VulnWhisperer/ansible/roles/elastic.elasticsearch/tasks/elasticsearch-Debian.yml

---

- name: set fact force_install to no
  set_fact: force_install=no

- name: set fact force_install to yes
  set_fact: force_install=yes
  when: es_allow_downgrades

- name: Debian - Install apt-transport-https to support https APT downloads
  become: yes
  apt: name=apt-transport-https state=present
  when: es_use_repository

- name: Debian - Add Elasticsearch repository key
  become: yes
  apt_key: url="{{ es_apt_key }}" state=present
  when: es_use_repository and es_apt_key

- name: Debian - Add elasticsearch repository
  become: yes
  apt_repository: repo={{ item.repo }} state={{ item.state}}
  with_items:
    - { repo: "{{ es_apt_url_old }}", state: "absent" }
    - { repo: "{{ es_apt_url }}", state: "present" }
  when: es_use_repository


- name: Gracefully stop and remove elasticsearch if we are switching to the oss version
  when:
    - es_package_name == 'elasticsearch-oss'
  block:
  - name: Check if the elasticsearch package is installed
    shell: dpkg-query -W -f'${Status}' elasticsearch
    register: elasticsearch_package
    failed_when: False
    changed_when: False

  - name: stop elasticsearch
    become: yes
    service:
      name: '{{ instance_init_script | basename }}'
      state: stopped
    when: elasticsearch_package.stdout == 'install ok installed'

  - name: Debian - Remove elasticsearch package if we are installing the oss package
    become: yes
    apt:
      name: 'elasticsearch'
      state: absent
    when: elasticsearch_package.stdout == 'install ok installed'

- name: Debian - Ensure elasticsearch is installed
  become: yes
  apt:
    name: '{{ es_package_name }}{% if es_version is defined and es_version != "" %}={{ es_version }}{% endif %}'
    state: present
    force: '{{ force_install }}'
    allow_unauthenticated: "{{ 'no' if es_apt_key else 'yes' }}"
    cache_valid_time: 86400
  when: es_use_repository
  register: debian_elasticsearch_install_from_repo
  notify: restart elasticsearch
  environment:
    ES_PATH_CONF: "/etc/elasticsearch"

- name: Debian - Include versionlock
  include: elasticsearch-Debian-version-lock.yml
  when: es_version_lock

- name: Debian - Download elasticsearch from url
  get_url: url={% if es_custom_package_url is defined %}{{ es_custom_package_url }}{% else %}{{ es_package_url }}-{{ es_version }}.deb{% endif %} dest=/tmp/elasticsearch-{{ es_version }}.deb validate_certs=no
  when: not es_use_repository

- name: Debian - Ensure elasticsearch is installed from downloaded package
  become: yes
  apt: deb=/tmp/elasticsearch-{{ es_version }}.deb
  when: not es_use_repository
  register: elasticsearch_install_from_package
  notify: restart elasticsearch