21f1f28ab3
Fixes for this patchset: - split out elk-openstack-client.yml to match what's done elsewhere Fixes for patchset #11: - split out filebeat into separate role for openstack clients - update README.md to use elk-openstack-client.yml for this purpose - cleanup filebeat.yml.j2 to use correct syntax (no need for " anymore) Fixes for patchset #10: - add SELinux boolean "httpd_can_network_connect" - add libsemanage-python package dependency for booleans Fixes for patchset #9: - fix for RHEL7 clients, we need to specify remote EPEL rpm - RHEL7 clients need rpm_key module to import EPEL GPG key - switch to using uri module instead of curl for checking elasticsearch indices - add python-httplib2 dependency (needed for uri module) - use curl -XPOST instead of PUT for filebeat index template in elasticsearch Fixes from patchset #7 - remove unneeded rpm usage, switch to yum module - add logic to heapsize tuning so systems > 64G of memory will never exceed the 32G recommended heapsize - logic fix for prepopulating local logs into logstash - remove elasticsearch.yml, rpm provides this and we're not customizing it yet Fixes from patchset #6: - use yum repo Ansible module where we can - remove unecessary EPEL installation (only nginx needs it) - disable EPEL repo after installation to avoid OpenStack breakage This adds: (ELK Server) - Automated ELK stack deployment - SSL client generation - Heap size tuning (1/2 of available memory) - Firewall port additions (depending on active or not) - Supports either firewalld or iptables-services - Additional upstream Filebeat Kibana dashboards (ELK Client) - Sets up filebeat with appropriate SSL certificates - utilizes both hostnames and SubjectAltName support (for environments without DNS services). (Usage) ansible-playbook -i hosts install/elk.yml ansible-playbook -i hosts install/elk-client.yml --extra-vars 'elk_server=X.X.X.X' Change-Id: Iee29f985e0bbcdf706ad869f132d4c0f1593a6b6
28 lines
465 B
Django/Jinja
28 lines
465 B
Django/Jinja
[req]
|
|
distinguished_name = req_distinguished_name
|
|
x509_extensions = v3_req
|
|
prompt = no
|
|
|
|
[req_distinguished_name]
|
|
C = TG
|
|
ST = Togo
|
|
L = Lome
|
|
O = Private company
|
|
CN = *
|
|
|
|
[v3_req]
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid,issuer
|
|
basicConstraints = CA:TRUE
|
|
subjectAltName = @alt_names
|
|
|
|
[alt_names]
|
|
DNS.1 = *
|
|
DNS.2 = *.*
|
|
DNS.3 = *.*.*
|
|
DNS.4 = *.*.*.*
|
|
DNS.5 = *.*.*.*.*
|
|
DNS.6 = *.*.*.*.*.*
|
|
DNS.7 = *.*.*.*.*.*.*
|
|
IP.1 = {{ ansible_default_ipv4.address }}
|