Loading .gitlab-ci.yml +6 −0 Original line number Diff line number Diff line Loading @@ -85,6 +85,8 @@ deploy-supporting-branch-develop: NODE_KEY: ${DEV_NODE_1_KEY} NODE_CSR: ${DEV_NODE_1_CSR} SG_USERS: ${DEV_SG_USERS} S3_ACCESS_KEY: ${DEV_S3_ACCESS_KEY} S3_SECRET_KEY: ${DEV_S3_SECRET_KEY} script: - mkdir -p deploy/certs deploy/config - echo "${CA_PEM}" > "deploy/certs/root-ca.pem" Loading @@ -99,6 +101,7 @@ deploy-supporting-branch-develop: - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SG_ADMIN_DN=${SG_ADMIN_DN} SG_NODE_1_DN=${SG_NODE_1_DN} SG_NODE_2_DN=${SG_NODE_2_DN} SG_NODE_3_DN=${SG_NODE_3_DN} S3_ACCESS_KEY=${S3_ACCESS_KEY} S3_SECRET_KEY=${S3_SECRET_KEY} environment: name: dev only: Loading Loading @@ -130,6 +133,8 @@ deploy-stable-branch-develop: NODE_KEY: ${DEV_NODE_1_KEY} NODE_CSR: ${DEV_NODE_1_CSR} SG_USERS: ${DEV_SG_USERS} S3_ACCESS_KEY: ${DEV_S3_ACCESS_KEY} S3_SECRET_KEY: ${DEV_S3_SECRET_KEY} script: - mkdir -p deploy/certs deploy/config - echo "${CA_PEM}" > "deploy/certs/root-ca.pem" Loading @@ -144,6 +149,7 @@ deploy-stable-branch-develop: - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SG_ADMIN_DN=${SG_ADMIN_DN} SG_NODE_1_DN=${SG_NODE_1_DN} SG_NODE_2_DN=${SG_NODE_2_DN} SG_NODE_3_DN=${SG_NODE_3_DN} S3_ACCESS_KEY=${S3_ACCESS_KEY} S3_SECRET_KEY=${S3_SECRET_KEY} environment: name: dev only: Loading README.md +8 −4 Original line number Diff line number Diff line Loading @@ -96,16 +96,20 @@ $ bash sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig - In order to create backups, you must configure a snapshot repository first. Run these command once inside running container: ``` $ echo "YOUR ACCESS KEY" | elasticsearch-keystore add --stdin s3.client.default.access_key $ echo "YOUR SECRET KEY" | elasticsearch-keystore add --stdin s3.client.default.secret_key $ echo "${S3_ACCESS_KEY}" | elasticsearch-keystore add --stdin s3.client.default.access_key $ echo "${S3_SECRET_KEY}" | elasticsearch-keystore add --stdin s3.client.default.secret_key $ curl -XPOST -u user:pass 'http://localhost:9200/_nodes/reload_secure_settings' $ curl -XPOST -u <user>:<pass> 'http://localhost:9200/_nodes/reload_secure_settings' // This can be run through Kibana console: // POST _nodes/reload_secure_settings $ curl -XPUT -u user:pass 'http://localhost:9200/_snapshot/s3-backup' -d '{ $ curl -XPUT -u <user>:<pass> 'http://localhost:9200/_snapshot/s3-backup' -d '{ "type": "s3", "settings": { "bucket": "redmic.elasticsearch.backup", "region": "eu-west-1" } }' // This can be run through Kibana console: // PUT _snapshot/s3-backup { ... } ``` deploy/docker-compose.es6-1.tmpl.yml +2 −0 Original line number Diff line number Diff line Loading @@ -26,6 +26,8 @@ services: - searchguard.ssl.http.pemcert_filepath=certs/node.pem - searchguard.ssl.http.pemkey_filepath=certs/node.key - searchguard.ssl.http.pemtrustedcas_filepath=certs/root-ca.pem - S3_ACCESS_KEY - S3_SECRET_KEY networks: elastic-net: aliases: Loading Loading
