commit aa2d2b53452a614a5d3f08c3c66009f0c2a226a0
Author: Mark Goddard <email address hidden>
Date: Fri Jun 19 12:56:54 2020 +0000
Verify TLS by default for Kibana to Elasticsearch
Currently, if internal TLS communication is enabled, Kibana to
Elasticsearch communication is unverified. This is because we set
elasticsearch.ssl.verificationMode to 'none' by default (via
kibana_elasticsearch_ssl_verify). This is poor a security
posture.
This change changes the default value of
'kibana_elasticsearch_ssl_verify' to 'true'.
Change-Id: Ie4fa8e3a60d69cf5c4bdd975030c92be8113ffb1
Closes-Bug: #1885110
(cherry picked from commit e91fd969ace4c83cd461378419dd6aa96399edc2)
Reviewed: https:/ /review. opendev. org/738307 /git.openstack. org/cgit/ openstack/ kolla-ansible/ commit/ ?id=aa2d2b53452 a614a5d3f08c3c6 6009f0c2a226a0
Committed: https:/
Submitter: Zuul
Branch: stable/train
commit aa2d2b53452a614 a5d3f08c3c66009 f0c2a226a0
Author: Mark Goddard <email address hidden>
Date: Fri Jun 19 12:56:54 2020 +0000
Verify TLS by default for Kibana to Elasticsearch
Currently, if internal TLS communication is enabled, Kibana to ch.ssl. verificationMod e to 'none' by default (via elasticsearch_ ssl_verify) . This is poor a security
Elasticsearch communication is unverified. This is because we set
elasticsear
kibana_
posture.
This change changes the default value of elasticsearch_ ssl_verify' to 'true'.
'kibana_
Change-Id: Ie4fa8e3a60d69c f5c4bdd975030c9 2be8113ffb1 cd461378419dd6a a96399edc2)
Closes-Bug: #1885110
(cherry picked from commit e91fd969ace4c83