2cb020a4c2
* remove multi instances support The goal is to stop supporting installation of more than one node in the same host. This commit update the Ansible role README documentation and remove the multi instances kitchen test. * remove systemd and init.d templates As we no more need to support more than one node on the same host, we no more need to override init files provided by elasticsearch official packages. * remove file script feature File scripts have been removed since elasticsearch 6.0 (https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking_60_scripting_changes.html#_file_scripts_removed) * remove custom user and custom group ES_USER and ES_GROUP settings are no longer supported (https://www.elastic.co/guide/en/elasticsearch/reference/6.0/breaking_60_packaging_changes.html#_configuring_custom_user_and_group_for_package_is_no_longer_allowed) * add upgrade procedure * use same task for license activation with and without authentication
64 lines
2.6 KiB
YAML
64 lines
2.6 KiB
YAML
---
|
|
#Security specific configuration done here
|
|
|
|
#TODO: 1. Skip users with no password defined or error 2. Passwords | length > 6
|
|
|
|
#Ensure x-pack conf directory is created if necessary
|
|
- name: Ensure x-pack conf directory exists (file)
|
|
file: path={{ es_conf_dir }}{{ es_xpack_conf_subdir }} state=directory owner={{ es_user }} group={{ es_group }}
|
|
changed_when: False
|
|
when: (es_users is defined and es_users.file is defined) or (es_roles is defined and es_roles.file is defined) or (es_role_mapping is defined)
|
|
|
|
#-----------------------------Create Bootstrap User-----------------------------------
|
|
### START BLOCK elasticsearch keystore ###
|
|
- name: create the elasticsearch keystore
|
|
block:
|
|
- name: create the keystore if it doesn't exist yet
|
|
become: yes
|
|
command: >
|
|
{{es_home}}/bin/elasticsearch-keystore create
|
|
args:
|
|
creates: "{{ es_conf_dir }}/elasticsearch.keystore"
|
|
environment:
|
|
ES_PATH_CONF: "{{ es_conf_dir }}"
|
|
|
|
- name: Check if bootstrap password is set
|
|
become: yes
|
|
command: >
|
|
{{es_home}}/bin/elasticsearch-keystore list
|
|
register: list_keystore
|
|
changed_when: False
|
|
environment:
|
|
ES_PATH_CONF: "{{ es_conf_dir }}"
|
|
check_mode: no
|
|
|
|
- name: Create Bootstrap password for elastic user
|
|
become: yes
|
|
shell: echo "{{es_api_basic_auth_password}}" | {{es_home}}/bin/elasticsearch-keystore add -x 'bootstrap.password'
|
|
when:
|
|
- es_api_basic_auth_username is defined and list_keystore is defined and es_api_basic_auth_username == 'elastic' and 'bootstrap.password' not in list_keystore.stdout_lines
|
|
environment:
|
|
ES_PATH_CONF: "{{ es_conf_dir }}"
|
|
no_log: true
|
|
### END BLOCK elasticsearch keystore ###
|
|
|
|
#-----------------------------FILE BASED REALM----------------------------------------
|
|
|
|
- include: elasticsearch-security-file.yml
|
|
when: (es_users is defined and es_users.file is defined) or (es_roles is defined and es_roles.file is defined)
|
|
|
|
#-----------------------------ROLE MAPPING ----------------------------------------
|
|
|
|
#Copy Roles files
|
|
- name: Copy role_mapping.yml File for Instance
|
|
become: yes
|
|
template: src=security/role_mapping.yml.j2 dest={{ es_conf_dir }}{{es_xpack_conf_subdir}}/role_mapping.yml owner={{ es_user }} group={{ es_group }} mode=0644 force=yes
|
|
when: es_role_mapping is defined
|
|
|
|
#------------------------------------------------------------------------------------
|
|
|
|
#Ensure security conf directory is created
|
|
- name: Ensure security conf directory exists
|
|
become: yes
|
|
file: path={{ es_conf_dir }}/security state=directory owner={{ es_user }} group={{ es_group }}
|
|
changed_when: False
|