Skip to content

Fix controler typo #409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
martialblog wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix controler typo #409

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions roles/elasticsearch/tasks/elasticsearch-security.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
---

- name: Ensure ca exists

Check warning on line 3 in roles/elasticsearch/tasks/elasticsearch-security.yml

View workflow job for this annotation

GitHub Actions / lint

var-naming[no-role-prefix] 

Variables names from within roles should use elasticsearch_ as a prefix. (register: elasticstack_ca_exists)

Check warning on line 3 in roles/elasticsearch/tasks/elasticsearch-security.yml

View workflow job for this annotation

GitHub Actions / lint_full / lint

var-naming[no-role-prefix] 

Variables names from within roles should use elasticsearch_ as a prefix. (register: elasticstack_ca_exists)
ansible.builtin.stat:
path: "{{ elasticstack_ca_dir }}/elastic-stack-ca.p12"
register: elasticstack_ca_exists
when: inventory_hostname == elasticstack_ca_host

- name: Get CA informations

Check warning on line 9 in roles/elasticsearch/tasks/elasticsearch-security.yml

View workflow job for this annotation

GitHub Actions / lint

var-naming[no-role-prefix] 

Variables names from within roles should use elasticsearch_ as a prefix. (register: elasticstack_ca_infos)

Check warning on line 9 in roles/elasticsearch/tasks/elasticsearch-security.yml

View workflow job for this annotation

GitHub Actions / lint_full / lint

var-naming[no-role-prefix] 

Variables names from within roles should use elasticsearch_ as a prefix. (register: elasticstack_ca_infos)
cert_info:
path: "{{ elasticstack_ca_dir }}/elastic-stack-ca.p12"
passphrase: "{{ elasticstack_ca_pass | default(omit, true) }}"
register: elasticstack_ca_infos
when: inventory_hostname == elasticstack_ca_host and elasticstack_ca_exists.stat.exists | bool

- name: Set the ca expiration date in days

Check warning on line 16 in roles/elasticsearch/tasks/elasticsearch-security.yml

View workflow job for this annotation

GitHub Actions / lint

var-naming[no-role-prefix] 

Variables names from within roles should use elasticsearch_ as a prefix. (set_fact: elasticstack_ca_expiration_days)

Check warning on line 16 in roles/elasticsearch/tasks/elasticsearch-security.yml

View workflow job for this annotation

GitHub Actions / lint_full / lint

var-naming[no-role-prefix] 

Variables names from within roles should use elasticsearch_ as a prefix. (set_fact: elasticstack_ca_expiration_days)
ansible.builtin.set_fact:
elasticstack_ca_expiration_days: "{{ ((elasticstack_ca_infos.not_valid_after | to_datetime()) - (ansible_date_time.date | to_datetime('%Y-%m-%d'))).days }}"
when: inventory_hostname == elasticstack_ca_host and elasticstack_ca_infos.skipped is not defined

- name: Set ca will expire soon to true

Check warning on line 21 in roles/elasticsearch/tasks/elasticsearch-security.yml

View workflow job for this annotation

GitHub Actions / lint

var-naming[no-role-prefix] 

Variables names from within roles should use elasticsearch_ as a prefix. (set_fact: elasticstack_ca_will_expire_soon)

Check warning on line 21 in roles/elasticsearch/tasks/elasticsearch-security.yml

View workflow job for this annotation

GitHub Actions / lint_full / lint

var-naming[no-role-prefix] 

Variables names from within roles should use elasticsearch_ as a prefix. (set_fact: elasticstack_ca_will_expire_soon)
ansible.builtin.set_fact:
elasticstack_ca_will_expire_soon: true
when: >
Expand Down Expand Up @@ -72,14 +72,14 @@
state: absent
when: elasticsearch_move_ca_directory.changed

- name: Check the existance of ca on Ansible controler
- name: Check the existance of ca on Ansible controller
ansible.builtin.stat:
path: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/ca.crt"
register: elasticsearch_check_temporary_ca
delegate_to: localhost
become: false

- name: Move temporary ca file on Ansible controler
- name: Move temporary ca file on Ansible controller
ansible.builtin.copy:
src: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/ca.crt"
dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/ca.crt_{{ ansible_date_time.iso8601_micro }}"
Expand All @@ -89,7 +89,7 @@
become: false
register: elasticsearch_move_ca_file

- name: Remove temporary ca file on Ansible controler
- name: Remove temporary ca file on Ansible controller
ansible.builtin.file:
path: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/ca.crt"
state: absent
Expand Down Expand Up @@ -187,20 +187,20 @@
- renew_es_cert
- renew_ca
block:
- name: Check the existance of cert on Ansible controler
- name: Check the existance of cert on Ansible controller
ansible.builtin.stat:
path: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}.p12"
register: elasticsearch_check_temporary_cert

- name: Move temporary cert on Ansible controler
- name: Move temporary cert on Ansible controller
ansible.builtin.copy:
src: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}.p12"
dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}.p12_{{ ansible_date_time.iso8601_micro }}"
mode: preserve
when: elasticsearch_check_temporary_cert.stat.exists
register: elasticsearch_move_cert_file

