Loading .gitlab-ci.yml +42 −9 Original line number Diff line number Diff line Loading @@ -72,25 +72,33 @@ deploy-supporting-branch-develop: IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.es6-1.tmpl.yml:docker-compose.es6-1.dev.yml SG_ADMIN_DN: ${DEV_SG_ADMIN_DN} SG_NODE_1_DN: ${DEV_SG_NODE_1_DN} SG_NODE_2_DN: ${DEV_SG_NODE_2_DN} SG_NODE_3_DN: ${DEV_SG_NODE_3_DN} CA_PEM: ${DEV_CA_PEM} CA_KEY: ${DEV_CA_KEY} NODE_PEM: ${DEV_NODE_PEM} NODE_KEY: ${DEV_NODE_KEY} NODE_CSR: ${DEV_NODE_CSR} ADMIN_PEM: ${DEV_ADMIN_PEM} ADMIN_KEY: ${DEV_ADMIN_KEY} ADMIN_CSR: ${DEV_ADMIN_CSR} NODE_PEM: ${DEV_NODE_1_PEM} NODE_KEY: ${DEV_NODE_1_KEY} NODE_CSR: ${DEV_NODE_1_CSR} SG_USERS: ${DEV_SG_USERS} script: - mkdir -p deploy/certs - mkdir -p deploy/certs deploy/config - echo "${CA_PEM}" > "deploy/certs/root-ca.pem" - echo "${CA_KEY}" > "deploy/certs/root-ca.key" - echo "${NODE_PEM}" > "deploy/certs/node1.pem" - echo "${NODE_KEY}" > "deploy/certs/node1.key" - echo "${NODE_CSR}" > "deploy/certs/node1.csr" - echo "${ADMIN_PEM}" > "deploy/certs/admin.pem" - echo "${ADMIN_KEY}" > "deploy/certs/admin.key" - echo "${ADMIN_CSR}" > "deploy/certs/admin.csr" - deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} - echo "${NODE_PEM}" > "deploy/certs/node.pem" - echo "${NODE_KEY}" > "deploy/certs/node.key" - echo "${NODE_CSR}" > "deploy/certs/node.csr" - echo "${SG_USERS}" > "deploy/config/sg_internal_users.yml" - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SG_ADMIN_DN=${SG_ADMIN_DN} SG_NODE_1_DN=${SG_NODE_1_DN} SG_NODE_2_DN=${SG_NODE_2_DN} SG_NODE_3_DN=${SG_NODE_3_DN} environment: name: dev only: Loading @@ -109,8 +117,33 @@ deploy-stable-branch-develop: IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.es6-1.tmpl.yml:docker-compose.es6-1.dev.yml SG_ADMIN_DN: ${DEV_SG_ADMIN_DN} SG_NODE_1_DN: ${DEV_SG_NODE_1_DN} SG_NODE_2_DN: ${DEV_SG_NODE_2_DN} SG_NODE_3_DN: ${DEV_SG_NODE_3_DN} CA_PEM: ${DEV_CA_PEM} CA_KEY: ${DEV_CA_KEY} ADMIN_PEM: ${DEV_ADMIN_PEM} ADMIN_KEY: ${DEV_ADMIN_KEY} ADMIN_CSR: ${DEV_ADMIN_CSR} NODE_PEM: ${DEV_NODE_1_PEM} NODE_KEY: ${DEV_NODE_1_KEY} NODE_CSR: ${DEV_NODE_1_CSR} SG_USERS: ${DEV_SG_USERS} script: - deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} - mkdir -p deploy/certs deploy/config - echo "${CA_PEM}" > "deploy/certs/root-ca.pem" - echo "${CA_KEY}" > "deploy/certs/root-ca.key" - echo "${ADMIN_PEM}" > "deploy/certs/admin.pem" - echo "${ADMIN_KEY}" > "deploy/certs/admin.key" - echo "${ADMIN_CSR}" > "deploy/certs/admin.csr" - echo "${NODE_PEM}" > "deploy/certs/node.pem" - echo "${NODE_KEY}" > "deploy/certs/node.key" - echo "${NODE_CSR}" > "deploy/certs/node.csr" - echo "${SG_USERS}" > "deploy/config/sg_internal_users.yml" - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SG_ADMIN_DN=${SG_ADMIN_DN} SG_NODE_1_DN=${SG_NODE_1_DN} SG_NODE_2_DN=${SG_NODE_2_DN} SG_NODE_3_DN=${SG_NODE_3_DN} environment: name: dev only: Loading deploy/docker-compose.es6-1.tmpl.yml +61 −25 Original line number Diff line number Diff line Loading @@ -12,40 +12,72 @@ services: - path.data=${ES_PATH_DATA} - network.host=${ES_NETWORK_HOST} - bootstrap.memory_lock=${ES_BOOTSTRAP_MEMORY_LOCK} - searchguard.nodes_dn=${SG_NODES_DN} - searchguard.authcz.admin_dn=${SG_ADMIN_DN} - searchguard.ssl.transport.pemcert_filepath=/certs/node1.pem - searchguard.ssl.transport.pemkey_filepath=/certs/node1.key - searchguard.ssl.transport.pemtrustedcas_filepath=/certs/root-ca.pem - xpack.security.enabled=false - searchguard.nodes_dn.0=${SG_NODE_1_DN} - searchguard.nodes_dn.1=${SG_NODE_2_DN} - searchguard.nodes_dn.2=${SG_NODE_3_DN} - searchguard.authcz.admin_dn.0=${SG_ADMIN_DN} - searchguard.ssl.transport.pemcert_filepath=certs/node.pem - searchguard.ssl.transport.pemkey_filepath=certs/node.key - searchguard.ssl.transport.pemtrustedcas_filepath=certs/root-ca.pem - searchguard.ssl.transport.enforce_hostname_verification=false - searchguard.ssl.transport.resolve_hostname=false - searchguard.ssl.http.enabled=true - searchguard.ssl.http.pemcert_filepath=/certs/node1.pem - searchguard.ssl.http.pemkey_filepath=/certs/node1.key - searchguard.ssl.http.pemtrustedcas_filepath=/certs/root-ca.pem - searchguard.ssl.http.enabled=false - searchguard.ssl.http.pemcert_filepath=certs/node.pem - searchguard.ssl.http.pemkey_filepath=certs/node.key - searchguard.ssl.http.pemtrustedcas_filepath=certs/root-ca.pem networks: elastic6-net: elastic-net: aliases: - es6-1 - ${ELASTIC_NET_ALIAS:-es6-1} volumes: - es-vol:${ES_PATH_DATA} secrets: - source: ca-pem target: /certs/root-ca.pem target: /usr/share/elasticsearch/config/certs/root-ca.pem mode: 0600 uid: '1000' gid: '1000' - source: ca-key target: /certs/root-ca.key target: /usr/share/elasticsearch/config/certs/root-ca.key mode: 0600 uid: '1000' gid: '1000' - source: node-pem target: /certs/node1.pem target: /usr/share/elasticsearch/config/certs/node.pem mode: 0600 uid: '1000' gid: '1000' - source: node-key target: /certs/node1.key target: /usr/share/elasticsearch/config/certs/node.key mode: 0600 uid: '1000' gid: '1000' - source: node-csr target: /certs/node1.csr target: /usr/share/elasticsearch/config/certs/node.csr mode: 0600 uid: '1000' gid: '1000' - source: admin-pem target: /certs/admin.pem target: /usr/share/elasticsearch/config/certs/admin.pem mode: 0600 uid: '1000' gid: '1000' - source: admin-key target: /certs/admin.key target: /usr/share/elasticsearch/config/certs/admin.key mode: 0600 uid: '1000' gid: '1000' - source: admin-csr target: /certs/admin.csr target: /usr/share/elasticsearch/config/certs/admin.csr mode: 0600 uid: '1000' gid: '1000' - source: sg-users target: /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml mode: 0600 uid: '1000' gid: '1000' deploy: mode: replicated replicas: 1 Loading @@ -59,14 +91,14 @@ services: reservations: memory: 1639M healthcheck: test: curl --fail --silent localhost:${PORT}/_cluster/health test: curl --silent localhost:${PORT}/_searchguard/health timeout: 10s retries: 3 start_period: 2m networks: elastic6-net: name: elastic6-net elastic-net: name: ${ELASTIC_NET_NAME:-elastic6-net} driver: overlay attachable: true Loading @@ -81,15 +113,15 @@ secrets: node-pem: name: ${NODE_PEM_NAME:-node-pem} file: ./certs/node1.pem file: ./certs/node.pem node-key: name: ${NODE_KEY_NAME:-node-key} file: ./certs/node1.key file: ./certs/node.key node-csr: name: ${NODE_CSR_NAME:-node-csr} file: ./certs/node1.csr file: ./certs/node.csr admin-pem: name: ${ADMIN_PEM_NAME:-admin-pem} Loading @@ -102,3 +134,7 @@ secrets: admin-csr: name: ${ADMIN_CSR_NAME:-admin-csr} file: ./certs/admin.csr sg-users: name: ${SG_USERS_NAME:-sg-users} file: ./config/sg_internal_users.yml Loading
