From 278336a0038e68f7ace72de0f03934222a152355 Mon Sep 17 00:00:00 2001 From: wangjian Date: Wed, 13 Nov 2024 15:05:42 +0800 Subject: [PATCH] add es https for multi deploy --- playbook/multi-machine.yml | 78 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/playbook/multi-machine.yml b/playbook/multi-machine.yml index 114147b..33261bc 100644 --- a/playbook/multi-machine.yml +++ b/playbook/multi-machine.yml @@ -5,6 +5,84 @@ roles: - elasticsearch + + tasks: + - name: https for es + block: + - name: dnf python3-pexpect + dnf: + name: python3-pexpect + state: present + - name: create ca for es + expect: + command: /opt/elasticsearch/bin/elasticsearch-certutil ca + responses: + (?!)output: "\n" + (?!)password: "\n" + - name: create certificates for es + expect: + command: /opt/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 + responses: + 'Enter password for CA /(elastic-stack-ca.p12/):': "\n" + 'Please enter the desired output file /[elastic-certificates.p12/]: ': "\n" + 'Enter password for elastic-certificates.p12:': "\n" + - name: create https ca + expect: + command: /opt/elasticsearch/bin/elasticsearch-certutil http + responses: + (?!)CSR: "n" + 'Use an existing CA*': "y" + 'CA Path*': "/opt/elasticsearch/elastic-stack-ca.p12" + 'Password for elastic-stack-ca.p12*': "" + 'For how long should your certificate be valid*': "10y" + 'Generate a certificate per node*': "n" + 'When you are done, press \ once more to move on to the next step': "\n" + 'Is this correct*': "y" + 'When you are done, press \ once more to move on to the next step': "\n" + 'Is this correct*': "y" + 'Do you wish to change any of these options*': "n" + 'Provide a password for the*': "" + - name: create kibana https ca + expect: + command: /opt/elasticsearch/bin/elasticsearch-certutil cert --pem --name kibana-server + responses: + 'Please enter the desired output file *': "\n" + - name: mkdir certs + shell: mkdir -p /opt/elasticsearch/config/certs + - name: unzip elasticsearch-ssl-http.zip + shell: mv /opt/elasticsearch/elasticsearch-ssl-http.zip /opt/elasticsearch/certificate-bundle.zip /opt/elasticsearch/config/certs + - name: unzip ssl zip + shell: unzip certificate-bundle.zip && unzip elasticsearch-ssl-http.zip + args: + chdir: /opt/elasticsearch/config/certs + - name: stop es service + service: + name: elasticsearch + state: stopped + - name: stop es ps + shell: kill -9 $(ps -ef | grep "nohup /opt/elasticsearch/bin/elasticsearch -d &" | grep -v grep | awk '{print $2}') + - name: start es + shell: nohup /opt/elasticsearch/bin/elasticsearch -d & + become: yes + become_user: elastic + - name: set users password for es + expect: + command: /opt/elasticsearch/bin/elasticsearch-setup-passwords interactive + responses: + 'Please confirm that you would like to continue *': "y" + 'Enter password for *': "{{ password_for_all_es_users }}" + 'Reenter password for *': "{{ password_for_all_es_users }}" + 'Enter password for *': "{{ password_for_all_es_users }}" + 'Reenter password for *': "{{ password_for_all_es_users }}" + 'Enter password for *': "{{ password_for_all_es_users }}" + 'Reenter password for *': "{{ password_for_all_es_users }}" + 'Enter password for *': "{{ password_for_all_es_users }}" + 'Reenter password for *': "{{ password_for_all_es_users }}" + 'Enter password for *': "{{ password_for_all_es_users }}" + 'Reenter password for *': "{{ password_for_all_es_users }}" + 'Enter password for *': "{{ password_for_all_es_users }}" + 'Reenter password for *': "{{ password_for_all_es_users }}" + when: needSSL == "true" - name: kibana install hosts: kibana -- Gitee