Merge pull request #309 from orcasgit/become-yes

use become: yes when root is needed

handlers/main.yml

@@ -1,10 +1,12 @@
 
 - name: reload systemd configuration
+  become: yes
   command: systemctl daemon-reload
 
 # Restart service and ensure it is enabled
 
 - name: restart elasticsearch
+  become: yes
   service: name={{instance_init_script | basename}} state=restarted enabled=yes
   when:
     - es_restart_on_change

tasks/elasticsearch-Debian-version-lock.yml

@@ -1,5 +1,6 @@
 ---
 - name: Debian - hold elasticsearch version
+  become: yes
   command: apt-mark hold elasticsearch
   register: hold_elasticsearch_result
   changed_when: "hold_elasticsearch_result.stdout != 'elasticsearch was already set on hold.'"

tasks/elasticsearch-Debian.yml

@@ -6,14 +6,17 @@
   when: es_allow_downgrades
 
 - name: Debian - Install apt-transport-https to support https APT downloads
+  become: yes
   apt: name=apt-transport-https state=present
   when: es_use_repository
 
 - name: Debian - Add Elasticsearch repository key
+  become: yes
   apt_key: url="{{ es_apt_key }}" state=present
   when: es_use_repository and es_apt_key
 
 - name: Debian - Add elasticsearch repository
+  become: yes
   apt_repository: repo={{ item.repo }} state={{ item.state}}
   with_items:
     - { repo: "{{ es_apt_url_old }}", state: "absent" }
@@ -25,6 +28,7 @@
   when: es_version_lock
 
 - name: Debian - Ensure elasticsearch is installed
+  become: yes
   apt: name=elasticsearch{% if es_version is defined and es_version != "" %}={{ es_version }}{% endif %} state=present force={{force_install}} allow_unauthenticated={{ 'no' if es_apt_key else 'yes' }} cache_valid_time=86400
   when: es_use_repository
   register: debian_elasticsearch_install_from_repo
@@ -35,6 +39,7 @@
   when: not es_use_repository
 
 - name: Debian - Ensure elasticsearch is installed from downloaded package
+  become: yes
   apt: deb=/tmp/elasticsearch-{{ es_version }}.deb
   when: not es_use_repository
   register: elasticsearch_install_from_package

tasks/elasticsearch-RedHat-version-lock.yml

@@ -1,6 +1,7 @@
 ---
 - name: RedHat - install yum-version-lock
+  become: yes
   yum: name=yum-plugin-versionlock state=present update_cache=yes
 - name: RedHat - lock elasticsearch version
+  become: yes
   shell: yum versionlock delete 0:elasticsearch* ; yum versionlock add elasticsearch{% if es_version is defined and es_version != "" %}-{{ es_version }}{% endif %}
-

tasks/elasticsearch-RedHat.yml

@@ -1,9 +1,11 @@
 ---
 - name: Ensure libselinux-python on CentOS 6.x
+  become: yes
   yum: name=libselinux-python state=present update_cache=yes
   when: ( ansible_distribution == "CentOS" ) and ( ansible_distribution_major_version == "6" )
 
 - name: RedHat - add Elasticsearch repo
+  become: yes
   template: src=elasticsearch.repo dest=/etc/yum.repos.d/elasticsearch-{{ es_major_version }}.repo
   when: es_use_repository
 
@@ -12,6 +14,7 @@
   when: es_version_lock
 
 - name: RedHat - Install Elasticsearch
+  become: yes
   yum: name=elasticsearch{% if es_version is defined and es_version != ""  %}-{{ es_version }}{% endif %} state=present update_cache=yes
   when: es_use_repository
   register: redhat_elasticsearch_install_from_repo
@@ -21,6 +24,7 @@
   delay: 10
 
