stop, restart and update-config scripts for odfees

ed7e873d · Temur Maisuradze · 659db35b · ed7e873d · ed7e873d · ed7e873d
Commit ed7e873d authored 4 years ago by Temur Maisuradze
--- a/roles/build/templates/odfees/Dockerfile-odfeelastic.j2
+++ b/roles/build/templates/odfees/Dockerfile-odfeelastic.j2
@@ -13,7 +13,7 @@ RUN for PLUGIN in \
    chown -R elasticsearch plugins/opendistro_security

 RUN echo 'elasticsearch ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
-RUN yum install -y supervisor
+RUN yum install -y supervisor rsync
 RUN yum clean all
 COPY odfesupervisord.conf /etc/supervisord.conf
 ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
--- a/roles/odfees/tasks/main.yml
+++ b/roles/odfees/tasks/main.yml
 ---

- name: Copy cacert to ca-trust dir
-  remote_user: root
-  copy:
-    src: "{{playbook_dir}}/secrets/CA/ca.crt"
-    dest: /etc/pki/ca-trust/source/anchors/ca.crt
+- include: start.yml
  tags:
-    - start
-
- name: Install cacert to root truststore
-  remote_user: root
-  command: "update-ca-trust"
-  tags:
-    - start
-
- name: Copy certificates in odfe conf dir
-  remote_user: elasticsearch
-  copy:
-    src:  "{{ item }}"
-    dest: "config/"
-    mode: 0600
-  with_items:
-    - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
-    - "{{playbook_dir}}/secrets/CA/cacerts.jks"
-    - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12"
-  tags:
-    - start
-
- name: Configure sysconfig
-  remote_user: elasticsearch
-  template:
-    src: sysconfig_elasticsearch.j2
-    dest: sysconfig_elasticsearch
-  tags:
-    - start
-
- name: Copy sysconfig to /etc
-  remote_user: elasticsearch
-  command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
-  tags: 
-    - start
-
- name: Configure odfe properties
-  remote_user: elasticsearch
-  template:
-    src: "config/{{item}}.j2"
-    dest: "config/{{item}}"
-  with_items:
-    - elasticsearch.yml
-    - jvm.options
-    - log4j2.properties
-  tags:
-    - start
-
- name: Change password for admin
-  remote_user: elasticsearch
-  command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}"
-  register: adminhash
-  # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
-  tags:
-    - start
-
- set_fact:
-    adminhashpwd: "{{ adminhash.stdout }}"
-    #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
-  remote_user: elasticsearch
-  tags:
-    - start
-
- name: Change password for cortex
-  remote_user: elasticsearch
-  command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_odfe')}}"
-  register: cortexhash
-  # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
+   - start
+- include: stop.yml
  tags:
-    - start
-
- set_fact:
-    cortexhashpwd: "{{ cortexhash.stdout }}"
-    #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
-  remote_user: elasticsearch
-  tags:
-    - start
-
- name: Configure opendistro_security properties
-  remote_user: elasticsearch
-  template:
-    src: "securityconfig/{{item}}.j2"
-    dest: "plugins/opendistro_security/securityconfig/{{item}}"
-  with_items:
-    - internal_users.yml
-    - config.yml
-    - roles_mapping.yml
-  tags:
-    - start
-
-#- name: Exit here to test ODFE
-#  meta: end_play
-#  tags:
-#    - start
-
- name: Start OpenDistro for Elasticsearch
-  remote_user: root
-  command: "supervisorctl start odfe"
-  tags:
-    - start
-
- name: Wait for ElasticSearch
-  remote_user: root
-  wait_for:
-    host: "{{groups['odfeescontainers'][0]}}"
-    port: 9200
-    state: started
-    delay: 5
-  tags:
-    - start
-
- name: Configure OpenDistro security
-  remote_user: elasticsearch
-  command: "bash ./plugins/opendistro_security/tools/securityadmin.sh -h {{groups['odfeescontainers'][0]}} -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -ks '/usr/share/elasticsearch/config/{{soctools_users[0].CN}}.p12' -kspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} {{lookup('password','{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} -ts /usr/share/elasticsearch/config/cacerts.jks -tspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}} -cn soctools-cluster"
-  when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
+   - stop
+   - stop-odfees
+- include: update-config.yml
  tags:
-    - start
-
- name: Set Autostart for supervisord's services
-  remote_user: root
-  shell: "sed -i 's/autostart=false/autostart=true/g' /etc/supervisord.conf"
+   - update-config
+   - update-odfees-config
+- include: restart.yml
  tags:
-    - start
-
- name: Stop OpenDistro for Elasticsearch
-  remote_user: root
-  command: "supervisorctl stop odfe"
-  tags:
-    - stop
-
+   - restart
+   - restart-odfees
--- a/roles/odfees/tasks/restart.yml
+++ b/roles/odfees/tasks/restart.yml
+---
+
+- name: Restart OpenDistro for Elasticsearch
