diff --git a/README.md b/README.md index 57819a6..ed04414 100644 --- a/README.md +++ b/README.md @@ -300,6 +300,14 @@ X-Pack configuration parameters can be added to the elasticsearch.yml file using For a full example see [here](https://github.com/elastic/ansible-elasticsearch/blob/master/test/integration/xpack.yml) +####Important Note for Native Realm Configuration + +In order for native users and roles to be configured, the role calls the Elasticsearch API. Given security is installed this requires definition of two parameters: + +* ```es_api_basic_auth_username``` - admin username +* ```es_api_basic_auth_password``` - admin password + +These can either be set to a user declared in the file based realm, with admin permissions, or the default "elastic" superuser (default password is changeme). ### Additional Configuration diff --git a/handlers/security/elasticsearch-security-native.yml b/handlers/security/elasticsearch-security-native.yml index 53df16e..df0546d 100644 --- a/handlers/security/elasticsearch-security-native.yml +++ b/handlers/security/elasticsearch-security-native.yml @@ -28,12 +28,11 @@ register: user_list_response when: manage_native_users - -- set_fact: current_users={{user_list_response.json.keys() | list}} +#Current users not inc. the elastic user which is reserved and cannot be deleted +- set_fact: current_users={{user_list_response.json.keys() | list | difference(['elastic'] )}} when: manage_native_users #Identify non declared users - - set_fact: users_to_remove={{ current_users | difference ( es_users.native.keys() ) }} when: manage_native_users diff --git a/test/integration/xpack.yml b/test/integration/xpack.yml index 3582664..3826ad9 100644 --- a/test/integration/xpack.yml +++ b/test/integration/xpack.yml @@ -14,8 +14,8 @@ es_xpack_features: - security - alerting - es_api_basic_auth_username: es_admin - es_api_basic_auth_password: changeMe + es_api_basic_auth_username: elastic + es_api_basic_auth_password: changeme es_message_auth_file: system_key es_role_mapping: power_user: