-
Notifications
You must be signed in to change notification settings - Fork 162
Support TLS for Elasticsearch and Additional YAML for Kibana #187
Commits on Jul 4, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 4cd22fd - Browse repository at this point
Copy the full SHA 4cd22fdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 530b602 - Browse repository at this point
Copy the full SHA 530b602View commit details -
Add support for HTTP and Transport layer encryption
This commit adds support for securing HTTP and Transport layers with PKCS#12 archive certificates. This allows easier configuration for a cluster that has a commercial license.
Configuration menu - View commit details
-
Copy full SHA for fd91dbf - Browse repository at this point
Copy the full SHA fd91dbfView commit details -
Configuration menu - View commit details
-
Copy full SHA for d4cebf8 - Browse repository at this point
Copy the full SHA d4cebf8View commit details -
Add certificate verification mode
This commit adds certificate verification mode for TLS for Http and Transport layer. Since a user can supply a certificate that would fail full verification mode, default to certificate mode.
Configuration menu - View commit details
-
Copy full SHA for fcf1c66 - Browse repository at this point
Copy the full SHA fcf1c66View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3c9c96a - Browse repository at this point
Copy the full SHA 3c9c96aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 129ef1e - Browse repository at this point
Copy the full SHA 129ef1eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 477b201 - Browse repository at this point
Copy the full SHA 477b201View commit details -
Configuration menu - View commit details
-
Copy full SHA for c8c9df1 - Browse repository at this point
Copy the full SHA c8c9df1View commit details -
Always echo cert password to openssl
This commit always passes the password for a PKCS#12 archive cert to openssl, to convert to PEM format, even when the password is an empty string. Use the insecure flag when calling localhost over HTTPS with curl. Since the subject name in certificate used to secure the HTTP layer may not match host name localhost (it's likely to be tied to a public domain name), the --cacert flag for curl cannot be used.
Configuration menu - View commit details
-
Copy full SHA for f135795 - Browse repository at this point
Copy the full SHA f135795View commit details -
Configuration menu - View commit details
-
Copy full SHA for c55bb77 - Browse repository at this point
Copy the full SHA c55bb77View commit details -
Don't verify the Elasticsearch certificate for 5.2.0 and older
This commit sets elasticsearch.ssl.verify: false for Kibana 5.2.0 and older. Kibana connects to Elasticsearch through an internal load balancer IP address which will likely fail verification which will also verify hostname, so disable verification by default for these versions.
Configuration menu - View commit details
-
Copy full SHA for 1b354e2 - Browse repository at this point
Copy the full SHA 1b354e2View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1b55de6 - Browse repository at this point
Copy the full SHA 1b55de6View commit details -
Add details for Kibana cert and key format
This commit adds detail to specify that the Kibana cert and key are in PEM format. Support PKCS#12 archive in future would be useful.
Configuration menu - View commit details
-
Copy full SHA for 55720cb - Browse repository at this point
Copy the full SHA 55720cbView commit details -
Pass parameters through parameters-file argument
This commit updates integration tests to use the parameters-file argument to pass the parameters to azure cli. Since parameters can now contain base 64 encoded certificates, the input can be longer than the maximum characters allowed in Windows (8192). Add generated certificates for integration tests.
Configuration menu - View commit details
-
Copy full SHA for 3953d3c - Browse repository at this point
Copy the full SHA 3953d3cView commit details -
Add --test parameter to filter integration tests
This commit adds a --test parameter to be able to filter the integration tests that should be run. The parameter value is a regular expression string.
Configuration menu - View commit details
-
Copy full SHA for bf30f75 - Browse repository at this point
Copy the full SHA bf30f75View commit details -
Include additional parameters in README. Add notes for additional arguments for npm run test
Configuration menu - View commit details
-
Copy full SHA for 529c200 - Browse repository at this point
Copy the full SHA 529c200View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6e41fee - Browse repository at this point
Copy the full SHA 6e41feeView commit details -
Pass cert when making requests in integration tests
This commit adds the certificate CA to requests made in integration tests
Configuration menu - View commit details
-
Copy full SHA for f7febc6 - Browse repository at this point
Copy the full SHA f7febc6View commit details -
Configuration menu - View commit details
-
Copy full SHA for f1e8790 - Browse repository at this point
Copy the full SHA f1e8790View commit details -
Configuration menu - View commit details
-
Copy full SHA for d8a2a77 - Browse repository at this point
Copy the full SHA d8a2a77View commit details -
Whitelist indices starting with dot (.)
This commit changes the integration test that tests the yaml configuration parameters to whitelist any indices starting with a dot; the .security index is too restrictive for the indices created by alerting/watcher.
Configuration menu - View commit details
-
Copy full SHA for 5203535 - Browse repository at this point
Copy the full SHA 5203535View commit details -
Configuration menu - View commit details
-
Copy full SHA for 32f5e84 - Browse repository at this point
Copy the full SHA 32f5e84View commit details -
Move common paths to variables Remove superfluous quotes
Configuration menu - View commit details
-
Copy full SHA for 2bb958c - Browse repository at this point
Copy the full SHA 2bb958cView commit details
Commits on Jul 5, 2018
-
Configure Application Gateway to work with TLS on backend pool
This commit adds support for TLS from Application Gateway to the backend pool. Application Gateway communicates with the backend pool through the internal loadbalancer, and the public key(s) for certificate(s) used by the backend pool must be whitelisted by Application Gateway by providing these details to it. This means that for TLS on the HTTP layer in conjunction with Application Gateway, only the single esHttpCertBlob option can be supported. In the case of esHttpCaCertBlob which is used to generate a cert for HTTP layer for each VM/node in the cluster, the public keys for these certs cannot be automatically added to Application Gateway as part of deployment.
Configuration menu - View commit details
-
Copy full SHA for 8560e76 - Browse repository at this point
Copy the full SHA 8560e76View commit details -
Pass Elasticsearch HTTP CA cert for Kibana configuration
This commit passes the Elasticsearch HTTP CA cert to Kibana to configure TLS to Elasticsearch from Kibana. When a CA cert is provided, it is used to configure the certificate authority. The present of an Elasticsearch HTTP cert overrides the presence of a HTTP CA cert. That is, if a HTTP cert is provided, the certificate authority will be extracted from the PKCS#12 archive. If no CA cert is present, The verification mode for TLS with Elasticsearch will be set to none. Change owner of directory and files in /etc/elasticsearch/ssl
Configuration menu - View commit details
-
Copy full SHA for 8bc0b69 - Browse repository at this point
Copy the full SHA 8bc0b69View commit details -
Always require a CA to generate Transport layer certs
Use hostname and IP address SANs when generating certs
Configuration menu - View commit details
-
Copy full SHA for 62eb0f3 - Browse repository at this point
Copy the full SHA 62eb0f3View commit details -
Move HTTP CA parameters outside of variable
When HTTP CA password is an empty string, the value is incorrectly passed to certutil
Configuration menu - View commit details
-
Copy full SHA for a933f47 - Browse repository at this point
Copy the full SHA a933f47View commit details -
Configuration menu - View commit details
-
Copy full SHA for feae8ed - Browse repository at this point
Copy the full SHA feae8edView commit details -
Configuration menu - View commit details
-
Copy full SHA for 66844c5 - Browse repository at this point
Copy the full SHA 66844c5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9c71b35 - Browse repository at this point
Copy the full SHA 9c71b35View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8762515 - Browse repository at this point
Copy the full SHA 8762515View commit details -
Configuration menu - View commit details
-
Copy full SHA for f7029c1 - Browse repository at this point
Copy the full SHA f7029c1View commit details -
require cert or CA when configuring TLS for HTTP layer
This commit requires that a cert or CA are provided to set up TLS on the HTTP layer. When a cert is provided, it will take preference, and Kibana will be configured with certificate verification mode. The most likely use case for cert is to provide a cert for a CNAME pointing at the external loadbalancer public IP. When a CA is provided, HTTP certs are generated for each node, including the node DNS and IP as Subject Alternative Names, as well as the internal loadbalancer public IP as a Subject Alternative Name in the cert. Including the internal loadbalancer IP allows Kibana to be set to full verification mode when communicating internally. A client communicating through the external loadbalancer can verify certs provided against the CA. A client communicating through Application Gateway will use the cert configured for the Gateway.
Configuration menu - View commit details
-
Copy full SHA for 5f71218 - Browse repository at this point
Copy the full SHA 5f71218View commit details -
Configuration menu - View commit details
-
Copy full SHA for f69a3a2 - Browse repository at this point
Copy the full SHA f69a3a2View commit details -
Configuration menu - View commit details
-
Copy full SHA for 99944a9 - Browse repository at this point
Copy the full SHA 99944a9View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8b5afa0 - Browse repository at this point
Copy the full SHA 8b5afa0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 71d0aaf - Browse repository at this point
Copy the full SHA 71d0aafView commit details -
Configuration menu - View commit details
-
Copy full SHA for f8522d9 - Browse repository at this point
Copy the full SHA f8522d9View commit details -
Remove versions less than 5.3.x from the template
This commit removes versions less than 5.3.x from the template. 5.0.x and 5.1.x are now EOL and 5.2.x will be EOL end of July. 5.2.x is removed now because Kibana Console does not work with self-signed certs; Kibana itself works, but not console, responding with Client request error: unable to verify the first certificate Closes #199
Configuration menu - View commit details
-
Copy full SHA for 30884fd - Browse repository at this point
Copy the full SHA 30884fdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8b210cc - Browse repository at this point
Copy the full SHA 8b210ccView commit details -
Configuration menu - View commit details
-
Copy full SHA for add8a34 - Browse repository at this point
Copy the full SHA add8a34View commit details -
Configuration menu - View commit details
-
Copy full SHA for 890ecb9 - Browse repository at this point
Copy the full SHA 890ecb9View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3110267 - Browse repository at this point
Copy the full SHA 3110267View commit details -
Configuration menu - View commit details
-
Copy full SHA for e8df296 - Browse repository at this point
Copy the full SHA e8df296View commit details -
Configuration menu - View commit details
-
Copy full SHA for fd934d4 - Browse repository at this point
Copy the full SHA fd934d4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1d09203 - Browse repository at this point
Copy the full SHA 1d09203View commit details -
Configuration menu - View commit details
-
Copy full SHA for f995ec4 - Browse repository at this point
Copy the full SHA f995ec4View commit details -
Remove hostname verification in integration tests
This commit removes the hostname verification check used by the node's request module. Since all certs used are self-signed, hostname verification will fail. Tests still verify the CA.
Configuration menu - View commit details
-
Copy full SHA for 35c3337 - Browse repository at this point
Copy the full SHA 35c3337View commit details
Commits on Jul 6, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 48ffb41 - Browse repository at this point
Copy the full SHA 48ffb41View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2d731ea - Browse repository at this point
Copy the full SHA 2d731eaView commit details -
This commit adds a --nodestroy parameter that when passed, does not delete resource groups after integration tests
Configuration menu - View commit details
-
Copy full SHA for bde3436 - Browse repository at this point
Copy the full SHA bde3436View commit details -
Configuration menu - View commit details
-
Copy full SHA for 5169972 - Browse repository at this point
Copy the full SHA 5169972View commit details
Commits on Jul 10, 2018
-
Rename appGatewayEsHttpCertPublicKey and associated properties
This commit renames the mainTemplate appGatewayEsHttpCertPublicKey to simply appGatewayEsHttpCertBlob, to indicate that the parameter is the public key and should be provided Base-64 encoded.
Configuration menu - View commit details
-
Copy full SHA for 8736137 - Browse repository at this point
Copy the full SHA 8736137View commit details -
This commit addresses the PR comments to improve the descriptions for each of the parameters, and include a section on how to pass certificate related parameters.
Configuration menu - View commit details
-
Copy full SHA for c954053 - Browse repository at this point
Copy the full SHA c954053View commit details -
Configuration menu - View commit details
-
Copy full SHA for b2fd3c8 - Browse repository at this point
Copy the full SHA b2fd3c8View commit details
Commits on Jul 11, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 45969c5 - Browse repository at this point
Copy the full SHA 45969c5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1433fd5 - Browse repository at this point
Copy the full SHA 1433fd5View commit details -
Configuration menu - View commit details
-
Copy full SHA for baf4ce3 - Browse repository at this point
Copy the full SHA baf4ce3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8ff135d - Browse repository at this point
Copy the full SHA 8ff135dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 38daff3 - Browse repository at this point
Copy the full SHA 38daff3View commit details