Skip to content

Commit 8f64c53

Browse files
christoph2497christoph2497
committed
make host variable and remove logstash_password_hash variables
1 parent de7a825 commit 8f64c53

File tree

3 files changed

+2
-26
lines changed

3 files changed

+2
-26
lines changed

docs/role-logstash.md

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -73,10 +73,6 @@ Aside from `logstash.yml` we can manage Logstashs pipelines.
7373
* *logstash_user*: Name of the user to connect to Elasticsearch (Default: `logstash_writer`)
7474
* *logstash_user_email*: email-address that is linked with the logstash_user (Default: `""`)
7575
* *logstash_user_fullname*: fullname that is linked with the logstash_user (Default: `Internal Logstash User`)
76-
* *logstash_password_hash*: Generate and use a hash from your `logstash_password` (default: `true`)
77-
* *logstash_password_hash_algorithm*: Password hashing algorithms. Value must be same as `xpack.security.authc.password_hashing.algorithm` (default: `bcrypt`)
78-
* *logstash_password_salt_length*: base64 encoded Salt character lenght. This value must be integer and must be compatible to the selected password hashing algorithms (default: `22`)
79-
* *logstash_password_hash_salt_seed*: A seed to generate random but idempotent salt on the elasticstack ca host. The salt will be used to create idempotent logstash hashed user password (default: `SeedChangeMe`)
8076
* *logstash_user_password*: Password of Elasticsearch user. It must be at least 6 characters long (default: `password`)
8177
* *logstash_role_cluster_privileges*: Cluster privileges the role has access to (default: `"manage_index_templates", "monitor", "manage_ilm"`)
8278
* *logstash_role_indicies_names*: Indices the role has access to (default: `"ecs-logstash*", "logstash*", "logs*"`)

roles/logstash/defaults/main.yml

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -60,16 +60,11 @@ logstash_role_indicies_privileges:
6060
- create_index
6161
- manage
6262
- manage_ilm
63-
logstash_password_hash: true
64-
logstash_password_hash_algorithm: bcrypt
65-
logstash_password_salt_length: 22
6663
logstash_role_name: logstash_writer
6764
logstash_user: logstash_writer
6865
logstash_user_password: password
6966
logstash_user_email: ""
7067
logstash_user_fullname: "Internal Logstash User"
71-
logstash_password_hash_salt_length: 22
72-
logstash_password_hash_salt_seed: SeedChangeMe
7368
logstash_reset_writer_role: true
7469

7570
logstash_tls_key_passphrase: LogstashChangeMe

roles/logstash/tasks/logstash-security.yml

Lines changed: 2 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -350,11 +350,6 @@
350350
msg: logstash user password must be at least 6 characters long.
351351
when: logstash_user_password | length < 6
352352

353-
- name: Set password hash salt as a fact
354-
ansible.builtin.set_fact:
355-
logstash_password_hash_salt: "{{ lookup('password', '/dev/null', chars=['ascii_lowercase', 'digits'], length=logstash_password_hash_salt_length, seed=logstash_password_hash_salt_seed) }}"
356-
when: logstash_password_hash | bool and inventory_hostname == elasticstack_ca
357-
358353
- name: Fetch Elastic password # noqa: risky-shell-pipe
359354
ansible.builtin.shell: >
360355
if test -n "$(ps -p $$ | grep bash)"; then set -o pipefail; fi;
@@ -368,16 +363,6 @@
368363
- configuration
369364
- logstash_configuration
370365

371-
- name: Set elasticsearch security-api base url for elasticsearch > 7
372-
ansible.builtin.set_fact:
373-
security_api_base_url: "https://{{ hostvars[elasticstack_ca].ansible_default_ipv4.address }}:{{ elasticstack_elasticsearch_http_port }}/_security/"
374-
when: elasticstack_release | int > 7
375-
376-
- name: Set elasticsearch security-api base url for elasticsearch < 8
377-
ansible.builtin.set_fact:
378-
security_api_base_url: "https://{{ hostvars[elasticstack_ca].ansible_default_ipv4.address }}:{{ elasticstack_elasticsearch_http_port }}/_xpack/security/"
379-
when: elasticstack_release | int < 8
380-
381366
- name: Create logstash role {{ logstash_role_name }}
382367
netways.elasticstack.elasticsearch_role:
383368
name: "{{ logstash_role_name }}"
@@ -386,7 +371,7 @@
386371
- names: "{{ logstash_role_indicies_names }}"
387372
privileges: "{{ logstash_role_indicies_privileges }}"
388373
state: present
389-
host: https://localhost:9200
374+
host: "https://{{ hostvars[elasticstack_ca].ansible_default_ipv4.address }}:{{ elasticstack_elasticsearch_http_port }}"
390375
auth_user: elastic
391376
auth_pass: "{{ logstash_elasticstack_password.stdout }}"
392377
verify_certs: false
@@ -402,7 +387,7 @@
402387
- "{{ logstash_role_name }}"
403388
enabled: true
404389
state: present
405-
host: https://localhost:9200
390+
host: "https://{{ hostvars[elasticstack_ca].ansible_default_ipv4.address }}:{{ elasticstack_elasticsearch_http_port }}"
406391
auth_user: elastic
407392
auth_pass: "{{ logstash_elasticstack_password.stdout }}"
408393
verify_certs: false

0 commit comments

Comments
 (0)