Support the new secure_password for xpack notifications
MikeBairdRocks opened this issue · 6 comments
Describe the feature:
when es_mail_config.pass is defined should know the elastic version and generate the secure_password in the keystore if >=7.0.
Docs:
Also leave out the pass in elasticsearch.yml.j2 since this will prevent 7 from starting with an invalid attribute setting.
Some sudo code:
- name: Create Smtp password for notifications
become: yes
shell: echo "{{es_mail_config['pass']}}" | {{es_home}}/bin/elasticsearch-keystore add -x 'xpack.notification.email.account.{{ es_mail_config['account'] }}.smtp.secure_password'
when:
- es_mail_config['pass'] is defined and list_keystore is defined
environment:
ES_PATH_CONF: "{{ es_conf_dir }}"
no_log: trueMakes a lot of sense. Since there are other secure settings besides this I think it would be a lot cleaner to instead implement a way to populate the keystore in a generic way. So instead of hard-coding it for this specific value just having a way to add files and strings to the keystore in a generic way like:
es_keystore:
files:
keystore_key: /path/to/file
strings:
xpack.notification.email.account.{{ es_mail_config['account'] }}.smtp.secure_password: {{ password_from_somwhere_secure }}
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
I ran into this problem today. MikeBairdRocks's suggestion looked pretty good.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically closed because it has not had recent activity since being marked as stale.