From 99426a3c0fbf5d98e6c930a0c21c2deaef65ea51 Mon Sep 17 00:00:00 2001 From: Manuel Gutierrez Date: Fri, 4 Oct 2019 17:01:34 +0200 Subject: [PATCH] New task to create elasticsearch users Fixes #269 Fixes #268 --- .../ansible-elasticsearch/README.md | 7 +++++++ .../tasks/xpack_security.yml | 16 ++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/roles/elastic-stack/ansible-elasticsearch/README.md b/roles/elastic-stack/ansible-elasticsearch/README.md index 41cebd54..b10a2152 100644 --- a/roles/elastic-stack/ansible-elasticsearch/README.md +++ b/roles/elastic-stack/ansible-elasticsearch/README.md @@ -79,6 +79,13 @@ Example Playbook node_certs_generator_ip: 172.16.0.111 vars: + elasticsearch_xpack_users: + anne: + password: 'PasswordHere' + roles: '["kibana_user", "monitoring_user"]' + jack: + password: 'PasswordHere' + roles: '["superuser"]' instances: node-1: name: node-1 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml index 8cdfdb77..1d338cf7 100644 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml @@ -194,3 +194,19 @@ when: - node_certs_generator tags: molecule-idempotence-notest + +- name: Create elasticsearch users + uri: + url: "https://{{ elasticsearch_reachable_host }}:9200/_security/user/{{ item.key }}" + method: POST + body_format: json + user: "{{ elasticsearch_xpack_security_user }}" + password: "{{ elasticsearch_xpack_security_password }}" + body: '{ "password" : "{{ item.value["password"] }}", "roles" : {{ item.value["roles"] }} }' + validate_certs: no + loop: "{{ elasticsearch_xpack_users|default({})|dict2items }}" + register: http_response + failed_when: http_response.status != 200 + when: + - elasticsearch_xpack_users is defined + - node_certs_generator