Updates the esvm files to esvm 0.0.10, and latest shield format
This moves the esvm files into dev-tools and collapses the settings with "." This will require the latest version of esvm 0.0.10. It combines the ldap and ad config into the same file. Added readme to dev-tools/esvm Original commit: elastic/x-pack-elasticsearch@dab9fa643d
This commit is contained in:
parent
af0f04ed17
commit
2902ccb5f0
41
.esvmrc
41
.esvmrc
|
@ -1,41 +0,0 @@
|
||||||
{
|
|
||||||
"defaults": {
|
|
||||||
"plugins": [ "lmenezes/elasticsearch-kopf", { "name": "shield", "path" : "file:./target/releases/elasticsearch-shield-1.0.0-SNAPSHOT.zip" } ],
|
|
||||||
"config" : {
|
|
||||||
"cluster": { "name": "shield" },
|
|
||||||
"indices.store.throttle.max_bytes_per_sec": "100mb",
|
|
||||||
"discovery" : {
|
|
||||||
"type" : "zen",
|
|
||||||
"zen.ping.multicast.enabled": false,
|
|
||||||
"zen.ping.unicast.hosts" : [ "localhost:9300", "localhost:9301" ]
|
|
||||||
},
|
|
||||||
"shield" : {
|
|
||||||
"enabled" : true,
|
|
||||||
"system_key.file": ".esvm-shield-config/system_key",
|
|
||||||
"audit.enabled" : false,
|
|
||||||
"transport.ssl": true,
|
|
||||||
"http.ssl": true,
|
|
||||||
"ssl" : {
|
|
||||||
"keystore" : "src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks",
|
|
||||||
"keystore_password" : "testnode"
|
|
||||||
},
|
|
||||||
"authc": {
|
|
||||||
"esusers.files" : {
|
|
||||||
"users" : ".esvm-shield-config/users",
|
|
||||||
"users_roles" : ".esvm-shield-config/users_roles"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"authz.store.files.roles" : ".esvm-shield-config/roles.yml"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"clusters": {
|
|
||||||
"shield": {
|
|
||||||
"version": "1.4",
|
|
||||||
"nodes": [
|
|
||||||
{ "node": { "name": "node01" } },
|
|
||||||
{ "node": { "name": "node02" } }
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,49 +0,0 @@
|
||||||
{
|
|
||||||
"defaults": {
|
|
||||||
"plugins": [ "lmenezes/elasticsearch-kopf", { "name": "shield", "path" : "file:./target/releases/elasticsearch-shield-1.0.0-SNAPSHOT.zip" } ],
|
|
||||||
"config" : {
|
|
||||||
"cluster": { "name": "shield" },
|
|
||||||
"indices.store.throttle.max_bytes_per_sec": "100mb",
|
|
||||||
"discovery" : {
|
|
||||||
"type" : "zen",
|
|
||||||
"zen.ping.multicast.enabled": false,
|
|
||||||
"zen.ping.unicast.hosts" : [ "localhost:9300", "localhost:9301" ]
|
|
||||||
},
|
|
||||||
"shield" : {
|
|
||||||
"enabled" : true,
|
|
||||||
"system_key.file": ".esvm-shield-config/system_key",
|
|
||||||
"audit.enabled" : false,
|
|
||||||
"transport.ssl": true,
|
|
||||||
"http.ssl": true,
|
|
||||||
"ssl" : {
|
|
||||||
"keystore" : "src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks",
|
|
||||||
"keystore_password" : "testnode"
|
|
||||||
},
|
|
||||||
"authc": {
|
|
||||||
"esusers.files" : {
|
|
||||||
"users" : ".esvm-shield-config/users",
|
|
||||||
"users_roles" : ".esvm-shield-config/users_roles"
|
|
||||||
},
|
|
||||||
"active_directory" : {
|
|
||||||
"domain_name" : "ad.test.elasticsearch.com",
|
|
||||||
"url" : "ldaps://ad.test.elasticsearch.com:636",
|
|
||||||
"unmapped_groups_as_roles" : "false",
|
|
||||||
"files" : {
|
|
||||||
"role_mapping": ".esvm-shield-config/role_mapping.yml"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"authz.store.files.roles" : ".esvm-shield-config/roles.yml"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"clusters": {
|
|
||||||
"shield": {
|
|
||||||
"version": "1.4",
|
|
||||||
"nodes": [
|
|
||||||
{ "node": { "name": "node01" } },
|
|
||||||
{ "node": { "name": "node02" } }
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,47 +0,0 @@
|
||||||
{
|
|
||||||
"defaults": {
|
|
||||||
"plugins": [ "lmenezes/elasticsearch-kopf", { "name": "shield", "path" : "file:./target/releases/elasticsearch-shield-1.0.0-SNAPSHOT.zip" } ],
|
|
||||||
"config" : {
|
|
||||||
"cluster": { "name": "shield" },
|
|
||||||
"indices.store.throttle.max_bytes_per_sec": "100mb",
|
|
||||||
"discovery" : {
|
|
||||||
"type" : "zen",
|
|
||||||
"zen.ping.multicast.enabled": false,
|
|
||||||
"zen.ping.unicast.hosts" : [ "localhost:9300", "localhost:9301" ]
|
|
||||||
},
|
|
||||||
"shield" : {
|
|
||||||
"enabled" : true,
|
|
||||||
"system_key.file": ".esvm-shield-config/system_key",
|
|
||||||
"audit.enabled" : false,
|
|
||||||
"transport.ssl": true,
|
|
||||||
"http.ssl": true,
|
|
||||||
"ssl" : {
|
|
||||||
"keystore" : "src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks",
|
|
||||||
"keystore_password" : "testnode"
|
|
||||||
},
|
|
||||||
"authc": {
|
|
