Merge pull request #429 from wazuh/PR425

Merge PR425
2020-06-18 11:46:13 +02:00 · 2020-06-18 11:46:13 +02:00 · 9246d7d694
commit 9246d7d694
parent 517fc31932 5d211c3b41
3 changed files with 20 additions and 14 deletions
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
@ -152,6 +152,8 @@
  copy:
    src: "{{ item }}"
    dest: "{{ node_certs_destination }}/"
    owner: root
    group: elasticsearch
    mode: 0440
  with_items:
    - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key"
@ -167,6 +169,8 @@
  copy:
    src: "{{ item }}"
    dest: "{{ node_certs_destination }}/"
    owner: root
    group: elasticsearch
    mode: 0440
  with_items:
    - "{{ master_certs_path }}/{{ elasticsearch_node_name }}/{{ elasticsearch_node_name }}.key"
@ -181,9 +185,11 @@
 - name: Ensuring folder permissions
  file:
    path: "{{ node_certs_destination }}/"
-    mode: 0774
+    owner: root
    group: elasticsearch
    mode: 0770
    state: directory
-    recurse: yes
+    recurse: no
  when:
    - elasticsearch_xpack_security
    - generate_CA
--- a/roles/elastic-stack/ansible-kibana/tasks/main.yml
+++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml
@ -28,6 +28,8 @@
  copy:
    src: "{{ item }}"
    dest: "{{ node_certs_destination }}/"
    owner: root
    group: kibana
    mode: 0440
  with_items:
    - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key"
@ -42,6 +44,8 @@
  copy:
    src: "{{ item }}"
    dest: "{{ node_certs_destination }}/"
    owner: root
    group: kibana
    mode: 0440
  with_items:
    - "{{ master_certs_path }}/{{ kibana_node_name }}/{{ kibana_node_name }}.key"
@ -52,22 +56,14 @@
    - not generate_CA
  tags: xpack-security
- name: Ensuring certificates folder owner
+- name: Ensuring certificates folder owner and permissions
  file:
    path: "{{ node_certs_destination }}/"
    state: directory
-    recurse: yes
+    recurse: no
    owner: kibana
    group: kibana
  when:
    - kibana_xpack_security
  tags: xpack-security
 - name: Ensuring certificates folder owner
  file:
    path: "{{ node_certs_destination }}/"
    mode: 0770
    recurse: yes
  when:
    - kibana_xpack_security
  notify: restart kibana
--- a/roles/wazuh/ansible-filebeat/tasks/main.yml
+++ b/roles/wazuh/ansible-filebeat/tasks/main.yml
@ -30,6 +30,8 @@
  copy:
    src: "{{ item }}"
    dest: "{{ node_certs_destination }}/"
    owner: root
    group: root
    mode: 0440
  with_items:
    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key"
@ -44,6 +46,8 @@
  copy:
    src: "{{ item }}"
    dest: "{{ node_certs_destination }}/"
    owner: root
    group: root
    mode: 0440
  with_items:
    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key"
@ -57,9 +61,9 @@
 - name: Ensuring folder & certs permissions
  file:
    path: "{{ node_certs_destination }}/"
-    mode: 0774
+    mode: 0770
    state: directory
-    recurse: yes
+    recurse: no
  when:
    - filebeat_xpack_security
  tags: xpack-security