├── .gitignore ├── LICENSE ├── README.md ├── elastic-stack.yml ├── ops-files ├── aws │ ├── cloud-config-add-elasticsearch-elb.yml │ └── cloud-config-add-logstash-elb.yml ├── azs.yml ├── azure │ ├── cloud-config-add-elasticsearch-azure-lb.yml │ ├── cloud-config-add-logstash-azure-lb.yml │ ├── elasticsearch-add-public-ip.yml │ ├── kibana-add-public-ip.yml │ └── logstash-add-public-ip.yml ├── curator-cron.yml ├── curator.yml ├── disk_types.yml ├── elastalert-rule-monitor-error-log.yml ├── elastalert-smtp-auth.yml ├── elastalert.yml ├── elasticsearch-add-data-nodes.yml ├── elasticsearch-add-lb.yml ├── elasticsearch-add-plugins-data.yml ├── elasticsearch-add-plugins-master.yml ├── elasticsearch-allow-ingest.yml ├── elasticsearch-data-heapsize.yml ├── elasticsearch-https-and-basic-auth.yml ├── elasticsearch-master-heapsize.yml ├── elasticsearch-migrate-6.7-to-7.yml ├── elasticsearch-share-link.yml ├── instances.yml ├── kibana-add-lb.yml ├── kibana-elasticsearch-basic-auth.yml ├── kibana-elasticsearch-https.yml ├── kibana-https-and-basic-auth.yml ├── logstash-add-lb.yml ├── logstash-consume-from-elasticsearch-data-node.yml ├── logstash-elasticsearch-basic-auth.yml ├── logstash-elasticsearch-https.yml ├── logstash-heapsize.yml ├── logstash-persistent-queue.yml ├── logstash-readiness-probe.yml ├── logstash-tls.yml ├── networks.yml ├── remove-logstash.yml ├── use-latest-version.yml └── vm_types.yml └── versions.yml /.gitignore: -------------------------------------------------------------------------------- 1 | deploy-elastic-stack.sh 2 | logstash.conf 3 | .DS_Store 4 | es-creds.yml -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2019 Toshiaki Maki 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Elastic Stack BOSH deployment 2 | 3 | * Elastic Stack 7.0.x => [`master`](https://github.com/bosh-elastic-stack/elastic-stack-bosh-deployment/tree/master) branch 4 | * Elastic Stack 6.7.x => [`6.7.x`](https://github.com/bosh-elastic-stack/elastic-stack-bosh-deployment/tree/6.7.x) branch 5 | 6 | If you plan to migrate from previous version to this version, 7 | * Make sure you are running Elasticsearch 6.7.x (use [`6.7.x`](https://github.com/bosh-elastic-stack/elastic-stack-bosh-deployment/tree/6.7.x) branch or [`6.7.1_2019-04-05`](https://github.com/bosh-elastic-stack/elastic-stack-bosh-deployment/tree/6.7.1_2019-04-05) tag) 8 | * Set `elasticsearch.migrate_6_to_7` property to `true` (Use [`ops-files/elasticsearch-migrate-6.7-to-7.yml`](ops-files/elasticsearch-migrate-6.7-to-7.yml)) 9 | 10 | ### Minimal Deployment 11 | 12 | ``` 13 | cat < logstash.conf 14 | input { 15 | tcp { 16 | port => 5514 17 | } 18 | } 19 | output { 20 | stdout { 21 | codec => json_lines 22 | } 23 | elasticsearch { 24 | hosts => __ES_HOSTS__ 25 | index => "logstash-%{+YYYY.MM.dd}" 26 | } 27 | } 28 | EOF 29 | ``` 30 | 31 | ``` 32 | bosh -d elastic-stack deploy elastic-stack.yml \ 33 | -l versions.yml \ 34 | --var-file logstash.conf=logstash.conf \ 35 | --no-redact 36 | ``` 37 | 38 | ### Clustered Deployment 39 | 40 | ``` 41 | bosh -d elastic-stack deploy elastic-stack.yml \ 42 | -l versions.yml \ 43 | -o ops-files/vm_types.yml \ 44 | -o ops-files/disk_types.yml \ 45 | -o ops-files/instances.yml \ 46 | -o ops-files/networks.yml \ 47 | -o ops-files/azs.yml \ 48 | -o ops-files/elasticsearch-add-lb.yml \ 49 | -o ops-files/elasticsearch-add-data-nodes.yml \ 50 | -o ops-files/elasticsearch-add-plugins-master.yml \ 51 | -o ops-files/elasticsearch-add-plugins-data.yml \ 52 | -o ops-files/logstash-add-lb.yml \ 53 | -o ops-files/logstash-readiness-probe.yml \ 54 | -o ops-files/kibana-https-and-basic-auth.yml \ 55 | -o ops-files/kibana-add-lb.yml \ 56 | --var-file logstash.conf=logstash.conf \ 57 | -v elasticsearch_master_instances=3 \ 58 | -v elasticsearch_master_vm_type=minimal \ 59 | -v elasticsearch_master_disk_type=5120 \ 60 | -v elasticsearch_master_network=default \ 61 | -v elasticsearch_master_azs="[z1, z2, z3]" \ 62 | -v elasticsearch_data_instances=2 \ 63 | -v elasticsearch_data_vm_type=minimal \ 64 | -v elasticsearch_data_disk_type=5120 \ 65 | -v elasticsearch_data_network=default \ 66 | -v elasticsearch_data_azs="[z1, z2, z3]" \ 67 | -v logstash_instances=2 \ 68 | -v logstash_vm_type=minimal \ 69 | -v logstash_disk_type=5120 \ 70 | -v logstash_network=default \ 71 | -v logstash_azs="[z1, z2, z3]" \ 72 | -v logstash_readiness_probe_http_port=0 \ 73 | -v logstash_readiness_probe_tcp_port=5514 \ 74 | -v kibana_instances=1 \ 75 | -v kibana_vm_type=minimal \ 76 | -v kibana_network=default \ 77 | -v kibana_azs="[z1, z2, z3]" \ 78 | --no-redact 79 | ``` 80 | 81 | ### TLS / HTTPS / Basic Authentication 82 | 83 | ![image](https://user-images.githubusercontent.com/106908/43011350-20e6e348-8c7e-11e8-8110-e3c7211d56fe.png) 84 | 85 | ``` 86 | cat < logstash.conf 87 | input { 88 | tcp { 89 | port => 5514 90 | ssl_enable => true 91 | ssl_cert => "/var/vcap/jobs/logstash/config/tls.crt" 92 | ssl_key => "/var/vcap/jobs/logstash/config/tls.key" 93 | ssl_verify => false 94 | } 95 | } 96 | output { 97 | stdout { 98 | codec => json_lines 99 | } 100 | elasticsearch { 101 | hosts => __ES_HOSTS__ 102 | user => "__ES_USERNAME__" 103 | password => "__ES_PASSWORD__" 104 | index => "logstash-%{+YYYY.MM.dd}" 105 | ssl_certificate_verification => false 106 | } 107 | } 108 | EOF 109 | ``` 110 | 111 | ``` 112 | bosh -d elastic-stack deploy elastic-stack.yml \ 113 | -l versions.yml \ 114 | -o ops-files/vm_types.yml \ 115 | -o ops-files/disk_types.yml \ 116 | -o ops-files/instances.yml \ 117 | -o ops-files/networks.yml \ 118 | -o ops-files/azs.yml \ 119 | -o ops-files/elasticsearch-add-plugins-master.yml \ 120 | -o ops-files/elasticsearch-https-and-basic-auth.yml \ 121 | -o ops-files/logstash-readiness-probe.yml \ 122 | -o ops-files/logstash-tls.yml \ 123 | -o ops-files/logstash-elasticsearch-https.yml \ 124 | -o ops-files/logstash-elasticsearch-basic-auth.yml \ 125 | -o ops-files/kibana-https-and-basic-auth.yml \ 126 | -o ops-files/kibana-elasticsearch-https.yml \ 127 | -o ops-files/kibana-elasticsearch-basic-auth.yml \ 128 | --var-file logstash.conf=logstash.conf \ 129 | -v elasticsearch_master_instances=1 \ 130 | -v elasticsearch_master_vm_type=small \ 131 | -v elasticsearch_master_disk_type=10GB \ 132 | -v elasticsearch_master_network=default \ 133 | -v elasticsearch_master_azs="[z1, z2, z3]" \ 134 | -v elasticsearch_data_instances=1 \ 135 | -v elasticsearch_data_vm_type=small \ 136 | -v elasticsearch_data_disk_type=5GB \ 137 | -v elasticsearch_data_network=default \ 138 | -v elasticsearch_data_azs="[z1, z2, z3]" \ 139 | -v elasticsearch_username=admin \ 140 | -v logstash_instances=1 \ 141 | -v logstash_vm_type=minimal \ 142 | -v logstash_disk_type=default \ 143 | -v logstash_network=default \ 144 | -v logstash_azs="[z1, z2, z3]" \ 145 | -v logstash_readiness_probe_http_port=0 \ 146 | -v logstash_readiness_probe_tcp_port=5514 \ 147 | -v kibana_instances=1 \ 148 | -v kibana_vm_type=minimal \ 149 | -v kibana_network=default \ 150 | -v kibana_azs="[z1, z2, z3]" \ 151 | -v kibana_username=admin \ 152 | -v kibana_elasticsearch_ssl_verification_mode=none \ 153 | --no-redact \ 154 | --vars-store=es-creds.yml \ 155 | ``` 156 | -------------------------------------------------------------------------------- /elastic-stack.