Merge branch 'master' into become-yes

2017-09-19 14:22:02 -06:00 · 2017-09-19 14:22:02 -06:00 · 891d87c019
commit 891d87c019
parent 4731553438 d7a30bcd3b
52 changed files with 624 additions and 195 deletions
--- a/tasks/xpack/security/elasticsearch-security-file.yml
+++ b/tasks/xpack/security/elasticsearch-security-file.yml
@ -1,13 +1,6 @@
 ---
 - set_fact: manage_file_users=es_users is defined and es_users.file is defined

-#Ensure x-pack conf directory is created
- name: Ensure x-pack conf directory exists (file)
-  become: yes
-  file: path={{ conf_dir }}/x-pack state=directory owner={{ es_user }} group={{ es_group }}
-  changed_when: False
-  when: es_enable_xpack and '"security" in es_xpack_features'
-
 #List current users
 - name: List Users
  become: yes
--- a/tasks/xpack/security/elasticsearch-security-native.yml
+++ b/tasks/xpack/security/elasticsearch-security-native.yml
@ -81,12 +81,13 @@

 - set_fact: current_roles={{ role_list_response.json | filter_reserved }}
  when: manage_native_roles
+
 - debug: msg="{{current_roles}}"
+  when: manage_native_roles

 - set_fact: roles_to_remove={{ current_roles | difference ( es_roles.native.keys()  ) }}
  when: manage_native_roles

-
 #Delete all non required roles
 - name: Delete Native Roles
  uri:
--- a/tasks/xpack/security/elasticsearch-security.yml
+++ b/tasks/xpack/security/elasticsearch-security.yml
@ -3,10 +3,18 @@

 #TODO: 1. Skip users with no password defined or error 2. Passwords | length > 6

+#Ensure x-pack conf directory is created if necessary
+- name: Ensure x-pack conf directory exists (file)
+  file: path={{ conf_dir }}/x-pack state=directory owner={{ es_user }} group={{ es_group }}
+  changed_when: False
+  when:
+    - es_enable_xpack and '"security" in es_xpack_features'
+    - (es_users is defined and es_users.file is defined) or (es_roles is defined and es_roles.file is defined) or (es_role_mapping is defined)
+
 #-----------------------------FILE BASED REALM----------------------------------------

 - include: elasticsearch-security-file.yml
-  when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.file) or (es_roles is defined and es_roles.file is defined))
+  when: (es_enable_xpack and '"security" in es_xpack_features') and ((es_users is defined and es_users.file is defined) or (es_roles is defined and es_roles.file is defined))

 #-----------------------------ROLE MAPPING ----------------------------------------

--- a/tasks/xpack/security/elasticsearch-xpack-activation.yml
+++ b/tasks/xpack/security/elasticsearch-xpack-activation.yml
@ -3,7 +3,7 @@
 - name: Activate ES license (without security authentication)
  uri:
    method: PUT
-    url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true"
+    url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true"
    body_format: json
    body: "{{ es_xpack_license }}"
    return_content: yes
@ -18,7 +18,7 @@
 - name: Activate ES license (with security authentication)
  uri:
    method: PUT
-    url: "http://{{es_api_host}}:{{es_api_port}}/_license?acknowledge=true"
+    url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true"
    user: "{{es_api_basic_auth_username}}"
    password: "{{es_api_basic_auth_password}}"
    body_format: json
@ -34,4 +34,4 @@
    license_activated.json.license_status != 'valid'

 - debug:
-    msg: "License: {{ license_activated.content }}"
+    msg: "License: {{ license_activated }}"