Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rights on configuration files don't match when installing through this cookbook vs manually #667

Open
karsthammer opened this issue Jun 7, 2018 · 2 comments
Open

Rights on configuration files don't match when installing through this cookbook vs manually #667

karsthammer opened this issue Jun 7, 2018 · 2 comments
Labels
Bug Something isn't working

Comments

@karsthammer
Copy link

When installing Elasticsearch on CentOS manually through the repository as documented here: https://www.elastic.co/guide/en/elasticsearch/reference/6.2/rpm.html all configuration files in /etc/elasticsearch are owned by user root and group elasticsearch.

After installing the x-pack plugin, the file /etc/elasticsearch/elasticsearch.keystore also is owned by root with group elasticsearch.

When I try to setup elasticsearch using cookbook version 4.0.1 with the following snippet:

elasticsearch_user 'elasticsearch'
elasticsearch_install 'elasticsearch' do
  type 'repository'
  version '6.2.4'
  action :install
end
elasticsearch_configure 'elasticsearch'
elasticsearch_plugin 'x-pack'
elasticsearch_service 'elasticsearch'

Starting up elasticsearch fails because the keystore is owned by root/root, while all other configuration files are owned by elasticsearch/elasticsearch.
@msg-q
Copy link

msg-q commented Jun 11, 2018

Also seeing this on Ubuntu

@martinb3
Copy link
Contributor

Hi there -- we'd been operating under the assumptions here: https://www.elastic.co/guide/en/elasticsearch/plugins/2.1/plugin-management.html

If Elasticsearch was installed using the deb or rpm package then run bin/plugin as root so it can write to the appropriate files on disk. Otherwise run bin/plugin as the user that owns all of the Elasticsearch files.

It looks like they've re-written this recently:

If Elasticsearch was installed using the deb or rpm package then run /usr/share/elasticsearch/bin/elasticsearch-plugin as root so it can write to the appropriate files on disk. Otherwise run bin/elasticsearch-plugin as the user that owns all of the Elasticsearch files.

We're definitely choosing the user based on how it was installed -- when installing x-pack manually, can you confirm you're running the installer as root, as the documentation describes above? I'm wondering if the installer doesn't actually set the group on the keystore correctly, and should be.

We'll also need to review the deb and rpm and see what updates they've made to that, to see if that's involved in what's happening. In the mean time, you should be change the permission of that file using Chef, before defining the elasticsearch_service.

@martinb3 martinb3 added the Bug Something isn't working label Aug 20, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@karsthammer @martinb3 @msg-q