Various helper changes

Removing helper parts from various scripts Kibana config for 7.4 Renaming various parts to soctools naming

Various helper changes
c6faf9ad · Bozidar Proevski · e16185f3 · c6faf9ad · c6faf9ad · c6faf9ad
Commit c6faf9ad authored 5 years ago by Bozidar Proevski
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
 ---

-soctools_netname: "dslnifinet"
+soctools_netname: "soctoolsnet"

 repo: gn43-dsl
 version: 7
-suffix: a20200520
+suffix: a20200528

 temp_root: "/tmp/centosbuild"

@@ -18,7 +18,7 @@ nifi_img: "{{repo}}/nifi:{{version}}{{suffix}}"
 nginx_name: "dsoclab-nginx"
 nginx_img: "{{repo}}/nginx:{{version}}{{suffix}}"

-dslproxy: "dsldev.gn4-3-wp8-soc.sunet.se"
+dslproxy: "dsoclab.gn4-3-wp8-soc.sunet.se"

 kspass: "Testing003"
 tspass: "Testing003"
@@ -30,7 +30,7 @@ sysctlconfig:

 javamem: "384m"

-ca_cn: "dsldev test ca"
+ca_cn: "SOCTOOLS-CA"

 #nifiadmin:
 #  - [ "Bozidar Proevski", "Pass001" ]
@@ -38,13 +38,6 @@ ca_cn: "dsldev test ca"
 #  - [ "NifiELKuser", "Pass003" ]

 soctools_users:
-  - firstname: "Arne"
-    lastname: "Oslebo"
-    username: "arne.oslebo"
-    email: "arne.oslebo@uninett.no"
-    DN: "CN=Arne Oslebo"
-    CN: "Arne Oslebo"
-    password: "Pass002"
  - firstname: "Bozidar"
    lastname: "Proevski"
    username: "bozidar.proevski"
@@ -52,6 +45,13 @@ soctools_users:
    DN: "CN=Bozidar Proevski"
    CN: "Bozidar Proevski"
    password: "Pass001"
+  - firstname: "Arne"
+    lastname: "Oslebo"
+    username: "arne.oslebo"
+    email: "arne.oslebo@uninett.no"
+    DN: "CN=Arne Oslebo"
+    CN: "Arne Oslebo"
+    password: "Pass002"


 odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}"
@@ -62,7 +62,7 @@ odfees_adminpass: "Pass004"
 elk_version: "oss-7.4.2"
 odfeplugin_version: "1.4.0.0"

-openid_realm: "GN43WP8T31SOC1"
+openid_realm: "SOCTOOLS1"
 openid_scope: profile
 openid_subjkey: preferred_username


--- a/roles/ca/tasks/main.yml
+++ b/roles/ca/tasks/main.yml
@@ -197,3 +197,17 @@
    EASYRSA_BATCH: 1
    EASYRSA_PKI: roles/ca/files/CA

+- name: Copy user certs to odfees
+  copy:
+    src: "roles/ca/files/CA/private/{{ item.CN }}.p12"
+    dest: "roles/odfees/files/{{ item.CN }}.p12"
+  with_items:
+    - "{{soctools_users}}"
+
+- name: Copy user certs to odfekibana
+  copy:
+    src: "roles/ca/files/CA/private/{{ item.CN }}.p12"
+    dest: "roles/odfekibana/files/{{ item.CN }}.p12"
+  with_items:
+    - "{{soctools_users}}"
+
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -23,9 +23,6 @@
    - local: "files/{{ ca_cn }}.crt"
      remote: /etc/x509/ca/ca.crt
      mode: '0644'
-    - local: "files/gn43wp8t31ca.crt"
-      remote: /etc/x509/ca/gn43wp8t31ca.crt
-      mode: '0644'
    - local: "files/cacerts.jks"
      remote: /opt/jboss/keycloak/cacerts.jks
      mode: '0644'
@@ -35,7 +32,7 @@
 - name: Generate Keycloak secure config
  command: "/opt/jboss/tools/x509.sh"
  environment:
-    X509_CA_BUNDLE: "/etc/x509/ca/ca.crt /etc/x509/ca/gn43wp8t31ca.crt"
+    X509_CA_BUNDLE: "/etc/x509/ca/ca.crt"
  tags:
    - start


--- a/roles/odfekibana/templates/kibana.yml.j2
+++ b/roles/odfekibana/templates/kibana.yml.j2
@@ -33,9 +33,10 @@ opendistro_security.multitenancy.enabled: true
 opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
 opendistro_security.readonly_mode.roles: ["kibana_read_only"]

-newsfeed.enabled: false
-telemetry.optIn: false
-telemetry.enabled: false
+#new in 7.6
+#newsfeed.enabled: false
+#telemetry.optIn: false
+#telemetry.enabled: false

 opendistro_security.auth.type: "openid"
 opendistro_security.openid.connect_url: "https://{{dslproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration"
@@ -49,17 +50,17 @@ opendistro_security.cookie.secure: true
 opendistro_security.cookie.password: "{{lookup('password', '/dev/null length=32 chars=ascii_letters,digits,hexdigits')}}"

 server.ssl.enabled: true
-#server.ssl.key: /usr/share/kibana/config/{{inventory_hostname}}.key
-#server.ssl.certificate: /usr/share/kibana/config/{{inventory_hostname}}.crt
-server.ssl.keystore.path: /usr/share/kibana/config/{{inventory_hostname}}.p12
-server.ssl.keystore.password: {{kspass}}
+server.ssl.key: /usr/share/kibana/config/{{inventory_hostname}}.key
+server.ssl.certificate: /usr/share/kibana/config/{{inventory_hostname}}.crt
+#server.ssl.keystore.path: /usr/share/kibana/config/{{inventory_hostname}}.p12
+#server.ssl.keystore.password: {{kspass}}
 #server.ssl.certificateAuthorities:
 #server.ssl.truststore.path: jks (p12?)
 #server.ssl.truststore.password:


-#elasticsearch.ssl.certificate: /usr/share/kibana/config/odfe-kibana.crt
-#elasticsearch.ssl.key: /usr/share/kibana/config/odfe-kibana.key
-#elasticsearch.ssl.certificateAuthorities: /usr/share/kibana/config/dslca.crt
+#elasticsearch.ssl.certificate: /usr/share/kibana/config/{{inventory_hostname}}.crt
+#elasticsearch.ssl.key: /usr/share/kibana/config/{{inventory_hostname}}.key
+#elasticsearch.ssl.certificateAuthorities: /usr/share/kibana/config/{{ca_cn}}.crt

 opendistro_security.allow_client_certificates: true