From 35c741ae63a06890fdcf43caf6a9b3ea46f29d77 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 21 Jan 2021 09:49:31 -0500 Subject: [PATCH 01/10] Turn on Xpack SSL --- salt/elasticsearch/files/elasticsearch.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index 1ad65c43f..637db4d90 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -7,6 +7,7 @@ {%- else %} {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername') %} {%- endif %} +{%- set NODE_ROLES = salt['pillar.get']('elasticsearch:node_roles', ['data', 'ingest']) %} cluster.name: "{{ ESCLUSTERNAME }}" network.host: 0.0.0.0 @@ -27,13 +28,16 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% {%- if FEATURES is sameas true %} #xpack.security.enabled: false #xpack.security.http.ssl.enabled: false -#xpack.security.transport.ssl.enabled: false +xpack.security.transport.ssl.enabled: false +xpack.security.transport.ssl.verification_mode: certificate +xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key +xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt +xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ] +xpack.security.transport.ssl.verification_mode: none + #xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key #xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt #xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt -#xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key -#xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt -#xpack.security.transport.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt #xpack.security.transport.ssl.verification_mode: none #xpack.security.http.ssl.client_authentication: none #xpack.security.authc: @@ -55,7 +59,7 @@ discovery.seed_hosts: {%- endfor %} {%- endif %} {%- else %} -node.roles: [ data, ingest ] +node.roles: [ {{ NODE_ROLES }} ] node.attr.box_type: {{ NODE_ROUTE_TYPE }} discovery.seed_hosts: - {{ grains.master }} From 6de70ec820fe971d8ded31ad1e3af57ab6dfde96 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 21 Jan 2021 11:12:12 -0500 Subject: [PATCH 02/10] Update docker mappings for ES --- salt/elasticsearch/files/elasticsearch.yml | 1 - salt/elasticsearch/init.sls | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index 637db4d90..cabec3a49 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -33,7 +33,6 @@ xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ] -xpack.security.transport.ssl.verification_mode: none #xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key #xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 2d83f9882..951c375f6 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -223,6 +223,8 @@ so-elasticsearch: - /opt/so/log/elasticsearch:/var/log/elasticsearch:rw - /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro - /etc/pki/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro + - /etc/pki/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt:ro + - /etc/pki/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.keys:ro - /etc/pki/elasticsearch.p12:/usr/share/elasticsearch/config/elasticsearch.p12:ro - /opt/so/conf/elasticsearch/sotls.yml:/usr/share/elasticsearch/config/sotls.yml:ro - watch: From 84b75a38a34ddcf8b9b3bc4731a1aca9895bfc81 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 21 Jan 2021 11:21:04 -0500 Subject: [PATCH 03/10] Fix error in init.sls for ES --- salt/elasticsearch/files/elasticsearch.yml | 2 +- salt/elasticsearch/init.sls | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index cabec3a49..de97466de 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -58,7 +58,7 @@ discovery.seed_hosts: {%- endfor %} {%- endif %} {%- else %} -node.roles: [ {{ NODE_ROLES }} ] +node.roles: {{ NODE_ROLES }} node.attr.box_type: {{ NODE_ROUTE_TYPE }} discovery.seed_hosts: - {{ grains.master }} diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 951c375f6..d4d81e815 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -224,7 +224,7 @@ so-elasticsearch: - /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro - /etc/pki/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro - /etc/pki/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt:ro - - /etc/pki/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.keys:ro + - /etc/pki/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key:ro - /etc/pki/elasticsearch.p12:/usr/share/elasticsearch/config/elasticsearch.p12:ro - /opt/so/conf/elasticsearch/sotls.yml:/usr/share/elasticsearch/config/sotls.yml:ro - watch: From 013b706ce40db032832dfd7ba6793c7adb8d86c9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 21 Jan 2021 12:13:23 -0500 Subject: [PATCH 04/10] Enable http ssl --- salt/elasticsearch/files/elasticsearch.yml | 21 ++++++++++----------- salt/elasticsearch/init.sls | 8 +------- 2 files changed, 11 insertions(+), 18 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index de97466de..1ea190236 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -25,26 +25,25 @@ cluster.routing.allocation.disk.threshold_enabled: true cluster.routing.allocation.disk.watermark.low: 95% cluster.routing.allocation.disk.watermark.high: 98% cluster.routing.allocation.disk.watermark.flood_stage: 98% -{%- if FEATURES is sameas true %} #xpack.security.enabled: false #xpack.security.http.ssl.enabled: false -xpack.security.transport.ssl.enabled: false -xpack.security.transport.ssl.verification_mode: certificate +xpack.security.transport.ssl.enabled: true +xpack.security.transport.ssl.verification_mode: none xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt -xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ] - -#xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key -#xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt -#xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt -#xpack.security.transport.ssl.verification_mode: none -#xpack.security.http.ssl.client_authentication: none +xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ] +{%- if grains['role'] in ['so-node','so-heavynode'] %} +xpack.security.http.ssl.enabled: true +xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key +xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt +xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt +xpack.security.http.ssl.client_authentication: none +{%- endif %} #xpack.security.authc: # anonymous: # username: anonymous_user # roles: superuser # authz_exception: true -{%- endif %} node.name: {{ grains.host }} script.max_compilations_rate: 1000/1m {%- if TRUECLUSTER is sameas true %} diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index d4d81e815..af055c678 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -25,12 +25,6 @@ {% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} {% set MANAGERIP = salt['pillar.get']('global:managerip') %} -{% if FEATURES is sameas true %} - {% set FEATUREZ = "-features" %} -{% else %} - {% set FEATUREZ = '' %} -{% endif %} - {% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %} {% set esclustername = salt['pillar.get']('manager:esclustername') %} {% set esheap = salt['pillar.get']('manager:esheap') %} @@ -188,7 +182,7 @@ eslogdir: so-elasticsearch: docker_container.running: - - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }}{{ FEATUREZ }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }} - hostname: elasticsearch - name: so-elasticsearch - user: elasticsearch From bb523c44e6177205dd7f06d14e9676511e4dd0b3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 21 Jan 2021 12:19:41 -0500 Subject: [PATCH 05/10] Enable features temporarily --- salt/elasticsearch/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index af055c678..e71398e4b 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -182,7 +182,7 @@ eslogdir: so-elasticsearch: docker_container.running: - - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }}-features - hostname: elasticsearch - name: so-elasticsearch - user: elasticsearch From 9759990233d5568d0512a53b4ab7d683fa1e6041 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 21 Jan 2021 12:29:45 -0500 Subject: [PATCH 06/10] Switch to java key store --- salt/elasticsearch/files/elasticsearch.yml | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index 1ea190236..3a763732b 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -29,15 +29,23 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% #xpack.security.http.ssl.enabled: false xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: none -xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key -xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt -xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ] +xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys +xpack.security.transport.ssl.keystore.password: changeit +xpack.security.transport.ssl.truststore.path: /etc/pki/java/cacerts +xpack.security.transport.ssl.truststore.password: changeit +#xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key +#xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt +#xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ] {%- if grains['role'] in ['so-node','so-heavynode'] %} xpack.security.http.ssl.enabled: true -xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key -xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt -xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt xpack.security.http.ssl.client_authentication: none +xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys +xpack.security.http.ssl.keystore.password: changeit +xpack.security.http.ssl.truststore.path: /etc/pki/java/cacerts +xpack.security.http.ssl.truststore.password: changeit +#xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key +#xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt +#xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt {%- endif %} #xpack.security.authc: # anonymous: From b0914fa60487f4486b0edbec5a69076bf974d202 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 21 Jan 2021 12:46:00 -0500 Subject: [PATCH 07/10] try .p12 --- salt/elasticsearch/files/elasticsearch.yml | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index 3a763732b..d9cf80cd9 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -29,20 +29,24 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98% #xpack.security.http.ssl.enabled: false xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: none -xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys -xpack.security.transport.ssl.keystore.password: changeit -xpack.security.transport.ssl.truststore.path: /etc/pki/java/cacerts -xpack.security.transport.ssl.truststore.password: changeit +xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elasticsearch.p12 +xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elasticsearch.p12 +#xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys +#xpack.security.transport.ssl.keystore.secure_password: changeit +#xpack.security.transport.ssl.truststore.path: /etc/pki/java/cacerts +#xpack.security.transport.ssl.truststore.password: changeit #xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key #xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt #xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ] {%- if grains['role'] in ['so-node','so-heavynode'] %} xpack.security.http.ssl.enabled: true xpack.security.http.ssl.client_authentication: none -xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys -xpack.security.http.ssl.keystore.password: changeit -xpack.security.http.ssl.truststore.path: /etc/pki/java/cacerts -xpack.security.http.ssl.truststore.password: changeit +xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/elasticsearch.p12 +xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/elasticsearch.p12 +#xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys +#xpack.security.http.ssl.keystore.secure_password: changeit +#xpack.security.http.ssl.truststore.path: /etc/pki/java/cacerts +#xpack.security.http.ssl.truststore.password: changeit #xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key #xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt #xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt From 9f984036c5d1b4b70c6af32cf960e5af4ca79873 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 21 Jan 2021 13:00:46 -0500 Subject: [PATCH 08/10] Use the internmediate cert --- salt/elasticsearch/files/elasticsearch.yml | 25 ++++++---------------- salt/elasticsearch/init.sls | 5 +++++ 2 files changed, 11 insertions(+), 19 