Changeset View
Changeset View
Standalone View
Standalone View
roles/opensearch/opensearch/config.sls
Show First 20 Lines • Show All 62 Lines • ▼ Show 20 Lines | |||||
opensearch_deploy_certificate_{{ certificate }}: | opensearch_deploy_certificate_{{ certificate }}: | ||||
cmd.run: | cmd.run: | ||||
- name: install --mode=0600 --owner=opensearch {{ certificate }}.pem {{ certificate }}.key /opt/opensearch/config | - name: install --mode=0600 --owner=opensearch {{ certificate }}.pem {{ certificate }}.key /opt/opensearch/config | ||||
- cwd: /opt/tlstool/config | - cwd: /opt/tlstool/config | ||||
- creates: /opt/opensearch/config/{{ certificate }}.pem | - creates: /opt/opensearch/config/{{ certificate }}.pem | ||||
{% endfor %} | {% endfor %} | ||||
# ------------------------------------------------------------- | |||||
# Security plugin | |||||
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | |||||
/opt/opensearch/plugins/opensearch-security/securityconfig/internal_users.yml: | |||||
file.managed: | |||||
- source: salt://roles/opensearch/opensearch/files/internal_users.yml.jinja | |||||
- user: opensearch | |||||
- group: opensearch | |||||
- template: jinja | |||||
- context: | |||||
users: | |||||
{% for user, credential in config['users'].items() %} | |||||
{{ user }}: | |||||
username: {{ salt['zr.get_username'](credential) }} | |||||
password: {{ salt['zr.get_password'](credential) }} | |||||
{% endfor %} | |||||
opensearch_security_initialize: | |||||
cmd.run: | |||||
- name: > | |||||
bash /opt/opensearch/plugins/opensearch-security/tools/securityadmin.sh | |||||
-cacert /opt/opensearch/config/root-ca.pem | |||||
-cert /opt/opensearch/config/admin.pem | |||||
-key /opt/opensearch/config/admin.key | |||||
-f /opt/opensearch/plugins/opensearch-security/securityconfig/internal_users.yml | |||||
-nhnv -icl | |||||
-h {{ config['network_host'] }} | |||||
touch /opt/opensearch/plugins/opensearch-security/securityconfig/.initialized | |||||
- env: | |||||
JAVA_HOME: /opt/opensearch/jdk | |||||
- creates: /opt/opensearch/plugins/opensearch-security/securityconfig/.initialized |
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator