From 02425e0c85a15157882f5db6f559acd12383a945 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Tue, 24 Sep 2019 11:09:21 +0200 Subject: [PATCH] Fix linting errors Fixed linting on xpack_security.yml --- .../tasks/xpack_security.yml | 67 +++++++++---------- 1 file changed, 33 insertions(+), 34 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index e64b71df..046c3382 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -39,7 +39,7 @@ when: - node_certs_generator -- name: Importing custom CA key +- name: Importing custom CA key copy: src: "{{ master_certs_path }}/ca/{{ ca_key_name }}" dest: "{{ node_certs_source }}/{{ ca_key_name }}" @@ -61,7 +61,7 @@ - name: Generating certificates for Elasticsearch security (generating CA) shell: >- - /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in + /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip when: - node_certs_generator @@ -70,37 +70,37 @@ tags: xpack-security - name: Generating certificates for Elasticsearch security (using provided CA | Without CA Password) - shell: >- - /usr/share/elasticsearch/bin/elasticsearch-certutil cert - --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} + shell: >- + /usr/share/elasticsearch/bin/elasticsearch-certutil cert + --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip when: - node_certs_generator - not xpack_certs_zip.stat.exists - not generate_CA - - ca_password == "" + - ca_password | length == 0 tags: xpack-security - name: Generating certificates for Elasticsearch security (using provided CA | Using CA Password) - shell: >- - /usr/share/elasticsearch/bin/elasticsearch-certutil cert - --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} - --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip - --ca-pass {{ca_password}} + shell: >- + /usr/share/elasticsearch/bin/elasticsearch-certutil cert + --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} + --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip + --ca-pass {{ ca_password }} when: - node_certs_generator - not xpack_certs_zip.stat.exists - not generate_CA - - ca_password != "" - tags: xpack-security - + - ca_password | length > 0 + tags: xpack-security + - name: Verify the Elastic certificates directory file: path: "{{ master_certs_path }}" state: directory mode: '0700' delegate_to: "127.0.0.1" - when: + when: - node_certs_generator - name: Verify the Certificates Authority directory @@ -109,7 +109,7 @@ state: directory mode: '0700' delegate_to: "127.0.0.1" - when: + when: - node_certs_generator - name: Copying certificates to Ansible master @@ -118,7 +118,7 @@ dest: "{{ master_certs_path }}/" flat: yes mode: 0700 - when: + when: - node_certs_generator tags: xpack-security @@ -126,39 +126,39 @@ file: state: absent path: "{{ node_certs_source }}/certs.zip" - when: + when: - node_certs_generator - + - name: Unzip generated certs.zip unarchive: - src: "{{master_certs_path}}/certs.zip" - dest: "{{master_certs_path}}/" + src: "{{ master_certs_path }}/certs.zip" + dest: "{{ master_certs_path }}/" become: true delegate_to: "127.0.0.1" - when: + when: - node_certs_generator tags: xpack-security - name: Copying node's certificate from master copy: - src: "{{item}}" - dest: "{{node_certs_destination}}/" + src: "{{ item }}" + dest: "{{ node_certs_destination }}/" with_items: - - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" - - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt" - - "{{master_certs_path}}/ca/ca.crt" + - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" + - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" + - "{{ master_certs_path }}/ca/ca.crt" when: - generate_CA tags: xpack-security - name: Copying node's certificate from master (Custom CA) copy: - src: "{{item}}" - dest: "{{node_certs_destination}}/" - with_items: - - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" - - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt" - - "{{master_certs_path}}/ca/{{ca_cert_name}}" + src: "{{ item }}" + dest: "{{ node_certs_destination }}/" + with_items: + - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key" + - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt" + - "{{ master_certs_path }}/ca/{{ ca_cert_name }}" when: - not generate_CA tags: xpack-security @@ -179,4 +179,3 @@ echo {{ elasticsearch_xpack_security_password }} | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf bootstrap.password when: - node_certs_generator - \ No newline at end of file