diff --git a/ror-cluster-elastic-cloud-demo/docker-compose.yml b/ror-cluster-elastic-cloud-demo/docker-compose.yml index 4dbc87a..000b166 100644 --- a/ror-cluster-elastic-cloud-demo/docker-compose.yml +++ b/ror-cluster-elastic-cloud-demo/docker-compose.yml @@ -39,7 +39,7 @@ services: kbn-ror: build: context: . - dockerfile: images/kbn/${KBN_DOCKERFILE} + dockerfile: images/kbn-2/${KBN_DOCKERFILE} args: KBN_VERSION: $KBN_VERSION ROR_VERSION: $ROR_KBN_VERSION diff --git a/ror-demo-cluster/conf/kbn-2/enterprise-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn-2/enterprise-ror-newplatform-kibana.yml new file mode 100644 index 0000000..40b4959 --- /dev/null +++ b/ror-demo-cluster/conf/kbn-2/enterprise-ror-newplatform-kibana.yml @@ -0,0 +1,105 @@ +server.name: kibana-ror-2 +server.host: 0.0.0.0 +server.basePath: /deva-notix +server.rewriteBasePath: false +server.publicBaseUrl: "https://localhost:8443/deva-notix" + +elasticsearch.username: kibana +elasticsearch.password: kibana +elasticsearch.ssl.verificationMode: none +server.xsrf.allowlist: [] + +# generated with: +# $ openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout kibana.key -out kibana.crt +server.ssl.enabled: true +server.ssl.certificate: /usr/share/kibana/config/kibana.crt +server.ssl.key: /usr/share/kibana/config/kibana.key +server.ssl.redirectHttpFromPort: 80 + +xpack.security.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" +xpack.encryptedSavedObjects.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" + +xpack.reporting.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" +xpack.reporting.queue.timeout: 120000 +xpack.reporting.csv.maxSizeBytes: 10485760 + +# disable "Your data is not secure. Don't lose one bit. Secure your data for free with Elastic." +xpack.security.showInsecureClusterWarning: false + +# alternative to disable spaces +xpack.spaces.maxSpaces: 0 + +# Explore underlying data +xpack.discoverEnhanced.actions.exploreDataInContextMenu.enabled: true +xpack.discoverEnhanced.actions.exploreDataInChart.enabled: true + +# session lifecycle management +xpack.security.session.idleTimeout: 3d +xpack.security.session.lifespan: 7d +xpack.security.session.cleanupInterval: 1d + +readonlyrest_kbn.logLevel: trace +readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' +readonlyrest_kbn.store_sessions_in_index: true + +#################### Kibana additional settings ################### +newsfeed.enabled: false +telemetry.optIn: false +telemetry.enabled: false +telemetry.allowChangingOptInStatus: false +i18n.locale: en + +#################### Kibana logging settings ###################### + +logging.appenders.roll-file.type: rolling-file +logging.appenders.roll-file.fileName: /usr/share/kibana/logs/kibana.log +logging.appenders.roll-file.policy.type: time-interval +logging.appenders.roll-file.policy.interval: 24h +logging.appenders.roll-file.policy.modulate: true +logging.appenders.roll-file.strategy.type: numeric +logging.appenders.roll-file.strategy.pattern: '.%i' +logging.appenders.roll-file.strategy.max: 2 +logging.appenders.roll-file.layout.type: json +logging.root.appenders: [roll-file,default] +logging.root.level: info + + +#################### Kibana CCS settings ###################### +monitoring.ui.ccs.enabled: false +readonlyrest_kbn: + auth: + signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf" + + oidc_keycloak: + buttonName: "Keycloak OIDC" + type: "oidc" + protocol: "https" + issuer: 'http://kc.localhost:8080/realms/ror' + authorizationURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/auth' + tokenURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/token' + userInfoURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/userinfo' + jwksURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/certs' + clientID: 'kibana-ror' + clientSecret: 'kibanasecret123' + scope: 'openid profile email' + usernameParameter: 'preferred_username' + groupsParameter: 'groups' + kibanaExternalHost: 'localhost:8443/deva-notix' + logoutUrl: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/logout' + oidc_lemon_ldap: + buttonName: "LemonLDAP OpenID" + type: "oidc" + protocol: "https" + issuer: 'https://oidctest.wsweet.org/' + authorizationURL: 'https://oidctest.wsweet.org/oauth2/authorize' + tokenURL: 'https://oidctest.wsweet.org/oauth2/token' + userInfoURL: 'https://oidctest.wsweet.org/oauth2/userinfo' + clientID: 'private' + clientSecret: 'tardis' + scope: 'openid users roles' + usernameParameter: 'sub' + groupsParameter: 'roles' + kibanaExternalHost: 'localhost:8443' + logoutUrl: 'https://oidctest.wsweet.org/oauth2/logout' + jwksURL: 'https://oidctest.wsweet.org/oauth2/jwks' + diff --git a/ror-demo-cluster/conf/kbn-2/free-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn-2/free-ror-newplatform-kibana.yml new file mode 100644 index 0000000..2f605e7 --- /dev/null +++ b/ror-demo-cluster/conf/kbn-2/free-ror-newplatform-kibana.yml @@ -0,0 +1,70 @@ +server.name: kibana-ror-2 +server.host: 0.0.0.0 +server.basePath: /deva-notix +server.rewriteBasePath: false +server.publicBaseUrl: "https://localhost:8443/deva-notix" + +elasticsearch.username: kibana +elasticsearch.password: kibana +elasticsearch.ssl.verificationMode: none +server.xsrf.allowlist: [] + +# generated with: +# $ openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout kibana.key -out kibana.crt +server.ssl.enabled: true +server.ssl.certificate: /usr/share/kibana/config/kibana.crt +server.ssl.key: /usr/share/kibana/config/kibana.key +server.ssl.redirectHttpFromPort: 80 + +xpack.security.