Create user if it doesn't exist

[gingerwizard]

Currently the default user "elasticsearch" is used - this is installed by the package manager.
If installed through a manual URL this might not be the case. User may also wish to use another user.
Proposal is to create the user if it doesn't exist.

[electrical]

any rpm/deb package no matter how you install it ( rpm / dpkg / yum / apt ) it will always create the user.
Lets leave it up to the user to create the right user/group stuff.

[jerrac]

When I wrote my own ansible role to install elasticsearch, I eventually had to add configuration to set the elasticsearch users uid and gid. The reason being that mismatched uid/gid's on different nodes resulted in some nodes being unable to read/write snapshots. Since the repo directory was on an nfs mount with an owner/group of the elasticsearch user on the node I initiated the repo from. At I think that's the initial problem I ran into, it's been a while.

I do know forcing all nodes to have the same username and uid/gid's fixed that issue.

So I'd love to be able to force the uid/gid's to be the same.

Of course, I haven't checked to see if the owner/group issue still occurs with elasticsearch 2.x. I suppose I'm posting this a bit early... :\

[gingerwizard]

I'd like to get @electrical view on this. Easily added but its whether this is the appropriate place or whether it should be supported elsewhere.

[jakommo]

I think that's only a problem when using NFS. S3 shouldn't have a problem with different ID's.

[jerrac]

Yes, S3 would not have issues with id's. But we're not using it for this.

[gingerwizard]

I can manually reproduce @jerrac issue. Its hard for us to automate and test for this in the kitchen tests as we currently don't form clusters across docker images.

The alternative is to ask users to create users using a separate ansible role and simply specify the es_user and es_group. These will be used for the service.

[jerrac]

If I remember correctly, the package manager should use the existing user if one exists, right? So if I create a "elasticsearch" user before installing elasticsearch, the package manager would use the user I created.

So, could we add a couple optional tasks to the role? If es_custom_user_id is True, then create a user and a group named "elasticsearch" with the user and group ids in the es_custom_user_uid and es_custom_user_gid variables. After that, run the installation tasks.

Does that make sense?

[jerrac]

So, what I described does seem to work just fine. See https://github.com/LaneCommunityCollege/ansible-elasticsearch/commit/de82918584edd5159643b43c1dff07cc4e5d63ca

Is that enough for a pull request? Or is there something else I need to do?

[gingerwizard]

Hi
If we specify the creation of user_id it seems we should just support creation of a user as well. If the user specifies a user "elasticsearch" and provides an id, it would simply overwrite the id.
@electrical Would you be prepared to reconsider user management given the issues it proposes if ids are not identical per node.

[electrical]

Can support it yeah. es_user, es_uid, es_gid would make sense i think.

[gingerwizard]

@jerrac will you make a pull request here? If not, i'll work on this and try to get it to the next release.