 - name: RedHat - Install Elasticsearch from url
+  become: yes
   yum: name={% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_package_url }}-{{ es_version }}.noarch.rpm{% endif %} state=present
   when: not es_use_repository
   register: elasticsearch_install_from_package

tasks/elasticsearch-config.yml

@@ -3,6 +3,7 @@
 
 #Create required directories
 - name: Create Directories
+  become: yes
   file: path={{ item }} state=directory owner={{ es_user }} group={{ es_group }}
   with_items:
     - "{{pid_dir}}"
@@ -10,6 +11,7 @@
     - "{{conf_dir}}"
 
 - name: Create Data Directories
+  become: yes
   file: path={{ item }} state=directory owner={{ es_user }} group={{ es_group }}
   with_items:
     - "{{data_dirs}}"
@@ -17,29 +19,34 @@
 
 #Copy the config template
 - name: Copy Configuration File
+  become: yes
   template: src=elasticsearch.yml.j2 dest={{conf_dir}}/elasticsearch.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
   register: system_change
   notify: restart elasticsearch
 
 #Copy the instance specific default file
 - name: Copy Default File for Instance
+  become: yes
   template: src=elasticsearch.j2 dest={{instance_default_file}} mode=0644 force=yes
   notify: restart elasticsearch
 
 #Copy the instance specific init file
 - name: Copy Debian Init File for Instance
+  become: yes
   template: src=init/debian/elasticsearch.j2 dest={{instance_init_script}} mode=0755 force=yes
   when: ansible_os_family == 'Debian' and not use_system_d
   notify: restart elasticsearch
 
 #Copy the instance specific init file
 - name: Copy Redhat Init File for Instance
+  become: yes
   template: src=init/redhat/elasticsearch.j2 dest={{instance_init_script}} mode=0755 force=yes
   when: ansible_os_family == 'RedHat' and not use_system_d
   notify: restart elasticsearch
 
 #Copy the systemd specific file if systemd is installed
 - name: Copy Systemd File for Instance
+  become: yes
   template: src=systemd/elasticsearch.j2 dest={{instance_sysd_script}} mode=0644 force=yes
   when: use_system_d
   notify:
@@ -48,37 +55,47 @@
 
 #Copy the logging.yml
 - name: Copy log4j2.properties File for Instance
+  become: yes
   template: src={{es_config_log4j2}} dest={{conf_dir}}/log4j2.properties owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
   notify: restart elasticsearch
 
 - name: Copy jvm.options File for Instance
+  become: yes
   template: src=jvm.options.j2 dest={{conf_dir}}/jvm.options owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
   notify: restart elasticsearch
 
 #Clean up un-wanted package scripts to avoid confusion
 
 - name: Delete Default Init
+  become: yes
   file: dest=/etc/init.d/elasticsearch state=absent
 
 - name: Delete Default Environment File
+  become: yes
   file: dest=/etc/default/elasticsearch state=absent
   when: ansible_os_family == 'Debian'
 
 - name: Delete Default Environment File
+  become: yes
   file: dest=/etc/sysconfig/elasticsearch state=absent
   when: ansible_os_family == 'RedHat'
 
 - name: Delete Default Sysconfig File
+  become: yes
   file: dest="{{ sysd_script }}" state=absent
 
 - name: Delete Default Configuration File
+  become: yes
   file: dest=/etc/elasticsearch/elasticsearch.yml state=absent
 
 - name: Delete Default Logging File
+  become: yes
   file: dest=/etc/elasticsearch/logging.yml state=absent
 
 - name: Delete Default Logging File
+  become: yes
   file: dest=/etc/elasticsearch/log4j2.properties state=absent
 
 - name: Delete Default JVM Options File
+  become: yes
   file: dest=/etc/elasticsearch/jvm.options state=absent

tasks/elasticsearch-optional-user.yml

@@ -1,6 +1,7 @@
 ---
 #Add the elasticsearch user before installing from packages.
 - name: Ensure optional elasticsearch group is created with the correct id.
+  become: yes
   #Restart if these change
   notify: restart elasticsearch
   group:
@@ -10,6 +11,7 @@
     gid: "{{ es_group_id }}"
 
