sophia/ansible-infra
0
0
Fork 0
forked from CCCHH/ansible-infra
Code Pull requests Activity
ansible-infra/ansible_collections/debops/debops/roles/elasticsearch/tasks/authentication.yml

52 lines
2.1 KiB
YAML
Raw Blame History

---
# Copyright (C) 2021 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2021 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
- name: Check status of built-in users via Elasticsearch API
ansible.builtin.uri:
url: '{{ elasticsearch__api_base_url + "/_security/user/elastic" }}'
user: "{{ elasticsearch__api_username }}"
password: "{{ elasticsearch__api_password }}"
force_basic_auth: True
method: 'GET'
status_code: [ '200', '401' ]
register: elasticsearch__register_api_builtin_users
until: elasticsearch__register_api_builtin_users.status in [200, 401]
retries: 10
delay: 5
no_log: '{{ debops__no_log | d(True) }}'
- name: Initialize built-in users in Elasticsearch
ansible.builtin.shell: "set -o nounset -o pipefail -o errexit &&
bin/elasticsearch-setup-passwords auto --batch | awk '$1 ~ /^PASSWORD/ {print $2, $4}'"
args:
executable: 'bash'
chdir: '/usr/share/elasticsearch'
register: elasticsearch__register_builtin_users
changed_when: False
when: ((not (ansible_local.elasticsearch.configured | d()) | bool) or
elasticsearch__register_api_builtin_users.status == 401)
no_log: '{{ debops__no_log | d(True) }}'
- name: Create required directories on Ansible Controller
ansible.builtin.file:
path: '{{ secret + "/" + elasticsearch__secret_path + "/" + item.split()[0] }}'
state: 'directory'
mode: '0755'
loop: '{{ elasticsearch__register_builtin_users.stdout_lines }}'
become: False
delegate_to: 'localhost'
when: elasticsearch__register_builtin_users.stdout_lines | d()
no_log: '{{ debops__no_log | d(True) }}'
- name: Save generated user passwords on Ansible Controller
ansible.builtin.copy:
content: '{{ item.split()[1] }}'
dest: '{{ secret + "/" + elasticsearch__secret_path + "/" + item.split()[0] + "/password" }}'
mode: '0644'
loop: '{{ elasticsearch__register_builtin_users.stdout_lines }}'
become: False
delegate_to: 'localhost'
when: elasticsearch__register_builtin_users.stdout_lines | d()
no_log: '{{ debops__no_log | d(True) }}'
View git blame Copy permalink