santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move fil realm reserved user check earlier, Move template and license after naitve realm

Browse source
This commit is contained in:
Dale McDiarmid 2017-09-20 22:58:17 +01:00
parent e9a6f74d09
commit 7ab416c782
6 changed files with 24 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

24
tasks/xpack/security/elasticsearch-security-file.yml
View file

@ -16,41 +16,31 @@
command: >
{{es_home}}/bin/x-pack/users userdel {{item}}
with_items: "{{users_to_remove | default([])}}"
when: manage_file_users and (users_to_remove | length > 0)
when: manage_file_users
environment:
CONF_DIR: "{{ conf_dir }}"
ES_HOME: "{{es_home}}"
- set_fact: users_to_add={{ es_users.file.keys() | difference (current_file_users.stdout_lines) | difference (reserved_xpack_users) | default([]) }}
- set_fact: users_to_add={{ es_users.file.keys() | difference (current_file_users.stdout_lines) }}
when: manage_file_users
- set_fact: users_to_ignore={{ es_users.file.keys() | difference (current_file_users.stdout_lines) | intersect (reserved_xpack_users) }}
when: manage_file_users
- debug:
msg: "WARNING: YOU CANNOT CHANGE RESERVED USERS THROUGH THE FILE REALM. THE FOLLOWING WILL BE IGNORED: {{users_to_ignore}}"
when: manage_file_users and users_to_ignore | length > 0
#Add users
- name: Add Users
command: >
{{es_home}}/bin/x-pack/users useradd {{item}} -p {{es_users.file[item].password}}
with_items: "{{ users_to_add }}"
when: manage_file_users and users_to_add | length > 0
with_items: "{{ users_to_add | default([]) }}"
when: manage_file_users
no_log: True
environment:
CONF_DIR: "{{ conf_dir }}"
ES_HOME: "{{es_home}}"
- set_fact: users_to_modify={{ es_users.file.keys() | difference (reserved_xpack_users) | default([]) }}
when: manage_file_users
#Set passwords for all users declared - Required as the useradd will not change existing user passwords
- name: Set User Passwords
command: >
{{es_home}}/bin/x-pack/users passwd {{ item }} -p {{es_users.file[item].password}}
with_items: "{{ users_to_modify }}"
when: manage_file_users and users_to_modify | length > 0
with_items: "{{ es_users.file.keys() | default([]) }}"
when: manage_file_users
#Currently no easy way to figure out if the password has changed or to know what it currently is so we can skip.
changed_when: False
no_log: True
@ -58,7 +48,7 @@
CONF_DIR: "{{ conf_dir }}"
ES_HOME: "{{es_home}}"
- set_fact: users_roles={{es_users.file | extract_role_users (reserved_xpack_users) }}
- set_fact: users_roles={{es_users.file | extract_role_users () }}
when: manage_file_users
#Copy Roles files