+  remote_user: root
+  command: "supervisorctl restart odfe"
+
+- name: Wait for ElasticSearch
+  remote_user: root
+  wait_for:
+    host: "{{groups['odfeescontainers'][0]}}"
+    port: 9200
+    state: started
+    delay: 5
+
--- a/roles/odfees/tasks/start.yml
+++ b/roles/odfees/tasks/start.yml
+---
+
+- name: Copy cacert to ca-trust dir
+  remote_user: root
+  copy:
+    src: "{{playbook_dir}}/secrets/CA/ca.crt"
+    dest: /etc/pki/ca-trust/source/anchors/ca.crt
+
+- name: Install cacert to root truststore
+  remote_user: root
+  command: "update-ca-trust"
+
+- name: Copy certificates in odfe conf dir
+  remote_user: elasticsearch
+  copy:
+    src:  "{{ item }}"
+    dest: "config/"
+    mode: 0600
+  with_items:
+    - "{{playbook_dir}}/secrets/CA/private/{{ inventory_hostname }}.p12"
+    - "{{playbook_dir}}/secrets/CA/cacerts.jks"
+    - "{{playbook_dir}}/secrets/CA/private/{{soctools_users[0].CN}}.p12"
+
+- name: Configure sysconfig
+  remote_user: elasticsearch
+  template:
+    src: sysconfig_elasticsearch.j2
+    dest: sysconfig_elasticsearch
+
+- name: Copy sysconfig to /etc
+  remote_user: elasticsearch
+  command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
+
+- name: Configure odfe properties
+  remote_user: elasticsearch
+  template:
+    src: "config/{{item}}.j2"
+    dest: "config/{{item}}"
+  with_items:
+    - elasticsearch.yml
+    - jvm.options
+    - log4j2.properties
+
+- name: Change password for admin
+  remote_user: elasticsearch
+  command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/odfees_adminpass')}}"
+  register: adminhash
+  # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
+
+- set_fact:
+    adminhashpwd: "{{ adminhash.stdout }}"
+    #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
+  remote_user: elasticsearch
+
+- name: Change password for cortex
+  remote_user: elasticsearch
+  command: "bash plugins/opendistro_security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_odfe')}}"
+  register: cortexhash
+  # when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
+
+- set_fact:
+    cortexhashpwd: "{{ cortexhash.stdout }}"
+    #adminhashpwd: "{{ hostvars[groups['odfeescontainers'][0]]['adminhash.stdout'] }}"
+  remote_user: elasticsearch
+
+- name: Configure opendistro_security properties
+  remote_user: elasticsearch
+  template:
+    src: "securityconfig/{{item}}.j2"
+    dest: "plugins/opendistro_security/securityconfig/{{item}}"
+  with_items:
+    - internal_users.yml
+    - config.yml
+    - roles_mapping.yml
+
+#- name: Exit here to test ODFE
+#  meta: end_play
+
+- name: Start OpenDistro for Elasticsearch
+  remote_user: root
+  command: "supervisorctl start odfe"
+
+- name: Wait for ElasticSearch
+  remote_user: root
+  wait_for:
+    host: "{{groups['odfeescontainers'][0]}}"
+    port: 9200
+    state: started
+    delay: 5
+
+- name: Configure OpenDistro security
+  remote_user: elasticsearch
+  command: "bash ./plugins/opendistro_security/tools/securityadmin.sh -h {{groups['odfeescontainers'][0]}} -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -ks '/usr/share/elasticsearch/config/{{soctools_users[0].CN}}.p12' -kspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} {{lookup('password','{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} -ts /usr/share/elasticsearch/config/cacerts.jks -tspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}} -cn soctools-cluster"
+  when: "'{{groups['odfeescontainers'][0]}}' in inventory_hostname"
+
+- name: Set Autostart for supervisord's services
+  remote_user: root
+  replace:
+    path: /etc/supervisord.conf
+    regexp: '^autostart=false$'
+    replace: 'autostart=true'
+
--- a/roles/odfees/tasks/stop.yml
+++ b/roles/odfees/tasks/stop.yml
+---
+
+- name: Stop OpenDistro for Elasticsearch
+  remote_user: root
+  command: "supervisorctl stop odfe"
+
--- a/roles/odfees/tasks/update-config.yml
+++ b/roles/odfees/tasks/update-config.yml
+---
+
+- name: Configure sysconfig
+  remote_user: elasticsearch
+  template:
+    src: sysconfig_elasticsearch.j2
+    dest: sysconfig_elasticsearch
+
+- name: Copy sysconfig to /etc
+  remote_user: elasticsearch
+  command: "cp sysconfig_elasticsearch /etc/sysconfig/elasticsearch"
+
+- name: Configure odfe properties
+  remote_user: elasticsearch
+  template:
+    src: "config/{{item}}.j2"
+    dest: "config/{{item}}"
+  with_items:
+    - elasticsearch.yml
+    - jvm.options
+    - log4j2.properties
+
+- name: Configure opendistro_security properties
+  remote_user: elasticsearch
+  template:
+    src: "securityconfig/{{item}}.j2"
+    dest: "plugins/opendistro_security/securityconfig/{{item}}"
+  with_items:
+    - internal_users.yml
+    - config.yml
+    - roles_mapping.yml
+