d7efa2048a
This commit introduces SSL/TLS support for the elastic search transport layer. It assumes certificates are generated externally, and only handles uploading and configuring the server accordingly.
99 lines
2.9 KiB
YAML
99 lines
2.9 KiB
YAML
---
|
|
|
|
- set_fact: "es_major_version={{ es_version.split('.')[0] }}.x"
|
|
when:
|
|
- es_major_version is undefined
|
|
|
|
- name: os-specific vars
|
|
include_vars: "{{ansible_os_family}}.yml"
|
|
tags:
|
|
- always
|
|
|
|
- name: set compatibility variables
|
|
include: compatibility-variables.yml
|
|
tags:
|
|
- always
|
|
|
|
- name: check-set-parameters
|
|
include: elasticsearch-parameters.yml
|
|
tags:
|
|
- always
|
|
|
|
- name: use snapshot release
|
|
include: snapshot-release.yml
|
|
when: es_use_snapshot_release
|
|
|
|
- name: include java.yml
|
|
include: java.yml
|
|
when: es_java_install
|
|
tags:
|
|
- java
|
|
|
|
- name: include elasticsearch.yml
|
|
include: elasticsearch.yml
|
|
tags:
|
|
- install
|
|
|
|
- name: include elasticsearch-config.yml
|
|
include: elasticsearch-config.yml
|
|
tags:
|
|
- config
|
|
|
|
- name: include elasticsearch-plugins.yml
|
|
include: elasticsearch-plugins.yml
|
|
when: es_plugins is defined or es_plugins_reinstall
|
|
tags:
|
|
- plugins
|
|
|
|
#We always execute xpack as we may need to remove features
|
|
- name: include xpack/elasticsearch-xpack.yml
|
|
include: xpack/elasticsearch-xpack.yml
|
|
tags:
|
|
- xpack
|
|
|
|
- name: include ssl.yml
|
|
include: elasticsearch-ssl.yml
|
|
|
|
- name: flush handlers
|
|
meta: flush_handlers
|
|
|
|
- name: Make sure elasticsearch is started
|
|
become: yes
|
|
service: name=elasticsearch state=started enabled=yes
|
|
when: es_start_service
|
|
|
|
- name: Wait for elasticsearch to startup
|
|
wait_for: host={{es_api_host}} port={{es_api_port}} delay=5 connect_timeout=1
|
|
when: es_restarted is defined and es_restarted.changed and es_start_service
|
|
|
|
- name: set fact manage_native_realm to false
|
|
set_fact: manage_native_realm=false
|
|
|
|
- name: set fact manage_native_realm to true
|
|
set_fact: manage_native_realm=true
|
|
when:
|
|
- es_start_service
|
|
- es_enable_xpack
|
|
- (es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined)
|
|
|
|
# If playbook runs too fast, Native commands could fail as the Native Realm is not yet up
|
|
- name: Wait 15 seconds for the Native Relm to come up
|
|
command: sleep 15
|
|
when: manage_native_realm
|
|
|
|
- name: activate-license
|
|
include: ./xpack/security/elasticsearch-xpack-activation.yml
|
|
when: es_start_service and es_enable_xpack and es_xpack_license is defined and es_xpack_license != ''
|
|
|
|
#perform security actions here now elasticsearch is started
|
|
- name: include xpack/security/elasticsearch-security-native.yml
|
|
include: ./xpack/security/elasticsearch-security-native.yml
|
|
when: manage_native_realm
|
|
|
|
#Templates done after restart - handled by flushing the handlers. e.g. suppose user removes security on a running node and doesn't specify es_api_basic_auth_username and es_api_basic_auth_password. The templates will subsequently not be removed if we don't wait for the node to restart.
|
|
#We also do after the native realm to ensure any changes are applied here first and its denf up.
|
|
- name: include elasticsearch-template.yml
|
|
include: elasticsearch-template.yml
|
|
when: es_templates
|
|
tags:
|
|
- templates
|