santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Create the keystore if it doesn't already exist

Browse source
This commit is contained in:
Michael Russell 2018-06-13 17:33:23 +02:00
parent 10ff32d109
commit e5809a3169
No known key found for this signature in database
GPG key ID: A90C1696496085FE
1 changed files with 26 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

20
tasks/xpack/security/elasticsearch-security.yml
View file

@ -12,23 +12,33 @@
- (es_users is defined and es_users.file is defined) or (es_roles is defined and es_roles.file is defined) or (es_role_mapping is defined) - (es_users is defined and es_users.file is defined) or (es_roles is defined and es_roles.file is defined) or (es_role_mapping is defined)
#-----------------------------Create Bootstrap User----------------------------------- #-----------------------------Create Bootstrap User-----------------------------------
- name: Check if bootstrap password is set ### START BLOCK elasticsearch keystore ###
- name: create the elasticsearch keystore
when: (es_enable_xpack and "security" in es_xpack_features) and (es_version | version_compare('6.0.0', '>'))
block:
- name: create the keystore if it doesn't exist yet
command: >
{{es_home}}/bin/elasticsearch-keystore create
creates: "{{ conf_dir }}/elasticsearch.keystore"
environment:
ES_PATH_CONF: "{{ conf_dir }}"
- name: Check if bootstrap password is set
command: > command: >
{{es_home}}/bin/elasticsearch-keystore list {{es_home}}/bin/elasticsearch-keystore list
register: list_keystore register: list_keystore
changed_when: False changed_when: False
environment: environment:
ES_PATH_CONF: "{{ conf_dir }}" ES_PATH_CONF: "{{ conf_dir }}"
when:
- (es_enable_xpack and "security" in es_xpack_features) and (es_version | version_compare('6.0.0', '>'))
- name: Create Bootstrap password for elastic user - name: Create Bootstrap password for elastic user
shell: echo "{{es_api_basic_auth_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x 'bootstrap.password' shell: echo "{{es_api_basic_auth_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x 'bootstrap.password'
when: when:
- (es_enable_xpack and "security" in es_xpack_features) and (es_version | version_compare('6.0.0', '>')) and es_api_basic_auth_username is defined and list_keystore is defined and es_api_basic_auth_username == 'elastic' and 'bootstrap.password' not in list_keystore.stdout_lines - es_api_basic_auth_username is defined and list_keystore is defined and es_api_basic_auth_username == 'elastic' and 'bootstrap.password' not in list_keystore.stdout_lines
environment: environment:
ES_PATH_CONF: "{{ conf_dir }}" ES_PATH_CONF: "{{ conf_dir }}"
no_log: true no_log: true
### END BLOCK elasticsearch keystore ###
#-----------------------------FILE BASED REALM---------------------------------------- #-----------------------------FILE BASED REALM----------------------------------------