You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for letting us know, we are working hard to make our puppet module completely idempotent and hints like these are really useful. Let me detail bellow the needed changes:
Insert line limits
The current insert line limit (exec - command) resource could be replaced with a file_line this resource should be enough to guarantee that the lines won't be written again if they already exist.
In the wazuh::elasticsearch class there are two execs that run every puppet run.
Info: Applying configuration version '1600268992'
Notice: /Stage[main]/Wazuh::Elasticsearch/Exec[Insert line limits]/returns: executed successfully (corrective)
Notice: /Stage[main]/Wazuh::Elasticsearch/Exec[Verify Elasticsearch folders owner]/returns: executed successfully (corrective)
The insert line limit should only happen once.
exec { 'Insert line limits':
path => '/usr/bin:/bin/',
command => "echo 'elasticsearch - nofile 65535\nelasticsearch - memlock unlimited' >> /etc/security/limits.conf",
require => Package[$elasticsearch_package],
}
This causes the limits.conf file to have multiple entries for elasticsearch.
eg:
End of file
elasticsearch - nofile 65535
elasticsearch - memlock unlimited
elasticsearch - nofile 65535
elasticsearch - memlock unlimited
elasticsearch - nofile 65535
elasticsearch - memlock unlimited
elasticsearch - nofile 65535
The chown should only execute if the ownership changes from elasticsearch:elasticsearch
exec { 'Verify Elasticsearch folders owner':
path => '/usr/bin:/bin',
command => "chown elasticsearch:elasticsearch -R /etc/elasticsearch
&& chown elasticsearch:elasticsearch -R /usr/share/elasticsearch
&& chown elasticsearch:elasticsearch -R /var/lib/elasticsearch",
require => Package[$elasticsearch_package],
}
The text was updated successfully, but these errors were encountered: