search

voxpupuli / puppet-elasticsearch

Elasticsearch Puppet module
Apache License 2.0
404 stars 479 forks source link

Use Elasticsearch 7+ as default for configuration #1210

Closed asusk7m550 closed 4 months ago

asusk7m550 commented 5 months ago

Affected Puppet, Ruby, OS and module versions/distributions

How to reproduce (e.g Puppet code you use)

class { 'elasticsearch' :
  ssl                  => true,
  ca_certificate       => '/path/to/ca.pem',
  certificate          => '/path/to/cert.pem',
  private_key          => '/path/to/key.pem',
  keystore_password    => 'keystorepassword',
}

What are you seeing

When not defining a version, the settings are applied for ES < 7, like:

$_tls_config = {
  'xpack.security.transport.ssl.enabled' => true,
  'xpack.security.http.ssl.enabled'      => true,
  'xpack.ssl.keystore.path'              => $_keystore_path,
  'xpack.ssl.keystore.password'          => $elasticsearch::keystore_password,
}

At this moment ES 7 and ES 8 are supported, so please switch the default to ES7+.

What behaviour did you expect instead

Use the defaults for ES7 and higher

Output log

-

Any additional information you'd like to impart

It is somewhat related to #1173, this one was mitigated but i don't think correctly implemented.

asusk7m550 commented 5 months ago

I think the following code will work

diff --git a/manifests/config.pp b/manifests/config.pp
index 5f48fb6..1d690fd 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -100,7 +100,15 @@ class elasticsearch::config {
       }

       # Set the correct xpack. settings based on ES version
-      if ($elasticsearch::version != false and versioncmp($elasticsearch::version, '7') >= 0) {
+      if ($elasticsearch::version != false and versioncmp($elasticsearch::version, '7') < 0) {
+        $_tls_config = {
+          'xpack.security.transport.ssl.enabled' => true,
+          'xpack.security.http.ssl.enabled'      => true,
+          'xpack.ssl.keystore.path'              => $_keystore_path,
+          'xpack.ssl.keystore.password'          => $elasticsearch::keystore_password,
+        }
+      }
+      else {
         $_tls_config = {
           'xpack.security.http.ssl.enabled'                => true,
           'xpack.security.http.ssl.keystore.path'          => $_keystore_path,
@@ -110,14 +118,6 @@ class elasticsearch::config {
           'xpack.security.transport.ssl.keystore.password' => $elasticsearch::keystore_password,
         }
       }
-      else {
-        $_tls_config = {
-          'xpack.security.transport.ssl.enabled' => true,
-          'xpack.security.http.ssl.enabled'      => true,
-          'xpack.ssl.keystore.path'              => $_keystore_path,
-          'xpack.ssl.keystore.password'          => $elasticsearch::keystore_password,
-        }
-      }

       # Trust CA Certificate
       java_ks { 'elasticsearch_ca':
@@ -181,7 +181,7 @@ class elasticsearch::config {
       mode    => '0440',
     }

-    if ($elasticsearch::version != false and versioncmp($elasticsearch::version, '7.7.0') >= 0) {
+    if ($elasticsearch::version == false or versioncmp($elasticsearch::version, '7.7.0') >= 0) {
       # https://www.elastic.co/guide/en/elasticsearch/reference/master/advanced-configuration.html#set-jvm-options
       # https://github.com/elastic/elasticsearch/pull/51882
       # >> "Do not modify the root jvm.options file. Use files in jvm.options.d/ instead."