santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #669 from retentionscience/gs/missing-become

Browse source 
Several tasks in elasticsearch-ssl.yml missing become
This commit is contained in:
Julien Mailleret 2020-01-31 15:32:56 +01:00 committed by GitHub
commit 12ffadbae5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
tasks/elasticsearch-ssl.yml
View file

@ -8,6 +8,7 @@
when: es_ssl_keystore == es_ssl_truststore when: es_ssl_keystore == es_ssl_truststore
- name: ensure certificate directory exists - name: ensure certificate directory exists
become: yes
file: file:
dest: "{{ es_ssl_certificate_path }}" dest: "{{ es_ssl_certificate_path }}"
state: directory state: directory
@ -16,6 +17,7 @@
mode: "750" mode: "750"
- name: Upload SSL/TLS keystore - name: Upload SSL/TLS keystore
become: yes
copy: copy:
src: "{{ es_ssl_keystore }}" src: "{{ es_ssl_keystore }}"
dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_keystore | basename }}" dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_keystore | basename }}"
@ -27,6 +29,7 @@
register: copy_keystore register: copy_keystore
- name: Upload SSL/TLS truststore - name: Upload SSL/TLS truststore
become: yes
copy: copy:
src: "{{ es_ssl_truststore }}" src: "{{ es_ssl_truststore }}"
dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_truststore | basename }}" dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_truststore | basename }}"
@ -38,6 +41,7 @@
register: copy_truststore register: copy_truststore
- name: Upload SSL/TLS key and certificate - name: Upload SSL/TLS key and certificate
become: yes
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ es_ssl_certificate_path }}/{{ item | basename }}" dest: "{{ es_ssl_certificate_path }}/{{ item | basename }}"
@ -53,6 +57,7 @@
register: copy_certificates register: copy_certificates
- name: Upload SSL Certificate Authority - name: Upload SSL Certificate Authority
become: yes
copy: copy:
src: "{{ es_ssl_certificate_authority }}" src: "{{ es_ssl_certificate_authority }}"
dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_certificate_authority | basename }}" dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_certificate_authority | basename }}"
@ -64,6 +69,7 @@
when: (es_ssl_certificate_authority is defined) and (es_ssl_certificate_authority|length > 0) when: (es_ssl_certificate_authority is defined) and (es_ssl_certificate_authority|length > 0)
- name: Set keystore password - name: Set keystore password
become: yes
shell: echo "{{ es_ssl_keystore_password }}" | {{ es_home }}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.keystore.secure_password' shell: echo "{{ es_ssl_keystore_password }}" | {{ es_home }}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.keystore.secure_password'
no_log: True no_log: True
when: es_ssl_keystore_password and (copy_keystore.changed or (es_same_keystore and copy_truststore.changed)) when: es_ssl_keystore_password and (copy_keystore.changed or (es_same_keystore and copy_truststore.changed))
@ -72,6 +78,7 @@
- transport - transport
- name: Set truststore password - name: Set truststore password
become: yes
shell: echo "{{ es_ssl_truststore_password }}" | {{ es_home }}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.truststore.secure_password' shell: echo "{{ es_ssl_truststore_password }}" | {{ es_home }}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.truststore.secure_password'
no_log: True no_log: True
when: es_ssl_truststore_password and (copy_truststore.changed or (es_same_keystore and copy_keystore.changed)) when: es_ssl_truststore_password and (copy_truststore.changed or (es_same_keystore and copy_keystore.changed))
@ -80,6 +87,7 @@
- transport - transport
- name: Remove keystore password - name: Remove keystore password
become: yes
shell: "{{ es_home }}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.keystore.secure_password'" shell: "{{ es_home }}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.keystore.secure_password'"
when: es_ssl_keystore_password == "" and (copy_keystore.changed or (es_same_keystore and copy_truststore.changed)) when: es_ssl_keystore_password == "" and (copy_keystore.changed or (es_same_keystore and copy_truststore.changed))
ignore_errors: yes ignore_errors: yes
@ -88,6 +96,7 @@
- transport - transport
- name: Remove truststore password - name: Remove truststore password
become: yes
shell: "{{ es_home }}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.truststore.secure_password'" shell: "{{ es_home }}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.truststore.secure_password'"
when: es_ssl_truststore_password == "" and (copy_truststore.changed or (es_same_keystore and copy_keystore.changed)) when: es_ssl_truststore_password == "" and (copy_truststore.changed or (es_same_keystore and copy_keystore.changed))
ignore_errors: yes ignore_errors: yes
@ -96,6 +105,7 @@
- transport - transport
- name: Set key password - name: Set key password
become: yes
shell: echo "{{ es_ssl_key_password }}" | {{ es_home }}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.secure_key_passphrase' shell: echo "{{ es_ssl_key_password }}" | {{ es_home }}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.secure_key_passphrase'
no_log: True no_log: True
when: es_ssl_key_password and copy_certificates.changed when: es_ssl_key_password and copy_certificates.changed
@ -104,6 +114,7 @@
- transport - transport
- name: Remove key password - name: Remove key password
become: yes
shell: "{{ es_home }}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.secure_key_passphrase'" shell: "{{ es_home }}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.secure_key_passphrase'"
when: es_ssl_key_password == "" and copy_certificates.changed when: es_ssl_key_password == "" and copy_certificates.changed
ignore_errors: yes ignore_errors: yes