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: elastic-stack 3 | releases: 4 | - name: elasticsearch 5 | version: ((elasticsearch_version)) 6 | url: https://github.com/bosh-elastic-stack/elasticsearch-boshrelease/releases/download/((elasticsearch_version))/elasticsearch-boshrelease-((elasticsearch_version)).tgz 7 | sha1: ((elasticsearch_sha1)) 8 | - name: logstash 9 | version: ((logstash_version)) 10 | url: https://github.com/bosh-elastic-stack/logstash-boshrelease/releases/download/((logstash_version))/logstash-boshrelease-((logstash_version)).tgz 11 | sha1: ((logstash_sha1)) 12 | - name: kibana 13 | version: ((kibana_version)) 14 | url: https://github.com/bosh-elastic-stack/kibana-boshrelease/releases/download/((kibana_version))/kibana-boshrelease-((kibana_version)).tgz 15 | sha1: ((kibana_sha1)) 16 | - name: openjdk 17 | version: ((openjdk_version)) 18 | url: https://github.com/making/openjdk-boshrelease/releases/download/((openjdk_version))/openjdk-boshrelease-((openjdk_version)).tgz 19 | sha1: ((openjdk_sha1)) 20 | 21 | stemcells: 22 | - os: ubuntu-xenial 23 | alias: xenial 24 | version: latest 25 | 26 | instance_groups: 27 | - name: elasticsearch-master 28 | jobs: 29 | - name: java 30 | release: openjdk 31 | - name: elasticsearch 32 | release: elasticsearch 33 | properties: 34 | elasticsearch: 35 | node: 36 | allow_master: true 37 | allow_data: true 38 | provides: 39 | elasticsearch: 40 | as: elasticsearch-master 41 | consumes: 42 | elasticsearch: 43 | from: elasticsearch-master 44 | instances: 1 45 | stemcell: xenial 46 | update: 47 | max_in_flight: 1 48 | serial: true 49 | azs: 50 | - z1 51 | - z2 52 | - z3 53 | vm_type: default 54 | persistent_disk_type: default 55 | networks: 56 | - name: default 57 | - name: logstash 58 | jobs: 59 | - name: java 60 | release: openjdk 61 | - name: logstash 62 | release: logstash 63 | properties: 64 | logstash: 65 | pipelines: 66 | - name: bosh 67 | config: 68 | all: ((logstash.conf)) 69 | consumes: 70 | elasticsearch: 71 | from: elasticsearch-master 72 | instances: 1 73 | stemcell: xenial 74 | azs: 75 | - z1 76 | - z2 77 | - z3 78 | vm_type: default 79 | persistent_disk_type: default 80 | networks: 81 | - name: default 82 | - name: kibana 83 | jobs: 84 | - name: kibana 85 | release: kibana 86 | properties: 87 | kibana: 88 | memory_limit: 30 89 | consumes: 90 | elasticsearch: 91 | from: elasticsearch-master 92 | instances: 1 93 | stemcell: xenial 94 | update: 95 | max_in_flight: 1 96 | serial: true 97 | azs: 98 | - z1 99 | - z2 100 | - z3 101 | vm_type: default 102 | networks: 103 | - name: default 104 | update: 105 | canaries: 1 106 | max_in_flight: 3 107 | canary_watch_time: 30000-600000 108 | update_watch_time: 5000-600000 109 | -------------------------------------------------------------------------------- /ops-files/aws/cloud-config-add-elasticsearch-elb.yml: -------------------------------------------------------------------------------- 1 | # bosh update-cloud-config <(bosh cloud-config) -o manifest/cloud-config-add-elasticsearch-elb.yml -v elasticsearch_lb_name=${LB_NAME} 2 | - type: replace 3 | path: /vm_extensions/name=elasticsearch-lb? 4 | value: 5 | name: elasticsearch-lb 6 | cloud_properties: 7 | elbs: 8 | - ((elasticsearch_lb_name)) 9 | -------------------------------------------------------------------------------- /ops-files/aws/cloud-config-add-logstash-elb.yml: -------------------------------------------------------------------------------- 1 | # bosh update-cloud-config <(bosh cloud-config) -o ops-files/cloud-config-add-logstash-elb.yml -v logstash_lb_name=${LB_NAME} 2 | - type: replace 3 | path: /vm_extensions/logstash=-lb? 4 | value: 5 | name: logstash-lb 6 | cloud_properties: 7 | elbs: 8 | - ((logstash_lb_name)) 9 | -------------------------------------------------------------------------------- /ops-files/azs.