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" +xpack.encryptedSavedObjects.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" + +xpack.reporting.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" +xpack.reporting.queue.timeout: 120000 +xpack.reporting.csv.maxSizeBytes: 10485760 + +# disable "Your data is not secure. Don't lose one bit. Secure your data for free with Elastic." +xpack.security.showInsecureClusterWarning: false + +# alternative to disable spaces +xpack.spaces.maxSpaces: 0 + +# Explore underlying data +xpack.discoverEnhanced.actions.exploreDataInContextMenu.enabled: true +xpack.discoverEnhanced.actions.exploreDataInChart.enabled: true + +# session lifecycle management +xpack.security.session.idleTimeout: 3d +xpack.security.session.lifespan: 7d +xpack.security.session.cleanupInterval: 1d + +readonlyrest_kbn.logLevel: trace +readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' +readonlyrest_kbn.store_sessions_in_index: true + +#################### Kibana additional settings ################### +newsfeed.enabled: false +telemetry.optIn: false +telemetry.enabled: false +telemetry.allowChangingOptInStatus: false +i18n.locale: en + +#################### Kibana logging settings ###################### + +logging.appenders.roll-file.type: rolling-file +logging.appenders.roll-file.fileName: /usr/share/kibana/logs/kibana.log +logging.appenders.roll-file.policy.type: time-interval +logging.appenders.roll-file.policy.interval: 24h +logging.appenders.roll-file.policy.modulate: true +logging.appenders.roll-file.strategy.type: numeric +logging.appenders.roll-file.strategy.pattern: '.%i' +logging.appenders.roll-file.strategy.max: 2 +logging.appenders.roll-file.layout.type: json +logging.root.appenders: [roll-file,default] +logging.root.level: info + + +#################### Kibana CCS settings ###################### +monitoring.ui.ccs.enabled: false + + diff --git a/ror-demo-cluster/conf/kbn-2/kibana.crt b/ror-demo-cluster/conf/kbn-2/kibana.crt new file mode 100644 index 0000000..e299680 --- /dev/null +++ b/ror-demo-cluster/conf/kbn-2/kibana.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDazCCAlOgAwIBAgIUBiE6BT/+Rshrppljbwt9YUKI0L4wDQYJKoZIhvcNAQEL +BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA5MjYxODQyNThaFw0zNDA5 +MjQxODQyNThaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw +HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDG3G4Thxy7EozvjLSipdvZqjqCsfsjS9hpYP3yCYHd +X6Zd1jEIrUnU7m0K9Mqnu4ws+rMKFVPG8VTGtwYtvhirp3E5Z452BCpPVlA95buA +tgFaPF7fD/KexrlZZguBGmGvg1Tl2XbuTPMxy2bOaQEB23MnKdfGrG/vrZW4dYBn +BdbITpZv3RTtpiM6nWLaGXKMuZKa5jLLvATqF6NyoSDzp0h/mLkAlyK9YGCcAfcX +FenpHfO7bXK0j+cuZOxLTqWqfvXk3W+PIti0x1oX+wCWUeLcunu55ULZiCmHkp1j +SxQRGJtlBFMcCQ1cqVzjCcXNG2yLhvvLiNbieZsQQEMVAgMBAAGjUzBRMB0GA1Ud +DgQWBBQAhrFCBCBAdrJH179OeQI2at+wHDAfBgNVHSMEGDAWgBQAhrFCBCBAdrJH +179OeQI2at+wHDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBI +esiejMlKXp0mj34N5NDs3I7+AHIFIGTY+u6I4kF+tuiAcCYWWF4cG3g0pJzvokIi +wIdjCQjXBwfbu6KBv0wphqlSJ9lwDPBGBG1Lc6Sg+wHTqrdwL8f4FcJF1IB92mLc +wNSQNnjqxgcD5AOTqVHIy9hhJVufZonypIMSRV5xndv5qGP2TjSM4bF/Cj3YIK9D +2pLAUG3Vj3YIr0jOiyRbYlzaXpV9hPwfkbLSrqi/RwHvZtUv7B7roAY1mSg5wYFg +CbHH7nmpV3wzaF47Y/k+O4+37DbCYuDJwrLyhqksqQiN55s4UG15ATBS8fYWfRnf +t2WXvSztBJ6TS+pOm6GM +-----END CERTIFICATE----- diff --git a/ror-demo-cluster/conf/kbn-2/kibana.key b/ror-demo-cluster/conf/kbn-2/kibana.key new file mode 100644 index 0000000..8bb8fc5 --- /dev/null +++ b/ror-demo-cluster/conf/kbn-2/kibana.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDG3G4Thxy7Eozv +jLSipdvZqjqCsfsjS9hpYP3yCYHdX6Zd1jEIrUnU7m0K9Mqnu4ws+rMKFVPG8VTG +twYtvhirp3E5Z452BCpPVlA95buAtgFaPF7fD/KexrlZZguBGmGvg1Tl2XbuTPMx +y2bOaQEB23MnKdfGrG/vrZW4dYBnBdbITpZv3RTtpiM6nWLaGXKMuZKa5jLLvATq +F6NyoSDzp0h/mLkAlyK9YGCcAfcXFenpHfO7bXK0j+cuZOxLTqWqfvXk3W+PIti0 +x1oX+wCWUeLcunu55ULZiCmHkp1jSxQRGJtlBFMcCQ1cqVzjCcXNG2yLhvvLiNbi +eZsQQEMVAgMBAAECggEAF5FSPmA56HXXXCCJ2+jaOF6zVn/vaox3lm2XSxMTYAAR +AHf9EbEv2dtz8uN2DRDuGPqRM3W5mw9I49AXHF62H8nVYl9Cg/wUY5iwI9XRNfzc +Biy3dao3L9gPaWftnxxYTWu8KQ1vyeg2vkUD5xyMsQKoEBEmcHZJQdeJsfXDBPJ3 +tQSkDSrnr4f7uEQvr9iidEXnyfz1azF0snZ00IkBXRV2dcbTOIu6W+2uI1/Pthjt +rAoqvSuwBlUtvQG7Btat4tL84LNTfH+SoXJK1v4JwbqydV/U47Cc0Tp2inJugfVA +o6Cj5ptKvxI7mkFQuoyG4bm3x+79XeNbrYxhBK3hlQKBgQDnvMTfdIxC+rU+cKY0 +6sEaCzNbh3ZGqgVpBRj0i7EfdBNOctzlFSQGQhCD1SnXc7ihNZ5t2MKJRap3MNDX +Xh6jllgkjXnw1V+b2E1nBtkp/F8dWnrvzwJbSN+KeCP+zio6g2gKYLZab0GIRTEB +QvXgeaWAmIuxq2GENF8K1FuQYwKBgQDbrnsDKJI3rpfLbzrZB22gwdmq7wZWllzc +1Axiqn6xXqghXPLna3fDAbisQgRrQFTjBU9gM3isp4PGVurdPQa35ve6UAgoJUat +hIqvBzcbER3YEBksJtLvai9m9yQ69vYdMPbR10ZhA6EqTcp2MgyIEvAvue964J2p +3L1/r6bsJwKBgCksRN5e2rzbxm/9m8ozG3QBIXLVspIDi0qJeVGZsDKicPuzNMQO +6YOjIUQLD5AUI22hFTD3Hjk9g3gB2Fkrg84U3DxCVrQPdRk/aSEw+kyXZl7UwJry +8Lw/SlhT2DFhd+dFiaquXDfdJIuNn5NVzlG/y0P51ngOtxjCJVDLQil5AoGAa0qk +Ob6u6xMSgAErNKQ0HreOn7Vt2wxE/nVyNx4eEnKwmtrSp8QNEejdUQRNNDSPQPFu ++wUoguqtqUj6HGOZzGe5xf0gfrr18fkx4pobh9SsRsJWCQJNMzEhRaCeyU2klk07 +vvDtJqSnKgokP+XhyPO26xhcph7d4gA1bQ9U7zECgYAX4Fe9+2Uzmu035C5oHgUv +dA4NRP9lutpH0uboUxo1hdxKtTM1dmeXAj+SL5jyYBpfE3c8Ha3QGlIN8sHiKZTA +0A3bRAHjoKNULPgiODmwaK9y1vOm0Kol6QsJ3QZrc+iHf3wscMnimSwH2XxPnNSD +zh06Wun9UBVUZbdsIPDcLg== +-----END PRIVATE KEY----- diff --git