afmarulanda/wazuh-ansible-4.8.1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #273 from wazuh/fix-create-elastic-users

Browse Source 
Fix create elastic users
This commit is contained in:
Manuel J. Bernal 2019-10-09 17:23:50 +02:00 committed by GitHub
commit 2848c80878
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 41 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
roles/elastic-stack/ansible-elasticsearch/README.md
View File

@ -79,13 +79,6 @@ Example Playbook
node_certs_generator_ip: 172.16.0.111 node_certs_generator_ip: 172.16.0.111
vars: vars:
elasticsearch_xpack_users:
anne:
password: 'PasswordHere'
roles: '["kibana_user", "monitoring_user"]'
jack:
password: 'PasswordHere'
roles: '["superuser"]'
instances: instances:
node-1: node-1:
name: node-1 name: node-1
@ -124,9 +117,19 @@ Example Playbook
- 172.16.0.111 - 172.16.0.111
- 172.16.0.112 - 172.16.0.112
- 172.16.0.113 - 172.16.0.113
vars:
elasticsearch_xpack_users:
anne:
password: 'PasswordHere'
roles: '["kibana_user", "monitoring_user"]'
jack:
password: 'PasswordHere'
roles: '["superuser"]'
``` ```
It is possible to define users directly on the playbook, these must be defined on a variable `elasticsearch_xpack_users` on the last node of the cluster as in the example.
License and copyright License and copyright
--------------------- ---------------------

31
roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
View File

@ -119,3 +119,34 @@
- import_tasks: "RMDebian.yml" - import_tasks: "RMDebian.yml"
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
- name: Wait for Elasticsearch API
uri:
url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_cluster/health/"
user: "{{ elasticsearch_xpack_security_user }}"
password: "{{ elasticsearch_xpack_security_password }}"
validate_certs: no
status_code: 200,401
return_content: yes
timeout: 4
register: _result
until: ( _result.json is defined) and (_result.json.status == "green")
retries: 24
delay: 5
when:
- elasticsearch_xpack_users is defined
- name: Create elasticsearch users
uri:
url: "https://{{ node_certs_generator_ip }}:{{ elasticsearch_http_port }}/_security/user/{{ item.key }}"
method: POST
body_format: json
user: "{{ elasticsearch_xpack_security_user }}"
password: "{{ elasticsearch_xpack_security_password }}"
body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }'
validate_certs: no
loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}"
register: http_response
failed_when: http_response.status != 200
when:
- elasticsearch_xpack_users is defined

17
roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
View File

@ -138,7 +138,6 @@
unarchive: unarchive:
src: "{{ master_certs_path }}/certs.zip" src: "{{ master_certs_path }}/certs.zip"
dest: "{{ master_certs_path }}/" dest: "{{ master_certs_path }}/"
become: true
delegate_to: "127.0.0.1" delegate_to: "127.0.0.1"
when: when:
- node_certs_generator - node_certs_generator
@ -194,19 +193,3 @@
when: when:
- node_certs_generator - node_certs_generator
tags: molecule-idempotence-notest tags: molecule-idempotence-notest
- name: Create elasticsearch users
uri:
url: "https://{{ elasticsearch_reachable_host }}:9200/_security/user/{{ item.key }}"
method: POST
body_format: json
user: "{{ elasticsearch_xpack_security_user }}"
password: "{{ elasticsearch_xpack_security_password }}"
body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }'
validate_certs: no
loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}"
register: http_response
failed_when: http_response.status != 200
when:
- elasticsearch_xpack_users is defined
- node_certs_generator