Add Elasticsearch SSL support to kibana Change-Id: I61841f409b8b590a0d110e1ebc8782ace471f442 PROD-related: PROD-29185

commit: 288fc91346cca7e7ad3267c095f87520d7e2f2fe [log] [tgz]
author: Dmitry Kalashnik <dkalashnik@mirantis.com> Mon May 13 17:07:54 2019 +0400
committer: Dmitry Kalashnik <dkalashnik@mirantis.com> Tue May 14 19:09:17 2019 +0400
tree: c2d6a8550801d4dc21db3fff75f1b97f83ab3bce
parent: ec097060ab0aaea82b3ec8eef447e655b76c220b [diff]
diff --git a/_states/kibana_object.py b/_states/kibana_object.py
index e8ac651..635e5a0 100644
--- a/_states/kibana_object.py
+++ b/_states/kibana_object.py

@@ -58,7 +58,10 @@
 
     try:
         headers = {'Content-type': 'application/json'}
-        response = requests.put(url, headers=headers, json=kibana_content)
+        response = requests.put(url,
+                                headers=headers,
+                                json=kibana_content,
+                                verify=False)
     except requests.exceptions.RequestException as exc:
         ret['result'] = False
         ret['comment'] = ("Failed to create Kibana object {0}\n"
@@ -94,7 +97,7 @@
         return ret
 
     try:
-        response = requests.delete(url)
+        response = requests.delete(url, verify=False)
     except requests.exceptions.RequestException as exc:
         ret['result'] = False
         ret['comment'] = ("Failed to delete Kibana object {0}\n"
@@ -130,5 +133,5 @@
     if not index:
         return False, 'Cannot get the index needed by Kibana client'
 
-    url = "http://{0}/{1}/{2}/{3}".format(url, index, kibana_type, name)
+    url = "{0}/{1}/{2}/{3}".format(url, index, kibana_type, name)
     return url, index

diff --git a/kibana/files/v4/kibana.yml b/kibana/files/v4/kibana.yml
index e7d6ab9..b964d5b 100644
--- a/kibana/files/v4/kibana.yml
+++ b/kibana/files/v4/kibana.yml

@@ -7,7 +7,10 @@
 host: "{{ server.bind.address }}"
 
 # The Elasticsearch instance to use for all your queries.
-elasticsearch_url: "http://{{ server.database.host }}:{{ server.database.port }}"
+elasticsearch_url: "{{ server.database.get('scheme', 'http') }}://{{ server.database.host }}:{{ server.database.port }}"
+{%- if server.database.get('scheme', 'http') == "https" %}
+elasticsearch.ssl.certificateAuthorities: "/etc/ssl/certs/ca-certificates.crt"
+{%- endif %}
 
 # preserve_elasticsearch_host true will send the hostname specified in `elasticsearch`. If you set it to false,
 # then the host you use to connect to *this* Kibana instance will be sent.

diff --git a/kibana/files/v5/kibana.yml b/kibana/files/v5/kibana.yml
index e7d6ab9..b964d5b 100644
--- a/kibana/files/v5/kibana.yml
+++ b/kibana/files/v5/kibana.yml

@@ -7,7 +7,10 @@
 host: "{{ server.bind.address }}"
 
 # The Elasticsearch instance to use for all your queries.
-elasticsearch_url: "http://{{ server.database.host }}:{{ server.database.port }}"
+elasticsearch_url: "{{ server.database.get('scheme', 'http') }}://{{ server.database.host }}:{{ server.database.port }}"
+{%- if server.database.get('scheme', 'http') == "https" %}
+elasticsearch.ssl.certificateAuthorities: "/etc/ssl/certs/ca-certificates.crt"
+{%- endif %}
 
 # preserve_elasticsearch_host true will send the hostname specified in `elasticsearch`. If you set it to false,
 # then the host you use to connect to *this* Kibana instance will be sent.

diff --git a/kibana/files/v6/kibana.yml b/kibana/files/v6/kibana.yml
index b249a8f..6ca2490 100644
--- a/kibana/files/v6/kibana.yml
+++ b/kibana/files/v6/kibana.yml

@@ -3,7 +3,11 @@
 ############################### Elasticsearch #################################
 
 # The Elasticsearch instance to use for all your queries.
-elasticsearch.url: "http://{{ server.database.host }}:{{ server.database.port }}"
+elasticsearch.url: "{{ server.database.get('scheme', 'http') }}://{{ server.database.host }}:{{ server.database.port }}"
+
+{%- if server.database.get('scheme', 'http') == "https" %}
+elasticsearch.ssl.certificateAuthorities: "/etc/ssl/certs/ca-certificates.crt"
+{%- endif %}
 
 # If your Elasticsearch is protected with basic authentication,
 # these settings provide the username and password that the Kibana

diff --git a/kibana/map.jinja b/kibana/map.jinja
index 3d37b76..c259666 100644
--- a/kibana/map.jinja
+++ b/kibana/map.jinja

@@ -22,6 +22,7 @@
   server:
     host: 127.0.0.1
     port: 9200
+    scheme: http
     index: '.kibana'
 {%- endload %}
 {%- set client = salt['grains.filter_by'](client_defaults, merge=salt['pillar.get']('kibana:client')) %}

diff --git a/kibana/meta/salt.yml b/kibana/meta/salt.yml
index 5d8d5dc..c9d667a 100644
--- a/kibana/meta/salt.yml
+++ b/kibana/meta/salt.yml

@@ -3,7 +3,7 @@
   kibana:
     {%- from "kibana/map.jinja" import client with context %}
     kibana:
-      kibana_url: {{ client.server.host }}:{{ client.server.port }}
+      kibana_url: {{ client.server.scheme}}://{{ client.server.host }}:{{ client.server.port }}
       {%- if client.version == 6 %}
       kibana_index: ".kibana6"
       {%- else %}

diff --git a/metadata/service/server/single.yml b/metadata/service/server/single.yml
index 7dbc97d..2f61e70 100644
--- a/metadata/service/server/single.yml
+++ b/metadata/service/server/single.yml

@@ -16,3 +16,4 @@
         engine: elasticsearch
         host: localhost
         port: 9200
+        scheme: http
commit	288fc91346cca7e7ad3267c095f87520d7e2f2fe	[log] [tgz]
author	Dmitry Kalashnik <dkalashnik@mirantis.com>	Mon May 13 17:07:54 2019 +0400
committer	Dmitry Kalashnik <dkalashnik@mirantis.com>	Tue May 14 19:09:17 2019 +0400
tree	c2d6a8550801d4dc21db3fff75f1b97f83ab3bce
parent	ec097060ab0aaea82b3ec8eef447e655b76c220b [diff]