directory '/etc/elasticsearch' do
directory '/var/log/elasticsearch' do
Can you spot the 5 fundamental flaws in the above config for Elastic Search?
1. The directory / files are hardcoded. You want to avoid this at all costs. Otherwise, what is the point of your agile and maintainable software-defined-infrastructure?
2. Setting the owner to elasticsearch is a security hole. It has a daemon-writeable configuration directory. Ensure your software follows the principle behind least privileges.
3. Setting group to root fails on bsd.
4. Owner / Group are not DRY.
5. Filesystem permissions are incorrect.