a/ror-demo-cluster/conf/kbn-2/pro-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn-2/pro-ror-newplatform-kibana.yml new file mode 100644 index 0000000..2f605e7 --- /dev/null +++ b/ror-demo-cluster/conf/kbn-2/pro-ror-newplatform-kibana.yml @@ -0,0 +1,70 @@ +server.name: kibana-ror-2 +server.host: 0.0.0.0 +server.basePath: /deva-notix +server.rewriteBasePath: false +server.publicBaseUrl: "https://localhost:8443/deva-notix" + +elasticsearch.username: kibana +elasticsearch.password: kibana +elasticsearch.ssl.verificationMode: none +server.xsrf.allowlist: [] + +# generated with: +# $ openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout kibana.key -out kibana.crt +server.ssl.enabled: true +server.ssl.certificate: /usr/share/kibana/config/kibana.crt +server.ssl.key: /usr/share/kibana/config/kibana.key +server.ssl.redirectHttpFromPort: 80 + +xpack.security.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" +xpack.encryptedSavedObjects.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" + +xpack.reporting.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" +xpack.reporting.queue.timeout: 120000 +xpack.reporting.csv.maxSizeBytes: 10485760 + +# disable "Your data is not secure. Don't lose one bit. Secure your data for free with Elastic." +xpack.security.showInsecureClusterWarning: false + +# alternative to disable spaces +xpack.spaces.maxSpaces: 0 + +# Explore underlying data +xpack.discoverEnhanced.actions.exploreDataInContextMenu.enabled: true +xpack.discoverEnhanced.actions.exploreDataInChart.enabled: true + +# session lifecycle management +xpack.security.session.idleTimeout: 3d +xpack.security.session.lifespan: 7d +xpack.security.session.cleanupInterval: 1d + +readonlyrest_kbn.logLevel: trace +readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' +readonlyrest_kbn.store_sessions_in_index: true + +#################### Kibana additional settings ################### +newsfeed.enabled: false +telemetry.optIn: false +telemetry.enabled: false +telemetry.allowChangingOptInStatus: false +i18n.locale: en + +#################### Kibana logging settings ###################### + +logging.appenders.roll-file.type: rolling-file +logging.appenders.roll-file.fileName: /usr/share/kibana/logs/kibana.log +logging.appenders.roll-file.policy.type: time-interval +logging.appenders.roll-file.policy.interval: 24h +logging.appenders.roll-file.policy.modulate: true +logging.appenders.roll-file.strategy.type: numeric +logging.appenders.roll-file.strategy.pattern: '.%i' +logging.appenders.roll-file.strategy.max: 2 +logging.appenders.roll-file.layout.type: json +logging.root.appenders: [roll-file,default] +logging.root.level: info + + +#################### Kibana CCS settings ###################### +monitoring.ui.ccs.enabled: false + + diff --git a/ror-demo-cluster/conf/kbn-2/ror-oldplatform-kibana.yml b/ror-demo-cluster/conf/kbn-2/ror-oldplatform-kibana.yml new file mode 100644 index 0000000..de0b5d6 --- /dev/null +++ b/ror-demo-cluster/conf/kbn-2/ror-oldplatform-kibana.yml @@ -0,0 +1,15 @@ +server.name: kibana-ror +server.host: 0.0.0.0 + +elasticsearch.username: kibana +elasticsearch.password: kibana +elasticsearch.ssl.verificationMode: none + +# generated with: +# $ openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout kibana.key -out kibana.crt +server.ssl.enabled: true +server.ssl.certificate: /usr/share/kibana/config/kibana.crt +server.ssl.key: /usr/share/kibana/config/kibana.key +server.ssl.redirectHttpFromPort: 80 + +xpack.security.enabled: false diff --git a/ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml index 9abf6b5..3000107 100644 --- a/ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn/enterprise-ror-newplatform-kibana.yml @@ -1,9 +1,13 @@ server.name: kibana-ror server.host: 0.0.0.0 +server.basePath: /deva-notix +server.rewriteBasePath: false +server.publicBaseUrl: "https://localhost:8443/deva-notix" elasticsearch.username: kibana elasticsearch.password: kibana elasticsearch.ssl.verificationMode: none +server.xsrf.allowlist: [] # generated with: # $ openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout kibana.key -out kibana.crt @@ -12,41 +16,91 @@ server.ssl.certificate: /usr/share/kibana/config/kibana.crt server.ssl.key: /usr/share/kibana/config/kibana.key server.ssl.redirectHttpFromPort: 80 -readonlyrest_kbn.logLevel: info +xpack.security.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" +xpack.encryptedSavedObjects.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" + +xpack.reporting.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" +xpack.reporting.queue.timeout: 120000 +xpack.reporting.csv.maxSizeBytes: 10485760 + +# disable "Your data is not secure. Don't lose one bit. Secure your data for free with Elastic." +xpack.security.showInsecureClusterWarning: false + +# alternative to disable spaces +xpack.spaces.maxSpaces: 0 + +# Explore underlying data +xpack.discoverEnhanced.actions.exploreDataInContextMenu.enabled: true +xpack.discoverEnhanced.actions.exploreDataInChart.enabled: true + +# session lifecycle management +xpack.security.session.idleTimeout: 3d +xpack.security.session.lifespan: 7d +xpack.security.session.cleanupInterval: 1d + +readonlyrest_kbn.logLevel: trace readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' +readonlyrest_kbn.store_sessions_in_index: true + +#################### Kibana additional settings ################### +newsfeed.enabled: false +telemetry.optIn: false +telemetry.enabled: false +telemetry.allowChangingOptInStatus: false +i18n.locale: en + +#################### Kibana logging settings ###################### + +logging.appenders.roll-file.type: rolling-file +logging.appenders.roll-file.fileName: /usr/share/kibana/logs/kibana.log +logging.appenders.roll-file.policy.type: time-interval +logging.appenders.roll-file.policy.interval: 24h +logging.appenders.roll-file.policy.modulate: true +logging.appenders.roll-file.strategy.type: numeric +logging.appenders.roll-file.strategy.pattern: '.