From 51ba3f7c167a0f384c8ea331fb4658031a49decb Mon Sep 17 00:00:00 2001 From: Sven Ketelsen Date: Mon, 21 Jun 2021 20:56:40 +0200 Subject: [PATCH] SMARCH-33: added elastic stack setup --- README.md | 5 +- elastic-certs.sh | 1 + group_vars/all/plain.yml | 4 + group_vars/all/vault.yml | 97 +++++----- group_vars/stage_dev/plain.yml | 72 ++++--- new.txt | 50 +++++ old.txt | 56 ++++++ .../tasks/{configs.yml => templates.yml} | 25 ++- roles/common/configs/docker/config.json.j2 | 4 + roles/connect/defaults/main.yml | 4 +- roles/connect/tasks/main.yml | 31 +-- roles/connect/vars/main.yml | 2 +- roles/elastic/defaults/main.yaml | 13 ++ .../handlers/main.yml | 0 .../meta/main.yml | 0 .../main.yml => elastic/tasks/main.yaml} | 49 ++++- roles/elastic/vars/main.yml | 180 ++++++++++++++++++ .../elasticsearch-exporter/defaults/main.yml | 4 - roles/elasticsearch-exporter/vars/main.yml | 44 ----- roles/filebeat/tasks/main.yaml | 44 +++-- roles/hcloud/tasks/main.yml | 1 + .../hcloud/templates/firewall-docker.json2.j2 | 19 ++ roles/keycloak/tasks/main.yml | 17 +- roles/node-exporter/defaults/main.yml | 64 ------- roles/node-exporter/tasks/main.yml | 33 ++-- roles/node-exporter/vars/main.yml | 2 +- roles/postfix/.github/workflows/ci.yml | 80 -------- roles/postfix/.github/workflows/release.yml | 20 -- roles/prometheus/tasks/main.yml | 31 ++- roles/traefik/tasks/main.yml | 39 ++-- roles/traefik/vars/main.yml | 6 +- setup.yml | 16 +- smardigo.yml | 13 ++ stage-dev | 1 + templates/_docker/docker-compose.yml.j2 | 11 ++ templates/elastic-certs/certs/ca/ca.crt | 20 ++ .../dev-elastic-stack-01-elastic.crt | 21 ++ .../dev-elastic-stack-01-elastic.key | 27 +++ .../dev-elastic-stack-01-elastic.pkcs8.key | 28 +++ .../dev-elastic-stack-02-elastic.crt | 21 ++ .../dev-elastic-stack-02-elastic.key | 27 +++ .../dev-elastic-stack-02-elastic.pkcs8.key | 28 +++ .../dev-elastic-stack-03-elastic.crt | 21 ++ .../dev-elastic-stack-03-elastic.key | 27 +++ .../dev-elastic-stack-03-elastic.pkcs8.key | 28 +++ .../dev-elastic-stack-filebeat.crt | 21 ++ .../dev-elastic-stack-filebeat.key | 27 +++ .../dev-elastic-stack-filebeat.pkcs8.key | 28 +++ .../dev-elastic-stack-logstash.crt | 21 ++ .../dev-elastic-stack-logstash.key | 27 +++ .../dev-elastic-stack-logstash.pkcs8.key | 28 +++ templates/elastic-certs/certutil.sh | 24 +++ templates/elastic-certs/instances.yaml | 51 +++++ .../config/logstash/pipeline/filebeat.conf.j2 | 106 +++++++++++ templates/elastic/config/roles.yml.j2 | 16 ++ templates/elasticsearch-exporter/certs/ca.crt | 20 -- templates/filebeat/certs/ca/ca.crt | 20 -- templates/filebeat/certs/filebeat.crt | 21 -- templates/filebeat/certs/filebeat.key | 27 --- templates/filebeat/config/filebeat.yml.j2 | 4 +- templates/traefik/traefik.toml.j2 | 19 +- .../daniel.dz/{id_ed25519.pub => id_rsa.pub} | 0 62 files changed, 1285 insertions(+), 461 deletions(-) create mode 100644 elastic-certs.sh create mode 100644 new.txt create mode 100644 old.txt rename roles/_deploy/tasks/{configs.yml => templates.yml} (79%) create mode 100644 roles/elastic/defaults/main.yaml rename roles/{elasticsearch-exporter => elastic}/handlers/main.yml (100%) rename roles/{elasticsearch-exporter => elastic}/meta/main.yml (100%) rename roles/{elasticsearch-exporter/tasks/main.yml => elastic/tasks/main.yaml} (56%) create mode 100644 roles/elastic/vars/main.yml delete mode 100644 roles/elasticsearch-exporter/defaults/main.yml delete mode 100644 roles/elasticsearch-exporter/vars/main.yml create mode 100644 roles/hcloud/templates/firewall-docker.json2.j2 delete mode 100644 roles/postfix/.github/workflows/ci.yml delete mode 100644 roles/postfix/.github/workflows/release.yml create mode 100644 templates/elastic-certs/certs/ca/ca.crt create mode 100644 templates/elastic-certs/certs/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.crt create mode 100644 templates/elastic-certs/certs/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.key create mode 100644 templates/elastic-certs/certs/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.pkcs8.key create mode 100644 templates/elastic-certs/certs/dev-elastic-stack-02-elastic/dev-elastic-stack-02-elastic.crt create mode 100644 templates/elastic-certs/certs/dev-elastic-stack-02-elastic/dev-elastic-stack-02-elastic.key create mode 100644 templates/elastic-certs/certs/dev-elastic-stack-02-elastic/dev-elastic-stack-02-elastic.pkcs8.key create mode 100644 templates/elastic-certs/certs/dev-elastic-stack-03-elastic/dev-elastic-stack-03-elastic.crt create mode 100644 templates/elastic-certs/certs/dev-elastic-stack-03-elastic/dev-elastic-stack-03-elastic.key create mode 100644 templates/elastic-certs/certs/dev-elastic-stack-03-elastic/dev-elastic-stack-03-elastic.pkcs8.key create mode 100644 templates/elastic-certs/certs/dev-elastic-stack-filebeat/dev-elastic-stack-filebeat.crt create mode 100644 templates/elastic-certs/certs/dev-elastic-stack-filebeat/dev-elastic-stack-filebeat.key create mode 100644 templates/elastic-certs/certs/dev-elastic-stack-filebeat/dev-elastic-stack-filebeat.pkcs8.key create mode 100644 templates/elastic-certs/certs/dev-elastic-stack-logstash/dev-elastic-stack-logstash.crt create mode 100644 templates/elastic-certs/certs/dev-elastic-stack-logstash/dev-elastic-stack-logstash.key create mode 100644 templates/elastic-certs/certs/dev-elastic-stack-logstash/dev-elastic-stack-logstash.pkcs8.key create mode 100644 templates/elastic-certs/certutil.sh create mode 100644 templates/elastic-certs/instances.yaml create mode 100644 templates/elastic/config/logstash/pipeline/filebeat.conf.j2 create mode 100644 templates/elastic/config/roles.yml.j2 delete mode 100644 templates/elasticsearch-exporter/certs/ca.crt delete mode 100644 templates/filebeat/certs/ca/ca.crt delete mode 100644 templates/filebeat/certs/filebeat.crt delete mode 100644 templates/filebeat/certs/filebeat.key rename users/daniel.dz/{id_ed25519.pub => id_rsa.pub} (100%) diff --git a/README.md b/README.md index b8e90b2..21fc603 100644 --- a/README.md +++ b/README.md @@ -34,4 +34,7 @@ Keykloak Update Client 'docker-registry' Download Installation Docker-Registry - Use Installation from Keycloak Client 'docker-registry' \ No newline at end of file + Use Installation from Keycloak Client 'docker-registry' +Prometheus (Grafana) + docker exec -i df4d6b176f5e sh -c 'grafana-cli plugins install grafana-piechart-panel' + docker restart df4d6b176f5e \ No newline at end of file diff --git a/elastic-certs.sh b/elastic-certs.sh new file mode 100644 index 0000000..a68cf2d --- /dev/null +++ b/elastic-certs.sh @@ -0,0 +1 @@ + docker run -v `pwd`/templates/elastic-certs:/certs -v `pwd`/templates/elastic-certs/instances.yaml:/usr/share/elasticsearch/config/certificates/instances.yml docker.elastic.co/elasticsearch/elasticsearch:7.12.0 /bin/sh "/certs/certutil.sh" \ No newline at end of file diff --git a/group_vars/all/plain.yml b/group_vars/all/plain.yml index 22d0ac1..88c3dd9 100644 --- a/group_vars/all/plain.yml +++ b/group_vars/all/plain.yml @@ -90,6 +90,7 @@ service_port_sonarqube: "9000" monitor_port_service: "9081" monitor_port_system: "9082" monitor_port_docker: "9083" +monitor_port_elastic: "9084" admin_port_traefik: "9080" @@ -109,6 +110,9 @@ hetzner_ssh_keys: #hetzner_authentication_token: "< see vault >" #digitalocean_authentication_token: "< see vault >" +#elastic_admin_username: "< see vault >" +#elastic_admin_password: "< see vault >" + #grafana_admin_username: "< see vault >" #grafana_admin_password: "< see vault >" #grafana_signing_secret: "< see vault >" diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 2f95041..13ebaf9 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,48 +1,51 @@ $ANSIBLE_VAULT;1.1;AES256 -64643037663332613065363239666532333039666436303731643261663438396133653737326461 -3435363331316634306364613537613637666538313766310a396335346137393862336133646262 -63636330313462653330326166383431343262306666323861343039623364326233616238646336 -3864643932643661660a313133666334636436633030386239313934636664376462396639636264 -62326166653166396137616136336231373838303134643463356665366562356332343661343736 -31356661393263633765313136316531336231666366353361656265626632313339623062666261 -64356233303633326136646563356564383637336162646366343238343462616532396638383061 -63613030393162646239656664373162633937373132383832656363633462656163633432306336 -32393736396636333230363561663166336330646536316231666333343662633034626335323266 -63623439323737386663303066373036396431306166306231616638306136616365393332653764 -38303635613766613161373638393730613235306162396665653832386563333537313434343730 -66346234643838343638333035666330363265393436646630363065646130613632623964383262 -35633132373563656664623337343130303130633831333833323766313438373461666538613638 -33323763356636346634343533363037633966313639613833396330666632373636646362623662 -61613461626431663566363966313332363266643965666463353134656463396235663063363638 -62313766643934363637626234323462646337343839353464326534303837633838366639616334 -37353336653766346538663931616361316161323466303964363864386434643966303937316365 -34313635613734356563346465623162303630626534666562653530323438326532656337363838 -61323332393365303738613836313237646665343266323661313261323163393765613731346138 -66663838343562366232383566626538346231626435616632356365623762363939376561613666 -62343535363464346564326134313466373530313336356263373738386539613565363236363931 -38326636616439343737356161666161636234363966346435336333323261336433633132666332 -38393039353934333566326535633366363431393532626431633566336365363466626332646662 -39393232336562333533626233643734316662383732323962653765656466623437316336663832 -37626262373364643933626434636636373133646432353765343134653635343239353833306231 -30616165373833343964376363636461366663383939333538303235623162646261656462326662 -61666538353236323736646238313639623537613862353036663261303238393366636464333730 -35646233363761656238373434386533663736303061313664393565666632343231643537653531 -34306262306631653562353265656433323433666263386438636461613661333965616539393035 -38623635343861636665656136626261363239353363633964646537616633353439313235326564 -62396264653538346433396663353933393232633536396663333366623163663930366364396566 -66373937643139636637643932343733303131373765343232636639663862333966326235353031 -31303630616337323432366532343138363035383634356335646262623634626665313331386136 -33643264616463303861336161646237663030623861623838363538396133626334346261663336 -62666436653332376633303063336664646530316139626330393666623330663439613039643635 -65393335633631386338386564643939393238333237366337386539303961656338336338326237 -35666361363232653934336134663865623732326466323061326232356336613965356633326337 -65663761383735346565346530646239643165656330393664663434393139346431336633396639 -65366333343330353432396332653736623832633439613032653565616435383539386161663664 -34356265303430643535636162343234646162623932656431613734643038363732393166653562 -31306537373630346532363939363764353862653339643237613338356163316233663337393631 -33386335656366376436353764333265333835346132313331636261626434653031636264333133 -36343637306132363766616339323536643138343735316130363462376232323263333063383064 -61366434623335333232666239303261333132346332653633363439656266646462376664626530 -65666239643562646431633466366336326538363761333639396638633738336533636339323236 -39376361386262373831653831666430303132643632323535643261336137383232386235306530 -396465326533646330393661633165363331 +34633465613364373734643738376434323433343232643832666466316130393530656561613535 +3831303063333037663562313465313238646638613538660a626463313530653536366133343664 +33393566366134323736626165306436363231346239643837363032393066636163346563626333 +6565626333343033370a323666313165393639306439333639313732646539613430333238316632 +33383832623631303265376135333538383732663234383334663636306236616366656136383830 +36336633396430666333663339306235663233396435633431343335666233646231363364326434 +65623836633133383761366533353339623139356363326538646566326237356332623839386362 +31356139396532646233666563663133393662373237326639383066643832373162366564386230 +32333464383738663639656237663936313132323531623864623737376662326234366265383561 +61356538663432336635613664616363326662343639356432383165663561333032313466333630 +65633766623032616632613962623737656163303238626264393264386638303637373136366237 +31343730373637303937356331663665333332333235643936396466633839623062663338316333 +34313635316661373030346633643934353430333431303063643363646664393566613231663135 +36656238333163323338653033333163343063363161313765666561613133626437623338326337 +37623438613330363966376636613035356138373139383966323333396161356661663161306564 +37373763316461656632303236333236356464376234666164643734623633386230356133363463 +37643066643636626133616461633434326231333134616431333239336539346239663635396630 +38366336333865373033393830613365313366613064643130656435633161346237623030373435 +31623630376233366463353961633162656137343866373431333165383363653434663836626437 +64353535313632353062653833633863373666356537306133323833343465323238376331346264 +39613665633032653935646532643466383237316263383130323966393031373866323234363937 +33353836656538373964656235353662303132303861623938353939353135323936306236366330 +30303963313863316632656538633433656631656236343732616537623034393930653939326563 +39373736306137656363366536633234666239333038393364383239393238646366653466643231 +33613131613637363365373265653037353964663537653234366361356431656364616432303038 +39393865376137613161303638356466653632396464323336343263323536306235333030303866 +30623933316335346264613465323832383531366666383939663738333531656138623565306462 +37313465376263643966666330646466663239306665363434626431613562633433346530623232 +63363434393263643232633337643138633931626533653366353135326130643230633464393534 +36643935663561326132653565353331306238353665323765663961636461323066346564376561 +35326661643066616136646662616635336262336133346232326264306261333663316135336537 +33633663313363396130346431336636396636636262386566316165616463363235643336316461 +64643866343538656364393436353838366639613135636137333636393562313461373033663932 +66313834356334336234326563666630313562663534636464303165346436666666626532653838 +38393465643539326530643134356231353635363963633935353633313736623537323335353462 +38396230643032306165633333366436303134356362383062383735623031646565613163663432 +39616163303934333534393265666133636365393361386532646166666334363331333861613639 +34633736336431613934343138313132663238663563373338653039383134303339636164396163 +32326230373733306662306232363539323463393134356362376333616338336164396333323866 +38336333376337626266393733626161633238306630623831396132616162393361313731313337 +62373439653266366239656230323766653366326161613761353334303036376662316135353933 +36316532373361303039333734313862656636316563656636613339613531653864306263626265 +30656265363063303165303936623131316663643236363866396162653530373463366537616266 +65346532373130646361613431636636633335383565306234363631643366376630643030393535 +33643963373332626661353661626364356233363464366637623862316133356566656236633534 +30646438336537393764333831303135383634616165666533306662393466303230303738376266 +32366237643061613264333964613534613831636232396365393833373639306561353131333638 +61353837363431336634366432386533386437313364386662643236633931653337303466393833 +65646365663437396262343065363135346264363164376334343365626462386261393462343236 +3830303437326237373533636335613632333133643232326262 diff --git a/group_vars/stage_dev/plain.yml b/group_vars/stage_dev/plain.yml index 3e417b3..ed67e56 100644 --- a/group_vars/stage_dev/plain.yml +++ b/group_vars/stage_dev/plain.yml @@ -2,24 +2,64 @@ stage: "dev" +docker_registry: dev-docker-registry-01.smardigo.digital + hetzner_server_labels: "stage={{ stage }}" alertmanager_channel_smardigo: "#monitoring-qa" +filebeat_certificate: "dev-elastic-stack-filebeat" +logstash_certificate: "dev-elastic-stack-logstash" + +# TODO read configuration with hetzner rest api +elastic_stack_network: { + dev-elastic-stack-01: 10.0.0.2, + dev-elastic-stack-02: 10.0.0.3, + dev-elastic-stack-03: 10.0.0.4, +} + # TODO read configuration with hetzner rest api -logstash_hostname: "logstash-dev-elastic-stack-01" +logstash_hostname: "dev-elastic-stack-01-logstash" +elastic_extra_hosts: [ + { + hostname: dev-elastic-stack-01-elastic, + ip: "{{ elastic_stack_network['dev-elastic-stack-01'] }}", + }, + { + hostname: dev-elastic-stack-02-elastic, + ip: "{{ elastic_stack_network['dev-elastic-stack-02'] }}", + }, + { + hostname: dev-elastic-stack-03-elastic, + ip: "{{ elastic_stack_network['dev-elastic-stack-03'] }}", + }, +] filebeat_extra_hosts: [ { - hostname: logstash-dev-elastic-stack-01, - ip: 10.0.0.2, + hostname: dev-elastic-stack-01-logstash, + ip: "{{ elastic_stack_network['dev-elastic-stack-01'] }}", + }, + { + hostname: dev-elastic-stack-02-logstash, + ip: "{{ elastic_stack_network['dev-elastic-stack-02'] }}", + }, + { + hostname: dev-elastic-stack-03-logstash, + ip: "{{ elastic_stack_network['dev-elastic-stack-03'] }}", + }, +] +kibana_extra_hosts: [ + { + hostname: dev-elastic-stack-01-kibana, + ip: "{{ elastic_stack_network['dev-elastic-stack-01'] }}", }, { - hostname: logstash-dev-elastic-stack-02, - ip: 10.0.0.3 + hostname: dev-elastic-stack-02-kibana, + ip: "{{ elastic_stack_network['dev-elastic-stack-02'] }}", }, { - hostname: logstash-dev-elastic-stack-03, - ip: 10.0.0.4, + hostname: dev-elastic-stack-03-kibana, + ip: "{{ elastic_stack_network['dev-elastic-stack-03'] }}", }, ] @@ -41,20 +81,4 @@ keycloak_extra_hosts: [ hostname: "{{ mail_hostname }}", ip: 10.2.0.2, } -] - -# TODO read configuration with hetzner rest api -elasticsearch_extra_hosts: [ - { - hostname: es-dev-elastic-stack-01, - ip: 10.0.0.2, - }, - { - hostname: es-dev-elastic-stack-02, - ip: 10.0.0.3 - }, - { - hostname: es-dev-elastic-stack-03, - ip: 10.0.0.4, - }, -] +] \ No newline at end of file diff --git a/new.txt b/new.txt new file mode 100644 index 0000000..238392b --- /dev/null +++ b/new.txt @@ -0,0 +1,50 @@ +version: '3.7' + +services: + dev-elastic-stack-01-elastic: + image: "docker.elastic.co/elasticsearch/elasticsearch:7.12.0" + container_name: "dev-elastic-stack-01-elastic" + restart: always + user: root + environment: + ES_JAVA_OPTS: -Xms3886m -Xmx3886m + node.name: "dev-elastic-stack-01-elastic" + cluster.name: dev-elastic-stack + discovery.seed_hosts: dev-elastic-stack-02-elastic,dev-elastic-stack-03-elastic + cluster.initial_master_nodes: dev-elastic-stack-01-elastic,dev-elastic-stack-02-elastic,dev-elastic-stack-03-elastic + bootstrap.memory_lock: "true" + network.publish_host: 10.0.0.2 + xpack.security.enabled: "true" + xpack.security.http.ssl.enabled: "true" + xpack.security.http.ssl.key: /usr/share/elasticsearch/config/certificates/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.key + xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/certificates/ca/ca.crt + xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/certificates/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.crt + xpack.security.transport.ssl.enabled: "true" + xpack.security.transport.ssl.verification_mode: certificate + xpack.security.transport.ssl.certificate_authorities: /usr/share/elasticsearch/config/certificates/ca/ca.crt + xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/certificates/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.crt + xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/certificates/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.key + ulimits: + memlock: + soft: -1 + hard: -1 + volumes: + - "dev-elastic-stack-01-elastic-data:/usr/share/elasticsearch/data" + - "./certs:/usr/share/elasticsearch/config/certificates:ro" + - "./config/roles.yml:/usr/share/elasticsearch/config/roles.yml:ro" + networks: + - "back-tier" + extra_hosts: + - dev-elastic-stack-01-elastic:10.0.0.2 + - dev-elastic-stack-02-elastic:10.0.0.3 + - dev-elastic-stack-03-elastic:10.0.0.4 + ports: + - 9200:9200 + - 9300:9300 + +networks: + back-tier: + external: True + +volumes: + dev-elastic-stack-01-elastic-data: {} \ No newline at end of file diff --git a/old.txt b/old.txt new file mode 100644 index 0000000..304ce98 --- /dev/null +++ b/old.txt @@ -0,0 +1,56 @@ +--- +version: '3.7' + +services: + es-dev-elastic-stack-01: + image: docker.elastic.co/elasticsearch/elasticsearch:7.12.0 + container_name: es-dev-elastic-stack-01 + hostname: es-dev-elastic-stack-01 + extra_hosts: + - "es-dev-elastic-stack-02:10.0.0.3" + - "es-dev-elastic-stack-03:10.0.0.4" + environment: + ES_JAVA_OPTS: -Xms3886m -Xmx3886m + node.name: es-dev-elastic-stack-01 + cluster.name: es-docker-cluster + discovery.seed_hosts: es-dev-elastic-stack-02,es-dev-elastic-stack-03 + cluster.initial_master_nodes: es-dev-elastic-stack-01,es-dev-elastic-stack-02,es-dev-elastic-stack-03 + bootstrap.memory_lock: "true" + network.publish_host: 10.0.0.2 + xpack.security.enabled: "true" + xpack.security.enabled: "true" + xpack.security.http.ssl.enabled: "true" + xpack.security.http.ssl.key: /usr/share/elasticsearch/config/certificates/es-dev-elastic-stack-01/es-dev-elastic-stack-01.key + xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/certificates/ca/ca.crt + xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/certificates/es-dev-elastic-stack-01/es-dev-elastic-stack-01.crt + xpack.security.transport.ssl.enabled: "true" + xpack.security.transport.ssl.verification_mode: certificate + xpack.security.transport.ssl.certificate_authorities: /usr/share/elasticsearch/config/certificates/ca/ca.crt + xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/certificates/es-dev-elastic-stack-01/es-dev-elastic-stack-01.crt + xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/certificates/es-dev-elastic-stack-01/es-dev-elastic-stack-01.key + ulimits: + memlock: + soft: -1 + hard: -1 + volumes: + - es-dev-elastic-stack-01-data:/usr/share/elasticsearch/data + - ./certs:/usr/share/elasticsearch/config/certificates:ro + - ./config/roles.yml:/usr/share/elasticsearch/config/roles.yml:ro + ports: + - 9200:9200 + - 9300:9300 + networks: + - back-tier + healthcheck: + test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi + interval: 30s + timeout: 10s + retries: 5 + +volumes: + es-dev-elastic-stack-01-data: + name: es-dev-elastic-stack-01-data + +networks: + back-tier: + external: true \ No newline at end of file diff --git a/roles/_deploy/tasks/configs.yml b/roles/_deploy/tasks/templates.yml similarity index 79% rename from roles/_deploy/tasks/configs.yml rename to roles/_deploy/tasks/templates.yml index 1c91f57..e9705a4 100644 --- a/roles/_deploy/tasks/configs.yml +++ b/roles/_deploy/tasks/templates.yml @@ -1,12 +1,21 @@ --- +- name: 'Delete {{ current_base_path }}/{{ current_destination }}' + file: + state: absent + path: "{{ current_base_path }}/{{ current_destination }}" + when: cleanup_destination is defined and cleanup_destination == "true" + tags: + - update_config + - update_deployment + - name: 'Ensures {{ current_base_path }}/{{ current_destination }} directory exists' file: state: directory path: '{{ current_base_path }}/{{ current_destination }}' tags: - - update_deployment - update_config + - update_deployment - name: 'Ensure directory structure for {{ current_config }} exists' file: @@ -19,19 +28,7 @@ when: item.state == "directory" tags: - update_config - -- name: Ensure docker files are populated from templates/_docker - template: - src: "{{ item.src }}" - dest: "{{ current_base_path }}/{{ current_destination }}/{{ item.path | regex_replace('\\.j2$', '') }}" - owner: "{{ current_owner }}" - group: "{{ current_group }}" - mode: 0644 - with_filetree: "templates/_docker" - when: item.state == 'file' and item.src is match('.*\.j2$') - tags: - update_deployment - - update_config - name: Ensure config template files are populated from templates/{{ current_config }} template: @@ -44,6 +41,7 @@ when: item.state == 'file' and item.src is match('.*\.j2$') tags: - update_config + - update_deployment - name: Ensure config files are populated from from templates/{{ current_config }} copy: @@ -56,3 +54,4 @@ when: item.state == 'file' and item.src is not match('.*\.j2$') tags: - update_config + - update_deployment diff --git a/roles/common/configs/docker/config.json.j2 b/roles/common/configs/docker/config.json.j2 index 1d6989f..a0f4f31 100644 --- a/roles/common/configs/docker/config.json.j2 +++ b/roles/common/configs/docker/config.json.j2 @@ -1,6 +1,10 @@ { "auths": { + "dev-docker-registry-01.smardigo.digital": { + "auth": "ZG9ja2VyLWFkbWluOnlZVGRXY1ExS01UZWxsOEVOVHlEVjlkZWRRUWZVTjhS" + } }, "HttpHeaders": { + "User-Agent": "Docker-Client/19.03.13 (linux)" } } \ No newline at end of file diff --git a/roles/connect/defaults/main.yml b/roles/connect/defaults/main.yml index 74581fd..9efad9d 100644 --- a/roles/connect/defaults/main.yml +++ b/roles/connect/defaults/main.yml @@ -1,8 +1,8 @@ --- -connect_image_name: docker.dev-at.de/smardigo/connect-whitelabel-app +connect_image_name: "{{ docker_registry }}/smardigo/connect-whitelabel-app" -connect_version: '7.1.0-SNAPSHOT' +connect_version: '8.2.0-SNAPSHOT' connect_admin_username: "connect-admin" connect_admin_password: "connect-admin" diff --git a/roles/connect/tasks/main.yml b/roles/connect/tasks/main.yml index 6adb1c1..2904f6e 100644 --- a/roles/connect/tasks/main.yml +++ b/roles/connect/tasks/main.yml @@ -1,10 +1,8 @@ --- ### tags: -### create_users ### update_deployment - - name: "Send mattermost message" uri: url: "{{ mattermost_hook_smardigo }}" @@ -42,24 +40,35 @@ tags: - update_deployment -- name: "Deploy service configuration for {{ service_name }}" +- name: "Deploy docker templates for {{ service_name }}" include_role: name: _deploy - tasks_from: configs + tasks_from: templates vars: - current_config: "connect" + current_config: "_docker" current_base_path: "{{ service_base_path }}" current_destination: "{{ service_name }}" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" current_docker: "{{ connect_docker }}" -#- name: "Update {{ service_name }}" -# shell: docker-compose pull -# args: -# chdir: '{{ service_base_path }}/{{ service_name }}' -# tags: -# - update_deployment +- name: "Deploy service templates for {{ service_name }}" + include_role: + name: _deploy + tasks_from: templates + vars: + current_config: "connect" + current_base_path: "{{ service_base_path }}" + current_destination: "{{ service_name }}" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + +- name: "Update {{ service_name }}" + shell: docker-compose pull + args: + chdir: '{{ service_base_path }}/{{ service_name }}' + tags: + - update_deployment - name: "Start {{ service_name }}" shell: docker-compose up -d diff --git a/roles/connect/vars/main.yml b/roles/connect/vars/main.yml index bb9f664..183c1ea 100644 --- a/roles/connect/vars/main.yml +++ b/roles/connect/vars/main.yml @@ -25,7 +25,7 @@ connect_labels: [ '"traefik.http.routers.{{ connect_id }}-monitor.service={{ service_name }}-node-exporter"', '"traefik.http.routers.{{ connect_id }}-monitor.rule=Host(`{{ stage_server_url_host }}`)"', - '"traefik.http.routers.{{ connect_id }}-monitor.entrypoints=admin-system"', + '"traefik.http.routers.{{ connect_id }}-monitor.entrypoints=monitoring-system"', '"traefik.http.routers.{{ connect_id }}-monitor.tls=true"', '"traefik.http.routers.{{ connect_id }}-monitor.tls.certresolver=letsencrypt"', ] diff --git a/roles/elastic/defaults/main.yaml b/roles/elastic/defaults/main.yaml new file mode 100644 index 0000000..567f957 --- /dev/null +++ b/roles/elastic/defaults/main.yaml @@ -0,0 +1,13 @@ +--- + +elastic_image_name: "docker.elastic.co/elasticsearch/elasticsearch" +elastic_image_version: "7.12.0" + +kibana_image_name: "docker.elastic.co/kibana/kibana" +kibana_image_version: "7.12.0" + +logstash_image_name: "docker.elastic.co/logstash/logstash" +logstash_image_version: "7.12.0" + +elasticsearch_exporter_image_name: "justwatch/elasticsearch_exporter" +elasticsearch_exporter_image_version: "latest" diff --git a/roles/elasticsearch-exporter/handlers/main.yml b/roles/elastic/handlers/main.yml similarity index 100% rename from roles/elasticsearch-exporter/handlers/main.yml rename to roles/elastic/handlers/main.yml diff --git a/roles/elasticsearch-exporter/meta/main.yml b/roles/elastic/meta/main.yml similarity index 100% rename from roles/elasticsearch-exporter/meta/main.yml rename to roles/elastic/meta/main.yml diff --git a/roles/elasticsearch-exporter/tasks/main.yml b/roles/elastic/tasks/main.yaml similarity index 56% rename from roles/elasticsearch-exporter/tasks/main.yml rename to roles/elastic/tasks/main.yaml index c1b32d7..9dd85d9 100644 --- a/roles/elasticsearch-exporter/tasks/main.yml +++ b/roles/elastic/tasks/main.yaml @@ -1,5 +1,9 @@ --- +### tags: +### update_config +### update_deployment + - name: "Send mattermost messsge" uri: url: "{{ mattermost_hook_smardigo }}" @@ -17,6 +21,9 @@ stat: path: '{{ service_base_path }}/{{ role_name }}/docker-compose.yml' register: check_docker_compose_file + tags: + - update_config + - update_deployment - name: "Stop {{ role_name }}" shell: docker-compose down @@ -24,18 +31,50 @@ chdir: '{{ service_base_path }}/{{ role_name }}' when: check_docker_compose_file.stat.exists ignore_errors: yes + tags: + - update_config + - update_deployment -- name: "Deploy service configuration for {{ role_name }}" +- name: "Deploy docker templates for {{ role_name }}" include_role: name: _deploy - tasks_from: configs + tasks_from: templates vars: - current_config: "elasticsearch-exporter" + current_config: "_docker" current_base_path: "{{ service_base_path }}" - current_destination: "elasticsearch-exporter" + current_destination: "elastic" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" - current_docker: "{{ elasticsearch_exporter_docker }}" + current_docker: "{{ elastic_docker }}" + tags: + - update_config + - update_deployment + +- name: "Deploy service templates for {{ role_name }}" + include_role: + name: _deploy + tasks_from: templates + vars: + current_config: "elastic" + current_base_path: "{{ service_base_path }}" + current_destination: "elastic" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + tags: + - update_config + +- name: "Deploy certificate templates for {{ role_name }}" + include_role: + name: _deploy + tasks_from: templates + vars: + current_config: "elastic-certs/certs" + current_base_path: "{{ service_base_path }}" + current_destination: "elastic/certs" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + tags: + - update_config - name: "Update {{ role_name }}" shell: docker-compose pull diff --git a/roles/elastic/vars/main.yml b/roles/elastic/vars/main.yml new file mode 100644 index 0000000..30848c0 --- /dev/null +++ b/roles/elastic/vars/main.yml @@ -0,0 +1,180 @@ +--- + +elastic_id: "{{ service_name }}-elastic" +kibana_id: "{{ service_name }}-kibana" +logstash_id: "{{ service_name }}-logstash" +elastic_exporter_id: "{{ service_name }}-elastic-exporter" + +kibana_labels: [ + '"traefik.enable=true"', + '"traefik.http.routers.{{ kibana_id }}.service={{ kibana_id }}"', + '"traefik.http.routers.{{ kibana_id }}.rule=Host(`{{ stage_server_name }}-kibana.{{ domain }}`)"', + '"traefik.http.routers.{{ kibana_id }}.entrypoints=websecure"', + '"traefik.http.routers.{{ kibana_id }}.tls=true"', + '"traefik.http.routers.{{ kibana_id }}.tls.certresolver=letsencrypt"', + '"traefik.http.services.{{ kibana_id }}.loadbalancer.server.port={{ service_port_kibana }}"', +] + +elastic_docker: { + networks: [ + { + name: back-tier, + external: true, + }, + { + name: front-tier, + external: true, + }, + ], + volumes: [ + { + name: "{{ elastic_id }}-data" + }, + { + name: "{{ logstash_id }}-data" + } + ], + services: [ + { + name: "{{ elastic_id }}", + image_name: "{{ elastic_image_name }}", + image_version: "{{ elastic_image_version }}", + environment: [ + "ES_JAVA_OPTS: -Xms{{ JVM_HEAP_MB | default((ansible_memtotal_mb / 2) | round | int) }}m -Xmx{{ JVM_HEAP_MB | default((ansible_memtotal_mb / 2) | round | int) }}m", + "ELASTIC_PASSWORD: \"{{ elastic_admin_password }}\"", + "node.name: \"{{ elastic_id }}\"", + "cluster.name: dev-elastic-stack", + "discovery.seed_hosts: {{ groups['elastic'] + | difference([inventory_hostname]) + | product(['elastic']) + | map('join', '-') + | join(',') }}", + "cluster.initial_master_nodes: {{ groups['elastic'] + | product(['elastic']) + | map('join', '-') + | join(',')}}", + "bootstrap.memory_lock: \"true\"", + "network.publish_host: {{ elastic_stack_network[inventory_hostname] }}", + "xpack.security.enabled: \"true\"", + "xpack.security.http.ssl.enabled: \"true\"", + "xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/certificates/ca/ca.crt", + "xpack.security.http.ssl.key: /usr/share/elasticsearch/config/certificates/{{ elastic_id }}/{{ elastic_id }}.key", + "xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/certificates/{{ elastic_id }}/{{ elastic_id }}.crt", + "xpack.security.transport.ssl.enabled: \"true\"", + "xpack.security.transport.ssl.certificate_authorities: /usr/share/elasticsearch/config/certificates/ca/ca.crt", + "xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/certificates/{{ elastic_id }}/{{ elastic_id }}.key", + "xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/certificates/{{ elastic_id }}/{{ elastic_id }}.crt", + "xpack.security.transport.ssl.verification_mode: certificate", + ], + volumes: [ + '"{{ elastic_id }}-data:/usr/share/elasticsearch/data"', + '"./certs:/usr/share/elasticsearch/config/certificates:ro"', + '"./config/roles.yml:/usr/share/elasticsearch/config/roles.yml:ro"', + ], + networks: [ + '"back-tier"', + ], + extra_hosts: "{{ elastic_extra_hosts | default([]) }}", + ports: [ + { + "external": "9200", + "internal": "9200", + }, + { + "external": "9300", + "internal": "9300", + }, + ], + lines: [ + "ulimits:", + " memlock:", + " soft: -1", + " hard: -1", + "healthcheck:", + " test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi", + " interval: 30s", + " timeout: 10s", + " retries: 5", + ] + }, + { + name: "{{ kibana_id }}", + image_name: "{{ kibana_image_name }}", + image_version: "{{ kibana_image_version }}", + labels: "{{ kibana_labels + ( kibana_labels_additional | default([])) }}", + environment: [ + "SERVER_NAME: {{ kibana_id }}", + "ELASTICSEARCH_URL: https://{{ elastic_id }}:9200", + "ELASTICSEARCH_HOSTS: '[\"https://{{ elastic_id }}:9200\"]'", + "ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES: /usr/share/elasticsearch/config/certificates/ca/ca.crt", + "ELASTICSEARCH_USERNAME: \"{{ elastic_admin_username }}\"", + "ELASTICSEARCH_PASSWORD: \"{{ elastic_admin_password }}\"", + ], + volumes: [ + '"./certs:/usr/share/elasticsearch/config/certificates:ro"', + ], + networks: [ + '"back-tier"', + '"front-tier"', + ], + extra_hosts: "{{ elastic_extra_hosts | default([]) }}", + }, + { + name: "{{ logstash_id }}", + image_name: "{{ logstash_image_name }}", + image_version: "{{ logstash_image_version }}", + environment: [ + "node.name: \"{{ logstash_id }}\"", + "config.reload.automatic: \"true\"", + "pipeline.ecs_compatibility: v1", + "pipeline.ordered: \"false\"", + "xpack.monitoring.enabled: \"true\"", + "xpack.monitoring.elasticsearch.username: \"{{ elastic_admin_username }}\"", + "xpack.monitoring.elasticsearch.password: \"{{ elastic_admin_password }}\"", + "xpack.monitoring.elasticsearch.hosts: https://{{ elastic_id }}:9200", + "xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/certificates/ca/ca.crt", + ], + volumes: [ + '"{{ logstash_id }}-data:/usr/share/logstash/data"', + '"./config/logstash/pipeline:/usr/share/logstash/pipeline:ro"', + '"./certs:/usr/share/logstash/config/certificates:ro"', + ], + networks: [ + '"back-tier"', + ], + extra_hosts: "{{ elastic_extra_hosts | default([]) }}", + ports: [ + { + external: "5044", + internal: "5044", + }, + ], + }, + { + name: "{{ elastic_exporter_id }}", + image_name: "{{ elasticsearch_exporter_image_name }}", + image_version: "{{ elasticsearch_exporter_image_version }}", + command: [ + '"--es.ca=/certificates/ca/ca.crt"', + '"--es.uri=https://{{ elastic_admin_username }}:{{ elastic_admin_password }}@{{ elastic_id }}:9200"', + ], + labels: [ + '"traefik.enable=true"', + '"traefik.http.routers.{{ elastic_exporter_id }}.service={{ elastic_exporter_id }}"', + '"traefik.http.routers.{{ elastic_exporter_id }}.rule=Host(`{{ service_name }}.{{ domain }}`)"', + '"traefik.http.routers.{{ elastic_exporter_id }}.entrypoints=monitoring-docker"', + '"traefik.http.routers.{{ elastic_exporter_id }}.tls=true"', + '"traefik.http.routers.{{ elastic_exporter_id }}.tls.certresolver=letsencrypt"', + '"traefik.http.services.{{ elastic_exporter_id }}.loadbalancer.server.port=9114"', + ], + volumes: [ + '"./certs:/certificates:ro"', + ], + networks: [ + '"back-tier"', + '"front-tier"', + ], + extra_hosts: "{{ elastic_extra_hosts | default([]) }}", + }, + ], +} diff --git a/roles/elasticsearch-exporter/defaults/main.yml b/roles/elasticsearch-exporter/defaults/main.yml deleted file mode 100644 index a403cc7..0000000 --- a/roles/elasticsearch-exporter/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -elasticsearch_exporter_image_name: "justwatch/elasticsearch_exporter" -elasticsearch_exporter_image_version: "latest" diff --git a/roles/elasticsearch-exporter/vars/main.yml b/roles/elasticsearch-exporter/vars/main.yml deleted file mode 100644 index 0986d49..0000000 --- a/roles/elasticsearch-exporter/vars/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- - -elasticsearch_exporter_id: "{{ service_name }}-elasticsearch-exporter" - -elasticsearch_exporter_docker: { - networks: [ - { - name: back-tier, - external: true, - }, - { - name: front-tier, - external: true, - }, - ], - services: [ - { - name: "{{ elasticsearch_exporter_id }}", - image_name: "{{ elasticsearch_exporter_image_name }}", - image_version: "{{ elasticsearch_exporter_image_version }}", - command: [ - '"--es.ca=/certificates/ca.crt"', - '"--es.uri=https://logstash-ingest:tH1iSiSas3cREt.Passw0rt@es-dev-elastic-stack-01:9200"', - ], - labels: [ - '"traefik.enable=true"', - '"traefik.http.routers.{{ elasticsearch_exporter_id }}.service={{ elasticsearch_exporter_id }}"', - '"traefik.http.routers.{{ elasticsearch_exporter_id }}.rule=Host(`{{ service_name }}.{{ domain }}`)"', - '"traefik.http.routers.{{ elasticsearch_exporter_id }}.entrypoints=admin-docker"', - '"traefik.http.routers.{{ elasticsearch_exporter_id }}.tls=true"', - '"traefik.http.routers.{{ elasticsearch_exporter_id }}.tls.certresolver=letsencrypt"', - '"traefik.http.services.{{ elasticsearch_exporter_id }}.loadbalancer.server.port=9114"', - ], - volumes: [ - '"./certs:/certificates:ro"', - ], - networks: [ - '"back-tier"', - '"front-tier"', - ], - extra_hosts: "{{ elasticsearch_extra_hosts | default([]) }}", - } - ] -} diff --git a/roles/filebeat/tasks/main.yaml b/roles/filebeat/tasks/main.yaml index 9f42148..42e6e6a 100644 --- a/roles/filebeat/tasks/main.yaml +++ b/roles/filebeat/tasks/main.yaml @@ -13,41 +13,63 @@ when: - send_status_messages -- name: "Check if {{ role_name }}/docker-compose.yml exists" +- name: "Check if filebeat/docker-compose.yml exists" stat: - path: '{{ service_base_path }}/{{ role_name }}/docker-compose.yml' + path: '{{ service_base_path }}/filebeat/docker-compose.yml' register: check_docker_compose_file -- name: "Stop {{ role_name }}" +- name: "Stop filebeat" shell: docker-compose down args: - chdir: '{{ service_base_path }}/{{ role_name }}' + chdir: '{{ service_base_path }}/filebeat' when: check_docker_compose_file.stat.exists ignore_errors: yes -- name: "Deploy service configuration for {{ role_name }}" +- name: "Deploy docker templates for filebeat" include_role: name: _deploy - tasks_from: configs + tasks_from: templates vars: - current_config: "filebeat" + current_config: "_docker" current_base_path: "{{ service_base_path }}" current_destination: "filebeat" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" current_docker: "{{ filebeat_docker }}" -- name: "Update {{ role_name }}" +- name: "Deploy service templates for filebeat" + include_role: + name: _deploy + tasks_from: templates + vars: + current_config: "filebeat" + current_base_path: "{{ service_base_path }}" + current_destination: "filebeat" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + +- name: "Deploy certificate templates for filebeat" + include_role: + name: _deploy + tasks_from: templates + vars: + current_config: "elastic-certs/certs" + current_base_path: "{{ service_base_path }}" + current_destination: "filebeat/certs" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + +- name: "Update filebeat" shell: docker-compose pull args: - chdir: '{{ service_base_path }}/{{ role_name }}' + chdir: '{{ service_base_path }}/filebeat' tags: - update_deployment -- name: "Start {{ role_name }}" +- name: "Start filebeat" shell: docker-compose up -d args: - chdir: '{{ service_base_path }}/{{ role_name }}' + chdir: '{{ service_base_path }}/filebeat' - name: "Send mattermost messsge" uri: diff --git a/roles/hcloud/tasks/main.yml b/roles/hcloud/tasks/main.yml index 66a183b..0314fdc 100644 --- a/roles/hcloud/tasks/main.yml +++ b/roles/hcloud/tasks/main.yml @@ -77,6 +77,7 @@ - 'kibana' - 'mail' - 'monitoring' + - 'docker' loop_control: loop_var: current_firewall tags: diff --git a/roles/hcloud/templates/firewall-docker.json2.j2 b/roles/hcloud/templates/firewall-docker.json2.j2 new file mode 100644 index 0000000..5e527c9 --- /dev/null +++ b/roles/hcloud/templates/firewall-docker.json2.j2 @@ -0,0 +1,19 @@ +{ + "name": "docker", + "labels": { + }, + "rules": [ + { + "direction": "in", + "protocol": "tcp", + "port": "443", + "source_ips": [ + "116.203.130.110/32", + "157.90.236.71/32", + "162.55.54.246/32" + ], + "destination_ips": [ + ] + } + ] +} diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index 7b9e675..1f5f9f5 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -42,18 +42,29 @@ tags: - update_deployment -- name: "Deploy service configuration for {{ service_name }}" +- name: "Deploy docker templates for {{ service_name }}" include_role: name: _deploy - tasks_from: configs + tasks_from: templates vars: - current_config: "keycloak" + current_config: "_docker" current_base_path: "{{ service_base_path }}" current_destination: "{{ service_name }}" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" current_docker: "{{ keycloak_docker }}" +- name: "Deploy service templates for {{ service_name }}" + include_role: + name: _deploy + tasks_from: templates + vars: + current_config: "keycloak" + current_base_path: "{{ service_base_path }}" + current_destination: "{{ service_name }}" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + - name: "Update {{ service_name }}" shell: docker-compose pull args: diff --git a/roles/node-exporter/defaults/main.yml b/roles/node-exporter/defaults/main.yml index 011fb62..b1d819e 100644 --- a/roles/node-exporter/defaults/main.yml +++ b/roles/node-exporter/defaults/main.yml @@ -1,68 +1,4 @@ --- -node_exporter_id: "{{ service_name }}-node-exporter" - node_exporter_image_name: "prom/node-exporter" node_exporter_image_version: "v1.1.2" - -node_exporter_docker: { - networks: [ - { - name: front-tier, - external: true, - }, - ], - services: [ - { - name: "{{ node_exporter_id }}", - image_name: "{{ node_exporter_image_name }}", - image_version: "{{ node_exporter_image_version }}", - command: [ - '"--path.procfs=/host/proc"', - '"--path.sysfs=/host/sys"', - '"--no-collector.systemd"', - '"--no-collector.logind"', - '"--no-collector.ntp"', - '"--no-collector.bonding"', - '"--no-collector.bcache"', - '"--no-collector.arp"', - '"--no-collector.edac"', - '"--no-collector.infiniband"', - '"--no-collector.ipvs"', - '"--no-collector.mdadm"', - '"--no-collector.nfs"', - '"--no-collector.nfsd"', - '"--no-collector.wifi"', - '"--no-collector.hwmon"', - '"--no-collector.conntrack"', - '"--no-collector.timex"', - '"--no-collector.zfs"', - '"--collector.tcpstat"', - '"--collector.interrupts"', - '"--collector.meminfo_numa"', - '"--collector.processes"', - '"--collector.textfile"', - '"--collector.textfile.directory=/rootfs/textfiles"', - '"--collector.filesystem.ignored-mount-points"', - '"^/(sys|proc|dev|host|etc|run|run/lock|boot|var/lib/docker|run/docker/netns|var/lib/docker/aufs)($$|/)"', - ], - labels: [ - '"traefik.enable=true"', - '"traefik.http.routers.{{ node_exporter_id }}.service={{ node_exporter_id }}"', - '"traefik.http.routers.{{ node_exporter_id }}.rule=Host(`{{ service_name }}.{{ domain }}`)"', - '"traefik.http.routers.{{ node_exporter_id }}.entrypoints=admin-system"', - '"traefik.http.routers.{{ node_exporter_id }}.tls=true"', - '"traefik.http.routers.{{ node_exporter_id }}.tls.certresolver=letsencrypt"', - '"traefik.http.services.{{ node_exporter_id }}.loadbalancer.server.port={{ service_port_node_exporter }}"', - ], - volumes: [ - '"/proc:/host/proc:ro"', - '"/sys:/host/sys:ro"', - '"/:/rootfs:ro"', - ], - networks: [ - '"front-tier"' - ] - } - ] -} diff --git a/roles/node-exporter/tasks/main.yml b/roles/node-exporter/tasks/main.yml index fc15709..3fd0023 100644 --- a/roles/node-exporter/tasks/main.yml +++ b/roles/node-exporter/tasks/main.yml @@ -13,41 +13,52 @@ when: - send_status_messages -- name: "Check if {{ role_name }}/docker-compose.yml exists" +- name: "Check if node-exporter/docker-compose.yml exists" stat: - path: '{{ service_base_path }}/{{ role_name }}/docker-compose.yml' + path: '{{ service_base_path }}/node-exporter/docker-compose.yml' register: check_docker_compose_file -- name: "Stop {{ role_name }}" +- name: "Stop node-exporter" shell: docker-compose down args: - chdir: '{{ service_base_path }}/{{ role_name }}' + chdir: '{{ service_base_path }}/node-exporter' when: check_docker_compose_file.stat.exists ignore_errors: yes -- name: "Deploy service configuration for {{ role_name }}" +- name: "Deploy docker templates for node-exporter" include_role: name: _deploy - tasks_from: configs + tasks_from: templates vars: - current_config: "node-exporter" + current_config: "_docker" current_base_path: "{{ service_base_path }}" current_destination: "node-exporter" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" current_docker: "{{ node_exporter_docker }}" -- name: "Update {{ role_name }}" +- name: "Deploy service templates for node-exporter" + include_role: + name: _deploy + tasks_from: templates + vars: + current_config: "node-exporter" + current_base_path: "{{ service_base_path }}" + current_destination: "node-exporter" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + +- name: "Update node-exporter" shell: docker-compose pull args: - chdir: '{{ service_base_path }}/{{ role_name }}' + chdir: '{{ service_base_path }}/node-exporter' tags: - update_deployment -- name: "Start {{ role_name }}" +- name: "Start node-exporter" shell: docker-compose up -d args: - chdir: '{{ service_base_path }}/{{ role_name }}' + chdir: '{{ service_base_path }}/node-exporter' - name: "Send mattermost messsge" uri: diff --git a/roles/node-exporter/vars/main.yml b/roles/node-exporter/vars/main.yml index dfc778f..2a58d29 100644 --- a/roles/node-exporter/vars/main.yml +++ b/roles/node-exporter/vars/main.yml @@ -47,7 +47,7 @@ node_exporter_docker: { '"traefik.enable=true"', '"traefik.http.routers.{{ node_exporter_id }}.service={{ node_exporter_id }}"', '"traefik.http.routers.{{ node_exporter_id }}.rule=Host(`{{ service_name }}.{{ domain }}`)"', - '"traefik.http.routers.{{ node_exporter_id }}.entrypoints=admin-system"', + '"traefik.http.routers.{{ node_exporter_id }}.entrypoints=monitoring-system"', '"traefik.http.routers.{{ node_exporter_id }}.tls=true"', '"traefik.http.routers.{{ node_exporter_id }}.tls.certresolver=letsencrypt"', '"traefik.http.services.{{ node_exporter_id }}.loadbalancer.server.port={{ service_port_node_exporter }}"', diff --git a/roles/postfix/.github/workflows/ci.yml b/roles/postfix/.github/workflows/ci.yml deleted file mode 100644 index e8a0475..0000000 --- a/roles/postfix/.github/workflows/ci.yml +++ /dev/null @@ -1,80 +0,0 @@ ---- -name: CI -'on': - pull_request: - push: - branches: - - master - schedule: - - cron: '30 1 * * 3' - -jobs: - - lint: - name: Lint - runs-on: ubuntu-latest - steps: - - name: Check out the codebase - uses: actions/checkout@v2 - - - name: Set up Python 3 - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies - run: pip install ansible-lint[community,yamllint] - - - name: Lint code - run: | - yamllint . - ansible-lint - - molecule: - name: Molecule - runs-on: ubuntu-latest - defaults: - run: - working-directory: "${{ github.repository }}" - needs: - - lint - strategy: - fail-fast: false - matrix: - include: - - distro: debian8 - - distro: debian9 - - distro: debian10 - - distro: ubuntu1604 - ansible-version: '>=2.8, <2.9' - - distro: ubuntu1604 - ansible-version: '>=2.9, <2.10' - - distro: ubuntu1604 - ansible-version: '>=2.10, <2.11' - - distro: ubuntu1604 - - distro: ubuntu1804 - - distro: ubuntu2004 - - steps: - - name: Check out the codebase - uses: actions/checkout@v2 - with: - path: "${{ github.repository }}" - - - name: Set up Python 3 - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies - run: pip install 'ansible${{ matrix.ansible-version }}' molecule[docker] docker - - - name: Run Molecule tests - run: | - molecule test - env: - ANSIBLE_FORCE_COLOR: '1' - ANSIBLE_VERBOSITY: '2' - MOLECULE_DEBUG: '1' - MOLECULE_DISTRO: "${{ matrix.distro }}" - PY_COLORS: '1' diff --git a/roles/postfix/.github/workflows/release.yml b/roles/postfix/.github/workflows/release.yml deleted file mode 100644 index 2354e68..0000000 --- a/roles/postfix/.github/workflows/release.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -name: Release -'on': - push: - tags: - - '*' - -jobs: - - release: - name: Release - runs-on: ubuntu-latest - steps: - - name: Check out the codebase - uses: actions/checkout@v2 - - - name: Publish to Galaxy - uses: robertdebock/galaxy-action@1.1.0 - with: - galaxy_api_key: ${{ secrets.GALAXY_API_KEY }} diff --git a/roles/prometheus/tasks/main.yml b/roles/prometheus/tasks/main.yml index 29a091d..f6c56c9 100644 --- a/roles/prometheus/tasks/main.yml +++ b/roles/prometheus/tasks/main.yml @@ -2,6 +2,7 @@ ### tags: ### update_config +### update_deployment - name: "Send mattermost messsge" uri: @@ -46,6 +47,7 @@ register: check_docker_compose_file tags: - update_config + - update_deployment - name: "Stop {{ service_name }}" shell: docker-compose down @@ -53,13 +55,15 @@ chdir: '{{ service_base_path }}/{{ service_name }}' when: check_docker_compose_file.stat.exists ignore_errors: yes + tags: + - update_deployment -- name: "Deploy service configuration for {{ service_name }}" +- name: "Deploy docker templates for {{ service_name }}" include_role: name: _deploy - tasks_from: configs + tasks_from: templates vars: - current_config: "prometheus" + current_config: "_docker" current_base_path: "{{ service_base_path }}" current_destination: "{{ service_name }}" current_owner: "{{ docker_owner }}" @@ -68,6 +72,26 @@ tags: - update_config +- name: "Deploy service templates for {{ service_name }}" + include_role: + name: _deploy + tasks_from: templates + vars: + current_config: "prometheus" + current_base_path: "{{ service_base_path }}" + current_destination: "{{ service_name }}" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + tags: + - update_config + +- name: "Update {{ service_name }}" + shell: docker-compose pull + args: + chdir: '{{ service_base_path }}/{{ service_name }}' + tags: + - update_deployment + - name: "Start {{ service_name }}" shell: | docker-compose down @@ -76,6 +100,7 @@ chdir: '{{ service_base_path }}/{{ service_name }}' tags: - update_config + - update_deployment - name: "Update landing page for {{ service_name }}" include_role: diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml index 20a4dd1..6978230 100644 --- a/roles/traefik/tasks/main.yml +++ b/roles/traefik/tasks/main.yml @@ -13,34 +13,45 @@ when: - send_status_messages -- name: "Check if {{ role_name }}/docker-compose.yml exists" +- name: "Check if traefik/docker-compose.yml exists" stat: - path: '{{ service_base_path }}/{{ role_name }}/docker-compose.yml' + path: '{{ service_base_path }}/traefik/docker-compose.yml' register: check_docker_compose_file -- name: "Stop {{ role_name }}" +- name: "Stop traefik" shell: docker-compose down args: - chdir: '{{ service_base_path }}/{{ role_name }}' + chdir: '{{ service_base_path }}/traefik' when: check_docker_compose_file.stat.exists ignore_errors: yes -- name: "Deploy service configuration for {{ role_name }}" +- name: "Deploy docker templates for traefik" include_role: name: _deploy - tasks_from: configs + tasks_from: templates + vars: + current_config: "_docker" + current_base_path: "{{ service_base_path }}" + current_destination: "traefik" + current_owner: "{{ docker_owner }}" + current_group: "{{ docker_group }}" + current_docker: "{{ traefik_docker }}" + +- name: "Deploy service templates for traefik" + include_role: + name: _deploy + tasks_from: templates vars: current_config: "traefik" current_base_path: "{{ service_base_path }}" current_destination: "traefik" current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" - current_docker: "{{ caddy_docker }}" - name: "Ensure acme.json exists" copy: content: "" - dest: '{{ service_base_path }}/{{ role_name }}/acme.json' + dest: '{{ service_base_path }}/traefik/acme.json' force: no owner: "{{ docker_owner }}" group: "{{ docker_group }}" @@ -53,31 +64,31 @@ vars: current_services: [] -- name: "Update landing page for {{ role_name }}" +- name: "Update landing page for traefik" include_role: name: _deploy tasks_from: caddy_landing_page vars: current_services: [ { - current_name: "{{ role_name }}", + current_name: "traefik", current_url: "{{ http_s }}://{{ stage_server_url_host }}:{{ admin_port_traefik }}", current_version: "{{ traefik_image_version }}", current_date: "{{ ansible_date_time.iso8601 }}", }, ] -- name: "Update {{ role_name }}" +- name: "Update traefik" shell: docker-compose pull args: - chdir: '{{ service_base_path }}/{{ role_name }}' + chdir: '{{ service_base_path }}/traefik' tags: - update_deployment -- name: "Start {{ role_name }}" +- name: "Start traefik" shell: docker-compose up -d args: - chdir: '{{ service_base_path }}/{{ role_name }}' + chdir: '{{ service_base_path }}/traefik' - name: "Send mattermost messsge" uri: diff --git a/roles/traefik/vars/main.yml b/roles/traefik/vars/main.yml index ac8291f..4b1b2c3 100644 --- a/roles/traefik/vars/main.yml +++ b/roles/traefik/vars/main.yml @@ -2,7 +2,7 @@ traefik_id: "{{ service_name }}-traefik" -caddy_docker: { +traefik_docker: { networks: [ { name: front-tier, @@ -64,6 +64,10 @@ caddy_docker: { external: "0.0.0.0:{{ monitor_port_docker }}", internal: "{{ monitor_port_docker }}" }, + { + external: "0.0.0.0:{{ monitor_port_elastic }}", + internal: "{{ monitor_port_elastic }}" + }, ], dns: [ '"8.8.8.8"', diff --git a/setup.yml b/setup.yml index 4ff581a..a2107f2 100644 --- a/setup.yml +++ b/setup.yml @@ -11,6 +11,8 @@ - ansible_version.major >= 2 - ansible_version.minor >= 10 msg: "The ansible version has to be at least ({{ ansible_version.full }})" + tags: + - common - name: Remove outdated dependencies apt: name: [ @@ -27,6 +29,7 @@ state: 'absent' when: ansible_distribution == "Ubuntu" tags: + - common - install - name: "Gather current server infos" @@ -35,12 +38,16 @@ register: hetzner_server_infos delegate_to: 127.0.0.1 become: false + tags: + - common - name: "Set current server infos as fact: hetzner_server_infos_json" set_fact: hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}" delegate_to: 127.0.0.1 become: false + tags: + - common - name: "Read ip address for {{ inventory_hostname }}" set_fact: @@ -49,11 +56,15 @@ with_items: "{{ hetzner_server_infos_json }}" delegate_to: 127.0.0.1 become: false + tags: + - common - name: Print the gathered infos debug: var: stage_server_ip delegate_to: 127.0.0.1 + tags: + - common roles: - role: ansible-role-docker @@ -76,11 +87,6 @@ tags: - node-exporter - - role: elasticsearch-exporter - when: "'elastic' in group_names" - tags: - - elasticsearch-exporter - - role: traefik when: traefik_enabled | default(True) tags: diff --git a/smardigo.yml b/smardigo.yml index d13255b..34f2ad2 100644 --- a/smardigo.yml +++ b/smardigo.yml @@ -11,6 +11,8 @@ - ansible_version.major >= 2 - ansible_version.minor >= 10 msg: "The ansible version has to be at least ({{ ansible_version.full }})" + delegate_to: 127.0.0.1 + become: false - name: "Gather current server infos" hcloud_server_info: @@ -18,12 +20,16 @@ register: hetzner_server_infos delegate_to: 127.0.0.1 become: false + tags: + - update_networks - name: "Set current server infos as fact: hetzner_server_infos_json" set_fact: hetzner_server_infos_json: "{{ hetzner_server_infos.hcloud_server_info }}" delegate_to: 127.0.0.1 become: false + tags: + - update_networks - name: "Read ip address for {{ inventory_hostname }}" set_fact: @@ -32,11 +38,16 @@ with_items: "{{ hetzner_server_infos_json }}" delegate_to: 127.0.0.1 become: false + tags: + - update_networks - name: Print the gathered infos debug: var: stage_server_ip delegate_to: 127.0.0.1 + become: false + tags: + - update_networks - name: "Check docker networks" include_role: @@ -52,5 +63,7 @@ when: "'postfix' in group_names" - role: harbor when: "'harbor' in group_names" + - role: elastic + when: "'elastic' in group_names" - role: prometheus when: "'prometheus' in group_names" diff --git a/stage-dev b/stage-dev index 44ba159..cb6bb89 100644 --- a/stage-dev +++ b/stage-dev @@ -1,4 +1,5 @@ [connect] +# --- dev-connect-01 dev-connect-02 dev-connect-03 diff --git a/templates/_docker/docker-compose.yml.j2 b/templates/_docker/docker-compose.yml.j2 index d61c940..d29799c 100644 --- a/templates/_docker/docker-compose.yml.j2 +++ b/templates/_docker/docker-compose.yml.j2 @@ -31,6 +31,7 @@ services: {{ service.name }}: image: "{{ service.image_name }}:{{ service.image_version }}" container_name: "{{ service.name }}" + hostname: "{{ service.name }}" restart: {{ service.restart | default('always') }} {% if service.user is defined @@ -137,5 +138,15 @@ services: {% endfor %} {% endif %} {# ########################################### ports #} +{# ########################################### lines #} +{% if + service.lines is defined + and (service.lines|length>0) +%} +{% for line in service.lines %} + {{ line }} +{% endfor %} +{% endif %} +{# ########################################### lines #} {% endfor %} {# ################################################## services #} \ No newline at end of file diff --git a/templates/elastic-certs/certs/ca/ca.crt b/templates/elastic-certs/certs/ca/ca.crt new file mode 100644 index 0000000..1b48812 --- /dev/null +++ b/templates/elastic-certs/certs/ca/ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSTCCAjGgAwIBAgIUVhr/fFCsHpvnnkLysUWsmFWyQikwDQYJKoZIhvcNAQEL +BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l +cmF0ZWQgQ0EwHhcNMjEwNjE2MTYxNTMzWhcNMjIwNjE2MTYxNTMzWjA0MTIwMAYD +VQQDEylFbGFzdGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIErWmUedk6+q2P4BSoeBSMM +fMwPC1TG2LwsrVWmobDtLmmhe3qyRRB9TNUottUOOmncRL6J5SJFU3SqFQTfBwST +d4lARI1gDVtRNMLGDoJbT/TmsDK092mHEVY5TVN9zkZp+5H0ANUz9QViscPllRZL +iLOGSjx8Zg2viOOVpRA+uAEsE681mGVApXgvPMa1iQnsH/bz3EU9MOws/xS6Aj+F +8IJr1Vi/8Ww2JiagtObPxoKIs8tLjm0eab9VtOMsfOoAyZ+k5ywGUaeFS83XRlwN +7VTdIqz8v3PDuxBCjptozUp7yDUAu0WmCjlwrTjXOv7GoSJRvtpQmmS7nFIdJP0C +AwEAAaNTMFEwHQYDVR0OBBYEFC0XSbWgzKkOfhHLmhhpqxFffNpcMB8GA1UdIwQY +MBaAFC0XSbWgzKkOfhHLmhhpqxFffNpcMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHmTUpBANJbLMTYdBrZ/BlFzK2zWvCUgpe3x4wK/zr/RtxgF +sq1LALfbLW1NCxZmLk0VleumlRNpz817gE0TKJnVZAO1PD3rwtFx8WaaQ8sfdRgx +z6UE2TxhYRNNJpkqJnX8SsU7zKxxV/sVn3ZXPuEagJ9x3j9hbgPA7lIGoJqaakII +WD1iHJxqqv7CAaFrWlYwJY5KALpv24RWzUwT5/iLCKc3AZH37B0gPh6GY4NBvsXm +RFoELoxkGRCdfwy6V4jbn09H65IrwP6YUflcsCaAlsAlVULb7eEo3CH80bmC8vBY +E/57kzbwq4BLr48lvxUnvRtQ/Yobr6AzrgnH2Qk= +-----END CERTIFICATE----- diff --git a/templates/elastic-certs/certs/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.crt b/templates/elastic-certs/certs/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.crt new file mode 100644 index 0000000..ee9e0c7 --- /dev/null +++ b/templates/elastic-certs/certs/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUbFq7ne37aALOCiMKRle1BrNWzFQwDQYJKoZIhvcNAQEL +BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l +cmF0ZWQgQ0EwHhcNMjEwNjE2MTYxNTM0WhcNMjIwNjE2MTYxNTM0WjAnMSUwIwYD +VQQDExxkZXYtZWxhc3RpYy1zdGFjay0wMS1lbGFzdGljMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAm9QP3JEVIwi/I0dIR/UxbyWeTk86C+1fJF8Dq1R4 +KiYRqNS0O9MJupqO82f/0hfJxlxloTwsYH3ZQWQ5jf+uEYFQe34S7H9jLidI71Kq +98H/OmKdHVi4WxJ7zFPdnHpfKiQP0Jni4GBOZN96JAuKdXfxtvuNH6mfOTtLHENb +47824WqaiJCOKaPbOPEz+27d9ceSGkjZIjkysHC8lFpmOAsRq24ykdblnQy14Mwz +VPOOw67W2ij4lEByM/IYlJwxV7GUIrlZEQg9+ID31ypCBiQfXyIu64DB/bQ3qlhV +WpZToMOJ7NDR6peW7oLIV+jhsulDfPVVF1ya6wbY5q/r+QIDAQABo4GIMIGFMB0G +A1UdDgQWBBQvkCbDh3sEb/JkbGHYxLTogDC+kzAfBgNVHSMEGDAWgBQtF0m1oMyp +Dn4Ry5oYaasRX3zaXDA4BgNVHREEMTAvgglsb2NhbGhvc3SCHGRldi1lbGFzdGlj +LXN0YWNrLTAxLWVsYXN0aWOHBAoAAAIwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsF +AAOCAQEAZtu8WXbqQU/a3Aw+n7JkC9qkJzrZeF6Oo3tjEN6aG2j5zo9ZTDsM6Jep +oHfl1WeJo3BoeA3eCO3uLD5cDl/QxU4mOc8gIlzI3/uGBRrbZci4aB97vn28oafe +gOznGiJzcjgEMD/i2iuQ+sBqrloaAje7XALeKC/dSCuK+XEfM2fFkeMzwJQi8tVQ +yX8ve3cYb+eqUFcBBSXIIYop9R3d+GXofE8N+Hc0/pibD9ZAnQ5ZQOGSWoeUEZmw +UhzW3xF6KBDKJorewh9mWd6KS5O+XQ0R0Y7J7MJGsRxhiTRSwMlhSGW0P1P0JR7g +E5R18LbQ+3TMksjEtZqM0nQd4a+Yow== +-----END CERTIFICATE----- diff --git a/templates/elastic-certs/certs/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.key b/templates/elastic-certs/certs/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.key new file mode 100644 index 0000000..1c5679e --- /dev/null +++ b/templates/elastic-certs/certs/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAm9QP3JEVIwi/I0dIR/UxbyWeTk86C+1fJF8Dq1R4KiYRqNS0 +O9MJupqO82f/0hfJxlxloTwsYH3ZQWQ5jf+uEYFQe34S7H9jLidI71Kq98H/OmKd +HVi4WxJ7zFPdnHpfKiQP0Jni4GBOZN96JAuKdXfxtvuNH6mfOTtLHENb47824Wqa +iJCOKaPbOPEz+27d9ceSGkjZIjkysHC8lFpmOAsRq24ykdblnQy14MwzVPOOw67W +2ij4lEByM/IYlJwxV7GUIrlZEQg9+ID31ypCBiQfXyIu64DB/bQ3qlhVWpZToMOJ +7NDR6peW7oLIV+jhsulDfPVVF1ya6wbY5q/r+QIDAQABAoIBAGAfHXGnJOypdo3i +aJnKi6XOBKq1gE7fK3MaEP9caYtGVFpaapsEgNnUgR1wJ4OHHPX5BM/CeHVE7ADE +PCR1dQBjTiv/BtlPcvSDUyAdVEzkI/X14oi5s26qJidSDD971Lv/5ql8Y1CY14Kt +v4AAhnYTeMywusqvLQJ2qsxSWJpQ36LQLYlzNvTSKrRXhhh/CkidUYkWszrPjoxw +P17T5S0thjcocygg1aQ+84pqhFA6FUQzLvWYjDDaMuvYBws8jFk0O9lXUUdCQTes +S6FdMTOhbSYeng2LsslRvASsBcDBz3z/n1ZUkvjvaMeRWEcr7pZIEjyWoKCRxFAX +zMyXswECgYEA21J48IzqW7JwMfVSe91bwqSg7DGjmyJKGIhjTasEE73wJiqP2z0E +K9kiOmu/uOl5NQ+lM+0EJ+EkObXb4fA6y03g3EJ6QHNcR9j3wUfuf7hgxKD/1q+K +ew5SvpTSDZ6il5LRtrbR1FD7HxuP9trSYK0U5/J3u5Vg0SrWQS+2cHECgYEAteNR +96Kb0mNI/gQQo6AMrjjMaH44ER4fZfhJiwis42JqvUV6Qmen/rhS2BtHLShtIZhS +0h/R76G0tcnK9uC+t8FXgaWJSNQPBmK6PoPuUiYhRibwgZ9vd606QNkwCm4aNawm +dYo+tpb/8RLbHDWkhPxQWIXC1Qa2IxQlapYheAkCgYAf3n0KXz+SsXwSFla0/vZd +czSa/Z+LZFEl/XOIjqgaAkiKEzcyIUyg3n1VxeBnCy38othbkj4/WTy9Ugqwawrw +DdH1z4caJGktW36szDoAvxb4m3hxhrJ1rSAi51caeYmgwsnMZgZZdqb23zdtJGDb +gWr/RUFWtZ8K5dGaSUeWUQKBgBEaCJDyFxiXATvxAeeAmvCeoomIpJjnbihWSgPq +kubmUAbvy2kG+gK3LgLnva9/R5OLEO5003Zmi+kzygOgag44/ZNRDzFrzuXYzo4m +NXg/4Y0JCEAHz6E/BmUmhp/Ubl5xi0Qt9WuRkwsFrNhgKtHeL2fDW+hPszxlHoeB +CjCRAoGBAJ3QwP3FsFYpxug3g04tbaJOQD/jyrjWu4clxMBJtawfLtLrPMVUA7UR +n5YQeGkdmeKsYhglTBZsmoaXy8edmiQkSBJYUN1xF8Jlj0uDIzkFqOiHKXjvh1rp +1I3o865MBQOt2eR3IIMYArahka86hf6cY67PJFZLonGyuk4vJQb2 +-----END RSA PRIVATE KEY----- diff --git a/templates/elastic-certs/certs/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.pkcs8.key b/templates/elastic-certs/certs/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.pkcs8.key new file mode 100644 index 0000000..42a073e --- /dev/null +++ b/templates/elastic-certs/certs/dev-elastic-stack-01-elastic/dev-elastic-stack-01-elastic.pkcs8.