Add vars and conditionals to control certs generation and installation

2020-06-30 19:22:42 +02:00 · 2020-06-30 19:22:42 +02:00 · 5a845d69f1
commit 5a845d69f1
parent 2ad6d87ef7
2 changed files with 93 additions and 82 deletions
--- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml
+++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml
@ -66,3 +66,7 @@ elasticrepo:

 opendistro_admin_password: changeme
 opendistro_kibana_password: changeme
+
+# Deployment settings
+generate_certs: true
+perform_installation: true
--- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml
+++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml
@ -1,87 +1,94 @@
 ---

 - import_tasks: local_actions.yml
-
- import_tasks: RedHat.yml
-  when: ansible_os_family == 'RedHat'
-
- name: Install OpenDistro
-  package:
-    name: opendistroforelasticsearch-{{ opendistro_version }}
-    state: present
-  register: install
-  tags: install
-
- name: Remove elasticsearch configuration file
-  file:
-    path: "{{ opendistro_conf_path }}/elasticsearch.yml"
-    state: absent
-  when: install.changed
-  tags: install
-
- name: Copy Configuration File
-  blockinfile:
-    block: "{{ lookup('template', 'elasticsearch.yml.j2') }}"
-    dest: "{{ opendistro_conf_path }}/elasticsearch.yml"
-    create: true
-    group: elasticsearch
-    mode: 0640
-    marker: "## {mark} Opendistro general settings ##"
-  when: install.changed
-  tags: install
-
- import_tasks: security_actions.yml
-
- name: Configure OpenDistro Elasticsearch JVM memmory.
-  template:
-    src: "templates/jvm.options.j2"
-    dest: /etc/elasticsearch/jvm.options
-    owner: root
-    group: elasticsearch
-    mode: 0644
-    force: yes
-  notify: restart elasticsearch
-  tags: install
-
- name: Ensure Elasticsearch started and enabled
-  service:
-    name: elasticsearch
-    enabled: true
-    state: started
-
- name: Wait for Elasticsearch API
-  uri:
-    url: "https://{{ inventory_hostname }}:9200/_cluster/health/"
-    user: "admin" # Default OpenDistro user is always "admin"
-    password: "{{ opendistro_admin_password }}"
-    validate_certs: no
-    status_code: 200,401
-    return_content: yes
-    timeout: 4
-  register: _result
-  until: (  _result.json is defined) and (_result.json.status == "green")
-  retries: 24
-  delay: 5
-  tags: debug
  when:
-    - hostvars[inventory_hostname]['private_ip'] is not defined or hostvars[inventory_hostname]['private_ip'] == ""
+    - generate_certs == true

- name: Wait for Elasticsearch API (Private IP)
-  uri:
-    url: "https://{{ hostvars[inventory_hostname]['private_ip'] }}:9200/_cluster/health/"
-    user: "admin" # Default OpenDistro user is always "admin"
-    password: "{{ opendistro_admin_password }}"
-    validate_certs: no
-    status_code: 200,401
-    return_content: yes
-    timeout: 4
-  register: _result
-  until: (  _result.json is defined) and (_result.json.status == "green")
-  retries: 24
-  delay: 5
-  tags: debug
-  when:
-    - hostvars[inventory_hostname]['private_ip'] is defined and  hostvars[inventory_hostname]['private_ip'] != ""
+- block:

- import_tasks: "RMRedHat.yml"
-  when: ansible_os_family == "RedHat"
+  - import_tasks: RedHat.yml
+    when: ansible_os_family == 'RedHat'
+
+
+  - name: Install OpenDistro
+    package:
+      name: opendistroforelasticsearch-{{ opendistro_version }}
+      state: present
+    register: install
+    tags: install
+
+  - name: Remove elasticsearch configuration file
+    file:
+      path: "{{ opendistro_conf_path }}/elasticsearch.yml"
+      state: absent
+    when: install.changed
+    tags: install
+
+  - name: Copy Configuration File
+    blockinfile:
+      block: "{{ lookup('template', 'elasticsearch.yml.j2') }}"
+      dest: "{{ opendistro_conf_path }}/elasticsearch.yml"
+      create: true
+      group: elasticsearch
+      mode: 0640
+      marker: "## {mark} Opendistro general settings ##"
+    when: install.changed
+    tags: install
+
+  - import_tasks: security_actions.yml
+
+  - name: Configure OpenDistro Elasticsearch JVM memmory.
+    template:
+      src: "templates/jvm.options.j2"
+      dest: /etc/elasticsearch/jvm.options
+      owner: root
+      group: elasticsearch
+      mode: 0644
+      force: yes
+    notify: restart elasticsearch
+    tags: install
+
+  - name: Ensure Elasticsearch started and enabled
+    service:
+      name: elasticsearch
+      enabled: true
+      state: started
+
+  - name: Wait for Elasticsearch API
+    uri:
+      url: "https://{{ inventory_hostname }}:9200/_cluster/health/"
+      user: "admin" # Default OpenDistro user is always "admin"
+      password: "{{ opendistro_admin_password }}"
+      validate_certs: no
+      status_code: 200,401
+      return_content: yes
+      timeout: 4
+    register: _result
+    until: (  _result.json is defined) and (_result.json.status == "green")
+    retries: 24
+    delay: 5
+    tags: debug
+    when:
+      - hostvars[inventory_hostname]['private_ip'] is not defined or hostvars[inventory_hostname]['private_ip'] == ""
+
+  - name: Wait for Elasticsearch API (Private IP)
+    uri:
+      url: "https://{{ hostvars[inventory_hostname]['private_ip'] }}:9200/_cluster/health/"
+      user: "admin" # Default OpenDistro user is always "admin"
+      password: "{{ opendistro_admin_password }}"
+      validate_certs: no
+      status_code: 200,401
+      return_content: yes
+      timeout: 4
+    register: _result
+    until: (  _result.json is defined) and (_result.json.status == "green")
+    retries: 24
+    delay: 5
+    tags: debug
+    when:
+      - hostvars[inventory_hostname]['private_ip'] is defined and  hostvars[inventory_hostname]['private_ip'] != ""
+
+  - import_tasks: "RMRedHat.yml"
+    when: ansible_os_family == "RedHat"
+
+  when: perform_installation == true