kris/graylog_demo
1
0
Fork 0
mirror of https://github.com/krislamo/graylog_demo synced 2024-12-16 06:50:35 +00:00
Code Issues Releases Wiki Activity

Create and sign TLS certs

Browse Source
This commit is contained in:
Kris Lamoureux 2020-03-02 11:51:51 -05:00
parent 79e77b860e
commit ec3eaebf35
Signed by: kris
GPG Key ID: A30022791E1719A4
3 changed files with 45 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
.vagrant
pki

38
Vagrantfile vendored
View File

@ -62,6 +62,11 @@ Vagrant.configure("2") do |config|
# Start compose services and add default input
config.vm.provision "shell", inline: <<-SHELL
# Remove old keys and create directories
mkdir -p /vagrant/pki
rm -r /vagrant/pki/*
mkdir -p /vagrant/pki/{fluentd,graylog}
# Bring up containers
cd /vagrant
/usr/local/bin/docker-compose up -d 2> /dev/null
@ -70,6 +75,7 @@ Vagrant.configure("2") do |config|
cd /vagrant
# Wait 120 seconds for Graylog to come online
INSTALL_INPUT=0
SECONDS=0
while true
do
@ -79,17 +85,18 @@ Vagrant.configure("2") do |config|
if [[ "$GRAYLOG_STATE" == "healthy" ]]; then
echo "Graylog is available."
INSTALL_INPUT=1
sleep 5
break
elif [[ "$GRAYLOG_STATE" != "starting" ]]; then
echo "Something is wrong with Graylog. Aborting."
exit 1
break
elif [[ $SECONDS -le 120 ]]; then
echo "Waiting for Graylog ($SECONDS/120 seconds)"
sleep 10
else
echo "Waiting on Graylog timed out. Aborting."
exit 1
break
fi
done
@ -106,17 +113,42 @@ Vagrant.configure("2") do |config|
for TYPE in $INPUT_TYPES; do
if [[ "$TYPE" == "org.graylog2.inputs.gelf.tcp.GELFTCPInput" ]]; then
echo "Found GELF TCP input in Graylog, aborting input installation."
exit
INPUT_INSTALL=1
break
fi
done
# Install GELF TCP Input
if [[ $INSTALL_INPUT -eq 1 ]]; then
echo "Installing GELF TCP input"
curl -i -s -X POST \
-H "Content-Type: application/json" \
-H "X-Requested-By: cli" \
-u admin:admin \
"http://graylog.172.28.128.30.xip.io:8080/api/system/inputs" \
-d @GELFTCPInput.json
fi
# Generate and install TLS keys
cd /vagrant/pki
# Generate Graylog's CA
openssl genrsa -out rootCA.key 4096 2> /dev/null
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 \
-out rootCA.crt -subj "/C=US/ST=GA/O=MyOrg/CN=localhost" 2> /dev/null
# Generate Fluentd's keys
openssl genrsa -out fluentd.key 4096 2> /dev/null
openssl req -new -sha256 -key fluentd.key \
-subj "/C=US/ST=GA/O=MyOrg/CN=localhost" -out fluentd.csr 2> /dev/null
# Sign Fluentd's certificate
openssl x509 -req -in fluentd.csr -CA rootCA.crt -CAkey rootCA.key \
-CAcreateserial -out fluentd-signed.crt -days 500 -sha256 2> /dev/null
mv fluentd*.* fluentd/
mv root*.* graylog/
SHELL
end

3
docker-compose.yml
View File

@ -30,6 +30,7 @@ services:
restart: always
volumes:
- /var/log:/var/log/hostlogs
- /vagrant/pki/fluentd:/fluentd/etc/pki
networks:
- graylog
ports:
@ -88,6 +89,8 @@ services:
- 12201:12201
# GELF UDP
- 12201:12201/udp
volumes:
- /vagrant/pki/graylog:/usr/share/graylog/pki
networks:
traefik-net: