Support in Puppet Module for Elasticsearch 6.x initial password setup

Hi All,

Currently busy setting up a Puppet Ent. configuration by using the official Elastic module. We can easily deploy the elasticsearch node with the configuration, but we struggling setting up the initial passwords using the bootstrap initial key in the keystore by using the official module. Currently we are using the elasticsearch-setup-password interactive command.

Is this task already supported by the latest module ?

@tylerjl : Can you answer this question, since you seem to be the creator :slight_smile:

One approach that should work would be to set the bootstrap.password keystore setting to your desired password value using the supported secrets parameter for the Elasticsearch module. This documentation page summarizes how bootstrap.password works, and the ability to configure secrets in the module is documented here.

Does that help?

1 Like

Hi @tylerjl thanks for your answer. This should do the trick. We will verify this.

It helps a bit, because you are only changing the password for the elastic user
The other default accounts still have the keystore.seed password?

It keeps on adding the bootstrap.password and removing the keystore.seed when running puppet.
set purge_secrets to true.

Info: Applying configuration version '1540378180'
Notice: /Stage[main]/Elasticsearch/Elasticsearch::Instance[instance]/File[/etc/elasticsearch/instance/elasticsearch.keystore]/content:
Binary files /etc/elasticsearch/instance/elasticsearch.keystore and /tmp/puppet-file20181024-31767-mx9wfp differ

Notice: /Stage[main]/Elasticsearch/Elasticsearch::Instance[instance]/Elasticsearch_keystore[instance]/settings: added: bootstrap.password

It would also be nice to use Sensitive for the bootstrap.password, now the password shows in puppet reports.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.