From eed6352dfbe9adda5f7b4dab5fa990e4e8b72bdb Mon Sep 17 00:00:00 2001
From: Russell Snyder <russell@redowl.com>
Date: Tue, 18 Apr 2017 13:26:16 -0400
Subject: [PATCH] Moved up the x-pack directory logic to include role_mappings

Signed-off-by: Russell Snyder <russell@redowl.com>
---
 tasks/xpack/security/elasticsearch-security-file.yml | 8 +-------
 tasks/xpack/security/elasticsearch-security.yml      | 8 ++++++++
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/tasks/xpack/security/elasticsearch-security-file.yml b/tasks/xpack/security/elasticsearch-security-file.yml
index 5da0d13..017307e 100644
--- a/tasks/xpack/security/elasticsearch-security-file.yml
+++ b/tasks/xpack/security/elasticsearch-security-file.yml
@@ -1,12 +1,6 @@
 ---
 - set_fact: manage_file_users=es_users is defined and es_users.file is defined
 
-#Ensure x-pack conf directory is created
-- name: Ensure x-pack conf directory exists (file)
-  file: path={{ conf_dir }}/x-pack state=directory owner={{ es_user }} group={{ es_group }}
-  changed_when: False
-  when: es_enable_xpack and '"security" in es_xpack_features'
-
 #List current users
 - name: List Users
   shell: cat {{conf_dir}}/x-pack/users | awk -F':' '{print $1}'
@@ -70,4 +64,4 @@
 
 #Set permission on security directory. E.g. if 2 nodes are installed on the same machine, the second node will not get the users file created at install, causing the files being created at es_users call and then having the wrong Permissions.
 - name: Set Security Directory Permissions Recursive
-  file: state=directory path={{conf_dir}}/x-pack/ owner={{ es_user }} group={{ es_group }} recurse=yes
\ No newline at end of file
+  file: state=directory path={{conf_dir}}/x-pack/ owner={{ es_user }} group={{ es_group }} recurse=yes
diff --git a/tasks/xpack/security/elasticsearch-security.yml b/tasks/xpack/security/elasticsearch-security.yml
index 5b483cf..34d5bc1 100644
--- a/tasks/xpack/security/elasticsearch-security.yml
+++ b/tasks/xpack/security/elasticsearch-security.yml
@@ -3,6 +3,14 @@
 
 #TODO: 1. Skip users with no password defined or error 2. Passwords | length > 6
 
+#Ensure x-pack conf directory is created if necessary
+- name: Ensure x-pack conf directory exists (file)
+  file: path={{ conf_dir }}/x-pack state=directory owner={{ es_user }} group={{ es_group }}
+  changed_when: False
+  when:
+    - es_enable_xpack and '"security" in es_xpack_features'
+    - (es_users is defined and es_users.file) or (es_roles is defined and es_roles.file is defined) or (es_role_mapping is defined)
+
 #-----------------------------FILE BASED REALM----------------------------------------
 
 - include: elasticsearch-security-file.yml