From 1db10744435d4af74143f70935a8658b1599dd0f Mon Sep 17 00:00:00 2001 From: Marco Streich Date: Thu, 21 Jan 2021 17:38:46 +0100 Subject: [PATCH] Same password for Kibana and superuser --- infrastructure/modules/compute/cloudinit.tpl | 4 ++-- infrastructure/modules/compute/nix/elasticsearch.nix | 7 +++++-- infrastructure/modules/compute/servers.tf | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/infrastructure/modules/compute/cloudinit.tpl b/infrastructure/modules/compute/cloudinit.tpl index 0e6354b..2ce4cfb 100644 --- a/infrastructure/modules/compute/cloudinit.tpl +++ b/infrastructure/modules/compute/cloudinit.tpl @@ -87,8 +87,8 @@ write_files: } owner: root:root permissions: '0644' - - path: /opt/cloud-init-misc-data/kibana_elasticsearch_password - content: ${kibana_elasticsearch_password} + - path: /opt/cloud-init-misc-data/elasticsearch_password + content: ${elasticsearch_password} owner: root:root permissions: '0600' runcmd: diff --git a/infrastructure/modules/compute/nix/elasticsearch.nix b/infrastructure/modules/compute/nix/elasticsearch.nix index 6bf3d81..97e39ad 100644 --- a/infrastructure/modules/compute/nix/elasticsearch.nix +++ b/infrastructure/modules/compute/nix/elasticsearch.nix @@ -19,6 +19,8 @@ export ES_HOME=/mnt/data/elasticsearch export JAVA_HOME=${pkgs.jdk8_headless}/jre + password="$(head -n 1 /opt/cloud-init-misc-data/elasticsearch_password)" + printf "Setting up a new keystore for Elasticsearch, with default password for user 'elastic'\n" printf "changeme" | elasticsearch-keystore add -f -x bootstrap.password chown -R elasticsearch:elasticsearch /mnt/data/elasticsearch/config @@ -28,7 +30,8 @@ sleep 5 done printf "Setting up Kibana user\n" - curl -uelastic:changeme -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/kibana/_password' -d "{ \"password\":\"$(head -n 1 /opt/cloud-init-misc-data/kibana_elasticsearch_password)\"}" + curl -uelastic:changeme -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/elastic/_password' -d "{ \"password\":\"$password\"}" + curl -uelastic:"$password" -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/kibana/_password' -d "{ \"password\":\"$password\"}" ''; services.kibana.enable = true; @@ -37,7 +40,7 @@ services.kibana.listenAddress = "0.0.0.0"; services.kibana.elasticsearch.hosts = [ "http://10.0.1.51:9200" ]; services.kibana.elasticsearch.username = "kibana"; - services.kibana.elasticsearch.password = (builtins.readFile /opt/cloud-init-misc-data/kibana_elasticsearch_password); + services.kibana.elasticsearch.password = (builtins.readFile /opt/cloud-init-misc-data/elasticsearch_password); system.activationScripts = { mnt = { diff --git a/infrastructure/modules/compute/servers.tf b/infrastructure/modules/compute/servers.tf index 211b85d..8fa6d61 100644 --- a/infrastructure/modules/compute/servers.tf +++ b/infrastructure/modules/compute/servers.tf @@ -43,7 +43,7 @@ data "template_cloudinit_config" "guidelines" { domain_name = lookup(jsondecode(file("../../config.json")), "domain_name_${data.terraform_remote_state.environment.outputs.environment_name}", "not found") domain_alternative_names = base64encode(lookup(jsondecode(file("../../config.json")), "domain_alternative_names_${data.terraform_remote_state.environment.outputs.environment_name}", "not found")) vault_db_password = lookup(jsondecode(file("../../secrets.json")), "vault_db_password_${data.terraform_remote_state.environment.outputs.environment_name}", "not found") - kibana_elasticsearch_password = lookup(jsondecode(file("../../secrets.json")), "kibana_elasticsearch_password_${data.terraform_remote_state.environment.outputs.environment_name}", "not found") + elasticsearch_password = lookup(jsondecode(file("../../secrets.json")), "elasticsearch_password_${data.terraform_remote_state.environment.outputs.environment_name}", "not found") nix_certbot = filebase64("${path.module}/nix/certbot.nix") nix_configuration = filebase64("${path.module}/nix/configuration.nix") nix_elasticsearch = filebase64("${path.module}/nix/elasticsearch.nix")