From 2902ccb5f08c675b7a6af41c8b41b4474d17fa4e Mon Sep 17 00:00:00 2001 From: c-a-m Date: Mon, 24 Nov 2014 16:11:30 -0700 Subject: [PATCH] Updates the esvm files to esvm 0.0.10, and latest shield format This moves the esvm files into dev-tools and collapses the settings with "." This will require the latest version of esvm 0.0.10. It combines the ldap and ad config into the same file. Added readme to dev-tools/esvm Original commit: elastic/x-pack-elasticsearch@dab9fa643df0d4d34a99b734b6dbc4e083ee8c91 --- .esvmrc | 41 ---------- .esvmrc_active_dir | 49 ------------ .esvmrc_open_ldap | 47 ----------- .../.esvm-shield-config}/role_mapping.yml | 0 .../esvm/.esvm-shield-config}/roles.yml | 0 .../esvm/.esvm-shield-config}/system_key | 0 .../esvm/.esvm-shield-config}/users | 0 .../esvm/.esvm-shield-config}/users_roles | 0 dev-tools/esvm/.esvmrc | 77 +++++++++++++++++++ dev-tools/esvm/readme.txt | 26 +++++++ 10 files changed, 103 insertions(+), 137 deletions(-) delete mode 100644 .esvmrc delete mode 100644 .esvmrc_active_dir delete mode 100644 .esvmrc_open_ldap rename {.esvm-shield-config => dev-tools/esvm/.esvm-shield-config}/role_mapping.yml (100%) rename {.esvm-shield-config => dev-tools/esvm/.esvm-shield-config}/roles.yml (100%) rename {.esvm-shield-config => dev-tools/esvm/.esvm-shield-config}/system_key (100%) rename {.esvm-shield-config => dev-tools/esvm/.esvm-shield-config}/users (100%) rename {.esvm-shield-config => dev-tools/esvm/.esvm-shield-config}/users_roles (100%) create mode 100644 dev-tools/esvm/.esvmrc create mode 100644 dev-tools/esvm/readme.txt diff --git a/.esvmrc b/.esvmrc deleted file mode 100644 index e428a228515..00000000000 --- a/.esvmrc +++ /dev/null @@ -1,41 +0,0 @@ -{ - "defaults": { - "plugins": [ "lmenezes/elasticsearch-kopf", { "name": "shield", "path" : "file:./target/releases/elasticsearch-shield-1.0.0-SNAPSHOT.zip" } ], - "config" : { - "cluster": { "name": "shield" }, - "indices.store.throttle.max_bytes_per_sec": "100mb", - "discovery" : { - "type" : "zen", - "zen.ping.multicast.enabled": false, - "zen.ping.unicast.hosts" : [ "localhost:9300", "localhost:9301" ] - }, - "shield" : { - "enabled" : true, - "system_key.file": ".esvm-shield-config/system_key", - "audit.enabled" : false, - "transport.ssl": true, - "http.ssl": true, - "ssl" : { - "keystore" : "src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", - "keystore_password" : "testnode" - }, - "authc": { - "esusers.files" : { - "users" : ".esvm-shield-config/users", - "users_roles" : ".esvm-shield-config/users_roles" - } - }, - "authz.store.files.roles" : ".esvm-shield-config/roles.yml" - } - } - }, - "clusters": { - "shield": { - "version": "1.4", - "nodes": [ - { "node": { "name": "node01" } }, - { "node": { "name": "node02" } } - ] - } - } -} diff --git a/.esvmrc_active_dir b/.esvmrc_active_dir deleted file mode 100644 index a6ee25cce35..00000000000 --- a/.esvmrc_active_dir +++ /dev/null @@ -1,49 +0,0 @@ -{ - "defaults": { - "plugins": [ "lmenezes/elasticsearch-kopf", { "name": "shield", "path" : "file:./target/releases/elasticsearch-shield-1.0.0-SNAPSHOT.zip" } ], - "config" : { - "cluster": { "name": "shield" }, - "indices.store.throttle.max_bytes_per_sec": "100mb", - "discovery" : { - "type" : "zen", - "zen.ping.multicast.enabled": false, - "zen.ping.unicast.hosts" : [ "localhost:9300", "localhost:9301" ] - }, - "shield" : { - "enabled" : true, - "system_key.file": ".esvm-shield-config/system_key", - "audit.enabled" : false, - "transport.ssl": true, - "http.ssl": true, - "ssl" : { - "keystore" : "src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", - "keystore_password" : "testnode" - }, - "authc": { - "esusers.files" : { - "users" : ".esvm-shield-config/users", - "users_roles" : ".esvm-shield-config/users_roles" - }, - "active_directory" : { - "domain_name" : "ad.test.elasticsearch.com", - "url" : "ldaps://ad.test.elasticsearch.com:636", - "unmapped_groups_as_roles" : "false", - "files" : { - "role_mapping": ".esvm-shield-config/role_mapping.yml" - } - } - }, - "authz.store.files.roles" : ".esvm-shield-config/roles.yml" - } - } - }, - "clusters": { - "shield": { - "version": "1.4", - "nodes": [ - { "node": { "name": "node01" } }, - { "node": { "name": "node02" } } - ] - } - } -} diff --git a/.esvmrc_open_ldap b/.esvmrc_open_ldap deleted file mode 100644 index d69b1e6fa5e..00000000000 --- a/.esvmrc_open_ldap +++ /dev/null @@ -1,47 +0,0 @@ -{ - "defaults": { - "plugins": [ "lmenezes/elasticsearch-kopf", { "name": "shield", "path" : "file:./target/releases/elasticsearch-shield-1.0.0-SNAPSHOT.zip" } ], - "config" : { - "cluster": { "name": "shield" }, - "indices.store.throttle.max_bytes_per_sec": "100mb", - "discovery" : { - "type" : "zen", - "zen.ping.multicast.enabled": false, - "zen.ping.unicast.hosts" : [ "localhost:9300", "localhost:9301" ] - }, - "shield" : { - "enabled" : true, - "system_key.file": ".esvm-shield-config/system_key", - "audit.enabled" : false, - "transport.ssl": true, - "http.ssl": true, - "ssl" : { - "keystore" : "src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", - "keystore_password" : "testnode" - }, - "authc": { - "ldap" : { - "url" : "ldaps://54.200.235.244:636", - "user_dn_templates": ["uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"], - "group_search.group_search_dn" : "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com", - "group_search.subtree_search" : false, - "unmapped_groups_as_roles" : "false", - "files" : { - "role_mapping": ".esvm-shield-config/role_mapping.yml" - } - } - }, - "authz.store.files.roles" : ".esvm-shield-config/roles.yml" - } - } - }, - "clusters": { - "shield": { - "version": "1.4", - "nodes": [ - { "node": { "name": "node01" } }, - { "node": { "name": "node02" } } - ] - } - } -} diff --git a/.esvm-shield-config/role_mapping.yml b/dev-tools/esvm/.esvm-shield-config/role_mapping.yml similarity index 100% rename from .esvm-shield-config/role_mapping.yml rename to dev-tools/esvm/.esvm-shield-config/role_mapping.yml diff --git a/.esvm-shield-config/roles.yml b/dev-tools/esvm/.esvm-shield-config/roles.yml similarity index 100% rename from .esvm-shield-config/roles.yml rename to dev-tools/esvm/.esvm-shield-config/roles.yml diff --git a/.esvm-shield-config/system_key b/dev-tools/esvm/.esvm-shield-config/system_key similarity index 100% rename from .esvm-shield-config/system_key rename to dev-tools/esvm/.esvm-shield-config/system_key diff --git a/.esvm-shield-config/users b/dev-tools/esvm/.esvm-shield-config/users similarity index 100% rename from .esvm-shield-config/users rename to dev-tools/esvm/.esvm-shield-config/users diff --git