Closed asusk7m550 closed 4 months ago
I think the following code will work
diff --git a/manifests/config.pp b/manifests/config.pp
index 5f48fb6..1d690fd 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -100,7 +100,15 @@ class elasticsearch::config {
}
# Set the correct xpack. settings based on ES version
- if ($elasticsearch::version != false and versioncmp($elasticsearch::version, '7') >= 0) {
+ if ($elasticsearch::version != false and versioncmp($elasticsearch::version, '7') < 0) {
+ $_tls_config = {
+ 'xpack.security.transport.ssl.enabled' => true,
+ 'xpack.security.http.ssl.enabled' => true,
+ 'xpack.ssl.keystore.path' => $_keystore_path,
+ 'xpack.ssl.keystore.password' => $elasticsearch::keystore_password,
+ }
+ }
+ else {
$_tls_config = {
'xpack.security.http.ssl.enabled' => true,
'xpack.security.http.ssl.keystore.path' => $_keystore_path,
@@ -110,14 +118,6 @@ class elasticsearch::config {
'xpack.security.transport.ssl.keystore.password' => $elasticsearch::keystore_password,
}
}
- else {
- $_tls_config = {
- 'xpack.security.transport.ssl.enabled' => true,
- 'xpack.security.http.ssl.enabled' => true,
- 'xpack.ssl.keystore.path' => $_keystore_path,
- 'xpack.ssl.keystore.password' => $elasticsearch::keystore_password,
- }
- }
# Trust CA Certificate
java_ks { 'elasticsearch_ca':
@@ -181,7 +181,7 @@ class elasticsearch::config {
mode => '0440',
}
- if ($elasticsearch::version != false and versioncmp($elasticsearch::version, '7.7.0') >= 0) {
+ if ($elasticsearch::version == false or versioncmp($elasticsearch::version, '7.7.0') >= 0) {
# https://www.elastic.co/guide/en/elasticsearch/reference/master/advanced-configuration.html#set-jvm-options
# https://github.com/elastic/elasticsearch/pull/51882
# >> "Do not modify the root jvm.options file. Use files in jvm.options.d/ instead."
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
What are you seeing
When not defining a version, the settings are applied for ES < 7, like:
At this moment ES 7 and ES 8 are supported, so please switch the default to ES7+.
What behaviour did you expect instead
Use the defaults for ES7 and higher
Output log
-
Any additional information you'd like to impart
It is somewhat related to #1173, this one was mitigated but i don't think correctly implemented.