From bf70996cd67ef81c46f8943591a9218136d1eb51 Mon Sep 17 00:00:00 2001
From: Daniel Pawlik <dpawlik@redhat.com>
Date: Fri, 27 May 2022 10:11:15 +0200
Subject: [PATCH] Change 0.0.0.0 address to 127.0.0.1; sync security plugin
 once again

On some host on Zuul CI gates, tests does not pass because of
wrong configured security plugin.

Change-Id: I475e12318f25f2b4c390e6a6103a36daab2444e4
---
 ansible/roles/check-services/tasks/download.yml  | 14 +++++++++-----
 ansible/roles/check-services/tasks/main.yml      | 16 ++++++++++------
 .../templates/logstash-index.conf.j2             |  6 +++---
 3 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/ansible/roles/check-services/tasks/download.yml b/ansible/roles/check-services/tasks/download.yml
index 00c3630..f6426c9 100644
--- a/ansible/roles/check-services/tasks/download.yml
+++ b/ansible/roles/check-services/tasks/download.yml
@@ -46,14 +46,14 @@
 
 - name: Wait for Opensearch to be up
   wait_for:
-    host: 0.0.0.0
+    host: 127.0.0.1
     port: 9200
     delay: 10
     timeout: 300
 
 - name: Wait for Opensearch to be up
   uri:
-    url: "https://0.0.0.0:9200"
+    url: "https://127.0.0.1:9200"
     user: "admin"
     password: "admin"
     force_basic_auth: true
@@ -65,6 +65,10 @@
   retries: 30
   delay: 10
 
+- name: Reconfigure once again security plugin
+  shell: |
+    podman exec -it opensearch bash -c "JAVA_HOME=/usr/share/opensearch/jdk /usr/share/opensearch/securityadmin_demo.sh"
+
 ### Logscraper ###
 - name: Setup logscraper service
   include_role:
@@ -93,7 +97,7 @@
   block:
     - name: Get indices
       uri:
-        url: "https://0.0.0.0:9200/_cat/indices"
+        url: "https://127.0.0.1:9200/_cat/indices"
         user: "admin"
         password: "admin"
         force_basic_auth: true
@@ -108,7 +112,7 @@
 
     - name: Check if build_branch exists in index content
       uri:
-        url: "https://0.0.0.0:9200/logstash-logscraper"
+        url: "https://127.0.0.1:9200/logstash-logscraper"
         user: "admin"
         password: "admin"
         force_basic_auth: true
@@ -139,7 +143,7 @@
 
     - name: Get indices to fail the test
       uri:
-        url: "https://0.0.0.0:9200/_cat/indices"
+        url: "https://127.0.0.1:9200/_cat/indices"
         user: "admin"
         password: "admin"
         force_basic_auth: true
diff --git a/ansible/roles/check-services/tasks/main.yml b/ansible/roles/check-services/tasks/main.yml
index d43dfc0..0de386a 100644
--- a/ansible/roles/check-services/tasks/main.yml
+++ b/ansible/roles/check-services/tasks/main.yml
@@ -65,14 +65,14 @@
 
 - name: Wait for Opensearch to be up
   wait_for:
-    host: 0.0.0.0
+    host: 127.0.0.1
     port: 9200
     delay: 10
     timeout: 300
 
 - name: Wait for Opensearch to be up
   uri:
-    url: "https://0.0.0.0:9200"
+    url: "https://127.0.0.1:9200"
     user: "admin"
     password: "admin"
     force_basic_auth: true
@@ -84,6 +84,10 @@
   retries: 30
   delay: 10
 
+- name: Reconfigure once again security plugin
+  shell: |
+    podman exec -it opensearch bash -c "JAVA_HOME=/usr/share/opensearch/jdk /usr/share/opensearch/securityadmin_demo.sh"
+
 ### LOGSTASH ###
 - name: Create require directories for Logstash
   file:
@@ -98,7 +102,7 @@
     content: |
       # opensearch analyze is working on 9600
       http.port: 9601
-      http.host: 0.0.0.0
+      http.host: 127.0.0.1
     dest: /etc/logstash/logstash.yml
     mode: '0644'
     owner: '1000'
@@ -122,7 +126,7 @@
 
 - name: Wait for Logstash to be up
   wait_for:
-    host: 0.0.0.0
+    host: 127.0.0.1
     port: 9999
     delay: 10
     timeout: 300
@@ -163,7 +167,7 @@
   block:
     - name: Get indices
       uri:
-        url: "https://0.0.0.0:9200/_cat/indices"
+        url: "https://127.0.0.1:9200/_cat/indices"
         user: "admin"
         password: "admin"
         force_basic_auth: true
@@ -199,7 +203,7 @@
 
     - name: Get indices to fail the test
       uri:
-        url: "https://0.0.0.0:9200/_cat/indices"
+        url: "https://127.0.0.1:9200/_cat/indices"
         user: "admin"
         password: "admin"
         force_basic_auth: true
diff --git a/ansible/roles/check-services/templates/logstash-index.conf.j2 b/ansible/roles/check-services/templates/logstash-index.conf.j2
index 3991b14..7ac95ce 100644
--- a/ansible/roles/check-services/templates/logstash-index.conf.j2
+++ b/ansible/roles/check-services/templates/logstash-index.conf.j2
@@ -1,6 +1,6 @@
 input {
   tcp {
-    host => "0.0.0.0"
+    host => "127.0.0.1"
     port => "{{ output_port }}"
     codec => json_lines {}
     type => "zuul"
@@ -22,9 +22,9 @@ filter {
 }
 output {
   elasticsearch {
-    hosts => ['https://0.0.0.0:9200']
+    hosts => ["https://127.0.0.1:9200"]
     index => "logstash-logscraper-%{+YYYY.MM.dd}"
-    user => 'admin'
+    user => "admin"
     password => "admin"
     ssl => true
     ssl_certificate_verification => false