a/.esvm-shield-config/users_roles b/dev-tools/esvm/.esvm-shield-config/users_roles similarity index 100% rename from .esvm-shield-config/users_roles rename to dev-tools/esvm/.esvm-shield-config/users_roles diff --git a/dev-tools/esvm/.esvmrc b/dev-tools/esvm/.esvmrc new file mode 100644 index 00000000000..5ab0373086c --- /dev/null +++ b/dev-tools/esvm/.esvmrc @@ -0,0 +1,77 @@ +{ + "defaults": { + "plugins": [ + "lmenezes/elasticsearch-kopf", + { "name": "shield", "path" : "file:../../target/releases/elasticsearch-shield-1.0.0-SNAPSHOT.zip" }, + { "name": "license", "path" : "file:/Users//.m2/repository/org/elasticsearch/elasticsearch-license-plugin/1.0.0-beta1/elasticsearch-license-plugin-1.0.0-beta1.jar" } + ], + "config" : { + "cluster.name": "shield", + "indices.store.throttle.max_bytes_per_sec": "100mb", + "discovery": { + "type": "zen", + "zen.ping" : { + "multicast.enabled": false, + "unicast.hosts": [ "localhost:9300", "localhost:9301" ] + } + }, + "shield": { + "enabled": true, + "system_key.file": ".esvm-shield-config/system_key", + "audit.enabled": true, + "transport.ssl": true, + "http.ssl": true, + "ssl.keystore": { + "path": "../../src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks", + "password": "testnode" + }, + "authc.realms" : { + "esusers": { + "type" : "esusers", + "order" : 0, + "files" : { + "users" : ".esvm-shield-config/users", + "users_roles" : ".esvm-shield-config/users_roles" + } + } + }, + "authz.store.files.roles" : ".esvm-shield-config/roles.yml" + } + } + }, + "clusters": { + "shield": { + "version": "1.4" + }, + "oldap": { + "version": "1.4", + "config": { + "shield.authc.realms.oldap": { + "type": "ldap", + "order": 1, + "url": "ldaps://54.200.235.244:636", + "user_dn_templates": ["uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"], + "group_search.group_search_dn": "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com", + "group_search.subtree_search": false, + "unmapped_groups_as_roles": "false", + "files": { + "role_mapping": ".esvm-shield-config/role_mapping.yml" + } + } + } + }, + "ad": { + "version": "1.4", + "config": { + "shield.authc.realms.ad": { + "type": "active_directory", + "order": 1, + "domain_name": "ad.test.elasticsearch.com", + "url": "ldaps://ad.test.elasticsearch.com:636", + "unmapped_groups_as_roles": "false", + "files": {"role_mapping": ".esvm-shield-config/role_mapping.yml"} + } + } + } + } +} diff --git a/dev-tools/esvm/readme.txt b/dev-tools/esvm/readme.txt new file mode 100644 index 00000000000..3460871b88a --- /dev/null +++ b/dev-tools/esvm/readme.txt @@ -0,0 +1,26 @@ +Running ESVM with Shield + +Upgrade/Install: +npm install esvm -g + +Running: +1) cd to elasticsearch-shield/dev-tools/esvm +2) modify the elasticsearch-license plugin directory in .esvmrc file +3-a) For native users +./esvm +3-b) For openldap users +esvm oldap +3-c) For active directory users +esvm ad + +Users and roles are stored in .esvm-shield-config + +Troubleshooting: +- elasticsearch is installed under ~/.esvm/ +- turn on debug in ~/.esvm/1.4.1/config/logging.yml +- esvm --fresh will reinstall ES +- plugins will not re-install, you can remove them manually by ~/.esvm/1.4.1/bin/plugin --remove shield +- errors during startup will not show up. If esvm fails startup look in ~/.esvm/1.4.1/logs/* + + +