From 5603faa1f25dcb3b514dcb39b06c29930ae051ed Mon Sep 17 00:00:00 2001 From: Pablo Escobar Date: Fri, 22 May 2020 19:49:38 +0200 Subject: [PATCH 1/2] added new ssl option for kibana --- roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 index 0f2ef6066..d08fa7274 100644 --- a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 @@ -110,6 +110,7 @@ elasticsearch.password: "{{ elasticsearch_xpack_security_password }}" server.ssl.enabled: true server.ssl.key: "{{node_certs_destination}}/{{ kibana_node_name }}.key" server.ssl.certificate: "{{node_certs_destination}}/{{ kibana_node_name }}.crt" +elasticsearch.ssl.verificationMode: certificate {% if generate_CA == true %} elasticsearch.ssl.certificateAuthorities: ["{{ node_certs_destination }}/ca.crt"] {% elif generate_CA == false %} From 81c2df4fff56f94a6e376a987f611e4f5619946c Mon Sep 17 00:00:00 2001 From: Pablo Escobar Date: Thu, 28 May 2020 11:18:21 +0200 Subject: [PATCH 2/2] add a variable to define elasticsearch.ssl.verificationMode in kibana --- roles/elastic-stack/ansible-kibana/defaults/main.yml | 1 + roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/elastic-stack/ansible-kibana/defaults/main.yml b/roles/elastic-stack/ansible-kibana/defaults/main.yml index a47683fd5..434dabc24 100644 --- a/roles/elastic-stack/ansible-kibana/defaults/main.yml +++ b/roles/elastic-stack/ansible-kibana/defaults/main.yml @@ -26,6 +26,7 @@ wazuh_api_credentials: # Xpack Security kibana_xpack_security: false +kibana_ssl_verification_mode: "full" elasticsearch_xpack_security_user: elastic elasticsearch_xpack_security_password: elastic_pass diff --git a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 index d08fa7274..62f6e9ebb 100644 --- a/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 +++ b/roles/elastic-stack/ansible-kibana/templates/kibana.yml.j2 @@ -110,7 +110,7 @@ elasticsearch.password: "{{ elasticsearch_xpack_security_password }}" server.ssl.enabled: true server.ssl.key: "{{node_certs_destination}}/{{ kibana_node_name }}.key" server.ssl.certificate: "{{node_certs_destination}}/{{ kibana_node_name }}.crt" -elasticsearch.ssl.verificationMode: certificate +elasticsearch.ssl.verificationMode: "{{ kibana_ssl_verification_mode }}" {% if generate_CA == true %} elasticsearch.ssl.certificateAuthorities: ["{{ node_certs_destination }}/ca.crt"] {% elif generate_CA == false %}