Modified task propagation of certificates
This commit is contained in:
Jose M
parent
337e3de09f
commit
5d4e53b089
@ -110,55 +110,83 @@
|
||||
register: certs_file_generated
|
||||
tags: xpack-security
|
||||
|
||||
# - name: Unzip generated certs.zip
|
||||
# unarchive:
|
||||
# src: "{{node_certs_source}}/certs.zip"
|
||||
# dest: "{{node_certs_source}}/"
|
||||
# remote_src: yes
|
||||
# when:
|
||||
# - node_certs_generator
|
||||
# - elasticsearch_xpack_security
|
||||
# - certs_file_generated is defined
|
||||
# - not certificate_file_exists.stat.exists
|
||||
# tags: xpack-security
|
||||
|
||||
# - name: Copy key & certificate files in generator node (locally)
|
||||
# synchronize:
|
||||
# src: "{{node_certs_source}}/{{elasticsearch_node_name}}/"
|
||||
# dest: "{{node_certs_destination}}/"
|
||||
# delegate_to: "{{ node_certs_generator_ip }}"
|
||||
# when:
|
||||
# - node_certs_generator
|
||||
# - elasticsearch_xpack_security
|
||||
# tags: xpack-security
|
||||
|
||||
# - name: Copy ca certificate file in generator node (locally)
|
||||
# synchronize:
|
||||
# src: "{{node_certs_source}}/ca/"
|
||||
# dest: "{{node_certs_destination}}/"
|
||||
# delegate_to: "{{ node_certs_generator_ip }}"
|
||||
# register: check_certs_permissions
|
||||
# when:
|
||||
# - node_certs_generator
|
||||
# - elasticsearch_xpack_security
|
||||
# tags: xpack-security
|
||||
|
||||
- name: Create the certificates directory
|
||||
file:
|
||||
path: "{{master_certs_destination}}"
|
||||
state: directory
|
||||
mode: '0700'
|
||||
delegate_to: "127.0.0.1"
|
||||
when:
|
||||
- node_certs_generator
|
||||
- elasticsearch_xpack_security
|
||||
|
||||
- name: Copying certificates to Ansible master
|
||||
fetch:
|
||||
src: "{{node_certs_source}}/certs.zip"
|
||||
dest: "{{master_certs_destination}}/"
|
||||
flat: yes
|
||||
mode: 0700
|
||||
when:
|
||||
- node_certs_generator
|
||||
- elasticsearch_xpack_security
|
||||
tags: xpack-security
|
||||
|
||||
- name: Unzip generated certs.zip
|
||||
unarchive:
|
||||
src: "{{node_certs_source}}/certs.zip"
|
||||
dest: "{{node_certs_source}}/"
|
||||
remote_src: yes
|
||||
when:
|
||||
- node_certs_generator
|
||||
- elasticsearch_xpack_security
|
||||
- certs_file_generated is defined
|
||||
- not certificate_file_exists.stat.exists
|
||||
tags: xpack-security
|
||||
|
||||
- name: Copy key & certificate files in generator node (locally)
|
||||
synchronize:
|
||||
src: "{{node_certs_source}}/{{elasticsearch_node_name}}/"
|
||||
dest: "{{node_certs_destination}}/"
|
||||
delegate_to: "{{ node_certs_generator_ip }}"
|
||||
src: "{{master_certs_destination}}/certs.zip"
|
||||
dest: "{{master_certs_destination}}/"
|
||||
become: true
|
||||
delegate_to: "127.0.0.1"
|
||||
when:
|
||||
- node_certs_generator
|
||||
- elasticsearch_xpack_security
|
||||
tags: xpack-security
|
||||
|
||||
- name: Copy ca certificate file in generator node (locally)
|
||||
synchronize:
|
||||
src: "{{node_certs_source}}/ca/"
|
||||
dest: "{{node_certs_destination}}/"
|
||||
delegate_to: "{{ node_certs_generator_ip }}"
|
||||
register: check_certs_permissions
|
||||
when:
|
||||
- node_certs_generator
|
||||
- elasticsearch_xpack_security
|
||||
tags: xpack-security
|
||||
|
||||
- name: Importing key & certificate files from generator node
|
||||
shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/{{elasticsearch_node_name}}/ {{node_certs_destination}}/"
|
||||
when:
|
||||
- not node_certs_generator
|
||||
- elasticsearch_xpack_security
|
||||
- not certificate_file_exists.stat.exists
|
||||
tags: xpack-security
|
||||
|
||||
- name: Importing ca certificate file from generator node
|
||||
shell: "{{rsync_path}} {{rsync_extra_parameters}} {{rsync_user}}@{{node_certs_generator_ip}}:{{node_certs_source}}/ca/ {{node_certs_destination}}/"
|
||||
when:
|
||||
- not node_certs_generator
|
||||
- elasticsearch_xpack_security
|
||||
- not certificate_file_exists.stat.exists
|
||||
register: check_certs_permissions
|
||||
tags: xpack-security
|
||||
# - name: Unzip generated certs.zip
|
||||
# unarchive:
|
||||
# src: "/tmp/elastic_certificates/certs.zip"
|
||||
# dest: "/tmp/elastic_certificates"
|
||||
# become: true
|
||||
# when:
|
||||
# - node_certs_generator
|
||||
# - elasticsearch_xpack_security
|
||||
# - certs_file_generated is defined
|
||||
# - not certificate_file_exists.stat.exists
|
||||
# tags: xpack-security
|
||||
|
||||
|
||||
- name: Ensuring certificates folder owner
|
||||
shell: "chown -R elasticsearch: {{node_certs_destination}}/"
|
||||
@ -173,15 +201,28 @@
|
||||
- check_certs_permissions is defined
|
||||
- elasticsearch_xpack_security
|
||||
tags: xpack-security
|
||||
|
||||
|
||||
- name: Remove generated certs file
|
||||
shell: /bin/rm -f {{node_certs_source}}/certs.zip*
|
||||
when:
|
||||
- node_certs_generator
|
||||
- elasticsearch_xpack_security
|
||||
|
||||
# Importing certificates
|
||||
|
||||
- name: Copying node's certificate from master
|
||||
copy:
|
||||
src: "{{item}}"
|
||||
dest: "{{node_certs_destination}}/"
|
||||
with_items:
|
||||
- "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.key"
|
||||
- "{{master_certs_destination}}/{{elasticsearch_node_name}}/{{ elasticsearch_node_name }}.crt"
|
||||
- "{{master_certs_destination}}/ca/ca.crt"
|
||||
tags: xpack-security
|
||||
|
||||
|
||||
# - name: Remove generated certs file
|
||||
# shell: /bin/rm -f {{node_certs_source}}/certs.zip*
|
||||
# when:
|
||||
# - node_certs_generator
|
||||
# - elasticsearch_xpack_security
|
||||
# tags: xpack-security
|
||||
|
||||
- name: Configure Elasticsearch.
|
||||
template:
|
||||
src: elasticsearch.yml.j2
|
||||
|
||||
Loading…
Reference in New Issue
Block a user