 - name: Ensure optional elasticsearch user is created with the correct id.
+  become: yes
   #Restart if these change
   notify: restart elasticsearch
   user:

tasks/elasticsearch-plugins.yml

@@ -12,6 +12,7 @@
 
 #List currently installed plugins. We have to list the directories as the list commmand fails if the ES version is different than the plugin version.
 - name: Check installed elasticsearch plugins
+  become: yes
   shell: "ls {{es_home}}/plugins {{list_command}}"
   register: installed_plugins
   changed_when: False
@@ -38,6 +39,7 @@
 
 # This removes any currently installed plugins (to prevent errors when reinstalling)
 - name: Remove elasticsearch plugins
+  become: yes
   command: "{{es_home}}/bin/elasticsearch-plugin remove {{item}} --silent"
   ignore_errors: yes
   with_items: "{{ plugins_to_remove | default([]) }}"
@@ -48,6 +50,7 @@
     ES_INCLUDE: "{{ instance_default_file }}"
 
 - name: Install elasticsearch plugins
+  become: yes
   command: "{{es_home}}/bin/elasticsearch-plugin install {{ item.plugin }} --batch --silent"
   register: plugin_installed
   failed_when: "'ERROR' in plugin_installed.stdout"
@@ -65,4 +68,5 @@
 
 #Set permissions on plugins directory
 - name: Set Plugin Directory Permissions
+  become: yes
   file: state=directory path={{ es_home }}/plugins owner={{ es_user }} group={{ es_group }} recurse=yes

tasks/elasticsearch-scripts.yml

@@ -10,12 +10,15 @@
       - always
 
 - name: Create script dir
+  become: yes
   file: state=directory path={{ es_script_dir }} owner={{ es_user }} group={{ es_group }} recurse=yes
 
 - name: Copy default scripts to elasticsearch
+  become: yes
   copy: src=scripts dest={{ es_script_dir }} owner={{ es_user }} group={{ es_group }}
   when: es_scripts_fileglob is not defined
 
 - name: Copy scripts to elasticsearch
+  become: yes
   copy: src={{ item }} dest={{ es_script_dir }} owner={{ es_user }} group={{ es_group }}
   with_fileglob: "{{ es_scripts_fileglob | default('') }}"

tasks/java.yml

@@ -6,15 +6,18 @@
   when: update_java == true
 
 - name: RedHat - Ensure Java is installed
+  become: yes
   yum: name={{ java }} state={{java_state}}
   when: ansible_os_family == 'RedHat'
 
 - name: Refresh java repo
+  become: yes
   apt: update_cache=yes
   changed_when: false
   when: ansible_os_family == 'Debian'
 
 - name: Debian - Ensure Java is installed
+  become: yes
   apt: name={{ java }} state={{java_state}}
   when: ansible_os_family == 'Debian'
 
@@ -25,6 +28,7 @@
 
 #https://github.com/docker-library/openjdk/issues/19 - ensures tests pass due to java 8 broken certs
 - name: refresh the java ca-certificates
+  become: yes
   command: /var/lib/dpkg/info/ca-certificates-java.postinst configure
   when: ansible_distribution == 'Ubuntu' and open_jdk.rc == 0
   changed_when: false

tasks/xpack/elasticsearch-xpack-install.yml

@@ -2,6 +2,7 @@
 
 #Test if feature is installed
 - shell: "{{es_home}}/bin/elasticsearch-plugin list | grep x-pack"
+  become: yes
   register: x_pack_installed
   changed_when: False
   failed_when: "'ERROR' in x_pack_installed.stdout"
@@ -14,6 +15,7 @@
 
 #Remove X-Pack if installed and its not been requested or the ES version has changed
 - name: Remove x-pack plugin
+  become: yes
   command: "{{es_home}}/bin/elasticsearch-plugin remove x-pack"
   register: xpack_state
   failed_when: "'ERROR' in xpack_state.stdout"
@@ -31,6 +33,7 @@
   when: (x_pack_installed.rc == 1 or es_version_changed) and (es_enable_xpack and es_xpack_custom_url is defined)
 
