From a2c4012197a78e539fde30dbb07cbe882de030bb Mon Sep 17 00:00:00 2001 From: pemontto Date: Mon, 28 Oct 2019 14:25:52 +0000 Subject: [PATCH] Update and document unmanaged user vars --- README.md | 2 ++ defaults/main.yml | 4 ++-- tasks/xpack/security/elasticsearch-security-file.yml | 4 ++-- tasks/xpack/security/elasticsearch-security-native.yml | 4 ++-- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index c535dba..3aa380e 100644 --- a/README.md +++ b/README.md @@ -455,6 +455,8 @@ In addition to es_config, the following parameters allow the customization of th * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200** * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin. * ```es_api_basic_auth_password``` The password associated with the user declared in `es_api_basic_auth_username` +* `es_delete_unmanaged_file` Default `true`. Set to false to keep file realm users that have been added outside of ansible. +* `es_delete_unmanaged_native` Default `true`. Set to false to keep native realm users that have been added outside of ansible. * ```es_start_service``` (true (default) or false) * ```es_plugins_reinstall``` (true or false (default) ) * ```es_plugins``` an array of plugin definitions e.g.: diff --git a/defaults/main.yml b/defaults/main.yml index fa4d756..666614e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -62,5 +62,5 @@ es_ssl_certificate_authority: "" es_ssl_certificate_path: "{{ es_conf_dir }}/certs" es_ssl_verification_mode: "certificate" es_validate_certs: "yes" -delete_unmanaged_file: true -delete_unmanaged_native: true +es_delete_unmanaged_file: true +es_delete_unmanaged_native: true diff --git a/tasks/xpack/security/elasticsearch-security-file.yml b/tasks/xpack/security/elasticsearch-security-file.yml index 82aca12..b3ed027 100644 --- a/tasks/xpack/security/elasticsearch-security-file.yml +++ b/tasks/xpack/security/elasticsearch-security-file.yml @@ -33,7 +33,7 @@ - name: set fact users_to_remove set_fact: users_to_remove={{ current_file_users.stdout_lines | difference (es_users.file.keys() | list) }} - when: manage_file_users and delete_unmanaged_file + when: manage_file_users and es_delete_unmanaged_file #Remove users - name: Remove Users @@ -49,7 +49,7 @@ - name: set fact users_to_add set_fact: users_to_add={{ es_users.file.keys() | list | difference (current_file_users.stdout_lines) }} - when: manage_file_users and delete_unmanaged_file + when: manage_file_users and es_delete_unmanaged_file #Add users - name: Add Users diff --git a/tasks/xpack/security/elasticsearch-security-native.yml b/tasks/xpack/security/elasticsearch-security-native.yml index ec407f7..7a27fd4 100644 --- a/tasks/xpack/security/elasticsearch-security-native.yml +++ b/tasks/xpack/security/elasticsearch-security-native.yml @@ -82,7 +82,7 @@ password: "{{es_api_basic_auth_password}}" force_basic_auth: yes validate_certs: "{{ es_validate_certs }}" - when: manage_native_users and delete_unmanaged_native + when: manage_native_users and es_delete_unmanaged_native with_items: "{{ users_to_remove | default([]) }}" - name: set fact users_to_ignore @@ -178,7 +178,7 @@ password: "{{es_api_basic_auth_password}}" force_basic_auth: yes validate_certs: "{{ es_validate_certs }}" - when: manage_native_roles and delete_unmanaged_native + when: manage_native_roles and es_delete_unmanaged_native with_items: "{{roles_to_remove | default([]) }}" - name: set fact roles_to_modify