Play does not fail when working with security and es_api_basic_auth_username and es_api_basic_auth_password are not provided
redgryphon opened this issue · 8 comments
Elasticsearch version 7.10.1
Role version: 7.10.1
JVM version (java -version
): openjdk version "15.0.1" 2020-10-20
OS version (uname -a
if on a Unix-like system): CentOS 8 Linux elk.example.com 4.18.0-240.1.1.el8_3.x86_64 #1 SMP Thu Nov 19 17:20:08 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Description of the problem including expected versus actual behaviour:
When specifying certificates for enabling HTTPS on Elasticsearch but not specifying any credentials the play should fail right away. It instead continues.
The expected behaviour is as exposed in the comment of the check (Check if working with security we have an es_api_basic_auth_username and es_api_basic_auth_username - otherwise any http calls wont work
) and should result in the following log:
TASK [elastic.elasticsearch : fail when api credentials are not declared when using security] ***
fatal: [192.168.128.87]: FAILED! => {"changed": false, "msg": "Enabling security requires an es_api_basic_auth_username and es_api_basic_auth_password to be provided to allow cluster operations"}
The certificates specified in the playbook exists on the ansible machine and are correctly uploaded on the system (because the play does not fail before).
Playbook:
Please specify the full playbook used to reproduce this issue.
- name: Configure Elasticsearch
hosts: 192.168.128.87
roles:
- role: elastic.elasticsearch
vars:
es_config:
node.name: "node1"
cluster.name: "cluster"
network.host: 192.168.128.87
discovery.seed_hosts: [ 192.168.128.87 ]
cluster.initial_master_nodes: [ 192.168.128.87 ]
es_enable_http_ssl: true
es_enable_transport_ssl: true
es_ssl_certificate_authority: "files/ca/ca.crt"
es_ssl_certificate: "files/elasticsearch/elasticsearch.crt"
es_ssl_key: "files/elasticsearch/elasticsearch.key"
Provide logs from Ansible: extracted just the relevant part from the ansible play
TASK [elastic.elasticsearch : fail when api credentials are not declared when using security] ***
skipping: [192.168.128.87]
ES Logs if relevant: none
I experienced that changing the when clause of the check from
when:
- not oss_version
- es_api_basic_auth_username is defined
- es_api_basic_auth_password is not defined
to
when:
- not oss_version
- es_api_basic_auth_username is not defined or es_api_basic_auth_password is not defined
would make the check as I intended it should work but maybe there is something more I'm missing.
Hi @redgryphon,
Thanks for opening this issue.
Unfortunately we currently don't have time to investigate every tickets so please be patient.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically closed because it has not had recent activity since being marked as stale.
still valid
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
still valid
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically closed because it has not had recent activity since being marked as stale.