search

opensearch-project / ansible-playbook

🤖 A community repository for Ansible Playbook of OpenSearch Project.
https://opensearch.org/
Apache License 2.0
86 stars 96 forks source link

Become: false for operation /tmp/opensearch-nodecerts #51

Closed patsevanton closed 2 years ago

patsevanton commented 2 years ago

Signed-off-by: Anton Patsev patsev.anton@gmail.com

Description

Become: false for operation /tmp/opensearch-nodecerts

Issues Resolved

Fix https://github.com/opensearch-project/ansible-playbook/issues/45

Check List

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.

saravanan30erd commented 2 years ago

@patsevanton There is one more local_action which we missed. https://github.com/opensearch-project/ansible-playbook/blob/main/roles/linux/opensearch/tasks/security.yml#L151 Please add become: false for that task too. Otherwise we will face the below error,

TASK [linux/opensearch : Security Plugin configuration | Cleanup local temporary directory] **********************************************************************
fatal: [os1 -> localhost]: FAILED! => {"changed": false, "module_stderr": "sudo: a password is required\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

Additionally please add how to run the playbook using non-root in README.

For running with non-root user (which have sudo privileges), we need to to below changes In hosts file, change the user details

os1 ansible_host=10.0.0.1  ansible_user=ec2-user ip=10.0.0.1

and run the playbook using --become

ansible-playbook -i inventories/opensearch/hosts opensearch.yml --extra-vars "admin_password=Test@123 kibanaserver_password=Test@6789" --become

Please add this details in README (Don't forget to sign the commit :)- ) @patsevanton

@peterzhuamazon I tested with both users using single-node cluster type, root user and non-root ec2-user user with sudo privileges after fixing the issue here and it works fine.

Please test it with multi-node after that fix, then this PR is good to merge.

patsevanton commented 2 years ago

Added become: false to Cleanup local temporary directory Added ansible_user as user Added --become for run playbook

Cannot test multi-node because https://github.com/opensearch-project/ansible-playbook/issues/49

peterzhuamazon commented 2 years ago

@saravanan30erd could you approve? Thanks.

saravanan30erd commented 2 years ago

@saravanan30erd could you approve? Thanks.

Will do. I need to test it with multi-node setup.

peterzhuamazon commented 2 years ago

@saravanan30erd could you approve? Thanks.

Will do. I need to test it with multi-node setup.

Hi @saravanan30erd let me know the status of this. Thanks.

saravanan30erd commented 2 years ago

@peterzhuamazon I tested for multiple node setup with non-root user (ec2-user in EC2), it works fine. Already tested with root user and with non-root user for single-node setup here

We can merge this now.

Logs % ansible-playbook -i inventories/opensearch/hosts opensearch.yml --extra-vars "admin_password=Test@123 kibanaserver_password=Test@6789" --become [WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details [DEPRECATION WARNING]: "include" is deprecated, use include_tasks/import_tasks instead. This feature will be removed in version 2.16. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. PLAY [opensearch installation & configuration] ***************************************************************************************************** TASK [Gathering Facts] ***************************************************************************************************************************** [WARNING]: Platform linux on host os1 is using the discovered Python interpreter at /usr/bin/python3.7, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.12/reference_appendices/interpreter_discovery.html for more information. ok: [os1] [WARNING]: Platform linux on host os2 is using the discovered Python interpreter at /usr/bin/python3.7, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.12/reference_appendices/interpreter_discovery.html for more information. ok: [os2] [WARNING]: Platform linux on host os5 is using the discovered Python interpreter at /usr/bin/python3.7, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.12/reference_appendices/interpreter_discovery.html for more information. ok: [os5] [WARNING]: Platform linux on host os4 is using the discovered Python interpreter at /usr/bin/python3.7, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.12/reference_appendices/interpreter_discovery.html for more information. ok: [os4] [WARNING]: Platform linux on host os3 is using the discovered Python interpreter at /usr/bin/python3.7, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible-core/2.12/reference_appendices/interpreter_discovery.html for more information. ok: [os3] TASK [linux/opensearch : hostname] ***************************************************************************************************************** changed: [os1] changed: [os4] changed: [os5] changed: [os2] changed: [os3] TASK [linux/opensearch : Disable the selinux] ****************************************************************************************************** skipping: [os1] skipping: [os2] skipping: [os3] skipping: [os4] skipping: [os5] TASK [linux/opensearch : Hosts | populate inventory into hosts file] ******************************************************************************* changed: [os2] changed: [os5] changed: [os1] changed: [os4] changed: [os3] TASK [linux/opensearch : Set vm.max_map_count in sysctl.conf] ************************************************************************************** changed: [os4] changed: [os2] changed: [os3] changed: [os5] changed: [os1] TASK [linux/opensearch : Set open files limit in sysctl.conf] ************************************************************************************** changed: [os1] changed: [os3] changed: [os4] changed: [os5] changed: [os2] TASK [linux/opensearch : OpenSearch Install | Download opensearch 1.3.1] *************************************************************************** changed: [os1] changed: [os2] changed: [os3] changed: [os4] changed: [os5] TASK [linux/opensearch : OpenSearch Install | Create opensearch user] ****************************************************************************** changed: [os2] changed: [os3] changed: [os1] changed: [os5] changed: [os4] TASK [linux/opensearch : OpenSearch Install | Create home directory] ******************************************************************************* changed: [os4] changed: [os3] changed: [os2] changed: [os1] changed: [os5] TASK [linux/opensearch : OpenSearch Install | Extract the tar file] ******************************************************************************** changed: [os2] changed: [os3] changed: [os4] changed: [os5] changed: [os1] TASK [linux/opensearch : OpenSearch Install | Copy Configuration File] ***************************************************************************** changed: [os1] changed: [os2] changed: [os3] changed: [os4] changed: [os5] TASK [linux/opensearch : OpenSearch Install | Copy jvm.options File for Instance] ****************************************************************** changed: [os5] changed: [os3] changed: [os4] changed: [os2] changed: [os1] TASK [linux/opensearch : OpenSearch Install | create systemd service] ****************************************************************************** changed: [os2] changed: [os1] changed: [os3] changed: [os5] changed: [os4] TASK [linux/opensearch : Security Plugin configuration | Create local temporary directory for certificates generation] ***************************** changed: [os1 -> localhost] TASK [linux/opensearch : Security Plugin configuration | Download certificates generation tool] **************************************************** changed: [os1 -> localhost] TASK [linux/opensearch : Security Plugin configuration | Extract the certificates generation tool] ************************************************* changed: [os1 -> localhost] TASK [linux/opensearch : Security Plugin configuration | Make the executable file] ***************************************************************** ok: [os1 -> localhost] TASK [linux/opensearch : Security Plugin configuration | Prepare the certificates generation template file] **************************************** changed: [os1 -> localhost] TASK [linux/opensearch : Security Plugin configuration | Generate the node & admin certificates in local] ****************************************** changed: [os1 -> localhost] TASK [linux/opensearch : Security Plugin configuration | Copy the node & admin certificates to opensearch nodes] *********************************** changed: [os3] => (item=root-ca.pem) changed: [os2] => (item=root-ca.pem) changed: [os1] => (item=root-ca.pem) changed: [os5] => (item=root-ca.pem) changed: [os4] => (item=root-ca.pem) changed: [os3] => (item=root-ca.key) changed: [os2] => (item=root-ca.key) changed: [os4] => (item=root-ca.key) changed: [os5] => (item=root-ca.key) changed: [os1] => (item=root-ca.key) changed: [os3] => (item=os3.key) changed: [os2] => (item=os2.key) changed: [os4] => (item=os4.key) changed: [os5] => (item=os5.key) changed: [os1] => (item=os1.key) changed: [os3] => (item=os3.pem) changed: [os2] => (item=os2.pem) changed: [os4] => (item=os4.pem) changed: [os1] => (item=os1.pem) changed: [os5] => (item=os5.pem) changed: [os3] => (item=os3_http.key) changed: [os2] => (item=os2_http.key) changed: [os4] => (item=os4_http.key) changed: [os1] => (item=os1_http.key) changed: [os5] => (item=os5_http.key) changed: [os3] => (item=os3_http.pem) changed: [os2] => (item=os2_http.pem) changed: [os4] => (item=os4_http.pem) changed: [os1] => (item=os1_http.pem) changed: [os5] => (item=os5_http.pem) changed: [os3] => (item=admin.key) changed: [os2] => (item=admin.key) changed: [os4] => (item=admin.key) changed: [os1] => (item=admin.key) changed: [os5] => (item=admin.key) changed: [os3] => (item=admin.pem) changed: [os2] => (item=admin.pem) changed: [os4] => (item=admin.pem) changed: [os1] => (item=admin.pem) changed: [os5] => (item=admin.pem) TASK [linux/opensearch : Security Plugin configuration | Copy the security configuration file 1 to cluster] **************************************** changed: [os1] changed: [os2] changed: [os5] changed: [os4] changed: [os3] TASK [linux/opensearch : Security Plugin configuration | Copy the security configuration file 2 to cluster] **************************************** changed: [os1] changed: [os3] changed: [os4] changed: [os2] changed: [os5] TASK [linux/opensearch : Security Plugin configuration | Prepare the opensearch security configuration file] *************************************** changed: [os2] changed: [os1] changed: [os5] changed: [os3] changed: [os4] TASK [linux/opensearch : Security Plugin configuration | Set the file ownerships] ****************************************************************** changed: [os2] changed: [os1] changed: [os3] changed: [os4] changed: [os5] TASK [linux/opensearch : Security Plugin configuration | Set the folder permission] **************************************************************** changed: [os1] changed: [os2] changed: [os3] changed: [os5] changed: [os4] TASK [linux/opensearch : Security Plugin configuration | Restart opensearch with security configuration] ******************************************* changed: [os1] changed: [os2] changed: [os4] changed: [os3] changed: [os5] TASK [linux/opensearch : Pause for 3 seconds to provide sometime for OpenSearch start] ************************************************************* Pausing for 3 seconds (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) ok: [os1] TASK [linux/opensearch : Security Plugin configuration | Copy the opensearch security internal users template] ************************************* changed: [os1] TASK [linux/opensearch : Security Plugin configuration | Set the Admin user password] ************************************************************** changed: [os1] TASK [linux/opensearch : Security Plugin configuration | Set the kibanaserver user pasword] ******************************************************** changed: [os1] TASK [linux/opensearch : Security Plugin configuration | Initialize the opensearch security index in opensearch] *********************************** changed: [os1] TASK [linux/opensearch : Security Plugin configuration | Cleanup local temporary directory] ******************************************************** changed: [os1 -> localhost] TASK [linux/opensearch : Remove `cluster.initial_master_nodes` setting from configuration] ********************************************************* changed: [os1] changed: [os3] changed: [os4] changed: [os5] changed: [os2] TASK [linux/opensearch : Make sure opensearch is started] ****************************************************************************************** ok: [os5] ok: [os4] ok: [os3] ok: [os1] ok: [os2] TASK [linux/opensearch : Get all the installed ES plugins] ***************************************************************************************** changed: [os1] changed: [os5] changed: [os3] changed: [os4] changed: [os2] TASK [linux/opensearch : Show all the installed ES plugins] **************************************************************************************** ok: [os1] => { "msg": "opensearch-alerting\nopensearch-anomaly-detection\nopensearch-asynchronous-search\nopensearch-cross-cluster-replication\nopensearch-index-management\nopensearch-job-scheduler\nopensearch-knn\nopensearch-ml\nopensearch-observability\nopensearch-performance-analyzer\nopensearch-reports-scheduler\nopensearch-security\nopensearch-sql" } ok: [os2] => { "msg": "opensearch-alerting\nopensearch-anomaly-detection\nopensearch-asynchronous-search\nopensearch-cross-cluster-replication\nopensearch-index-management\nopensearch-job-scheduler\nopensearch-knn\nopensearch-ml\nopensearch-observability\nopensearch-performance-analyzer\nopensearch-reports-scheduler\nopensearch-security\nopensearch-sql" } ok: [os3] => { "msg": "opensearch-alerting\nopensearch-anomaly-detection\nopensearch-asynchronous-search\nopensearch-cross-cluster-replication\nopensearch-index-management\nopensearch-job-scheduler\nopensearch-knn\nopensearch-ml\nopensearch-observability\nopensearch-performance-analyzer\nopensearch-reports-scheduler\nopensearch-security\nopensearch-sql" } ok: [os4] => { "msg": "opensearch-alerting\nopensearch-anomaly-detection\nopensearch-asynchronous-search\nopensearch-cross-cluster-replication\nopensearch-index-management\nopensearch-job-scheduler\nopensearch-knn\nopensearch-ml\nopensearch-observability\nopensearch-performance-analyzer\nopensearch-reports-scheduler\nopensearch-security\nopensearch-sql" } ok: [os5] => { "msg": "opensearch-alerting\nopensearch-anomaly-detection\nopensearch-asynchronous-search\nopensearch-cross-cluster-replication\nopensearch-index-management\nopensearch-job-scheduler\nopensearch-knn\nopensearch-ml\nopensearch-observability\nopensearch-performance-analyzer\nopensearch-reports-scheduler\nopensearch-security\nopensearch-sql" } TASK [linux/opensearch : Wait for opensearch to startup] ******************************************************************************************* ok: [os1] ok: [os3] ok: [os5] ok: [os4] ok: [os2] TASK [linux/opensearch : Check the opensearch status] ********************************************************************************************** changed: [os1] changed: [os4] changed: [os3] changed: [os5] changed: [os2] TASK [linux/opensearch : Show the opensearch status] *********************************************************************************************** ok: [os1] => { "msg": { "active_primary_shards": 2, "active_shards": 7, "active_shards_percent_as_number": 100.0, "cluster_name": "development-cluster", "delayed_unassigned_shards": 0, "discovered_master": true, "initializing_shards": 0, "number_of_data_nodes": 5, "number_of_in_flight_fetch": 0, "number_of_nodes": 5, "number_of_pending_tasks": 0, "relocating_shards": 0, "status": "green", "task_max_waiting_in_queue_millis": 0, "timed_out": false, "unassigned_shards": 0 } } ok: [os2] => { "msg": { "active_primary_shards": 2, "active_shards": 7, "active_shards_percent_as_number": 100.0, "cluster_name": "development-cluster", "delayed_unassigned_shards": 0, "discovered_master": true, "initializing_shards": 0, "number_of_data_nodes": 5, "number_of_in_flight_fetch": 0, "number_of_nodes": 5, "number_of_pending_tasks": 0, "relocating_shards": 0, "status": "green", "task_max_waiting_in_queue_millis": 0, "timed_out": false, "unassigned_shards": 0 } } ok: [os3] => { "msg": { "active_primary_shards": 2, "active_shards": 7, "active_shards_percent_as_number": 100.0, "cluster_name": "development-cluster", "delayed_unassigned_shards": 0, "discovered_master": true, "initializing_shards": 0, "number_of_data_nodes": 5, "number_of_in_flight_fetch": 0, "number_of_nodes": 5, "number_of_pending_tasks": 0, "relocating_shards": 0, "status": "green", "task_max_waiting_in_queue_millis": 0, "timed_out": false, "unassigned_shards": 0 } } ok: [os4] => { "msg": { "active_primary_shards": 2, "active_shards": 7, "active_shards_percent_as_number": 100.0, "cluster_name": "development-cluster", "delayed_unassigned_shards": 0, "discovered_master": true, "initializing_shards": 0, "number_of_data_nodes": 5, "number_of_in_flight_fetch": 0, "number_of_nodes": 5, "number_of_pending_tasks": 0, "relocating_shards": 0, "status": "green", "task_max_waiting_in_queue_millis": 0, "timed_out": false, "unassigned_shards": 0 } } ok: [os5] => { "msg": { "active_primary_shards": 2, "active_shards": 7, "active_shards_percent_as_number": 100.0, "cluster_name": "development-cluster", "delayed_unassigned_shards": 0, "discovered_master": true, "initializing_shards": 0, "number_of_data_nodes": 5, "number_of_in_flight_fetch": 0, "number_of_nodes": 5, "number_of_pending_tasks": 0, "relocating_shards": 0, "status": "green", "task_max_waiting_in_queue_millis": 0, "timed_out": false, "unassigned_shards": 0 } } TASK [linux/opensearch : Verify the roles of opensearch cluster nodes] ***************************************************************************** changed: [os1] TASK [linux/opensearch : Show the roles of opensearch cluster nodes] ******************************************************************************* ok: [os1] => { "msg": "ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name\n10.0.0.55 8 95 11 0.23 0.15 0.05 di - os4\n10.0.0.209 7 96 11 0.17 0.15 0.06 di - os5\n10.0.0.193 10 91 18 0.18 0.18 0.08 dm - os1\n10.0.0.229 7 95 11 0.27 0.22 0.09 dm - os3\n10.0.0.220 8 97 19 0.47 0.22 0.09 dm * os2" } PLAY [opensearch dashboards installation & configuration] ****************************************************************************************** TASK [Gathering Facts] ***************************************************************************************************************************** [WARNING]: Platform linux on host dashboards1 is using the discovered Python interpreter at /usr/bin/python3.7, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible- core/2.12/reference_appendices/interpreter_discovery.html for more information. ok: [dashboards1] TASK [linux/dashboards : hostname] ***************************************************************************************************************** changed: [dashboards1] TASK [linux/dashboards : Disable the selinux] ****************************************************************************************************** skipping: [dashboards1] TASK [linux/dashboards : Hosts | populate inventory into hosts file] ******************************************************************************* changed: [dashboards1] TASK [linux/dashboards : Set open files limit in sysctl.conf] ************************************************************************************** changed: [dashboards1] TASK [linux/dashboards : Dashboards Install | Download opensearch dashbaord 1.3.1] ***************************************************************** changed: [dashboards1] TASK [linux/dashboards : Dashboards Install | Create opensearch user] ****************************************************************************** changed: [dashboards1] TASK [linux/dashboards : Dashboards Install | Create home directory] ******************************************************************************* changed: [dashboards1] TASK [linux/dashboards : Dashboards Install | Extract the tar file] ******************************************************************************** changed: [dashboards1] TASK [linux/dashboards : Dashboards Install | Copy Configuration File] ***************************************************************************** changed: [dashboards1] TASK [linux/dashboards : Dashboards Install | create systemd service] ****************************************************************************** changed: [dashboards1] TASK [linux/dashboards : Make sure opensearch dashboards is started] ******************************************************************************* changed: [dashboards1] TASK [linux/dashboards : Get all the installed dashboards plugins] ********************************************************************************* changed: [dashboards1] TASK [linux/dashboards : Show all the installed dashboards plugins] ******************************************************************************** ok: [dashboards1] => { "msg": "alertingDashboards@1.3.1.0\nanomalyDetectionDashboards@1.3.1.0\nganttChartDashboards@1.3.1.0\nindexManagementDashboards@1.3.1.0\nobservabilityDashboards@1.3.1.0\nqueryWorkbenchDashboards@1.3.1.0\nreportsDashboards@1.3.1.0\nsecurityDashboards@1.3.1.0" } PLAY RECAP ***************************************************************************************************************************************** dashboards1 : ok=13 changed=11 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 os1 : ok=40 changed=32 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 os2 : ok=26 changed=21 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 os3 : ok=26 changed=21 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 os4 : ok=26 changed=21 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 os5 : ok=26 changed=21 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
peterzhuamazon commented 2 years ago

@saravanan30erd

You can approve now as you are maintainer 😄

patsevanton commented 2 years ago

I created new commit: Add examples hosts for centos and ubuntu

peterzhuamazon commented 2 years ago

Thanks @patsevanton for the patience your PR is merged now.