108 lines
3.7 KiB
YAML
108 lines
3.7 KiB
YAML
---
|
|
|
|
- name: RedHat/CentOS/Fedora | Add OpenDistro repo
|
|
yum_repository:
|
|
file: opendistro
|
|
name: opendistro_repo
|
|
description: Opendistro yum repository
|
|
baseurl: "{{ package_repos.yum.opendistro.baseurl }}"
|
|
gpgkey: "{{ package_repos.yum.opendistro.gpg }}"
|
|
gpgcheck: true
|
|
changed_when: false
|
|
|
|
- name: RedHat/CentOS/Fedora | Add Elasticsearch-oss repo
|
|
yum_repository:
|
|
file: opendistro
|
|
name: elasticsearch_oss_repo
|
|
description: Elasticsearch-oss yum repository
|
|
baseurl: "{{ package_repos.yum.elasticsearch_oss.baseurl }}"
|
|
gpgkey: "{{ package_repos.yum.elasticsearch_oss.gpg }}"
|
|
gpgcheck: true
|
|
changed_when: false
|
|
|
|
- name: RedHat/CentOS/Fedora | Install OpenJDK 11
|
|
yum: name=java-11-openjdk-devel state=present
|
|
|
|
- name: RedHat/CentOS/Fedora | Install OpenDistro dependencies
|
|
yum:
|
|
name: "{{ packages }}"
|
|
vars:
|
|
packages:
|
|
- wget
|
|
- unzip
|
|
|
|
- name: RedHat/CentOS/Fedora | Install OpenDistro
|
|
package: name=opendistroforelasticsearch-{{ opendistro_version }} state=present
|
|
register: install
|
|
|
|
|
|
- name: RedHat/CentOS/Fedora | Copy the node & admin certificates to Elasticsearch cluster
|
|
copy:
|
|
src: "/tmp/opendistro-nodecerts/config/{{ item }}"
|
|
dest: /etc/elasticsearch/
|
|
mode: 0644
|
|
with_items:
|
|
- root-ca.pem
|
|
- root-ca.key
|
|
- "{{ inventory_hostname }}.key"
|
|
- "{{ inventory_hostname }}.pem"
|
|
- "{{ inventory_hostname }}_http.key"
|
|
- "{{ inventory_hostname }}_http.pem"
|
|
- "{{ inventory_hostname }}_elasticsearch_config_snippet.yml"
|
|
- admin.key
|
|
- admin.pem
|
|
when: install.changed
|
|
|
|
- name: RedHat/CentOS/Fedora | Copy the opendistro security configuration file to cluster
|
|
blockinfile:
|
|
block: "{{ lookup('file', '/tmp/opendistro-nodecerts/config/{{ inventory_hostname }}_elasticsearch_config_snippet.yml') }}"
|
|
dest: "{{ opendistro_conf_path }}/elasticsearch.yml"
|
|
backup: yes
|
|
insertafter: EOF
|
|
marker: "## {mark} Opendistro Security Node & Admin certificates configuration ##"
|
|
when: install.changed
|
|
|
|
- name: RedHat/CentOS/Fedora | Prepare the opendistro security configuration file
|
|
command: sed -i 's/searchguard/opendistro_security/g' {{ opendistro_conf_path }}/elasticsearch.yml
|
|
when: install.changed
|
|
|
|
- name: RedHat/CentOS/Fedora | Restart elasticsearch with security configuration
|
|
systemd:
|
|
name: elasticsearch
|
|
state: restarted
|
|
when: install.changed
|
|
|
|
- name: RedHat/CentOS/Fedora | Copy the opendistro security internal users template
|
|
template:
|
|
src: "templates/internal_users.yml.j2"
|
|
dest: "{{ opendistro_sec_plugin_conf_path }}/internal_users.yml"
|
|
mode: 0644
|
|
run_once: true
|
|
when: install.changed
|
|
|
|
- name: RedHat/CentOS/Fedora | Set the Admin user password
|
|
shell: >
|
|
sed -i 's,{{ admin_password }},'$(sh {{ opendistro_sec_plugin_tools_path }}/hash.sh -p {{ admin_password }} | tail -1)','
|
|
{{ opendistro_sec_plugin_conf_path }}/internal_users.yml
|
|
run_once: true
|
|
when: install.changed
|
|
|
|
- name: RedHat/CentOS/Fedora | Set the kibanaserver user pasword
|
|
shell: >
|
|
sed -i 's,{{ kibanaserver_password }},'$(sh {{ opendistro_sec_plugin_tools_path }}/hash.sh -p {{ kibanaserver_password }} | tail -1)','
|
|
{{ opendistro_sec_plugin_conf_path }}/internal_users.yml
|
|
run_once: true
|
|
when: install.changed
|
|
|
|
- name: RedHat/CentOS/Fedora | Initialize the opendistro security index in elasticsearch
|
|
shell: >
|
|
sh {{ opendistro_sec_plugin_tools_path }}/securityadmin.sh
|
|
-cacert {{ opendistro_conf_path }}/root-ca.pem
|
|
-cert {{ opendistro_conf_path }}/admin.pem
|
|
-key {{ opendistro_conf_path }}/admin.key
|
|
-cd {{ opendistro_sec_plugin_conf_path }}/
|
|
-nhnv -icl
|
|
-h {{ hostvars[inventory_hostname]['ip'] }}
|
|
run_once: true
|
|
when: install.changed
|