use ansible DEFAULT_LOCAL_TMP for files stored on the ansible control…

…ler (fin ... fixes issue #354)
NETWAYS · Nov 11, 2024 · 152bd93 · 152bd93
1 parent 395fb94
commit 152bd93
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 16 deletions.
diff --git a/roles/beats/tasks/beats-security.yml b/roles/beats/tasks/beats-security.yml
@@ -87,20 +87,20 @@
   block:
     - name: Check the existance of cert on localhost
       ansible.builtin.stat:
-        path: /tmp/{{ ansible_hostname }}-beats.zip
+        path: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-beats.zip"
       register: beats_check_temporary_cert
 
     - name: Move temporary zip file
       ansible.builtin.copy:
-        src: /tmp/{{ ansible_hostname }}-beats.zip
-        dest: "/tmp/{{ ansible_hostname }}-beats.zip_{{ ansible_date_time.iso8601_micro }}"
+        src: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-beats.zip"
+        dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-beats.zip_{{ ansible_date_time.iso8601_micro }}"
         mode: preserve
       when: beats_check_temporary_cert.stat.exists
       register: beats_move_cert_file
 
     - name: Remove temporary cert file
       ansible.builtin.file:
-        path: /tmp/{{ ansible_hostname }}-beats.zip
+        path: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-beats.zip"
         state: absent
       when: beats_move_cert_file.changed
 
@@ -139,7 +139,7 @@
 - name: Fetch certificate from ca host to master
   ansible.builtin.fetch:
     src: "{{ elasticstack_ca_dir }}/{{ ansible_hostname }}-beats.zip"
-    dest: "/tmp/{{ ansible_hostname }}-beats.zip"
+    dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-beats.zip"
     flat: yes
   delegate_to: "{{ elasticstack_ca }}"
   tags:
@@ -149,7 +149,7 @@
 
 - name: Copy the certificate to actual node
   ansible.builtin.unarchive:
-    src: "/tmp/{{ ansible_hostname }}-beats.zip"
+    src: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-beats.zip"
     dest: "/etc/beats/certs/"
     owner: root
     group: root
@@ -196,7 +196,7 @@
 - name: Fetch ca certificate from ca host to master
   ansible.builtin.fetch:
     src: "{{ elasticstack_ca_dir }}/ca.crt"
-    dest: /tmp/ca.crt
+    dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/ca.crt"
     flat: yes
   delegate_to: "{{ elasticstack_ca }}"
   tags:
@@ -206,7 +206,7 @@
 
 - name: Copy the ca certificate to actual node
   ansible.builtin.copy:
-    src: /tmp/ca.crt
+    src: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/ca.crt"
     dest: /etc/beats/certs
     owner: root
     group: root

diff --git a/roles/kibana/tasks/kibana-security.yml b/roles/kibana/tasks/kibana-security.yml
@@ -91,20 +91,20 @@
   block:
     - name: Check the existance of cert on localhost
       ansible.builtin.stat:
-        path: /tmp/{{ ansible_hostname }}-kibana.p12
+        path: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-kibana.p12"
       register: kibana_check_temporary_cert
 
     - name: Move temporary cert file
       ansible.builtin.copy:
-        src: /tmp/{{ ansible_hostname }}-kibana.p12
-        dest: "/tmp/{{ ansible_hostname }}-kibana.p12_{{ ansible_date_time.iso8601_micro }}"
+        src: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-kibana.p12"
+        dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-kibana.p12_{{ ansible_date_time.iso8601_micro }}"
         mode: preserve
       when: kibana_check_temporary_cert.stat.exists
       register: kibana_move_cert_file
 
     - name: Remove temporary cert file
       ansible.builtin.file:
-        path: /tmp/{{ ansible_hostname }}-kibana.p12
+        path: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-kibana.p12"
         state: absent
       when: kibana_move_cert_file.changed
 
@@ -180,7 +180,7 @@
 - name: Fetch certificate from ca host to master
   ansible.builtin.fetch:
     src: "{{ elasticstack_ca_dir }}/{{ ansible_hostname }}-kibana.p12"
-    dest: "/tmp/"
+    dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-kibana.p12"
     flat: yes
   delegate_to: "{{ elasticstack_ca }}"
   tags:
@@ -190,7 +190,7 @@
 
 - name: Copy the certificate to actual node
   ansible.builtin.copy:
-    src: "/tmp/{{ ansible_hostname }}-kibana.p12"
+    src: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/{{ ansible_hostname }}-kibana.p12"
     dest: "/etc/kibana/certs"
     owner: root
     group: kibana
@@ -215,7 +215,7 @@
 - name: Fetch ca certificate from ca host to master
   ansible.builtin.fetch:
     src: "{{ elasticstack_ca_dir }}/ca.crt"
-    dest: /tmp/ca.crt
+    dest: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/ca.crt"
     flat: yes
   delegate_to: "{{ elasticstack_ca }}"
   tags:
@@ -225,7 +225,7 @@
 
 - name: Copy the ca certificate to actual node
   ansible.builtin.copy:
-    src: /tmp/ca.crt
+    src: "{{ lookup('config', 'DEFAULT_LOCAL_TMP') | dirname }}/ca.crt"
     dest: /etc/kibana/certs
     owner: root
     group: kibana