Same password for Kibana and superuser
This commit is contained in:
parent
37465492a9
commit
1db1074443
|
@ -87,8 +87,8 @@ write_files:
|
||||||
}
|
}
|
||||||
owner: root:root
|
owner: root:root
|
||||||
permissions: '0644'
|
permissions: '0644'
|
||||||
- path: /opt/cloud-init-misc-data/kibana_elasticsearch_password
|
- path: /opt/cloud-init-misc-data/elasticsearch_password
|
||||||
content: ${kibana_elasticsearch_password}
|
content: ${elasticsearch_password}
|
||||||
owner: root:root
|
owner: root:root
|
||||||
permissions: '0600'
|
permissions: '0600'
|
||||||
runcmd:
|
runcmd:
|
||||||
|
|
|
@ -19,6 +19,8 @@
|
||||||
export ES_HOME=/mnt/data/elasticsearch
|
export ES_HOME=/mnt/data/elasticsearch
|
||||||
export JAVA_HOME=${pkgs.jdk8_headless}/jre
|
export JAVA_HOME=${pkgs.jdk8_headless}/jre
|
||||||
|
|
||||||
|
password="$(head -n 1 /opt/cloud-init-misc-data/elasticsearch_password)"
|
||||||
|
|
||||||
printf "Setting up a new keystore for Elasticsearch, with default password for user 'elastic'\n"
|
printf "Setting up a new keystore for Elasticsearch, with default password for user 'elastic'\n"
|
||||||
printf "changeme" | elasticsearch-keystore add -f -x bootstrap.password
|
printf "changeme" | elasticsearch-keystore add -f -x bootstrap.password
|
||||||
chown -R elasticsearch:elasticsearch /mnt/data/elasticsearch/config
|
chown -R elasticsearch:elasticsearch /mnt/data/elasticsearch/config
|
||||||
|
@ -28,7 +30,8 @@
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
printf "Setting up Kibana user\n"
|
printf "Setting up Kibana user\n"
|
||||||
curl -uelastic:changeme -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/kibana/_password' -d "{ \"password\":\"$(head -n 1 /opt/cloud-init-misc-data/kibana_elasticsearch_password)\"}"
|
curl -uelastic:changeme -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/elastic/_password' -d "{ \"password\":\"$password\"}"
|
||||||
|
curl -uelastic:"$password" -XPUT -H 'Content-Type: application/json' 'http://10.0.1.51:9200/_xpack/security/user/kibana/_password' -d "{ \"password\":\"$password\"}"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
services.kibana.enable = true;
|
services.kibana.enable = true;
|
||||||
|
@ -37,7 +40,7 @@
|
||||||
services.kibana.listenAddress = "0.0.0.0";
|
services.kibana.listenAddress = "0.0.0.0";
|
||||||
services.kibana.elasticsearch.hosts = [ "http://10.0.1.51:9200" ];
|
services.kibana.elasticsearch.hosts = [ "http://10.0.1.51:9200" ];
|
||||||
services.kibana.elasticsearch.username = "kibana";
|
services.kibana.elasticsearch.username = "kibana";
|
||||||
services.kibana.elasticsearch.password = (builtins.readFile /opt/cloud-init-misc-data/kibana_elasticsearch_password);
|
services.kibana.elasticsearch.password = (builtins.readFile /opt/cloud-init-misc-data/elasticsearch_password);
|
||||||
|
|
||||||
system.activationScripts = {
|
system.activationScripts = {
|
||||||
mnt = {
|
mnt = {
|
||||||
|
|
|
@ -43,7 +43,7 @@ data "template_cloudinit_config" "guidelines" {
|
||||||
domain_name = lookup(jsondecode(file("../../config.json")), "domain_name_${data.terraform_remote_state.environment.outputs.environment_name}", "not found")
|
domain_name = lookup(jsondecode(file("../../config.json")), "domain_name_${data.terraform_remote_state.environment.outputs.environment_name}", "not found")
|
||||||
domain_alternative_names = base64encode(lookup(jsondecode(file("../../config.json")), "domain_alternative_names_${data.terraform_remote_state.environment.outputs.environment_name}", "not found"))
|
domain_alternative_names = base64encode(lookup(jsondecode(file("../../config.json")), "domain_alternative_names_${data.terraform_remote_state.environment.outputs.environment_name}", "not found"))
|
||||||
vault_db_password = lookup(jsondecode(file("../../secrets.json")), "vault_db_password_${data.terraform_remote_state.environment.outputs.environment_name}", "not found")
|
vault_db_password = lookup(jsondecode(file("../../secrets.json")), "vault_db_password_${data.terraform_remote_state.environment.outputs.environment_name}", "not found")
|
||||||
kibana_elasticsearch_password = lookup(jsondecode(file("../../secrets.json")), "kibana_elasticsearch_password_${data.terraform_remote_state.environment.outputs.environment_name}", "not found")
|
elasticsearch_password = lookup(jsondecode(file("../../secrets.json")), "elasticsearch_password_${data.terraform_remote_state.environment.outputs.environment_name}", "not found")
|
||||||
nix_certbot = filebase64("${path.module}/nix/certbot.nix")
|
nix_certbot = filebase64("${path.module}/nix/certbot.nix")
|
||||||
nix_configuration = filebase64("${path.module}/nix/configuration.nix")
|
nix_configuration = filebase64("${path.module}/nix/configuration.nix")
|
||||||
nix_elasticsearch = filebase64("${path.module}/nix/elasticsearch.nix")
|
nix_elasticsearch = filebase64("${path.module}/nix/elasticsearch.nix")
|
||||||
|
|
Loading…
Reference in New Issue