0

I am trying to execute the opendistro/elasticsearch security setup script from an ansible playbook and keep failing with return code 126.

    - name: Initialize elasticsearch security
      command: /usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh [...]
      environment:
        JAVA_HOME: /usr/share/elasticsearch/jdk/bin/java

fatal: [sys-centos8a]: FAILED! => {"changed": true, "cmd": ["/usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh"], "delta": "0:00:00.013054", "end": "2021-02-19 09:41:50.267357", "msg": "non-zero return code", "rc": 126, "start": "2021-02-19 09:41:50.254303", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}

It shouldn't be a permissions error with become set to root, but to be sure I set permissions to 777 with no change.

There was a problem with the env setting and sudo, so I added Defaults env_keep += "JAVA_HOME" to the sudoers file. But still no change to ansible returning the 126 error.

I tried several variations, like become with the elasticsearch user or explicit sudo but nothing works. It works perfectly if I ssh manually to the target (either as root or elasticsearch user) but I seem to miss something in ansible.

Any ideas?

adonas
  • 1
  • Hi adonas, welcome to SO. You may want to run that script with `bash -x` to see what commands it is attempting, and thus why it is failing: `command: bash -x /usr/...` – mdaniel Feb 19 '21 at 17:13
  • MDaniel thanks, I never heard of a bash trace before but it put me on the right track. – adonas Feb 19 '21 at 18:09

1 Answers1

0

Using bash -x as suggested by mdaniel resulted in

+ BIN_PATH=/usr/share/elasticsearch/jdk//bin/java
~ manual start
+ BIN_PATH=/usr/share/elasticsearch/jdk/bin/java/bin/java
+ ansible

I assumed JAVA_HOME would be the executable but apparently it has to be the JDK folder.

adonas
  • 1