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=elasticsearch-master/azs 3 | value: ((elasticsearch_master_azs)) 4 | - type: replace 5 | path: /instance_groups/name=logstash/azs 6 | value: ((logstash_azs)) 7 | - type: replace 8 | path: /instance_groups/name=kibana/azs 9 | value: ((kibana_azs)) -------------------------------------------------------------------------------- /ops-files/azure/cloud-config-add-elasticsearch-azure-lb.yml: -------------------------------------------------------------------------------- 1 | # bosh update-cloud-config <(bosh cloud-config) -o manifest/cloud-config-add-elasticsearch-azure-lb.yml -v elasticsearch_lb_name=${LB_NAME} 2 | - type: replace 3 | path: /vm_extensions?/name=elasticsearch-lb? 4 | value: 5 | name: elasticsearch-lb 6 | cloud_properties: 7 | load_balancer: ((elasticsearch_lb)) 8 | -------------------------------------------------------------------------------- /ops-files/azure/cloud-config-add-logstash-azure-lb.yml: -------------------------------------------------------------------------------- 1 | # bosh update-cloud-config <(bosh cloud-config) -o ops-files/cloud-config-add-logstash-azure-lb.yml -v logstash_lb_name=${LB_NAME} 2 | - type: replace 3 | path: /vm_extensions/logstash=-lb? 4 | value: 5 | name: logstash-lb 6 | cloud_properties: 7 | load_balancer: ((logstash_lb_name)) 8 | -------------------------------------------------------------------------------- /ops-files/azure/elasticsearch-add-public-ip.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=elasticsearch-master/networks/0/default? 3 | value: 4 | - dns 5 | - gateway 6 | 7 | - type: replace 8 | path: /instance_groups/name=elasticsearch-master/networks/- 9 | value: 10 | name: public 11 | static_ips: 12 | - ((elasticsearch_master_external_ip)) 13 | -------------------------------------------------------------------------------- /ops-files/azure/kibana-add-public-ip.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=kibana/networks/0/default? 3 | value: 4 | - dns 5 | - gateway 6 | 7 | - type: replace 8 | path: /instance_groups/name=kibana/networks/- 9 | value: 10 | name: public 11 | static_ips: 12 | - ((kibana_external_ip)) 13 | -------------------------------------------------------------------------------- /ops-files/azure/logstash-add-public-ip.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=logstash/networks/0/default? 3 | value: 4 | - dns 5 | - gateway 6 | 7 | - type: replace 8 | path: /instance_groups/name=logstash/networks/- 9 | value: 10 | name: public 11 | static_ips: 12 | - ((logstash_external_ip)) 13 | -------------------------------------------------------------------------------- /ops-files/curator-cron.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/- 3 | value: 4 | name: cron 5 | version: ((cron_version)) 6 | url: https://bosh.io/d/github.com/cloudfoundry-community/cron-boshrelease?v=((cron_version)) 7 | sha1: ((cron_sha1)) 8 | 9 | - type: replace 10 | path: /instance_groups/name=kibana/jobs/- 11 | value: 12 | name: cron 13 | release: cron 14 | properties: 15 | cron: 16 | entries: 17 | - command: /var/vcap/jobs/curator/bin/run >> /var/vcap/sys/log/cron/curator.log 18 | minute: '0' 19 | hour: '0' 20 | day: '*' 21 | month: '*' 22 | wday: '*' 23 | user: vcap -------------------------------------------------------------------------------- /ops-files/curator.