summaryrefslogtreecommitdiffstats
path: root/src/main/docker/elasticsearch
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/docker/elasticsearch')
-rw-r--r--src/main/docker/elasticsearch/Dockerfile26
-rw-r--r--src/main/docker/elasticsearch/bin/init_sg.sh7
-rw-r--r--src/main/docker/elasticsearch/config/ca-certs.pem32
-rw-r--r--src/main/docker/elasticsearch/config/clamp-key.pem32
-rw-r--r--src/main/docker/elasticsearch/config/clamp.pem32
-rw-r--r--src/main/docker/elasticsearch/config/elasticsearch.yml39
6 files changed, 168 insertions, 0 deletions
diff --git a/src/main/docker/elasticsearch/Dockerfile b/src/main/docker/elasticsearch/Dockerfile
new file mode 100644
index 0000000..bc2dd74
--- /dev/null
+++ b/src/main/docker/elasticsearch/Dockerfile
@@ -0,0 +1,26 @@
+<!--
+###
+# ============LICENSE_START=======================================================
+# ONAP CLAMP
+# ================================================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights
+# reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+# ===================================================================
+#
+###
+-->
+
+FROM amazon/opendistro-for-elasticsearch:1.3.0
diff --git a/src/main/docker/elasticsearch/bin/init_sg.sh b/src/main/docker/elasticsearch/bin/init_sg.sh
new file mode 100644
index 0000000..1c4e607
--- /dev/null
+++ b/src/main/docker/elasticsearch/bin/init_sg.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+plugins/search-guard-6/tools/sgadmin.sh \
+ -cd config/sg/ \
+ -ts config/sg/truststore.jks \
+ -ks config/sg/kirk-keystore.jks \
+ -nhnv \
+ -icl \ No newline at end of file
diff --git a/src/main/docker/elasticsearch/config/ca-certs.pem b/src/main/docker/elasticsearch/config/ca-certs.pem
new file mode 100644
index 0000000..70bb844
--- /dev/null
+++ b/src/main/docker/elasticsearch/config/ca-certs.pem
@@ -0,0 +1,32 @@
+Bag Attributes
+ friendlyName: CN=intermediateCA_9,OU=OSAAF,O=ONAP,C=US
+subject=C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9
+
+issuer=OU = OSAAF, O = ONAP, C = US
+
+-----BEGIN CERTIFICATE-----
+MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
+RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
+MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
+A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
+neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
+o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
+nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
+v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
+15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
+gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
+M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
+BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
+ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
+u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
+QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
+8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
+kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
+aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
+uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
+tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
+BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
+-----END CERTIFICATE-----
diff --git a/src/main/docker/elasticsearch/config/clamp-key.pem b/src/main/docker/elasticsearch/config/clamp-key.pem
new file mode 100644
index 0000000..af847d5
--- /dev/null
+++ b/src/main/docker/elasticsearch/config/clamp-key.pem
@@ -0,0 +1,32 @@
+Bag Attributes
+ friendlyName: clamp@clamp.onap.org
+ localKeyID: 54 69 6D 65 20 31 35 37 31 30 36 38 34 31 31 38 30 37
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCsuvJ9pjBqjrxI
++5TG2PTVRUob9Cx1uO3cUMzR01mxNodsSRdI3sq6Q2Nr+PenoT7edo8ujru8G79H
+BfyUWBkNe3hJikCXzDV62cwavWtGjWIsOZHczJfj8ZrtObJ/uRpeGmbosY38zUwN
+cGzT1vm2K67MPe2BazTI4JLxyGcJ0bZEZ0XGBMOup3Hqo2QOy7BaQMOTs20Ww3aB
+64h7KAqaqNnblqUOtkLCUBdp6Lxa9oBXqS4Fg+C1eZqzuixLQgmWZs2ED+wl4FZD
+DaIkN4gw4YTXhpxr82gauW3ro2sAYrJX63FqIzaj0rj/vqxYSy7fjzbsE1VPBxCH
+yUuaHxUTAgMBAAECggEABaPlHy06D4CxrUBpz0RuWjh0/wyuFvn+6l7JEWDxYNQD
+AAoy9HIx9HsW2AO9MoAVaXY9nquSfcX6LPuJD98AkmwhtWUKTuqgJG7QN19QDXG4
+bvFCTg9wNkVBZdWoens03TXHfnmtxT9+6EFvjEtMxCIRByJOixdRFe4fXj3I/40H
+p6KjzscPhRqmapB5U/lWwteONoq1A4VBoqj1Qbe1NjmNGMhhXqj/d9f6B0DPGqIA
+nIDubb1B3YNdbxE8LbY1YiQZEtjjA2uIyW0tRjZyhVVtNwSm814fyjVPp2oRpK43
+2OVBLbHZlxY5sFZwU71lWSyEAHhOL5yY1HORKUyCIQKBgQDwR8POilccu1fczDX7
+7jTHvknrtc5Pm689hOz+iZz8oib5MNHM57YMQJNauAHcUUDc8PEBrU44kJda7zVU
+8jVgeV0kvZcmDM4AGrmbBSGLhcmyqJC4wKF20K3rVFFo5exlpTDU7dwnPkMbHeGQ
+LmPzk+5BKQa81Mq+cObdJs/LpwKBgQC4B9kf+cex77OluKN9mz8D3MOEWycztDpd
+XVeM+RV4cjIMaQl91GovtQDwdy9TbKCsq+sFvqWsmQNkUlDGP2c0y4PFnJt7ahzW
+wqZ8bZgNcTNE+KqHUMEOcDGRVoQf65XRWZhjq0mJyCewPMOrdFgHTzva2QYOrZTK
+jBIWx84otQKBgQCDjidM7D1pw8EFaOGdv/wx6KO8ZFxDBfBadG71pg7H21gPU4Vq
+9OqdprWHE/wgznP/BARQcLzFB5V2+kVu7vX+jjRLK2qYMKaRNBCvKY4GQAgAw34J
+SZ6d2P+AOzgfgNN/i4RC8MB61AIV1LRtJpkfAb2O+5Fuzer7fgFI0DkxPQKBgAdq
+gYxxU2PPRg0KmMQKCosMTXC6/6RsweFbTpjmvL/C0lN/tBs3ASR1Bdmq4+RXv03W
+C72KhkCjVeioDItAqNcO0HuZKQbbKthYtb7T58m64xcHck/LqEv9p3G069QheUMb
+ejGiCG+d+kN232e8Y4O/5KiYEE9tHU7gQCZc3Oj1AoGBAI2QyoAJlM0jREsEft7c
+L+5kcV+VulyMYEFycSy6KziUKxVh+VMk5Eo6UhXo6m4x37tg/D8uK/tkeJdWw00N
+dXLsUcDEacZyF8UfRsrscmiBURu0+9S/5+ncSX6s18HHGL7n2io+PX/ie2neO7q1
+fj50Aj03dg1TrgMTx2g6e85Y
+-----END PRIVATE KEY-----
diff --git a/src/main/docker/elasticsearch/config/clamp.pem b/src/main/docker/elasticsearch/config/clamp.pem
new file mode 100644
index 0000000..22f4541
--- /dev/null
+++ b/src/main/docker/elasticsearch/config/clamp.pem
@@ -0,0 +1,32 @@
+Bag Attributes
+ friendlyName: clamp@clamp.onap.org
+ localKeyID: 54 69 6D 65 20 31 35 37 31 30 36 38 34 31 31 38 30 37
+subject=CN = clamp, emailAddress = mark.d.manager@people.osaaf.com, OU = clamp@clamp.onap.org:DEV, OU = OSAAF, O = ONAP, C = US
+
+issuer=C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9
+
+-----BEGIN CERTIFICATE-----
+MIIETDCCAzSgAwIBAgIIGF6ukzqwlGIwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
+BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
+bnRlcm1lZGlhdGVDQV85MB4XDTE5MTAxNDE1NTM0MVoXDTIwMTAxNDE1NTM0MVow
+gY8xDjAMBgNVBAMMBWNsYW1wMS4wLAYJKoZIhvcNAQkBFh9tYXJrLmQubWFuYWdl
+ckBwZW9wbGUub3NhYWYuY29tMSEwHwYDVQQLDBhjbGFtcEBjbGFtcC5vbmFwLm9y
+ZzpERVYxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJV
+UzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKy68n2mMGqOvEj7lMbY
+9NVFShv0LHW47dxQzNHTWbE2h2xJF0jeyrpDY2v496ehPt52jy6Ou7wbv0cF/JRY
+GQ17eEmKQJfMNXrZzBq9a0aNYiw5kdzMl+Pxmu05sn+5Gl4aZuixjfzNTA1wbNPW
++bYrrsw97YFrNMjgkvHIZwnRtkRnRcYEw66nceqjZA7LsFpAw5OzbRbDdoHriHso
+Cpqo2duWpQ62QsJQF2novFr2gFepLgWD4LV5mrO6LEtCCZZmzYQP7CXgVkMNoiQ3
+iDDhhNeGnGvzaBq5beujawBislfrcWojNqPSuP++rFhLLt+PNuwTVU8HEIfJS5of
+FRMCAwEAAaOB8jCB7zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB
+Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze
+81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
+MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUicMoQoxguo6qFb7YZ2gZn8X0BV4w
+OwYDVR0RBDQwMoIFY2xhbXCCHWNsYW1wLmFwaS5zaW1wbGVkZW1vLm9uYXAub3Jn
+ggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQCMDZrqzL/orHH3WoLKj/JJ
++QOt89CTYJqX5rS2TbQgX/JdjXJzJsmY21dTHxg0+AdRmAUATHBFAOg/nLEfDUOh
+NX0+OshoaTYjrI2ZH4j24UsoXzGffpjqPbLMZJ1uzxy4qTTvzeJJM1NsfKD4Er0B
+KDgN66pzywJrxOXkTQZpmkgGeB9FwmBoLFKP2XJjXXT9c9Wol8ttrSqu/sy5e6/Y
+SZLco8lXx0isxGgG5PfF9WSuikFRlC5LCmcSn9EfxQIOeGjzJQpuB8yqN/ojE8wY
+ZBhaUM/+NETQNzsh4dZxq7ErSknND60NYit8rz9lWDDrNNKVF+8iFpoTb17V8e3C
+-----END CERTIFICATE-----
diff --git a/src/main/docker/elasticsearch/config/elasticsearch.yml b/src/main/docker/elasticsearch/config/elasticsearch.yml
new file mode 100644
index 0000000..9380de5
--- /dev/null
+++ b/src/main/docker/elasticsearch/config/elasticsearch.yml
@@ -0,0 +1,39 @@
+---
+## Default Elasticsearch configuration from elasticsearch-docker.
+## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/
+#
+cluster.name: "docker-cluster"
+network.host: 0.0.0.0
+
+# # minimum_master_nodes need to be explicitly set when bound on a public IP
+# # set to 1 to allow single node clusters
+# # Details: https://github.com/elastic/elasticsearch/pull/17288
+# discovery.zen.minimum_master_nodes: 1
+
+# # Breaking change in 7.0
+# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes
+# cluster.initial_master_nodes:
+# - elasticsearch1
+# - docker-test-node-1
+######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
+# WARNING: revise all the lines below before you go into production
+opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
+opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
+opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.http.enabled: true
+opendistro_security.ssl.http.pemcert_filepath: esnode.pem
+opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
+opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.allow_unsafe_democertificates: true
+opendistro_security.allow_default_init_securityindex: true
+opendistro_security.authcz.admin_dn:
+ - CN=kirk,OU=client,O=client,L=test, C=de
+
+opendistro_security.audit.type: internal_elasticsearch
+opendistro_security.enable_snapshot_restore_privilege: true
+opendistro_security.check_snapshot_restore_write_privileges: true
+opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
+cluster.routing.allocation.disk.threshold_enabled: false
+node.max_local_storage_nodes: 3
+######## End OpenDistro for Elasticsearch Security Demo Configuration ########