puppet-elasticsearch icon indicating copy to clipboard operation
puppet-elasticsearch copied to clipboard

Published 20 hours ago verified publisher icon voxpupuli

Puppet creates empty keystore

Open tmanninger opened this issue 5 years ago • 1 comments

  • Module version: 6.3.2
  • Puppet version: 5.5
  • OS and version: Debian 9

I unintentionally deleted the elasticseach keystore file (elasticsearch.keystore). Because this machine is a staging machine, i have no backup of this file :-( ...

If i execute the puppet agent, it creates a new keystore file, but without content: du -s /etc/elasticsearch/es-01/elasticsearch.keystore 0 /etc/elasticsearch/es-01/elasticsearch.keystore

I can recreate a new keystore file with the elasticsearch command (elasticsearch-keystore create), but at every puppet run, puppet overwrites the generated keystore again with an empty keystore.

Notice: /Stage[main]/Profile::Service::Elasticsearch/Elasticsearch::Instance[es-01]/File[/etc/elasticsearch/es-01/elasticsearch.keystore]/content: Binary files /etc/elasticsearch/es-01/elasticsearch.keystore and /tmp/puppet-file20190322-21824-1kgae8c differ

Info: Computing checksum on file /etc/elasticsearch/es-01/elasticsearch.keystore Info: /Stage[main]/Profile::Service::Elasticsearch/Elasticsearch::Instance[es-01]/File[/etc/elasticsearch/es-01/elasticsearch.keystore]: Filebucketed /etc/elasticsearch/es-01/elasticsearch.keystore to puppet with sum 9b650999946a72709ebd73817f9cdae9 Notice: /Stage[main]/Profile::Service::Elasticsearch/Elasticsearch::Instance[es-01]/File[/etc/elasticsearch/es-01/elasticsearch.keystore]/content:

Notice: /Stage[main]/Profile::Service::Elasticsearch/Elasticsearch::Instance[es-01]/File[/etc/elasticsearch/es-01/elasticsearch.keystore]/content: content changed '{md5}9b650999946a72709ebd73817f9cdae9' to '{md5}d41d8cd98f00b204e9800998ecf8427e'

How can i solve this problem?

tmanninger avatar Mar 22 '19 11:03 tmanninger

@tmanninger You would need to add a hash of all the properties and their values to elasticsearch::secrets. This will create a new keystore and populate it.

Example:

elasticsearch::secrets:
  bootstrap.password: 'randompassword'
  xpack.security.http.ssl.keystore.secure_password: 'terriblepassword'
  xpack.security.http.ssl.secure_key_passphrase: 'yetanotherpassword'

There is also elasticsearch::purge_secrets to remove any properties already present but I don't think you require this.

uberjew666 avatar Nov 06 '19 15:11 uberjew666