Adding 6.x support with Bootstrap user addition

tasks/xpack/security/elasticsearch-security-file.yml

@@ -21,6 +21,7 @@
   when: manage_file_users
   environment:
     CONF_DIR: "{{ conf_dir }}"
+    ES_PATH_CONF: "{{ conf_dir }}"
     ES_HOME: "{{es_home}}"
 
 - set_fact: users_to_add={{ es_users.file.keys() | difference (current_file_users.stdout_lines) }}
@@ -36,6 +37,7 @@
   no_log: True
   environment:
     CONF_DIR: "{{ conf_dir }}"
+    ES_PATH_CONF: "{{ conf_dir }}"
     ES_HOME: "{{es_home}}"
 
 #Set passwords for all users declared - Required as the useradd will not change existing user passwords
@@ -50,6 +52,7 @@
   no_log: True
   environment:
     CONF_DIR: "{{ conf_dir }}"
+    ES_PATH_CONF: "{{ conf_dir }}"
     ES_HOME: "{{es_home}}"
 
 - set_fact: users_roles={{es_users.file | extract_role_users () }}

tasks/xpack/security/elasticsearch-security.yml

@@ -11,6 +11,23 @@
     - es_enable_xpack and '"security" in es_xpack_features'
     - (es_users is defined and es_users.file is defined) or (es_roles is defined and es_roles.file is defined) or (es_role_mapping is defined)
 
+#-----------------------------Create Bootstrap User-----------------------------------
+- name: Check if bootstrap password is set
+  command: >
+   {{es_home}}/bin/elasticsearch-keystore list
+  register: list_keystore
+  environment:
+    ES_PATH_CONF: "{{ conf_dir }}"
+
+
+- name: Create Bootstrap password for elastic user
+  shell: echo "{{es_api_basic_auth_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x 'bootstrap.password'
+  when:
+    - es_api_basic_auth_username == 'elastic' and 'bootstrap.password' not in list_keystore.stdout_lines
+  environment:
+    ES_PATH_CONF: "{{ conf_dir }}"
+  no_log: true
+
 #-----------------------------FILE BASED REALM----------------------------------------
 
 - include: elasticsearch-security-file.yml