Become: false for operation /tmp/opensearch-nodecerts

README.md

@@ -45,7 +45,7 @@ In `inventories/opensearch/hosts` file, you can configure the node details.
 
 In AWS EC2,
 ```
-os1 ansible_host=<Elastic/Public IP> address ansible_user=root ip=<Private IP address>
+os1 ansible_host=<Elastic/Public IP> address ansible_user=ec2-user ip=<Private IP address>
 ```
 
 #### Multi-node Installation
@@ -82,8 +82,8 @@ cluster_type: single-node
 ### Install
 
 
-    # Deploy with ansible playbook - run the playbook as root
-    ansible-playbook -i inventories/opensearch/hosts opensearch.yml --extra-vars "admin_password=Test@123 kibanaserver_password=Test@6789"
+    # Deploy with ansible playbook - run the playbook as ec2-user
+    ansible-playbook -i inventories/opensearch/hosts opensearch.yml --extra-vars "admin_password=Test@123 kibanaserver_password=Test@6789" --become
 
 You should set the reserved users(`admin` and `kibanaserver`) password using `admin_password` and `kibanaserver_password` variables.
 

roles/linux/opensearch/tasks/security.yml

@@ -9,6 +9,7 @@
     state: directory
   run_once: true
   register: configuration
+  become: false
 
 - name: Security Plugin configuration | Download certificates generation tool
   local_action:
@@ -17,11 +18,13 @@
     dest: /tmp/opensearch-nodecerts/search-guard-tlstool.tar.gz
   run_once: true
   when: configuration.changed
+  become: false
 
 - name: Security Plugin configuration | Extract the certificates generation tool
   local_action: command chdir=/tmp/opensearch-nodecerts tar -xvf search-guard-tlstool.tar.gz
   run_once: true
   when: configuration.changed
+  become: false
 
 - name: Security Plugin configuration | Make the executable file
   local_action:
@@ -30,6 +33,7 @@
     mode: a+x
   run_once: true
   when: configuration.changed
+  become: false
 
 - name: Security Plugin configuration | Prepare the certificates generation template file
   local_action:
@@ -38,12 +42,14 @@
     dest: /tmp/opensearch-nodecerts/config/tlsconfig.yml
   run_once: true
   when: configuration.changed
+  become: false
 
 - name: Security Plugin configuration | Generate the node & admin certificates in local
   local_action:
     module: command /tmp/opensearch-nodecerts/tools/sgtlstool.sh -c /tmp/opensearch-nodecerts/config/tlsconfig.yml -ca -crt -t /tmp/opensearch-nodecerts/config/
   run_once: true
   when: configuration.changed
+  become: false
 
 - name: Security Plugin configuration | Copy the node & admin certificates to opensearch nodes
   copy:
@@ -154,3 +160,4 @@
     state: absent
   run_once: true
   when: configuration.changed
+  become: false