search

opensearch-project / ansible-playbook

🤖 A community repository for Ansible Playbook of OpenSearch Project.
https://opensearch.org/
Apache License 2.0
81 stars 97 forks source link

[BUG][Security Plugin Configuration] #80

Closed rodolfovillordo closed 1 year ago

rodolfovillordo commented 2 years ago

Describe the bug

The Playbook execution fails at the task Security Plugin configuration | Copy the opensearch security internal users template execution on a single-node deployment. Tested on an EC2 Ubuntu instance.

To Reproduce Steps to reproduce the behavior:

  1. checkout the latest version from this repository
  2. Change the cluster_type variable to single-node unnecessary step ref: https://github.com/opensearch-project/ansible-playbook/pull/81#issuecomment-1190240510
  3. configure the inventory hosts as below
aos ansible_host=<public_ip> ansible_user=ubuntu ip=<private_ip> roles=data,master

dashboards1 ansible_host=<2nd_instance_public_ip> ansible_user=ubuntu ip=<second_instance_private_ip>

# List all the nodes in the os cluster
[os-cluster]
aos

# List all the Master eligible nodes under this group
[master]
aos

[dashboards]
dashboards1
  1. See error 
    TASK [linux/opensearch : Security Plugin configuration | Copy the opensearch security internal users template] *******************************************************************************
fatal: [aos]: FAILED! => {"changed": false, "checksum": "17c615cd8e9089aedb31891e7aedd1ff8fa32318", "msg": "Destination directory /usr/share/opensearch/plugins/opensearch-security/securityconfig does not exist"}

Expected behavior Finish the deployment without errors.

Playbook Name Specify the Playbook which is affected? roles/linux/opensearch/tasks/security.yml

Screenshots N/A

Host/Environment (please complete the following information):

Additional context The task Security Plugin configuration | Copy the opensearch security internal users template execution assumes that the {{ os_sec_plugin_conf_path }} already exists when copying the internal_users template. However, the template module does not create parent directories.

rodolfovillordo commented 2 years ago

PR for the fix: https://github.com/opensearch-project/ansible-playbook/pull/81

minhthong582000 commented 2 years ago

@rodolfovillordo. Starting from version 2.x.x, the opensearch-security configuration files are moved to /usr/share/opensearch/config/opensearch-security. So if we specify the os_sec_plugin_conf_path like this, everything works fine:

os_sec_plugin_conf_path: /usr/share/opensearch/config/opensearch-security

Already tested on my local machines.

Related MR: https://github.com/opensearch-project/security/pull/1749

peterzhuamazon commented 1 year ago

@rodolfovillordo. Starting from version 2.x.x, the opensearch-security configuration files are moved to /usr/share/opensearch/config/opensearch-security. So if we specify the os_sec_plugin_conf_path like this, everything works fine:

os_sec_plugin_conf_path: /usr/share/opensearch/config/opensearch-security

Already tested on my local machines.

Related MR: opensearch-project/security#1749

The path in 2.x is moved to opensearchroot/config/opensearch-security not in plugins/opensearch-security/securityconfig anymore.

https://github.com/opensearch-project/opensearch-plugins/issues/127