santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix permissions of cert directory and files

Browse source
This commit is contained in:
pemontto 2019-10-31 10:55:40 +00:00
parent 8fb9e81289
commit 6b1e5c2b63
No known key found for this signature in database
GPG key ID: EDCB93C3DA1B5DA9
1 changed files with 15 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
tasks/elasticsearch-ssl.yml
View file

@ -11,11 +11,17 @@
file: file:
dest: "{{ es_ssl_certificate_path }}" dest: "{{ es_ssl_certificate_path }}"
state: directory state: directory
owner: root
group: "{{ es_group }}"
mode: 0750
- name: Upload SSL/TLS keystore - name: Upload SSL/TLS keystore
copy: copy:
src: "{{ es_ssl_keystore }}" src: "{{ es_ssl_keystore }}"
dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_keystore | basename }}" dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_keystore | basename }}"
owner: "{{ es_user }}"
group: "{{ es_group }}"
mode: 0640
when: es_ssl_keystore and es_ssl_truststore when: es_ssl_keystore and es_ssl_truststore
notify: restart elasticsearch notify: restart elasticsearch
register: copy_keystore register: copy_keystore
@ -24,6 +30,9 @@
copy: copy:
src: "{{ es_ssl_truststore }}" src: "{{ es_ssl_truststore }}"
dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_truststore | basename }}" dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_truststore | basename }}"
owner: "{{ es_user }}"
group: "{{ es_group }}"
mode: 0640
when: es_ssl_keystore and es_ssl_truststore when: es_ssl_keystore and es_ssl_truststore
notify: restart elasticsearch notify: restart elasticsearch
register: copy_truststore register: copy_truststore
@ -32,6 +41,9 @@
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ es_ssl_certificate_path }}/{{ item | basename }}" dest: "{{ es_ssl_certificate_path }}/{{ item | basename }}"
owner: "{{ es_user }}"
group: "{{ es_group }}"
mode: 0640
with_items: with_items:
- "{{ es_ssl_key }}" - "{{ es_ssl_key }}"
- "{{ es_ssl_certificate }}" - "{{ es_ssl_certificate }}"
@ -44,6 +56,9 @@
copy: copy:
src: "{{ es_ssl_certificate_authority }}" src: "{{ es_ssl_certificate_authority }}"
dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_certificate_authority | basename }}" dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_certificate_authority | basename }}"
owner: "{{ es_user }}"
group: "{{ es_group }}"
mode: 0640
#Restart if this changes #Restart if this changes
notify: restart elasticsearch notify: restart elasticsearch
when: es_ssl_certificate_authority | bool when: es_ssl_certificate_authority | bool