%i' +logging.appenders.roll-file.strategy.max: 2 +logging.appenders.roll-file.layout.type: json +logging.root.appenders: [roll-file,default] +logging.root.level: info + + +#################### Kibana CCS settings ###################### +monitoring.ui.ccs.enabled: false readonlyrest_kbn: auth: - signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf" - - oidc_keycloak: - buttonName: "Keycloak OIDC" - type: "oidc" - protocol: "https" - issuer: 'http://kc.localhost:8080/realms/ror' - authorizationURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/auth' - tokenURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/token' - userInfoURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/userinfo' - jwksURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/certs' - clientID: 'kibana-ror' - clientSecret: 'kibanasecret123' - scope: 'openid profile email' - usernameParameter: 'preferred_username' - groupsParameter: 'groups' - kibanaExternalHost: 'localhost:15601' - logoutUrl: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/logout' - oidc_lemon_ldap: - buttonName: "LemonLDAP OpenID" - type: "oidc" - protocol: "https" - issuer: 'https://oidctest.wsweet.org/' - authorizationURL: 'https://oidctest.wsweet.org/oauth2/authorize' - tokenURL: 'https://oidctest.wsweet.org/oauth2/token' - userInfoURL: 'https://oidctest.wsweet.org/oauth2/userinfo' - clientID: 'private' - clientSecret: 'tardis' - scope: 'openid users roles' - usernameParameter: 'sub' - groupsParameter: 'roles' - kibanaExternalHost: 'localhost:15601' - logoutUrl: 'https://oidctest.wsweet.org/oauth2/logout' - jwksURL: 'https://oidctest.wsweet.org/oauth2/jwks' + signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf" + + oidc_keycloak: + buttonName: "Keycloak OIDC" + type: "oidc" + protocol: "https" + issuer: 'http://kc.localhost:8080/realms/ror' + authorizationURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/auth' + tokenURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/token' + userInfoURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/userinfo' + jwksURL: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/certs' + clientID: 'kibana-ror' + clientSecret: 'kibanasecret123' + scope: 'openid profile email' + usernameParameter: 'preferred_username' + groupsParameter: 'groups' + kibanaExternalHost: 'localhost:8443' + logoutUrl: 'http://kc.localhost:8080/realms/ror/protocol/openid-connect/logout' + oidc_lemon_ldap: + buttonName: "LemonLDAP OpenID" + type: "oidc" + protocol: "https" + issuer: 'https://oidctest.wsweet.org/' + authorizationURL: 'https://oidctest.wsweet.org/oauth2/authorize' + tokenURL: 'https://oidctest.wsweet.org/oauth2/token' + userInfoURL: 'https://oidctest.wsweet.org/oauth2/userinfo' + clientID: 'private' + clientSecret: 'tardis' + scope: 'openid users roles' + usernameParameter: 'sub' + groupsParameter: 'roles' + kibanaExternalHost: 'localhost:8443' + logoutUrl: 'https://oidctest.wsweet.org/oauth2/logout' + jwksURL: 'https://oidctest.wsweet.org/oauth2/jwks' + + diff --git a/ror-demo-cluster/conf/kbn/free-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn/free-ror-newplatform-kibana.yml index 3df3d8e..4366a6c 100644 --- a/ror-demo-cluster/conf/kbn/free-ror-newplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn/free-ror-newplatform-kibana.yml @@ -1,9 +1,13 @@ server.name: kibana-ror server.host: 0.0.0.0 +server.basePath: /deva-notix +server.rewriteBasePath: false +server.publicBaseUrl: "https://localhost:8443/deva-notix" elasticsearch.username: kibana elasticsearch.password: kibana elasticsearch.ssl.verificationMode: none +server.xsrf.allowlist: [] # generated with: # $ openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout kibana.key -out kibana.crt @@ -12,5 +16,55 @@ server.ssl.certificate: /usr/share/kibana/config/kibana.crt server.ssl.key: /usr/share/kibana/config/kibana.key server.ssl.redirectHttpFromPort: 80 -readonlyrest_kbn.logLevel: info +xpack.security.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" +xpack.encryptedSavedObjects.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" + +xpack.reporting.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" +xpack.reporting.queue.timeout: 120000 +xpack.reporting.csv.maxSizeBytes: 10485760 + +# disable "Your data is not secure. Don't lose one bit. Secure your data for free with Elastic." +xpack.security.showInsecureClusterWarning: false + +# alternative to disable spaces +xpack.spaces.maxSpaces: 0 + +# Explore underlying data +xpack.discoverEnhanced.actions.exploreDataInContextMenu.enabled: true +xpack.discoverEnhanced.actions.exploreDataInChart.enabled: true + +# session lifecycle management +xpack.security.session.idleTimeout: 3d +xpack.security.session.lifespan: 7d +xpack.security.session.cleanupInterval: 1d + +readonlyrest_kbn.logLevel: trace readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' +readonlyrest_kbn.store_sessions_in_index: true + +#################### Kibana additional settings ################### +newsfeed.enabled: false +telemetry.optIn: false +telemetry.enabled: false +telemetry.allowChangingOptInStatus: false +i18n.locale: en + +#################### Kibana logging settings ###################### + +logging.appenders.roll-file.type: rolling-file +logging.appenders.roll-file.fileName: /usr/share/kibana/logs/kibana.log +logging.appenders.roll-file.policy.type: time-interval +logging.appenders.roll-file.policy.interval: 24h +logging.appenders.roll-file.policy.modulate: true +logging.appenders.roll-file.strategy.type: numeric +logging.appenders.roll-file.strategy.pattern: '.