Rename variables to keep naming scheme

.config/ansible-lint.yml

@@ -8,6 +8,7 @@ warn_list:
   - name[casing]
   - 'risky-shell-pipe'
   - no-handler # backup of old certificates
+  - var-naming[no-role-prefix] # remove when https://github.com/ansible/ansible-lint/discussions/3451 is done
 skip_list:
   - '106'
   - 'command-instead-of-module'

docs/role-elasticsearch.md

@@ -17,7 +17,7 @@ Role Variables
 * *elasticsearch_ca*: Set to the inventory hostname of the host that should house the CA for certificates for inter-node communication. (default: First node in the `elasticsearch` host group)
 * *elastic_ca_pass*: Password for Elasticsearch CA (default: `PleaseChangeMe`)
 * *elastic_ca_expiration_buffer*: Ansible will renew the CA if its validity is shorter than this value, which should be number of days. (default: 30)
-* *elastic_ca_will_expire_soon*: Set it to true to renew the CA and the certificate of all Elastic Stack components (default: `false`), Or run the playbook with `--tags renew_ca` to do that.
+* *elasticsearch_ca_will_expire_soon*: Set it to true to renew the CA and the certificate of all Elastic Stack components (default: `false`), Or run the playbook with `--tags renew_ca` to do that.
 * *elasticsearch_tls_key_passphrase*: Passphrase for elasticsearch certificates (default: `PleaseChangeMeIndividually`)
 * *elasticsearch_cert_expiration_buffer*: Ansible will renew the elasticsearch certificate if its validity is shorter than this value, which should be number of days. (default: 30)
 * *elasticsearch_cert_will_expire_soon*: Set it to true to renew elasticsearch certificate (default: `false`), Or run the playbook with `--tags renew_elasticsearch_cert` to do that.

roles/beats/tasks/auditbeat.yml

@@ -2,7 +2,7 @@
 
 - name: Construct exact name of Auditbeat package
   set_fact:
-    auditbeat_package: >
+    beats_auditbeat_package: >
       {{
       'auditbeat' +
       (elastic_versionseparator +
@@ -12,15 +12,15 @@
       }}
 - name: Install Auditbeat - rpm
   package:
-    name: "{{ auditbeat_package }}"
+    name: "{{ beats_auditbeat_package }}"
     enablerepo:
       - 'elastic-{{ elastic_release }}.x'
   when:
     - ansible_os_family == "RedHat"
 
 - name: Install Auditbeat - deb
   package:
-    name: "{{ auditbeat_package }}"
+    name: "{{ beats_auditbeat_package }}"
   when:
     - ansible_os_family == "Debian"
 

roles/beats/tasks/filebeat.yml

@@ -2,7 +2,7 @@
 
 - name: Construct exact name of Filebeat package
   set_fact:
-    filebeat_package: >
+    beats_filebeat_package: >
       {{
       'filebeat' +
       (elastic_versionseparator +
@@ -12,15 +12,15 @@
 
 - name: Install Filebeat - rpm
   package:
-    name: "{{ filebeat_package }}"
+    name: "{{ beats_filebeat_package }}"
     enablerepo:
       - 'elastic-{{ elastic_release }}.x'
   when:
     - ansible_os_family == "RedHat"
 
 - name: Install Filebeat - deb
   package:
-    name: "{{ filebeat_package }}"
+    name: "{{ beats_filebeat_package }}"
   when:
     - ansible_os_family == "Debian"
 

roles/beats/tasks/metricbeat.yml

@@ -2,7 +2,7 @@
 
 - name: Construct exact name of Metricbeat package
   set_fact:
-    metricbeat_package: >
+    beats_metricbeat_package: >
       {{
       'metricbeat' +
       (elastic_versionseparator +
@@ -13,15 +13,15 @@
 
 - name: Install Metricbeat - rpm
   package:
-    name: "{{ metricbeat_package }}"
+    name: "{{ beats_metricbeat_package }}"
     enablerepo:
       - 'elastic-{{ elastic_release }}.x'
   when:
     - ansible_os_family == "RedHat"
 
 - name: Install Metricbeat - deb
   package:
-    name: "{{ metricbeat_package }}"
+    name: "{{ beats_metricbeat_package }}"
   when:
     - ansible_os_family == "Debian"
 

roles/elasticsearch/defaults/main.yml

@@ -30,7 +30,7 @@ elastic_ca_pass: PleaseChangeMe
 elasticsearch_tls_key_passphrase: PleaseChangeMeIndividually
 elastic_ca_expiration_buffer: 30
 elasticsearch_cert_expiration_buffer: 30
-elastic_ca_will_expire_soon: false
+elasticsearch_ca_will_expire_soon: false
 elasticsearch_cert_will_expire_soon: false
 
 # "global" variables for all roles

roles/elasticsearch/handlers/main.yml

@@ -12,5 +12,5 @@
   when:
     - elastic_stack_full_stack: true
     - "not 'renew_ca' in ansible_run_tags"
-    - "not elastic_ca_will_expire_soon | bool"
+    - "not elasticsearch_ca_will_expire_soon | bool"
     - groups['kibana'] is defined

roles/elasticsearch/tasks/elasticsearch-security.yml

@@ -12,24 +12,24 @@
 - name: Ensure ca exists
   stat:
     path: "{{ elastic_ca_dir }}/elastic-stack-ca.p12"
-  register: ca_exists
+  register: elasticsearch_ca_exists
   when: inventory_hostname == elasticsearch_ca
 
 - name: Get CA informations
   cert_info:
     path: "{{ elastic_ca_dir }}/elastic-stack-ca.p12"
     passphrase: "{{ elastic_ca_pass | default(omit, true) }}"
-  register: ca_infos
-  when: inventory_hostname == elasticsearch_ca and ca_exists.stat.exists | bool
+  register: elasticsearch_ca_infos
+  when: inventory_hostname == elasticsearch_ca and elasticsearch_ca_exists.stat.exists | bool
 
 - name: Set the ca expiration date in days
   set_fact:
-    elastic_ca_expiration_days: "{{ (( ca_infos.not_valid_after | to_datetime()) - (ansible_date_time.date | to_datetime('%Y-%m-%d'))).days }}"
-  when: inventory_hostname == elasticsearch_ca and ca_infos.skipped is not defined
+    elasticsearch_ca_expiration_days: "{{ (( elasticsearch_ca_infos.not_valid_after | to_datetime()) - (ansible_date_time.date | to_datetime('%Y-%m-%d'))).days }}"
+  when: inventory_hostname == elasticsearch_ca and elasticsearch_ca_infos.skipped is not defined
 
 - name: Set ca will expire soon to true
   set_fact:
-    elastic_ca_will_expire_soon: true
+    elasticsearch_ca_will_expire_soon: true
   when: >
     inventory_hostname == elasticsearch_ca and
     elasticsearch_cert_expiration_days is defined and
@@ -38,12 +38,12 @@
 - name: Print the ca renew message
   debug:
     msg: |
-      Your ca will expire in {{ elastic_ca_expiration_days }}.
+      Your ca will expire in {{ elasticsearch_ca_expiration_days }}.
       Ansible will renew it and all elastic stack certificates
   when: >
     inventory_hostname == elasticsearch_ca and
-    elastic_ca_expiration_days is defined and
-    elastic_ca_expiration_days | int <= elastic_ca_expiration_buffer | int
+    elasticsearch_ca_expiration_days is defined and
+    elasticsearch_ca_expiration_days | int <= elastic_ca_expiration_buffer | int
 
 - name: Stop Logstash
   service:
@@ -52,11 +52,11 @@
   with_items: "{{ groups['logstash'] }}"
   delegate_to: "{{ item }}"
   when:
-    - "'renew_ca' in ansible_run_tags or elastic_ca_will_expire_soon | bool"
+    - "'renew_ca' in ansible_run_tags or elasticsearch_ca_will_expire_soon | bool"
     - groups['logstash'] is defined
 
 - name: Backup ca directory on elasticsearch ca host then remove
-  when: (inventory_hostname == elasticsearch_ca) and ('renew_ca' in "ansible_run_tags" or elastic_ca_will_expire_soon | bool)
+  when: (inventory_hostname == elasticsearch_ca) and ('renew_ca' in "ansible_run_tags" or elasticsearch_ca_will_expire_soon | bool)
   tags:
     - renew_ca
   block:
@@ -136,7 +136,7 @@
     msg: |
       Your elasticsearch certificate will expire in {{ elasticsearch_cert_expiration_days }}.
       Ansible will renew it.
-  when: elasticsearch_cert_expiration_day is defined and elastic_ca_expiration_days | int <= elastic_ca_expiration_buffer | int
+  when: elasticsearch_cert_expiration_day is defined and elasticsearch_ca_expiration_days | int <= elastic_ca_expiration_buffer | int
 
 - name: Backup elasticsearch certs on node then remove
   when: "'renew_es_cert' in ansible_run_tags or 'renew_ca' in ansible_run_tags or elasticsearch_cert_will_expire_soon | bool"
@@ -237,15 +237,15 @@
 - name: Check for bootstrap password
   command: /usr/share/elasticsearch/bin/elasticsearch-keystore list
   changed_when: false
-  register: es_keystore
+  register: elasticsearch_keystore
 
 - name: Set bootstrap password # noqa: risky-shell-pipe
   shell: >
     if test -v BASH; then set -o pipefail; fi;
     echo "{{ elasticsearch_bootstrap_pw }}" |
     /usr/share/elasticsearch/bin/elasticsearch-keystore
     add -x 'bootstrap.password'
-  when: "'bootstrap.password' not in es_keystore.stdout_lines"
+  when: "'bootstrap.password' not in elasticsearch_keystore.stdout_lines"
   changed_when: false
   no_log: true
   notify:
@@ -259,9 +259,9 @@
     /usr/share/elasticsearch/bin/elasticsearch-keystore
     show 'xpack.security.http.ssl.keystore.secure_password'
   when:
-    - "'xpack.security.http.ssl.keystore.secure_password' in es_keystore.stdout_lines"
+    - "'xpack.security.http.ssl.keystore.secure_password' in elasticsearch_keystore.stdout_lines"
     - elasticsearch_http_security
-  register: http_ssl_keystore_secure_password
+  register: elasticsearch_http_ssl_keystore_secure_password
   ignore_errors: "{{ ansible_check_mode }}"
   no_log: true
   changed_when: false
@@ -275,7 +275,7 @@
   changed_when: false
   no_log: true
   when:
-    - http_ssl_keystore_secure_password.stdout is undefined or elasticsearch_tls_key_passphrase != http_ssl_keystore_secure_password.stdout
+    - elasticsearch_http_ssl_keystore_secure_password.stdout is undefined or elasticsearch_tls_key_passphrase != elasticsearch_http_ssl_keystore_secure_password.stdout
     - elasticsearch_http_security
   notify:
     - Restart Elasticsearch
@@ -289,7 +289,7 @@
   changed_when: false
   no_log: true
   when:
-    - "'xpack.security.http.ssl.keystore.secure_password' in es_keystore.stdout_lines"
+    - "'xpack.security.http.ssl.keystore.secure_password' in elasticsearch_keystore.stdout_lines"
     - not elasticsearch_http_security
   notify:
     - Restart Elasticsearch
@@ -301,9 +301,9 @@
     /usr/share/elasticsearch/bin/elasticsearch-keystore
     show 'xpack.security.http.ssl.truststore.secure_password'
   when:
-    - "'xpack.security.http.ssl.truststore.secure_password' in es_keystore.stdout_lines"
+    - "'xpack.security.http.ssl.truststore.secure_password' in elasticsearch_keystore.stdout_lines"
     - elasticsearch_http_security
-  register: http_ssl_truststore_secure_password
+  register: elasticsearch_http_ssl_truststore_secure_password
   ignore_errors: "{{ ansible_check_mode }}"
   no_log: true
   changed_when: false
@@ -317,7 +317,7 @@
   changed_when: false
   no_log: true
   when:
-    - http_ssl_truststore_secure_password.stdout is undefined or elasticsearch_tls_key_passphrase != http_ssl_truststore_secure_password.stdout
+    - elasticsearch_http_ssl_truststore_secure_password.stdout is undefined or elasticsearch_tls_key_passphrase != elasticsearch_http_ssl_truststore_secure_password.stdout
     - elasticsearch_http_security
   notify:
     - Restart Elasticsearch
@@ -330,7 +330,7 @@
   changed_when: false
   no_log: true
   when:
-    - "'xpack.security.http.ssl.truststore.secure_password' in es_keystore.stdout_lines"
+    - "'xpack.security.http.ssl.truststore.secure_password' in elasticsearch_keystore.stdout_lines"
     - not elasticsearch_http_security
   notify:
     - Restart Elasticsearch
@@ -341,9 +341,9 @@
     /usr/share/elasticsearch/bin/elasticsearch-keystore
     show 'xpack.security.transport.ssl.keystore.secure_password'
   when:
