Summary
It would be useful if the role could manage Elasticsearch security users (create custom users, set built-in user passwords) via role variables, so users don't have to write raw uri API calls in their playbooks.
Current situation
Users need to manually write ansible.builtin.uri tasks for each user/password change:
- name: Create logstash_internal user
ansible.builtin.uri:
url: "https://{{ inventory_hostname }}:9200/_security/user/logstash_internal"
method: PUT
user: elastic
password: "{{ vault_pw }}"
validate_certs: false
force_basic_auth: true
headers:
Content-Type: application/json
body:
password: "{{ vault_logstash_internal_pw }}"
roles: [logstash_writer, logstash_admin]
full_name: Internal Logstash User
body_format: jsonThis gets repetitive when managing multiple users and built-in passwords (kibana_system, logstash_system, beats_system, remote_monitoring_user).
Proposed solution
Add role variables like:
elasticsearch_users:
- name: logstash_internal
password: "{{ vault_logstash_internal_pw }}"
roles: [logstash_writer, logstash_admin]
full_name: Internal Logstash User
elasticsearch_builtin_passwords:
kibana_system: "{{ vault_kibana_system_pw }}"
logstash_system: "{{ vault_logstash_system_pw }}"
beats_system: "{{ vault_beats_system_pw }}"
remote_monitoring_user: "{{ vault_remote_monitoring_pw }}"The role would handle the API calls internally with proper idempotency and no_log.
Summary
It would be useful if the role could manage Elasticsearch security users (create custom users, set built-in user passwords) via role variables, so users don't have to write raw
uriAPI calls in their playbooks.Current situation
Users need to manually write
ansible.builtin.uritasks for each user/password change:This gets repetitive when managing multiple users and built-in passwords (kibana_system, logstash_system, beats_system, remote_monitoring_user).
Proposed solution
Add role variables like:
The role would handle the API calls internally with proper idempotency and
no_log.