Add Support for User Defined Active Directory Users and Groups

inventories/opensearch/group_vars/all/all.yml

@@ -28,8 +28,10 @@ cluster_type: multi-node
 
 # opensearch user info
 os_user: opensearch
+os_group: opensearch
 
 os_dashboards_user: opensearch-dashboards
+os_dashboards_group: opensearch-dashboards
 
 # Number of days that certificates are valid
 cert_valid_days: 730

roles/linux/dashboards/tasks/dashboards.yml

@@ -6,21 +6,26 @@
     dest: "/tmp/opensearch-dashboards.tar.gz"
   register: download
 
-- name: Dashboards Install | Create opensearch dashboard user
+- name: Dashboards Install | Check if (( os_dashboards_user }} exists
+  ansible.builtin.command: "getent passwd {{ os_dashboards_user }}"
+  register: user_check
+  ignore_errors: true
+
+- name: Dashboards Install | Create {{ os_dashboards_user }} user
   ansible.builtin.user:
     name: "{{ os_dashboards_user }}"
     state: present
     shell: /bin/false
     create_home: true
     home: "{{ os_dashboards_home }}"
-  when: download.changed or iac_enable
+  when: (download.changed or iac_enable) and user_check.rc !=0
 
 - name: Dashboards Install | Create home directory
   ansible.builtin.file:
     path: "{{ os_dashboards_home }}"
     state: directory
     owner: "{{ os_dashboards_user }}"
-    group: "{{ os_dashboards_user }}"
+    group: "{{ os_dashboards_group }}"
   when: download.changed or iac_enable
 
 - name: Dashboards Install | Extract the tar file
@@ -32,22 +37,22 @@
     src: opensearch_dashboards.yml
     dest: "{{ os_conf_dir }}/opensearch_dashboards.yml"
     owner: "{{ os_dashboards_user }}"
-    group: "{{ os_dashboards_user }}"
+    group: "{{ os_dashboards_group }}"
     mode: 0644
     backup: true
 
 - name: Dashboards Install | Set the file ownerships
   ansible.builtin.file:
     dest: "{{ os_dashboards_home }}"
     owner: "{{ os_dashboards_user }}"
-    group: "{{ os_dashboards_user }}"
+    group: "{{ os_dashboards_group }}"
     recurse: true
 
 - name: Dashboards Install | Set the folder permission
   ansible.builtin.file:
     dest: "{{ os_conf_dir }}"
     owner: "{{ os_dashboards_user }}"
-    group: "{{ os_dashboards_user }}"
+    group: "{{ os_dashboards_group }}"
     mode: 0700
 
 - name: Dashboards Install | create systemd service

roles/linux/opensearch/tasks/opensearch.yml

@@ -6,21 +6,36 @@
     dest: "/tmp/opensearch.tar.gz"
   register: download
 
-- name: OpenSearch Install | Create opensearch user
+- name: Opensearch Install | Check if {{ os_user }} user exists
+  ansible.builtin.command: "getent passwd {{ os_user }}"
+  register: user_check
+  ignore_errors: true
+
+- name: Opensearch Install | Create {{ os_user }} user
   ansible.builtin.user:
     name: "{{ os_user }}"
     state: present
+    group: "{{ os_group }}"
     shell: /bin/false
     create_home: true
     home: "{{ os_home }}"
-  when: download.changed or iac_enable
+  when: (download.changed or iac_enable) and user_check.rc != 0
+
+- name: OpenSearch Install | Create {{ os_user }} 
+  ansible.builtin.user:
+    name: "{{ os_user }}"
+    state: present
+    shell: /bin/false
+    create_home: true
+    home: "{{ os_home }}"
+  when: (download.changed or iac_enable) and user_check.rc != 0
 
 - name: OpenSearch Install | Create home directory
   ansible.builtin.file:
     path: "{{ os_home }}"
     state: directory
     owner: "{{ os_user }}"
-    group: "{{ os_user }}"
+    group: "{{ os_group }}"
   when: download.changed or iac_enable
 
 - name: OpenSearch Install | Extract the tar file
@@ -36,15 +51,15 @@
     create: true
     marker: "## {mark} opensearch main configuration ##"
     owner: "{{ os_user }}"
-    group: "{{ os_user }}"
+    group: "{{ os_group }}"
     mode: 0600
 
 - name: OpenSearch Install | Copy jvm.options File for Instance
   ansible.builtin.template:
     src: jvm.options
     dest: "{{ os_conf_dir }}/jvm.options"
     owner: "{{ os_user }}"
-    group: "{{ os_user }}"
+    group: "{{ os_group }}"
     mode: 0600
     force: true
 

roles/linux/opensearch/tasks/security.yml

@@ -150,7 +150,7 @@
   ansible.builtin.file:
     dest: "{{ os_sec_plugin_conf_path }}"
     owner: "{{ os_user }}"
-    group: "{{ os_user }}"
+    group: "{{ os_group }}"
     mode: 0700
     state: directory
   when: configuration.changed or iac_enable
@@ -161,7 +161,7 @@
     dest: "{{ os_sec_plugin_conf_path }}/config.yml"
     backup: true
     owner: "{{ os_user }}"
-    group: "{{ os_user }}"
+    group: "{{ os_group }}"
     mode: 0600
     force: true
   when: auth_type == 'oidc' or copy_custom_security_configs
@@ -174,14 +174,14 @@
   ansible.builtin.file:
     dest: "{{ os_home }}"
     owner: "{{ os_user }}"
-    group: "{{ os_user }}"
+    group: "{{ os_group }}"
     recurse: true
 
 - name: Security Plugin configuration | Set the folder permission
   ansible.builtin.file:
     dest: "{{ os_conf_dir }}"
     owner: "{{ os_user }}"
-    group: "{{ os_user }}"
+    group: "{{ os_group }}"
     mode: 0700
 
 - name: Security Plugin configuration | Restart opensearch with security configuration
@@ -211,7 +211,7 @@
     src: "{{ item }}"
     dest: "{{ os_sec_plugin_conf_path }}/"
     owner: "{{ os_user }}"
-    group: "{{ os_user }}"
+    group: "{{ os_group }}"
     backup: true
     mode: 0640
     force: true

roles/linux/opensearch/templates/opensearch.service

@@ -10,7 +10,7 @@ PrivateTmp=true
 WorkingDirectory={{ os_home }}
 
 User={{ os_user }}
-Group={{ os_user }}
+Group={{ os_group }}
 
 ExecStart={{ os_home }}/bin/opensearch -p {{ os_home }}/opensearch.pid -q