search

NETWAYS / ansible-collection-elasticstack

A collection to install and manage the Elastic Stack
GNU General Public License v3.0
11 stars 8 forks source link

[Bug]: Creation of Logstash Roles fails in some situations #335

Open widhalmt opened 2 months ago

widhalmt commented 2 months ago

Please try to fill out as much of the information below as you can. Thank you!

Which version contains the bug?

No response

Describe the bug

I've used this collection in several setups and didn't have a problem with this so far. This time I came back to a system I set up several months ago. So I assume the problem was introduced with one of the last changes. I guess the roles and users were set up using the old "template" method and the current "module" method has a problem with them, now. I had to remove the tasks for logstash user and role to proceed. I didn't have the time to debug on the customers setup but I will be able to collect more information as needed.

TASK [netways.elasticstack.logstash : Create logstash role logstash_writer] *****************************************************************************************************************************************************************
fatal: [elastic01.xxx.at]: FAILED! => {"changed": false, "module_stderr": "Shared connection to elastic01.xxx.at closed.
", "module_stdout": "
/usr/lib/python3/dist-packages/elasticsearch/connection/http_urllib3.py:158: UserWarning: When using `ssl_context`, all other SSL related kwargs are ignored
  warnings.warn(
/tmp/ansible_netways.elasticstack.elasticsearch_role_payload_nz82s9i1/ansible_netways.elasticstack.elasticsearch_role_payload.zip/ansible_collections/netways/elasticstack/plugins/module_utils/elasticsearch_role.py:74: ElasticsearchWarning: The client is unable to verify that the server is Elasticsearch due security privileges on the server side
Traceback (most recent call last):
  File \"/home/elasticadmin/.ansible/tmp/ansible-tmp-1723016852.3606312-1319575-207084496982344/AnsiballZ_elasticsearch_role.py\", line 107, in <module>
    _ansiballz_main()
  File \"/home/elasticadmin/.ansible/tmp/ansible-tmp-1723016852.3606312-1319575-207084496982344/AnsiballZ_elasticsearch_role.py\", line 99, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
  File \"/home/elasticadmin/.ansible/tmp/ansible-tmp-1723016852.3606312-1319575-207084496982344/AnsiballZ_elasticsearch_role.py\", line 47, in invoke_module
    runpy.run_module(mod_name='ansible_collections.netways.elasticstack.plugins.modules.elasticsearch_role', init_globals=dict(_module_fqn='ansible_collections.netways.elasticstack.plugins.modules.elasticsearch_role', _modlib_path=modlib_path),
  File \"<frozen runpy>\", line 226, in run_module
  File \"<frozen runpy>\", line 98, in _run_module_code
  File \"<frozen runpy>\", line 88, in _run_code
  File \"/tmp/ansible_netways.elasticstack.elasticsearch_role_payload_nz82s9i1/ansible_netways.elasticstack.elasticsearch_role_payload.zip/ansible_collections/netways/elasticstack/plugins/modules/elasticsearch_role.py\", line 94, in <module>
  File \"/tmp/ansible_netways.elasticstack.elasticsearch_role_payload_nz82s9i1/ansible_netways.elasticstack.elasticsearch_role_payload.zip/ansible_collections/netways/elasticstack/plugins/modules/elasticsearch_role.py\", line 75, in run_module
  File \"/tmp/ansible_netways.elasticstack.elasticsearch_role_payload_nz82s9i1/ansible_netways.elasticstack.elasticsearch_role_payload.zip/ansible_collections/netways/elasticstack/plugins/module_utils/elasticsearch_role.py\", line 21, in __init__
  File \"/tmp/ansible_netways.elasticstack.elasticsearch_role_payload_nz82s9i1/ansible_netways.elasticstack.elasticsearch_role_payload.zip/ansible_collections/netways/elasticstack/plugins/module_utils/elasticsearch_role.py\", line 33, in handle
  File \"/tmp/ansible_netways.elasticstack.elasticsearch_role_payload_nz82s9i1/ansible_netways.elasticstack.elasticsearch_role_payload.zip/ansible_collections/netways/elasticstack/plugins/module_utils/elasticsearch_role.py\", line 51, in handle_present
  File \"/tmp/ansible_netways.elasticstack.elasticsearch_role_payload_nz82s9i1/ansible_netways.elasticstack.elasticsearch_role_payload.zip/ansible_collections/netways/elasticstack/plugins/module_utils/elasticsearch_role.py\", line 74, in get_all
  File \"/usr/lib/python3/dist-packages/elasticsearch/client/utils.py\", line 347, in _wrapped
    return func(*args, params=params, headers=headers, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File \"/usr/lib/python3/dist-packages/elasticsearch/client/security.py\", line 351, in get_role
    return self.transport.perform_request(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File \"/usr/lib/python3/dist-packages/elasticsearch/transport.py\", line 466, in perform_request
    raise e
  File \"/usr/lib/python3/dist-packages/elasticsearch/transport.py\", line 427, in perform_request
    status, headers_response, data = connection.perform_request(\r\n                                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File \"/usr/lib/python3/dist-packages/elasticsearch/connection/http_urllib3.py\", line 291, in perform_request
    self._raise_error(response.status, raw_data)
  File \"/usr/lib/python3/dist-packages/elasticsearch/connection/base.py\", line 328, in _raise_error
    raise HTTP_EXCEPTIONS.get(status_code, TransportError)(
elasticsearch.exceptions.AuthenticationException: AuthenticationException(401, 'security_exception', 'missing authentication credentials for REST request [/_security/role]')
", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

How to recreate the bug?

Did not find a way to reproduce it outside this environment so far.

widhalmt commented 2 months ago

/ref/NC/807593