summaryrefslogtreecommitdiffstats
path: root/src/main/docker/logstash
diff options
context:
space:
mode:
authorosgn422w <gervais-martial.ngueko@intl.att.com>2020-02-03 17:08:11 +0100
committerosgn422w <gervais-martial.ngueko@intl.att.com>2020-02-03 17:08:11 +0100
commitb15dad0600c4888da658448b89e41d7f18262716 (patch)
treecd2492abe5b81f8977339aa02f2e7186d91aff9c /src/main/docker/logstash
parent4abf1c966abcecfd42bcaaceeae6d2c197c69df3 (diff)
correct security settings
correct and adjust the security settings Issue-ID: CLAMP-483 Change-Id: Id94672580ade132a7ff16241f44d8a4403b49383 Signed-off-by: osgn422w <gervais-martial.ngueko@intl.att.com>
Diffstat (limited to 'src/main/docker/logstash')
-rw-r--r--src/main/docker/logstash/Dockerfile5
-rw-r--r--src/main/docker/logstash/clamp-cert/ca-certs.pem32
-rw-r--r--src/main/docker/logstash/pipeline/logstash.conf9
3 files changed, 45 insertions, 1 deletions
diff --git a/src/main/docker/logstash/Dockerfile b/src/main/docker/logstash/Dockerfile
index 762479c..8d26473 100644
--- a/src/main/docker/logstash/Dockerfile
+++ b/src/main/docker/logstash/Dockerfile
@@ -28,7 +28,10 @@ LABEL Description="Logstash image with some plugins needed for the clamp dashboa
# Default aaf certificates
COPY certs /certs.d/
-# remove default pipeline first
+# Default clamp certificates for ES communication
+COPY clamp-cert /clamp-cert/
+
+# remove/replace default pipeline first
COPY pipeline/logstash.conf /usr/share/logstash/pipeline/logstash.conf
# add plugins needed by aggregation part of the pipeline
diff --git a/src/main/docker/logstash/clamp-cert/ca-certs.pem b/src/main/docker/logstash/clamp-cert/ca-certs.pem
new file mode 100644
index 0000000..70bb844
--- /dev/null
+++ b/src/main/docker/logstash/clamp-cert/ca-certs.pem
@@ -0,0 +1,32 @@
+Bag Attributes
+ friendlyName: CN=intermediateCA_9,OU=OSAAF,O=ONAP,C=US
+subject=C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9
+
+issuer=OU = OSAAF, O = ONAP, C = US
+
+-----BEGIN CERTIFICATE-----
+MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
+RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
+MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
+A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
+neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
+o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
+nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
+v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
+15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
+gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
+M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
+BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
+ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
+u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
+QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
+8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
+kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
+aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
+uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
+tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
+BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
+-----END CERTIFICATE-----
diff --git a/src/main/docker/logstash/pipeline/logstash.conf b/src/main/docker/logstash/pipeline/logstash.conf
index 5c1d47d..24c8c9f 100644
--- a/src/main/docker/logstash/pipeline/logstash.conf
+++ b/src/main/docker/logstash/pipeline/logstash.conf
@@ -237,6 +237,9 @@ output {
if "error" in [tags] {
elasticsearch {
codec => "json"
+ ssl => true
+ cacert => "/clamp-cert/ca-certs.pem"
+ ssl_certificate_verification => false
hosts => ["${elasticsearch_base_url}"]
user => "${LOGSTASH_USR}"
password => "${LOGSTASH_PWD}"
@@ -247,6 +250,9 @@ output {
} else if "event-cl-aggs" in [tags] {
elasticsearch {
codec => "json"
+ ssl => true
+ cacert => "/clamp-cert/ca-certs.pem"
+ ssl_certificate_verification => false
hosts => ["${elasticsearch_base_url}"]
user => "${LOGSTASH_USR}"
password => "${LOGSTASH_PWD}"
@@ -259,6 +265,9 @@ output {
} else {
elasticsearch {
codec => "json"
+ ssl => true
+ cacert => "/clamp-cert/ca-certs.pem"
+ ssl_certificate_verification => false
hosts => ["${elasticsearch_base_url}"]
user => "${LOGSTASH_USR}"
password => "${LOGSTASH_PWD}"