From b621b88d7b7dc1502f48c6d27e110838c51d51ae Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Fri, 19 Feb 2021 11:25:01 +1100 Subject: [PATCH 1/4] DCD-1157: Add properties for elasticsearch authentication --- roles/bitbucket_config/defaults/main.yaml | 4 ++++ roles/bitbucket_config/templates/bitbucket.properties.j2 | 7 ++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/bitbucket_config/defaults/main.yaml b/roles/bitbucket_config/defaults/main.yaml index 1ae8340..0a1f114 100644 --- a/roles/bitbucket_config/defaults/main.yaml +++ b/roles/bitbucket_config/defaults/main.yaml @@ -3,3 +3,7 @@ atl_bitbucket_license_key: "{{ lookup('env', 'ATL_BB_LICENSEKEY') }}" atl_bitbucket_properties_raw: "{{ lookup('env', 'ATL_BITBUCKET_PROPERTIES') }}" atl_bitbucket_properties: "{{ atl_bitbucket_properties_raw.split(' ') | reject('equalto', '') | list }}" + +atl_elasticsearch_username: "{{ lookup('env', 'ATL_ELASTICSEARCH_USERNAME') }}" +atl_elasticsearch_password: "{{ lookup('env', 'ATL_ELASTICSEARCH_PASSWORD') }}" +elasticsearch_auth_iam: "{{ atl_elasticsearch_username is not defined and atl_aws_region is defined }}" \ No newline at end of file diff --git a/roles/bitbucket_config/templates/bitbucket.properties.j2 b/roles/bitbucket_config/templates/bitbucket.properties.j2 index 3551c5b..4086ad9 100644 --- a/roles/bitbucket_config/templates/bitbucket.properties.j2 +++ b/roles/bitbucket_config/templates/bitbucket.properties.j2 @@ -12,8 +12,13 @@ hazelcast.network.aws.region={{ atl_aws_region }} hazelcast.network.aws.tag.value={{ atl_aws_stack_name }} hazelcast.group.name={{ atl_aws_stack_name }} hazelcast.group.password={{ atl_aws_stack_name }} -plugin.search.elasticsearch.aws.region={{ atl_aws_region }} plugin.search.elasticsearch.baseurl={{ atl_elasticsearch_endpoint }} +{% if elasticsearch_auth_iam == 'true' %} +plugin.search.elasticsearch.aws.region={{ atl_aws_region }} +{% else %} +plugin.search.elasticsearch.username={{ atl_elasticsearch_username }} +plugin.search.elasticsearch.password={{ atl_elasticsearch_password }} +{% endif %} setup.displayName=Bitbucket setup.baseUrl = {{ atl_bitbucket_baseurl }} setup.license={{ atl_bitbucket_license_key }} From 1280de7e1df39c2ef7bf5845778bc8b5b4617859 Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Wed, 24 Feb 2021 14:54:08 +1100 Subject: [PATCH 2/4] DCD-1157: Update elasticsearch endpoint to have customisable protocol to allow for HTTPS --- group_vars/aws_node_local.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/group_vars/aws_node_local.yml b/group_vars/aws_node_local.yml index b331964..732434c 100644 --- a/group_vars/aws_node_local.yml +++ b/group_vars/aws_node_local.yml @@ -139,7 +139,8 @@ atl_tomcat_secure: "{{ lookup('env', 'ATL_TOMCAT_SECURE') or 'false' }}" atl_fileserver_host: "{{ lookup('env', 'ATL_FILESERVER_IP') }}" atl_elasticsearch_host: "{{ lookup('env', 'ATL_ELASTICSEARCH_HOST') }}" -atl_elasticsearch_endpoint: "http://{{ atl_elasticsearch_host }}" +atl_elasticsearch_protocol: "{{ lookup('env', 'ATL_ELASTICSEARCH_PROTOCOL') }}" +atl_elasticsearch_endpoint: "{{ atl_elasticsearch_protocol }}://{{ atl_elasticsearch_host }}" atl_elasticsearch_s3_bucket: "{{ lookup('env', 'ATL_ELASTICSEARCH_S3_BUCKET') }}" atl_nfs_server_device: "{{ lookup('env', 'ATL_NFS_SERVER_DEVICE') }}" From 99bb2dee5434b9ad01c06f1a0cef79db25e23fbd Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Wed, 24 Feb 2021 17:04:04 +1100 Subject: [PATCH 3/4] DCD-1157: Give elastic search IAM authentication boolean variable a better name --- roles/bitbucket_config/defaults/main.yaml | 2 +- roles/bitbucket_config/templates/bitbucket.properties.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/bitbucket_config/defaults/main.yaml b/roles/bitbucket_config/defaults/main.yaml index 0a1f114..9cdc3c7 100644 --- a/roles/bitbucket_config/defaults/main.yaml +++ b/roles/bitbucket_config/defaults/main.yaml @@ -6,4 +6,4 @@ atl_bitbucket_properties: "{{ atl_bitbucket_properties_raw.split(' ') | reject(' atl_elasticsearch_username: "{{ lookup('env', 'ATL_ELASTICSEARCH_USERNAME') }}" atl_elasticsearch_password: "{{ lookup('env', 'ATL_ELASTICSEARCH_PASSWORD') }}" -elasticsearch_auth_iam: "{{ atl_elasticsearch_username is not defined and atl_aws_region is defined }}" \ No newline at end of file +elasticsearch_should_auth_with_iam: "{{ atl_elasticsearch_username is not defined and atl_aws_region is defined }}" \ No newline at end of file diff --git a/roles/bitbucket_config/templates/bitbucket.properties.j2 b/roles/bitbucket_config/templates/bitbucket.properties.j2 index 4086ad9..d978cf6 100644 --- a/roles/bitbucket_config/templates/bitbucket.properties.j2 +++ b/roles/bitbucket_config/templates/bitbucket.properties.j2 @@ -13,7 +13,7 @@ hazelcast.network.aws.tag.value={{ atl_aws_stack_name }} hazelcast.group.name={{ atl_aws_stack_name }} hazelcast.group.password={{ atl_aws_stack_name }} plugin.search.elasticsearch.baseurl={{ atl_elasticsearch_endpoint }} -{% if elasticsearch_auth_iam == 'true' %} +{% if elasticsearch_should_auth_with_iam == 'true' %} plugin.search.elasticsearch.aws.region={{ atl_aws_region }} {% else %} plugin.search.elasticsearch.username={{ atl_elasticsearch_username }} From d78386738bb7a70374e8617b16191086121b9372 Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Wed, 24 Feb 2021 17:04:53 +1100 Subject: [PATCH 4/4] Add default variable for elasticsearch protocol --- group_vars/aws_node_local.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/aws_node_local.yml b/group_vars/aws_node_local.yml index 732434c..0c60ce6 100644 --- a/group_vars/aws_node_local.yml +++ b/group_vars/aws_node_local.yml @@ -139,7 +139,7 @@ atl_tomcat_secure: "{{ lookup('env', 'ATL_TOMCAT_SECURE') or 'false' }}" atl_fileserver_host: "{{ lookup('env', 'ATL_FILESERVER_IP') }}" atl_elasticsearch_host: "{{ lookup('env', 'ATL_ELASTICSEARCH_HOST') }}" -atl_elasticsearch_protocol: "{{ lookup('env', 'ATL_ELASTICSEARCH_PROTOCOL') }}" +atl_elasticsearch_protocol: "{{ lookup('env', 'ATL_ELASTICSEARCH_PROTOCOL') or 'http' }}" atl_elasticsearch_endpoint: "{{ atl_elasticsearch_protocol }}://{{ atl_elasticsearch_host }}" atl_elasticsearch_s3_bucket: "{{ lookup('env', 'ATL_ELASTICSEARCH_S3_BUCKET') }}"