kolla-ansible

  1. Series train
  2. Bug #1885110
  3. Comment #6

Comment 6 for bug 1885110

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/ussuri)

Reviewed: https://review.opendev.org/738306
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=73b6ccd1f180d39200dd143297dd3909c2b0e119
Submitter: Zuul
Branch: stable/ussuri

commit 73b6ccd1f180d39200dd143297dd3909c2b0e119
Author: Mark Goddard <email address hidden>
Date: Fri Jun 19 12:56:54 2020 +0000

    Verify TLS by default for Kibana to Elasticsearch

    Currently, if internal TLS communication is enabled, Kibana to
    Elasticsearch communication is unverified. This is because we set
    elasticsearch.ssl.verificationMode to 'none' by default (via
    kibana_elasticsearch_ssl_verify). This is poor a security
    posture.

    This change changes the default value of
    'kibana_elasticsearch_ssl_verify' to 'true'.

    Change-Id: Ie4fa8e3a60d69cf5c4bdd975030c92be8113ffb1
    Closes-Bug: #1885110
    (cherry picked from commit e91fd969ace4c83cd461378419dd6aa96399edc2)