From c6be0b2dcdba55ff0ab1583099cab86a5d96d98f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Tue, 14 Dec 2021 17:11:41 -0300 Subject: [PATCH 1/4] Disable log4j java option added --- .../opendistro-elasticsearch/templates/jvm.options.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 b/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 index c4758969..9d4911cf 100644 --- a/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 +++ b/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 @@ -94,3 +94,6 @@ -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/elasticsearch/plugins/opendistro_performance_analyzer/pa_config/es_security.policy + +## Disable log4j +-Dlog4j2.formatMsgNoLookups=true \ No newline at end of file From 9c5a4651bb5277621c00f534f292b21cd6cbe776 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 15 Dec 2021 09:25:02 -0300 Subject: [PATCH 2/4] Log4j fix added --- .../ansible-elasticsearch/tasks/main.yml | 11 +++++++++++ .../templates/disabledlog4j.options.j2 | 4 ++++ .../opendistro-elasticsearch/tasks/main.yml | 11 +++++++++++ .../templates/disabledlog4j.options.j2 | 4 ++++ 4 files changed, 30 insertions(+) create mode 100644 roles/elastic-stack/ansible-elasticsearch/templates/disabledlog4j.options.j2 create mode 100644 roles/opendistro/opendistro-elasticsearch/templates/disabledlog4j.options.j2 diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 040f6818..6d376e7a 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -63,6 +63,17 @@ notify: restart elasticsearch tags: configure +- name: Configure disabled log4j. + template: + src: "templates/disabledlog4j.options.j2" + dest: /etc/elasticsearch/jvm.options.d/disabledlog4j.options + owner: root + group: elasticsearch + mode: 0644 + force: yes + notify: restart elasticsearch + tags: install + # fix in new PR (ignore_errors) - import_tasks: "RMRedHat.yml" diff --git a/roles/elastic-stack/ansible-elasticsearch/templates/disabledlog4j.options.j2 b/roles/elastic-stack/ansible-elasticsearch/templates/disabledlog4j.options.j2 new file mode 100644 index 00000000..ccfefab1 --- /dev/null +++ b/roles/elastic-stack/ansible-elasticsearch/templates/disabledlog4j.options.j2 @@ -0,0 +1,4 @@ +## JVM configuration + +## Disable log4j +-Dlog4j2.formatMsgNoLookups=true \ No newline at end of file diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index c7203088..42231df0 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -55,6 +55,17 @@ notify: restart elasticsearch tags: install + - name: Configure disabled log4j. + template: + src: "templates/disabledlog4j.options.j2" + dest: /etc/elasticsearch/jvm.options.d/disabledlog4j.options + owner: root + group: elasticsearch + mode: 0644 + force: yes + notify: restart elasticsearch + tags: install + - name: Ensure extra time for Elasticsearch to start on reboots lineinfile: path: /usr/lib/systemd/system/elasticsearch.service diff --git a/roles/opendistro/opendistro-elasticsearch/templates/disabledlog4j.options.j2 b/roles/opendistro/opendistro-elasticsearch/templates/disabledlog4j.options.j2 new file mode 100644 index 00000000..ccfefab1 --- /dev/null +++ b/roles/opendistro/opendistro-elasticsearch/templates/disabledlog4j.options.j2 @@ -0,0 +1,4 @@ +## JVM configuration + +## Disable log4j +-Dlog4j2.formatMsgNoLookups=true \ No newline at end of file From 12cd6288d21252f2b58633c132743cc89899e9a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 15 Dec 2021 09:26:13 -0300 Subject: [PATCH 3/4] Log4j fix removed from jvm.options --- .../opendistro-elasticsearch/templates/jvm.options.j2 | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 b/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 index 9d4911cf..c4758969 100644 --- a/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 +++ b/roles/opendistro/opendistro-elasticsearch/templates/jvm.options.j2 @@ -94,6 +94,3 @@ -Dclk.tck=100 -Djdk.attach.allowAttachSelf=true -Djava.security.policy=file:///usr/share/elasticsearch/plugins/opendistro_performance_analyzer/pa_config/es_security.policy - -## Disable log4j --Dlog4j2.formatMsgNoLookups=true \ No newline at end of file From c9dcd763e9bc0d30a16fe438a4b1e8cb5441a208 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Wed, 15 Dec 2021 11:47:47 -0300 Subject: [PATCH 4/4] disabledlog4j.options permissions update --- roles/elastic-stack/ansible-elasticsearch/tasks/main.yml | 2 +- roles/opendistro/opendistro-elasticsearch/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml index 6d376e7a..6844dd5e 100755 --- a/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml +++ b/roles/elastic-stack/ansible-elasticsearch/tasks/main.yml @@ -69,7 +69,7 @@ dest: /etc/elasticsearch/jvm.options.d/disabledlog4j.options owner: root group: elasticsearch - mode: 0644 + mode: 2750 force: yes notify: restart elasticsearch tags: install diff --git a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml index 42231df0..cc37efad 100644 --- a/roles/opendistro/opendistro-elasticsearch/tasks/main.yml +++ b/roles/opendistro/opendistro-elasticsearch/tasks/main.yml @@ -61,7 +61,7 @@ dest: /etc/elasticsearch/jvm.options.d/disabledlog4j.options owner: root group: elasticsearch - mode: 0644 + mode: 2750 force: yes notify: restart elasticsearch tags: install