deletions(-) diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml index d9cf80cd9..4a7260bc6 100644 --- a/salt/elasticsearch/files/elasticsearch.yml +++ b/salt/elasticsearch/files/elasticsearch.yml @@ -26,30 +26,17 @@ cluster.routing.allocation.disk.watermark.low: 95% cluster.routing.allocation.disk.watermark.high: 98% cluster.routing.allocation.disk.watermark.flood_stage: 98% #xpack.security.enabled: false -#xpack.security.http.ssl.enabled: false xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: none -xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elasticsearch.p12 -xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elasticsearch.p12 -#xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys -#xpack.security.transport.ssl.keystore.secure_password: changeit -#xpack.security.transport.ssl.truststore.path: /etc/pki/java/cacerts -#xpack.security.transport.ssl.truststore.password: changeit -#xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key -#xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt -#xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ] +xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key +xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt +xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ] {%- if grains['role'] in ['so-node','so-heavynode'] %} xpack.security.http.ssl.enabled: true xpack.security.http.ssl.client_authentication: none -xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/elasticsearch.p12 -xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/elasticsearch.p12 -#xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys -#xpack.security.http.ssl.keystore.secure_password: changeit -#xpack.security.http.ssl.truststore.path: /etc/pki/java/cacerts -#xpack.security.http.ssl.truststore.password: changeit -#xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key -#xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt -#xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt +xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key +xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt +xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt {%- endif %} #xpack.security.authc: # anonymous: diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index e71398e4b..f1b82f068 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -216,6 +216,11 @@ so-elasticsearch: - /nsm/elasticsearch:/usr/share/elasticsearch/data:rw - /opt/so/log/elasticsearch:/var/log/elasticsearch:rw - /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro + {% if grains['role'] in ['so-manager','so-managersearch'] %} + - /etc/pki/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro + {% else %} + - /etc/ssl/certs/intca.crt:/usr/share/elasticsearch/config/ca.crt:ro + {% endif %} - /etc/pki/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro - /etc/pki/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt:ro - /etc/pki/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key:ro From f85ecf254efa3ced574d2c623a6db531fec573cf Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 21 Jan 2021 13:21:08 -0500 Subject: [PATCH 09/10] Fix dupe --- salt/elasticsearch/init.sls | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index f1b82f068..f34c87829 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -216,12 +216,11 @@ so-elasticsearch: - /nsm/elasticsearch:/usr/share/elasticsearch/data:rw - /opt/so/log/elasticsearch:/var/log/elasticsearch:rw - /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro - {% if grains['role'] in ['so-manager','so-managersearch'] %} + {% if ismanager %} - /etc/pki/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro {% else %} - /etc/ssl/certs/intca.crt:/usr/share/elasticsearch/config/ca.crt:ro {% endif %} - - /etc/pki/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro - /etc/pki/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt:ro - /etc/pki/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key:ro - /etc/pki/elasticsearch.p12:/usr/share/elasticsearch/config/elasticsearch.p12:ro From 9408d62c65c7ba7042f8e1b874c35a3da1f18491 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 21 Jan 2021 13:55:53 -0500 Subject: [PATCH 10/10] Remove features --- salt/elasticsearch/init.sls | 2 +- salt/filebeat/init.sls | 2 +- salt/kibana/init.sls | 2 +- salt/logstash/init.sls | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index f34c87829..39b4722f4 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -182,7 +182,7 @@ eslogdir: so-elasticsearch: docker_container.running: - - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }}-features + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }} - hostname: elasticsearch - name: so-elasticsearch - user: elasticsearch diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls index 98229ca35..c62d9004c 100644 --- a/salt/filebeat/init.sls +++ b/salt/filebeat/init.sls @@ -66,7 +66,7 @@ filebeatconfsync: OUTPUT: {{ salt['pillar.get']('filebeat:config:output', {}) }} so-filebeat: docker_container.running: - - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-filebeat:{{ VERSION }}{{ FEATURES }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-filebeat:{{ VERSION }} - hostname: so-filebeat - user: root - extra_hosts: {{ MANAGER }}:{{ MANAGERIP }},{{ LOCALHOSTNAME }}:{{ LOCALHOSTIP }} diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls index 02e76495d..3faed391e 100644 --- a/salt/kibana/init.sls +++ b/salt/kibana/init.sls @@ -75,7 +75,7 @@ kibanabin: # Start the kibana docker so-kibana: docker_container.running: - - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-kibana:{{ VERSION }}{{ FEATURES }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-kibana:{{ VERSION }} - hostname: kibana - user: kibana - environment: diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index e23e4eef2..b08777db4 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -148,7 +148,7 @@ lslogdir: so-logstash: docker_container.running: - - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logstash:{{ VERSION }}{{ FEATURES }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logstash:{{ VERSION }} - hostname: so-logstash - name: so-logstash - user: logstash