ansible-role-elasticsearch/tasks/elasticsearch-ssl.yml

---
- name: ensure certificate directory exists
  file:
    dest: "{{ es_ssl_certificate_path }}"
    state: directory

- name: Upload SSL/TLS keystore and truststore
  copy:
    src: "{{ item }}"
    dest: "{{ es_ssl_certificate_path }}/{{ item | basename }}"
  with_items:
    - "{{ es_ssl_keystore }}"
    - "{{ es_ssl_truststore }}"
  when: es_ssl_keystore and es_ssl_truststore
  #Restart if these change
  notify: restart elasticsearch
  register: copy_keystores

- name: Upload SSL/TLS key and certificate
  copy:
    src: "{{ item }}"
    dest: "{{ es_ssl_certificate_path }}/{{ item | basename }}"
  with_items:
    - "{{ es_ssl_key }}"
    - "{{ es_ssl_certificate }}"
  when: es_ssl_key and es_ssl_certificate
  #Restart if these change
  notify: restart elasticsearch
  register: copy_certificates

- name: Upload SSL Certificate Authority
  copy:
    src: "{{ es_ssl_certificate_authority }}"
    dest: "{{ es_ssl_certificate_path }}/{{ es_ssl_certificate_authority | basename }}"
  when: es_ssl_certificate_authority