Don't use the 'x-pack' subdir now that x-pack is part of core

2018-06-14 16:33:40 +02:00 · 2018-06-14 16:33:40 +02:00 · 77d47e3235
commit 77d47e3235
parent d8cf1d1f66
5 changed files with 32 additions and 19 deletions
--- a/tasks/compatibility-variables.yml
+++ b/tasks/compatibility-variables.yml
@ -10,6 +10,8 @@
  set_fact:
    es_open_xpack: true
    es_install_xpack: false
+    es_users_path: "users"
+    es_xpack_conf_subdir: ""
    es_repo_name: "{{ es_major_version }}"
    es_xpack_users_command: "elasticsearch-users"

@ -22,6 +24,7 @@
  set_fact:
    es_install_xpack: true
    es_xpack_users_command: "x-pack/users"
+    es_xpack_conf_subdir: "/x-pack"
  when: 
    - not es_open_xpack
    - es_enable_xpack
--- a/tasks/xpack/security/elasticsearch-security-file.yml
+++ b/tasks/xpack/security/elasticsearch-security-file.yml
@ -2,10 +2,19 @@
 - name: set fact manage_file_users
  set_fact: manage_file_users=es_users is defined and es_users.file is defined and es_users.file.keys() | length > 0

+- name: Create the users file if it doesn't exist
+  copy:
+    content: ""
+    dest: "{{ conf_dir }}{{ es_xpack_conf_subdir }}/users"
+    force: no # this ensures it only creates it if it does not exist
+    group: "{{ es_group }}"
+    owner: "{{ es_user }}"
+    mode: 0555
+
 #List current users
 - name: List Users
  become: yes
-  shell: cat {{conf_dir}}/x-pack/users | awk -F':' '{print $1}'
+  shell: cat {{conf_dir}}{{es_xpack_conf_subdir}}/users | awk -F':' '{print $1}'
  register: current_file_users
  when: manage_file_users
  changed_when: False
@ -65,16 +74,16 @@
 #Copy Roles files
 - name: Copy roles.yml File for Instance
  become: yes
-  template: src=security/roles.yml.j2 dest={{conf_dir}}/x-pack/roles.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
+  template: src=security/roles.yml.j2 dest={{conf_dir}}{{es_xpack_conf_subdir}}/roles.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
  when: es_roles is defined and es_roles.file is defined

 #Overwrite users_roles file
 - name: Copy User Roles
  become: yes
-  template: src=security/users_roles.j2 dest={{conf_dir}}/x-pack/users_roles mode=0644 force=yes
+  template: src=security/users_roles.j2 dest={{conf_dir}}{{es_xpack_conf_subdir}}/users_roles mode=0644 force=yes
  when: manage_file_users and users_roles | length > 0

 #Set permission on security directory. E.g. if 2 nodes are installed on the same machine, the second node will not get the users file created at install, causing the files being created at es_users call and then having the wrong Permissions.
 - name: Set Security Directory Permissions Recursive
  become: yes
-  file: state=directory path={{conf_dir}}/x-pack/ owner={{ es_user }} group={{ es_group }} recurse=yes
+  file: state=directory path={{conf_dir}}{{es_xpack_conf_subdir}}/ owner={{ es_user }} group={{ es_group }} recurse=yes
--- a/tasks/xpack/security/elasticsearch-security.yml
+++ b/tasks/xpack/security/elasticsearch-security.yml
@ -5,7 +5,7 @@

 #Ensure x-pack conf directory is created if necessary
 - name: Ensure x-pack conf directory exists (file)
-  file: path={{ conf_dir }}/x-pack state=directory owner={{ es_user }} group={{ es_group }}
+  file: path={{ conf_dir }}{{ es_xpack_conf_subdir }} state=directory owner={{ es_user }} group={{ es_group }}
  changed_when: False
  when:
    - es_enable_xpack and "security" in es_xpack_features
@ -51,14 +51,14 @@
 #Copy Roles files
 - name: Copy role_mapping.yml File for Instance
  become: yes
-  template: src=security/role_mapping.yml.j2 dest={{conf_dir}}/x-pack/role_mapping.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
+  template: src=security/role_mapping.yml.j2 dest={{conf_dir}}{{es_xpack_conf_subdir}}/role_mapping.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
  when: es_role_mapping is defined

 #-----------------------------AUTH FILE----------------------------------------

 - name: Copy message auth key to elasticsearch
  become: yes
-  copy: src={{ es_message_auth_file }} dest={{conf_dir}}/x-pack/system_key owner={{ es_user }} group={{ es_group }} mode=0600 force=yes
+  copy: src={{ es_message_auth_file }} dest={{conf_dir}}{{es_xpack_conf_subdir}}/system_key owner={{ es_user }} group={{ es_group }} mode=0600 force=yes
  when: es_message_auth_file is defined

 #------------------------------------------------------------------------------------
--- a/test/integration/helpers/serverspec/xpack_spec.rb
+++ b/test/integration/helpers/serverspec/xpack_spec.rb
@ -146,20 +146,20 @@ shared_examples 'xpack::init' do |vars|
  end

  #Test users file, users_roles and roles.yml
-  describe file('/etc/elasticsearch/security_node/x-pack/users_roles') do
+  describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/gcusers_roles') do
    it { should be_owned_by 'elasticsearch' }
    it { should contain 'admin:es_admin' }
    it { should contain 'power_user:testUser' }
  end

-  describe file('/etc/elasticsearch/security_node/x-pack/users') do
+  describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/gcusers') do
    it { should be_owned_by 'elasticsearch' }
    it { should contain 'testUser:' }
    it { should contain 'es_admin:' }
  end


-  describe file('/etc/elasticsearch/security_node/x-pack/roles.yml') do
+  describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/gcroles.yml') do
    it { should be_owned_by 'elasticsearch' }
    #Test contents as expected
    its(:md5sum) { should eq '7800182547287abd480c8b095bf26e9e' }
@ -210,7 +210,7 @@ shared_examples 'xpack::init' do |vars|
  end

  #Test contents of role_mapping.yml
-  describe file('/etc/elasticsearch/security_node/x-pack/role_mapping.yml') do
+  describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/gcrole_mapping.yml') do
    it { should be_owned_by 'elasticsearch' }
    it { should contain 'power_user:' }
    it { should contain '- cn=admins,dc=example,dc=com' }
@ -219,7 +219,7 @@ shared_examples 'xpack::init' do |vars|
  end


-  describe file('/etc/elasticsearch/security_node/x-pack/system_key') do
+  describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/gcsystem_key') do
    it { should be_owned_by 'elasticsearch' }
    it { should be_writable.by('owner') }
    it { should be_writable.by_user('elasticsearch') }
--- a/test/integration/helpers/serverspec/xpack_standard_spec.rb
+++ b/test/integration/helpers/serverspec/xpack_standard_spec.rb
@ -124,14 +124,15 @@ shared_examples 'xpack_standard::init' do |vars|
      it { should be_owned_by 'elasticsearch' }
    end

-    #Test users file, users_roles and roles.yml
-    describe file('/etc/elasticsearch/security_node/x-pack/users_roles') do
-      it { should be_owned_by 'elasticsearch' }
-    end
+  end

-    describe file('/etc/elasticsearch/security_node/x-pack/users') do
-      it { should be_owned_by 'elasticsearch' }
-    end
+  #Test users file, users_roles and roles.yml
+  describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/gcusers_roles') do
+    it { should be_owned_by 'elasticsearch' }
+  end
+
+  describe file('/etc/elasticsearch/security_node' + vars['es_xpack_conf_subdir'] + '/gcusers') do
+    it { should be_owned_by 'elasticsearch' }
  end

  describe command('curl -s localhost:9200/_nodes/plugins?pretty=true -u es_admin:changeMeAgain | grep x-pack') do