Add kibana authentication using HAproxy

Change-Id: Ib501571dd34cb68924775ce738499d63df5718dd
Closes-Bug: 1556487

ansible/group_vars/all.yml

@@ -210,6 +210,13 @@ haproxy_enable_external_vip: "{{ 'no' if kolla_external_vip_address == kolla_int
 kolla_enable_tls_external: "no"
 kolla_external_fqdn_cert: "{{ node_config_directory }}/certificates/haproxy.pem"
 
+
+####################
+# Kibana options
+####################
+kibana_user: "kibana"
+
+
 #################################
 # Cinder - Block Storage options
 #################################

ansible/roles/haproxy/templates/haproxy.cfg.j2

@@ -374,8 +374,14 @@ listen radosgw_external
 {% endif %}
 
 {% if enable_central_logging | bool %}
+
+userlist kibanauser
+  user {{ kibana_user }} insecure-password {{ kibana_password }}
+
 listen kibana
   bind {{ kolla_internal_vip_address }}:{{ kibana_server_port }}
+  acl auth_acl http_auth(kibanauser)
+  http-request auth realm basicauth unless auth_acl
 {% for host in groups['kibana'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ kibana_server_port }} check inter 2000 rise 2 fall 5
 {% endfor %}

etc/kolla/passwords.yml

@@ -76,3 +76,8 @@ rabbitmq_cluster_cookie:
 ####################
 haproxy_password:
 keepalived_password:
+
+####################
+# Kibana options
+####################
+kibana_password: