Same password for Kibana and superuser
This commit is contained in:
parent
37465492a9
commit
1db1074443
|
@ -87,8 +87,8 @@ write_files:
|
|||
}
|
||||
owner: root:root
|
||||
permissions: '0644'
|
||||
- path: /opt/cloud-init-misc-data/kibana_elasticsearch_password
|
||||
content: ${kibana_elasticsearch_password}
|
||||
- path: /opt/cloud-init-misc-data/elasticsearch_password
|
||||
content: ${elasticsearch_password}
|
||||
owner: root:root
|
||||
permissions: '0600'
|
||||
runcmd:
|
||||
|
|
|
@ -19,6 +19,8 @@
|
|||
export ES_HOME=/mnt/data/elasticsearch
|
||||
export JAVA_HOME=${pkgs.jdk8_headless}/jre
|
||||
|
||||
password="$(head -n 1 /opt/cloud-init-misc-data/elasticsearch_password)"
|
||||
|
||||
printf "Setting up a new keystore for Elasticsearch, with default password for user 'elastic'\n"
|
||||
printf "changeme" | elasticsearch-keystore add -f -x bootstrap.password
|
||||
chown -R elasticsearch:elasticsearch /mnt/data/elasticsearch/config
|
||||
|
@ -28,7 +30,8 @@
|
|||
sleep 5
|
||||
done
|
||||
printf "Setting up Kibana user\n"
|
||||
curl -uelastic:changeme -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/kibana/_password' -d "{ \"password\":\"$(head -n 1 /opt/cloud-init-misc-data/kibana_elasticsearch_password)\"}"
|
||||
curl -uelastic:changeme -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/elastic/_password' -d "{ \"password\":\"$password\"}"
|
||||
curl -uelastic:"$password" -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/kibana/_password' -d "{ \"password\":\"$password\"}"
|
||||
'';
|
||||
|
||||
services.kibana.enable = true;
|
||||
|
@ -37,7 +40,7 @@
|
|||
services.kibana.listenAddress = "0.0.0.0";
|
||||
services.kibana.elasticsearch.hosts = [ "http://10.0.1.51:9200" ];
|
||||
services.kibana.elasticsearch.username = "kibana";
|
||||
services.kibana.elasticsearch.password = (builtins.readFile /opt/cloud-init-misc-data/kibana_elasticsearch_password);
|
||||
services.kibana.elasticsearch.password = (builtins.readFile /opt/cloud-init-misc-data/elasticsearch_password);
|
||||
|
||||
system.activationScripts = {
|
||||
mnt = {
|
||||
|
|
|
@ -43,7 +43,7 @@ data "template_cloudinit_config" "guidelines" {
|
|||
domain_name = lookup(jsondecode(file("../../config.json")), "domain_name_${data.terraform_remote_state.environment.outputs.environment_name}", "not found")
|
||||
domain_alternative_names = base64encode(lookup(jsondecode(file("../../config.json")), "domain_alternative_names_${data.terraform_remote_state.environment.outputs.environment_name}", "not found"))
|
||||
vault_db_password = lookup(jsondecode(file("../../secrets.json")), "vault_db_password_${data.terraform_remote_state.environment.outputs.environment_name}", "not found")
|
||||
kibana_elasticsearch_password = lookup(jsondecode(file("../../secrets.json")), "kibana_elasticsearch_password_${data.terraform_remote_state.environment.outputs.environment_name}", "not found")
|
||||
elasticsearch_password = lookup(jsondecode(file("../../secrets.json")), "elasticsearch_password_${data.terraform_remote_state.environment.outputs.environment_name}", "not found")
|
||||
nix_certbot = filebase64("${path.module}/nix/certbot.nix")
|
||||
nix_configuration = filebase64("${path.module}/nix/configuration.nix")
|
||||
nix_elasticsearch = filebase64("${path.module}/nix/elasticsearch.nix")
|
||||
|
|
Loading…
Reference in New Issue