installation of unavailable plugins removed

roles/build/templates/odfees/Dockerfile.j2

@@ -5,12 +5,12 @@ ENV PATH="/usr/share/elasticsearch/bin:${PATH}"
 USER root
 WORKDIR /usr/share/elasticsearch
 
-RUN for PLUGIN in \
-    https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-{{odfeplugin_version}}.zip \
-    https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-alerting/opendistro_alerting-{{odfeplugin_version}}.zip \
-    https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-sql/opendistro_sql-{{odfeplugin_version}}.zip; \
-    do bin/elasticsearch-plugin install -b ${PLUGIN}; done && \
-    chown -R elasticsearch plugins/opendistro_security
+#RUN for PLUGIN in \
+#    https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-{{odfeplugin_version}}.zip \
+#    https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-alerting/opendistro_alerting-{{odfeplugin_version}}.zip \
+#    https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-sql/opendistro_sql-{{odfeplugin_version}}.zip; \
+#    do bin/elasticsearch-plugin install -b ${PLUGIN}; done && \
+#    chown -R elasticsearch plugins/opendistro_security
 
 RUN echo 'elasticsearch ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
 RUN yum install -y supervisor rsync

roles/build/templates/odfekibana/Dockerfile.j2

@@ -5,10 +5,10 @@ ENV PATH="/usr/share/kibana/bin:${PATH}"
 USER root
 WORKDIR /usr/share/kibana
 
-RUN for PLUGIN in \
-    https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-security/opendistro_security_kibana_plugin-{{odfeplugin_version}}.zip \
-    https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-alerting/opendistro-alerting-{{odfeplugin_version}}.zip \
-    https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-index-management/opendistro_index_management_kibana-{{odfeplugin_version}}.zip; \
-    do bin/kibana-plugin install --allow-root ${PLUGIN}; done
+#RUN for PLUGIN in \
+#    https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-security/opendistro_security_kibana_plugin-{{odfeplugin_version}}.zip \
+#    https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-alerting/opendistro-alerting-{{odfeplugin_version}}.zip \
+#    https://d3g5vo6xdbdb9a.cloudfront.net/downloads/kibana-plugins/opendistro-index-management/opendistro_index_management_kibana-{{odfeplugin_version}}.zip; \
+#    do bin/kibana-plugin install --allow-root ${PLUGIN}; done
 
 ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]

roles/odfees/tasks/init.yml

@@ -41,37 +41,37 @@
     - jvm.options
     - log4j2.properties
 
-- name: Change password for admin
-  remote_user: elasticsearch
-  command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}"
-  register: adminhash
-  # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
-
-- set_fact:
-    adminhashpwd: "{{ adminhash.stdout }}"
-    #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
-  remote_user: elasticsearch
-
-- name: Change password for cortex
-  remote_user: elasticsearch
-  command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_odfe')}}"
-  register: cortexhash
-  # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
-
-- set_fact:
-    cortexhashpwd: "{{ cortexhash.stdout }}"
-    #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
-  remote_user: elasticsearch
-
-- name: Configure opendistro_security properties
-  remote_user: elasticsearch
-  template:
-    src: "securityconfig/{{item}}.j2"
-    dest: "plugins/opendistro_security/securityconfig/{{item}}"
-  with_items:
-    - internal_users.yml
-    - config.yml
-    - roles_mapping.yml
+#- name: Change password for admin
+#  remote_user: elasticsearch
+#  command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}"
+#  register: adminhash
+#  # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
+#
+#- set_fact:
+#    adminhashpwd: "{{ adminhash.stdout }}"
+#    #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
+#  remote_user: elasticsearch
+#
+#- name: Change password for cortex
+#  remote_user: elasticsearch
+#  command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_odfe')}}"
+#  register: cortexhash
+#  # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
+#
+#- set_fact:
+#    cortexhashpwd: "{{ cortexhash.stdout }}"
+#    #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
+#  remote_user: elasticsearch
+#
+#- name: Configure opendistro_security properties
+#  remote_user: elasticsearch
+#  template:
+#    src: "securityconfig/{{item}}.j2"
+#    dest: "plugins/opendistro_security/securityconfig/{{item}}"
+#  with_items:
+#    - internal_users.yml
+#    - config.yml
+#    - roles_mapping.yml
 
 
 - name: Start OpenDistro for Elasticsearch
@@ -86,10 +86,10 @@
     state: started
     delay: 5
 
-- name: Configure OpenDistro security
-  remote_user: elasticsearch
-  command: "bash ./plugins/opendistro_security/tools/securityadmin.sh -h {{groups['odfeescontainers'][0]}} -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -ks '/usr/share/elasticsearch/config/{{soctools_users[0].CN}}.p12' -kspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} {{lookup('password','{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} -ts /usr/share/elasticsearch/config/cacerts.jks -tspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}} -cn soctools-cluster"
-  when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
+#- name: Configure OpenDistro security
+#  remote_user: elasticsearch
+#  command: "bash ./plugins/opendistro_security/tools/securityadmin.sh -h {{groups['odfeescontainers'][0]}} -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -ks '/usr/share/elasticsearch/config/{{soctools_users[0].CN}}.p12' -kspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} {{lookup('password','{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} -ts /usr/share/elasticsearch/config/cacerts.jks -tspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}} -cn soctools-cluster"
+#  when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
 