||||||
"ldap" : {
|
|
||||||
"url" : "ldaps://54.200.235.244:636",
|
|
||||||
"user_dn_templates": ["uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"],
|
|
||||||
"group_search.group_search_dn" : "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com",
|
|
||||||
"group_search.subtree_search" : false,
|
|
||||||
"unmapped_groups_as_roles" : "false",
|
|
||||||
"files" : {
|
|
||||||
"role_mapping": ".esvm-shield-config/role_mapping.yml"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"authz.store.files.roles" : ".esvm-shield-config/roles.yml"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"clusters": {
|
|
||||||
"shield": {
|
|
||||||
"version": "1.4",
|
|
||||||
"nodes": [
|
|
||||||
{ "node": { "name": "node01" } },
|
|
||||||
{ "node": { "name": "node02" } }
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -0,0 +1,77 @@
|
||||||
|
{
|
||||||
|
"defaults": {
|
||||||
|
"plugins": [
|
||||||
|
"lmenezes/elasticsearch-kopf",
|
||||||
|
{ "name": "shield", "path" : "file:../../target/releases/elasticsearch-shield-1.0.0-SNAPSHOT.zip" },
|
||||||
|
{ "name": "license", "path" : "file:/Users/<user>/.m2/repository/org/elasticsearch/elasticsearch-license-plugin/1.0.0-beta1/elasticsearch-license-plugin-1.0.0-beta1.jar" }
|
||||||
|
],
|
||||||
|
"config" : {
|
||||||
|
"cluster.name": "shield",
|
||||||
|
"indices.store.throttle.max_bytes_per_sec": "100mb",
|
||||||
|
"discovery": {
|
||||||
|
"type": "zen",
|
||||||
|
"zen.ping" : {
|
||||||
|
"multicast.enabled": false,
|
||||||
|
"unicast.hosts": [ "localhost:9300", "localhost:9301" ]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"shield": {
|
||||||
|
"enabled": true,
|
||||||
|
"system_key.file": ".esvm-shield-config/system_key",
|
||||||
|
"audit.enabled": true,
|
||||||
|
"transport.ssl": true,
|
||||||
|
"http.ssl": true,
|
||||||
|
"ssl.keystore": {
|
||||||
|
"path": "../../src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks",
|
||||||
|
"password": "testnode"
|
||||||
|
},
|
||||||
|
"authc.realms" : {
|
||||||
|
"esusers": {
|
||||||
|
"type" : "esusers",
|
||||||
|
"order" : 0,
|
||||||
|
"files" : {
|
||||||
|
"users" : ".esvm-shield-config/users",
|
||||||
|
"users_roles" : ".esvm-shield-config/users_roles"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"authz.store.files.roles" : ".esvm-shield-config/roles.yml"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"clusters": {
|
||||||
|
"shield": {
|
||||||
|
"version": "1.4"
|
||||||
|
},
|
||||||
|
"oldap": {
|
||||||
|
"version": "1.4",
|
||||||
|
"config": {
|
||||||
|
"shield.authc.realms.oldap": {
|
||||||
|
"type": "ldap",
|
||||||
|
"order": 1,
|
||||||
|
"url": "ldaps://54.200.235.244:636",
|
||||||
|
"user_dn_templates": ["uid={0},ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com"],
|
||||||
|
"group_search.group_search_dn": "ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com",
|
||||||
|
"group_search.subtree_search": false,
|
||||||
|
"unmapped_groups_as_roles": "false",
|
||||||
|
"files": {
|
||||||
|
"role_mapping": ".esvm-shield-config/role_mapping.yml"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"ad": {
|
||||||
|
"version": "1.4",
|
||||||
|
"config": {
|
||||||
|
"shield.authc.realms.ad": {
|
||||||
|
"type": "active_directory",
|
||||||
|
"order": 1,
|
||||||
|
"domain_name": "ad.test.elasticsearch.com",
|
||||||
|
"url": "ldaps://ad.test.elasticsearch.com:636",
|
||||||
|
"unmapped_groups_as_roles": "false",
|
||||||
|
"files": {"role_mapping": ".esvm-shield-config/role_mapping.yml"}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,26 @@
|
||||||
|
Running ESVM with Shield
|
||||||
|
|
||||||
|
Upgrade/Install:
|
||||||
|
npm install esvm -g
|
||||||
|
|
||||||
|
Running:
|
||||||
|
1) cd to elasticsearch-shield/dev-tools/esvm
|
||||||
|
2) modify the elasticsearch-license plugin directory in .esvmrc file
|
||||||
|
3-a) For native users
|
||||||
|
./esvm
|
||||||
|
3-b) For openldap users
|
||||||
|
esvm oldap
|
||||||
|
3-c) For active directory users
|
||||||
|
esvm ad
|
||||||
|
|
||||||
|
Users and roles are stored in .esvm-shield-config
|
||||||
|
|
||||||
|
Troubleshooting:
|
||||||
|
- elasticsearch is installed under ~/.esvm/<version>
|
||||||
|
- turn on debug in ~/.esvm/1.4.1/config/logging.yml
|
||||||
|
- esvm --fresh will reinstall ES
|
||||||
|
- plugins will not re-install, you can remove them manually by ~/.esvm/1.4.1/bin/plugin --remove shield
|
||||||
|
- errors during startup will not show up. If esvm fails startup look in ~/.esvm/1.4.1/logs/*
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue