Re-structure to make xpack idempotent

2017-03-15 16:12:22 -04:00 · 2017-03-15 16:12:22 -04:00 · 595368f873
commit 595368f873
parent ddbf4ad956
6 changed files with 9 additions and 26 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -6,10 +6,6 @@
  service: name={{instance_init_script | basename}} state=restarted enabled=yes
  when: es_restart_on_change and es_start_service and ((plugin_installed is defined and plugin_installed.changed) or (config_updated is defined and config_updated.changed) or (xpack_state.changed) or (debian_elasticsearch_install_from_repo.changed or redhat_elasticsearch_install_from_repo.changed or elasticsearch_install_from_package.changed))

-# All security specific actions should go in here
- name: activate-security
-  include: ./handlers/security/elasticsearch-security.yml
-
 #Templates are a handler as they need to come after a restart e.g. suppose user removes security on a running node and doesn't
 #specify es_api_basic_auth_username and es_api_basic_auth_password.  The templates will subsequently not be removed if we don't wait for the node to restart.
 #Templates done after restart therefore - as a handler.
--- a/handlers/security/elasticsearch-security.yml
+++ b/handlers/security/elasticsearch-security.yml
@ -1,14 +0,0 @@
---
- name: Ensure elasticsearch is started
-  service: name={{instance_init_script | basename}} state=started enabled=yes
-
- name: Wait for elasticsearch to startup
-  wait_for: host={{es_api_host}} port={{es_api_port}} delay=10
-  
- name: activate-license
-  include: ./handlers/security/elasticsearch-xpack-activation.yml
-  when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != ''
-
- name: load-native-realms
-  include: ./handlers/security/elasticsearch-security-native.yml
-  when: (es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined)
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -46,3 +46,11 @@

 - name: Wait for elasticsearch to startup
  wait_for: host={{es_api_host}} port={{es_api_port}} delay=5 connect_timeout=1
+
+- name: activate-license
+  include: ./xpack/security/elasticsearch-xpack-activation.yml
+  when: es_enable_xpack and es_xpack_license is defined and es_xpack_license != ''
+
+#perform security actions here now elasticsearch is started
+- include: ./xpack/security/elasticsearch-security-native.yml
+  when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined))
--- a/tasks/xpack/security/elasticsearch-security-native.yml
+++ b/tasks/xpack/security/elasticsearch-security-native.yml
--- a/tasks/xpack/security/elasticsearch-security.yml
+++ b/tasks/xpack/security/elasticsearch-security.yml
@ -8,13 +8,6 @@
 - include: elasticsearch-security-file.yml
  when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.file) or (es_roles is defined and es_roles.file is defined))

-#-----------------------------NATIVE BASED REALM----------------------------------------
-# The native realm requires the node to be started so we do as a handler
- command: /bin/true
-  notify: activate-security
-  when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined))
-  changed_when: False
-  
 #-----------------------------ROLE MAPPING ----------------------------------------

 #Copy Roles files
--- a/tasks/xpack/security/elasticsearch-xpack-activation.yml
+++ b/tasks/xpack/security/elasticsearch-xpack-activation.yml