santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add ability to use key and truststore passwords

Browse source
This commit is contained in:
Nathan Young 2019-10-12 00:57:49 +01:00
parent d0064c6a88
commit e2ffdce380
No known key found for this signature in database
GPG key ID: EB5E14327B10D023
2 changed files with 51 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
defaults/main.yml
View file

@ -50,8 +50,11 @@ es_security_api: "{{ '_security' if es_version is version_compare('7.0.0', '>=')
es_enable_http_ssl: false
es_enable_transport_ssl: false
es_ssl_keystore: ""
es_ssl_keystore_password: ""
es_ssl_truststore: ""
es_ssl_truststore_password: ""
es_ssl_key: ""
es_ssl_key_password: ""
es_ssl_certificate: ""
es_ssl_certificate_authority: ""
es_ssl_certificate_path: "/etc/elasticsearch/certs"

48
tasks/elasticsearch-ssl.yml
View file

@ -35,3 +35,51 @@
#Restart if this changes
notify: restart elasticsearch
when: es_ssl_certificate_authority | bool
- name: Set transport keystore password
shell: echo "{{es_ssl_keystore_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.keystore.secure_password'
no_log: True
when: es_ssl_keystore_password and copy_keystores.changed
with_items:
- http
- transport
- name: Set transport truststore password
shell: echo "{{es_ssl_truststore_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.truststore.secure_password'
no_log: True
when: es_ssl_truststore_password and copy_keystores.changed
with_items:
- http
- transport
- name: Set transport key password
shell: echo "{{es_ssl_key_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x -f 'xpack.security.{{ item }}.ssl.secure_key_passphrase'
no_log: True
when: es_ssl_key_password and copy_certificates.changed
with_items:
- http
- transport
- name: Remove transport keystore password
shell: "{{es_home}}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.keystore.secure_password'"
no_log: True
when: es_ssl_keystore_password == "" and copy_keystores.changed
with_items:
- http
- transport
- name: Remove transport truststore password
shell: "{{es_home}}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.truststore.secure_password'"
no_log: True
when: es_ssl_truststore_password == "" and copy_keystores.changed
with_items:
- http
- transport
- name: Remove transport key password
shell: "{{es_home}}/bin/elasticsearch-keystore remove 'xpack.security.{{ item }}.ssl.secure_key_passphrase'"
no_log: True
when: es_ssl_key_password == "" and copy_certificates.changed
with_items:
- http
- transport