e91fd969ac
Currently, if internal TLS communication is enabled, Kibana to Elasticsearch communication is unverified. This is because we set elasticsearch.ssl.verificationMode to 'none' by default (via kibana_elasticsearch_ssl_verify). This is poor a security posture. This change changes the default value of 'kibana_elasticsearch_ssl_verify' to 'true'. Change-Id: Ie4fa8e3a60d69cf5c4bdd975030c92be8113ffb1 Closes-Bug: #1885110
53 lines
1.6 KiB
YAML
53 lines
1.6 KiB
YAML
---
|
|
project_name: "kibana"
|
|
|
|
kibana_services:
|
|
kibana:
|
|
container_name: "kibana"
|
|
image: "{{ kibana_image_full }}"
|
|
enabled: true
|
|
group: "kibana"
|
|
volumes: "{{ kibana_default_volumes + kibana_extra_volumes }}"
|
|
dimensions: "{{ kibana_dimensions }}"
|
|
haproxy:
|
|
kibana:
|
|
enabled: "{{ enable_kibana }}"
|
|
mode: "http"
|
|
external: false
|
|
port: "{{ kibana_server_port }}"
|
|
auth_user: "{{ kibana_user }}"
|
|
auth_pass: "{{ kibana_password }}"
|
|
kibana_external:
|
|
enabled: "{{ enable_kibana }}"
|
|
mode: "http"
|
|
external: true
|
|
port: "{{ kibana_server_port }}"
|
|
auth_user: "{{ kibana_user }}"
|
|
auth_pass: "{{ kibana_password }}"
|
|
|
|
|
|
####################
|
|
# Kibana
|
|
####################
|
|
kibana_default_app_id: "discover"
|
|
kibana_elasticsearch_request_timeout: 300000
|
|
kibana_elasticsearch_shard_timeout: 0
|
|
kibana_elasticsearch_ssl_verify: true
|
|
|
|
|
|
####################
|
|
# Docker
|
|
####################
|
|
kibana_install_type: "{{ kolla_install_type }}"
|
|
kibana_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kibana_install_type }}-kibana"
|
|
kibana_tag: "{{ openstack_tag }}"
|
|
kibana_image_full: "{{ kibana_image }}:{{ kibana_tag }}"
|
|
kibana_dimensions: "{{ default_container_dimensions }}"
|
|
|
|
kibana_default_volumes:
|
|
- "{{ node_config_directory }}/kibana/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "{{ '/etc/timezone:/etc/timezone:ro' if kolla_base_distro in ['debian', 'ubuntu'] else '' }}"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
kibana_extra_volumes: "{{ default_extra_volumes }}"
|