 - name: Set Autostart for supervisord's services
   remote_user: root

roles/odfees/tasks/update-config.yml

@@ -20,13 +20,13 @@
     - jvm.options
     - log4j2.properties
 
-- name: Configure opendistro_security properties
-  remote_user: elasticsearch
-  template:
-    src: "securityconfig/{{item}}.j2"
-    dest: "plugins/opendistro_security/securityconfig/{{item}}"
-  with_items:
-    - internal_users.yml
-    - config.yml
-    - roles_mapping.yml
+#- name: Configure opendistro_security properties
+#  remote_user: elasticsearch
+#  template:
+#    src: "securityconfig/{{item}}.j2"
+#    dest: "plugins/opendistro_security/securityconfig/{{item}}"
+#  with_items:
+#    - internal_users.yml
+#    - config.yml
+#    - roles_mapping.yml
 

roles/odfees/templates/config/elasticsearch.yml.j2

@@ -28,40 +28,40 @@ cluster.initial_master_nodes:
 # opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
 # opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
 
-opendistro_security.ssl.transport.keystore_type: pkcs12
-opendistro_security.ssl.transport.keystore_filepath: {{ inventory_hostname }}.p12
-opendistro_security.ssl.transport.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
-#opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.transport.truststore_type: jks
-opendistro_security.ssl.transport.truststore_filepath: cacerts.jks
-opendistro_security.ssl.transport.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-
-opendistro_security.ssl.http.enabled: true
-# opendistro_security.ssl.http.pemcert_filepath: esnode.pem
-# opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
-opendistro_security.ssl.http.keystore_type: pkcs12
-opendistro_security.ssl.http.keystore_filepath: {{ inventory_hostname }}.p12
-opendistro_security.ssl.http.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
-opendistro_security.ssl.http.truststore_type: jks
-opendistro_security.ssl.http.truststore_filepath: cacerts.jks
-opendistro_security.ssl.http.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
-#opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
-#opendistro_security.ssl.http.clientauth_mode: optional
-opendistro_security.allow_unsafe_democertificates: false
-opendistro_security.allow_default_init_securityindex: false
-opendistro_security.authcz.admin_dn:
-  - "{{soctools_users[0].DN}}"
-
-opendistro_security.nodes_dn:
-{% for odfees in groups['odfeescontainers'] %}
-  - "CN={{ odfees }}"
-{% endfor %}
-
-opendistro_security.audit.type: internal_elasticsearch
-opendistro_security.enable_snapshot_restore_privilege: true
-opendistro_security.check_snapshot_restore_write_privileges: true
-opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
+#opendistro_security.ssl.transport.keystore_type: pkcs12
+#opendistro_security.ssl.transport.keystore_filepath: {{ inventory_hostname }}.p12
+#opendistro_security.ssl.transport.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
+##opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
+#opendistro_security.ssl.transport.truststore_type: jks
+#opendistro_security.ssl.transport.truststore_filepath: cacerts.jks
+#opendistro_security.ssl.transport.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
+#opendistro_security.ssl.transport.enforce_hostname_verification: false
+#
+#opendistro_security.ssl.http.enabled: true
+## opendistro_security.ssl.http.pemcert_filepath: esnode.pem
+## opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
+#opendistro_security.ssl.http.keystore_type: pkcs12
+#opendistro_security.ssl.http.keystore_filepath: {{ inventory_hostname }}.p12
+#opendistro_security.ssl.http.keystore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keystore')}}"
+#opendistro_security.ssl.http.truststore_type: jks
+#opendistro_security.ssl.http.truststore_filepath: cacerts.jks
+#opendistro_security.ssl.http.truststore_password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"
+##opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+##opendistro_security.ssl.http.clientauth_mode: optional
+#opendistro_security.allow_unsafe_democertificates: false
+#opendistro_security.allow_default_init_securityindex: false
+#opendistro_security.authcz.admin_dn:
+#  - "{{soctools_users[0].DN}}"
+#
+#opendistro_security.nodes_dn:
+#{% for odfees in groups['odfeescontainers'] %}
+#  - "CN={{ odfees }}"
+#{% endfor %}
+#
+#opendistro_security.audit.type: internal_elasticsearch
+#opendistro_security.enable_snapshot_restore_privilege: true
+#opendistro_security.check_snapshot_restore_write_privileges: true
+#opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
 cluster.routing.allocation.disk.threshold_enabled: false
 node.max_local_storage_nodes: 3
 ######## End OpenDistro for Elasticsearch Security Demo Configuration ########