santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into AddSSLSupport

Browse source
This commit is contained in:
Nathan Young 2019-10-11 23:09:03 +01:00
commit 551d93b646
No known key found for this signature in database
GPG key ID: EB5E14327B10D023
25 changed files with 171 additions and 246 deletions
Download patch file Download diff file Expand all files Collapse all files

38
tasks/xpack/security/elasticsearch-security-file.yml
View file

@ -1,7 +1,10 @@
---
- name: set fact manage_file_users
set_fact: manage_file_users=es_users is defined and es_users.file is defined and es_users.file.keys() | list | length > 0
- set_fact: manage_file_users=false
- set_fact: manage_file_users=true
when: es_users is defined and es_users.file is defined and es_users.file.keys() | list | length > 0
# Users migration from elasticsearch < 6.3 versions
- name: Check if old users file exists
stat:
path: '{{ es_conf_dir }}/x-pack/users'
@ -13,22 +16,16 @@
remote_src: yes
force: no # only copy it if the new path doesn't exist yet
src: "{{ es_conf_dir }}/x-pack/users"
dest: "{{ es_conf_dir }}{{ es_xpack_conf_subdir }}/users"
when: old_users_file.stat.exists
- name: Create the users file if it doesn't exist
copy:
content: ""
dest: "{{ es_conf_dir }}{{ es_xpack_conf_subdir }}/users"
force: no # this ensures it only creates it if it does not exist
dest: "{{ es_conf_dir }}/users"
group: "{{ es_group }}"
owner: "{{ es_user }}"
mode: 0555
owner: root
when: old_users_file.stat.exists
# End of users migrations
#List current users
- name: List Users
become: yes
shell: cat {{ es_conf_dir }}{{es_xpack_conf_subdir}}/users | awk -F':' '{print $1}'
shell: cat {{ es_conf_dir }}/users | awk -F':' '{print $1}'
register: current_file_users
when: manage_file_users
changed_when: False
@ -42,7 +39,7 @@
- name: Remove Users
become: yes
command: >
{{es_home}}/bin/{{es_xpack_users_command}} userdel {{item}}
{{es_home}}/bin/elasticsearch-users userdel {{item}}
with_items: "{{users_to_remove | default([])}}"
when: manage_file_users
environment:
@ -58,7 +55,7 @@
- name: Add Users
become: yes
command: >
{{es_home}}/bin/{{es_xpack_users_command}} useradd {{item}} -p {{es_users.file[item].password}}
{{es_home}}/bin/elasticsearch-users useradd {{item}} -p {{es_users.file[item].password}}
with_items: "{{ users_to_add | default([]) }}"
when: manage_file_users
no_log: True
@ -71,7 +68,7 @@
- name: Set User Passwords
become: yes
command: >
{{es_home}}/bin/{{es_xpack_users_command}} passwd {{ item }} -p {{es_users.file[item].password}}
{{es_home}}/bin/elasticsearch-users passwd {{ item }} -p {{es_users.file[item].password}}
with_items: "{{ es_users.file.keys() | list }}"
when: manage_file_users
#Currently no easy way to figure out if the password has changed or to know what it currently is so we can skip.
@ -89,16 +86,11 @@
#Copy Roles files
- name: Copy roles.yml File for Instance
become: yes
template: src=security/roles.yml.j2 dest={{ es_conf_dir }}{{es_xpack_conf_subdir}}/roles.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
template: src=security/roles.yml.j2 dest={{ es_conf_dir }}/roles.yml owner=root group={{ es_group }} mode=0660 force=yes
when: es_roles is defined and es_roles.file is defined
#Overwrite users_roles file
- name: Copy User Roles
become: yes
template: src=security/users_roles.j2 dest={{ es_conf_dir }}{{es_xpack_conf_subdir}}/users_roles mode=0644 force=yes
template: src=security/users_roles.j2 dest={{ es_conf_dir }}/users_roles owner=root group={{ es_group }} mode=0660 force=yes
when: manage_file_users and users_roles | length > 0
#Set permission on security directory. E.g. if 2 nodes are installed on the same machine, the second node will not get the users file created at install, causing the files being created at es_users call and then having the wrong Permissions.
- name: Set Security Directory Permissions Recursive
become: yes
file: state=directory path={{ es_conf_dir }}{{es_xpack_conf_subdir}}/ owner={{ es_user }} group={{ es_group }} recurse=yes

16
tasks/xpack/security/elasticsearch-security.yml
View file

@ -3,12 +3,6 @@
#TODO: 1. Skip users with no password defined or error 2. Passwords | length > 6
#Ensure x-pack conf directory is created if necessary
- name: Ensure x-pack conf directory exists (file)
file: path={{ es_conf_dir }}{{ es_xpack_conf_subdir }} state=directory owner={{ es_user }} group={{ es_group }}
changed_when: False
when: (es_users is defined and es_users.file is defined) or (es_roles is defined and es_roles.file is defined) or (es_role_mapping is defined)
#-----------------------------Create Bootstrap User-----------------------------------
### START BLOCK elasticsearch keystore ###
- name: create the elasticsearch keystore
@ -52,13 +46,5 @@
#Copy Roles files
- name: Copy role_mapping.yml File for Instance
become: yes
template: src=security/role_mapping.yml.j2 dest={{ es_conf_dir }}{{es_xpack_conf_subdir}}/role_mapping.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
template: src=security/role_mapping.yml.j2 dest={{ es_conf_dir }}/role_mapping.yml owner=root group={{ es_group }} mode=0660 force=yes
when: es_role_mapping is defined
#------------------------------------------------------------------------------------
#Ensure security conf directory is created
- name: Ensure security conf directory exists
become: yes
file: path={{ es_conf_dir }}/security state=directory owner={{ es_user }} group={{ es_group }}
changed_when: False