--- # Copyright (C) 2021 Maciej Delmanowski # Copyright (C) 2021 DebOps # SPDX-License-Identifier: GPL-3.0-only - name: Check status of built-in users via Elasticsearch API ansible.builtin.uri: url: '{{ elasticsearch__api_base_url + "/_security/user/elastic" }}' user: "{{ elasticsearch__api_username }}" password: "{{ elasticsearch__api_password }}" force_basic_auth: True method: 'GET' status_code: [ '200', '401' ] register: elasticsearch__register_api_builtin_users until: elasticsearch__register_api_builtin_users.status in [200, 401] retries: 10 delay: 5 no_log: '{{ debops__no_log | d(True) }}' - name: Initialize built-in users in Elasticsearch ansible.builtin.shell: "set -o nounset -o pipefail -o errexit && bin/elasticsearch-setup-passwords auto --batch | awk '$1 ~ /^PASSWORD/ {print $2, $4}'" args: executable: 'bash' chdir: '/usr/share/elasticsearch' register: elasticsearch__register_builtin_users changed_when: False when: ((not (ansible_local.elasticsearch.configured | d()) | bool) or elasticsearch__register_api_builtin_users.status == 401) no_log: '{{ debops__no_log | d(True) }}' - name: Create required directories on Ansible Controller ansible.builtin.file: path: '{{ secret + "/" + elasticsearch__secret_path + "/" + item.split()[0] }}' state: 'directory' mode: '0755' loop: '{{ elasticsearch__register_builtin_users.stdout_lines }}' become: False delegate_to: 'localhost' when: elasticsearch__register_builtin_users.stdout_lines | d() no_log: '{{ debops__no_log | d(True) }}' - name: Save generated user passwords on Ansible Controller ansible.builtin.copy: content: '{{ item.split()[1] }}' dest: '{{ secret + "/" + elasticsearch__secret_path + "/" + item.split()[0] + "/password" }}' mode: '0644' loop: '{{ elasticsearch__register_builtin_users.stdout_lines }}' become: False delegate_to: 'localhost' when: elasticsearch__register_builtin_users.stdout_lines | d() no_log: '{{ debops__no_log | d(True) }}'