diff --git a/handlers/main.yml b/handlers/main.yml index ff07a08..55b95af 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -6,10 +6,6 @@ service: name={{instance_init_script | basename}} state=restarted enabled=yes when: es_restart_on_change and es_start_service and ((plugin_installed is defined and plugin_installed.changed) or (config_updated is defined and config_updated.changed) or (xpack_state.changed) or (debian_elasticsearch_install_from_repo.changed or redhat_elasticsearch_install_from_repo.changed or elasticsearch_install_from_package.changed)) -# All security specific actions should go in here -- name: activate-security - include: ./handlers/security/elasticsearch-security.yml - #Templates are a handler as they need to come after a restart e.g. suppose user removes security on a running node and doesn't #specify es_api_basic_auth_username and es_api_basic_auth_password. The templates will subsequently not be removed if we don't wait for the node to restart. #Templates done after restart therefore - as a handler. diff --git a/handlers/security/elasticsearch-security.yml b/handlers/security/elasticsearch-security.yml deleted file mode 100644 index af52976..0000000 --- a/handlers/security/elasticsearch-security.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Ensure elasticsearch is started - service: name={{instance_init_script | basename}} state=started enabled=yes - -- name: Wait for elasticsearch to startup - wait_for: host={{es_api_host}} port={{es_api_port}} delay=10 - -- name: activate-license - include: ./handlers/security/elasticsearch-xpack-activation.yml - when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != '' - -- name: load-native-realms - include: ./handlers/security/elasticsearch-security-native.yml - when: (es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined) \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index fe12c38..4648f8d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -45,4 +45,12 @@ - meta: flush_handlers - name: Wait for elasticsearch to startup - wait_for: host={{es_api_host}} port={{es_api_port}} delay=5 connect_timeout=1 \ No newline at end of file + wait_for: host={{es_api_host}} port={{es_api_port}} delay=5 connect_timeout=1 + +- name: activate-license + include: ./xpack/security/elasticsearch-xpack-activation.yml + when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != '' + +#perform security actions here now elasticsearch is started +- include: ./xpack/security/elasticsearch-security-native.yml + when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined)) diff --git a/handlers/security/elasticsearch-security-native.yml b/tasks/xpack/security/elasticsearch-security-native.yml similarity index 100% rename from handlers/security/elasticsearch-security-native.yml rename to tasks/xpack/security/elasticsearch-security-native.yml diff --git a/tasks/xpack/security/elasticsearch-security.yml b/tasks/xpack/security/elasticsearch-security.yml index 9c4470d..820c7e3 100644 --- a/tasks/xpack/security/elasticsearch-security.yml +++ b/tasks/xpack/security/elasticsearch-security.yml @@ -8,13 +8,6 @@ - include: elasticsearch-security-file.yml when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.file) or (es_roles is defined and es_roles.file is defined)) -#-----------------------------NATIVE BASED REALM---------------------------------------- -# The native realm requires the node to be started so we do as a handler -- command: /bin/true - notify: activate-security - when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined)) - changed_when: False - #-----------------------------ROLE MAPPING ---------------------------------------- #Copy Roles files diff --git a/handlers/security/elasticsearch-xpack-activation.yml b/tasks/xpack/security/elasticsearch-xpack-activation.yml similarity index 100% rename from handlers/security/elasticsearch-xpack-activation.yml rename to tasks/xpack/security/elasticsearch-xpack-activation.yml