Upload pem ssl certs from executing node to target node(s) . Currently if I create an es cluster on remote nodes executing the ansible an automation node, the pem encoded certificates do not get copied to the target node.
If i copy the certs to /etc/elasticsearch/certs/ before using the role. Since The elasticsearch user does not exist I get this
TASK [elastic.elasticsearch : Create Configuration Directory] ******************
Warning: : failed to look up group elasticsearch. Create group up to this point
fatal: [master-0]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0700", "msg": "chgrp failed: failed to look up group elasticsearch", "owner": "root", "path": "/etc/elasticsearch", "size": 4096, "state": "directory", "uid": 0}
Thursday 25 November 2021 18:***8:***2 +0000 (0:00:05.182) 0:04:00.***9 ***** ```
If i do not copy them to /etc/elasticsearch/certs then the certificate and key have to world readable when copying for elastic search to use them, which will ofcourse fail due to private key being world readable.
The request is to add an option to upload the pem certs from local to remote at correct time given local file path.
Elasticsearch version 7.15.1
Role version: v7.15.1
JVM version (java -version):
OS version (uname -a if on a Unix-like system):Linux master-0 5.10.0-9-cloud-amd64 #1 SMP Debian 5.10.70-1 (2021-09-30) x86_64 GNU/Linux
Describe the feature:
Upload pem ssl certs from executing node to target node(s) . Currently if I create an es cluster on remote nodes executing the ansible an automation node, the pem encoded certificates do not get copied to the target node.
The request is to add an option to upload the pem certs from local to remote at correct time given local file path.
Elasticsearch version 7.15.1
Role version: v7.15.1
JVM version (
java -version):OS version (
uname -aif on a Unix-like system):Linux master-0 5.10.0-9-cloud-amd64 #1 SMP Debian 5.10.70-1 (2021-09-30) x86_64 GNU/Linux