commit 73b6ccd1f180d39200dd143297dd3909c2b0e119
Author: Mark Goddard <email address hidden>
Date: Fri Jun 19 12:56:54 2020 +0000
Verify TLS by default for Kibana to Elasticsearch
Currently, if internal TLS communication is enabled, Kibana to
Elasticsearch communication is unverified. This is because we set
elasticsearch.ssl.verificationMode to 'none' by default (via
kibana_elasticsearch_ssl_verify). This is poor a security
posture.
This change changes the default value of
'kibana_elasticsearch_ssl_verify' to 'true'.
Change-Id: Ie4fa8e3a60d69cf5c4bdd975030c92be8113ffb1
Closes-Bug: #1885110
(cherry picked from commit e91fd969ace4c83cd461378419dd6aa96399edc2)
Reviewed: https:/ /review. opendev. org/738306 /git.openstack. org/cgit/ openstack/ kolla-ansible/ commit/ ?id=73b6ccd1f18 0d39200dd143297 dd3909c2b0e119
Committed: https:/
Submitter: Zuul
Branch: stable/ussuri
commit 73b6ccd1f180d39 200dd143297dd39 09c2b0e119
Author: Mark Goddard <email address hidden>
Date: Fri Jun 19 12:56:54 2020 +0000
Verify TLS by default for Kibana to Elasticsearch
Currently, if internal TLS communication is enabled, Kibana to ch.ssl. verificationMod e to 'none' by default (via elasticsearch_ ssl_verify) . This is poor a security
Elasticsearch communication is unverified. This is because we set
elasticsear
kibana_
posture.
This change changes the default value of elasticsearch_ ssl_verify' to 'true'.
'kibana_
Change-Id: Ie4fa8e3a60d69c f5c4bdd975030c9 2be8113ffb1 cd461378419dd6a a96399edc2)
Closes-Bug: #1885110
(cherry picked from commit e91fd969ace4c83