.gitlab-ci.yml +42 −9 Original line number Diff line number Diff line Loading @@ -72,25 +72,33 @@ deploy-supporting-branch-develop: IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.es6-1.tmpl.yml:docker-compose.es6-1.dev.yml SG_ADMIN_DN: ${DEV_SG_ADMIN_DN} SG_NODE_1_DN: ${DEV_SG_NODE_1_DN} SG_NODE_2_DN: ${DEV_SG_NODE_2_DN} SG_NODE_3_DN: ${DEV_SG_NODE_3_DN} CA_PEM: ${DEV_CA_PEM} CA_KEY: ${DEV_CA_KEY} NODE_PEM: ${DEV_NODE_PEM} NODE_KEY: ${DEV_NODE_KEY} NODE_CSR: ${DEV_NODE_CSR} ADMIN_PEM: ${DEV_ADMIN_PEM} ADMIN_KEY: ${DEV_ADMIN_KEY} ADMIN_CSR: ${DEV_ADMIN_CSR} NODE_PEM: ${DEV_NODE_1_PEM} NODE_KEY: ${DEV_NODE_1_KEY} NODE_CSR: ${DEV_NODE_1_CSR} SG_USERS: ${DEV_SG_USERS} script: - mkdir -p deploy/certs - mkdir -p deploy/certs deploy/config - echo "${CA_PEM}" > "deploy/certs/root-ca.pem" - echo "${CA_KEY}" > "deploy/certs/root-ca.key" - echo "${NODE_PEM}" > "deploy/certs/node1.pem" - echo "${NODE_KEY}" > "deploy/certs/node1.key" - echo "${NODE_CSR}" > "deploy/certs/node1.csr" - echo "${ADMIN_PEM}" > "deploy/certs/admin.pem" - echo "${ADMIN_KEY}" > "deploy/certs/admin.key" - echo "${ADMIN_CSR}" > "deploy/certs/admin.csr" - deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} - echo "${NODE_PEM}" > "deploy/certs/node.pem" - echo "${NODE_KEY}" > "deploy/certs/node.key" - echo "${NODE_CSR}" > "deploy/certs/node.csr" - echo "${SG_USERS}" > "deploy/config/sg_internal_users.yml" - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SG_ADMIN_DN=${SG_ADMIN_DN} SG_NODE_1_DN=${SG_NODE_1_DN} SG_NODE_2_DN=${SG_NODE_2_DN} SG_NODE_3_DN=${SG_NODE_3_DN} environment: name: dev only: Loading @@ -109,8 +117,33 @@ deploy-stable-branch-develop: IMAGE_NAME: ${CI_REGISTRY_IMAGE} IMAGE_TAG: ${CI_COMMIT_SHA} COMPOSE_FILE: docker-compose.es6-1.tmpl.yml:docker-compose.es6-1.dev.yml SG_ADMIN_DN: ${DEV_SG_ADMIN_DN} SG_NODE_1_DN: ${DEV_SG_NODE_1_DN} SG_NODE_2_DN: ${DEV_SG_NODE_2_DN} SG_NODE_3_DN: ${DEV_SG_NODE_3_DN} CA_PEM: ${DEV_CA_PEM} CA_KEY: ${DEV_CA_KEY} ADMIN_PEM: ${DEV_ADMIN_PEM} ADMIN_KEY: ${DEV_ADMIN_KEY} ADMIN_CSR: ${DEV_ADMIN_CSR} NODE_PEM: ${DEV_NODE_1_PEM} NODE_KEY: ${DEV_NODE_1_KEY} NODE_CSR: ${DEV_NODE_1_CSR} SG_USERS: ${DEV_SG_USERS} script: - deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} - mkdir -p deploy/certs deploy/config - echo "${CA_PEM}" > "deploy/certs/root-ca.pem" - echo "${CA_KEY}" > "deploy/certs/root-ca.key" - echo "${ADMIN_PEM}" > "deploy/certs/admin.pem" - echo "${ADMIN_KEY}" > "deploy/certs/admin.key" - echo "${ADMIN_CSR}" > "deploy/certs/admin.csr" - echo "${NODE_PEM}" > "deploy/certs/node.pem" - echo "${NODE_KEY}" > "deploy/certs/node.key" - echo "${NODE_CSR}" > "deploy/certs/node.csr" - echo "${SG_USERS}" > "deploy/config/sg_internal_users.yml" - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SG_ADMIN_DN=${SG_ADMIN_DN} SG_NODE_1_DN=${SG_NODE_1_DN} SG_NODE_2_DN=${SG_NODE_2_DN} SG_NODE_3_DN=${SG_NODE_3_DN} environment: name: dev only: Loading
deploy/docker-compose.es6-1.tmpl.yml +61 −25 Original line number Diff line number Diff line Loading @@ -12,40 +12,72 @@ services: - path.data=${ES_PATH_DATA} - network.host=${ES_NETWORK_HOST} - bootstrap.memory_lock=${ES_BOOTSTRAP_MEMORY_LOCK} - searchguard.nodes_dn=${SG_NODES_DN} - searchguard.authcz.admin_dn=${SG_ADMIN_DN} - searchguard.ssl.transport.pemcert_filepath=/certs/node1.pem - searchguard.ssl.transport.pemkey_filepath=/certs/node1.key - searchguard.ssl.transport.pemtrustedcas_filepath=/certs/root-ca.pem - xpack.security.enabled=false - searchguard.nodes_dn.0=${SG_NODE_1_DN} - searchguard.nodes_dn.1=${SG_NODE_2_DN} - searchguard.nodes_dn.2=${SG_NODE_3_DN} - searchguard.authcz.admin_dn.0=${SG_ADMIN_DN} - searchguard.ssl.transport.pemcert_filepath=certs/node.pem - searchguard.ssl.transport.pemkey_filepath=certs/node.key - searchguard.ssl.transport.pemtrustedcas_filepath=certs/root-ca.pem - searchguard.ssl.transport.enforce_hostname_verification=false - searchguard.ssl.transport.resolve_hostname=false - searchguard.ssl.http.enabled=true - searchguard.ssl.http.pemcert_filepath=/certs/node1.pem - searchguard.ssl.http.pemkey_filepath=/certs/node1.key - searchguard.ssl.http.pemtrustedcas_filepath=/certs/root-ca.pem - searchguard.ssl.http.enabled=false - searchguard.ssl.http.pemcert_filepath=certs/node.pem - searchguard.ssl.http.pemkey_filepath=certs/node.key - searchguard.ssl.http.pemtrustedcas_filepath=certs/root-ca.pem networks: elastic6-net: elastic-net: aliases: - es6-1 - ${ELASTIC_NET_ALIAS:-es6-1} volumes: - es-vol:${ES_PATH_DATA} secrets: - source: ca-pem target: /certs/root-ca.pem target: /usr/share/elasticsearch/config/certs/root-ca.pem mode: 0600 uid: '1000' gid: '1000' - source: ca-key target: /certs/root-ca.key target: /usr/share/elasticsearch/config/certs/root-ca.key mode: 0600 uid: '1000' gid: '1000' - source: node-pem target: /certs/node1.pem target: /usr/share/elasticsearch/config/certs/node.pem mode: 0600 uid: '1000' gid: '1000' - source: node-key target: /certs/node1.key target: /usr/share/elasticsearch/config/certs/node.key mode: 0600 uid: '1000' gid: '1000' - source: node-csr target: /certs/node1.csr target: /usr/share/elasticsearch/config/certs/node.csr mode: 0600 uid: '1000' gid: '1000' - source: admin-pem target: /certs/admin.pem target: /usr/share/elasticsearch/config/certs/admin.pem mode: 0600 uid: '1000' gid: '1000' - source: admin-key target: /certs/admin.key target: /usr/share/elasticsearch/config/certs/admin.key mode: 0600 uid: '1000' gid: '1000' - source: admin-csr target: /certs/admin.csr target: /usr/share/elasticsearch/config/certs/admin.csr mode: 0600 uid: '1000' gid: '1000' - source: sg-users target: /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml mode: 0600 uid: '1000' gid: '1000' deploy: mode: replicated replicas: 1 Loading @@ -59,14 +91,14 @@ services: reservations: memory: 1639M healthcheck: test: curl --fail --silent localhost:${PORT}/_cluster/health test: curl --silent localhost:${PORT}/_searchguard/health timeout: 10s retries: 3 start_period: 2m networks: elastic6-net: name: elastic6-net elastic-net: name: ${ELASTIC_NET_NAME:-elastic6-net} driver: overlay attachable: true Loading @@ -81,15 +113,15 @@ secrets: node-pem: name: ${NODE_PEM_NAME:-node-pem} file: ./certs/node1.pem file: ./certs/node.pem node-key: name: ${NODE_KEY_NAME:-node-key} file: ./certs/node1.key file: ./certs/node.key node-csr: name: ${NODE_CSR_NAME:-node-csr} file: ./certs/node1.csr file: ./certs/node.csr admin-pem: name: ${ADMIN_PEM_NAME:-admin-pem} Loading @@ -102,3 +134,7 @@ secrets: admin-csr: name: ${ADMIN_CSR_NAME:-admin-csr} file: ./certs/admin.csr sg-users: name: ${SG_USERS_NAME:-sg-users} file: ./config/sg_internal_users.yml