.gitlab-ci.yml +6 −0 Original line number Diff line number Diff line Loading @@ -85,6 +85,8 @@ deploy-supporting-branch-develop: NODE_KEY: ${DEV_NODE_1_KEY} NODE_CSR: ${DEV_NODE_1_CSR} SG_USERS: ${DEV_SG_USERS} S3_ACCESS_KEY: ${DEV_S3_ACCESS_KEY} S3_SECRET_KEY: ${DEV_S3_SECRET_KEY} script: - mkdir -p deploy/certs deploy/config - echo "${CA_PEM}" > "deploy/certs/root-ca.pem" Loading @@ -99,6 +101,7 @@ deploy-supporting-branch-develop: - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SG_ADMIN_DN=${SG_ADMIN_DN} SG_NODE_1_DN=${SG_NODE_1_DN} SG_NODE_2_DN=${SG_NODE_2_DN} SG_NODE_3_DN=${SG_NODE_3_DN} S3_ACCESS_KEY=${S3_ACCESS_KEY} S3_SECRET_KEY=${S3_SECRET_KEY} environment: name: dev only: Loading Loading @@ -130,6 +133,8 @@ deploy-stable-branch-develop: NODE_KEY: ${DEV_NODE_1_KEY} NODE_CSR: ${DEV_NODE_1_CSR} SG_USERS: ${DEV_SG_USERS} S3_ACCESS_KEY: ${DEV_S3_ACCESS_KEY} S3_SECRET_KEY: ${DEV_S3_SECRET_KEY} script: - mkdir -p deploy/certs deploy/config - echo "${CA_PEM}" > "deploy/certs/root-ca.pem" Loading @@ -144,6 +149,7 @@ deploy-stable-branch-develop: - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SG_ADMIN_DN=${SG_ADMIN_DN} SG_NODE_1_DN=${SG_NODE_1_DN} SG_NODE_2_DN=${SG_NODE_2_DN} SG_NODE_3_DN=${SG_NODE_3_DN} S3_ACCESS_KEY=${S3_ACCESS_KEY} S3_SECRET_KEY=${S3_SECRET_KEY} environment: name: dev only: Loading
README.md +8 −4 Original line number Diff line number Diff line Loading @@ -96,16 +96,20 @@ $ bash sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig - In order to create backups, you must configure a snapshot repository first. Run these command once inside running container: ``` $ echo "YOUR ACCESS KEY" | elasticsearch-keystore add --stdin s3.client.default.access_key $ echo "YOUR SECRET KEY" | elasticsearch-keystore add --stdin s3.client.default.secret_key $ echo "${S3_ACCESS_KEY}" | elasticsearch-keystore add --stdin s3.client.default.access_key $ echo "${S3_SECRET_KEY}" | elasticsearch-keystore add --stdin s3.client.default.secret_key $ curl -XPOST -u user:pass 'http://localhost:9200/_nodes/reload_secure_settings' $ curl -XPOST -u <user>:<pass> 'http://localhost:9200/_nodes/reload_secure_settings' // This can be run through Kibana console: // POST _nodes/reload_secure_settings $ curl -XPUT -u user:pass 'http://localhost:9200/_snapshot/s3-backup' -d '{ $ curl -XPUT -u <user>:<pass> 'http://localhost:9200/_snapshot/s3-backup' -d '{ "type": "s3", "settings": { "bucket": "redmic.elasticsearch.backup", "region": "eu-west-1" } }' // This can be run through Kibana console: // PUT _snapshot/s3-backup { ... } ```
deploy/docker-compose.es6-1.tmpl.yml +2 −0 Original line number Diff line number Diff line Loading @@ -26,6 +26,8 @@ services: - searchguard.ssl.http.pemcert_filepath=certs/node.pem - searchguard.ssl.http.pemkey_filepath=certs/node.key - searchguard.ssl.http.pemtrustedcas_filepath=certs/root-ca.pem - S3_ACCESS_KEY - S3_SECRET_KEY networks: elastic-net: aliases: Loading
