fixed some issues in opensearch_dashboards init

authentication still doesn't work, though

fixed some issues in opensearch_dashboards init
45fd84c3 · Václav Bartoš · e0cba78b · 45fd84c3 · 45fd84c3
Commit 45fd84c3 authored 2 years ago by Václav Bartoš
--- a/roles/opensearch-dashboards/tasks/init.yml
+++ b/roles/opensearch-dashboards/tasks/init.yml
@@ -68,7 +68,8 @@
 - name: Check Opensearch Dashboards health
  remote_user: dashboards
  shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \
-              | egrep status....overall....state...green'
+          --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \
+              | egrep ''"overall":{[^}]*"state":"green"'''
  register: result
  until: result.rc == 0
  retries: 90
@@ -86,7 +87,7 @@
  shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \
          -b /tmp/cookie.txt -c /tmp/cookie.txt \
          -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \
-          -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \
+          -H "osd-xsrf: reporting" -H "Content-Type: multipart/form-data" \
          -F "file=@/tmp/opensearch-dashboards_graphs.ndjson"'
  ignore_errors: True
@@ -101,7 +102,7 @@
  shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \
          -b /tmp/cookie.txt -c /tmp/cookie.txt \
          -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \
-          -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
+          -H "osd-xsrf: reporting" -H "Content-Type: application/json" \
          -d @/tmp/role.json'
 - name: Set Autostart for supervisord's services

--- a/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2
+++ b/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2
@@ -78,11 +78,10 @@ server.ssl.certificate: /opt/opensearch-dashboards/config/{{inventory_hostname}}
 # Optional setting that enables you to specify a path to the PEM file for the certificate
 # authority for your OpenSearch instance.
-# opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
+opensearch.ssl.certificateAuthorities: [ "/opt/opensearch-dashboards/config/ca.crt" ]
 # To disregard the validity of SSL certificates, change this setting's value to 'none'.
-# opensearch.ssl.verificationMode: full
+opensearch.ssl.verificationMode: full
-opensearch.ssl.verificationMode: none
 # Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of
 # the opensearch.requestTimeout setting.
@@ -197,5 +196,3 @@ opensearch_security.openid.client_id: "opensearch-dashboards"
 opensearch_security.openid.client_secret: "{{kibanasecret.value}}"
 opensearch_security.openid.root_ca: "/opt/opensearch-dashboards/config/ca.crt"
 opensearch_security.openid.base_redirect_url: "https://{{soctoolsproxy}}:5601"
-opensearch_security.allow_client_certificates: true