 - name: Install x-pack plugin from local
+  become: yes
   command: >
     {{es_home}}/bin/elasticsearch-plugin install --silent --batch file:///tmp/x-pack-{{ es_version }}.zip
   register: xpack_state
@@ -46,6 +49,7 @@
   when: es_xpack_custom_url is defined
 
 - name: Install x-pack plugin from elastic.co
+  become: yes
   command: >
     {{es_home}}/bin/elasticsearch-plugin install --silent --batch x-pack
   register: xpack_state

tasks/xpack/elasticsearch-xpack.yml

@@ -9,4 +9,5 @@
 
 #Add any feature specific configuration here
 - name: Set Plugin Directory Permissions
+  become: yes
   file: state=directory path={{ es_home }}/plugins owner={{ es_user }} group={{ es_group }} recurse=yes

tasks/xpack/security/elasticsearch-security-file.yml

@@ -3,6 +3,7 @@
 
 #List current users
 - name: List Users
+  become: yes
   shell: cat {{conf_dir}}/x-pack/users | awk -F':' '{print $1}'
   register: current_file_users
   when: manage_file_users
@@ -13,6 +14,7 @@
 
 #Remove users
 - name: Remove Users
+  become: yes
   command: >
     {{es_home}}/bin/x-pack/users userdel {{item}}
   with_items: "{{users_to_remove | default([])}}"
@@ -26,6 +28,7 @@
 
 #Add users
 - name: Add Users
+  become: yes
   command: >
     {{es_home}}/bin/x-pack/users useradd {{item}} -p {{es_users.file[item].password}}
   with_items: "{{ users_to_add | default([]) }}"
@@ -37,6 +40,7 @@
 
 #Set passwords for all users declared - Required as the useradd will not change existing user passwords
 - name: Set User Passwords
+  become: yes
   command: >
     {{es_home}}/bin/x-pack/users passwd {{ item }} -p {{es_users.file[item].password}}
   with_items: "{{ es_users.file.keys() | default([]) }}"
@@ -53,14 +57,17 @@
 
 #Copy Roles files
 - name: Copy roles.yml File for Instance
+  become: yes
   template: src=security/roles.yml.j2 dest={{conf_dir}}/x-pack/roles.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
   when: es_roles is defined and es_roles.file is defined
 
 #Overwrite users_roles file
 - name: Copy User Roles
+  become: yes
   template: src=security/users_roles.j2 dest={{conf_dir}}/x-pack/users_roles mode=0644 force=yes
   when: manage_file_users and users_roles | length > 0
 
 #Set permission on security directory. E.g. if 2 nodes are installed on the same machine, the second node will not get the users file created at install, causing the files being created at es_users call and then having the wrong Permissions.
 - name: Set Security Directory Permissions Recursive
+  become: yes
   file: state=directory path={{conf_dir}}/x-pack/ owner={{ es_user }} group={{ es_group }} recurse=yes

tasks/xpack/security/elasticsearch-security.yml

@@ -20,12 +20,14 @@
 
 #Copy Roles files
 - name: Copy role_mapping.yml File for Instance
+  become: yes
   template: src=security/role_mapping.yml.j2 dest={{conf_dir}}/x-pack/role_mapping.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
   when: es_role_mapping is defined
 
 #-----------------------------AUTH FILE----------------------------------------
 
 - name: Copy message auth key to elasticsearch
+  become: yes
   copy: src={{ es_message_auth_file }} dest={{conf_dir}}/x-pack/system_key owner={{ es_user }} group={{ es_group }} mode=0600 force=yes
   when: es_message_auth_file is defined
 
@@ -33,6 +35,7 @@
 
 #Ensure security conf directory is created
 - name: Ensure security conf directory exists
+  become: yes
   file: path={{ conf_dir }}/security state=directory owner={{ es_user }} group={{ es_group }}
   changed_when: False
   when: es_enable_xpack and '"security" in es_xpack_features'