Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setting up SSL with this module fails out of the box with keystore-related errors #1012

Open
Zamiell opened this issue Feb 4, 2019 · 2 comments
Open

Setting up SSL with this module fails out of the box with keystore-related errors #1012

Zamiell opened this issue Feb 4, 2019 · 2 comments

Comments

@Zamiell
Copy link

Zamiell commented Feb 4, 2019
edited

  • Module version: elastic-elasticsearch (v6.3.3)
  • Puppet version: 4.10.12
  • OS and version: CentOS Linux release 7.5.1804

Bug description

The module fails to install SSL out of the box.
A minimal example:

include java

class { 'elasticsearch':
  version         => '6.6.0',
  license         => file('license.json'),
  security_plugin => 'x-pack',
}
elasticsearch::instance { $hostname:
  ssl               => true,
  certificate       => 'elasticsearch.crt',
  private_key       => 'elasticsearch.key',
  keystore_password => '123456',
}

Save the above as "test.pp" and run it with puppet apply test.pp. This results in the following error:

Notice: /Stage[main]/Main/Elasticsearch::Instance[es-2-dev]/File[/etc/elasticsearch/es-2-dev/x-pack]/ensure: created
Error: Execution of 'keytool -importcert -noprompt -alias elasticsearch_instance_es-2-dev_keystore_ca -file  -keystore /etc/elasticsearch/es-2-dev/x-pack/es-2-dev.ks -trustcacerts' returned 1: Enter keystore password:  Re-enter new password: keytool error: java.io.FileNotFoundException:  (No such file or directory)
Error: /Stage[main]/Main/Elasticsearch::Instance[es-2-dev]/Java_ks[elasticsearch_instance_es-2-dev_keystore_ca]/ensure: change from absent to latest failed: Execution of 'keytool -importcert -noprompt -alias elasticsearch_instance_es-2-dev_keystore_ca -file  -keystore /etc/elasticsearch/es-2-dev/x-pack/es-2-dev.ks -trustcacerts' returned 1: Enter keystore password:  Re-enter new password: keytool error: java.io.FileNotFoundException:  (No such file or directory)
Notice: /Stage[main]/Main/Elasticsearch::Instance[es-2-dev]/Java_ks[elasticsearch_instance_es-2-dev_keystore_node]/ensure: created

Any tips?
@Zamiell
Copy link
Author

Zamiell commented Feb 4, 2019
edited

More info:
For troubleshooting purposes, I tried upgrading to the latest version of Puppet, 6.2.0.
However, I still get the exact same error, so the Puppet version is unlikely to be related.

@uberjew666
Copy link

I believe the reason for the error is elasticsearch::ca_certificate isn't defined.

The resource you're failing on is:

 java_ks { "elasticsearch_instance_${name}_keystore_ca":
  ensure       => 'latest',
  certificate  => $ca_certificate,
  target       => $_keystore_path,
  password     => $keystore_password,
  trustcacerts => true,
}

$ca_certificate isn't defined in elasticsearch::instance so it fails with No such file or directory

There is a fail resource if keystore password isn't defined but nothing for certificate, ca_certificate or private_key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@uberjew666 @Zamiell