-    - "'xpack.security.transport.ssl.keystore.secure_password' in es_keystore.stdout_lines"
+    - "'xpack.security.transport.ssl.keystore.secure_password' in elasticsearch_keystore.stdout_lines"
     - elasticsearch_security
-  register: transport_ssl_keystore_secure_password
+  register: elasticsearch_transport_ssl_keystore_secure_password
   ignore_errors: "{{ ansible_check_mode }}"
   no_log: true
   changed_when: false
@@ -357,7 +357,7 @@
   changed_when: false
   no_log: true
   when:
-    - transport_ssl_keystore_secure_password.stdout is undefined or elasticsearch_tls_key_passphrase != transport_ssl_keystore_secure_password.stdout
+    - elasticsearch_transport_ssl_keystore_secure_password.stdout is undefined or elasticsearch_tls_key_passphrase != elasticsearch_transport_ssl_keystore_secure_password.stdout
     - elasticsearch_security
   notify:
     - Restart Elasticsearch
@@ -370,7 +370,7 @@
   changed_when: false
   no_log: true
   when:
-    - "'xpack.security.transport.ssl.keystore.secure_password' in es_keystore.stdout_lines"
+    - "'xpack.security.transport.ssl.keystore.secure_password' in elasticsearch_keystore.stdout_lines"
     - not elasticsearch_security
   notify:
     - Restart Elasticsearch
@@ -381,9 +381,9 @@
     /usr/share/elasticsearch/bin/elasticsearch-keystore
     show 'xpack.security.transport.ssl.truststore.secure_password'
   when:
-    - "'xpack.security.transport.ssl.truststore.secure_password' in es_keystore.stdout_lines"
+    - "'xpack.security.transport.ssl.truststore.secure_password' in elasticsearch_keystore.stdout_lines"
     - elasticsearch_security
-  register: transport_ssl_truststore_secure_password
+  register: elasticsearch_transport_ssl_truststore_secure_password
   ignore_errors: "{{ ansible_check_mode }}"
   no_log: true
   changed_when: false
@@ -397,7 +397,7 @@
   changed_when: false
   no_log: true
   when:
-    - transport_ssl_truststore_secure_password.stdout is undefined or elasticsearch_tls_key_passphrase != transport_ssl_truststore_secure_password.stdout
+    - elasticsearch_transport_ssl_truststore_secure_password.stdout is undefined or elasticsearch_tls_key_passphrase != elasticsearch_transport_ssl_truststore_secure_password.stdout
     - elasticsearch_security
   notify:
     - Restart Elasticsearch
@@ -410,7 +410,7 @@
   changed_when: false
   no_log: true
   when:
-    - "'xpack.security.transport.ssl.truststore.secure_password' in es_keystore.stdout_lines"
+    - "'xpack.security.transport.ssl.truststore.secure_password' in elasticsearch_keystore.stdout_lines"
     - not elasticsearch_security
   notify:
     - Restart Elasticsearch
@@ -566,11 +566,11 @@
     {{ elasticsearch_http_protocol }}://elastic:{{ elasticsearch_bootstrap_pw }}@localhost:{{ elastic_elasticsearch_http_port }}/_cluster/health?pretty |
     grep status |
     cut -d\" -f4
-  register: es_cluster_status_bootstrap
+  register: elasticsearch_cluster_status_bootstrap
   changed_when: false
   no_log: true
   when: not elasticsearch_passwords_file.stat.exists | bool
-  until: es_cluster_status_bootstrap.stdout == "green"
+  until: elasticsearch_cluster_status_bootstrap.stdout == "green"
   retries: 5
   delay: 10
 
@@ -592,12 +592,12 @@
     {{ elasticsearch_http_protocol }}://elastic:{{ elastic_password.stdout }}@localhost:{{ elastic_elasticsearch_http_port }}/_cluster/health?pretty |
     grep status |
     cut -d\" -f4
-  register: es_cluster_status
+  register: elasticsearch_cluster_status
   changed_when: false
   # no_log: true
   ignore_errors: true
   when: elasticsearch_passwords_file.stat.exists | bool
-  until: es_cluster_status.stdout == "green"
+  until: elasticsearch_cluster_status.stdout == "green"
   retries: 20
   delay: 10