Keystore is not created with java 22 (password needed) #462
Description
Describe the Bug
Running the latest elasticsearch module with elasticsearch 8.15.1 on Rocky 9 throws error:
Error: Execution of 'keytool -importkeystore -srcstoretype PKCS12 -destkeystore /etc/elasticsearch/elasticsearch.ks -srckeystore /tmp/elasticsearch_node.20241023-51377-1njhkrb -alias elasticsearch_node' returned 1: Importing keystore /tmp/elasticsearch_node.20241023-51377-1njhkrb to /etc/elasticsearch/elasticsearch.ks...
Enter destination keystore password: Enter source keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in the srckeystore*
* has NOT been verified! In order to verify its integrity, *
* you must provide the srckeystore password. *
***************** WARNING WARNING WARNING *****************
Enter key password for <elasticsearch_node>Enter key password for <elasticsearch_node>Enter key password for <elasticsearch_node>keytool error: java.lang.Exception: Too many failures - try later
Error: /Stage[main]/Elasticsearch::Config/Java_ks[elasticsearch_node]/ensure: change from 'absent' to 'present' failed: Execution of 'keytool -importkeystore -srcstoretype PKCS12 -destkeystore /etc/elasticsearch/elasticsearch.ks -srckeystore /tmp/elasticsearch_node.20241023-51377-1njhkrb -alias elasticsearch_node' returned 1: Importing keystore /tmp/elasticsearch_node.20241023-51377-1njhkrb to /etc/elasticsearch/elasticsearch.ks...
Enter destination keystore password: Enter source keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in the srckeystore*
* has NOT been verified! In order to verify its integrity, *
* you must provide the srckeystore password. *
***************** WARNING WARNING WARNING *****************
Enter key password for <elasticsearch_node>Enter key password for <elasticsearch_node>Enter key password for <elasticsearch_node>keytool error: java.lang.Exception: Too many failures - try later (corrective)
from elasticsearch module:
# Trust CA Certificate
java_ks { 'elasticsearch_ca':
ensure => present,
certificate => $elasticsearch::ca_certificate,
target => $_keystore_path,
password => $elasticsearch::keystore_password,
trustcacerts => true,
}
# Load node certificate and private key
java_ks { 'elasticsearch_node':
ensure => present,
certificate => $elasticsearch::certificate,
private_key => $elasticsearch::private_key,
private_key_type => $elasticsearch::private_key_type,
target => $_keystore_path,
password => $elasticsearch::keystore_password,
}
The password is not empty in both cases.
Java version used in elasticsearch:
/usr/share/elasticsearch/jdk/bin/java -version
openjdk version "22.0.1" 2024-04-16
OpenJDK Runtime Environment (build 22.0.1+8-16)
OpenJDK 64-Bit Server VM (build 22.0.1+8-16, mixed mode, sharing)
This is probably a combination of Java and operation system versions, the same module used on elasticsearch 7.17 works properly.
Expected Behavior
proper keystore should be created.
Steps to Reproduce
I have included code from elasticsearch module.
Environment
- Java version 22.0.1
- Platform: Rocky 9.5
- Puppet version: 7.33.0
Additional Context
When I run commands from above manually (outside puppet run), the keystore is created but I have to provide the password manually on every step.