From 72b8c2d159f359969924a83a91de561d01836271 Mon Sep 17 00:00:00 2001 From: irl Date: Tue, 12 May 2026 22:56:20 +0100 Subject: [PATCH] feat(link): remove opensearch dashboards --- roles/podman_link/defaults/main.yml | 3 -- roles/podman_link/tasks/main.yml | 30 ---------------- .../systemd/opensearch-dashboards.container | 17 --------- .../templates/home/opensearch-dashboards.yml | 36 ------------------- 4 files changed, 86 deletions(-) delete mode 100644 roles/podman_link/templates/home/config/containers/systemd/opensearch-dashboards.container delete mode 100644 roles/podman_link/templates/home/opensearch-dashboards.yml diff --git a/roles/podman_link/defaults/main.yml b/roles/podman_link/defaults/main.yml index 2692592..0369adf 100644 --- a/roles/podman_link/defaults/main.yml +++ b/roles/podman_link/defaults/main.yml @@ -13,7 +13,6 @@ podman_link_postgres_link_database: link podman_link_opensearch_memory_limit: 2048 podman_link_setup_mode: false podman_link_leafcutter_enabled: false -podman_link_dashboard_url: "" podman_link_zammad_api_token: "" # podman_link_nextauth_secret: # podman_link_google_client_id: @@ -26,5 +25,3 @@ podman_link_zammad_api_token: "" podman_link_postgres_zammad_postgresql_host: zammad-postgresql podman_link_postgres_zammad_es_host: opensearch podman_link_postgres_zammad_memcached_server: zammad-memcached:11211 -# podman_link_opensearch_hub_ip: -# podman_link_opensearch_spoke_ip: diff --git a/roles/podman_link/tasks/main.yml b/roles/podman_link/tasks/main.yml index bad08c5..98c1ddc 100644 --- a/roles/podman_link/tasks/main.yml +++ b/roles/podman_link/tasks/main.yml @@ -8,23 +8,6 @@ mode: "0444" become: true -- name: Allow access from hub to spoke to Opensearch using firewalld rich rule - ansible.posix.firewalld: - rich_rule: >- - rule family="ipv4" - source address="{{ podman_link_opensearch_hub_ip }}" - destination address="{{ podman_link_opensearch_spoke_ip }}" - port protocol="tcp" port="{{ item }}" accept - permanent: true - state: enabled - with_items: - - 9200 - - 9300 - when: - - podman_link_opensearch_hub_ip is defined - - podman_link_opensearch_spoke_ip is defined - become: true - - name: Podman CDR Link | PATCH | Install podman and verify rootless podman user ansible.builtin.include_role: role: sr2c.core.podman_host @@ -85,18 +68,6 @@ notify: - Restart Link -# Opensearch Dashboards runs with UID/GID 1000 inside the container -- name: Podman CDR Link | PATCH | Install Opensearch Dashboards configuration - ansible.builtin.template: - src: home/opensearch-dashboards.yml - dest: "/home/{{ podman_link_podman_rootless_user }}/opensearch-dashboards.yml" - mode: "0400" - owner: "{{ _podman_link_user_subuid_start + 999 }}" - group: "{{ _podman_link_user_subgid_start + 999 }}" - become: true - notify: - - Restart Link - # Zammad runs with UID/GID 1000 inside the container - name: Podman CDR Link | PATCH | Install Zammad database configuration file ansible.builtin.template: @@ -253,7 +224,6 @@ with_items: - link.container - zammad-opensearch.container - - opensearch-dashboards.container - bridge-worker.container - bridge-postgresql.container - bridge-whatsapp.container diff --git a/roles/podman_link/templates/home/config/containers/systemd/opensearch-dashboards.container b/roles/podman_link/templates/home/config/containers/systemd/opensearch-dashboards.container deleted file mode 100644 index ba01cb1..0000000 --- a/roles/podman_link/templates/home/config/containers/systemd/opensearch-dashboards.container +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Requires=zammad-opensearch.service -After=zammad-opensearch.service -PartOf=link.target - -[Container] -ContainerName=opensearch-dashboards -Environment=OPENSEARCH_USERNAME=admin -Environment=OPENSEARCH_PASSWORD={{ podman_link_opensearch_password | replace("%", "%%") }} -Image=registry.gitlab.com/digiresilience/link/link-stack/opensearch-dashboards:{{ podman_link_stack_version }} -PublishPort=127.0.0.1:5601:5601 -Volume=/home/{{ podman_link_podman_rootless_user }}/opensearch-dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml:ro,Z -Network=zammad.network - -[Service] -Restart=always -Slice=link.slice diff --git a/roles/podman_link/templates/home/opensearch-dashboards.yml b/roles/podman_link/templates/home/opensearch-dashboards.yml deleted file mode 100644 index 3634911..0000000 --- a/roles/podman_link/templates/home/opensearch-dashboards.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -opensearch.hosts: [https://zammad-opensearch:9200] -opensearch.ssl.verificationMode: none -opensearch.requestHeadersAllowlist: - - "securitytenant" - - "Authorization" - - "x-forwarded-for" - - "x-forwarded-user" - - "x-forwarded-roles" -opensearch_security.auth.type: "proxy" -opensearch_security.proxycache.user_header: "x-forwarded-user" -opensearch_security.proxycache.roles_header: "x-forwarded-roles" -opensearch_security.multitenancy.enabled: true -opensearch_security.multitenancy.tenants.enable_global: true -opensearch_security.multitenancy.tenants.enable_private: true -opensearch_security.multitenancy.tenants.preferred: [Private, Global] -opensearch_security.cookie.secure: false -server.basePath: "/link/dashboards" -server.rewriteBasePath: false - -opensearch.username: "admin" -opensearch.password: "{{ podman_link_opensearch_password }}" - -server.host: "0.0.0.0" - -# New config that adds to or overrides existing one: -# -# server.port: 5601 -# server.name: "nextgen-dashboards" -# opensearch.hosts: ["https://aberdeen-opensearch:9200"] -# opensearch.ssl.verificationMode: certificate -# opensearch.ssl.certificateAuthorities: -# ["/usr/share/opensearch-dashboards/config/certs/ca.pem"] - -# opensearch.requestHeadersAllowlist: ["securitytenant", "Authorization"] -# opensearch_security.readonly_mode.roles: ["kibana_read_only"] \ No newline at end of file