%i' +logging.appenders.roll-file.strategy.max: 2 +logging.appenders.roll-file.layout.type: json +logging.root.appenders: [roll-file,default] +logging.root.level: info + + +#################### Kibana CCS settings ###################### +monitoring.ui.ccs.enabled: false + + diff --git a/ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml index 3df3d8e..4366a6c 100644 --- a/ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml @@ -1,9 +1,13 @@ server.name: kibana-ror server.host: 0.0.0.0 +server.basePath: /deva-notix +server.rewriteBasePath: false +server.publicBaseUrl: "https://localhost:8443/deva-notix" elasticsearch.username: kibana elasticsearch.password: kibana elasticsearch.ssl.verificationMode: none +server.xsrf.allowlist: [] # generated with: # $ openssl req -x509 -batch -nodes -days 3650 -newkey rsa:2048 -keyout kibana.key -out kibana.crt @@ -12,5 +16,55 @@ server.ssl.certificate: /usr/share/kibana/config/kibana.crt server.ssl.key: /usr/share/kibana/config/kibana.key server.ssl.redirectHttpFromPort: 80 -readonlyrest_kbn.logLevel: info +xpack.security.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" +xpack.encryptedSavedObjects.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" + +xpack.reporting.encryptionKey: "19+230i1902i310293213i109312i31209302193219039120i3j23h31h3h213h123!" +xpack.reporting.queue.timeout: 120000 +xpack.reporting.csv.maxSizeBytes: 10485760 + +# disable "Your data is not secure. Don't lose one bit. Secure your data for free with Elastic." +xpack.security.showInsecureClusterWarning: false + +# alternative to disable spaces +xpack.spaces.maxSpaces: 0 + +# Explore underlying data +xpack.discoverEnhanced.actions.exploreDataInContextMenu.enabled: true +xpack.discoverEnhanced.actions.exploreDataInChart.enabled: true + +# session lifecycle management +xpack.security.session.idleTimeout: 3d +xpack.security.session.lifespan: 7d +xpack.security.session.cleanupInterval: 1d + +readonlyrest_kbn.logLevel: trace readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' +readonlyrest_kbn.store_sessions_in_index: true + +#################### Kibana additional settings ################### +newsfeed.enabled: false +telemetry.optIn: false +telemetry.enabled: false +telemetry.allowChangingOptInStatus: false +i18n.locale: en + +#################### Kibana logging settings ###################### + +logging.appenders.roll-file.type: rolling-file +logging.appenders.roll-file.fileName: /usr/share/kibana/logs/kibana.log +logging.appenders.roll-file.policy.type: time-interval +logging.appenders.roll-file.policy.interval: 24h +logging.appenders.roll-file.policy.modulate: true +logging.appenders.roll-file.strategy.type: numeric +logging.appenders.roll-file.strategy.pattern: '.%i' +logging.appenders.roll-file.strategy.max: 2 +logging.appenders.roll-file.layout.type: json +logging.root.appenders: [roll-file,default] +logging.root.level: info + + +#################### Kibana CCS settings ###################### +monitoring.ui.ccs.enabled: false + + diff --git a/ror-demo-cluster/conf/keycloak/ror-realm.json b/ror-demo-cluster/conf/keycloak/ror-realm.json index 3e806f2..feb1152 100644 --- a/ror-demo-cluster/conf/keycloak/ror-realm.json +++ b/ror-demo-cluster/conf/keycloak/ror-realm.json @@ -11,7 +11,7 @@ "redirectUris": ["*"], "webOrigins": ["*"], "attributes": { - "post.logout.redirect.uris": "https://localhost:15601/*" + "post.logout.redirect.uris": "https://localhost:8443/*" }, "protocolMappers": [ { diff --git a/ror-demo-cluster/conf/reverse-proxy/certs/server.crt b/ror-demo-cluster/conf/reverse-proxy/certs/server.crt new file mode 100644 index 0000000..d7b9dd4 --- /dev/null +++ b/ror-demo-cluster/conf/reverse-proxy/certs/server.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICyTCCAbGgAwIBAgIJAPBXGOZLL6X6MA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV +BAMMCWxvY2FsaG9zdDAeFw0yNTEwMTEwNDMzMDdaFw0yODAxMTQwNDMzMDdaMBQx +EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALZAVV3iMJc/3R7E1Cn4WnPHYBDFSqP6rznKuS56pfk2MACX+X6jdsrTTZMn +I8gQWwnPIPm2m6CFAoEqI17u+qGUTmZS0Ph9qmWLFPR18zyX+bpLLmoNBzRjZJce +3EULVqdzRSvXq/aSnNn0VbBk6PA3Wmf8pduiYmMKST4ZYz9lxAP1iWa6GmqLi8ZU +EWbRaiTdfsyME/HrYLjdhUrTHO0hHPEIsHCrHJYH3J9PJqL6BJXuTOEiZKyQJBxX +bzh8KAemOU1gNdm0x19PDJ9n4GthiSDON0uBEETIswMETywsdFBDBf/npWYyFsSY +wIKEVTDsgYTgg10yvCMcSWZaFLUCAwEAAaMeMBwwGgYDVR0RBBMwEYIJbG9jYWxo +b3N0hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQAfA5Inuxr32WkWda03CXayL1Uf +CVii5BAdniEjAUm67My9qxSNaffUQr6kCnyWFWRzwbaYdSrBJSEyxzPoyTKR7FRh +ELYtKmedfBMMYA1skAqBolTjHdz8nULIV3OerSyLtAdSHwbGpjBKwmrY/RmB7bFe +p9kNUwQU9mVRrgJ6xt/1Ms0k0d6etPBguFYEhVdyT1M6Gj608KP2gvkP4hjsTP8Q +Lxm0nVg6A7wiwFPmbanO3BfisfngxMHs3DdK68Oiy1HrJqxY46D+qnkbpleyCyOd +nK8xg3WoRlhvzNvWK/FGxYXqwZGcJi3TySBKlvQpngjOc7EimHVsuho0jSao +-----END CERTIFICATE----- diff --git a/ror-demo-cluster/conf/reverse-proxy/certs/server.key b/ror-demo-cluster/conf/reverse-proxy/certs/server.key new file mode 100644 index 0000000..e5adfbd --- /dev/null +++ b/ror-demo-cluster/conf/reverse-proxy/certs/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC2QFVd4jCXP90e +xNQp+Fpzx2AQxUqj+q85yrkueqX5NjAAl/l+o3bK002TJyPIEFsJzyD5tpughQKB +KiNe7vqhlE5mUtD4faplixT0dfM8l/m6Sy5qDQc0Y2SXHtxFC1anc0Ur16v2kpzZ +9FWwZOjwN1pn/KXbomJjCkk+GWM/ZcQD9Ylmuhpqi4vGVBFm0Wok3X7MjBPx62C4 +3YVK0xztIRzxCLBwqxyWB9yfTyai+gSV7kzhImSskCQcV284fCgHpjlNYDXZtMdf +TwyfZ+BrYYkgzjdLgRBEyLMDBE8sLHRQQwX/56VmMhbEmMCChFUw7IGE4INdMrwj +HElmWhS1AgMBAAECggEAAaVzH/X7GmKpTK3afMaRipoyc/RUSEbrbko2ggT5mtay +eE7nIg239P0TplCkMhpzuBL26UqM/VY2P5Rx3VmrSepdCu+Uk6oO7/vhpJOsLs/w +oY4sTSjw97guIG9W7gi8L6cK6Op50zBf2lgqrf07XXAikO3nUaSV3u8o2jbAfsIY +pjT/XLWsYF3XYXfH8RMRKv+tQNhCAch2Un/tug3N1tXSTcbjGwIay97Ytj8pYPcd ++1hZay9t5MXa5CAVOusrwbfShQ+sXpWenH13DqvvQX8GA/zd8bA3UV5oaDvQpw3v +HTLMr7EiFsAExc7vPr6E8X8hLfju2BdKTu0i8z7fwQKBgQDw9eyfui3jSI2EE08H +wLvLT6pZSrJ2TIQd75c9mdL04YkCwxTMCufvZwYj7PG0srRdNNlO1UTxEQNoAJ03 +U2C1qjjOQG9X71+Fj1+mtv8V8KllpZFxiItySZOpLYJe4GbqXkef/dMG+/JZ6KwY +gJuEQeiXc+LBFAYWrx9goXoQRwKBgQDBoFmIEidr3020+JJEFvIOXzZ/OkcV2Do+ +C8K4/wqUvectYVRgHlH2tTcXW+7ngVrdqnPMFeBxylxymnD7yUIS2GuV6WXeqzPg +CPuzr8OiE634qmxemj3UpbRFO3ctU00/8SeOcbnnHTrBQhrnSBC8K4Y3bXutFhba +Hb3T2NfNIwKBgQCqPxdQQ1romvphtsK/14zXuRHCxOQScT1naUCSZXyHSFJlgS/Q +emQk4cWU3HRqF1kYAZ8H8+ch68NcWBK8ZEyQDhTUpPIGTzpOQ15xjBnuhnspNjHs +5Wyg8xtBDMZwAly0eqhgghX3eUth+uKc7UDz0R1k5JvxjxQ+Mr0YqP51QQKBgCVm +hsS81PaGPKlPNlmGoRzbkVhD9oUmriFb/jHjubR/dg8S9MxYLvbbjBer/1qiZt3Y +VeO++gqgzvioEljgSC4Btc5QNggrw6prscrEkaJV8M3OhX5EhtrzYv3Yfa24oHxQ +ZZajKwiUYcwAq9eu2OSv943vTOtjD+jzw74O7ahHAoGAS3T27W6SkloZi9t+SFSY +BeINYvV3ciRNGN48k00v28+5sFJ7uaqkxkd+t8RGn7nGaA7n+nJNXexyiJzVVKjS +zL5WaQuduTDJHpW5HbAQp3bMpCrYhI6YL9EzXEedWkLaTh+Ox9yVc3nDBNx0lGw3 +yRdF/RqO80s0HbQhbJMtcMQ= +-----END PRIVATE KEY----- diff --git a/ror-demo-cluster/docker-compose.yml b/ror-demo-cluster/docker-compose.yml index f907d81..deb29ba 100644 --- a/ror-demo-cluster/docker-compose.yml +++ b/ror-demo-cluster/docker-compose.yml @@ -88,6 +88,39 @@ services: soft: -1 hard: -1 + kbn-ror-2: + build: + context: . + dockerfile: images/kbn-2/${KBN_DOCKERFILE:-KBN_DOCKERFILE_NOT_CONFIGURED} + args: + KBN_VERSION: ${KBN_VERSION:-KBN_VERSION_NOT_CONFIGURED} + ROR_VERSION: ${ROR_KBN_VERSION:-ROR_KBN_VERSION_NOT_CONFIGURED} + ROR_FILE: ${KBN_ROR_FILE:-KBN_ROR_FILE_NOT_CONFIGURED} + ROR_LICENSE_EDITION: ${ROR_LICENSE_EDITION:-ROR_LICENSE_EDITION_NOT_CONFIGURED} + ports: + - "15602:5601" + depends_on: + es-ror: + condition: service_healthy + keycloak: + condition: service_healthy + required: false + environment: + ELASTICSEARCH_HOSTS: https://es-ror:9200 + ROR_ACTIVATION_KEY: $ROR_ACTIVATION_KEY + SERVER_NAME: kbn-ror-2 + healthcheck: + test: [ "CMD-SHELL", "curl -fksS --connect-timeout 3 --max-time 5 --retry 2 --retry-connrefused -u admin:admin https://127.0.0.1:5601/api/features >/dev/null || exit 1" ] + interval: 10s + timeout: 10s + retries: 30 + start_period: 60s + networks: + - es-ror-network + ulimits: + memlock: + soft: -1 + hard: -1 initializer: build: context: . @@ -111,7 +144,20 @@ services: - ./init-scripts:/scripts networks: - es-ror-network - + proxy: + build: + context: . + dockerfile: images/reverse-proxy/Dockerfile + depends_on: + es-ror: + condition: service_healthy + kbn-ror: + condition: service_healthy + networks: + - es-ror-network + ports: + - "8082:80" + - "8443:443" networks: es-ror-network: driver: bridge diff --git a/ror-demo-cluster/images/kbn-2/Dockerfile-use-ror-binaries-from-api b/ror-demo-cluster/images/kbn-2/Dockerfile-use-ror-binaries-from-api new file mode 100644 index 0000000..03d13ac --- /dev/null +++ b/ror-demo-cluster/images/kbn-2/Dockerfile-use-ror-binaries-from-api @@ -0,0 +1,22 @@ +ARG KBN_VERSION=please_set_kbn_version_arg + +FROM docker.elastic.co/kibana/kibana:${KBN_VERSION} + +ARG KBN_VERSION=please_set_kbn_version_arg +ARG ROR_VERSION=please_set_ror_version_arg +ARG ROR_LICENSE_EDITION=please_set_ror_license_edition_arg + +COPY conf/kbn-2/ror-oldplatform-kibana.yml /usr/share/kibana/config/ror-oldplatform-kibana.yml +COPY conf/kbn-2/enterprise-ror-newplatform-kibana.yml /usr/share/kibana/config/enterprise-ror-newplatform-kibana.yml +COPY conf/kbn-2/pro-ror-newplatform-kibana.yml /usr/share/kibana/config/pro-ror-newplatform-kibana.yml +COPY conf/kbn-2/free-ror-newplatform-kibana.yml /usr/share/kibana/config/free-ror-newplatform-kibana.yml +COPY conf/kbn-2/kibana.crt /usr/share/kibana/config/kibana.crt +COPY conf/kbn-2/kibana.key /usr/share/kibana/config/kibana.key +COPY images/kbn-2/install-ror-kbn-using-api.sh /tmp/install-ror.sh + +USER root + +RUN /tmp/install-ror.sh && \ + chown -R kibana:kibana /usr/share/kibana/config + +USER kibana diff --git a/ror-demo-cluster/images/kbn-2/Dockerfile-use-ror-binaries-from-file b/ror-demo-cluster/images/kbn-2/Dockerfile-use-ror-binaries-from-file new file mode 100644 index 0000000..e63967d --- /dev/null +++ b/ror-demo-cluster/images/kbn-2/Dockerfile-use-ror-binaries-from-file @@ -0,0 +1,23 @@ +ARG KBN_VERSION=please_set_kbn_version_arg + +FROM docker.elastic.co/kibana/kibana:${KBN_VERSION} + +ARG KBN_VERSION=please_set_kbn_version_arg +ARG ROR_FILE=please_set_ror_file_path +ARG