From a2b4b65ab22387f7497ea6e049159fd55cefbc2c Mon Sep 17 00:00:00 2001
From: Duncan Martin Walker <Duncan.Walker02@bbc.co.uk>
Date: Mon, 10 Feb 2020 10:07:10 +0000
Subject: [PATCH] Expose options for Kibana load balancing

In order to load balance between multiple Kibana instances, they must
share common encryption keys for cookies and Elasticsearch reports.
This commit allows these common keys to be optionally applied to Kibana.
If not specified, as is the default they aren't set, and Kibana defaults
to unique per-instance keys as before.

Change-Id: I873e9d22d3c6bf687305c6620097b9140df72f89
---
 elk_metrics_7x/roles/elastic_kibana/defaults/main.yml      | 7 +++++++
 .../roles/elastic_kibana/templates/kibana.yml.j2           | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/elk_metrics_7x/roles/elastic_kibana/defaults/main.yml b/elk_metrics_7x/roles/elastic_kibana/defaults/main.yml
index 8a910861..064c93a4 100644
--- a/elk_metrics_7x/roles/elastic_kibana/defaults/main.yml
+++ b/elk_metrics_7x/roles/elastic_kibana/defaults/main.yml
@@ -24,3 +24,10 @@ kibana_nginx_port: 81
 kibana_server_name: "{{ ansible_hostname }}"
 kibana_index_on_elasticsearch: "http://{{ hostvars[groups['elastic-logstash'][0]]['ansible_host'] }}:{{ elastic_port}}/.kibana"
 kibana_elastic_request_timeout: 1800000
+
+# The following must be set in order to to allow kibana load balancing
+# otherwise they are set individually per Kibana instance
+# The key used to encrypt Elasticsearch reports
+# kibana_reporting_encryption_key: ""
+# The key used to encrypt kibana session cookies
+# kibana_security_encryption_key: ""
diff --git a/elk_metrics_7x/roles/elastic_kibana/templates/kibana.yml.j2 b/elk_metrics_7x/roles/elastic_kibana/templates/kibana.yml.j2
index cad996ac..00b08b22 100644
--- a/elk_metrics_7x/roles/elastic_kibana/templates/kibana.yml.j2
+++ b/elk_metrics_7x/roles/elastic_kibana/templates/kibana.yml.j2
@@ -123,3 +123,10 @@ xpack.monitoring.min_interval_seconds: 30
 xpack.monitoring.ui.enabled: true
 xpack.monitoring.ui.container.elasticsearch.enabled: true
 
+# Load balancer settings
+{% if security_encryption_key is defined %}
+xpack.security.encryptionKey: {{ kibana_security_encryption_key }}
+{% endif %}
+{% if reporting_encryption_key is defined %}
+xpack.reporting.encryptionKey: {{ kibana_reporting_encryption_key }}
+{% endif %}