Update input config and mount Graylog cert data

WIP TLS Attempt
Generate TLS certifcates
2026-01-11 05:43:15 +00:00 · 2020-03-17 11:36:17 -04:00 · 2020-03-06 16:10:34 -05:00 · 2020-03-06 13:13:26 -05:00
4 changed files with 44 additions and 5 deletions
--- a/GELFTCPInput.json
+++ b/GELFTCPInput.json
@@ -1,13 +1,20 @@
 {
-  "title": "Fluentd",
+  "title": "td-agent",
  "type": "org.graylog2.inputs.gelf.tcp.GELFTCPInput",
  "global": true,
  "configuration": {
    "bind_address": "0.0.0.0",
    "decompress_size_limit": 8388608,
-    "recv_buffer_size": 1048576,
+    "max_message_size": 2097152,
    "number_worker_threads": 4,
-    "port": 12201
+    "port": 12201,
+    "recv_buffer_size": 1048576,
+    "tcp_keepalive": false,
+    "tls_cert_file": "/usr/share/graylog/certs/rootCA.crt",
+    "tls_client_auth": "required",
+    "tls_enable": true,
+    "tls_key_file": "/usr/share/graylog/certs/rootCA.key",
+    "user_null_delimiter": true
        },
  "node": null
 }
--- a/31
+++ b/31
@@ -56,7 +56,7 @@ Vagrant.configure("2") do |config|
    yum install -y td-agent
    td-agent-gem install fluent-plugin-gelf-hs gelf
    cp /vagrant/td-agent.conf /etc/td-agent/td-agent.conf
-    mkdir /var/log/containers
+    mkdir -p /var/log/containers
    chown -R td-agent:td-agent /var/log/containers
    chmod -R 755 /var/log
    systemctl restart td-agent
@@ -80,9 +80,36 @@ Vagrant.configure("2") do |config|
    /usr/local/bin/docker-compose up -d 2> /dev/null
    cd /vagrant/wordpress
    /usr/local/bin/docker-compose up -d 2> /dev/null
-    cd /vagrant
+
+    # Create directories and ensure they are empty
+    mkdir -p /home/vagrant/certs/
+    rm -r /home/vagrant/certs/
+    mkdir -p /home/vagrant/certs/{td-agent,graylog}
+
+    # Generate Graylog's CA
+    cd /home/vagrant/certs
+    openssl genrsa -out graylog/rootCA.key 4096 2> /dev/null
+    openssl req -x509 -new -nodes -key graylog/rootCA.key -sha256 -days 1024 \
+        -out graylog/rootCA.crt -subj "/C=US/ST=GA/O=MyOrg/CN=localhost" \
+        2> /dev/null
+
+    # Generate td-agent's keys
+    openssl genrsa -out td-agent/td-agent.key 4096 2> /dev/null
+    openssl req -new -sha256 -key td-agent/td-agent.key \
+        -subj "/C=US/ST=GA/O=MyOrg/CN=localhost" -out td-agent/td-agent.csr \
+        2> /dev/null
+
+    # Sign td-agent's keys
+    openssl x509 -req -in td-agent/td-agent.csr -CA graylog/rootCA.crt \
+        -CAkey graylog/rootCA.key -CAcreateserial -days 1024 -sha256 \
+        -out td-agent/td-agent-signed.crt 2> /dev/null
+
+    # Fix permissions
+    chown -R vagrant:vagrant /home/vagrant/
+    chown -R 1100:1100 /home/vagrant/certs/graylog

    # Wait 120 seconds for Graylog to come online
+    cd /vagrant
    SECONDS=0
    while true
    do
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -59,6 +59,8 @@ services:
      - "traefik.http.services.graylog.loadbalancer.server.port=9000"
      - "traefik.docker.network=vagrant_traefik-net"
      - "traefik.enable=true"
+    volumes:
+      - /home/vagrant/certs/graylog:/usr/share/graylog/certs
    networks:
      - graylog
      - traefik-net
--- a/td-agent.conf
+++ b/td-agent.conf
@@ -45,5 +45,8 @@
  protocol tcp
  host localhost
  port 12201
+  tls true
+  tls_options {"cert":"/home/vagrant/certs/td-agent/td-agent-signed.crt",
+               "key":"/home/vagrant/certs/td-agent/td-agent.key"}
  flush_interval 5s
 </match>
Author	SHA1	Message	Date
Kris Lamoureux	1f7ac784fb	Update input config and mount Graylog cert data	2020-03-17 11:36:17 -04:00
Kris Lamoureux	bf200877c9	WIP TLS Attempt	2020-03-06 16:10:34 -05:00
Kris Lamoureux	be375719fd	Generate TLS certifcates	2020-03-06 13:13:26 -05:00