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCb1A/ckRUjCL8j +R0hH9TFvJZ5OTzoL7V8kXwOrVHgqJhGo1LQ70wm6mo7zZ//SF8nGXGWhPCxgfdlB +ZDmN/64RgVB7fhLsf2MuJ0jvUqr3wf86Yp0dWLhbEnvMU92cel8qJA/QmeLgYE5k +33okC4p1d/G2+40fqZ85O0scQ1vjvzbhapqIkI4po9s48TP7bt31x5IaSNkiOTKw +cLyUWmY4CxGrbjKR1uWdDLXgzDNU847DrtbaKPiUQHIz8hiUnDFXsZQiuVkRCD34 +gPfXKkIGJB9fIi7rgMH9tDeqWFVallOgw4ns0NHql5bugshX6OGy6UN89VUXXJrr +Btjmr+v5AgMBAAECggEAYB8dcack7Kl2jeJomcqLpc4EqrWATt8rcxoQ/1xpi0ZU +WlpqmwSA2dSBHXAng4cc9fkEz8J4dUTsAMQ8JHV1AGNOK/8G2U9y9INTIB1UTOQj +9fXiiLmzbqomJ1IMP3vUu//mqXxjUJjXgq2/gACGdhN4zLC6yq8tAnaqzFJYmlDf +otAtiXM29NIqtFeGGH8KSJ1RiRazOs+OjHA/XtPlLS2GNyhzKCDVpD7zimqEUDoV +RDMu9ZiMMNoy69gHCzyMWTQ72VdRR0JBN6xLoV0xM6FtJh6eDYuyyVG8BKwFwMHP +fP+fVlSS+O9ox5FYRyvulkgSPJagoJHEUBfMzJezAQKBgQDbUnjwjOpbsnAx9VJ7 +3VvCpKDsMaObIkoYiGNNqwQTvfAmKo/bPQQr2SI6a7+46Xk1D6Uz7QQn4SQ5tdvh +8DrLTeDcQnpAc1xH2PfBR+5/uGDEoP/Wr4p7DlK+lNINnqKXktG2ttHUUPsfG4/2 +2tJgrRTn8ne7lWDRKtZBL7ZwcQKBgQC141H3opvSY0j+BBCjoAyuOMxofjgRHh9l ++EmLCKzjYmq9RXpCZ6f+uFLYG0ctKG0hmFLSH9HvobS1ycr24L63wVeBpYlI1A8G +Yro+g+5SJiFGJvCBn293rTpA2TAKbho1rCZ1ij62lv/xEtscNaSE/FBYhcLVBrYj +FCVqliF4CQKBgB/efQpfP5KxfBIWVrT+9l1zNJr9n4tkUSX9c4iOqBoCSIoTNzIh +TKDefVXF4GcLLfyi2FuSPj9ZPL1SCrBrCvAN0fXPhxokaS1bfqzMOgC/FvibeHGG +snWtICLnVxp5iaDCycxmBll2pvbfN20kYNuBav9FQVa1nwrl0ZpJR5ZRAoGAERoI +kPIXGJcBO/EB54Ca8J6iiYikmOduKFZKA+qS5uZQBu/LaQb6ArcuAue9r39Hk4sQ +7nTTdmaL6TPKA6BqDjj9k1EPMWvO5djOjiY1eD/hjQkIQAfPoT8GZSaGn9RuXnGL +RC31a5GTCwWs2GAq0d4vZ8Nb6E+zPGUeh4EKMJECgYEAndDA/cWwVinG6DeDTi1t +ok5AP+PKuNa7hyXEwEm1rB8u0us8xVQDtRGflhB4aR2Z4qxiGCVMFmyahpfLx52a +JCRIElhQ3XEXwmWPS4MjOQWo6IcpeO+HWunUjejzrkwFA63Z5HcggxgCtqGRrzqF +/pxjrs8kVkuicbK6Ti8lBvY= +-----END PRIVATE KEY----- diff --git a/templates/elastic-certs/certs/dev-elastic-stack-02-elastic/dev-elastic-stack-02-elastic.crt b/templates/elastic-certs/certs/dev-elastic-stack-02-elastic/dev-elastic-stack-02-elastic.crt new file mode 100644 index 0000000..e202a59 --- /dev/null +++ b/templates/elastic-certs/certs/dev-elastic-stack-02-elastic/dev-elastic-stack-02-elastic.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUBgYjAz4JNclFNUyJmTurF02hj6UwDQYJKoZIhvcNAQEL +BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l +cmF0ZWQgQ0EwHhcNMjEwNjE2MTYxNTM0WhcNMjIwNjE2MTYxNTM0WjAnMSUwIwYD +VQQDExxkZXYtZWxhc3RpYy1zdGFjay0wMi1lbGFzdGljMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAh5wXprDlL+1sLYQoJMoB0FBEiREFl7ZBLbBfYSPs +4v1PJV7g/ZVfWXWAkwAqLWKah4pEKlQk8un5q2FPImtYUpaNIAvxRaRvraAltofH +TLt3CFpvtHTujfSKWiX4swvy7tFrk3dwtPPKug5kzBh1ZjsFXUBEdcFc7xTRkJ7h ++QqB9q45+NEMRQoEroeMeSSY5ae849FD8wQsd/cFz067HDkgcXmZLBRaw9F5xuwI +m6AB3vvzVpJ/ngeOILvHCDd92sLIXqeHIZy5uIFoDGrP9CfpBwcNYs4hjeJ3id1K +THDTBG+86UO2UzeS2fUGehEtFqMfS1VjtUPo3VsiB3eHxwIDAQABo4GIMIGFMB0G +A1UdDgQWBBSpUcQa4zu7e4XIMYW79AjqX6GQeDAfBgNVHSMEGDAWgBQtF0m1oMyp +Dn4Ry5oYaasRX3zaXDA4BgNVHREEMTAvghxkZXYtZWxhc3RpYy1zdGFjay0wMi1l +bGFzdGljgglsb2NhbGhvc3SHBAoAAAMwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsF +AAOCAQEAJmU1bJOBOzAwiXjD0MJ37VRrWL3gfqI89C/xwTBmPj9qMD7rL5l4ph7u +ReVJo8jzU64F33yRf2cozfJGQLP96hOSoozVDCxqgmVJMgZUwNyhXcAdE8HUBxGQ +ZqZucCakGerI9+wdJ4VUuSTvBd2vLGnrvv3qB4pm9lS/d0OW1hIgGg06x2y/Ms+Z +Acb2RQ+rV7jYkqES73zxjmvzRQXp+XF+11S/jkA3RRCJIxf0EflsO8IoIeJ5YKgq +zjDZ2HgB2uyHSyeI22p3UDmYT2wqfWPUj9/Ma/uCnTglywpelgENHGVfETEgdD+f +Tm0UfwSwCwSB1zKTKuwxIl4EUHu+aw== +-----END CERTIFICATE----- diff --git a/templates/elastic-certs/certs/dev-elastic-stack-02-elastic/dev-elastic-stack-02-elastic.key b/templates/elastic-certs/certs/dev-elastic-stack-02-elastic/dev-elastic-stack-02-elastic.key new file mode 100644 index 0000000..06b0740 --- /dev/null +++ b/templates/elastic-certs/certs/dev-elastic-stack-02-elastic/dev-elastic-stack-02-elastic.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAh5wXprDlL+1sLYQoJMoB0FBEiREFl7ZBLbBfYSPs4v1PJV7g +/ZVfWXWAkwAqLWKah4pEKlQk8un5q2FPImtYUpaNIAvxRaRvraAltofHTLt3CFpv +tHTujfSKWiX4swvy7tFrk3dwtPPKug5kzBh1ZjsFXUBEdcFc7xTRkJ7h+QqB9q45 ++NEMRQoEroeMeSSY5ae849FD8wQsd/cFz067HDkgcXmZLBRaw9F5xuwIm6AB3vvz +VpJ/ngeOILvHCDd92sLIXqeHIZy5uIFoDGrP9CfpBwcNYs4hjeJ3id1KTHDTBG+8 +6UO2UzeS2fUGehEtFqMfS1VjtUPo3VsiB3eHxwIDAQABAoIBAAx+9rL2g/f5oclD +70sMjkQ60UXsGp7TPYhPQ0q5O7/i5aMk7giP9hxRNorVLg3Gk0TAGe3omQsFQmtn +aRpb1+SsWM7GKvJm55+RLUh3lIbek2Zipv5y8/SCvyj1bMha5oTZKVeKXwldmaWx +Y9pmupK0B5eDL4vGSKEDQxhXe60uBwjN8iAN1tdDEsenq4DyBCCWxpAjSud5bCNC +m2THXivAep9jItcYJAzMQhLL7H864HWpegSNfiKspSXuGPzGhOmaPzUk5QNLkhc8 +OHfm5MCFP9Sp5VJQWFJYHKKNXVV84MIIe7sSX7t7GfkQGYwWaIfVT7EiJgsR/fUc +xPGWRwECgYEA1aGUasR8wFt8qd1+bMzQxgC/ygJg3Mbthxiud0Slzv4nHEFtD3ua +qKUQmi1QCL4fQOXwBN4r/YptqYkFG+Kzt6JmaHNnyTjMZqoV45O6LbYlMOJp7ddi +yArwiyjZrStw9CX+2DlsuQMnsfq1g9TSYsKxWkPDIY5tn4XsNL6QfYECgYEAooE7 +FuNHagF24rvn4eIZiG4AyJP0R698sqdxpgKNU+2h1WTAWfJ6qic39J+r4joyTQ17 +WVZL23js3CHl8CooAr/g5bssUe5ieQEuRlz+RD5ZhX1D4/nnnQ3B7/8XNAwtLSBv +CcFtfH4FY3je1SxOJvE44TNpFtGWRlPMm+DzOUcCgYBwosLYEEUePp5aCXhw8QRa +gWadoedkQFZYVoEWTVGG86W3Vh+kfC0tIerA/4clNOjRlOqaBnH3Ohdbvey9qSfM +eIm6JK7h/1p1/tOPrAILu++b+KSVTGy+wFXXaXBrx23ErIvTgWN7oNg7FM7DdWB/ +xdswlm25sZjG9Rt3K8qPAQKBgDwPg2VcLyLQ073NMVDdHg68iXGYrWppQ69MD8cJ +nm5sn6mdCTK1WfzVbertsLt2Qu0TlIlaScMeGHzr0m5HRm5tuJNv8Ft/vcl3VEER +UbCrUq7xs0vpK19ynEE1iL/l2DSbji6O3QZsFVXEcKddLq1Z7mnddHPIlr/7bN4X +8A01AoGBAKSeBwgIKYQ3lik56Jr4g2BjN2iloBGT+OJqvHIsUGW3MNoBBoZsteUn +XfYw+9PgGcP6OESLwHAi1VOf6S6UV4VpFmUAbaQP87Zptew9k49jXb6jPkTDeMyl +FugtEJK1u4Iet/VecvBQriqMv7kDLH54o/mYhor6dCalcLBhqp1w +-----END RSA PRIVATE KEY----- diff --git a/templates/elastic-certs/certs/dev-elastic-stack-02-elastic/dev-elastic-stack-02-elastic.pkcs8.key b/templates/elastic-certs/certs/dev-elastic-stack-02-elastic/dev-elastic-stack-02-elastic.pkcs8.key new file mode 100644 index 0000000..aef5284 --- /dev/null +++ b/templates/elastic-certs/certs/dev-elastic-stack-02-elastic/dev-elastic-stack-02-elastic.pkcs8.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCHnBemsOUv7Wwt +hCgkygHQUESJEQWXtkEtsF9hI+zi/U8lXuD9lV9ZdYCTACotYpqHikQqVCTy6fmr +YU8ia1hSlo0gC/FFpG+toCW2h8dMu3cIWm+0dO6N9IpaJfizC/Lu0WuTd3C088q6 +DmTMGHVmOwVdQER1wVzvFNGQnuH5CoH2rjn40QxFCgSuh4x5JJjlp7zj0UPzBCx3 +9wXPTrscOSBxeZksFFrD0XnG7AiboAHe+/NWkn+eB44gu8cIN33awshep4chnLm4 +gWgMas/0J+kHBw1iziGN4neJ3UpMcNMEb7zpQ7ZTN5LZ9QZ6ES0Wox9LVWO1Q+jd +WyIHd4fHAgMBAAECggEADH72svaD9/mhyUPvSwyORDrRRewantM9iE9DSrk7v+Ll +oyTuCI/2HFE2itUuDcaTRMAZ7eiZCwVCa2dpGlvX5KxYzsYq8mbnn5EtSHeUht6T +ZmKm/nLz9IK/KPVsyFrmhNkpV4pfCV2ZpbFj2ma6krQHl4Mvi8ZIoQNDGFd7rS4H +CM3yIA3W10MSx6ergPIEIJbGkCNK53lsI0KbZMdeK8B6n2Mi1xgkDMxCEsvsfzrg +dal6BI1+IqylJe4Y/MaE6Zo/NSTlA0uSFzw4d+bkwIU/1KnlUlBYUlgcoo1dVXzg +wgh7uxJfu3sZ+RAZjBZoh9VPsSImCxH99RzE8ZZHAQKBgQDVoZRqxHzAW3yp3X5s +zNDGAL/KAmDcxu2HGK53RKXO/iccQW0Pe5qopRCaLVAIvh9A5fAE3iv9im2piQUb +4rO3omZoc2fJOMxmqhXjk7ottiUw4mnt12LICvCLKNmtK3D0Jf7YOWy5Ayex+rWD +1NJiwrFaQ8Mhjm2fhew0vpB9gQKBgQCigTsW40dqAXbiu+fh4hmIbgDIk/RHr3yy +p3GmAo1T7aHVZMBZ8nqqJzf0n6viOjJNDXtZVkvbeOzcIeXwKigCv+DluyxR7mJ5 +AS5GXP5EPlmFfUPj+eedDcHv/xc0DC0tIG8JwW18fgVjeN7VLE4m8TjhM2kW0ZZG +U8yb4PM5RwKBgHCiwtgQRR4+nloJeHDxBFqBZp2h52RAVlhWgRZNUYbzpbdWH6R8 +LS0h6sD/hyU06NGU6poGcfc6F1u97L2pJ8x4ibokruH/WnX+04+sAgu775v4pJVM +bL7AVddpcGvHbcSsi9OBY3ug2DsUzsN1YH/F2zCWbbmxmMb1G3cryo8BAoGAPA+D +ZVwvItDTvc0xUN0eDryJcZitamlDr0wPxwmebmyfqZ0JMrVZ/NVt6u2wu3ZC7ROU +iVpJwx4YfOvSbkdGbm24k2/wW3+9yXdUQRFRsKtSrvGzS+krX3KcQTWIv+XYNJuO +Lo7dBmwVVcRwp10urVnuad10c8iWv/ts3hfwDTUCgYEApJ4HCAgphDeWKTnomviD +YGM3aKWgEZP44mq8cixQZbcw2gEGhmy15Sdd9jD70+AZw/o4RIvAcCLVU5/pLpRX +hWkWZQBtpA/ztmm17D2Tj2NdvqM+RMN4zKUW6C0QkrW7gh639V5y8FCuKoy/uQMs +fnij+ZiGivp0JqVwsGGqnXA= +-----END PRIVATE KEY----- diff --git a/templates/elastic-certs/certs/dev-elastic-stack-03-elastic/dev-elastic-stack-03-elastic.crt b/templates/elastic-certs/certs/dev-elastic-stack-03-elastic/dev-elastic-stack-03-elastic.crt new file mode 100644 index 0000000..58ccc45 --- /dev/null +++ b/templates/elastic-certs/certs/dev-elastic-stack-03-elastic/dev-elastic-stack-03-elastic.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUW5EIIgnVwYCrLqC9gBMA8OfFCqswDQYJKoZIhvcNAQEL +BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l +cmF0ZWQgQ0EwHhcNMjEwNjE2MTYxNTM0WhcNMjIwNjE2MTYxNTM0WjAnMSUwIwYD +VQQDExxkZXYtZWxhc3RpYy1zdGFjay0wMy1lbGFzdGljMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAiAU0OfdSLc7gufcAPqNOc2Tvr253OA4R7Qf/KplV +xlWqBD9pN4OcmoAI29CBRgbVL/PlInASe7ELLuhq1q2p8Bh7UG2laEmVR+tS8+Av +7tDZBThHtf0zx0Y60H7R8Tyxj46f4BIWU66BSHpZ9NDC+vekPCNkF12FszDrjZn9 +8qx+pYzmxSiyEzGCXaVEM6M743xuYuicDzsiF0yW2wgAnbLzBu72QU7u0/+lbROW +kHxfAS0GIYK6AhUB6Z5l0tJ2x08UEZ+0UBdBIQ7aGFMTCua5ci4nsXYTSU14Puso +tkbUGFc/zUL3Nly2kfie/QM2A7icSS3W1VXTs3MNgyrRgwIDAQABo4GIMIGFMB0G +A1UdDgQWBBTqshCmmroa9uWk/nBpIWJVJqIc8jAfBgNVHSMEGDAWgBQtF0m1oMyp +Dn4Ry5oYaasRX3zaXDA4BgNVHREEMTAvgglsb2NhbGhvc3SCHGRldi1lbGFzdGlj +LXN0YWNrLTAzLWVsYXN0aWOHBAoAAAQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsF +AAOCAQEASdh+8dvLPIDzqURh6P5eVUPbJ2XjT64B17pe8Pnj0omTuUkoMjjpr0F5 +CSqQ9mg94S7apWIsuZQG49i56Vzykwyr+ozMSdzgf2/5SLsvIN6yZVXEJ3KhQjQw +RyWXevwYntq26SM1DEjeOQxSpbd1GS1RbtM/VydtC5s0jgrRTOXTpmu9s8Lj7XpI +iRKAfpQBhBA1lyHdObO5QKsDfgRx28VcrB4hymOcZUYs7LSMD5u7ZjHQoNfpdO9T +k7yK1BWjW5bPvbnZ4jjzqsPkRaXlraqh1cMfcSpS2E3XUVCrhto8eZvb4kHBSPcm +wJn9e1gv6zd7TJzw7AnIjHur6iYKWA== +-----END CERTIFICATE----- diff --git a/templates/elastic-certs/certs/dev-elastic-stack-03-elastic/dev-elastic-stack-03-elastic.key b/templates/elastic-certs/certs/dev-elastic-stack-03-elastic/dev-elastic-stack-03-elastic.key new file mode 100644 index 0000000..53a9360 --- /dev/null +++ b/templates/elastic-certs/certs/dev-elastic-stack-03-elastic/dev-elastic-stack-03-elastic.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAiAU0OfdSLc7gufcAPqNOc2Tvr253OA4R7Qf/KplVxlWqBD9p +N4OcmoAI29CBRgbVL/PlInASe7ELLuhq1q2p8Bh7UG2laEmVR+tS8+Av7tDZBThH +tf0zx0Y60H7R8Tyxj46f4BIWU66BSHpZ9NDC+vekPCNkF12FszDrjZn98qx+pYzm +xSiyEzGCXaVEM6M743xuYuicDzsiF0yW2wgAnbLzBu72QU7u0/+lbROWkHxfAS0G +IYK6AhUB6Z5l0tJ2x08UEZ+0UBdBIQ7aGFMTCua5ci4nsXYTSU14PusotkbUGFc/ +zUL3Nly2kfie/QM2A7icSS3W1VXTs3MNgyrRgwIDAQABAoIBAQCBI9+4ATaGw1nd +dcNHtSiwqm5eMxUBpWojj2oV+crUKVTn/4RX7p7qmRDQEiAKakZR5s/vaFREF400 +lfmJpQwpJjU94TwfzWzsAWKapIkdxi+low+Cm8ljMyx381BEJ4m1cIYd6U5FWPLp +6zApHWNhf2jwp/FJtcNQo+ugX0oZ8YVYJOb7rX4G4sLRNqUVzd/cJ7akjEcON0ma +gyhp1J69nJgmKUl7yuPg+MAYn+L/J0i5JWo7+UD4PYAh1IdhIIDGzXK0vzwBy7Q4 +uDt1JFI470NGZu8WdjLdULeFdhAcpkZBQmGopFA6uzU7cQNw8gsZbyWeG7l+T13T +RCbit9FBAoGBALzO+Y8CPmobFfH3DZgAsMp8QxO6GYYkpdP6ObczjuxhzEQ8C3nW +s5ZoF2b9+NOtUido2ADs6HvcpyVzv454sGsDW8rZjd0Thf4s1//hNi6xbQERUCZd +E/TNj4mD2FowP8wV2Z5E++Sh2oARNfwK2tUyo6YmZcqEY0UK8sv8j9BzAoGBALht +EUKtZTnSmTUx7n/nETHUNJQJT2dvX/4mGwhZSe1DK3EkCAfalptpPyy2UJ54tdlL +I5f7RqT/YM8f50/Lp76iJXUzOSmCmBEHgA/AzY3vkThiRgAW712jzwczrojl/vz8 +PhxS0yLgbZNifpcv+zgthV449dE1w89dhac+gwaxAoGAVAUW8RjihX1AKsjx9652 +/eSGRQUPzq4ITWiQvoHnHDH5IHRH9xQgHtJ7d42VaT07zeXOGbtTSatLhlMX72Kt +vzFja8WcZ8EEY7O4+1lRLz4tb8gwjqHk+49uTJerc5b9DOi8Sr4QChIslckS6PI7 +p5w9TvbPXWvEcTkKCtR9exkCgYADET1SQJQIbCpEKjpvQiaVD5R4SddaPw33qiaU +8vc5zP4x+YlwqAANQajdU4Lvv842ePt0kadRIzY2+67bMuXtU8EPu/RdbmCdF+TX +XjuM+skNiQTlB3yfsBPHaOKkQD8HciKOUgpU8CqiYub8GL4y5v7q3EOqYRyKnGGW +sIF5YQKBgBra8TpX6WkoEVrJZ1R4A5L52F6ejIPQNa7Cwu/QTn4EmWkQ/hjPX9Wc +0GXO67bgW94e5Hb0i8SaJgE8gZvjrjw4LX3aCD6MUNgNrKa1dGJn1nJnR2UUyZ+f +t64X6Fdy883UvU5m6llniqmKjsL28lntKvqo8iJ7wBawDsjz8Yqd +-----END RSA PRIVATE KEY----- diff --git a/templates/elastic-certs/certs/dev-elastic-stack-03-elastic/dev-elastic-stack-03-elastic.pkcs8.key b/templates/elastic-certs/certs/dev-elastic-stack-03-elastic/dev-elastic-stack-03-elastic.pkcs8.key new file mode 100644 index 0000000..3b588dc --- /dev/null +++ b/templates/elastic-certs/certs/dev-elastic-stack-03-elastic/dev-elastic-stack-03-elastic.pkcs8.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCIBTQ591ItzuC5 +9wA+o05zZO+vbnc4DhHtB/8qmVXGVaoEP2k3g5yagAjb0IFGBtUv8+UicBJ7sQsu +6GrWranwGHtQbaVoSZVH61Lz4C/u0NkFOEe1/TPHRjrQftHxPLGPjp/gEhZTroFI +eln00ML696Q8I2QXXYWzMOuNmf3yrH6ljObFKLITMYJdpUQzozvjfG5i6JwPOyIX +TJbbCACdsvMG7vZBTu7T/6VtE5aQfF8BLQYhgroCFQHpnmXS0nbHTxQRn7RQF0Eh +DtoYUxMK5rlyLiexdhNJTXg+6yi2RtQYVz/NQvc2XLaR+J79AzYDuJxJLdbVVdOz +cw2DKtGDAgMBAAECggEBAIEj37gBNobDWd11w0e1KLCqbl4zFQGlaiOPahX5ytQp +VOf/hFfunuqZENASIApqRlHmz+9oVEQXjTSV+YmlDCkmNT3hPB/NbOwBYpqkiR3G +L6WjD4KbyWMzLHfzUEQnibVwhh3pTkVY8unrMCkdY2F/aPCn8Um1w1Cj66BfShnx +hVgk5vutfgbiwtE2pRXN39wntqSMRw43SZqDKGnUnr2cmCYpSXvK4+D4wBif4v8n +SLklajv5QPg9gCHUh2EggMbNcrS/PAHLtDi4O3UkUjjvQ0Zm7xZ2Mt1Qt4V2EBym +RkFCYaikUDq7NTtxA3DyCxlvJZ4buX5PXdNEJuK30UECgYEAvM75jwI+ahsV8fcN +mACwynxDE7oZhiSl0/o5tzOO7GHMRDwLedazlmgXZv34061SJ2jYAOzoe9ynJXO/ +jniwawNbytmN3ROF/izX/+E2LrFtARFQJl0T9M2PiYPYWjA/zBXZnkT75KHagBE1 +/Ara1TKjpiZlyoRjRQryy/yP0HMCgYEAuG0RQq1lOdKZNTHuf+cRMdQ0lAlPZ29f +/iYbCFlJ7UMrcSQIB9qWm2k/LLZQnni12Usjl/tGpP9gzx/nT8unvqIldTM5KYKY +EQeAD8DNje+ROGJGABbvXaPPBzOuiOX+/Pw+HFLTIuBtk2J+ly/7OC2FXjj10TXD +z12Fpz6DBrECgYBUBRbxGOKFfUAqyPH3rnb95IZFBQ/OrghNaJC+geccMfkgdEf3 +FCAe0nt3jZVpPTvN5c4Zu1NJq0uGUxfvYq2/MWNrxZxnwQRjs7j7WVEvPi1vyDCO +oeT7j25Ml6tzlv0M6LxKvhAKEiyVyRLo8junnD1O9s9da8RxOQoK1H17GQKBgAMR +PVJAlAhsKkQqOm9CJpUPlHhJ11o/DfeqJpTy9znM/jH5iXCoAA1BqN1Tgu+/zjZ4 ++3SRp1EjNjb7rtsy5e1TwQ+79F1uYJ0X5NdeO4z6yQ2JBOUHfJ+wE8do4qRAPwdy +Io5SClTwKqJi5vwYvjLm/urcQ6phHIqcYZawgXlhAoGAGtrxOlfpaSgRWslnVHgD +kvnYXp6Mg9A1rsLC79BOfgSZaRD+GM9f1ZzQZc7rtuBb3h7kdvSLxJomATyBm+Ou +PDgtfdoIPoxQ2A2sprV0YmfWcmdHZRTJn5+3rhfoV3LzzdS9TmbqWWeKqYqOwvby +We0q+qjyInvAFrAOyPPxip0= +-----END PRIVATE KEY----- diff --git a/templates/elastic-certs/certs/dev-elastic-stack-filebeat/dev-elastic-stack-filebeat.crt b/templates/elastic-certs/certs/dev-elastic-stack-filebeat/dev-elastic-stack-filebeat.crt new file mode 100644 index 0000000..0e8d66e --- /dev/null +++ b/templates/elastic-certs/certs/dev-elastic-stack-filebeat/dev-elastic-stack-filebeat.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbjCCAlagAwIBAgIUWbGTX5WWfbae/Ry2ovgdYgBPxdswDQYJKoZIhvcNAQEL +BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l +cmF0ZWQgQ0EwHhcNMjEwNjE2MTYxNTM0WhcNMjIwNjE2MTYxNTM0WjAoMSYwJAYD +VQQDEx1kZXYtZWxhc3RpYy1zdGFjay0wMS1maWxlYmVhdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALw7MhHpCj5eS9I+eoRYOJcJekK8L6EVRnSHYEhw +0vuPk5SK6pvmxXtHzX1F+Kd8uDSPxMNiZPh7XcdM8j/dto9mVJuengH/Rw2GEWlO +duDwcFTXBnBa1O3vY2HFROMzGsp5ueJJVjKMLJvhciReeTlABTldH+j3Tyj6JSmI +DvaetuKDiydqj5uti/sJhFj4yWywqBTvXd9Vli6q+uijl3VbTHy5vhKk/kqWSyS4 +gLaFV9f4QbDFURs8iHlqdLtHm5NlZpu0jEGXFzYT7gyvK8v6V3LugDW+xYElwiwc +xSyaunsAAuJ8c74IQUsLruMT8LyKmoCTwhSBnzrVwhMn2QsCAwEAAaOBgzCBgDAd +BgNVHQ4EFgQUedY1gkd5Uix7+/3S/TCVSti98H8wHwYDVR0jBBgwFoAULRdJtaDM +qQ5+EcuaGGmrEV982lwwMwYDVR0RBCwwKoIJbG9jYWxob3N0gh1kZXYtZWxhc3Rp +Yy1zdGFjay0wMS1maWxlYmVhdDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IB +AQA3AABWKEJ1qtjHzAQvUw6PmCWHO1ZouCf1Rv74V9326+fXSyBR7G//4aCtPcY8 +sxLPv7X3nnhEAHZsuGVuGtDpAlGcGEf8cMeoNJdtcf/qyARUsUk6ed+OvCDeTK6t +ENg/kzgnXuEfW7r+OEd/j7qbgnc+kc2+XwlyxCX8Vw5bTzmh/vQXZaect+ALz1Ax +LWyPPzWBbnquU8E/y7qhd8DtZJxbubP+Cwj7Ty+yOPbl8N/dWNSP9zP7pegw7Q8h +ZWcbtrSve2NQM35VkdkvwQIm2t0AWNMcT6L2RaOjaE3OAFPIptm6XuQyCdaga3P4 +pzlzAvrUGwVyiUkII0Ytkm7y +-----END CERTIFICATE----- diff --git a/templates/elastic-certs/certs/dev-elastic-stack-filebeat/dev-elastic-stack-filebeat.key b/templates/elastic-certs/certs/dev-elastic-stack-filebeat/dev-elastic-stack-filebeat.key new file mode 100644 index 0000000..4c1b637 --- /dev/null +++ b/templates/elastic-certs/certs/dev-elastic-stack-filebeat/dev-elastic-stack-filebeat.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAvDsyEekKPl5L0j56hFg4lwl6QrwvoRVGdIdgSHDS+4+TlIrq +m+bFe0fNfUX4p3y4NI/Ew2Jk+Htdx0zyP922j2ZUm56eAf9HDYYRaU524PBwVNcG +cFrU7e9jYcVE4zMaynm54klWMowsm+FyJF55OUAFOV0f6PdPKPolKYgO9p624oOL +J2qPm62L+wmEWPjJbLCoFO9d31WWLqr66KOXdVtMfLm+EqT+SpZLJLiAtoVX1/hB +sMVRGzyIeWp0u0ebk2Vmm7SMQZcXNhPuDK8ry/pXcu6ANb7FgSXCLBzFLJq6ewAC +4nxzvghBSwuu4xPwvIqagJPCFIGfOtXCEyfZCwIDAQABAoIBAQCdmNZgJoScGWlU +G1mK6y5eTuIdc+BQ9zYpJJtZq5UKaHjA2tp5M2tOv5xt8aKx4Ht+Do1IpV4yqV+o +GWWOUXyjbaMTNGfI9kowKXr0d2yTAtyaO/o5IeO7Xz4PQxJdQ5F/yxD2RD62TaSf +0s81YiAO7eox0CWCcWXGwkFRF4intGTLccRBctqc1FJQA6xIA2dj/9SEl1Nf2URN +G9piqfHJra3eGU0+Vg2yHJpbXIHbmODTX2P1F2l0rE1Km14Cb9OUuS1lR82l/pBw +qxbFKqvfkbJQm0xmjVhaSkxbBDhGJp9C65U84eW5a4R92n6sjrtZkEp229WlkkVq +/PWXWliRAoGBAOnTOEF5MVVpTd4OPHlxp1kR2wn/Tf5TPu65THa3VMDZy67aZ4ju +Rur3f+KB1zcJ9ty2pqtEr6WnJ0lFHzMUatTSAFsPThgGwVQV/4bclNXxhGXUFaNv +b8juMwJKfqKjA1NoTVbn670KDE5zOPz8JioA4+xSRkd89F83wHYom6ejAoGBAM4V +Dah6RKXt1Vej0GoTizNOFllH07uQVyYuQwQD5uJsJLoUoSQxrAy1R9n02nFHZWF2 +0UMFCnvoNUfBrIF0CY9xipVEUBVVsXekK9OSFw4qwXqHH/p4nrmUTYhCBc4spDGH +hI/hiyxEaGvvH16pAa4BKfP+me89xi7cSbOGob95AoGAXtq6pYTeiIGRfxVTXwjG +FJHzw5h4MUXf78PnyvkQPrObtzEOczQGPOduT5rQjZlTNbI65puUjaTDgSuzPmt3 +8yHF1yrcSU7kOpI5+KGfFzNEvHJO3OAl/uLyemlx+dQbU0iqpyiqLyPWXjTL14UK +jluSGpo9vF5qW/4n60cJ7fUCgYBMQsY3Hmfg704PjHNHjcvpRHBIwae8tQFLA7uQ +9NCv4U0F/zRSbH86hKr+IPnlCYKeupVds7PZfmiZETaBASu4hU+/RPRNsNRnbb06 +IcmeWHwYl4Bh89jo29SFI8l6LlLkcT3A8LnLu9TYfDijku8oMQ4RWJomSjnYhXRQ +lvWsIQKBgQCai/Car56N/Io+5CbDdU43MKXZ35lJhd0sSErCuhaFAB00fSx7rKWB +Z4OJDtEtBqY+pte1anSZdsPGlPIOoskaAWq1KRR8OY/JPQxqqT4XJyN0sUhGoeXH +JQ6lg14dH4nPY8hQbRy3kQD/kkigyKVwTtPH42yZxrhLbC8TjRf5cQ== +-----END RSA PRIVATE KEY----- diff --git a/templates/elastic-certs/certs/dev-elastic-stack-filebeat/dev-elastic-stack-filebeat.pkcs8.key b/templates/elastic-certs/certs/dev-elastic-stack-filebeat/dev-elastic-stack-filebeat.pkcs8.key new file mode 100644 index 0000000..22b1db1 --- /dev/null +++ b/templates/elastic-certs/certs/dev-elastic-stack-filebeat/dev-elastic-stack-filebeat.pkcs8.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8OzIR6Qo+XkvS +PnqEWDiXCXpCvC+hFUZ0h2BIcNL7j5OUiuqb5sV7R819RfinfLg0j8TDYmT4e13H +TPI/3baPZlSbnp4B/0cNhhFpTnbg8HBU1wZwWtTt72NhxUTjMxrKebniSVYyjCyb +4XIkXnk5QAU5XR/o908o+iUpiA72nrbig4snao+brYv7CYRY+MlssKgU713fVZYu +qvroo5d1W0x8ub4SpP5KlkskuIC2hVfX+EGwxVEbPIh5anS7R5uTZWabtIxBlxc2 +E+4MryvL+ldy7oA1vsWBJcIsHMUsmrp7AALifHO+CEFLC67jE/C8ipqAk8IUgZ86 +1cITJ9kLAgMBAAECggEBAJ2Y1mAmhJwZaVQbWYrrLl5O4h1z4FD3Nikkm1mrlQpo +eMDa2nkza06/nG3xorHge34OjUilXjKpX6gZZY5RfKNtoxM0Z8j2SjApevR3bJMC +3Jo7+jkh47tfPg9DEl1DkX/LEPZEPrZNpJ/SzzViIA7t6jHQJYJxZcbCQVEXiKe0 +ZMtxxEFy2pzUUlADrEgDZ2P/1ISXU1/ZRE0b2mKp8cmtrd4ZTT5WDbIcmltcgduY +4NNfY/UXaXSsTUqbXgJv05S5LWVHzaX+kHCrFsUqq9+RslCbTGaNWFpKTFsEOEYm +n0LrlTzh5blrhH3afqyOu1mQSnbb1aWSRWr89ZdaWJECgYEA6dM4QXkxVWlN3g48 +eXGnWRHbCf9N/lM+7rlMdrdUwNnLrtpniO5G6vd/4oHXNwn23Lamq0SvpacnSUUf +MxRq1NIAWw9OGAbBVBX/htyU1fGEZdQVo29vyO4zAkp+oqMDU2hNVufrvQoMTnM4 +/PwmKgDj7FJGR3z0XzfAdiibp6MCgYEAzhUNqHpEpe3VV6PQahOLM04WWUfTu5BX +Ji5DBAPm4mwkuhShJDGsDLVH2fTacUdlYXbRQwUKe+g1R8GsgXQJj3GKlURQFVWx +d6Qr05IXDirBeocf+nieuZRNiEIFziykMYeEj+GLLERoa+8fXqkBrgEp8/6Z7z3G +LtxJs4ahv3kCgYBe2rqlhN6IgZF/FVNfCMYUkfPDmHgxRd/vw+fK+RA+s5u3MQ5z +NAY8525PmtCNmVM1sjrmm5SNpMOBK7M+a3fzIcXXKtxJTuQ6kjn4oZ8XM0S8ck7c +4CX+4vJ6aXH51BtTSKqnKKovI9ZeNMvXhQqOW5Iamj28Xmpb/ifrRwnt9QKBgExC +xjceZ+DvTg+Mc0eNy+lEcEjBp7y1AUsDu5D00K/hTQX/NFJsfzqEqv4g+eUJgp66 +lV2zs9l+aJkRNoEBK7iFT79E9E2w1GdtvTohyZ5YfBiXgGHz2Ojb1IUjyXouUuRx +PcDwucu71Nh8OKOS7ygxDhFYmiZKOdiFdFCW9awhAoGBAJqL8Jqvno38ij7kJsN1 +TjcwpdnfmUmF3SxISsK6FoUAHTR9LHuspYFng4kO0S0Gpj6m17VqdJl2w8aU8g6i +yRoBarUpFHw5j8k9DGqpPhcnI3SxSEah5cclDqWDXh0fic9jyFBtHLeRAP+SSKDI +pXBO08fjbJnGuEtsLxONF/lx +-----END PRIVATE KEY----- diff --git a/templates/elastic-certs/certs/dev-elastic-stack-logstash/dev-elastic-stack-logstash.crt b/templates/elastic-certs/certs/dev-elastic-stack-logstash/dev-elastic-stack-logstash.crt new file mode 100644 index 0000000..31f3317 --- /dev/null +++ b/templates/elastic-certs/certs/dev-elastic-stack-logstash/dev-elastic-stack-logstash.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbzCCAlegAwIBAgIVAN+eWtDY4G5e4kejqCzb7QysyChdMA0GCSqGSIb3DQEB +CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu +ZXJhdGVkIENBMB4XDTIxMDYxNjE2MTUzNVoXDTIyMDYxNjE2MTUzNVowKDEmMCQG +A1UEAxMdZGV2LWVsYXN0aWMtc3RhY2stMDEtbG9nc3Rhc2gwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDHWyILJjSuKHUQeSsgAD8NsH7zM1CqdOsrO2EN +CfDiGHOdtdTxvSRInJD+1WHvRGiZkWAfmQJ5rhWFZ9cCVIbtiXTizoJ/FFD3N1UY +01sYf5dn3l5XG7lLtEjPrnV7Vq8UHPeEJGGdvCkISRkZcnz6KRdDZDwTrdYzJwrB +g4emiYSm5wjWnKzSi7v/akRAdrAOFdXnpH3YoERm68P9vS57QlGVDExVvK9Z7lpC +o8peecvbXBIm5HpiY1W1riiEqaWO0C9ML61LcI9G5j15wcJe2xPXIX7QOdFF8SeA +66od6W4Ct1MJ9KSl00N8o8Wjmk9d5uTJZWDz08yP6z0rUDqlAgMBAAGjgYMwgYAw +HQYDVR0OBBYEFGDi6PZexyytv9tbqBuRoY1KpM34MB8GA1UdIwQYMBaAFC0XSbWg +zKkOfhHLmhhpqxFffNpcMDMGA1UdEQQsMCqCCWxvY2FsaG9zdIIdZGV2LWVsYXN0 +aWMtc3RhY2stMDEtbG9nc3Rhc2gwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOC +AQEAP8Usofqxb4UeOXYgyPDNYOAgI56VkB+Ej7NrPmWJgYIujDgNQSQOGEGQLtgw +joVE3zx9X+ZLf6VJ/snifxQV1k3/vFadpsffBlyE0cbkobW853a2QYfd1+YVMUG6 +aWwMb5m2Fsynpnib97sB8SuZ0okKJGEa+HhcaiEteT/zc3ZsvC3KpwPu+4H+QM+X +2HOzBuOi1JcKu7BYRKYaL9XjikbeTJyZatfBSX7s83ReGd3UxGazCa1hU04HvnZW +b8bXlDJ7+62iV2GDqceoRp6ieJs5MyIz3IzyjKalPdgZWuyCzXIrDKaNYmXGFfLS +2sVs8kl4Ony0mus05ZPxG9CtcQ== +-----END CERTIFICATE----- diff --git a/templates/elastic-certs/certs/dev-elastic-stack-logstash/dev-elastic-stack-logstash.key b/templates/elastic-certs/certs/dev-elastic-stack-logstash/dev-elastic-stack-logstash.key new file mode 100644 index 0000000..ccd0274 --- /dev/null +++ b/templates/elastic-certs/certs/dev-elastic-stack-logstash/dev-elastic-stack-logstash.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAx1siCyY0rih1EHkrIAA/DbB+8zNQqnTrKzthDQnw4hhznbXU +8b0kSJyQ/tVh70RomZFgH5kCea4VhWfXAlSG7Yl04s6CfxRQ9zdVGNNbGH+XZ95e +Vxu5S7RIz651e1avFBz3hCRhnbwpCEkZGXJ8+ikXQ2Q8E63WMycKwYOHpomEpucI +1pys0ou7/2pEQHawDhXV56R92KBEZuvD/b0ue0JRlQxMVbyvWe5aQqPKXnnL21wS +JuR6YmNVta4ohKmljtAvTC+tS3CPRuY9ecHCXtsT1yF+0DnRRfEngOuqHeluArdT +CfSkpdNDfKPFo5pPXebkyWVg89PMj+s9K1A6pQIDAQABAoIBAQCHfEw6v5B1/FDz +DSZd7UztBNKCfpGIB0X8b7KZpfPr9So+OOGsGRubraxtRJ/2eMuN8tsdHmQsRj+i +FtxtXP0GWrDxo9/Udf5AxX40DRCQKcbAdMQw90qLRM9nNe3qEROT28vsJr2g8cwB +MYy5WrHNYjfJOUoLJc25ngMVWUrLxt3uc9PJ9KTGB01GNEZnbABt9WNi2q/vRixL +IQVXpNcAiLab2EzmO519klHJXSHNl8Z7MH3jla6v8HN9j7orQBB6XdRCDMKjZiSb +akQzQ54o0aUeFM+Y66yFQ3wPxjioyN7kRRQQNhLvdiBSyHmZy5gGKG3qmZPkzF3g +OJwpi9yBAoGBAPcdSrUybElAC8OIP43hmSk0+fZZCJ58fLqZhljqd2RrbeTWEsoz +Ekg/3xMFp4pI+QlU5xSnVIDyawmrYXKtnBOhchRTBeBU1IV3kQuMM3GihLz2cbIP +nYmlTFVYBnh818Nk2UUxI6t2uW4vX7Ve1JabV0uLM6X3gHrQyDYy1of9AoGBAM6G +OI7JLakOscuOZsKgVCLOCjtVgullQQPCg5on+X3LUcwbkF5BbI9IUVtbVtCiDuj+ +kM14dfV/Jg0yCCdrWjL8NMyZYPN4u04yqJWDqZLyLqtkgOmSlmiuvK1ytHOMgbON +rqVHRhG6pccuLZOZyNxohvoJ8ImuIg7i/OI4ItnJAoGBAI9sM9EIy+qTvoAlEuXx +Gujcs3s0X5lEnUvcESqIIvVomKapTMyIacL/NySeMohDJC8zVM8a8yPIDzHUg0GA +28ZU/JYpPY7fDV3NcKSoIa+BaNMXohN7lq6t/qjF5zOFGeFxJd1P0OkShjsaSc1F +ldM3o6nXyAk6phoiFSHHzdWtAoGAOO5DFQlcLuhAFs7wgOJVjyqhI24VImWpIHI0 +eQBgBE9SAyPuDi2W0YCr/LUXH3gtCAl0vU9hpQUh5i1Olh8/xCJGI8h8M2GqsInC +c0TSMBHWz6Rq7Phdwgm5NU8Tc27eKjL6W9Fj/WsoW9nc8n1II4ok+zRWPH3mIZht +Aadb5BECgYBwD8VEUF5WffIvnXz5HEl2Zq3pX7pLpQ8MhIDeUI1iK2Swosu3tBlv +Xq3h1z5Kz5kvQC03UR4HmGCDVS30A6gJuXg7NAkclYb5Cpmt+xQkWRWCXClt8S4X +/xI3NQHh3ci0ZcMqCB9Wxt83nMrnXC+ZSZb23AI8n32eS84QHK89Ew== +-----END RSA PRIVATE KEY----- diff --git a/templates/elastic-certs/certs/dev-elastic-stack-logstash/dev-elastic-stack-logstash.pkcs8.key b/templates/elastic-certs/certs/dev-elastic-stack-logstash/dev-elastic-stack-logstash.pkcs8.key new file mode 100644 index 0000000..cbde46c --- /dev/null +++ b/templates/elastic-certs/certs/dev-elastic-stack-logstash/dev-elastic-stack-logstash.pkcs8.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDHWyILJjSuKHUQ +eSsgAD8NsH7zM1CqdOsrO2ENCfDiGHOdtdTxvSRInJD+1WHvRGiZkWAfmQJ5rhWF +Z9cCVIbtiXTizoJ/FFD3N1UY01sYf5dn3l5XG7lLtEjPrnV7Vq8UHPeEJGGdvCkI +SRkZcnz6KRdDZDwTrdYzJwrBg4emiYSm5wjWnKzSi7v/akRAdrAOFdXnpH3YoERm +68P9vS57QlGVDExVvK9Z7lpCo8peecvbXBIm5HpiY1W1riiEqaWO0C9ML61LcI9G +5j15wcJe2xPXIX7QOdFF8SeA66od6W4Ct1MJ9KSl00N8o8Wjmk9d5uTJZWDz08yP +6z0rUDqlAgMBAAECggEBAId8TDq/kHX8UPMNJl3tTO0E0oJ+kYgHRfxvspml8+v1 +Kj444awZG5utrG1En/Z4y43y2x0eZCxGP6IW3G1c/QZasPGj39R1/kDFfjQNEJAp +xsB0xDD3SotEz2c17eoRE5Pby+wmvaDxzAExjLlasc1iN8k5SgslzbmeAxVZSsvG +3e5z08n0pMYHTUY0RmdsAG31Y2Lar+9GLEshBVek1wCItpvYTOY7nX2SUcldIc2X +xnswfeOVrq/wc32PuitAEHpd1EIMwqNmJJtqRDNDnijRpR4Uz5jrrIVDfA/GOKjI +3uRFFBA2Eu92IFLIeZnLmAYobeqZk+TMXeA4nCmL3IECgYEA9x1KtTJsSUALw4g/ +jeGZKTT59lkInnx8upmGWOp3ZGtt5NYSyjMSSD/fEwWnikj5CVTnFKdUgPJrCath +cq2cE6FyFFMF4FTUhXeRC4wzcaKEvPZxsg+diaVMVVgGeHzXw2TZRTEjq3a5bi9f +tV7UlptXS4szpfeAetDINjLWh/0CgYEAzoY4jsktqQ6xy45mwqBUIs4KO1WC6WVB +A8KDmif5fctRzBuQXkFsj0hRW1tW0KIO6P6QzXh19X8mDTIIJ2taMvw0zJlg83i7 +TjKolYOpkvIuq2SA6ZKWaK68rXK0c4yBs42upUdGEbqlxy4tk5nI3GiG+gnwia4i +DuL84jgi2ckCgYEAj2wz0QjL6pO+gCUS5fEa6NyzezRfmUSdS9wRKogi9WiYpqlM +zIhpwv83JJ4yiEMkLzNUzxrzI8gPMdSDQYDbxlT8lik9jt8NXc1wpKghr4Fo0xei +E3uWrq3+qMXnM4UZ4XEl3U/Q6RKGOxpJzUWV0zejqdfICTqmGiIVIcfN1a0CgYA4 +7kMVCVwu6EAWzvCA4lWPKqEjbhUiZakgcjR5AGAET1IDI+4OLZbRgKv8tRcfeC0I +CXS9T2GlBSHmLU6WHz/EIkYjyHwzYaqwicJzRNIwEdbPpGrs+F3CCbk1TxNzbt4q +Mvpb0WP9ayhb2dzyfUgjiiT7NFY8feYhmG0Bp1vkEQKBgHAPxURQXlZ98i+dfPkc +SXZmrelfukulDwyEgN5QjWIrZLCiy7e0GW9ereHXPkrPmS9ALTdRHgeYYINVLfQD +qAm5eDs0CRyVhvkKma37FCRZFYJcKW3xLhf/Ejc1AeHdyLRlwyoIH1bG3zecyudc +L5lJlvbcAjyffZ5LzhAcrz0T +-----END PRIVATE KEY----- diff --git a/templates/elastic-certs/certutil.sh b/templates/elastic-certs/certutil.sh new file mode 100644 index 0000000..59a9b7a --- /dev/null +++ b/templates/elastic-certs/certutil.sh @@ -0,0 +1,24 @@ +yum install -y -q -e 0 unzip; + +for folder in /certs/certs/*/ ; do + rm -Rf $folder +done + +if [[ ! -f /certs/certs/bundle.zip ]]; then + bin/elasticsearch-certutil \ + cert \ + --silent \ + --days 365 \ + --pem \ + --in config/certificates/instances.yml \ + -out /certs/certs/bundle.zip; + unzip /certs/certs/bundle.zip -d /certs/certs; + rm /certs/certs/bundle.zip; +fi; + +for file in /certs/certs/*/*.key ; do + openssl pkcs8 -in $file \ + -topk8 -nocrypt -out ${file/.key/.pkcs8.key}; +done + +chown -R 1000:0 /certs/certs diff --git a/templates/elastic-certs/instances.yaml b/templates/elastic-certs/instances.yaml new file mode 100644 index 0000000..a9c60e1 --- /dev/null +++ b/templates/elastic-certs/instances.yaml @@ -0,0 +1,51 @@ +--- +instances: + - name: dev-elastic-stack-01-elastic + dns: + - localhost + - dev-elastic-stack-01-elastic + ip: + - 10.0.0.2 + - name: dev-elastic-stack-02-elastic + dns: + - localhost + - dev-elastic-stack-02-elastic + ip: + - 10.0.0.3 + - name: dev-elastic-stack-03-elastic + dns: + - localhost + - dev-elastic-stack-03-elastic + ip: + - 10.0.0.4 + + - name: 'dev-elastic-stack-01-logstash' + dns: + - localhost + - dev-elastic-stack-01-logstash + - name: 'dev-elastic-stack-02-logstash' + dns: + - localhost + - dev-elastic-stack-02-logstash + - name: 'dev-elastic-stack-03-logstash' + dns: + - localhost + - dev-elastic-stack-03-logstash + + - name: 'dev-elastic-stack-01-kibana' + dns: + - localhost + - dev-elastic-stack-01-kibana + - name: 'dev-elastic-stack-02-kibana' + dns: + - localhost + - dev-elastic-stack-02-kibana + - name: 'dev-elastic-stack-03-kibana' + dns: + - localhost + - dev-elastic-stack-03-kibana + + - name: 'dev-elastic-stack-filebeat' + dns: + - localhost + - dev-elastic-stack-filebeat diff --git a/templates/elastic/config/logstash/pipeline/filebeat.conf.j2 b/templates/elastic/config/logstash/pipeline/filebeat.conf.j2 new file mode 100644 index 0000000..85ed524 --- /dev/null +++ b/templates/elastic/config/logstash/pipeline/filebeat.conf.j2 @@ -0,0 +1,106 @@ +input { + beats { + port => 5044 + host => "0.0.0.0" + ecs_compatibility => "v1" + ssl => true + ssl_certificate_authorities => "/usr/share/logstash/config/certificates/ca/ca.crt" + ssl_key => "/usr/share/logstash/config/certificates/{{ logstash_certificate }}/{{ logstash_certificate }}.pkcs8.key" + ssl_certificate => "/usr/share/logstash/config/certificates/{{ logstash_certificate }}/{{ logstash_certificate }}.crt" + } +} + +filter { + if [message] =~ /^{.