Issue with file based users using Puppet

Hi there,

I am unable to add file based users. Below are the details of modules
elastic-elastic_stack, "6.2.4"
elastic-elasticsearch, "6.3.3"
elastic-kibana, "6.3.1"

here is the elasticsearch.pp file:
</>

profiles::elasticsearch::instance::users:
  adminuser:
    password: "Password123"
    roles: ['power_user']
  adminuser1:
    password: "Password456"
    roles: ['superuser']

--------------------------------------------

class profiles::elasticsearch::elasticsearch (
  String $cluster_name       = 'elasticsearch-pdev',
  String $node_name          = lookup ('profiles::elasticsearch::instance::node_name', String, 'first', $facts['hostname']),
  String $version            = lookup ('profiles::elasticsearch::instance::version'),
  String $path_data          = lookup ('profiles::elasticsearch::instance::path_data'),
  String $path_logs          = lookup ('profiles::elasticsearch::instance::path_logs'),
  String $path_tmp           = lookup ('profiles::elasticsearch::instance::path_tmp'),

  Boolean $restart_on_change = lookup ('profiles::elasticsearch::instance::restart_on_change'),
  Integer $heap_size_gb      = lookup ('profiles::elasticsearch::instance::heap_size_gb', Integer, 'first',
                                                  clamp(1, floor( $::memory['system']['total_bytes'] * 0.5 / 1024 / 1024 / 1024 ), 30)),

  Integer $master_count      = 0 + lookup ('profiles::elasticsearch::instance::master_count'),
  String $master_ip_prefix   = lookup ('profiles::elasticsearch::instance::master_ip_prefix'),
  Integer $transport_port    = lookup ('profiles::elasticsearch::instance::transport_tcp_port'),

  Hash $node_config          = lookup ('profiles::elasticsearch::instance::node_config'),
  Hash $config               = lookup ('profiles::elasticsearch::instance::config'),

  String $license            = lookup ('profiles::elasticsearch::instance::lisense'),

  String $ssl_crt_content    = lookup ('profiles::elasticsearch::instance::ssl_crt_content'),
  String $ssl_key_content    = lookup ('profiles::elasticsearch::instance::ssl_key_content'),
  String $ca_crt_content     = lookup ('profiles::elasticsearch::instance::ca_crt_content'),

  Hash $roles                = lookup ('profiles::elasticsearch::instance::roles'),
  Hash $users                = lookup ('profiles::elasticsearch::instance::users'),

  Hash $pipelines            = lookup ('profiles::elasticsearch::instance::pipelines', Hash, 'first', {}),
  Hash $repositories         = lookup ('profiles::elasticsearch::instance::repositories', Hash, 'first', {}),
  Hash $plugins              = lookup ('profiles::elasticsearch::instance::plugins', Hash, 'first', {}),
) {
  $_min_master_count = $master_count / 2 + 1
  $_master_ips = Integer[0, $master_count - 1].map |$__item| { "${master_ip_prefix}${__item}:${transport_port}" }

 $_config = deep_merge( $node_config, $config, {
    'discovery.zen.minimum_master_nodes' => $_min_master_count,
    'discovery.zen.ping.unicast.hosts' => $_master_ips
  })



class { '::elasticsearch':
    version                 => 6.4.0,
    restart_on_change       => true,
    security_plugin         => 'x-pack',
    api_protocol            => 'https',
    api_basic_auth_username => 'adminuser',
    api_basic_auth_password => "Password123",
    api_host                => 'localhost',
    api_port                => 9200,
    api_timeout             => 60,
    api_ca_file             => "/etc/elasticsearch/${cluster_name}/ca.crt",
    api_ca_path             => "/etc/elasticsearch/${cluster_name}",
    validate_tls            => true,
    datadir                 => [ /data/elasticsearch/data ],
    license                 => $license,
    config                  => {
      'cluster.name' => 'elasticsearch-pdev',
      'node.name'    => 'allinonenode',
    },

    jvm_options             => [
      "-Xms${heap_size_gb}g",
      "-Xmx${heap_size_gb}g",
      "-Djava.io.tmpdir=${path_tmp}"
    ],

    instances               => {
      $cluster_name => {
        ssl               => true,
        ca_certificate    => "/etc/elasticsearch/${cluster_name}/ca.crt",
        certificate       => "/etc/elasticsearch/${cluster_name}/elasticnode.crt",
        private_key       => "/etc/elasticsearch/${cluster_name}/elasticnode.key",
        keystore_password => 'password',
        config            => $_config,
        logdir            => $path_logs,
        init_defaults     => {
          'MAX_LOCKED_MEMORY' => 'unlimited',
        }
      },
    },
	
	roles                   => $roles,
    users                   => $users,
    pipelines               => $pipelines,
    snapshot_repositories   => $repositories,
    require                 => Class['profiles::elasticsearch::java'],
  }
  create_resources( elasticsearch::plugin, $plugins, {instances => [$cluster_name]})
}

/>

Puppet is creating separate instance (named "elasticsearch-pdev") of elasticsearch but not creating users.

Thanks

Hi @Shrikant_Patil. What ends up being created inside of /etc/elasticsearch/elasticsearch-pdev/? Are the users.yml files here? Does the puppet run return any failures or error messages during an apply?

Thanks @tylerjlfor response.

Yes, the users.yml flle is there but it is empty. Getting below exception during puppet apply:

Error: /Stage[main]/Elasticsearch::License/Elasticsearch_license[xpack]: Could not evaluate: Elasticsearch API responded with: unable to authenticate user [adminuser] for REST request [/_xpack/license?acknowledge=true]

Thanks,
Shrikant

Hm, that error makes sense given that the users aren't being defined in the yaml. Could you upload the logs of a puppet apply (potentially with the --debug flag) to a pastebin? There should be some sort of output from the provider for the elasticsearch users file, which might help pinpoint what might be failing when it's attempting to write the file.