From a2fe75775e3cab2ef2d4bd246f8379245f066a3e Mon Sep 17 00:00:00 2001
From: "Manuel J. Bernal" <manu.asi2@gmail.com>
Date: Fri, 8 May 2020 18:43:01 +0200
Subject: [PATCH] Added new variables

---
 .../defaults/main.yml                         | 13 ++++--------
 .../tasks/LocalActions.yml                    | 20 +++++++++----------
 .../tasks/SecurityActions.yml                 |  4 ++--
 3 files changed, 16 insertions(+), 21 deletions(-)

diff --git a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml
index b71b67de..9103b4ad 100644
--- a/roles/opendistro/opendistro-elasticsearch/defaults/main.yml
+++ b/roles/opendistro/opendistro-elasticsearch/defaults/main.yml
@@ -39,6 +39,9 @@ opendistro_jvm_xms: null
 
 opendistro_http_port: 9200
 
+# Url of Search Guard certificates generator tool
+certs_gen_tool_url: https://releases.floragunn.com/search-guard-tlstool/1.7/search-guard-tlstool-1.7.zip
+
 elasticrepo:
   apt: 'https://artifacts.elastic.co/packages/7.x/apt'
   yum: 'https://artifacts.elastic.co/packages/7.x/yum'
@@ -50,13 +53,5 @@ opendistro_kibana_password: changeme
 # Cluster Settings
 single_node: true
 opendistro_cluster_name: wazuh
-opendistro_node_name: node-1
-opendistro_bootstrap_node: false
-opendistro_node_master: false
-opendistro_cluster_nodes:
-  - 127.0.0.1
-opendistro_discovery_nodes:
-  - 127.0.0.1
-opendistro_node_data: true
-opendistro_node_ingest: true
 
+local_certs_path: /tmp/opendistro-nodecerts
\ No newline at end of file
diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/LocalActions.yml b/roles/opendistro/opendistro-elasticsearch/tasks/LocalActions.yml
index 8ff56b64..50d4016c 100644
--- a/roles/opendistro/opendistro-elasticsearch/tasks/LocalActions.yml
+++ b/roles/opendistro/opendistro-elasticsearch/tasks/LocalActions.yml
@@ -4,27 +4,27 @@
   - name: Local action | Create local temporary directory for certificates generation
     local_action:
       module: file
-      path: /tmp/opendistro-nodecerts
+      path: {{ local_certs_path }}
       state: directory
     run_once: true
     
   - name: Local action | Download certificates generation tool
     local_action:
       module: get_url
-      url: https://releases.floragunn.com/search-guard-tlstool/1.7/search-guard-tlstool-1.7.zip
-      dest: /tmp/opendistro-nodecerts/search-guard-tlstool-1.7.zip
-    run_once: /tmp/opendistro-nodecerts/search-guard-tlstool.zip
+      url: "{{ certs_gen_tool_url }}"
+      dest: "{{ local_certs_path }}/search-guard-tlstool-1.7.zip"
+    run_once: "{{ local_certs_path }}/search-guard-tlstool.zip"
 
   - name: Local action | Extract the certificates generation tool
     local_action:
       module: unarchive
-      src: /tmp/opendistro-nodecerts/search-guard-tlstool-1.7.zip
-      dest: /tmp/opendistro-nodecerts/
+      src: "{{ local_certs_path }}/search-guard-tlstool-1.7.zip"
+      dest: "{{ local_certs_path }}/"
 
   - name: Local action | Add the execution bit to the binary
     local_action:
       module: file
-      dest: /tmp/opendistro-nodecerts/tools/sgtlstool.sh
+      dest: "{{ local_certs_path }}/tools/sgtlstool.sh"
       mode: a+x
     run_once: true
 
@@ -32,18 +32,18 @@
     local_action:
       module: template
       src: "templates/tlsconfig.yml.j2"
-      dest: /tmp/opendistro-nodecerts/config/tlsconfig.yml
+      dest: "{{ local_certs_path }}/config/tlsconfig.yml"
     run_once: true
 
   - name: Local action | Check if root CA file exists
     local_action:
       module: stat 
-      path: /tmp/opendistro-nodecerts/config/root-ca.key
+      path: "{{ local_certs_path }}/config/root-ca.key"
     register: root_ca_file
 
   - name: Local action | Generate the node & admin certificates in local
     local_action:
-      module: command /tmp/opendistro-nodecerts/tools/sgtlstool.sh -c /tmp/opendistro-nodecerts/config/tlsconfig.yml -ca -crt -t /tmp/opendistro-nodecerts/config/ -f -o
+      module: command {{ local_certs_path }}/tools/sgtlstool.sh -c {{ local_certs_path }}/config/tlsconfig.yml -ca -crt -t {{ local_certs_path }}/config/ -f -o
     run_once: true
     when: root_ca_file.stat.exists == False
 
diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/SecurityActions.yml b/roles/opendistro/opendistro-elasticsearch/tasks/SecurityActions.yml
index 8572d864..3c8293f5 100644
--- a/roles/opendistro/opendistro-elasticsearch/tasks/SecurityActions.yml
+++ b/roles/opendistro/opendistro-elasticsearch/tasks/SecurityActions.yml
@@ -12,7 +12,7 @@
 
   - name: Copy the node & admin certificates to Elasticsearch cluster
     copy:
-      src: "/tmp/opendistro-nodecerts/config/{{ item }}"
+      src: "{{ local_certs_path }}/config/{{ item }}"
       dest: /etc/elasticsearch/
       mode: 0644
     with_items:
@@ -28,7 +28,7 @@
 
   - name: Copy the opendistro security configuration file to cluster
     blockinfile:
-      block: "{{ lookup('file', '/tmp/opendistro-nodecerts/config/{{ inventory_hostname }}_elasticsearch_config_snippet.yml') }}"
+      block: "{{ lookup('file', '{{ local_certs_path }}/config/{{ inventory_hostname }}_elasticsearch_config_snippet.yml') }}"
       dest: "{{ opendistro_conf_path }}/elasticsearch.yml"
       insertafter: EOF
       marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##"