Merge branch 'master' into become-yes

2017-09-19 14:22:02 -06:00 · 2017-09-19 14:22:02 -06:00 · 891d87c019
commit 891d87c019
parent 4731553438 d7a30bcd3b
52 changed files with 624 additions and 195 deletions
--- a/tasks/xpack/elasticsearch-xpack-install.yml
+++ b/tasks/xpack/elasticsearch-xpack-install.yml
@ -28,15 +28,36 @@


 #Install plugin if not installed, or the es version has changed (so removed above), and its been requested
- name: Install x-pack plugin
+- name: Download x-pack from url
+  get_url: url={{ es_xpack_custom_url }} dest=/tmp/x-pack-{{ es_version }}.zip
+  when: (x_pack_installed.rc == 1 or es_version_changed) and (es_enable_xpack and es_xpack_custom_url is defined)
+
+- name: Install x-pack plugin from local
  become: yes
  command: >
-    {{es_home}}/bin/elasticsearch-plugin install --silent --batch x-pack {% if es_proxy_host is defined and es_proxy_host != '' %} -Dhttp.proxyHost={{ es_proxy_host }} -Dhttp.proxyPort={{ es_proxy_port }} {% endif %}
+    {{es_home}}/bin/elasticsearch-plugin install --silent --batch file:///tmp/x-pack-{{ es_version }}.zip
  register: xpack_state
-  failed_when: "'ERROR' in xpack_state.stdout"
  changed_when: xpack_state.rc == 0
-  when: (x_pack_installed.rc == 1 or es_version_changed) and es_enable_xpack
+  when: (x_pack_installed.rc == 1 or es_version_changed) and (es_enable_xpack and es_xpack_custom_url is defined)
  notify: restart elasticsearch
  environment:
    CONF_DIR: "{{ conf_dir }}"
    ES_INCLUDE: "{{ instance_default_file }}"
+
+- name: Delete x-pack zip file
+  file: dest=/tmp/x-pack-{{ es_version }}.zip state=absent
+  when: es_xpack_custom_url is defined
+
+- name: Install x-pack plugin from elastic.co
+  become: yes
+  command: >
+    {{es_home}}/bin/elasticsearch-plugin install --silent --batch x-pack
+  register: xpack_state
+  failed_when: "'ERROR' in xpack_state.stdout"
+  changed_when: xpack_state.rc == 0
+  when: (x_pack_installed.rc == 1 or es_version_changed) and (es_enable_xpack and es_xpack_custom_url is not defined)
+  notify: restart elasticsearch
+  environment:
+    CONF_DIR: "{{ conf_dir }}"
+    ES_INCLUDE: "{{ instance_default_file }}"
+    ES_JAVA_OPTS: "{% if es_proxy_host is defined and es_proxy_host != '' %}-Dhttp.proxyHost={{ es_proxy_host }} -Dhttp.proxyPort={{ es_proxy_port }} -Dhttps.proxyHost={{ es_proxy_host }} -Dhttps.proxyPort={{ es_proxy_port }}{% endif %}"
--- a/tasks/xpack/security/elasticsearch-security-file.yml
+++ b/tasks/xpack/security/elasticsearch-security-file.yml
@ -1,13 +1,6 @@
 ---
 - set_fact: manage_file_users=es_users is defined and es_users.file is defined

-#Ensure x-pack conf directory is created
- name: Ensure x-pack conf directory exists (file)
-  become: yes
-  file: path={{ conf_dir }}/x-pack state=directory owner={{ es_user }} group={{ es_group }}
-  changed_when: False
-  when: es_enable_xpack and '"security" in es_xpack_features'
-
 #List current users
 - name: List Users
  become: yes
--- a/tasks/xpack/security/elasticsearch-security-native.yml
+++ b/tasks/xpack/security/elasticsearch-security-native.yml
@ -81,12 +81,13 @@

 - set_fact: current_roles={{ role_list_response.json | filter_reserved }}
  when: manage_native_roles
+
 - debug: msg="{{current_roles}}"
+  when: manage_native_roles

 - set_fact: roles_to_remove={{ current_roles | difference ( es_roles.native.keys()  ) }}
  when: manage_native_roles

-
 #Delete all non required roles
 - name: Delete Native Roles
  uri:
--- a/tasks/xpack/security/elasticsearch-security.yml
+++ b/tasks/xpack/security/elasticsearch-security.yml
@ -3,10 +3,18 @@

 #TODO: 1. Skip users with no password defined or error 2. Passwords | length > 6

+#Ensure x-pack conf directory is created if necessary
+- name: Ensure x-pack conf directory exists (file)
+  file: path={{ conf_dir }}/x-pack state=directory owner={{ es_user }} group={{ es_group }}
+  changed_when: False
+  when:
+    - es_enable_xpack and '"security" in es_xpack_features'
+    - (es_users is defined and es_users.file is defined) or (es_roles is defined and es_roles.file is defined) or (es_role_mapping is defined)
+
 #-----------------------------FILE BASED REALM----------------------------------------

 - include: elasticsearch-security-file.yml
-  when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.file) or (es_roles is defined and es_roles.file is defined))
+  when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.file is defined) or (es_roles is defined and es_roles.file is defined))

 #-----------------------------ROLE MAPPING ----------------------------------------

--- a/tasks/xpack/security/elasticsearch-xpack-activation.yml
+++ b/tasks/xpack/security/elasticsearch-xpack-activation.yml
@ -3,7 +3,7 @@
 - name: Activate ES license (without security authentication)
  uri:
    method: PUT
-    url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true"
+    url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true"
    body_format: json
    body: "{{ es_xpack_license }}"
    return_content: yes
@ -18,7 +18,7 @@
 - name: Activate ES license (with security authentication)
  uri:
    method: PUT
-    url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true"
+    url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true"
    user: "{{es_api_basic_auth_username}}"
    password: "{{es_api_basic_auth_password}}"
    body_format: json
@ -34,4 +34,4 @@
    license_activated.json.license_status != 'valid'

 - debug:
-    msg: "License: {{ license_activated.content }}"
+    msg: "License: {{ license_activated }}"