not es_enable_xpack or es_version_changed) notify: restart elasticsearch environment: CONF_DIR: "{{ conf_dir }}" ES_INCLUDE: "{{ instance_default_file }}" -#Install License if not installed +#Install License if not installed, or it needs to be reinstalled due to ES change (above task will have removed), and its been requested. - name: Install license plugin command: > {{es_home}}/bin/plugin install license register: xpack_state failed_when: "'ERROR' in xpack_state.stdout" changed_when: xpack_state.rc == 0 - when: license_installed.rc == 1 and es_enable_xpack + when: (license_installed.rc == 1 or es_version_changed) and es_enable_xpack notify: restart elasticsearch environment: CONF_DIR: "{{ conf_dir }}" ES_INCLUDE: "{{ instance_default_file }}" -#Include shield as we may need to remove it +#Include shield as we may need to remove it or change it due to es_version_changed - include: shield/elasticsearch-shield.yml # when: '"shield" in es_xpack_features' diff --git a/tasks/xpack/shield/elasticsearch-shield-file.yml b/tasks/xpack/shield/elasticsearch-shield-file.yml index 932a2a9..0746f4b 100644 --- a/tasks/xpack/shield/elasticsearch-shield-file.yml +++ b/tasks/xpack/shield/elasticsearch-shield-file.yml @@ -1,9 +1,5 @@ --- - -- set_fact: manage_file_users=false - -- set_fact: manage_file_users=true - when: es_users is defined and es_users.file is defined +- set_fact: manage_file_users=es_users is defined and es_users.file is defined #List current users - name: List Users diff --git a/tasks/xpack/shield/elasticsearch-shield.yml b/tasks/xpack/shield/elasticsearch-shield.yml index dad8525..f3bd306 100644 --- a/tasks/xpack/shield/elasticsearch-shield.yml +++ b/tasks/xpack/shield/elasticsearch-shield.yml @@ -10,28 +10,28 @@ ES_INCLUDE: "{{ instance_default_file }}" -#Remove Shield if installed and its not been requested +#Remove Shield if installed and its not been requested or the ES version has changed - name: Remove shield plugin command: > {{es_home}}/bin/plugin remove shield register: xpack_state failed_when: "'ERROR' in xpack_state.stdout" changed_when: xpack_state.rc == 0 - when: shield_installed.rc == 0 and (not es_enable_xpack or not '"shield" in es_xpack_features') + when: shield_installed.rc == 0 and (not es_enable_xpack or not '"shield" in es_xpack_features' or es_version_changed) notify: restart elasticsearch environment: CONF_DIR: "{{ conf_dir }}" ES_INCLUDE: "{{ instance_default_file }}" -#Install Shield if not installed and its been requested +#Install Shield if not installed, or the es version has changed (so removed above), and its been requested - name: Install shield plugin command: > {{es_home}}/bin/plugin install shield register: xpack_state failed_when: "'ERROR' in xpack_state.stdout" changed_when: xpack_state.rc == 0 - when: shield_installed.rc == 1 and es_enable_xpack and '"shield" in es_xpack_features' + when: (shield_installed.rc == 1 or es_version_changed) and es_enable_xpack and '"shield" in es_xpack_features' notify: restart elasticsearch environment: CONF_DIR: "{{ conf_dir }}" @@ -42,13 +42,15 @@ #-----------------------------FILE BASED REALM---------------------------------------- - include: elasticsearch-shield-file.yml - when: (es_users is defined and es_users.file) or (es_roles is defined and es_roles.file is defined) + when: (es_enable_xpack and '"shield" in es_xpack_features') and ((es_users is defined and es_users.file) or (es_roles is defined and es_roles.file is defined)) #-----------------------------NATIVE BASED REALM---------------------------------------- # The native realm requires the node to be started so we do as a handler - command: /bin/true notify: load-native-realms - when: (es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined) + when: (es_enable_xpack and '"shield" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined)) + +#--------------------------------------------------------------------- #Ensure shield conf directory is created - name: Ensure shield conf directory exists