Adding 6.x support with Bootstrap user addition

2018-01-08 16:59:44 -08:00 · 2018-01-08 16:59:44 -08:00 · 9115bb4dff
commit 9115bb4dff
parent db1079ee4d
13 changed files with 119 additions and 8 deletions
--- a/tasks/elasticsearch-plugins.yml
+++ b/tasks/elasticsearch-plugins.yml
@ -19,6 +19,7 @@
  ignore_errors: yes
  environment:
    CONF_DIR: "{{ conf_dir }}"
+    ES_PATH_CONF: "{{ conf_dir }}"
    ES_INCLUDE: "{{ instance_default_file }}"

 #if es_plugins_reinstall is set to true we remove ALL plugins
@ -47,6 +48,7 @@
  register: plugin_removed
  environment:
    CONF_DIR: "{{ conf_dir }}"
+    ES_PATH_CONF: "{{ conf_dir }}"
    ES_INCLUDE: "{{ instance_default_file }}"

 - name: Install elasticsearch plugins
@ -60,6 +62,7 @@
  notify: restart elasticsearch
  environment:
    CONF_DIR: "{{ conf_dir }}"
+    ES_PATH_CONF: "{{ conf_dir }}"
    ES_INCLUDE: "{{ instance_default_file }}"
    ES_JAVA_OPTS: "{% if item.proxy_host is defined and item.proxy_host != '' and item.proxy_port is defined and item.proxy_port != ''%} -Dhttp.proxyHost={{ item.proxy_host }} -Dhttp.proxyPort={{ item.proxy_port }} -Dhttps.proxyHost={{ item.proxy_host }} -Dhttps.proxyPort={{ item.proxy_port }}  {% elif es_proxy_host is defined and es_proxy_host != '' %} -Dhttp.proxyHost={{ es_proxy_host }} -Dhttp.proxyPort={{ es_proxy_port }} -Dhttps.proxyHost={{ es_proxy_host }} -Dhttps.proxyPort={{ es_proxy_port }} {% endif %}"
  until: plugin_installed.rc == 0
--- a/tasks/java.yml
+++ b/tasks/java.yml
@ -10,6 +10,12 @@
  yum: name={{ java }} state={{java_state}}
  when: ansible_os_family == 'RedHat'

+- name: correct java version selected
+  alternatives:
+    name: java
+    path: /usr/bin/java8
+    link: /usr/bin/java
+
 - name: Refresh java repo
  become: yes
  apt: update_cache=yes
--- a/tasks/xpack/elasticsearch-xpack-install.yml
+++ b/tasks/xpack/elasticsearch-xpack-install.yml
@ -10,6 +10,7 @@
  ignore_errors: yes
  environment:
    CONF_DIR: "{{ conf_dir }}"
+    ES_PATH_CONF: "{{ conf_dir }}"
    ES_INCLUDE: "{{ instance_default_file }}"


@ -24,6 +25,7 @@
  notify: restart elasticsearch
  environment:
    CONF_DIR: "{{ conf_dir }}"
+    ES_PATH_CONF: "{{ conf_dir }}"
    ES_INCLUDE: "{{ instance_default_file }}"


@ -42,6 +44,7 @@
  notify: restart elasticsearch
  environment:
    CONF_DIR: "{{ conf_dir }}"
+    ES_PATH_CONF: "{{ conf_dir }}"
    ES_INCLUDE: "{{ instance_default_file }}"

 - name: Delete x-pack zip file
@ -59,5 +62,6 @@
  notify: restart elasticsearch
  environment:
    CONF_DIR: "{{ conf_dir }}"
+    ES_PATH_CONF: "{{ conf_dir }}"
    ES_INCLUDE: "{{ instance_default_file }}"
    ES_JAVA_OPTS: "{% if es_proxy_host is defined and es_proxy_host != '' %}-Dhttp.proxyHost={{ es_proxy_host }} -Dhttp.proxyPort={{ es_proxy_port }} -Dhttps.proxyHost={{ es_proxy_host }} -Dhttps.proxyPort={{ es_proxy_port }}{% endif %}"
--- a/tasks/xpack/elasticsearch-xpack.yml
+++ b/tasks/xpack/elasticsearch-xpack.yml
@ -11,3 +11,8 @@
 - name: Set Plugin Directory Permissions
  become: yes
  file: state=directory path={{ es_home }}/plugins owner={{ es_user }} group={{ es_group }} recurse=yes
+
+#Make sure elasticsearch.keystore has correct Permissions
+- name: Set elasticsearch.keystore Permissions
+  become: yes
+  file: state=file path={{ conf_dir }}/elasticsearch.keystore owner={{ es_user }} group={{ es_group }}
--- a/tasks/xpack/security/elasticsearch-security-file.yml
+++ b/tasks/xpack/security/elasticsearch-security-file.yml
@ -21,6 +21,7 @@
  when: manage_file_users
  environment:
    CONF_DIR: "{{ conf_dir }}"
+    ES_PATH_CONF: "{{ conf_dir }}"
    ES_HOME: "{{es_home}}"

 - set_fact: users_to_add={{ es_users.file.keys() | difference (current_file_users.stdout_lines) }}
@ -36,6 +37,7 @@
  no_log: True
  environment:
    CONF_DIR: "{{ conf_dir }}"
+    ES_PATH_CONF: "{{ conf_dir }}"
    ES_HOME: "{{es_home}}"

 #Set passwords for all users declared - Required as the useradd will not change existing user passwords
@ -50,6 +52,7 @@
  no_log: True
  environment:
    CONF_DIR: "{{ conf_dir }}"
+    ES_PATH_CONF: "{{ conf_dir }}"
    ES_HOME: "{{es_home}}"

 - set_fact: users_roles={{es_users.file | extract_role_users () }}
--- a/tasks/xpack/security/elasticsearch-security.yml
+++ b/tasks/xpack/security/elasticsearch-security.yml
@ -11,6 +11,23 @@
    - es_enable_xpack and '"security" in es_xpack_features'
    - (es_users is defined and es_users.file is defined) or (es_roles is defined and es_roles.file is defined) or (es_role_mapping is defined)

+#-----------------------------Create Bootstrap User-----------------------------------
+- name: Check if bootstrap password is set
+  command: >
+   {{es_home}}/bin/elasticsearch-keystore list
+  register: list_keystore
+  environment:
+    ES_PATH_CONF: "{{ conf_dir }}"
+
+
+- name: Create Bootstrap password for elastic user
+  shell: echo "{{es_api_basic_auth_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x 'bootstrap.password'
+  when:
+    - es_api_basic_auth_username == 'elastic' and 'bootstrap.password' not in list_keystore.stdout_lines
+  environment:
+    ES_PATH_CONF: "{{ conf_dir }}"
+  no_log: true
+
 #-----------------------------FILE BASED REALM----------------------------------------

 - include: elasticsearch-security-file.yml