Update kibana.config state, support tls configuration (#34)

2024-11-06 02:15:20 +00:00 · 2019-10-14 15:30:46 +03:00 · 2019-10-14 15:30:46 +03:00 · 56f9e4bafb
commit 56f9e4bafb
parent 6ad0d21de9
3 changed files with 39 additions and 15 deletions
--- a/sls/filebeat/config.sls
+++ b/sls/filebeat/config.sls
@ -4,12 +4,12 @@ from salt.utils import dictupdate
 import yaml
 import json

-File.directory('/etc/filebeat/', create=True, mode=755, user='root', group='root')
-
 fqdn = grains('fqdn')
 fqdn_ipv6 = grains('fqdn_ipv6')
 conf_path = '/etc/filebeat/'

+File.directory(conf_path, create=True, mode=755, user='root', group='root')
+
 tls = pillar('filebeat:tls', {})

 # defaults
@ -37,7 +37,6 @@ config = {
 elastic_template = pillar('template', False)
 config['filebeat']['inputs'] = pillar('filebeat:inputs')
 config['output'] = pillar('filebeat:output')
-dictupdate.update(config, pillar('filebeat:config', {}))

 if elastic_template:
  File.managed(
@ -64,6 +63,8 @@ for out in config['output'].keys():
        path, mode=600, user='root', group='root',
        contents=contents, require=[File(conf_path)])

+dictupdate.update(config, pillar('filebeat:config', {}))
+
 File.managed(
  conf_path + 'filebeat.yml',
  mode=640, user='root', group='root',
--- a/sls/filebeat/init.sls
+++ b/sls/filebeat/init.sls
@ -2,7 +2,7 @@
 {% set tls = salt.pillar.get('filebeat:tls', {}) %}
 include:
  - .pkg
-  - .conf
+  - .config
  - .service

 extend:
--- a/sls/kibana/config.sls
+++ b/sls/kibana/config.sls
@ -1,14 +1,15 @@
-#!pydsl
+#!pyobjects
 # -*- mode: python -*-
 from salt.utils import dictupdate
 import yaml

-state('/etc/kibana').file.directory(
-  create=True, mode=755, user='root', group='root')
+fqdn = grains('fqdn')
+fqdn_ipv6 = grains('fqdn_ipv6')
+conf_path = '/etc/kibana/'

-fqdn = __salt__['grains.get']('fqdn')
-fqdn_ipv6 = __salt__['grains.get']('fqdn_ipv6')
+File.directory(conf_path, create=True, mode=755, user='root', group='root')

+tls = pillar('kibana:tls', {})

 # defaults
 config = {
@ -18,19 +19,41 @@ config = {
    'basePath': '',
  },
  'elasticsearch': {
-    'url': "http://localhost:9200",
+    'hosts': [
+      ('https://' if tls else 'http://') + fqdn + ":9200"],
    'preserveHost': True,
  },
  'kibana': {
    'index': ".kibana",
  },
  'logging': {
-    'dest': '/var/log/kibana/kibana.log',
+    'dest': '/var/log/kibana/kibana.json',
+    'json': True, 'verbose': False
  },
 }

-dictupdate.update(config, __pillar__['kibana']['config'])
+out = 'elasticsearch'
+if out in tls.keys():
+  out_ssl = {
+    'alwaysPresentCertificate': False,
+    'verificationMode': 'certificate',
+  }
+  config[out]['ssl'] = out_ssl
+  for pemtype in ('cert', 'key', 'ca'):
+    contents = tls[out].get(pemtype, tls.get(pemtype, ''))
+    path = conf_path + out + '-' + pemtype + '.pem'
+    if contents:
+      if pemtype == 'cert': out_ssl['certificate'] = path
+      if pemtype == 'key': out_ssl['key'] = path
+      if pemtype == 'ca': out_ssl['certificateAuthorities'] = [path]
+    File.managed(
+      path, mode=600, user='root', group='root',
+      contents=contents, require=[File(conf_path)])

-state('/etc/kibana/kibana.yml').file.managed(
-  mode=644, user='root', group='root',
-  contents="# This file is generated by Salt\n" + yaml.dump(config))
+dictupdate.update(config, pillar('kibana:config', {}))
+
+File.managed(
+  conf_path + 'kibana.yml',
+  mode=640, user='root', group='root',
+  contents="# This file is generated by Salt\n" + yaml.dump(config),
+  require=[File(conf_path)])