Use common variable for TLS (#274)

widhalmt · web-flow · commit 4c6c166647ab · 2025-09-22T12:54:02.000Z
fixes #248 The `metricbeat.yml` and `auditbeat.yml` templates have code for both connecting to Logstash or Elasticseach. They used different variables to determine whether to turn on TLS or not. That resulted in a missing default and therefore Beats setup breaking when connecting to Elasticseach. I changed the variable that's queried to determine whether to turn on TLS or not. This is something between a workaround and a partial solution. While it makes more sense to use a role related variable for both Logstash and Elasticsearch output (other than before) it's still not the goal we want. So overhauling the whole process of determining whether we need TLS or not is due. I'll start a discussion and we need to adjust all roles to the solution we find. Now there are similarities but it's not exactly the same in every role.
diff --git a/roles/beats/templates/auditbeat.yml.j2 b/roles/beats/templates/auditbeat.yml.j2
@@ -31,7 +31,7 @@ setup.template.settings:
 setup.kibana:
 {% if beats_auditbeat_output == "elasticsearch" %}
 output.elasticsearch:
-{% if elasticsearch_http_security | bool %}
+{% if beats_security | bool %}
 {% if elasticstack_full_stack | bool %}
   hosts: [ {% for host in groups[elasticstack_elasticsearch_group_name] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% else %}
diff --git a/roles/beats/templates/metricbeat.yml.j2 b/roles/beats/templates/metricbeat.yml.j2
@@ -8,7 +8,7 @@ setup.template.settings:
 setup.kibana:
 {% if beats_metricbeat_output == "elasticsearch" %}
 output.elasticsearch:
-{% if elasticsearch_http_security | bool %}
+{% if beats_security | bool %}
 {% if elasticstack_full_stack | bool %}
   hosts: [ {% for host in groups[elasticstack_elasticsearch_group_name] %}"https://{{ host }}:{{ elasticstack_elasticsearch_http_port }}"{% if not loop.last %},{% endif %}{% endfor %}]
 {% else %}
