add possibility to add files to keystore

Author: Philipp Wiesner

README.md

@@ -450,6 +450,16 @@ In addition to es_config, the following parameters allow the customization of th
 * ```es_use_repository``` Setting this to `false` will stop Ansible from using the official Elastic package from any repository configured on the system.
 * ```es_add_repository``` Setting this to `false` will stop Ansible to add the official Elastic package repositories (if es_use_repository is true) if you want to use a repo already present.
 * ```es_custom_package_url``` the URL to the rpm or deb package for Ansible to install. When using this you will also need to set `es_use_repository: false` and make sure that the `es_version` matches the version being installed from your custom URL. E.g. `es_custom_package_url: https://downloads.example.com/elasticsearch.rpm`
+* ```es_additional_files``` additional files to upload
+
+  ```yaml
+    es_additional_files:
+      - src: sourceFile
+        dest: destFile
+        user: user | default(es_user)
+        group: group | default(es_group)
+        mode: fileMode | default('660') 
+  ```
 
 Earlier examples illustrate the installation of plugins using `es_plugins`.  For officially supported plugins no version or source delimiter is required. The plugin script will determine the appropriate plugin version based on the target Elasticsearch version.  For community based plugins include the full url.  This approach should NOT be used for the X-Pack plugin.  See X-Pack below for details here.
 
@@ -495,6 +505,10 @@ es_keystore_entries:
 
 - key: someKeyToDelete
   state: absent
+
+- key: someFileKey
+  value: filePath
+  file: true
 ```
 
 

tasks/elasticsearch-config.yml

@@ -103,3 +103,17 @@
     force: yes
   notify: restart elasticsearch
   when: es_config_log4j2 != ''
+
+- name: Copy additional files
+  become: yes
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ item.owner | default(es_user) }}"
+    group: "{{ item.group | default(es_group) }}"
+    mode: "{{ item.mode | default('660') }}"
+  loop: "{{ es_additional_files }}"
+  when:
+    - es_additional_files is defined
+    - es_additional_files | length > 0
+

tasks/xpack/security/elasticsearch-security.yml

@@ -57,17 +57,30 @@
       ES_PATH_CONF: "{{ es_conf_dir }}"
     check_mode: no
 
-  - name: Add keystore entries
+  - name: Add keystore string entries
     become: yes
     shell: echo {{ item.value | quote }} | {{ es_home }}/bin/elasticsearch-keystore add -x -f {{ item.key }}
     with_items: "{{ es_keystore_entries }}"
     when:
       - es_keystore_entries is defined and es_keystore_entries | length > 0
       - item.state is undefined or item.state == 'present'
+      - item.file is undefined or not item.file
       - item.force|default(False) or ( not item.force|default(False) and item.key not in list_keystore.stdout_lines )
       - ('bootstrap.password' not in item.key)
     no_log: true
 
+  - name: Add keystore file entries
+    become: yes
+    command: >
+     {{ es_home }}/bin/elasticsearch-keystore add-file -f {{ item.key }} {{ item.value }}
+    with_items: "{{ es_keystore_entries }}"
+    when:
+      - es_keystore_entries is defined and es_keystore_entries | length > 0
+      - item.state is undefined or item.state == 'present'
+      - item.file is defined and item.file
+      - item.force|default(False) or ( not item.force|default(False) and item.key not in list_keystore.stdout_lines )
+      - ('bootstrap.password' not in item.key)
+    no_log: true
 
 ### END BLOCK elasticsearch keystore ###