I've installed Elasticsearch on Windows server with ansible AWX. Now I'm trying to reset initial password to my new password (with ansible as well).
I know I can do it manually with:
D:\elasticsearch-8.6.0\bin\elasticsearch-reset-password -b -u elastic -i
but I can't find a way to do it / read it via ansible.
I can also send API request with ansible:
- name: Push password
ansible.windows.win_uri:
url: http://localhost:9200/_security/user/_password?pretty
method: PUT
url_username: elastic
url_password: my_password
body:
password: my_new_password
headers:
Content-Type: "application/json"
but it requires me providing old password, which I don't know before I reset it manually (and this is what I'm trying to automate).
Is there a way to do it with ansible?
CodePudding user response:
The most efficient way would be to reset the password directly to the target one. But since you can only do that interactively with elasticsearch-reset-password
, this would require using the ansible.builtin.expect
module which is unfortunately available only for linux hosts
So under windows, I'm affraid the only alternative is to:
- reset to a random password and read it in a variable
- change the random password to the one you want to configure
Issuing the following command:
elasticsearch-reset-password -u elastic -b
Outputs something like the following on stdout
:
Password for the [elastic] user successfully reset.
New value: dTrR*tAdnCCkTZ4 Edgd
So the information we are looking for is on the last line
Taking this into account, the (untested) following playbook should do what you expect (or at the very least put you on the good track).
- name: Reset elastic user password to random
ansible.builtin.win_command: elasticsearch-reset-password -u elastic -b
register: reset_cmd
- name: Push password
vars:
my_password: "{{ reset_cmd.stdout_lines[-1]
| regex_replace('^New value: (.*)$', '\\1') }}"
ansible.windows.win_uri:
url: http://localhost:9200/_security/user/_password?pretty
method: PUT
url_username: elastic
url_password: "{{ my_password }}"
body:
password: "verysecurenewpassword"
headers:
Content-Type: "application/json"