From 9aa083ff2e3b1c26a1acff4db1706cbae6a4152e Mon Sep 17 00:00:00 2001
From: Jose M <jm.garcia@wazuh.com>
Date: Wed, 24 Jun 2020 15:48:10 +0200
Subject: [PATCH] Update opendistro_kibana.yml.j2 template

---
 .../templates/opendistro_kibana.yml.j2        | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2 b/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2
index 40dd9d6c..3c57d73d 100644
--- a/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2
+++ b/roles/opendistro/opendistro-kibana/templates/opendistro_kibana.yml.j2
@@ -10,27 +10,24 @@ server.host: {{ kibana_server_host }}
 
 
 {% if kibana_opendistro_security %}
+
 elasticsearch.hosts: "https://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}"
+elasticsearch.username: {{ opendistro_kibana_user }}
+elasticsearch.password: {{ opendistro_kibana_password }}
+elasticsearch.ssl.verificationMode: certificate
+server.ssl.enabled: true
+server.ssl.certificate: "/usr/share/kibana/{{ kibana_node_name }}_http.pem"
+server.ssl.key: "/usr/share/kibana//{{ kibana_node_name }}_http.key"
+
 {% else %}
 elasticsearch.hosts: "http://{{ elasticsearch_network_host }}:{{ elasticsearch_http_port }}"
 {% endif %}
 
-elasticsearch.username: {{ opendistro_kibana_user }}
-elasticsearch.password: {{ opendistro_kibana_password }}
-elasticsearch.ssl.verificationMode: none
-
 elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
 opendistro_security.multitenancy.enabled: false # FIXME: should be enabled starting with Wazuh App v3.13
 opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
 opendistro_security.readonly_mode.roles: ["kibana_read_only"]
 
-# OpenDistro Security
-{% if kibana_opendistro_security %}
-server.ssl.enabled: true
-server.ssl.certificate: "/usr/share/kibana/{{ inventory_hostname }}_http.pem"
-server.ssl.key: "/usr/share/kibana//{{ inventory_hostname }}_http.key"
-{% endif %}
-
 newsfeed.enabled: {{ kibana_newsfeed_enabled }}
 telemetry.optIn: {{ kibana_telemetry_optin }}
 telemetry.enabled: {{ kibana_telemetry_enabled }}