diff --git a/roles/opensearch-dashboards/tasks/init.yml b/roles/opensearch-dashboards/tasks/init.yml index 4de794e62c261ca0a3584c6e12dcaa4c9d35543c..f098cec242a00546999eee3e4df29e034d02f693 100644 --- a/roles/opensearch-dashboards/tasks/init.yml +++ b/roles/opensearch-dashboards/tasks/init.yml @@ -68,7 +68,8 @@ - name: Check Opensearch Dashboards health remote_user: dashboards shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \ - | egrep status....overall....state...green' + --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \ + | egrep ''"overall":{[^}]*"state":"green"''' register: result until: result.rc == 0 retries: 90 @@ -86,7 +87,7 @@ shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \ -b /tmp/cookie.txt -c /tmp/cookie.txt \ -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \ - -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \ + -H "osd-xsrf: reporting" -H "Content-Type: multipart/form-data" \ -F "file=@/tmp/opensearch-dashboards_graphs.ndjson"' ignore_errors: True @@ -101,7 +102,7 @@ shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \ -b /tmp/cookie.txt -c /tmp/cookie.txt \ -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \ - -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \ + -H "osd-xsrf: reporting" -H "Content-Type: application/json" \ -d @/tmp/role.json' - name: Set Autostart for supervisord's services diff --git a/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2 b/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2 index c80e00d3aeed4ac3f98189d3357f8e4a21edf252..5c95b53b4c1a8d34f2a752b3eae5a18eb11546d3 100644 --- a/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2 +++ b/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2 @@ -78,11 +78,10 @@ server.ssl.certificate: /opt/opensearch-dashboards/config/{{inventory_hostname}} # Optional setting that enables you to specify a path to the PEM file for the certificate # authority for your OpenSearch instance. -# opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] +opensearch.ssl.certificateAuthorities: [ "/opt/opensearch-dashboards/config/ca.crt" ] # To disregard the validity of SSL certificates, change this setting's value to 'none'. -# opensearch.ssl.verificationMode: full -opensearch.ssl.verificationMode: none +opensearch.ssl.verificationMode: full # Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of # the opensearch.requestTimeout setting. @@ -197,5 +196,3 @@ opensearch_security.openid.client_id: "opensearch-dashboards" opensearch_security.openid.client_secret: "{{kibanasecret.value}}" opensearch_security.openid.root_ca: "/opt/opensearch-dashboards/config/ca.crt" opensearch_security.openid.base_redirect_url: "https://{{soctoolsproxy}}:5601" - -opensearch_security.allow_client_certificates: true