*}$/ { + json { + source => "message" + } + if [stack_trace] { + ruby { + code => "event.set('message_full', event.get('message') + ':' + 10.chr + event.get('stack_trace'))" + } + } else { + ruby { + code => "event.set('message_full', event.get('message'))" + } + } + } + mutate { + remove_field => [ "[id]", "[agent]", "[log][file][path]", "[docker][container][labels]" ] + } +} + +output { + if "audit" in [tags] { + elasticsearch { + hosts => ["https://{{ elastic_id }}:{{ service_port_elasticsearch }}"] + cacert => "/usr/share/logstash/config/certificates/ca/ca.crt" + user => "{{ elastic_admin_username }}" + password => "{{ elastic_admin_password }}" + + index => "auditlog-%{+YYYY.MM}" + + manage_template => false + } + } + else if [event][dataset] == "system.auth" { + elasticsearch { + hosts => ["https://{{ elastic_id }}:{{ service_port_elasticsearch }}"] + cacert => "/usr/share/logstash/config/certificates/ca/ca.crt" + user => "{{ elastic_admin_username }}" + password => "{{ elastic_admin_password }}" + + index => "authlog-%{+YYYY.MM}" + + manage_template => false + } + } + else if [event][dataset] == "system.syslog" { + elasticsearch { + hosts => ["https://{{ elastic_id }}:{{ service_port_elasticsearch }}"] + cacert => "/usr/share/logstash/config/certificates/ca/ca.crt" + user => "{{ elastic_admin_username }}" + password => "{{ elastic_admin_password }}" + + index => "syslog-%{+YYYY.MM}" + + manage_template => false + } + } + else if [container][name] and [@metadata][beat] { + elasticsearch { + hosts => ["https://{{ elastic_id }}:{{ service_port_elasticsearch }}"] + cacert => "/usr/share/logstash/config/certificates/ca/ca.crt" + user => "{{ elastic_admin_username }}" + password => "{{ elastic_admin_password }}" + + index => "%{[container][name]}-%{+YYYY.MM}" + + manage_template => false + } + } + else if [@metadata][beat] { + elasticsearch { + hosts => ["https://{{ elastic_id }}:{{ service_port_elasticsearch }}"] + cacert => "/usr/share/logstash/config/certificates/ca/ca.crt" + user => "{{ elastic_admin_username }}" + password => "{{ elastic_admin_password }}" + + index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM}" + + manage_template => false + } + } + else { + elasticsearch { + hosts => ["https://{{ elastic_id }}:{{ service_port_elasticsearch }}"] + cacert => "/usr/share/logstash/config/certificates/ca/ca.crt" + user => "{{ elastic_admin_username }}" + password => "{{ elastic_admin_password }}" + + index => "uncategorized-%{+YYYY.MM}" + + manage_template => false + } + } +} diff --git a/templates/elastic/config/roles.yml.j2 b/templates/elastic/config/roles.yml.j2 new file mode 100644 index 0000000..2cfbca7 --- /dev/null +++ b/templates/elastic/config/roles.yml.j2 @@ -0,0 +1,16 @@ +# Managed by Ansible + +filebeat_indices_read: + indices: + - names: [ 'filebeat-*' ] + privileges: + - read + - write + - indices:admin/refresh +filebeat_indices_write: + indices: + - names: [ 'filebeat-*' ] + privileges: + - read + - write + - indices:admin/refresh \ No newline at end of file diff --git a/templates/elasticsearch-exporter/certs/ca.crt b/templates/elasticsearch-exporter/certs/ca.crt deleted file mode 100644 index 0bc137e..0000000 --- a/templates/elasticsearch-exporter/certs/ca.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDSjCCAjKgAwIBAgIVAO1gvUalebylIyFuIAZC6bfhz04QMA0GCSqGSIb3DQEB -CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu -ZXJhdGVkIENBMB4XDTIxMDQxODExMDkwOFoXDTIyMDQxODExMDkwOFowNDEyMDAG -A1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5lcmF0ZWQgQ0Ew -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLcbwtcUwHBNBOlLoZA+lH -xMoOrrySQNRRyLw/hV+KpW1YncCgVq3dGEOjOC3lS1B55+sZfjEn7EKfDtrZN6Pf -0Ot22/GV3r+fJi72njBfay1Cep8OCJxNOx9i0N3XO2GN6IYPMEpkqFj8nySpAgh3 -70hILu3QMov2I2rWXMzE3yV6Pi7OQ151Fa8vZ1HTXkpjO7Rxyt36cXLB7slj6Uxo -72cO0WphRV6e24Fx5iRLlAs7WdXDOSUXZfIFBiZGYvuZIgbAw9M9ZR5536eXBFuQ -MuwLiP5g+D5GZbal5enRUShBknRP9Xvnxv7OOnPhMXVHMTsM9feqxVzmhRPp4XBz -AgMBAAGjUzBRMB0GA1UdDgQWBBRJ5gyop7tp96EV6O/FHIY2P3T7pzAfBgNVHSME -GDAWgBRJ5gyop7tp96EV6O/FHIY2P3T7pzAPBgNVHRMBAf8EBTADAQH/MA0GCSqG -SIb3DQEBCwUAA4IBAQBEgehvsAW5r1/nogmIhhRVl5rZcy9mnbxsy/9udU1zBTEe -ZhgCCqOx6xffXUWSvVXw3BUUizCvB5nSHCYBt3H2f8sdPXO54b5mcld/2n/D39yw -HSODGmgkbEVjXK1Qx4xYDRHJnOuyExWQ1D7Y7HocgtIRySFdG/h7en5SM2ooJ7fa -pPtCp8f1tHHuKCjKhgC/+wlvEZFHOWcu6Hyh1FtWHwD3uu9Tj3VRKMvW0u+KQ4mC -aNEuHUEKzgwXRZvBG8Y5k35bFf9EVulTsD2fOTMWrD9CEdctQIfQnn1Oy3s43x39 -94DgEx78H/5fGkUDjqljXp1RBDeNJV7+tssRMISL ------END CERTIFICATE----- diff --git a/templates/filebeat/certs/ca/ca.crt b/templates/filebeat/certs/ca/ca.crt deleted file mode 100644 index 0bc137e..0000000 --- a/templates/filebeat/certs/ca/ca.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDSjCCAjKgAwIBAgIVAO1gvUalebylIyFuIAZC6bfhz04QMA0GCSqGSIb3DQEB -CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu -ZXJhdGVkIENBMB4XDTIxMDQxODExMDkwOFoXDTIyMDQxODExMDkwOFowNDEyMDAG -A1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5lcmF0ZWQgQ0Ew -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLcbwtcUwHBNBOlLoZA+lH -xMoOrrySQNRRyLw/hV+KpW1YncCgVq3dGEOjOC3lS1B55+sZfjEn7EKfDtrZN6Pf -0Ot22/GV3r+fJi72njBfay1Cep8OCJxNOx9i0N3XO2GN6IYPMEpkqFj8nySpAgh3 -70hILu3QMov2I2rWXMzE3yV6Pi7OQ151Fa8vZ1HTXkpjO7Rxyt36cXLB7slj6Uxo -72cO0WphRV6e24Fx5iRLlAs7WdXDOSUXZfIFBiZGYvuZIgbAw9M9ZR5536eXBFuQ -MuwLiP5g+D5GZbal5enRUShBknRP9Xvnxv7OOnPhMXVHMTsM9feqxVzmhRPp4XBz -AgMBAAGjUzBRMB0GA1UdDgQWBBRJ5gyop7tp96EV6O/FHIY2P3T7pzAfBgNVHSME -GDAWgBRJ5gyop7tp96EV6O/FHIY2P3T7pzAPBgNVHRMBAf8EBTADAQH/MA0GCSqG -SIb3DQEBCwUAA4IBAQBEgehvsAW5r1/nogmIhhRVl5rZcy9mnbxsy/9udU1zBTEe -ZhgCCqOx6xffXUWSvVXw3BUUizCvB5nSHCYBt3H2f8sdPXO54b5mcld/2n/D39yw -HSODGmgkbEVjXK1Qx4xYDRHJnOuyExWQ1D7Y7HocgtIRySFdG/h7en5SM2ooJ7fa -pPtCp8f1tHHuKCjKhgC/+wlvEZFHOWcu6Hyh1FtWHwD3uu9Tj3VRKMvW0u+KQ4mC -aNEuHUEKzgwXRZvBG8Y5k35bFf9EVulTsD2fOTMWrD9CEdctQIfQnn1Oy3s43x39 -94DgEx78H/5fGkUDjqljXp1RBDeNJV7+tssRMISL ------END CERTIFICATE----- diff --git a/templates/filebeat/certs/filebeat.crt b/templates/filebeat/certs/filebeat.crt deleted file mode 100644 index 8b32bea..0000000 --- a/templates/filebeat/certs/filebeat.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDbjCCAlagAwIBAgIUCPrH9Oej8C0/4mg1Tum4iAzkHSMwDQYJKoZIhvcNAQEL -BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l -cmF0ZWQgQ0EwHhcNMjEwNDE4MTEwOTExWhcNMjIwNDE4MTEwOTExWjAoMSYwJAYD -VQQDEx1maWxlYmVhdC1kZXYtZWxhc3RpYy1zdGFjay0wMTCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBALdenPTRywIofEt8gAlpc1KwyzINsUE3TpBGYBS2 -oNAJdPC5kxSvsxclaATrAWZREPHaBiwlwgN5ApsAJzjC5NQDUrGP3ZR9Ij4Rkm5m -2yX32aWm2PurEOjhX6LPquCfadfzCctNFF1CEL/LzWenzUPN1gWSfHTIk3RGJMBt -BCb8y80RDFbFD7js7k87/zSYMlFocA/XTLWs8CTG7i71rxFVAc+9V7PWziUyIZ4j -Wa+cNDwrjmhscrA6IYf367wb+PUwcQJOVC5+NKJrJUCh91hYPn8Z34RGePuIOAjw -ITl13KrIK651pl1hear4SabGpFDX7uZwhfzMj31aJmqMQx0CAwEAAaOBgzCBgDAd -BgNVHQ4EFgQUiBlwII0trXd0F2tfRcHjcjgkZAAwHwYDVR0jBBgwFoAUSeYMqKe7 -afehFejvxRyGNj90+6cwMwYDVR0RBCwwKoIJbG9jYWxob3N0gh1maWxlYmVhdC1k -ZXYtZWxhc3RpYy1zdGFjay0wMTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IB -AQBogbmwhFmJVu9Sr9E9dhsj622aVvg3MQvp1tkvZ1S+ATXELwzvoKStmlvSUWdD -4KB4oAgK/b6a01WrJC1vF3RPHMF7JGmfGRqeJyYtk4uGfWWshnex+Ub0ooffd6l4 -I+sGFwiGuqHuekp5w0VEdgtRrrCaWXoHahIxiSdhcqaiRlS0TI8LOkjkTa4Y26am -aNg4PrP2dupJGGC94gEdomzaDw63tJsD3kSGuG3YVHMDmdySJv+ivJoudPsY+zva -dfwAVmpWVFdfd3L3twf7Mge68Zfcf8gIqxRTwr5LWfj//cu4ZbyiEe6gqgZs9Z2r -V/aVoiOdEjhuEaQh+m3sNkfq ------END CERTIFICATE----- diff --git a/templates/filebeat/certs/filebeat.key b/templates/filebeat/certs/filebeat.key deleted file mode 100644 index 4d5f98b..0000000 --- a/templates/filebeat/certs/filebeat.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAt16c9NHLAih8S3yACWlzUrDLMg2xQTdOkEZgFLag0Al08LmT -FK+zFyVoBOsBZlEQ8doGLCXCA3kCmwAnOMLk1ANSsY/dlH0iPhGSbmbbJffZpabY -+6sQ6OFfos+q4J9p1/MJy00UXUIQv8vNZ6fNQ83WBZJ8dMiTdEYkwG0EJvzLzREM -VsUPuOzuTzv/NJgyUWhwD9dMtazwJMbuLvWvEVUBz71Xs9bOJTIhniNZr5w0PCuO -aGxysDohh/frvBv49TBxAk5ULn40omslQKH3WFg+fxnfhEZ4+4g4CPAhOXXcqsgr -rnWmXWF5qvhJpsakUNfu5nCF/MyPfVomaoxDHQIDAQABAoIBAE9iMmj6efyRMl4r -o/JvKHHf/9fHfblSDD0Beo79EVl+/pVIgZgvCEU4+HNIme6FoeRSEuIB5qBCPxKD -WneESDRQy/f65F5oXe6pBM+uz6j8R8kjFkS9pjBrgU+mv79GxDetC8xrrilBdKbT -wDTjvEViUwlOhXq5arynsTls+KM3ihJfKjQh8ahal4+n/GN3R+S/F3eegKEEJq/k -vqmIPcPgHRoUb00s+zrNbiltLVlR/rU5/2vMudOrATdz0sf8DWssWBKMKv/7VYRS -GAykRuvGVtHS7UAA2zkoslSjPW6GjdxfZPRDo51VHFW1IK4PugY9OGVYR8+pwUX9 -aqyPQQECgYEA3MA8xQXqrL2tZNSNr5jSUiv5CkWbbkIkS+WYPVj7JduCYXcs1s74 -9AIDtmNOA5pPzHwjMtabU84BzjNOT6QDvdlkbVe9zgvq9svU9lNz2c3Q4MpbCT/i -lFhZjKe0cROSAvYk3hgUNE4DD4MymT2Q2/3sFAmbyTfPUr5bu86zonECgYEA1KZR -JsRrBuPk+7CbN8rytR/ZnT0h/SI/aev+4crDkwa0soQ4yaQK/9r91Jeq8HY/Tbwg -27c+LP33ms5/3gkpwkeh+VqeZ8fIbXJTqZ1FCadtUgLCq8vutanlaE8Z0K/enRS0 -Capexp1ZDtp8eSAeyos7RPxehqHSUMeF+MHMKW0CgYBbkKGkV7/vxv2VRVU/8PPM -gdDbIeRG58iGcsWjLLWADn0WUIiY0WESVYOUs7w4YlmXSCaRf9MN//VfwohJII8s -wG+Xqz1fqjHcDNBZHGSBg42QsF7yhz1EqyD55tZB0QxPjinctcArsfAzDwh957ue -hMTXyuSDolKsz6jdTe/VAQKBgF3mLxFqTERXn4ZQPsoNMM0wCjy3gOmxFMVl8z+q -9F9Y57OoVRcc+8ps3gbhDhdub5eYyf2bVbYyUwKlyqq16x2h2fEsxaPYATXq9OyB -yLlxmAFNvL51p6vKIMXFoAWZkzhTqwhVldIoKuo3Kh2mRFJ11q8orWjPzfnjkNH+ -aXOlAoGAaYv+Ft7GeR8mcZ2IIOivpVDQaYqgSN+uRA9yWd/ozvMtvN/sGkI48gco -ZlD7rsbZVhHLXTA+zbWU5G3SuBhJfwuiNWhHtuDRVqBefaXBaQr8GHxBxw1XcyxU -b+wzpN3zsSXMTW6+xrgw2I1eM07Ncn80EMfAjjUXFSLgoLVRDKk= ------END RSA PRIVATE KEY----- diff --git a/templates/filebeat/config/filebeat.yml.j2 b/templates/filebeat/config/filebeat.yml.j2 index fd68fb4..d060653 100644 --- a/templates/filebeat/config/filebeat.yml.j2 +++ b/templates/filebeat/config/filebeat.yml.j2 @@ -24,5 +24,5 @@ output.logstash: ssl: certificate_authorities: - /usr/share/filebeat/config/certificates/ca/ca.crt - certificate: /usr/share/filebeat/config/certificates/filebeat.crt - key: /usr/share/filebeat/config/certificates/filebeat.key + certificate: /usr/share/filebeat/config/certificates/{{ filebeat_certificate }}/{{ filebeat_certificate }}.crt + key: /usr/share/filebeat/config/certificates/{{ filebeat_certificate }}/{{ filebeat_certificate }}.key diff --git a/templates/traefik/traefik.toml.j2 b/templates/traefik/traefik.toml.j2 index dce4a8c..84238e1 100644 --- a/templates/traefik/traefik.toml.j2 +++ b/templates/traefik/traefik.toml.j2 @@ -67,17 +67,24 @@ scheme = "https" ### system monitoring port - host metrics ### - [entryPoints.admin-system] + [entryPoints.monitoring-system] address = ":{{ monitor_port_system }}" - [entryPoints.admin-system.http.redirections.entryPoint] - to = "admin-system" + [entryPoints.monitoring-system.http.redirections.entryPoint] + to = "monitoring-system" scheme = "https" ### system monitoring port - docker metrics ### - [entryPoints.admin-docker] + [entryPoints.monitoring-docker] address = ":{{ monitor_port_docker }}" - [entryPoints.admin-docker.http.redirections.entryPoint] - to = "admin-docker" + [entryPoints.monitoring-docker.http.redirections.entryPoint] + to = "monitoring-docker" + scheme = "https" + + ### system monitoring port - elastic metrics ### + [entryPoints.monitoring-elastic] + address = ":{{ monitor_port_elastic }}" + [entryPoints.monitoring-elastic.http.redirections.entryPoint] + to = "monitoring-elastic" scheme = "https" ### service monitoring port - metrics for all served services ### diff --git a/users/daniel.dz/id_ed25519.pub b/users/daniel.dz/id_rsa.pub similarity index 100% rename from users/daniel.dz/id_ed25519.pub rename to users/daniel.dz/id_rsa.pub