Skip to content
Snippets Groups Projects
Commit e91fd969 authored by Mark Goddard's avatar Mark Goddard
Browse files

Verify TLS by default for Kibana to Elasticsearch 

Currently, if internal TLS communication is enabled, Kibana to
Elasticsearch communication is unverified. This is because we set
elasticsearch.ssl.verificationMode to 'none' by default (via
kibana_elasticsearch_ssl_verify). This is poor a security
posture.

This change changes the default value of
'kibana_elasticsearch_ssl_verify' to 'true'.

Change-Id: Ie4fa8e3a60d69cf5c4bdd975030c92be8113ffb1
Closes-Bug: #1885110
parent 31f3f848
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
ansible/roles/kibana/defaults/main.yml
+ 1
1
View file @ e91fd969
...@@ -32,7 +32,7 @@ kibana_services: ...@@ -32,7 +32,7 @@ kibana_services:
kibana_default_app_id: "discover" kibana_default_app_id: "discover"
kibana_elasticsearch_request_timeout: 300000 kibana_elasticsearch_request_timeout: 300000
kibana_elasticsearch_shard_timeout: 0 kibana_elasticsearch_shard_timeout: 0
kibana_elasticsearch_ssl_verify: false kibana_elasticsearch_ssl_verify: true
#################### ####################
......
releasenotes/notes/kibana-tls-verify-8bfcb822268ad0d8.yaml 0 → 100644
+ 6
0
View file @ e91fd969
---
upgrade:
- |
Changes the default value of ``kibana_elasticsearch_ssl_verify`` from
``false`` to ``true``. `LP#1885110
<https://bugs.launchpad.net/kolla-ansible/+bug/1885110>`__
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment