Same password for Kibana and superuser

This commit is contained in:
Marco Streich 2021-01-21 17:38:46 +01:00
parent 37465492a9
commit 1db1074443
3 changed files with 8 additions and 5 deletions

View File

@ -87,8 +87,8 @@ write_files:
}
owner: root:root
permissions: '0644'
- path: /opt/cloud-init-misc-data/kibana_elasticsearch_password
content: ${kibana_elasticsearch_password}
- path: /opt/cloud-init-misc-data/elasticsearch_password
content: ${elasticsearch_password}
owner: root:root
permissions: '0600'
runcmd:

View File

@ -19,6 +19,8 @@
export ES_HOME=/mnt/data/elasticsearch
export JAVA_HOME=${pkgs.jdk8_headless}/jre
password="$(head -n 1 /opt/cloud-init-misc-data/elasticsearch_password)"
printf "Setting up a new keystore for Elasticsearch, with default password for user 'elastic'\n"
printf "changeme" | elasticsearch-keystore add -f -x bootstrap.password
chown -R elasticsearch:elasticsearch /mnt/data/elasticsearch/config
@ -28,7 +30,8 @@
sleep 5
done
printf "Setting up Kibana user\n"
curl -uelastic:changeme -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/kibana/_password' -d "{ \"password\":\"$(head -n 1 /opt/cloud-init-misc-data/kibana_elasticsearch_password)\"}"
curl -uelastic:changeme -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/elastic/_password' -d "{ \"password\":\"$password\"}"
curl -uelastic:"$password" -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/kibana/_password' -d "{ \"password\":\"$password\"}"
'';
services.kibana.enable = true;
@ -37,7 +40,7 @@
services.kibana.listenAddress = "0.0.0.0";
services.kibana.elasticsearch.hosts = [ "http://10.0.1.51:9200" ];
services.kibana.elasticsearch.username = "kibana";
services.kibana.elasticsearch.password = (builtins.readFile /opt/cloud-init-misc-data/kibana_elasticsearch_password);
services.kibana.elasticsearch.password = (builtins.readFile /opt/cloud-init-misc-data/elasticsearch_password);
system.activationScripts = {
mnt = {

View File

@ -43,7 +43,7 @@ data "template_cloudinit_config" "guidelines" {
domain_name = lookup(jsondecode(file("../../config.json")), "domain_name_${data.terraform_remote_state.environment.outputs.environment_name}", "not found")
domain_alternative_names = base64encode(lookup(jsondecode(file("../../config.json")), "domain_alternative_names_${data.terraform_remote_state.environment.outputs.environment_name}", "not found"))
vault_db_password = lookup(jsondecode(file("../../secrets.json")), "vault_db_password_${data.terraform_remote_state.environment.outputs.environment_name}", "not found")
kibana_elasticsearch_password = lookup(jsondecode(file("../../secrets.json")), "kibana_elasticsearch_password_${data.terraform_remote_state.environment.outputs.environment_name}", "not found")
elasticsearch_password = lookup(jsondecode(file("../../secrets.json")), "elasticsearch_password_${data.terraform_remote_state.environment.outputs.environment_name}", "not found")
nix_certbot = filebase64("${path.module}/nix/certbot.nix")
nix_configuration = filebase64("${path.module}/nix/configuration.nix")
nix_elasticsearch = filebase64("${path.module}/nix/elasticsearch.nix")