Add ansible provisioning (#122)

* first ansible skeleton * first commit of ansible installation of vulnwhisperer outside docker * first ansible skeleton * first commit of ansible installation of vulnwhisperer outside docker * refactor the ansible role a bit * update readme, add fail validation step to provision.yml and fix typo when calling a logging funciton
2018-11-14 10:14:12 +01:00
parent a8671a7303
commit 3a09f60543
95 changed files with 4459 additions and 1 deletions
--- a/ansible/roles/elastic.elasticsearch/tasks/main.yml
+++ b/ansible/roles/elastic.elasticsearch/tasks/main.yml
@ -0,0 +1,94 @@
+---
+- name: os-specific vars
+  include_vars: "{{ansible_os_family}}.yml"
+  tags:
+      - always
+
+- name: set compatibility variables
+  include: compatibility-variables.yml
+  tags:
+      - always
+
+- name: check-set-parameters
+  include: elasticsearch-parameters.yml
+  tags:
+      - always
+
+- name: use snapshot release
+  include: snapshot-release.yml
+  when: es_use_snapshot_release
+
+- name: include java.yml
+  include: java.yml
+  when: es_java_install
+  tags:
+      - java
+
+- name: include elasticsearch.yml
+  include: elasticsearch.yml
+  tags:
+      - install
+
+- name: include elasticsearch-config.yml
+  include: elasticsearch-config.yml
+  tags:
+      - config
+
+- name: include elasticsearch-scripts.yml
+  include: elasticsearch-scripts.yml
+  when: es_scripts
+  tags:
+      - scripts
+
+- name: include elasticsearch-plugins.yml
+  include: elasticsearch-plugins.yml
+  when: es_plugins is defined or es_plugins_reinstall
+  tags:
+      - plugins
+
+  #We always execute xpack as we may need to remove features
+- name: include xpack/elasticsearch-xpack.yml
+  include: xpack/elasticsearch-xpack.yml
+  tags:
+      - xpack
+
+- name: flush handlers
+  meta: flush_handlers
+
+- name: Make sure elasticsearch is started
+  become: yes
+  service: name={{instance_init_script | basename}} state=started enabled=yes
+  when: es_start_service
+
+- name: Wait for elasticsearch to startup
+  wait_for: host={{es_api_host}} port={{es_api_port}} delay=5 connect_timeout=1
+  when: es_restarted is defined and es_restarted.changed and es_start_service
+
+- name: set fact manage_native_realm to false
+  set_fact: manage_native_realm=false
+
+- name: set fact manage_native_realm to true
+  set_fact: manage_native_realm=true
+  when: es_start_service and (es_enable_xpack and "security" in es_xpack_features) and ((es_users is defined and es_users.native is defined) or (es_roles is defined and es_roles.native is defined))
+
+# If playbook runs too fast, Native commands could fail as the Native Realm is not yet up
+- name: Wait 15 seconds for the Native Relm to come up
+  pause: seconds=15
+  when: manage_native_realm
+
+- name: activate-license
+  include: ./xpack/security/elasticsearch-xpack-activation.yml
+  when: es_start_service and es_enable_xpack and es_xpack_license is defined and es_xpack_license != ''
+
+#perform security actions here now elasticsearch is started
+- name: include xpack/security/elasticsearch-security-native.yml
+  include: ./xpack/security/elasticsearch-security-native.yml
+  when: manage_native_realm
+
+#Templates done after restart - handled by flushing the handlers. e.g. suppose user removes security on a running node and doesn't specify es_api_basic_auth_username and es_api_basic_auth_password.  The templates will subsequently not be removed if we don't wait for the node to restart.
+#We also do after the native realm to ensure any changes are applied here first and its denf up.
+- name: include elasticsearch-template.yml
+  include: elasticsearch-template.yml
+  when: es_templates
+  tags:
+      - templates