Merge pull request #273 from wazuh/fix-create-elastic-users

Fix create elastic users
2019-10-09 17:23:50 +02:00 · 2019-10-09 17:23:50 +02:00 · 2848c80878
commit 2848c80878
parent 5bfb3e0503 56e7d10937
3 changed files with 41 additions and 24 deletions
--- a/roles/elastic-stack/ansible-elasticsearch/README.md
+++ b/roles/elastic-stack/ansible-elasticsearch/README.md
@ -79,13 +79,6 @@ Example Playbook
      node_certs_generator_ip: 172.16.0.111

  vars:
-    elasticsearch_xpack_users:
-      anne:
-        password: 'PasswordHere'
-        roles: '["kibana_user", "monitoring_user"]'
-      jack:
-        password: 'PasswordHere'
-        roles: '["superuser"]'
    instances:
      node-1:
        name: node-1
@ -124,9 +117,19 @@ Example Playbook
        - 172.16.0.111
        - 172.16.0.112
        - 172.16.0.113
+  vars:
+    elasticsearch_xpack_users:
+      anne:
+        password: 'PasswordHere'
+        roles: '["kibana_user", "monitoring_user"]'
+      jack:
+        password: 'PasswordHere'
+        roles: '["superuser"]'

 ```

+It is possible to define users directly on the playbook, these must be defined on a variable `elasticsearch_xpack_users` on the last node of the cluster as in the example.
+

 License and copyright
 ---------------------
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
@ -119,3 +119,34 @@

 - import_tasks: "RMDebian.yml"
  when: ansible_os_family == "Debian"
+
+- name: Wait for Elasticsearch API
+  uri:
+    url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_cluster/health/"
+    user: "{{ elasticsearch_xpack_security_user }}"
+    password: "{{ elasticsearch_xpack_security_password }}"
+    validate_certs: no
+    status_code: 200,401
+    return_content: yes
+    timeout: 4
+  register: _result
+  until: (  _result.json is defined) and (_result.json.status == "green")
+  retries: 24
+  delay: 5
+  when:
+    - elasticsearch_xpack_users is defined
+
+- name: Create elasticsearch users
+  uri:
+    url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_security/user/{{ item.key }}"
+    method: POST
+    body_format: json
+    user: "{{ elasticsearch_xpack_security_user }}"
+    password: "{{ elasticsearch_xpack_security_password }}"
+    body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }'
+    validate_certs: no
+  loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}"
+  register: http_response
+  failed_when: http_response.status != 200
+  when:
+    - elasticsearch_xpack_users is defined
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
@ -138,7 +138,6 @@
  unarchive:
    src: "{{ master_certs_path }}/certs.zip"
    dest: "{{ master_certs_path }}/"
-  become: true
  delegate_to: "127.0.0.1"
  when:
    - node_certs_generator
@ -194,19 +193,3 @@
  when:
    - node_certs_generator
  tags: molecule-idempotence-notest
-
- name: Create elasticsearch users
-  uri:
-    url: "https://{{ elasticsearch_reachable_host }}:9200/_security/user/{{ item.key }}"
-    method: POST
-    body_format: json
-    user: "{{ elasticsearch_xpack_security_user }}"
-    password: "{{ elasticsearch_xpack_security_password }}"
-    body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }'
-    validate_certs: no
-  loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}"
-  register: http_response
-  failed_when: http_response.status != 200
-  when:
-    - elasticsearch_xpack_users is defined
-    - node_certs_generator