diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index b10a2152..388affce 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -79,13 +79,6 @@ Example Playbook node_certs_generator_ip: 172.16.0.111 vars: - elasticsearch_xpack_users: - anne: - password: 'PasswordHere' - roles: '["kibana_user", "monitoring_user"]' - jack: - password: 'PasswordHere' - roles: '["superuser"]' instances: node-1: name: node-1 @@ -124,9 +117,19 @@ Example Playbook - 172.16.0.111 - 172.16.0.112 - 172.16.0.113 + vars: + elasticsearch_xpack_users: + anne: + password: 'PasswordHere' + roles: '["kibana_user", "monitoring_user"]' + jack: + password: 'PasswordHere' + roles: '["superuser"]' ``` +It is possible to define users directly on the playbook, these must be defined on a variable `elasticsearch_xpack_users` on the last node of the cluster as in the example. + License and copyright --------------------- diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 706de27e..aef459e2 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -119,3 +119,34 @@ - import_tasks: "RMDebian.yml" when: ansible_os_family == "Debian" + +- name: Wait for Elasticsearch API + uri: + url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_cluster/health/" + user: "{{ elasticsearch_xpack_security_user }}" + password: "{{ elasticsearch_xpack_security_password }}" + validate_certs: no + status_code: 200,401 + return_content: yes + timeout: 4 + register: _result + until: ( _result.json is defined) and (_result.json.status == "green") + retries: 24 + delay: 5 + when: + - elasticsearch_xpack_users is defined + +- name: Create elasticsearch users + uri: + url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_security/user/{{ item.key }}" + method: POST + body_format: json + user: "{{ elasticsearch_xpack_security_user }}" + password: "{{ elasticsearch_xpack_security_password }}" + body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }' + validate_certs: no + loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}" + register: http_response + failed_when: http_response.status != 200 + when: + - elasticsearch_xpack_users is defined diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 1d338cf7..e9261956 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -138,7 +138,6 @@ unarchive: src: "{{ master_certs_path }}/certs.zip" dest: "{{ master_certs_path }}/" - become: true delegate_to: "127.0.0.1" when: - node_certs_generator @@ -194,19 +193,3 @@ when: - node_certs_generator tags: molecule-idempotence-notest - -- name: Create elasticsearch users - uri: - url: "https://{{ elasticsearch_reachable_host }}:9200/_security/user/{{ item.key }}" - method: POST - body_format: json - user: "{{ elasticsearch_xpack_security_user }}" - password: "{{ elasticsearch_xpack_security_password }}" - body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }' - validate_certs: no - loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}" - register: http_response - failed_when: http_response.status != 200 - when: - - elasticsearch_xpack_users is defined - - node_certs_generator