Issue with file based users using Puppet

Hi there,

I am unable to add file based users. Below are the details of modules
elastic-elastic_stack, "6.2.4"
elastic-elasticsearch, "6.3.3"
elastic-kibana, "6.3.1"

here is the elasticsearch.pp file:
</>

profiles::elasticsearch::instance::users:
  adminuser:
    password: "Password123"
    roles: ['power_user']
  adminuser1:
    password: "Password456"
    roles: ['superuser']

--------------------------------------------

class profiles::elasticsearch::elasticsearch (
  String $cluster_name       = 'elasticsearch-pdev',
  String $node_name          = lookup ('profiles::elasticsearch::instance::node_name', String, 'first', $facts['hostname']),
  String $version            = lookup ('profiles::elasticsearch::instance::version'),
  String $path_data          = lookup ('profiles::elasticsearch::instance::path_data'),
  String $path_logs          = lookup ('profiles::elasticsearch::instance::path_logs'),
  String $path_tmp           = lookup ('profiles::elasticsearch::instance::path_tmp'),

  Boolean $restart_on_change = lookup ('profiles::elasticsearch::instance::restart_on_change'),
  Integer $heap_size_gb      = lookup ('profiles::elasticsearch::instance::heap_size_gb', Integer, 'first',
                                                  clamp(1, floor( $::memory['system']['total_bytes'] * 0.5 / 1024 / 1024 / 1024 ), 30)),

  Integer $master_count      = 0 + lookup ('profiles::elasticsearch::instance::master_count'),
  String $master_ip_prefix   = lookup ('profiles::elasticsearch::instance::master_ip_prefix'),
  Integer $transport_port    = lookup ('profiles::elasticsearch::instance::transport_tcp_port'),

  Hash $node_config          = lookup ('profiles::elasticsearch::instance::node_config'),
  Hash $config               = lookup ('profiles::elasticsearch::instance::config'),

  String $license            = lookup ('profiles::elasticsearch::instance::lisense'),

  String $ssl_crt_content    = lookup ('profiles::elasticsearch::instance::ssl_crt_content'),
  String $ssl_key_content    = lookup ('profiles::elasticsearch::instance::ssl_key_content'),
  String $ca_crt_content     = lookup ('profiles::elasticsearch::instance::ca_crt_content'),

  Hash $roles                = lookup ('profiles::elasticsearch::instance::roles'),
  Hash $users                = lookup ('profiles::elasticsearch::instance::users'),

  Hash $pipelines            = lookup ('profiles::elasticsearch::instance::pipelines', Hash, 'first', {}),
  Hash $repositories         = lookup ('profiles::elasticsearch::instance::repositories', Hash, 'first', {}),
  Hash $plugins              = lookup ('profiles::elasticsearch::instance::plugins', Hash, 'first', {}),
) {
  $_min_master_count = $master_count / 2 + 1
  $_master_ips = Integer[0, $master_count - 1].map |$__item| { "${master_ip_prefix}${__item}:${transport_port}" }

 $_config = deep_merge( $node_config, $config, {
    'discovery.zen.minimum_master_nodes' => $_min_master_count,
    'discovery.zen.ping.unicast.hosts' => $_master_ips
  })



class { '::elasticsearch':
    version                 => 6.4.0,
    restart_on_change       => true,
    security_plugin         => 'x-pack',
    api_protocol            => 'https',
    api_basic_auth_username => 'adminuser',
    api_basic_auth_password => "Password123",
    api_host                => 'localhost',
    api_port                => 9200,
    api_timeout             => 60,
    api_ca_file             => "/etc/elasticsearch/${cluster_name}/ca.crt",
    api_ca_path             => "/etc/elasticsearch/${cluster_name}",
    validate_tls            => true,
    datadir                 => [ /data/elasticsearch/data ],
    license                 => $license,
    config                  => {
      'cluster.name' => 'elasticsearch-pdev',
      'node.name'    => 'allinonenode',
    },

    jvm_options             => [
      "-Xms${heap_size_gb}g",
      "-Xmx${heap_size_gb}g",
      "-Djava.io.tmpdir=${path_tmp}"
    ],

    instances               => {
      $cluster_name => {
        ssl               => true,
        ca_certificate    => "/etc/elasticsearch/${cluster_name}/ca.crt",
        certificate       => "/etc/elasticsearch/${cluster_name}/elasticnode.crt",
        private_key       => "/etc/elasticsearch/${cluster_name}/elasticnode.key",
        keystore_password => 'password',
        config            => $_config,
        logdir            => $path_logs,
        init_defaults     => {
          'MAX_LOCKED_MEMORY' => 'unlimited',
        }
      },
    },
	
	roles                   => $roles,
    users                   => $users,
    pipelines               => $pipelines,
    snapshot_repositories   => $repositories,
    require                 => Class['profiles::elasticsearch::java'],
  }
  create_resources( elasticsearch::plugin, $plugins, {instances => [$cluster_name]})
}

/>

Puppet is creating separate instance (named "elasticsearch-pdev") of elasticsearch but not creating users.

Thanks

Hi @Shrikant_Patil. What ends up being created inside of /etc/elasticsearch/elasticsearch-pdev/? Are the users.yml files here? Does the puppet run return any failures or error messages during an apply?

Thanks @tylerjlfor response.

Yes, the users.yml flle is there but it is empty. Getting below exception during puppet apply:

Error: /Stage[main]/Elasticsearch::License/Elasticsearch_license[xpack]: Could not evaluate: Elasticsearch API responded with: unable to authenticate user [adminuser] for REST request [/_xpack/license?acknowledge=true]

Thanks,
Shrikant

Hm, that error makes sense given that the users aren't being defined in the yaml. Could you upload the logs of a puppet apply (potentially with the --debug flag) to a pastebin? There should be some sort of output from the provider for the elasticsearch users file, which might help pinpoint what might be failing when it's attempting to write the file.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.