santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add ansible var for ES_TMPDIR env var (#714)

Browse source 
Elasticsearch requires its temp directory to be mounted as executable (see executable-jna-tmpdir). However, the CIS guidelines (e.g., CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v2.1.1, 1.1.5) recommend mounting /tmp with noexec. Therefore, users of this ansible role may have reason to set elasticsearch's temp dir to a non-default location.

(The elasticsearch environment variable ES_TMPDIR gets set to /tmp by default. This PR preserves this default behavior.)
This commit is contained in:
joshschmitter 2020-09-02 02:10:28 -05:00 committed by GitHub
parent 50bf641b8c
commit 37e93217fe
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
defaults/main.yml
View file

@ -26,6 +26,7 @@ es_config_jvm: "jvm.options.j2"
#Need to provide default directories #Need to provide default directories
es_conf_dir: "/etc/elasticsearch" es_conf_dir: "/etc/elasticsearch"
es_pid_dir: "/var/run/elasticsearch" es_pid_dir: "/var/run/elasticsearch"
es_tmp_dir: "/tmp"
es_data_dirs: es_data_dirs:
- "/var/lib/elasticsearch" - "/var/lib/elasticsearch"
es_log_dir: "/var/log/elasticsearch" es_log_dir: "/var/log/elasticsearch"

3
templates/elasticsearch.j2
View file

@ -5,6 +5,9 @@
# Elasticsearch home directory # Elasticsearch home directory
ES_HOME={{es_home}} ES_HOME={{es_home}}
# Elasticsearch temp directory
ES_TMPDIR={{ es_tmp_dir }}
# Elasticsearch Java path # Elasticsearch Java path
{% if es_java_home | length > 0 %} {% if es_java_home | length > 0 %}
JAVA_HOME={{ es_java_home }} JAVA_HOME={{ es_java_home }}