feat: Add es_ssl_remote_src var for cert upload conditions (#8)

hostinger · Jul 26, 2024 · ccdc9c5 · ccdc9c5
1 parent 85ccf76
commit ccdc9c5
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 0 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -55,6 +55,7 @@ es_heap_dump_path: "/var/lib/elasticsearch"
 es_enable_auto_ssl_configuration: true
 es_enable_http_ssl: false
 es_enable_transport_ssl: false
+es_ssl_remote_src: false
 es_ssl_upload: true
 es_ssl_keystore: ""
 es_ssl_keystore_password: ""

diff --git a/docs/ssl-tls-setup.md b/docs/ssl-tls-setup.md
@@ -45,6 +45,7 @@ $ bin/elasticsearch-certutil cert --ca ./my-ca.p12 --out ./my-keystore.p12 --pas
 - `es_enable_auto_ssl_configuration` Default `true`. Whether this role should add automatically generated SSL config to elasticsearch.yml.
 - `es_ssl_certificate_path` Default `{{ es_conf_dir }}/certs`. The location where certificates should be stored on the ES node.
 - `es_ssl_verification_mode` Default `certificate`. See [SSL verification_mode](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html#ssl-tls-settings) for options.
+- `es_ssl_remote_src` Default `false`. Whether the certificate files should be copied from a local or remote source.
 - `es_ssl_certificate_authority` PEM encoded certificate file that should be trusted.
 - `es_validate_certs` Default `yes`. Determines if ansible should validate SSL certificates when performing actions over HTTPS. e.g. installing templates and managing native users.
 

diff --git a/tasks/elasticsearch-ssl.yml b/tasks/elasticsearch-ssl.yml
@@ -25,6 +25,7 @@
     owner: "{{ es_user }}"
     group: "{{ es_group }}"
     mode: "640"
+    remote_src: "{{ es_ssl_remote_src }}"
   when: es_ssl_upload and es_ssl_keystore and es_ssl_truststore
   notify: restart elasticsearch
   register: copy_keystore
@@ -37,6 +38,7 @@
     owner: "{{ es_user }}"
     group: "{{ es_group }}"
     mode: "640"
+    remote_src: "{{ es_ssl_remote_src }}"
   when: es_ssl_upload and es_ssl_keystore and es_ssl_truststore
   notify: restart elasticsearch
   register: copy_truststore
@@ -49,6 +51,7 @@
     owner: "{{ es_user }}"
     group: "{{ es_group }}"
     mode: "640"
+    remote_src: "{{ es_ssl_remote_src }}"
   with_items:
     - "{{ es_ssl_key }}"
     - "{{ es_ssl_certificate }}"
@@ -65,6 +68,7 @@
     owner: "{{ es_user }}"
     group: "{{ es_group }}"
     mode: "640"
+    remote_src: "{{ es_ssl_remote_src }}"
   #Restart if this changes
   notify: restart elasticsearch
   when: es_ssl_upload and (es_ssl_certificate_authority is defined) and (es_ssl_certificate_authority|length > 0)