diff --git a/inventories/opensearch/group_vars/all/all.yml b/inventories/opensearch/group_vars/all/all.yml index 82b6acb..658dfed 100644 --- a/inventories/opensearch/group_vars/all/all.yml +++ b/inventories/opensearch/group_vars/all/all.yml @@ -28,8 +28,10 @@ cluster_type: multi-node # opensearch user info os_user: opensearch +os_group: opensearch os_dashboards_user: opensearch-dashboards +os_dashboards_group: opensearch-dashboards # Number of days that certificates are valid cert_valid_days: 730 diff --git a/roles/linux/dashboards/tasks/dashboards.yml b/roles/linux/dashboards/tasks/dashboards.yml index f7a2d8a..9abf38a 100644 --- a/roles/linux/dashboards/tasks/dashboards.yml +++ b/roles/linux/dashboards/tasks/dashboards.yml @@ -6,21 +6,26 @@ dest: "/tmp/opensearch-dashboards.tar.gz" register: download -- name: Dashboards Install | Create opensearch dashboard user +- name: Dashboards Install | Check if (( os_dashboards_user }} exists + ansible.builtin.command: "getent passwd {{ os_dashboards_user }}" + register: user_check + ignore_errors: true + +- name: Dashboards Install | Create {{ os_dashboards_user }} user ansible.builtin.user: name: "{{ os_dashboards_user }}" state: present shell: /bin/false create_home: true home: "{{ os_dashboards_home }}" - when: download.changed or iac_enable + when: (download.changed or iac_enable) and user_check.rc !=0 - name: Dashboards Install | Create home directory ansible.builtin.file: path: "{{ os_dashboards_home }}" state: directory owner: "{{ os_dashboards_user }}" - group: "{{ os_dashboards_user }}" + group: "{{ os_dashboards_group }}" when: download.changed or iac_enable - name: Dashboards Install | Extract the tar file @@ -32,7 +37,7 @@ src: opensearch_dashboards.yml dest: "{{ os_conf_dir }}/opensearch_dashboards.yml" owner: "{{ os_dashboards_user }}" - group: "{{ os_dashboards_user }}" + group: "{{ os_dashboards_group }}" mode: 0644 backup: true @@ -40,14 +45,14 @@ ansible.builtin.file: dest: "{{ os_dashboards_home }}" owner: "{{ os_dashboards_user }}" - group: "{{ os_dashboards_user }}" + group: "{{ os_dashboards_group }}" recurse: true - name: Dashboards Install | Set the folder permission ansible.builtin.file: dest: "{{ os_conf_dir }}" owner: "{{ os_dashboards_user }}" - group: "{{ os_dashboards_user }}" + group: "{{ os_dashboards_group }}" mode: 0700 - name: Dashboards Install | create systemd service diff --git a/roles/linux/opensearch/tasks/opensearch.yml b/roles/linux/opensearch/tasks/opensearch.yml index 6a44f23..7be53a0 100644 --- a/roles/linux/opensearch/tasks/opensearch.yml +++ b/roles/linux/opensearch/tasks/opensearch.yml @@ -6,21 +6,36 @@ dest: "/tmp/opensearch.tar.gz" register: download -- name: OpenSearch Install | Create opensearch user +- name: Opensearch Install | Check if {{ os_user }} user exists + ansible.builtin.command: "getent passwd {{ os_user }}" + register: user_check + ignore_errors: true + +- name: Opensearch Install | Create {{ os_user }} user ansible.builtin.user: name: "{{ os_user }}" state: present + group: "{{ os_group }}" shell: /bin/false create_home: true home: "{{ os_home }}" - when: download.changed or iac_enable + when: (download.changed or iac_enable) and user_check.rc != 0 + +- name: OpenSearch Install | Create {{ os_user }} + ansible.builtin.user: + name: "{{ os_user }}" + state: present + shell: /bin/false + create_home: true + home: "{{ os_home }}" + when: (download.changed or iac_enable) and user_check.rc != 0 - name: OpenSearch Install | Create home directory ansible.builtin.file: path: "{{ os_home }}" state: directory owner: "{{ os_user }}" - group: "{{ os_user }}" + group: "{{ os_group }}" when: download.changed or iac_enable - name: OpenSearch Install | Extract the tar file @@ -36,7 +51,7 @@ create: true marker: "## {mark} opensearch main configuration ##" owner: "{{ os_user }}" - group: "{{ os_user }}" + group: "{{ os_group }}" mode: 0600 - name: OpenSearch Install | Copy jvm.options File for Instance @@ -44,7 +59,7 @@ src: jvm.options dest: "{{ os_conf_dir }}/jvm.options" owner: "{{ os_user }}" - group: "{{ os_user }}" + group: "{{ os_group }}" mode: 0600 force: true diff --git a/roles/linux/opensearch/tasks/security.yml b/roles/linux/opensearch/tasks/security.yml index 765dc1d..346b112 100644 --- a/roles/linux/opensearch/tasks/security.yml +++ b/roles/linux/opensearch/tasks/security.yml @@ -150,7 +150,7 @@ ansible.builtin.file: dest: "{{ os_sec_plugin_conf_path }}" owner: "{{ os_user }}" - group: "{{ os_user }}" + group: "{{ os_group }}" mode: 0700 state: directory when: configuration.changed or iac_enable @@ -161,7 +161,7 @@ dest: "{{ os_sec_plugin_conf_path }}/config.yml" backup: true owner: "{{ os_user }}" - group: "{{ os_user }}" + group: "{{ os_group }}" mode: 0600 force: true when: auth_type == 'oidc' or copy_custom_security_configs @@ -174,14 +174,14 @@ ansible.builtin.file: dest: "{{ os_home }}" owner: "{{ os_user }}" - group: "{{ os_user }}" + group: "{{ os_group }}" recurse: true - name: Security Plugin configuration | Set the folder permission ansible.builtin.file: dest: "{{ os_conf_dir }}" owner: "{{ os_user }}" - group: "{{ os_user }}" + group: "{{ os_group }}" mode: 0700 - name: Security Plugin configuration | Restart opensearch with security configuration @@ -211,7 +211,7 @@ src: "{{ item }}" dest: "{{ os_sec_plugin_conf_path }}/" owner: "{{ os_user }}" - group: "{{ os_user }}" + group: "{{ os_group }}" backup: true mode: 0640 force: true diff --git a/roles/linux/opensearch/templates/opensearch.service b/roles/linux/opensearch/templates/opensearch.service index e859343..dbd0efc 100644 --- a/roles/linux/opensearch/templates/opensearch.service +++ b/roles/linux/opensearch/templates/opensearch.service @@ -10,7 +10,7 @@ PrivateTmp=true WorkingDirectory={{ os_home }} User={{ os_user }} -Group={{ os_user }} +Group={{ os_group }} ExecStart={{ os_home }}/bin/opensearch -p {{ os_home }}/opensearch.pid -q