Comments (11)
any rpm/deb package no matter how you install it ( rpm / dpkg / yum / apt ) it will always create the user.
Lets leave it up to the user to create the right user/group stuff.
from ansible-elasticsearch.
When I wrote my own ansible role to install elasticsearch, I eventually had to add configuration to set the elasticsearch users uid and gid. The reason being that mismatched uid/gid's on different nodes resulted in some nodes being unable to read/write snapshots. Since the repo directory was on an nfs mount with an owner/group of the elasticsearch user on the node I initiated the repo from. At I think that's the initial problem I ran into, it's been a while.
I do know forcing all nodes to have the same username and uid/gid's fixed that issue.
So I'd love to be able to force the uid/gid's to be the same.
Of course, I haven't checked to see if the owner/group issue still occurs with elasticsearch 2.x. I suppose I'm posting this a bit early... :\
from ansible-elasticsearch.
I'd like to get @electrical view on this. Easily added but its whether this is the appropriate place or whether it should be supported elsewhere.
from ansible-elasticsearch.
I think that's only a problem when using NFS
. S3 shouldn't have a problem with different ID's.
from ansible-elasticsearch.
Yes, S3 would not have issues with id's. But we're not using it for this.
from ansible-elasticsearch.
I can manually reproduce @jerrac issue. Its hard for us to automate and test for this in the kitchen tests as we currently don't form clusters across docker images.
The alternative is to ask users to create users using a separate ansible role and simply specify the es_user and es_group. These will be used for the service.
from ansible-elasticsearch.
If I remember correctly, the package manager should use the existing user if one exists, right? So if I create a "elasticsearch" user before installing elasticsearch, the package manager would use the user I created.
So, could we add a couple optional tasks to the role? If es_custom_user_id
is True
, then create a user and a group named "elasticsearch" with the user and group ids in the es_custom_user_uid
and es_custom_user_gid
variables. After that, run the installation tasks.
Does that make sense?
from ansible-elasticsearch.
So, what I described does seem to work just fine. See https://github.com/LaneCommunityCollege/ansible-elasticsearch/commit/de82918584edd5159643b43c1dff07cc4e5d63ca
Is that enough for a pull request? Or is there something else I need to do?
from ansible-elasticsearch.
Hi
If we specify the creation of user_id it seems we should just support creation of a user as well. If the user specifies a user "elasticsearch" and provides an id, it would simply overwrite the id.
@electrical Would you be prepared to reconsider user management given the issues it proposes if ids are not identical per node.
from ansible-elasticsearch.
Can support it yeah. es_user
, es_uid
, es_gid
would make sense i think.
from ansible-elasticsearch.
@jerrac will you make a pull request here? If not, i'll work on this and try to get it to the next release.
from ansible-elasticsearch.
Related Issues (20)
- Failure in "Debian - Ensure elasticsearch is installed" HOT 4
- FR: Install Elasticsearch-plugins with this role HOT 2
- Wrong elasticsearch.keystore permissions forbid elasticsearch.service from starting HOT 6
- issue with "could not find java in bundled JDK" HOT 2
- Does not accept static IP config Eg: transport.host: <hostname>" HOT 2
- gpg dependencies missing HOT 3
- Segmentation fault in JNA library due to non-existent home directory for elasticsearch user HOT 2
- Specifying `path.data` as a list is deprecated in Elasticsearch 7.13 HOT 2
- Turn on systemd on OracleLinux HOT 2
- kibana connect to elastic HOT 1
- Bootstrapping a new/additional instance with activated security fails HOT 1
- Single node cluster configuration HOT 2
- Playbook not working with rh8 HOT 3
- filter_plugins/custom.py is skipped when ansible is installed through pip HOT 2
- Hacktoberfest participation
- ssl-tls-setup.md should point to location of bin/elasticsearch-certutil HOT 2
- Role fails when pointed to es_ssl_keystore / es_ssl_truststore using CA and Cert created with bin/elasticsearch-certutil HOT 4
- Upload pem certs from local to remote
- Safe options for log4j2 - CVE-2021-44228 HOT 4
- How to remove always tag HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-elasticsearch.