santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add SSL/TLS support

Browse source 
This commit introduces SSL/TLS support for the elastic search transport
layer. It assumes certificates are generated externally, and only
handles uploading and configuring the server accordingly.
This commit is contained in:
Aeva Black 2019-06-27 13:53:23 -07:00
parent 5b1d028bd2
commit d7efa2048a
4 changed files with 53 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
templates/elasticsearch.yml.j2
View file

@ -55,3 +55,22 @@ xpack.notification.email:
password: {{ es_mail_config['pass'] }}
{% endif %}
{% endif %}
{% if es_enable_http_ssl | bool %}
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: "{{ es_ssl_certificate_path }}/{{ es_ssl_key | basename }}"
xpack.security.http.ssl.certificate: "{{ es_ssl_certificate_path }}/{{ es_ssl_certificate | basename }}"
#xpack.security.http.ssl.client_authentication: optional
{% if es_ssl_certificate_authority %}
xpack.security.http.ssl.certificate_authorities: "{{ es_ssl_certificate_path }}/{{ es_ssl_certificate_authority | basename }}"
{% endif %}
{% else %}
# xpack.security.http.ssl.enabled: false
{% endif %}
{% if es_enable_transport_ssl | bool %}
xpack.security.transport.ssl.enabled: true
#xpack.security.transport.ssl.verification_mode: certificate
{% else %}
# xpack.security.transport.ssl.enabled: false
{% endif %}