Enable security per default in full stack mode (NETWAYS#104)

widhalmt · web-flow · commit e87769a6edef · 2022-03-25T16:57:59.000+01:00
* Enable security per default in full stack mode * Remove stupid fqcn rule fixes NETWAYS#103 fixes NETWAYS#34
diff --git a/.ansible-lint b/.ansible-lint
@@ -2,3 +2,4 @@ skip_list:
   - 'command-instead-of-module'
   - 'risky-shell-pipe'
   - 'role-name'
+  - 'fqcn-builtins'
diff --git a/README.md b/README.md
@@ -49,7 +49,7 @@ Aside from `logstash.yml` we can manage Logstashs pipelines.
 * *logstash_connector*: Create pipelines to connect git managed pipelines. (default: `true`)
 * *logstash_connector_pipelines*: Definition of connector pipelines. See docs/connector-pipelines.md for details
 * *logstash_elasticsearch*: Address of Elasticsearch instance for default output (default: list of Elasticsearch nodes from `elasticsearch` role or `localhost` when used standalone)
-* *logstash_security*: Enable X-Security (default: `false`)
+* *logstash_security*: Enable X-Security (No default set, but will be activated when in full stack mode)
 * *logstash_legacy_monitoring*: Enables legacy monitoring - ignored when `elastic_stack_full_stack` is not set. (default: `true`)
 
 These variables are identical over all our elastic related roles, hence the different naming scheme.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -28,7 +28,6 @@ logstash_beats_input: true
 logstash_connector: true
 
 # logstash security
-logstash_security: false
 logstash_user: logstash_writer
 logstash_password: password
 
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -21,6 +21,14 @@
     - configuration
     - logstash_configuration
 
+- name: Enable security as default when in full stack mode
+  set_fact:
+    logstash_security: true
+  when:
+    - logstash_security is undefined or elastic_security | bool
+    - elastic_stack_full_stack | bool
+    - elastic_variant == "elastic"
+
 - name: Ensure Logstash is installed
   package:
     name: "logstash{{ logstash_version }}"
