feat(link): remove opensearch dashboards

roles/podman_link/defaults/main.yml

@@ -13,7 +13,6 @@ podman_link_postgres_link_database: link
 podman_link_opensearch_memory_limit: 2048
 podman_link_setup_mode: false
 podman_link_leafcutter_enabled: false
-podman_link_dashboard_url: ""
 podman_link_zammad_api_token: ""
 # podman_link_nextauth_secret:
 # podman_link_google_client_id:
@@ -26,5 +25,3 @@ podman_link_zammad_api_token: ""
 podman_link_postgres_zammad_postgresql_host: zammad-postgresql
 podman_link_postgres_zammad_es_host: opensearch
 podman_link_postgres_zammad_memcached_server: zammad-memcached:11211
-# podman_link_opensearch_hub_ip:
-# podman_link_opensearch_spoke_ip:

roles/podman_link/tasks/main.yml

@@ -8,23 +8,6 @@
     mode: "0444"
   become: true
 
-- name: Allow access from hub to spoke to Opensearch using firewalld rich rule
-  ansible.posix.firewalld:
-    rich_rule: >-
-      rule family="ipv4"
-      source address="{{ podman_link_opensearch_hub_ip }}"
-      destination address="{{ podman_link_opensearch_spoke_ip }}"
-      port protocol="tcp" port="{{ item }}" accept
-    permanent: true
-    state: enabled
-  with_items:
-    - 9200
-    - 9300
-  when:
-    - podman_link_opensearch_hub_ip is defined
-    - podman_link_opensearch_spoke_ip is defined
-  become: true
-
 - name: Podman CDR Link | PATCH | Install podman and verify rootless podman user
   ansible.builtin.include_role:
     role: sr2c.core.podman_host
@@ -85,18 +68,6 @@
   notify:
     - Restart Link
 
-# Opensearch Dashboards runs with UID/GID 1000 inside the container
-- name: Podman CDR Link | PATCH | Install Opensearch Dashboards configuration
-  ansible.builtin.template:
-    src: home/opensearch-dashboards.yml
-    dest: "/home/{{ podman_link_podman_rootless_user }}/opensearch-dashboards.yml"
-    mode: "0400"
-    owner: "{{ _podman_link_user_subuid_start + 999 }}"
-    group: "{{ _podman_link_user_subgid_start + 999 }}"
-  become: true
-  notify:
-    - Restart Link
-
 # Zammad runs with UID/GID 1000 inside the container
 - name: Podman CDR Link | PATCH | Install Zammad database configuration file
   ansible.builtin.template:
@@ -253,7 +224,6 @@
   with_items:
     - link.container
     - zammad-opensearch.container
-    - opensearch-dashboards.container
     - bridge-worker.container
     - bridge-postgresql.container
     - bridge-whatsapp.container

roles/podman_link/templates/home/config/containers/systemd/opensearch-dashboards.container

@@ -1,17 +0,0 @@
-[Unit]
-Requires=zammad-opensearch.service
-After=zammad-opensearch.service
-PartOf=link.target
-
-[Container]
-ContainerName=opensearch-dashboards
-Environment=OPENSEARCH_USERNAME=admin
-Environment=OPENSEARCH_PASSWORD={{ podman_link_opensearch_password  | replace("%", "%%") }}
-Image=registry.gitlab.com/digiresilience/link/link-stack/opensearch-dashboards:{{ podman_link_stack_version }}
-PublishPort=127.0.0.1:5601:5601
-Volume=/home/{{ podman_link_podman_rootless_user }}/opensearch-dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml:ro,Z
-Network=zammad.network
-
-[Service]
-Restart=always
-Slice=link.slice

roles/podman_link/templates/home/opensearch-dashboards.yml

@@ -1,36 +0,0 @@
----
-opensearch.hosts: [https://zammad-opensearch:9200]
-opensearch.ssl.verificationMode: none
-opensearch.requestHeadersAllowlist:
-  - "securitytenant"
-  - "Authorization"
-  - "x-forwarded-for"
-  - "x-forwarded-user"
-  - "x-forwarded-roles"
-opensearch_security.auth.type: "proxy"
-opensearch_security.proxycache.user_header: "x-forwarded-user"
-opensearch_security.proxycache.roles_header: "x-forwarded-roles"
-opensearch_security.multitenancy.enabled: true
-opensearch_security.multitenancy.tenants.enable_global: true
-opensearch_security.multitenancy.tenants.enable_private: true
-opensearch_security.multitenancy.tenants.preferred: [Private, Global]
-opensearch_security.cookie.secure: false
-server.basePath: "/link/dashboards"
-server.rewriteBasePath: false
-
-opensearch.username: "admin"
-opensearch.password: "{{ podman_link_opensearch_password }}"
-
-server.host: "0.0.0.0"
-
-# New config that adds to or overrides existing one:
-#
-# server.port: 5601
-# server.name: "nextgen-dashboards"
-# opensearch.hosts: ["https://aberdeen-opensearch:9200"]
-# opensearch.ssl.verificationMode: certificate
-# opensearch.ssl.certificateAuthorities:
-# ["/usr/share/opensearch-dashboards/config/certs/ca.pem"]
-
-# opensearch.requestHeadersAllowlist: ["securitytenant", "Authorization"]
-# opensearch_security.readonly_mode.roles: ["kibana_read_only"]