Merge pull request #245 from wazuh/242-elastic-multiline-fix

242 elastic multiline fix
2019-09-24 13:02:14 +02:00 · 2019-09-24 13:02:14 +02:00 · 4e4151e674
commit 4e4151e674
parent d6979b772e 4f955fe498
3 changed files with 56 additions and 52 deletions
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml
@ -76,7 +76,7 @@
    mode: 0660
  notify: restart elasticsearch
  tags: configure
-  
+
 - name: Trusty | set MAX_LOCKED_MEMORY=unlimited in Elasticsearch in /etc/security/limits.conf
  lineinfile:
    path: /etc/security/limits.conf
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
@ -39,7 +39,7 @@
  when:
    - node_certs_generator

- name: Importing custom CA key 
+- name: Importing custom CA key
  copy:
    src: "{{ master_certs_path }}/ca/{{ ca_key_name }}"
    dest: "{{ node_certs_source }}/{{ ca_key_name }}"
@ -60,9 +60,10 @@
  tags: xpack-security

 - name: Generating certificates for Elasticsearch security (generating CA)
-  shell: >-
-    /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --in 
-    {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip
+  command: >-
+    /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem
+    --in {{ node_certs_source }}/instances.yml
+    --out {{ node_certs_source }}/certs.zip
  when:
    - node_certs_generator
    - not xpack_certs_zip.stat.exists
@ -70,37 +71,40 @@
  tags: xpack-security

 - name: Generating certificates for Elasticsearch security (using provided CA | Without CA Password)
-  shell: >- 
-    /usr/share/elasticsearch/bin/elasticsearch-certutil cert 
-    --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} 
-    --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip
+  command: >-
+    /usr/share/elasticsearch/bin/elasticsearch-certutil cert
+    --ca-key {{ node_certs_source }}/{{ ca_key_name }}
+    --ca-cert {{ node_certs_source }}/{{ ca_cert_name }}
+    --pem --in {{ node_certs_source }}/instances.yml
+    --out {{ node_certs_source }}/certs.zip
  when:
    - node_certs_generator
    - not xpack_certs_zip.stat.exists
    - not generate_CA
-    - ca_password == ""
+    - ca_password | length == 0
  tags: xpack-security

 - name: Generating certificates for Elasticsearch security (using provided CA | Using CA Password)
-  shell: >- 
-    /usr/share/elasticsearch/bin/elasticsearch-certutil cert 
-    --ca-key {{ node_certs_source }}/{{ ca_key_name }} --ca-cert {{ node_certs_source }}/{{ ca_cert_name }} 
-    --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip 
-    --ca-pass {{ca_password}}
+  command: >-
+    /usr/share/elasticsearch/bin/elasticsearch-certutil cert
+    --ca-key {{ node_certs_source }}/{{ ca_key_name }}
+    --ca-cert {{ node_certs_source }}/{{ ca_cert_name }}
+    --pem --in {{ node_certs_source }}/instances.yml --out {{ node_certs_source }}/certs.zip
+    --ca-pass {{ ca_password }}
  when:
    - node_certs_generator
    - not xpack_certs_zip.stat.exists
    - not generate_CA
-    - ca_password != ""
-  tags: xpack-security 
-  
+    - ca_password | length > 0
+  tags: xpack-security
+
 - name: Verify the Elastic certificates directory
  file:
    path: "{{ master_certs_path }}"
    state: directory
    mode: '0700'
  delegate_to: "127.0.0.1"
-  when: 
+  when:
    - node_certs_generator

 - name: Verify the Certificates Authority directory
@ -109,7 +113,7 @@
    state: directory
    mode: '0700'
  delegate_to: "127.0.0.1"
-  when: 
+  when:
    - node_certs_generator

 - name: Copying certificates to Ansible master
@ -118,7 +122,7 @@
    dest: "{{ master_certs_path }}/"
    flat: yes
    mode: 0700
-  when: 
+  when:
    - node_certs_generator
  tags: xpack-security

@ -126,39 +130,39 @@
  file:
    state: absent
    path: "{{ node_certs_source }}/certs.zip"
-  when: 
+  when:
    - node_certs_generator
-    
+
 - name: Unzip generated certs.zip
  unarchive:
-    src: "{{master_certs_path}}/certs.zip"
-    dest: "{{master_certs_path}}/"
+    src: "{{ master_certs_path }}/certs.zip"
+    dest: "{{ master_certs_path }}/"
  become: true
  delegate_to: "127.0.0.1"
-  when: 
+  when:
    - node_certs_generator
  tags: xpack-security

 - name: Copying node's certificate from master
  copy:
-    src: "{{item}}"
-    dest: "{{node_certs_destination}}/"
+    src: "{{ item }}"
+    dest: "{{ node_certs_destination }}/"
  with_items:
-    - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" 
-    - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt"
-    - "{{master_certs_path}}/ca/ca.crt"
+    - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key"
+    - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt"
+    - "{{ master_certs_path }}/ca/ca.crt"
  when:
    - generate_CA
  tags: xpack-security

 - name: Copying node's certificate from master (Custom CA)
  copy:
-    src: "{{item}}"
-    dest: "{{node_certs_destination}}/"
-  with_items: 
-    - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key" 
-    - "{{master_certs_path}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt"
-    - "{{master_certs_path}}/ca/{{ca_cert_name}}"
+    src: "{{ item }}"
+    dest: "{{ node_certs_destination }}/"
+  with_items:
+    - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key"
+    - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.crt"
+    - "{{ master_certs_path }}/ca/{{ ca_cert_name }}"
  when:
    - not generate_CA
  tags: xpack-security
@ -175,8 +179,8 @@
  tags: xpack-security

 - name: Set elasticsearch bootstrap password
-  shell: >-
+  command: >-
+     set -o pipefail
     echo {{ elasticsearch_xpack_security_password }} | {{ node_certs_source }}/bin/elasticsearch-keystore add -xf bootstrap.password
  when:
    - node_certs_generator
-    
--- a/roles/wazuh/ansible-filebeat/tasks/main.yml
+++ b/roles/wazuh/ansible-filebeat/tasks/main.yml
@ -28,25 +28,25 @@

 - name: Copying node's certificate from master
  copy:
-    src: "{{item}}"
-    dest: "{{node_certs_destination}}/"
-  with_items: 
-    - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.key" 
-    - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.crt"
-    - "{{master_certs_path}}/ca/ca.crt"
+    src: "{{ item }}"
+    dest: "{{ node_certs_destination }}/"
+  with_items:
+    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key"
+    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt"
+    - "{{ master_certs_path }}/ca/ca.crt"
  when:
    - generate_CA
    - filebeat_xpack_security
  tags: xpack-security
-  
+
 - name: Copying node's certificate from master (Custom CA)
  copy:
-    src: "{{item}}"
-    dest: "{{node_certs_destination}}/"
-  with_items: 
-    - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.key" 
-    - "{{master_certs_path}}/{{filebeat_node_name}}/{{ filebeat_node_name }}.crt"
-    - "{{master_certs_path}}/ca/{{ca_cert_name}}"
+    src: "{{ item }}"
+    dest: "{{ node_certs_destination }}/"
+  with_items:
+    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key"
+    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.crt"
+    - "{{ master_certs_path }}/ca/{{ ca_cert_name }}"
  when:
    - not generate_CA
    - filebeat_xpack_security