- name: Remove temporary cert on Ansible controler
- name: Remove temporary cert on Ansible controller
ansible.builtin.file:
path: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}.p12"
state: absent
Expand Down Expand Up @@ -408,7 +408,7 @@
retries: 5
delay: 10

- name: Fetch Elastic password # noqa: risky-shell-pipe

Check warning on line 411 in roles/elasticsearch/tasks/elasticsearch-security.yml

View workflow job for this annotation

GitHub Actions / lint

var-naming[no-role-prefix] 

Variables names from within roles should use elasticsearch_ as a prefix. (register: elasticstack_password)

Check warning on line 411 in roles/elasticsearch/tasks/elasticsearch-security.yml

View workflow job for this annotation

GitHub Actions / lint_full / lint

var-naming[no-role-prefix] 

Variables names from within roles should use elasticsearch_ as a prefix. (register: elasticstack_password)
ansible.builtin.shell: >
if test -n "$(ps -p $$ | grep bash)"; then set -o pipefail; fi;
grep "PASSWORD elastic" {{ elasticstack_initial_passwords }} |
Expand Down
36 changes: 18 additions & 18 deletions roles/logstash/tasks/logstash-security.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,51 +108,51 @@
state: absent
when: logstash_move_cert_zip_file_ca_host.changed

- name: Backup logstash cert on Ansible controler then remove
- name: Backup logstash cert on Ansible controller then remove
when: "'renew_logstash_cert' in ansible_run_tags or 'renew_ca' in ansible_run_tags"
delegate_to: localhost
tags:
- renew_ca
- renew_logstash_cert
- never
block:
- name: Check the existance of cert on Ansible controler
- name: Check the existance of cert on Ansible controller
ansible.builtin.stat:
path: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-ls.p12"
register: logstash_check_temporary_cert_ansible_controler
register: logstash_check_temporary_cert_ansible_controller

- name: Move temporary cert file on Ansible controler
- name: Move temporary cert file on Ansible controller
ansible.builtin.copy:

Check warning on line 125 in roles/logstash/tasks/logstash-security.yml

View workflow job for this annotation

GitHub Actions / kics

[INFO] Risky File Permissions 

Some modules could end up creating new files on disk with permissions that might be too open or unpredictable
src: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-ls.p12"
dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-ls.p12_{{ ansible_date_time.iso8601_micro }}"
mode: preserve
when: logstash_check_temporary_cert_ansible_controler.stat.exists
register: logstash_move_cert_file_ansible_controler
when: logstash_check_temporary_cert_ansible_controller.stat.exists
register: logstash_move_cert_file_ansible_controller

- name: Remove temporary cert file on Ansible controler
- name: Remove temporary cert file on Ansible controller
ansible.builtin.file:
path: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-ls.p12"
state: absent
when: logstash_move_cert_file_ansible_controler.changed
when: logstash_move_cert_file_ansible_controller.changed

- name: Check the existance of cert zip file on Ansible controler
- name: Check the existance of cert zip file on Ansible controller
ansible.builtin.stat:
path: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-ls.zip"
register: logstash_check_temporary_cert_zip_ansible_controler
register: logstash_check_temporary_cert_zip_ansible_controller

- name: Move temporary cert zip file on Ansible controler
- name: Move temporary cert zip file on Ansible controller
ansible.builtin.copy:
src: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-ls.zip"
dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-ls.zip_{{ ansible_date_time.iso8601_micro }}"
mode: preserve
when: logstash_check_temporary_cert_zip_ansible_controler.stat.exists
register: logstash_move_cert_zip_ansible_controler
when: logstash_check_temporary_cert_zip_ansible_controller.stat.exists
register: logstash_move_cert_zip_ansible_controller

- name: Remove temporary cert zip file on Ansible controler
- name: Remove temporary cert zip file on Ansible controller
ansible.builtin.file:
path: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-ls.zip"
state: absent
when: logstash_move_cert_zip_ansible_controler.changed
when: logstash_move_cert_zip_ansible_controller.changed

- name: Create individual certificates for Logstash
ansible.builtin.command: >
Expand All @@ -174,7 +174,7 @@
- renew_ca
- renew_logstash_cert

- name: Fetch certificate from ca host to Ansible controler
- name: Fetch certificate from ca host to Ansible controller
ansible.builtin.fetch:
src: "{{ elasticstack_ca_dir }}/{{ ansible_hostname }}-ls.p12"
dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-ls.p12"
Expand Down Expand Up @@ -244,7 +244,7 @@
- renew_ca
- renew_logstash_cert

- name: Fetch PEM certificate from ca host to Ansible controler
- name: Fetch PEM certificate from ca host to Ansible controller
ansible.builtin.fetch:
src: "{{ elasticstack_ca_dir }}/{{ ansible_hostname }}-ls.zip"
dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-ls.zip"
Expand Down Expand Up @@ -324,7 +324,7 @@
- renew_ca
- renew_logstash_cert

- name: Fetch ca certificate from ca host to Ansible controler
- name: Fetch ca certificate from ca host to Ansible controller
ansible.builtin.fetch:
src: "{{ elasticstack_ca_dir }}/ca.crt"
dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/ca.crt"
Expand Down
Loading