-
Notifications
You must be signed in to change notification settings - Fork 20
/
Copy pathcertificates_elasticsearch.env
48 lines (36 loc) · 2.09 KB
/
certificates_elasticsearch.env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
########## general ES variables ##########
ES_CERTIFICATE_TIME_VALIDITY_IN_DAYS=730
ES_KEY_SIZE=4096
ES_CERTIFICATE_PASSWORD="cogstackNifi"
# used in create_keystore.sh for OpenSearch keystore, can also be used independently
KEYSTORE_PASSWORD="cogstackNifi"
########## Elasticsearch native variables ##########
# Set this variable in order to add more hostnames to the dns approved instances
# the syntax must be : export ES_HOSTNAMES="- example1.com
#- example2.com
#- example3.com
#"
# EXACTLY IN THIS FORMAT(no extra chars at the start of the line), otherwise you will get parse errors.
ES_HOSTNAMES="- elasticsearch-1
- elasticsearch-2
- elasticsearch-3
"
# these instance names are used in ./security/es_native_cert_generator.sh
# also used in services.yml to determine the certificate paths.
# usually have the same values of ELASTICSEARCH_NODE_1_NAME but can be different
ES_INSTANCE_NAME_1=elasticsearch-1
ES_INSTANCE_NAME_2=elasticsearch-2
ES_INSTANCE_NAME_3=elasticsearch-3
ES_INSTANCE_ALTERNATIVE_1_NAME=elasticsearch-1-dev
ES_INSTANCE_ALTERNATIVE_2_NAME=elasticsearch-2-dev
ES_INSTANCE_ALTERNATIVE_3_NAME=elasticsearch-3-dev
########## OpenSearch variables ##########
# this should not be changed, unless you want multiple certificates under different file names
ES_CLIENT_CERT_NAME="es_kibana_client"
ES_CLIENT_SUBJ_LINE="/C=UK/ST=UK/L=UK/O=cogstack/OU=cogstack/CN=CLIENT"
ES_CLIENT_SUBJ_ALT_NAMES="subjectAltName=DNS:kibana,DNS:elasticsearch-3,DNS:elasticsearch-1,DNS:elasticsearch-2,DNS:elasticsearch-node-2,DNS:nifi,DNS:cogstack"
ES_ADMIN_SUBJ_LINE="/C=UK/ST=UK/L=UK/O=cogstack/OU=cogstack/CN=ADMIN"
# the CN=$cert_name gets appended within the script, example: ES_NODE_SUBJ_LINE=${ES_NODE_SUBJ_LINE}"/CN=$cert_name"
ES_NODE_SUBJ_LINE="/C=UK/ST=UK/L=UK/O=cogstack/OU=cogstack"
# subjectAltName=$cert_name gets appended within the script, example ES_NODE_SUBJ_ALT_NAMES="subjectAltName=DNS:$cert_name,"${ES_NODE_SUBJ_ALT_NAMES}
ES_NODE_SUBJ_ALT_NAMES="DNS:elasticsearch-cogstack-node-1,DNS:elasticsearch-2,DNS:elasticsearch-node-1,DNS:elasticsearch-node-2,DNS:elasticsearch-cogstack-node-2,DNS:nifi,DNS:cogstack"