search

elastic / ansible-elasticsearch

Ansible playbook for Elasticsearch
Other
1.59k stars 857 forks source link

es_custom_package_url for internal network #804

Closed martinliu closed 2 years ago

martinliu commented 3 years ago

Hi Team,

I am trying to install the yum package hosting on my internal network, it is a pretty normal environment; let's say some customers have no Internet for a dev testing environment. A http web server will be hosting rpm or apt packages for them for building Elasticsearch clusters.

My Ansible is on MacOS, Ansible version is 2.10.8

I am using the following playbook.

- name: Single master elasticsearch cluster
  hosts: icaes
  roles:
    - role: elastic.elasticsearch
  vars:
    es_version: 7.13.1
    es_use_repository: false
    es_custom_package_url: "http://192.168.100.190/elasticsearch-7.13.1-x86_64.rpm"
    es_data_dirs:
      - "/opt/elasticsearch/data"
    es_log_dir: "/opt/elasticsearch/logs"
    es_config:
      node.name: "node1"
      cluster.name: "single-node"
      discovery.seed_hosts: "localhost:9301"
      http.port: 9201
      http.host: 0.0.0.0
      transport.port: 9301
      node.data: true
      node.master: true
      bootstrap.memory_lock: true
    es_heap_size: 4g
    es_api_port: 9201

I am trying building a stand-along elasticsearch node. I got the following error.

TASK [elastic.elasticsearch : set_fact] *********************************************
ok: [192.168.100.197]

TASK [elastic.elasticsearch : RedHat - Install Elasticsearch from url] **************
fatal: [192.168.100.197]: FAILED! => {"changed": false, "msg": "Failed to validate GPG signature for elasticsearch-7.13.1-1.x86_64"}

PLAY RECAP **************************************************************************
192.168.100.197            : ok=12   changed=0    unreachable=0    failed=1    skipped=58   rescued=0    ignored=0

It stopped Ansbile playbook for running forward.

I made a quick fix on /Users/martin/.ansible/roles/elastic.elasticsearch/tasks/elasticsearch-RedHat.yml

Added disable_gpg_check: yes into above file.

Then run ansible-playbook again, it succeed with no more error.

I reviewed both source file elasticsearch-Debian.yml and elasticsearch-RedHat.yml; it seems have same problem.

I'd like to feedback and happy to raise this pr here.

Cheers, Martin Liu Elastic Developer Advocate China

brad-x commented 3 years ago

I suggest the following change to the PR:

  validate_certs: "{{ 'false' if disable_gpg_check | bool else 'true' }}"

for both apt and RPM so that GPG checking can still be performed and will respect the global disable_gpg_check value

brad-x commented 3 years ago

I suggest the following change to the PR:

  validate_certs: "{{ 'false' if disable_gpg_check | bool else 'true' }}"

for both apt and RPM so that GPG checking can still be performed and will respect the global disable_gpg_check value

@martinliu I'm not able to fork your fork as I've already done so, but a patch is attached to demonstrate what I'm driving at

patch.txt

botelastic[bot] commented 2 years ago

This PR has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. To track this PR (even if closed), please open a corresponding issue if one does not already exist.

botelastic[bot] commented 2 years ago

This PR has been automatically closed because it has not had recent activity since being marked as stale. Please reopen when work resumes.