cloud-elasticsearch/defaults/main.yml

---
cloud_apps: /opt
cloud_storage: /opt/storage
cloud_stage: prod
cloud_update: false

elastic_data_location: "{{ cloud_storage }}/elastic-data"
elastic_logs_location: "{{ cloud_storage }}/elastic-logs"

elastic_version: 8.17.1
elastic_platform_suffix: linux-x86_64

elastic_source: "https://artifacts.elastic.co/downloads/elasticsearch"

elastic_cluster_nodes:
  - elastic-host-0.local

elastic_config_http:
  port: 9200
  host: 0.0.0.0

elastic_config_xpack:
  security:
    enabled: true
    enrollment:
      enabled: true
    http:
      ssl:
        enabled: true
        verification_mode: certificate
        keystore:
          path: certs/http.p12
    transport:
      ssl:
        enabled: true
        verification_mode: certificate
        keystore:
          path: certs/transport.p12
        truststore:
          path: certs/transport.p12
    authc:
      token.enabled: true
      security.authc.realms.oidc.oidc1:
        order: 2
        rp.client_id: "the_client_id"
        rp.response_type: code
        rp.redirect_uri: "https://kibana.example.org:5601/api/security/oidc/callback"
        op.issuer: "https://op.example.org"
        op.authorization_endpoint: "https://op.example.org/oauth2/v1/authorize"
        op.token_endpoint: "https://op.example.org/oauth2/v1/token"
        op.jwkset_path: oidc/jwkset.json
        op.userinfo_endpoint: "https://op.example.org/oauth2/v1/userinfo"
        op.endsession_endpoint: "https://op.example.org/oauth2/v1/logout"
        rp.post_logout_redirect_uri: "https://kibana.example.org:5601/security/logged_out"
        claims.principal: sub
        claims.groups: "http://example.info/claims/groups"

elastic_transport_host: 0.0.0.0

elastic_cert_http_p12: "ThisIsTheHttpP12Certificate"
elastic_Cert_transport_p12: "ThisIsTheTransportP12Certificate"