mirror of
https://github.com/krislamo/graylog_demo
synced 2024-12-16 15:00:36 +00:00
Create and sign TLS certs
This commit is contained in:
parent
79e77b860e
commit
ec3eaebf35
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
|||||||
.vagrant
|
.vagrant
|
||||||
|
pki
|
||||||
|
38
Vagrantfile
vendored
38
Vagrantfile
vendored
@ -62,6 +62,11 @@ Vagrant.configure("2") do |config|
|
|||||||
|
|
||||||
# Start compose services and add default input
|
# Start compose services and add default input
|
||||||
config.vm.provision "shell", inline: <<-SHELL
|
config.vm.provision "shell", inline: <<-SHELL
|
||||||
|
# Remove old keys and create directories
|
||||||
|
mkdir -p /vagrant/pki
|
||||||
|
rm -r /vagrant/pki/*
|
||||||
|
mkdir -p /vagrant/pki/{fluentd,graylog}
|
||||||
|
|
||||||
# Bring up containers
|
# Bring up containers
|
||||||
cd /vagrant
|
cd /vagrant
|
||||||
/usr/local/bin/docker-compose up -d 2> /dev/null
|
/usr/local/bin/docker-compose up -d 2> /dev/null
|
||||||
@ -70,6 +75,7 @@ Vagrant.configure("2") do |config|
|
|||||||
cd /vagrant
|
cd /vagrant
|
||||||
|
|
||||||
# Wait 120 seconds for Graylog to come online
|
# Wait 120 seconds for Graylog to come online
|
||||||
|
INSTALL_INPUT=0
|
||||||
SECONDS=0
|
SECONDS=0
|
||||||
while true
|
while true
|
||||||
do
|
do
|
||||||
@ -79,17 +85,18 @@ Vagrant.configure("2") do |config|
|
|||||||
|
|
||||||
if [[ "$GRAYLOG_STATE" == "healthy" ]]; then
|
if [[ "$GRAYLOG_STATE" == "healthy" ]]; then
|
||||||
echo "Graylog is available."
|
echo "Graylog is available."
|
||||||
|
INSTALL_INPUT=1
|
||||||
sleep 5
|
sleep 5
|
||||||
break
|
break
|
||||||
elif [[ "$GRAYLOG_STATE" != "starting" ]]; then
|
elif [[ "$GRAYLOG_STATE" != "starting" ]]; then
|
||||||
echo "Something is wrong with Graylog. Aborting."
|
echo "Something is wrong with Graylog. Aborting."
|
||||||
exit 1
|
break
|
||||||
elif [[ $SECONDS -le 120 ]]; then
|
elif [[ $SECONDS -le 120 ]]; then
|
||||||
echo "Waiting for Graylog ($SECONDS/120 seconds)"
|
echo "Waiting for Graylog ($SECONDS/120 seconds)"
|
||||||
sleep 10
|
sleep 10
|
||||||
else
|
else
|
||||||
echo "Waiting on Graylog timed out. Aborting."
|
echo "Waiting on Graylog timed out. Aborting."
|
||||||
exit 1
|
break
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
@ -106,17 +113,42 @@ Vagrant.configure("2") do |config|
|
|||||||
for TYPE in $INPUT_TYPES; do
|
for TYPE in $INPUT_TYPES; do
|
||||||
if [[ "$TYPE" == "org.graylog2.inputs.gelf.tcp.GELFTCPInput" ]]; then
|
if [[ "$TYPE" == "org.graylog2.inputs.gelf.tcp.GELFTCPInput" ]]; then
|
||||||
echo "Found GELF TCP input in Graylog, aborting input installation."
|
echo "Found GELF TCP input in Graylog, aborting input installation."
|
||||||
exit
|
INPUT_INSTALL=1
|
||||||
|
break
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
# Install GELF TCP Input
|
# Install GELF TCP Input
|
||||||
|
if [[ $INSTALL_INPUT -eq 1 ]]; then
|
||||||
|
echo "Installing GELF TCP input"
|
||||||
curl -i -s -X POST \
|
curl -i -s -X POST \
|
||||||
-H "Content-Type: application/json" \
|
-H "Content-Type: application/json" \
|
||||||
-H "X-Requested-By: cli" \
|
-H "X-Requested-By: cli" \
|
||||||
-u admin:admin \
|
-u admin:admin \
|
||||||
"http://graylog.172.28.128.30.xip.io:8080/api/system/inputs" \
|
"http://graylog.172.28.128.30.xip.io:8080/api/system/inputs" \
|
||||||
-d @GELFTCPInput.json
|
-d @GELFTCPInput.json
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Generate and install TLS keys
|
||||||
|
cd /vagrant/pki
|
||||||
|
|
||||||
|
# Generate Graylog's CA
|
||||||
|
openssl genrsa -out rootCA.key 4096 2> /dev/null
|
||||||
|
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 \
|
||||||
|
-out rootCA.crt -subj "/C=US/ST=GA/O=MyOrg/CN=localhost" 2> /dev/null
|
||||||
|
|
||||||
|
# Generate Fluentd's keys
|
||||||
|
openssl genrsa -out fluentd.key 4096 2> /dev/null
|
||||||
|
openssl req -new -sha256 -key fluentd.key \
|
||||||
|
-subj "/C=US/ST=GA/O=MyOrg/CN=localhost" -out fluentd.csr 2> /dev/null
|
||||||
|
|
||||||
|
# Sign Fluentd's certificate
|
||||||
|
openssl x509 -req -in fluentd.csr -CA rootCA.crt -CAkey rootCA.key \
|
||||||
|
-CAcreateserial -out fluentd-signed.crt -days 500 -sha256 2> /dev/null
|
||||||
|
|
||||||
|
mv fluentd*.* fluentd/
|
||||||
|
mv root*.* graylog/
|
||||||
|
|
||||||
SHELL
|
SHELL
|
||||||
|
|
||||||
end
|
end
|
||||||
|
@ -30,6 +30,7 @@ services:
|
|||||||
restart: always
|
restart: always
|
||||||
volumes:
|
volumes:
|
||||||
- /var/log:/var/log/hostlogs
|
- /var/log:/var/log/hostlogs
|
||||||
|
- /vagrant/pki/fluentd:/fluentd/etc/pki
|
||||||
networks:
|
networks:
|
||||||
- graylog
|
- graylog
|
||||||
ports:
|
ports:
|
||||||
@ -88,6 +89,8 @@ services:
|
|||||||
- 12201:12201
|
- 12201:12201
|
||||||
# GELF UDP
|
# GELF UDP
|
||||||
- 12201:12201/udp
|
- 12201:12201/udp
|
||||||
|
volumes:
|
||||||
|
- /vagrant/pki/graylog:/usr/share/graylog/pki
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
traefik-net:
|
traefik-net:
|
||||||
|
Loading…
Reference in New Issue
Block a user