From 45fd84c32ea1770f68b326237bc4e0ac06e9902a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=A1clav=20Barto=C5=A1?= <bartos@cesnet.cz>
Date: Wed, 26 Oct 2022 23:13:42 +0200
Subject: [PATCH] fixed some issues in opensearch_dashboards init

authentication still doesn't work, though
---
 roles/opensearch-dashboards/tasks/init.yml                 | 7 ++++---
 .../templates/opensearch_dashboards.yml.j2                 | 7 ++-----
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/roles/opensearch-dashboards/tasks/init.yml b/roles/opensearch-dashboards/tasks/init.yml
index 4de794e..f098cec 100644
--- a/roles/opensearch-dashboards/tasks/init.yml
+++ b/roles/opensearch-dashboards/tasks/init.yml
@@ -68,7 +68,8 @@
 - name: Check Opensearch Dashboards health
   remote_user: dashboards
   shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \
-              | egrep status....overall....state...green'
+          --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \
+              | egrep ''"overall":{[^}]*"state":"green"'''
   register: result
   until: result.rc == 0
   retries: 90
@@ -86,7 +87,7 @@
   shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \
           -b /tmp/cookie.txt -c /tmp/cookie.txt \
           -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \
-          -H "kbn-xsrf: reporting" -H "Content-Type: multipart/form-data" \
+          -H "osd-xsrf: reporting" -H "Content-Type: multipart/form-data" \
           -F "file=@/tmp/opensearch-dashboards_graphs.ndjson"'
   ignore_errors: True
 
@@ -101,7 +102,7 @@
   shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \
           -b /tmp/cookie.txt -c /tmp/cookie.txt \
           -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \
-          -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
+          -H "osd-xsrf: reporting" -H "Content-Type: application/json" \
           -d @/tmp/role.json'
 
 - name: Set Autostart for supervisord's services
diff --git a/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2 b/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2
index c80e00d..5c95b53 100644
--- a/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2
+++ b/roles/opensearch-dashboards/templates/opensearch_dashboards.yml.j2
@@ -78,11 +78,10 @@ server.ssl.certificate: /opt/opensearch-dashboards/config/{{inventory_hostname}}
 
 # Optional setting that enables you to specify a path to the PEM file for the certificate
 # authority for your OpenSearch instance.
-# opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
+opensearch.ssl.certificateAuthorities: [ "/opt/opensearch-dashboards/config/ca.crt" ]
 
 # To disregard the validity of SSL certificates, change this setting's value to 'none'.
-# opensearch.ssl.verificationMode: full
-opensearch.ssl.verificationMode: none
+opensearch.ssl.verificationMode: full
 
 # Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of
 # the opensearch.requestTimeout setting.
@@ -197,5 +196,3 @@ opensearch_security.openid.client_id: "opensearch-dashboards"
 opensearch_security.openid.client_secret: "{{kibanasecret.value}}"
 opensearch_security.openid.root_ca: "/opt/opensearch-dashboards/config/ca.crt"
 opensearch_security.openid.base_redirect_url: "https://{{soctoolsproxy}}:5601"
-
-opensearch_security.allow_client_certificates: true
-- 
GitLab