We are using ansible to deploy elasticsearch. This involves configuring some elasticsearch-keystore settings -
bootstrap.password
keystore.seed
s3.client.default.access_key
s3.client.default.secret_key
xpack.security.http.ssl.secure_key_passphrase
xpack.security.transport.ssl.secure_key_passphrase
The values for these are defined in ansible-vault protected configuration files.
I would like to idempotently be able to apply these values but I cannot see any way of verifying from the elasticsearch-keystore command whether the value has changed or not. Is this possible ?
Currently we just force apply the configured values everytime and restart elasticsearch. This is not ideal as the restart time is increasing as more data is logged into elasticsearch