ROR_LICENSE_EDITION=please_set_ror_license_edition_arg + +COPY conf/kbn-2/ror-oldplatform-kibana.yml /usr/share/kibana/config/ror-oldplatform-kibana.yml +COPY conf/kbn-2/enterprise-ror-newplatform-kibana.yml /usr/share/kibana/config/enterprise-ror-newplatform-kibana.yml +COPY conf/kbn-2/pro-ror-newplatform-kibana.yml /usr/share/kibana/config/pro-ror-newplatform-kibana.yml +COPY conf/kbn-2/free-ror-newplatform-kibana.yml /usr/share/kibana/config/free-ror-newplatform-kibana.yml +COPY conf/kbn-2/kibana.crt /usr/share/kibana/config/kibana.crt +COPY conf/kbn-2/kibana.key /usr/share/kibana/config/kibana.key +COPY images/kbn-2/install-ror-kbn-using-file.sh /tmp/install-ror.sh +COPY $ROR_FILE /tmp/ror.zip + +USER root + +RUN /tmp/install-ror.sh && \ + chown -R kibana:kibana /usr/share/kibana/config + +USER kibana diff --git a/ror-demo-cluster/images/kbn-2/install-ror-kbn-using-api.sh b/ror-demo-cluster/images/kbn-2/install-ror-kbn-using-api.sh new file mode 100755 index 0000000..5fa2d92 --- /dev/null +++ b/ror-demo-cluster/images/kbn-2/install-ror-kbn-using-api.sh @@ -0,0 +1,74 @@ +#!/bin/bash -e + +function greater_than_or_equal() { + [ "$1" = "$(echo -e "$1\n$2" | sort -V | tail -n 1)" ]; +} + +if [[ -z "$KBN_VERSION" ]]; then + echo "No KBN_VERSION variable is set" + exit 1 +fi + +if [[ -z "$ROR_VERSION" ]]; then + echo "No ROR_VERSION variable is set" + exit 3 +fi + +ROR_KBN_EDITION="" +if greater_than_or_equal "$ROR_VERSION" "1.43.0" && greater_than_or_equal "$KBN_VERSION" "7.9.0"; then + ROR_KBN_EDITION="kbn_universal" +else + ROR_KBN_EDITION="kbn_free" +fi +ROR_DOWNLOAD_URL="https://api.beshu.tech/download/kbn?esVersion=$KBN_VERSION&pluginVersion=$ROR_VERSION&edition=$ROR_KBN_EDITION&email=ror-sandbox%40readonlyrest.com" + +echo "Installing KBN ROR $ROR_VERSION..." +if ! greater_than_or_equal "$KBN_VERSION" "7.0.0"; then + export NODE_OPTIONS="--max-old-space-size=8192" +fi + +if greater_than_or_equal "$KBN_VERSION" "7.11.0" ; then + /usr/share/kibana/bin/kibana-plugin install "$ROR_DOWNLOAD_URL" +elif greater_than_or_equal "$KBN_VERSION" "7.2.0" ; then + /usr/share/kibana/bin/kibana-plugin install --allow-root "$ROR_DOWNLOAD_URL" +else + /usr/share/kibana/bin/kibana-plugin install "$ROR_DOWNLOAD_URL" +fi + +if greater_than_or_equal "$KBN_VERSION" "8.15.0" ; then + echo "Patching KBN $KBN_VERSION (ROR $ROR_VERSION)..." + /usr/share/kibana/node/glibc-217/bin/node plugins/readonlyrestkbn/ror-tools.js patch --I_UNDERSTAND_AND_ACCEPT_KBN_PATCHING=yes +elif greater_than_or_equal "$KBN_VERSION" "7.9.0" ; then + echo "Patching KBN $KBN_VERSION (ROR $ROR_VERSION)..." + /usr/share/kibana/node/bin/node plugins/readonlyrestkbn/ror-tools.js patch --I_UNDERSTAND_AND_ACCEPT_KBN_PATCHING=yes +fi + + if greater_than_or_equal "$KBN_VERSION" "7.9.0"; then + case "${ROR_LICENSE_EDITION:-}" in + ENT) + mv /usr/share/kibana/config/enterprise-ror-newplatform-kibana.yml \ + /usr/share/kibana/config/kibana.yml + ;; + PRO) + mv /usr/share/kibana/config/pro-ror-newplatform-kibana.yml \ + /usr/share/kibana/config/kibana.yml + ;; + FREE) + mv /usr/share/kibana/config/free-ror-newplatform-kibana.yml \ + /usr/share/kibana/config/kibana.yml + ;; + "") + echo "ERROR: ROR_LICENSE_EDITION is not set" >&2 + exit 1 + ;; + *) + echo "ERROR: Unsupported ROR_LICENSE_EDITION='${ROR_LICENSE_EDITION}'" >&2 + exit 2 + ;; + esac + else + mv /usr/share/kibana/config/ror-oldplatform-kibana.yml /usr/share/kibana/config/kibana.yml + rm -rf /usr/share/kibana/optimize # for some reason we have to remove it and let kibana optimize it on startup + fi + +echo "DONE!" diff --git a/ror-demo-cluster/images/kbn-2/install-ror-kbn-using-file.sh b/ror-demo-cluster/images/kbn-2/install-ror-kbn-using-file.sh new file mode 100755 index 0000000..ab04efe --- /dev/null +++ b/ror-demo-cluster/images/kbn-2/install-ror-kbn-using-file.sh @@ -0,0 +1,59 @@ +#!/bin/bash -e + +function greater_than_or_equal() { + [ "$1" = "$(echo -e "$1\n$2" | sort -V | tail -n 1)" ]; +} + +if [[ -z "$KBN_VERSION" ]]; then + echo "No KBN_VERSION variable is set" + exit 1 +fi + +echo "Installing KBN ROR $ROR_VERSION..." +if ! greater_than_or_equal "$KBN_VERSION" "7.0.0"; then + export NODE_OPTIONS="--max-old-space-size=8192" +fi + +if greater_than_or_equal "$KBN_VERSION" "7.11.0" ; then + /usr/share/kibana/bin/kibana-plugin install file:///tmp/ror.zip +else + /usr/share/kibana/bin/kibana-plugin install --allow-root file:///tmp/ror.zip +fi + +if greater_than_or_equal "$KBN_VERSION" "8.15.0" ; then + echo "Patching KBN $KBN_VERSION (ROR $ROR_VERSION)..." + /usr/share/kibana/node/glibc-217/bin/node plugins/readonlyrestkbn/ror-tools.js patch --I_UNDERSTAND_AND_ACCEPT_KBN_PATCHING=yes +elif greater_than_or_equal "$KBN_VERSION" "7.9.0" ; then + echo "Patching KBN $KBN_VERSION (ROR $ROR_VERSION)..." + /usr/share/kibana/node/bin/node plugins/readonlyrestkbn/ror-tools.js patch --I_UNDERSTAND_AND_ACCEPT_KBN_PATCHING=yes +fi + + if greater_than_or_equal "$KBN_VERSION" "7.9.0"; then + case "${ROR_LICENSE_EDITION:-}" in + ENT) + mv /usr/share/kibana/config/enterprise-ror-newplatform-kibana.yml \ + /usr/share/kibana/config/kibana.yml + ;; + PRO) + mv /usr/share/kibana/config/pro-ror-newplatform-kibana.yml \ + /usr/share/kibana/config/kibana.yml + ;; + FREE) + mv /usr/share/kibana/config/free-ror-newplatform-kibana.yml \ + /usr/share/kibana/config/kibana.yml + ;; + "") + echo "ERROR: ROR_LICENSE_EDITION is not set" >&2 + exit 1 + ;; + *) + echo "ERROR: Unsupported ROR_LICENSE_EDITION='${ROR_LICENSE_EDITION}'" >&2 + exit 2 + ;; + esac + else + mv /usr/share/kibana/config/ror-oldplatform-kibana.yml /usr/share/kibana/config/kibana.yml + rm -rf /usr/share/kibana/optimize # for some reason we have to remove it and let kibana optimize it on startup + fi + +echo "DONE!" \ No newline at end of file diff --git a/ror-demo-cluster/images/reverse-proxy/Dockerfile b/ror-demo-cluster/images/reverse-proxy/Dockerfile new file mode 100644 index 0000000..63d94f5 --- /dev/null +++ b/ror-demo-cluster/images/reverse-proxy/Dockerfile @@ -0,0 +1,28 @@ +# Dockerfile +FROM httpd:2.4 + +# Enable required modules: proxy, balancer, lbmethod, rewrite, headers, slotmem, ssl, wstunnel, socache, cache +RUN sed -i \ + -e 's/^#\(LoadModule slotmem_shm_module modules\/mod_slotmem_shm.so\)/\1/' \ + -e 's/^#\(LoadModule socache_shmcb_module modules\/mod_socache_shmcb.so\)/\1/' \ + -e 's/^#\(LoadModule proxy_module modules\/mod_proxy.so\)/\1/' \ + -e 's/^#\(LoadModule proxy_http_module modules\/mod_proxy_http.so\)/\1/' \ + -e 's/^#\(LoadModule proxy_wstunnel_module modules\/mod_proxy_wstunnel.so\)/\1/' \ + -e 's/^#\(LoadModule proxy_balancer_module modules\/mod_proxy_balancer.so\)/\1/' \ + -e 's/^#\(LoadModule lbmethod_byrequests_module modules\/mod_lbmethod_byrequests.so\)/\1/' \ + -e 's/^#\(LoadModule rewrite_module modules\/mod_rewrite.so\)/\1/' \ + -e 's/^#\(LoadModule headers_module modules\/mod_headers.so\)/\1/' \ + -e 's/^#\(LoadModule ssl_module modules\/mod_ssl.so\)/\1/' \ + /usr/local/apache2/conf/httpd.conf + +RUN echo "ServerName localhost" >> /usr/local/apache2/conf/httpd.conf \ + && echo "Listen 443" >> /usr/local/apache2/conf/httpd.conf + +# Copy vhost and include it +COPY images/reverse-proxy/deva-notix.conf /usr/local/apache2/conf/extra/deva-notix.conf +RUN echo "Include conf/extra/deva-notix.conf" >> /usr/local/apache2/conf/httpd.conf + +# Copy TLS certs (provide server.crt and server.key under images/reverse-proxy/certs) +COPY conf/reverse-proxy/certs/ /usr/local/apache2/conf/certs/ + +EXPOSE 80 443 diff --git a/ror-demo-cluster/images/reverse-proxy/deva-notix.conf b/ror-demo-cluster/images/reverse-proxy/deva-notix.conf new file mode 100644 index 0000000..fedd79a --- /dev/null +++ b/ror-demo-cluster/images/reverse-proxy/deva-notix.conf @@ -0,0 +1,55 @@ + + ServerName localhost + + # Redirect logs to stdout/stderr for Docker + ErrorLog /proc/self/fd/2 + + # Custom log format: timestamp, method, URL, response code, response time, client IP + LogFormat "%t \"%r\" %s %b %D μs - Client: %a - Backend: %{BALANCER_WORKER_ROUTE}e" proxy_format + CustomLog /proc/self/fd/1 proxy_format + + SSLEngine On + SSLCertificateFile "/usr/local/apache2/conf/certs/server.crt" + SSLCertificateKeyFile "/usr/local/apache2/conf/certs/server.key" + SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 + SSLCipherSuite HIGH:!aNULL:!MD5 + SSLHonorCipherOrder On + + Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" + + ProxyPreserveHost On + ProxyRequests Off + + RequestHeader set X-Forwarded-Proto "https" + RequestHeader set X-Forwarded-Host "%{Host}i" + RequestHeader set X-Forwarded-Port "443" + + SSLProxyEngine On + SSLProxyVerify none + SSLProxyCheckPeerName off + SSLProxyCheckPeerCN off + + + Header always set Cache-Control "public, max-age=600" + + + # THIS fixes the CSRF issue caused by browser caching + # + # Header always set Cache-Control "no-store, no-cache, must-revalidate, private" + # Header always set Pragma "no-cache" + # Header always set Expires "0" + # + + + BalancerMember "https://kbn-ror:5601" route=server-1 loadfactor=1 keepalive=On connectiontimeout=10 retry=2 timeout=300 + BalancerMember "https://kbn-ror-2:5601" route=server-2 loadfactor=1 keepalive=On connectiontimeout=10 retry=2 timeout=300 + ProxySet lbmethod=byrequests stickysession=ROUTEID nofailover=Off + + + RewriteEngine On + RewriteRule ^/deva-notix$ /deva-notix/ [R=301,L] + RewriteRule ^/notix$ /deva-notix/ [R=301,L] + RewriteRule ^/deva-notix/(.*)$ balancer://deva-notix/$1 [NC,QSA,P,L] + + Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; Path=/; HttpOnly; SameSite=Lax" env=BALANCER_ROUTE_CHANGED + \ No newline at end of file diff --git a/ror-demo-cluster/readonlyrest_kbn_universal-1.68.0-pre3_es8.18.3.zip b/ror-demo-cluster/readonlyrest_kbn_universal-1.68.0-pre3_es8.18.3.zip new file mode 100644 index 0000000..86f1c6a Binary files /dev/null and b/ror-demo-cluster/readonlyrest_kbn_universal-1.68.0-pre3_es8.18.3.zip differ diff --git a/ror-demo-cluster/run.sh b/ror-demo-cluster/run.sh index 51e7852..fff989b 100755 --- a/ror-demo-cluster/run.sh +++ b/ror-demo-cluster/run.sh @@ -65,10 +65,11 @@ echo -e " case "${ROR_LICENSE_EDITION:-}" in ENT) - echo -e "You can access ROR KBN here: https://localhost:15601 (login via 'Keycloak' button; users: 'extUser1:extUser1', 'extUser2:extUser2').\nKeycloak admin console: http://kc.localhost:8080/admin (admin:admin)" + echo -e "You can access ROR KBN via proxy here: https://localhost:8443/deva-notix (admin:admin) (login via 'Keycloak' button; users: 'extUser1:extUser1', 'extUser2:extUser2').\nKeycloak admin console: http://kc.localhost:8080/admin (admin:admin)" + ;; PRO|FREE) - echo -e "You can access ROR KBN here: https://localhost:15601" + echo -e "You can access ROR KBN via proxy : https://localhost:8443/deva-notix (admin:admin)" ;; *) ;;