From ba62740a9375e52af074ca75c56ef1bafdd735af Mon Sep 17 00:00:00 2001 From: akwasniewska Date: Wed, 23 Mar 2016 12:02:49 +0100 Subject: [PATCH] Add kibana authentication using HAproxy Change-Id: Ib501571dd34cb68924775ce738499d63df5718dd Closes-Bug: 1556487 --- ansible/group_vars/all.yml | 7 +++++++ ansible/roles/haproxy/templates/haproxy.cfg.j2 | 6 ++++++ etc/kolla/passwords.yml | 5 +++++ 3 files changed, 18 insertions(+) diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index bfa4c20517..a0ab95a8a9 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -210,6 +210,13 @@ haproxy_enable_external_vip: "{{ 'no' if kolla_external_vip_address == kolla_int kolla_enable_tls_external: "no" kolla_external_fqdn_cert: "{{ node_config_directory }}/certificates/haproxy.pem" + +#################### +# Kibana options +#################### +kibana_user: "kibana" + + ################################# # Cinder - Block Storage options ################################# diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2 index 542d862473..aa808ee536 100644 --- a/ansible/roles/haproxy/templates/haproxy.cfg.j2 +++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2 @@ -374,8 +374,14 @@ listen radosgw_external {% endif %} {% if enable_central_logging | bool %} + +userlist kibanauser + user {{ kibana_user }} insecure-password {{ kibana_password }} + listen kibana bind {{ kolla_internal_vip_address }}:{{ kibana_server_port }} + acl auth_acl http_auth(kibanauser) + http-request auth realm basicauth unless auth_acl {% for host in groups['kibana'] %} server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ kibana_server_port }} check inter 2000 rise 2 fall 5 {% endfor %} diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index a792117398..12b2d6bf5e 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -76,3 +76,8 @@ rabbitmq_cluster_cookie: #################### haproxy_password: keepalived_password: + +#################### +# Kibana options +#################### +kibana_password: