Comments (8)
gingerwizard
commented on June 22, 2024
The plan is to hold off shield support until we have an API in ES - due in later versions. I'd also rather we address this with templates. We also need to improve plugin management - see #59
from ansible-elasticsearch.
barryib
commented on June 22, 2024
I understand your point and I'm definitely agree to use an API. But is this API planned for the next ES release? Any date? Is this future API will also work for plugins management?
Btw, we actually need the shield support. So I'll create a separate (temporary) role for our business cases.
from ansible-elasticsearch.
barryib
commented on June 22, 2024
I submitted a PR for an ansible module to manage esusers while waiting for the api.
from ansible-elasticsearch.
babadofar
commented on June 22, 2024
I have worked with this ansible role which has support for shield https://github.com/makingwaves/ansible-elasticsearch
It has some logic to create users. For the roles and role mappings, it simply copies in files. There are too many settings in there to manage with the standard ansible variables. I really like the mapping functionality used for setting variables in elasticsearch.yml in the official elasticsearch role, should have used that.
Perhaps this can give you some inspiration:)
from ansible-elasticsearch.
gingerwizard
commented on June 22, 2024
@barryib @babadofar the shield API is now being targeted for version 2.3 - which will be very soon.
For this reason im considering adding shield support to the ansible role. We need to decide what this is likely to support and split it into multiple requests. Initially, i would propose (based on what the API supports) to add
- management of the es_realm users i.e. adding, removing a user inc. the ability to manage the groups to which they belong
- Management of the indices and clysters permissions for each role
We can later add support for SSL and other realms.
from ansible-elasticsearch.
barryib
commented on June 22, 2024
Hello @gingerwizard, I agree with that.
But so far, the first admin user should be created with esusers binary.
from ansible-elasticsearch.
barryib
commented on June 22, 2024
Hi, another update on this thread... Now the elasticsearch_esusers module became eslasticsearch_shield_user. The module supports the esusers and esnative (with the shield api) realm.
Here is the PR #2528 on the ansible-modules-extras repository.
Plus another module to manage the shield role PR #2529
PS: I'm actually using these in production.
from ansible-elasticsearch.
gingerwizard
commented on June 22, 2024
@barryib moving this to #124
as i think its a larger discussion on how to support xpack.
from ansible-elasticsearch.
Related Issues (20)
- Failure in "Debian - Ensure elasticsearch is installed" HOT 4
- FR: Install Elasticsearch-plugins with this role HOT 2
- Wrong elasticsearch.keystore permissions forbid elasticsearch.service from starting HOT 6
- issue with "could not find java in bundled JDK" HOT 2
- Does not accept static IP config Eg: transport.host: <hostname>" HOT 2
- gpg dependencies missing HOT 3
- Segmentation fault in JNA library due to non-existent home directory for elasticsearch user HOT 2
- Specifying `path.data` as a list is deprecated in Elasticsearch 7.13 HOT 2
- Turn on systemd on OracleLinux HOT 2
- kibana connect to elastic HOT 1
- Bootstrapping a new/additional instance with activated security fails HOT 1
- Single node cluster configuration HOT 2
- Playbook not working with rh8 HOT 3
- filter_plugins/custom.py is skipped when ansible is installed through pip HOT 2
- Hacktoberfest participation
- ssl-tls-setup.md should point to location of bin/elasticsearch-certutil HOT 2
- Role fails when pointed to es_ssl_keystore / es_ssl_truststore using CA and Cert created with bin/elasticsearch-certutil HOT 4
- Upload pem certs from local to remote
- Safe options for log4j2 - CVE-2021-44228 HOT 4
- How to remove always tag HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-elasticsearch.