From c40f9dd29825d26d505b45c05e4088bc700b6e53 Mon Sep 17 00:00:00 2001 From: Jakob Reiter Date: Mon, 7 Nov 2016 18:35:28 +0100 Subject: [PATCH 1/3] Added a 15 sec pause before the Native User List command. Command was run when the realm was not initialized yet, causing the playbook to fail. --- handlers/shield/elasticsearch-shield-native.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/handlers/shield/elasticsearch-shield-native.yml b/handlers/shield/elasticsearch-shield-native.yml index 4836131c2436e..8875c0eafc9dc 100644 --- a/handlers/shield/elasticsearch-shield-native.yml +++ b/handlers/shield/elasticsearch-shield-native.yml @@ -16,6 +16,10 @@ - set_fact: manage_native_roles=true when: es_roles is defined and es_roles.native is defined +# If playbook runs too fast, Native commands could fail as the Native Realm is not yet up +- name: Wait 15 seconds for the Native Relm to come up + pause: seconds=15 + #If the node has just has shield installed it maybe either stopped or started 1. if stopped, we need to start to load native realms 2. if started, we need to restart to load #List current users From 8a7656c58f2445461da19e7325c034302555d007 Mon Sep 17 00:00:00 2001 From: Jakob Reiter Date: Mon, 7 Nov 2016 18:37:01 +0100 Subject: [PATCH 2/3] Added default value to es_scripts_fileglob. Could fail if undefined. Closes #187 --- tasks/elasticsearch-scripts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/elasticsearch-scripts.yml b/tasks/elasticsearch-scripts.yml index a7c286a2a5f53..40910c20e8d59 100644 --- a/tasks/elasticsearch-scripts.yml +++ b/tasks/elasticsearch-scripts.yml @@ -18,4 +18,4 @@ - name: Copy scripts to elasticsearch copy: src={{ item }} dest={{ es_script_dir }} owner={{ es_user }} group={{ es_group }} - with_fileglob: "{{ es_scripts_fileglob }}" + with_fileglob: "{{ es_scripts_fileglob | default('') }}" From 286a93ea8643081e37466641341712b12962b1e5 Mon Sep 17 00:00:00 2001 From: Jakob Reiter Date: Mon, 7 Nov 2016 18:38:58 +0100 Subject: [PATCH 3/3] When a second node is installed, the shield directory and the user* files are not automatically created. This could cause the role to fail. - Added check to that shield directory exists - Added chown -R for the shield directory, as user* files created by the esusers command, belonged to the user ansible is running as. --- tasks/xpack/shield/elasticsearch-shield-file.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tasks/xpack/shield/elasticsearch-shield-file.yml b/tasks/xpack/shield/elasticsearch-shield-file.yml index 99755cc8d0314..d2a2c206fa53c 100644 --- a/tasks/xpack/shield/elasticsearch-shield-file.yml +++ b/tasks/xpack/shield/elasticsearch-shield-file.yml @@ -1,6 +1,12 @@ --- - set_fact: manage_file_users=es_users is defined and es_users.file is defined +#Ensure shield conf directory is created +- name: Ensure shield conf directory exists (file) + file: path={{ conf_dir }}/shield state=directory owner={{ es_user }} group={{ es_group }} + changed_when: False + when: es_enable_xpack and '"shield" in es_xpack_features' + #List current users - name: List Users shell: cat {{conf_dir}}/shield/users | awk -F':' '{print $1}' @@ -60,3 +66,6 @@ template: src=shield/users_roles.j2 dest={{conf_dir}}/shield/users_roles mode=0644 force=yes when: manage_file_users and users_roles | length > 0 +#Set permission on shield directory. E.g. if 2 nodes are installed on the same machine, the second node will not get the users file created at install, causing the files being created at es_users call and then having the wrong Permissions. +- name: Set Shield Directory Permissions Recursive + file: state=directory path={{conf_dir}}/shield/ owner={{ es_user }} group={{ es_group }} recurse=yes \ No newline at end of file