Verify TLS by default for Kibana to Elasticsearch

Currently, if internal TLS communication is enabled, Kibana to
Elasticsearch communication is unverified. This is because we set
elasticsearch.ssl.verificationMode to 'none' by default (via
kibana_elasticsearch_ssl_verify). This is poor a security
posture.

This change changes the default value of
'kibana_elasticsearch_ssl_verify' to 'true'.

Change-Id: Ie4fa8e3a60d69cf5c4bdd975030c92be8113ffb1
Closes-Bug: #1885110

ansible/roles/kibana/defaults/main.yml

@@ -32,7 +32,7 @@ kibana_services:
 kibana_default_app_id: "discover"
 kibana_elasticsearch_request_timeout: 300000
 kibana_elasticsearch_shard_timeout: 0
-kibana_elasticsearch_ssl_verify: false
+kibana_elasticsearch_ssl_verify: true
 
 
 ####################

releasenotes/notes/kibana-tls-verify-8bfcb822268ad0d8.yaml

@@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    Changes the default value of ``kibana_elasticsearch_ssl_verify`` from
+    ``false`` to ``true``. `LP#1885110
+    <https://bugs.launchpad.net/kolla-ansible/+bug/1885110>`__