Elasticsearch module exec blocks running every puppet run #296
Comments
|
Hello @Llandros, Thanks for letting us know, we are working hard to make our puppet module completely idempotent and hints like these are really useful. Let me detail bellow the needed changes: Insert line limits wazuh-puppet/manifests/elasticsearch.pp Lines 62 to 67 in 9f7a3fa Verify Elasticsearch folders owner wazuh-puppet/manifests/elasticsearch.pp Lines 69 to 76 in 9f7a3fa As soon as our workflow allows us we will address it. Thanks again for your contribution! Greetings, JP |
In the wazuh::elasticsearch class there are two execs that run every puppet run.
Info: Applying configuration version '1600268992'
Notice: /Stage[main]/Wazuh::Elasticsearch/Exec[Insert line limits]/returns: executed successfully (corrective)
Notice: /Stage[main]/Wazuh::Elasticsearch/Exec[Verify Elasticsearch folders owner]/returns: executed successfully (corrective)
The insert line limit should only happen once.
exec { 'Insert line limits':
path => '/usr/bin:/bin/',
command => "echo 'elasticsearch - nofile 65535\nelasticsearch - memlock unlimited' >> /etc/security/limits.conf",
require => Package[$elasticsearch_package],
}
This causes the limits.conf file to have multiple entries for elasticsearch.
eg:
End of file
elasticsearch - nofile 65535
elasticsearch - memlock unlimited
elasticsearch - nofile 65535
elasticsearch - memlock unlimited
elasticsearch - nofile 65535
elasticsearch - memlock unlimited
elasticsearch - nofile 65535
The chown should only execute if the ownership changes from elasticsearch:elasticsearch
exec { 'Verify Elasticsearch folders owner':
path => '/usr/bin:/bin',
command => "chown elasticsearch:elasticsearch -R /etc/elasticsearch
&& chown elasticsearch:elasticsearch -R /usr/share/elasticsearch
&& chown elasticsearch:elasticsearch -R /var/lib/elasticsearch",
require => Package[$elasticsearch_package],
}
The text was updated successfully, but these errors were encountered: