From 6b1e5c2b6317a7f5aa09911851e382ff5a84b548 Mon Sep 17 00:00:00 2001
From: pemontto <pemontto@gmail.com>
Date: Thu, 31 Oct 2019 10:55:40 +0000
Subject: [PATCH] Fix permissions of cert directory and files

---
 tasks/elasticsearch-ssl.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/tasks/elasticsearch-ssl.yml b/tasks/elasticsearch-ssl.yml
index 7f56a98..b4d2212 100644
--- a/tasks/elasticsearch-ssl.yml
+++ b/tasks/elasticsearch-ssl.yml
@@ -11,11 +11,17 @@
   file:
     dest: "{{ es_ssl_certificate_path }}"
     state: directory
+    owner: root
+    group: "{{ es_group }}"
+    mode: 0750
 
 - name: Upload SSL/TLS keystore
   copy:
     src: "{{ es_ssl_keystore }}"
     dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_keystore | basename }}"
+    owner: "{{ es_user }}"
+    group: "{{ es_group }}"
+    mode: 0640
   when: es_ssl_keystore and es_ssl_truststore
   notify: restart elasticsearch
   register: copy_keystore
@@ -24,6 +30,9 @@
   copy:
     src: "{{ es_ssl_truststore }}"
     dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_truststore | basename }}"
+    owner: "{{ es_user }}"
+    group: "{{ es_group }}"
+    mode: 0640
   when: es_ssl_keystore and es_ssl_truststore
   notify: restart elasticsearch
   register: copy_truststore
@@ -32,6 +41,9 @@
   copy:
     src: "{{ item }}"
     dest: "{{ es_ssl_certificate_path }}/{{ item | basename }}"
+    owner: "{{ es_user }}"
+    group: "{{ es_group }}"
+    mode: 0640
   with_items:
     - "{{ es_ssl_key }}"
     - "{{ es_ssl_certificate }}"
@@ -44,6 +56,9 @@
   copy:
     src: "{{ es_ssl_certificate_authority }}"
     dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_certificate_authority | basename }}"
+    owner: "{{ es_user }}"
+    group: "{{ es_group }}"
+    mode: 0640
   #Restart if this changes
   notify: restart elasticsearch
   when: es_ssl_certificate_authority | bool