santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fails deployment when using tls without security (#796)

Browse source
This commit is contained in:
Julien Mailleret 2021-05-25 11:04:24 +02:00 committed by GitHub
parent e4920b0da4
commit ce523dd134
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

15
tasks/elasticsearch-parameters.yml
View file

@ -1,3 +1,4 @@
---
# Check for mandatory parameters # Check for mandatory parameters
- name: Warn about deprecated es_xpack_features variable - name: Warn about deprecated es_xpack_features variable
@ -16,19 +17,25 @@
fail: msg="es_proxy_port must be specified and cannot be blank when es_proxy_host is defined" fail: msg="es_proxy_port must be specified and cannot be blank when es_proxy_host is defined"
when: (es_proxy_port is not defined or es_proxy_port == '') and (es_proxy_host is defined and es_proxy_host != '') when: (es_proxy_port is not defined or es_proxy_port == '') and (es_proxy_host is defined and es_proxy_host != '')
#If the user attempts to lock memory they must specify a heap size # If the user attempts to lock memory they must specify a heap size
- name: fail when heap size is not specified when using memory lock - name: fail when heap size is not specified when using memory lock
fail: msg="If locking memory with bootstrap.memory_lock a heap size must be specified" fail: msg="If locking memory with bootstrap.memory_lock a heap size must be specified"
when: es_config['bootstrap.memory_lock'] is defined and es_config['bootstrap.memory_lock'] == True and es_heap_size is not defined and not ansible_check_mode when: es_config['bootstrap.memory_lock'] is defined and es_config['bootstrap.memory_lock'] == True and es_heap_size is not defined and not ansible_check_mode
#Check if working with security we have an es_api_basic_auth_username and es_api_basic_auth_username - otherwise any http calls wont work - name: fail when password is not declared when using security
- name: fail when api credentials are not declared when using security
fail: msg="Enabling security requires an es_api_basic_auth_username and es_api_basic_auth_password to be provided to allow cluster operations" fail: msg="Enabling security requires an es_api_basic_auth_username and es_api_basic_auth_password to be provided to allow cluster operations"
when: when:
- not oss_version - not oss_version
- es_api_basic_auth_username is defined - es_api_basic_auth_username is defined
- es_api_basic_auth_password is not defined - es_api_basic_auth_password is not defined
- name: fail when api credentials are not declared when using tls
fail: msg="Enabling tls requires an es_api_basic_auth_username and es_api_basic_auth_password"
when:
- not oss_version
- es_enable_http_ssl or es_enable_transport_ssl
- es_api_basic_auth_username is not defined or es_api_basic_auth_password is not defined
- name: fail when ssl enabled without defining a key and certificate - name: fail when ssl enabled without defining a key and certificate
fail: msg="Enabling SSL/TLS (es_enable_http_ssl or es_enable_transport_ssl) requires es_ssl_keystore and es_ssl_truststore or es_ssl_key and es_ssl_certificate to be provided" fail: msg="Enabling SSL/TLS (es_enable_http_ssl or es_enable_transport_ssl) requires es_ssl_keystore and es_ssl_truststore or es_ssl_key and es_ssl_certificate to be provided"
when: when:
@ -42,7 +49,7 @@
- name: fail when changing users through file realm - name: fail when changing users through file realm
fail: fail:
msg: "ERROR: INVALID CONFIG - YOU CANNOT CHANGE RESERVED USERS THROUGH THE FILE REALM. THE FOLLOWING CANNOT BE CHANGED: {{file_reserved_users}}. USE THE NATIVE REALM." msg: "ERROR: INVALID CONFIG - YOU CANNOT CHANGE RESERVED USERS THROUGH THE FILE REALM. THE FOLLOWING CANNOT BE CHANGED: {{file_reserved_users}}. USE THE NATIVE REALM."
when: file_reserved_users | default([]) | length > 0 when: file_reserved_users | default([]) | length > 0
- name: set fact m_lock_enabled - name: set fact m_lock_enabled