96 lines
3.1 KiB
YAML
96 lines
3.1 KiB
YAML
---
|
|
- set_fact: manage_file_users=false
|
|
|
|
- set_fact: manage_file_users=true
|
|
when: es_users is defined and es_users.file is defined and es_users.file.keys() | list | length > 0
|
|
|
|
# Users migration from elasticsearch < 6.3 versions
|
|
- name: Check if old users file exists
|
|
stat:
|
|
path: '{{ es_conf_dir }}/x-pack/users'
|
|
register: old_users_file
|
|
check_mode: no
|
|
|
|
- name: Copy the old users file from the old deprecated location
|
|
copy:
|
|
remote_src: yes
|
|
force: no # only copy it if the new path doesn't exist yet
|
|
src: "{{ es_conf_dir }}/x-pack/users"
|
|
dest: "{{ es_conf_dir }}/users"
|
|
group: "{{ es_group }}"
|
|
owner: root
|
|
when: old_users_file.stat.exists
|
|
# End of users migrations
|
|
|
|
#List current users
|
|
- name: List Users
|
|
become: yes
|
|
shell: cat {{ es_conf_dir }}/users | awk -F':' '{print $1}'
|
|
register: current_file_users
|
|
when: manage_file_users
|
|
changed_when: False
|
|
check_mode: no
|
|
|
|
- name: set fact users_to_remove
|
|
set_fact: users_to_remove={{ current_file_users.stdout_lines | difference (es_users.file.keys() | list) }}
|
|
when: manage_file_users and es_delete_unmanaged_file
|
|
|
|
#Remove users
|
|
- name: Remove Users
|
|
become: yes
|
|
command: >
|
|
{{es_home}}/bin/elasticsearch-users userdel {{item}}
|
|
with_items: "{{users_to_remove | default([])}}"
|
|
when: manage_file_users
|
|
environment:
|
|
CONF_DIR: "{{ es_conf_dir }}"
|
|
ES_PATH_CONF: "{{ es_conf_dir }}"
|
|
ES_HOME: "{{es_home}}"
|
|
|
|
- name: set fact users_to_add
|
|
set_fact: users_to_add={{ es_users.file.keys() | list | difference (current_file_users.stdout_lines) }}
|
|
when: manage_file_users and es_delete_unmanaged_file
|
|
|
|
#Add users
|
|
- name: Add Users
|
|
become: yes
|
|
command: >
|
|
{{es_home}}/bin/elasticsearch-users useradd {{item}} -p {{es_users.file[item].password}}
|
|
with_items: "{{ users_to_add | default([]) }}"
|
|
when: manage_file_users
|
|
no_log: True
|
|
environment:
|
|
CONF_DIR: "{{ es_conf_dir }}"
|
|
ES_PATH_CONF: "{{ es_conf_dir }}"
|
|
ES_HOME: "{{es_home}}"
|
|
|
|
#Set passwords for all users declared - Required as the useradd will not change existing user passwords
|
|
- name: Set User Passwords
|
|
become: yes
|
|
command: >
|
|
{{es_home}}/bin/elasticsearch-users passwd {{ item }} -p {{es_users.file[item].password}}
|
|
with_items: "{{ es_users.file.keys() | list }}"
|
|
when: manage_file_users
|
|
#Currently no easy way to figure out if the password has changed or to know what it currently is so we can skip.
|
|
changed_when: False
|
|
no_log: True
|
|
environment:
|
|
CONF_DIR: "{{ es_conf_dir }}"
|
|
ES_PATH_CONF: "{{ es_conf_dir }}"
|
|
ES_HOME: "{{es_home}}"
|
|
|
|
- name: set fact users_roles
|
|
set_fact: users_roles={{es_users.file | extract_role_users () }}
|
|
when: manage_file_users
|
|
|
|
#Copy Roles files
|
|
- name: Copy roles.yml File for Instance
|
|
become: yes
|
|
template: src=security/roles.yml.j2 dest={{ es_conf_dir }}/roles.yml owner=root group={{ es_group }} mode=0660 force=yes
|
|
when: es_roles is defined and es_roles.file is defined
|
|
|
|
#Overwrite users_roles file
|
|
- name: Copy User Roles
|
|
become: yes
|
|
template: src=security/users_roles.j2 dest={{ es_conf_dir }}/users_roles owner=root group={{ es_group }} mode=0660 force=yes
|
|
when: manage_file_users and users_roles | length > 0
|