forked from ao1024/search-guard-ssl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Vagrantfile
112 lines (97 loc) · 4.31 KB
/
Vagrantfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#########
# No magic here, we just install java and openssl
#########
$script = <<SCRIPT
#!/bin/sh
export ES_VERSION=2.3.5
export SG_VERSION=2.3.5.15
export NETTY_NATIVE_VERSION=1.1.33.Fork17
export NETTY_NATIVE_CLASSIFIER=linux-x86_64
export ES_CONF_DIR=/etc/elasticsearch
export ES_BIN_DIR=/usr/share/elasticsearch/bin
export ES_PLUGIN_DIR=/usr/share/elasticsearch/plugins
export DEBIAN_FRONTEND=noninteractive
echo "Update packages"
sudo killall -9 java > /dev/null 2>&1
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - > /dev/null 2>&1
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list > /dev/null 2>&1
sudo apt-get -yqq update > /dev/null 2>&1
#echo "Install guest additions"
#sudo apt-get -yqq install virtualbox-guest-additions-iso > /dev/null 2>&1
echo "Prepare Java installation"
echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | sudo /usr/bin/debconf-set-selections > /dev/null 2>&1
sudo apt-get -yqq install curl software-properties-common > /dev/null 2>&1
sudo add-apt-repository -y ppa:webupd8team/java > /dev/null 2>&1
sudo apt-get -yqq update > /dev/null 2>&1
echo "Install Oracle Java 8, libapr1 and openssl"
sudo apt-get -yqq install haveged libapr1 openssl wget git oracle-java8-installer oracle-java8-unlimited-jce-policy > /dev/null 2>&1
#sudo apt-get -yqq install autoconf libtool libssl-dev libkrb5-dev python-dev python-pip haveged openssl wget git oracle-java8-installer oracle-java8-unlimited-jce-policy > /dev/null 2>&1
#sudo apt-get install -q -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" krb5-user > /dev/null 2>&1
# entropy generator
#haveged -w 1024 > /dev/null 2>&1
#########
# Install elasticsearch (from official repo)
# https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-repositories.html
#########
echo "Install Elasticsearch"
sudo apt-get install -yqq elasticsearch=$ES_VERSION > /dev/null 2>&1
#########
# Setup search Guard SSL
#########
echo "Setup search Guard SSL"
#su -c "/vagrant/demo/setup_sg.sh" vagrant
/vagrant/demo/setup_sg.sh
echo "Start Elasticsearch"
/etc/init.d/elasticsearch restart
IP=$(hostname -I | cut -f2 -d' ')
while ! nc -z $IP 9200; do
sleep 0.1 # wait for 1/10 of the second before check again
done
curl -Ss --insecure https://$IP:9200/_cluster/health?pretty
curl -Ss --insecure https://$IP:9200/_searchguard/sslinfo?pretty
SCRIPT
#End inline script
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.provision :hosts do |prov|
prov.add_host '10.0.3.111', ['es1']
prov.add_host '10.0.3.112', ['es2']
prov.add_host '10.0.3.113', ['es3']
end
config.vm.define "es1" do |es1|
es1.vm.box = "ubuntu/trusty64"
es1.vm.hostname = "es1"
es1.vm.network "private_network", ip: "10.0.3.111"
es1.vm.provision "shell", inline: 'echo "export SSLNAME=node-0-keystore.jks" >> ~/.profile'
es1.vm.provision "shell", inline: 'echo "export OPENSSL=true" >> ~/.profile'
es1.vm.provision "shell", inline: $script
es1.vm.provider "virtualbox" do |v|
v.memory = 768
v.cpus = 2
end
end
config.vm.define "es2" do |es2|
es2.vm.box = "ubuntu/trusty64"
es2.vm.hostname = "es2"
es2.vm.network "private_network", ip: "10.0.3.112"
es2.vm.provision "shell", inline: 'echo "export SSLNAME=node-1-keystore.jks" >> ~/.profile'
es2.vm.provision "shell", inline: 'echo "export OPENSSL=true" >> ~/.profile'
es2.vm.provision "shell", inline: $script
es2.vm.provider "virtualbox" do |v|
v.memory = 768
v.cpus = 2
end
end
config.vm.define "es3" do |es3|
es3.vm.box = "ubuntu/trusty64"
es3.vm.hostname = "es3"
es3.vm.network "private_network", ip: "10.0.3.113"
es3.vm.provision "shell", inline: 'echo "export SSLNAME=node-2-keystore.jks" >> ~/.profile'
es3.vm.provision "shell", inline: 'echo "export OPENSSL=false" >> ~/.profile'
es3.vm.provision "shell", inline: $script
es3.vm.provider "virtualbox" do |v|
v.memory = 768
v.cpus = 2
end
end
end