Last active
September 26, 2017 15:05
-
-
Save pweil-/4448bbffd0a155d274ec8f50bac6d09c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
tOp45vCI: | |
hash: 1de7B0FRafWkVGOgGLFJ | |
--- | |
prometheus: | |
hash: $2a$12$EZGiozL9dmZL0c5UU9yGm.OfhdrVnr1Vv5fmhx8nKWKNT4QxDAkoO | |
roles: | |
- sg_role_prometheus |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sg_role_kibana: | |
cluster: | |
- cluster:monitor/nodes/info | |
- cluster:monitor/health | |
indices: | |
'?kibana': | |
'*': | |
- ALL | |
sg_role_prometheus: | |
cluster: | |
- METRICS | |
# - "*" | |
# - cluster:monitor/_prometheus/metrics | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sg_role_prometheus: | |
users: | |
- 'prometheus' | |
sg_role_kibana: | |
users: | |
- 'CN=system.logging.kibana,OU=OpenShift,O=Logging' | |
sg_role_prometheus: | |
users: | |
- 'prometheus' | |
# ?? - 'system:serviceaccount:{{ openshift_logging_elasticsearch_namespace }}:aggregated-logging-elasticsearch' | |
sg_role_fluentd: | |
users: | |
- 'CN=system.logging.fluentd,OU=OpenShift,O=Logging' | |
sg_role_curator: | |
users: | |
- 'CN=system.logging.curator,OU=OpenShift,O=Logging' | |
sg_role_admin: | |
users: | |
- 'CN=system.admin,OU=OpenShift,O=Logging' | |
~ | |
~ | |
~ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
searchguard: | |
dynamic: | |
http: | |
xff: | |
enabled: true | |
remoteIpHeader: 'x-forwarded-for' | |
trustedProxies: '.*' | |
internalProxies: '.*' | |
authc: | |
authentication_domain_proxy: | |
enabled: true | |
order: 0 | |
http_authenticator: | |
challenge: false | |
type: proxy | |
config: | |
user_header: 'x-proxy-remote-user' | |
authentication_backend: | |
type: noop | |
authentication_domain_basic_internal: | |
enabled: true | |
order: 1 | |
http_authenticator: | |
type: clientcert | |
challenge: false | |
authentication_backend: | |
type: noop | |
prometheus_domain: | |
enabled: true | |
order: 2 | |
http_authenticator: | |
type: basic | |
challange: true | |
authentication_backend: | |
type: intern |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ es_seed_acl | |
[2017-09-26 15:04:47,607][INFO ][container.run ] Seeding the searchguard ACL index. Will wait up to 604800 seconds. | |
/usr/share/java/elasticsearch/config | |
Will connect to localhost:9300 ... done | |
2017-09-26 15:04:49 INFO SearchGuardSSLPlugin:84 - Search Guard 2 plugin not available | |
2017-09-26 15:04:49 INFO SearchGuardPlugin:58 - Clustername: elasticsearch | |
2017-09-26 15:04:49 INFO SearchGuardPlugin:70 - Node [null] is a transportClient: true/tribeNode: false/tribeNodeClient: false | |
2017-09-26 15:04:49 INFO plugins:180 - [Golden Girl] modules [], plugins [search-guard-ssl, search-guard2], sites [] | |
2017-09-26 15:04:50 INFO DefaultSearchGuardKeyStore:423 - Open SSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of java.lang.ClassNotFoundException: org.apache.tomcat.jni.SSL | |
2017-09-26 15:04:50 INFO DefaultSearchGuardKeyStore:173 - Config directory is /usr/share/java/elasticsearch/config/, from there the key- and truststore files are resolved relatively | |
2017-09-26 15:04:50 INFO DefaultSearchGuardKeyStore:142 - sslTransportClientProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256] | |
2017-09-26 15:04:50 INFO DefaultSearchGuardKeyStore:144 - sslTransportServerProvider:JDK with ciphers [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256] | |
2017-09-26 15:04:50 INFO DefaultSearchGuardKeyStore:146 - sslHTTPProvider:null with ciphers [] | |
2017-09-26 15:04:50 INFO DefaultSearchGuardKeyStore:148 - sslTransport protocols [TLSv1.2, TLSv1.1] | |
2017-09-26 15:04:50 INFO DefaultSearchGuardKeyStore:149 - sslHTTP protocols [TLSv1.2, TLSv1.1] | |
2017-09-26 15:04:51 INFO transport:99 - [Golden Girl] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl] | |
Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ... | |
Clustername: logging-es | |
Clusterstate: GREEN | |
Number of nodes: 1 | |
Number of data nodes: 1 | |
.searchguard.logging-es-data-master-rjg1okpn index already exists, so we do not need to create one. | |
Populate config from /opt/app-root/src/sgconfig/ | |
Will update 'config' with /opt/app-root/src/sgconfig/sg_config.yml | |
SUCC: Configuration for 'config' created or updated | |
Will update 'roles' with /opt/app-root/src/sgconfig/sg_roles.yml | |
SUCC: Configuration for 'roles' created or updated | |
Will update 'rolesmapping' with /opt/app-root/src/sgconfig/sg_roles_mapping.yml | |
SUCC: Configuration for 'rolesmapping' created or updated | |
Will update 'internalusers' with /opt/app-root/src/sgconfig/sg_internal_users.yml | |
SUCC: Configuration for 'internalusers' created or updated | |
Will update 'actiongroups' with /opt/app-root/src/sgconfig/sg_action_groups.yml | |
SUCC: Configuration for 'actiongroups' created or updated | |
Done with success | |
[2017-09-26 15:05:01,501][INFO ][container.run ] Seeded the searchguard ACL index | |
bash-4.2$ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment