Support for elastic 8

defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 # defaults file for elasticsearch
-es_major_version: 7
-es_minor_version: 17.5-1
+es_major_version: 8
+es_minor_version: 3.3-1
 es_upgrade: false
 
 es_cluster_name: dev-cluster

tasks/security.yml

@@ -24,6 +24,21 @@
     no_log: true
     notify: restart elasticsearch
 
+  - name: Delete Elastic 8.x default TLS secrets
+    ansible.builtin.command: 
+      argv:
+        - /usr/share/elasticsearch/bin/elasticsearch-keystore
+        - remove
+        - "{{ item }}"
+    with_items:
+      - 'xpack.security.http.ssl.keystore.secure_password'
+      - 'xpack.security.transport.ssl.keystore.secure_password'
+      - 'xpack.security.transport.ssl.truststore.secure_password'
+    when:
+      - list_keystore is defined and 'bootstrap.password' not in list_keystore.stdout_lines and es_bootstrap_password is defined
+      - es_major_version == 8 
+    notify: restart elasticsearch
+
 - name: Create certificate folder
   ansible.builtin.file:
     path: /etc/elasticsearch/certs
@@ -97,4 +112,3 @@
 
   when: 
     - es_generate_certs == true
-    - es_major_version == 7

templates/elasticsearch.yml.j2

@@ -99,7 +99,7 @@ xpack.security.enabled: true
 xpack.security.http.ssl.enabled: {{ es_tls_enabled }}
 xpack.security.transport.ssl.enabled: {{ es_tls_enabled }}
 #
-{% if es_tls_enabled == true and es_major_version == 7 %}
+{% if es_tls_enabled == true %}
   {%- if es_generate_certs == true %}
 xpack.security.transport.ssl.verification_mode: certificate
 xpack.security.transport.ssl.client_authentication: required