feat(podman_link): enable opensearch-dashboards

Fixes: #5

roles/podman_link/tasks/main.yml

@@ -68,6 +68,18 @@
   notify:
     - Restart Link
 
+# Opensearch Dashboards runs with UID/GID 1000 inside the container
+- name: Podman CDR Link | PATCH | Install Opensearch Dashboards configuration
+  ansible.builtin.template:
+    src: home/opensearch-dashboards.yml
+    dest: "/home/{{ podman_link_podman_rootless_user }}/opensearch-dashboards.yml"
+    mode: "0400"
+    owner: "{{ _podman_link_user_subuid_start + 999 }}"
+    group: "{{ _podman_link_user_subgid_start + 999 }}"
+  become: true
+  notify:
+    - Restart Link
+
 # Zammad runs with UID/GID 1000 inside the container
 - name: Podman CDR Link | PATCH | Install Zammad database configuration file
   ansible.builtin.template:

roles/podman_link/templates/home/config/containers/systemd/common-zammad.env

@@ -10,3 +10,4 @@ ELASTICSEARCH_USER=admin
 ELASTICSEARCH_PASS={{ podman_link_opensearch_password }}
 ELASTICSEARCH_SCHEMA=https
 ELASTICSEARCH_REINDEX=false
+TZ=Etc/UTC

roles/podman_link/templates/home/config/containers/systemd/link.container

@@ -7,8 +7,8 @@ PartOf=zammad-nginx.service
 ContainerName=link
 Environment=ZAMMAD_VIRTUAL_HOST={{ podman_link_web_hostname }}
 Environment=SETUP_MODE={{ podman_link_setup_mode }}
-Environment=LEAFCUTTER_ENABLED={{ podman_link_leafcutter_enabled }}
-Environment=LEAFCUTTER_DEFAULT_DASHBOARD_URL={{ podman_link_dashboard_url }}
+Environment=LEAFCUTTER_ENABLED=false
+Environment=LEAFCUTTER_DEFAULT_DASHBOARD_URL=""
 Environment=ZAMMAD_API_TOKEN={{ podman_link_zammad_api_token }}
 Environment=LINK_URL=https://localhost:3000/link
 Environment=ZAMMAD_URL=http://zammad-nginx:8080

roles/podman_link/templates/home/config/containers/systemd/opensearch-dashboards.container

@@ -5,11 +5,11 @@ PartOf=link.target
 
 [Container]
 ContainerName=opensearch-dashboards
-Environment=OPENSEARCH_USERNAME=admin
-Environment=OPENSEARCH_PASSWORD={{ podman_link_opensearch_password }}
+#Environment=OPENSEARCH_USERNAME=admin
+#Environment=OPENSEARCH_PASSWORD={{ podman_link_opensearch_password }}
 Image=registry.gitlab.com/digiresilience/link/link-stack/opensearch-dashboards:{{ podman_link_stack_version }}
 PublishPort=127.0.0.1:5601:5601
-#Volume=/home/{{ podman_link_podman_rootless_user }}/opensearch-dashboards-config.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
+Volume=/home/{{ podman_link_podman_rootless_user }}/opensearch-dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml:ro,Z
 Network=zammad.network
 
 [Service]

roles/podman_link/templates/home/opensearch-dashboards.yml

@@ -0,0 +1,36 @@
+---
+opensearch.hosts: [https://zammad-opensearch:9200]
+opensearch.ssl.verificationMode: none
+opensearch.requestHeadersAllowlist:
+  - "securitytenant"
+  - "Authorization"
+  - "x-forwarded-for"
+  - "x-forwarded-user"
+  - "x-forwarded-roles"
+opensearch_security.auth.type: "proxy"
+opensearch_security.proxycache.user_header: "x-forwarded-user"
+opensearch_security.proxycache.roles_header: "x-forwarded-roles"
+opensearch_security.multitenancy.enabled: true
+opensearch_security.multitenancy.tenants.enable_global: true
+opensearch_security.multitenancy.tenants.enable_private: true
+opensearch_security.multitenancy.tenants.preferred: [Private, Global]
+opensearch_security.cookie.secure: false
+server.basePath: "/link/dashboards"
+server.rewriteBasePath: false
+
+opensearch.username: "admin"
+opensearch.password: "{{ podman_link_opensearch_password }}"
+
+server.host: "0.0.0.0"
+
+# New config that adds to or overrides existing one:
+#
+# server.port: 5601
+# server.name: "nextgen-dashboards"
+# opensearch.hosts: ["https://aberdeen-opensearch:9200"]
+# opensearch.ssl.verificationMode: certificate
+# opensearch.ssl.certificateAuthorities:
+# ["/usr/share/opensearch-dashboards/config/certs/ca.pem"]
+
+# opensearch.requestHeadersAllowlist: ["securitytenant", "Authorization"]
+# opensearch_security.readonly_mode.roles: ["kibana_read_only"]