From 5a845d69f1887e5cdc64b698a8cd55b8b6f7f338 Mon Sep 17 00:00:00 2001 From: Jose M Date: Tue, 30 Jun 2020 19:22:42 +0200 Subject: [PATCH] Add vars and conditionals to control certs generation and installation --- .../defaults/main.yml | 6 +- .../opendistro-elasticsearch/tasks/main.yml | 169 +++++++++--------- 2 files changed, 93 insertions(+), 82 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml index 08aa6f82..29d3ad46 100644 --- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml @@ -65,4 +65,8 @@ elasticrepo: key_id: '46095ACC8548582C1A2699A9D27D666CD88E42B4' opendistro_admin_password: changeme -opendistro_kibana_password: changeme \ No newline at end of file +opendistro_kibana_password: changeme + +# Deployment settings +generate_certs: true +perform_installation: true \ No newline at end of file diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index 03fd4ce1..e76cb351 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -1,87 +1,94 @@ --- - import_tasks: local_actions.yml - -- import_tasks: RedHat.yml - when: ansible_os_family == 'RedHat' - -- name: Install OpenDistro - package: - name: opendistroforelasticsearch-{{ opendistro_version }} - state: present - register: install - tags: install - -- name: Remove elasticsearch configuration file - file: - path: "{{ opendistro_conf_path }}/elasticsearch.yml" - state: absent - when: install.changed - tags: install - -- name: Copy Configuration File - blockinfile: - block: "{{ lookup('template', 'elasticsearch.yml.j2') }}" - dest: "{{ opendistro_conf_path }}/elasticsearch.yml" - create: true - group: elasticsearch - mode: 0640 - marker: "## {mark} Opendistro general settings ##" - when: install.changed - tags: install - -- import_tasks: security_actions.yml - -- name: Configure OpenDistro Elasticsearch JVM memmory. - template: - src: "templates/jvm.options.j2" - dest: /etc/elasticsearch/jvm.options - owner: root - group: elasticsearch - mode: 0644 - force: yes - notify: restart elasticsearch - tags: install - -- name: Ensure Elasticsearch started and enabled - service: - name: elasticsearch - enabled: true - state: started - -- name: Wait for Elasticsearch API - uri: - url: "https://{{ inventory_hostname }}:9200/_cluster/health/" - user: "admin" # Default OpenDistro user is always "admin" - password: "{{ opendistro_admin_password }}" - validate_certs: no - status_code: 200,401 - return_content: yes - timeout: 4 - register: _result - until: ( _result.json is defined) and (_result.json.status == "green") - retries: 24 - delay: 5 - tags: debug when: - - hostvars[inventory_hostname]['private_ip'] is not defined or hostvars[inventory_hostname]['private_ip'] == "" + - generate_certs == true -- name: Wait for Elasticsearch API (Private IP) - uri: - url: "https://{{ hostvars[inventory_hostname]['private_ip'] }}:9200/_cluster/health/" - user: "admin" # Default OpenDistro user is always "admin" - password: "{{ opendistro_admin_password }}" - validate_certs: no - status_code: 200,401 - return_content: yes - timeout: 4 - register: _result - until: ( _result.json is defined) and (_result.json.status == "green") - retries: 24 - delay: 5 - tags: debug - when: - - hostvars[inventory_hostname]['private_ip'] is defined and hostvars[inventory_hostname]['private_ip'] != "" +- block: -- import_tasks: "RMRedHat.yml" - when: ansible_os_family == "RedHat" \ No newline at end of file + - import_tasks: RedHat.yml + when: ansible_os_family == 'RedHat' + + + - name: Install OpenDistro + package: + name: opendistroforelasticsearch-{{ opendistro_version }} + state: present + register: install + tags: install + + - name: Remove elasticsearch configuration file + file: + path: "{{ opendistro_conf_path }}/elasticsearch.yml" + state: absent + when: install.changed + tags: install + + - name: Copy Configuration File + blockinfile: + block: "{{ lookup('template', 'elasticsearch.yml.j2') }}" + dest: "{{ opendistro_conf_path }}/elasticsearch.yml" + create: true + group: elasticsearch + mode: 0640 + marker: "## {mark} Opendistro general settings ##" + when: install.changed + tags: install + + - import_tasks: security_actions.yml + + - name: Configure OpenDistro Elasticsearch JVM memmory. + template: + src: "templates/jvm.options.j2" + dest: /etc/elasticsearch/jvm.options + owner: root + group: elasticsearch + mode: 0644 + force: yes + notify: restart elasticsearch + tags: install + + - name: Ensure Elasticsearch started and enabled + service: + name: elasticsearch + enabled: true + state: started + + - name: Wait for Elasticsearch API + uri: + url: "https://{{ inventory_hostname }}:9200/_cluster/health/" + user: "admin" # Default OpenDistro user is always "admin" + password: "{{ opendistro_admin_password }}" + validate_certs: no + status_code: 200,401 + return_content: yes + timeout: 4 + register: _result + until: ( _result.json is defined) and (_result.json.status == "green") + retries: 24 + delay: 5 + tags: debug + when: + - hostvars[inventory_hostname]['private_ip'] is not defined or hostvars[inventory_hostname]['private_ip'] == "" + + - name: Wait for Elasticsearch API (Private IP) + uri: + url: "https://{{ hostvars[inventory_hostname]['private_ip'] }}:9200/_cluster/health/" + user: "admin" # Default OpenDistro user is always "admin" + password: "{{ opendistro_admin_password }}" + validate_certs: no + status_code: 200,401 + return_content: yes + timeout: 4 + register: _result + until: ( _result.json is defined) and (_result.json.status == "green") + retries: 24 + delay: 5 + tags: debug + when: + - hostvars[inventory_hostname]['private_ip'] is defined and hostvars[inventory_hostname]['private_ip'] != "" + + - import_tasks: "RMRedHat.yml" + when: ansible_os_family == "RedHat" + + when: perform_installation == true \ No newline at end of file