Become: false for operation /tmp/opensearch-nodecerts for fix #45

[patsevanton]

Signed-off-by: Anton Patsev patsev.anton@gmail.com

Description

Become: false for operation /tmp/opensearch-nodecerts

Issues Resolved

Fix #45

Check List

• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Anton Patsev patsev.anton@gmail.com

[patsevanton]

TASK [linux/opensearch : Security Plugin configuration | Create local temporary directory for certificates generation] *****************************************************************
Monday 04 April 2022  22:19:41 +0600 (0:00:01.583)       0:00:13.344 **********
ok: [master0 -> localhost]

TASK [linux/opensearch : Security Plugin configuration | Download certificates generation tool] ****************************************************************************************
Monday 04 April 2022  22:19:41 +0600 (0:00:00.204)       0:00:13.548 **********
skipping: [master0]

TASK [linux/opensearch : Security Plugin configuration | Extract the certificates generation tool] *************************************************************************************
Monday 04 April 2022  22:19:41 +0600 (0:00:00.013)       0:00:13.562 **********
skipping: [master0]

TASK [linux/opensearch : Security Plugin configuration | Make the executable file] *****************************************************************************************************
Monday 04 April 2022  22:19:41 +0600 (0:00:00.014)       0:00:13.576 **********
skipping: [master0]

TASK [linux/opensearch : Security Plugin configuration | Prepare the certificates generation template file] ****************************************************************************
Monday 04 April 2022  22:19:41 +0600 (0:00:00.014)       0:00:13.591 **********
skipping: [master0]

TASK [linux/opensearch : Security Plugin configuration | Generate the node & admin certificates in local] ******************************************************************************
Monday 04 April 2022  22:19:41 +0600 (0:00:00.014)       0:00:13.605 **********
skipping: [master0]

[peterzhuamazon]

Hi @patsevanton could you explain what you changes are doing here?

Also, @saravanan30erd please review this one.

Thanks.

[peterzhuamazon]

@patsevanton you need to sign DCO as well.
Thanks.

[patsevanton]

My change can run

• Create local temporary directory for certificates generation
• Download certificates generation tool
• Extract the certificates generation tool
  from non-root user

I created PR from Github UI and added
Signed-off-by: Anton Patsev patsev.anton@gmail.com
but DCO failed.
How add Signed-off-by in Github UI?

[peterzhuamazon]

My change can run

* Create local temporary directory for certificates generation

* Download certificates generation tool

* Extract the certificates generation tool
  from non-root user

I created PR from Github UI and added Signed-off-by: Anton Patsev patsev.anton@gmail.com but DCO failed. How add Signed-off-by in Github UI?

Hi, @patsevanton are you trying to use non-root users for those actions?
I thought become is default to root already?

Also, I have no idea about the UI tho.
In console/terminal is just a -s after all.

As of now because you already have a commit, you need to rebase and sign again.
Sending new commit wont pass the check because it is checking every existing commit on the branch.

@saravanan30erd @prudhvigodithi please take a look when you have time.
Thanks.

[saravanan30erd]

@peterzhuamazon

are you trying to use non-root users for those actions?
I thought become is default to root already?

Yes, when we run the playbook using user root it's same as running with become.
@patsevanton is trying to run the playbook with non-root user which having sudo privileges so he need to use --become or -b in command. But when you try to run the playbook with -b, then all the tasks runs using sudo and the below tasks which runs in local machine also try to use sudo, and it will fail as its different machine. Thats why he is disabling sudo for these specific tasks (become: false) so all other tasks runs in remote machines will use sudo except the tasks runs in local machine.
#46 (comment)

@patsevanton As you mentioned above, six tasks (which using local_action) runs in local machine which mean all those tasks required become: false but you disabled become only in 3 tasks. Could you please check it?

[peterzhuamazon]

@peterzhuamazon

are you trying to use non-root users for those actions?
I thought become is default to root already?

Yes, when we run the playbook using user root it's same as running with become. @patsevanton is trying to run the playbook with non-root user which having sudo privileges so he need to use --become or -b in command. But when you try to run the playbook with -b, then all the tasks runs using sudo and the below tasks which runs in local machine also try to use sudo, and it will fail as its different machine. Thats why he is disabling sudo for these specific tasks (become: false) so all other tasks runs in remote machines will use sudo except the tasks runs in local machine. #46 (comment)

@patsevanton As you mentioned above, six tasks (which using local_action) runs in local machine which mean all those tasks required become: false but you disabled become only in 3 tasks. Could you please check it?

I am more thinking about whether this is a change that is suitable for the playbook tho.
If this is only a change for non-root user, a comment in README on what to change probably enough.
Will this change cause any issues with root user?

Thanks.

[patsevanton]

New PR #48