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/- 3 | value: 4 | name: curator 5 | version: ((curator_version)) 6 | url: https://github.com/bosh-elastic-stack/curator-boshrelease/releases/download/((curator_version))/curator-boshrelease-((curator_version)).tgz 7 | sha1: ((curator_sha1)) 8 | 9 | - type: replace 10 | path: /instance_groups/name=kibana/jobs/- 11 | value: 12 | name: curator 13 | release: curator 14 | lifecycle: errand 15 | properties: 16 | curator: 17 | actions: ((curator_actions)) 18 | -------------------------------------------------------------------------------- /ops-files/disk_types.yml: -------------------------------------------------------------------------------- 1 | - type: remove 2 | path: /instance_groups/name=elasticsearch-master/persistent_disk? 3 | - type: replace 4 | path: /instance_groups/name=elasticsearch-master/persistent_disk_type? 5 | value: ((elasticsearch_master_disk_type)) 6 | - type: remove 7 | path: /instance_groups/name=logstash/persistent_disk? 8 | - type: replace 9 | path: /instance_groups/name=logstash/persistent_disk_type? 10 | value: ((logstash_disk_type)) 11 | -------------------------------------------------------------------------------- /ops-files/elastalert-rule-monitor-error-log.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=kibana/jobs/name=elastalert/properties?/elastalert?/rules?/- 3 | value: 4 | name: monitor-error-log 5 | type: frequency 6 | index: logstash-* 7 | num_events: 3 8 | timeframe: 9 | minutes: 10 10 | filter: 11 | - query: 12 | query_string: 13 | query: "log:(ERROR)" 14 | alert: 15 | - slack 16 | slack_webhook_url: ((slack_webhook_url)) 17 | -------------------------------------------------------------------------------- /ops-files/elastalert-smtp-auth.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=kibana/jobs/name=elastalert/properties?/elastalert?/smtp_user? 3 | value: ((smtp_user)) 4 | 5 | - type: replace 6 | path: /instance_groups/name=kibana/jobs/name=elastalert/properties?/elastalert?/smtp_password? 7 | value: ((smtp_password)) 8 | -------------------------------------------------------------------------------- /ops-files/elastalert.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/- 3 | value: 4 | name: elastalert 5 | version: ((elastalert_version)) 6 | url: https://github.com/bosh-elastic-stack/elastalert-boshrelease/releases/download/((elastalert_version))/elastalert-boshrelease-((elastalert_version)).tgz 7 | sha1: ((elastalert_sha1)) 8 | - type: replace 9 | path: /instance_groups/name=kibana/jobs/- 10 | value: 11 | name: elastalert 12 | release: elastalert 13 | -------------------------------------------------------------------------------- /ops-files/elasticsearch-add-data-nodes.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=elasticsearch-master/jobs/name=elasticsearch/properties/elasticsearch/node/allow_data 3 | value: false 4 | 5 | - type: replace 6 | path: /instance_groups/name=elasticsearch-master:after 7 | value: 8 | name: elasticsearch-data 9 | jobs: 10 | - name: java 11 | release: openjdk 12 | - name: elasticsearch 13 | release: elasticsearch 14 | consumes: 15 | elasticsearch: 16 | from: elasticsearch-master 17 | properties: 18 | elasticsearch: 19 | node: 20 | allow_master: false 21 | allow_data: true 22 | instances: ((elasticsearch_data_instances)) 23 | stemcell: xenial 24 | update: 25 | max_in_flight: 1 26 | serial: true 27 | azs: ((elasticsearch_data_azs)) 28 | vm_type: ((elasticsearch_data_vm_type)) 29 | persistent_disk_type: ((elasticsearch_data_disk_type)) 30 | networks: 31 | - name: ((elasticsearch_data_network)) 32 | -------------------------------------------------------------------------------- /ops-files/elasticsearch-add-lb.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=elasticsearch-master/vm_extensions?/- 3 | value: elasticsearch-lb 4 | -------------------------------------------------------------------------------- /ops-files/elasticsearch-add-plugins-data.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=elasticsearch-data/jobs/name=elasticsearch/properties/elasticsearch/plugins?/- 3 | value: 4 | analysis-kuromoji: /var/vcap/packages/analysis-kuromoji/analysis-kuromoji.zip 5 | - type: replace 6 | path: /instance_groups/name=elasticsearch-data/jobs/name=elasticsearch/properties/elasticsearch/plugins?/- 7 | value: 8 | epository-s3: /var/vcap/packages/repository-s3/repository-s3.zip 9 | - type: replace 10 | path: /instance_groups/name=elasticsearch-data/jobs/name=elasticsearch/properties/elasticsearch/plugins?/- 11 | value: 12 | repository-gcs: /var/vcap/packages/repository-gcs/repository-gcs.zip 13 | - type: replace 14 | path: /instance_groups/name=elasticsearch-data/jobs/name=elasticsearch/properties/elasticsearch/plugins?/- 15 | value: 16 | repository-azure: /var/vcap/packages/repository-azure/repository-azure.zip 17 | - type: replace 18 | path: /instance_groups/name=elasticsearch-data/jobs/name=elasticsearch/properties/elasticsearch/plugin_install_opts? 19 | value: 20 | - --batch 21 | - type: replace 22 | path: /instance_groups/name=elasticsearch-data/jobs/- 23 | value: 24 | name: analysis-kuromoji 25 | release: elasticsearch 26 | - type: replace 27 | path: /instance_groups/name=elasticsearch-data/jobs/- 28 | value: 29 | name: repository-s3 30 | release: elasticsearch 31 | - type: replace 32 | path: /instance_groups/name=elasticsearch-data/jobs/- 33 | value: 34 | name: repository-gcs 35 | release: elasticsearch 36 | - type: replace 37 | path: /instance_groups/name=elasticsearch-data/jobs/- 38 | value: 39 | name: repository-azure 40 | release: elasticsearch -------------------------------------------------------------------------------- /ops-files/elasticsearch-add-plugins-master.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=elasticsearch-master/jobs/name=elasticsearch/properties/elasticsearch/plugins?/- 3 | value: 4 | analysis-kuromoji: /var/vcap/packages/analysis-kuromoji/analysis-kuromoji.zip 5 | - type: replace 6 | path: /instance_groups/name=elasticsearch-master/jobs/name=elasticsearch/properties/elasticsearch/plugins?/- 7 | value: 8 | epository-s3: /var/vcap/packages/repository-s3/repository-s3.zip 9 | - type: replace 10 | path: /instance_groups/name=elasticsearch-master/jobs/name=elasticsearch/properties/elasticsearch/plugins?/- 11 | value: 12 | repository-gcs: /var/vcap/packages/repository-gcs/repository-gcs.zip 13 | - type: replace 14 | path: /instance_groups/name=elasticsearch-master/jobs/name=elasticsearch/properties/elasticsearch/plugins?/- 15 | value: 16 | repository-azure: /var/vcap/packages/repository-azure/repository-azure.zip 17 | - type: replace 18 | path: /instance_groups/name=elasticsearch-master/jobs/name=elasticsearch/properties/elasticsearch/plugin_install_opts? 19 | value: 20 | - --batch 21 | - type: replace 22 | path: /instance_groups/name=elasticsearch-master/jobs/- 23 | value: 24 | name: analysis-kuromoji 25 | release: elasticsearch 26 | - type: replace 27 | path: /instance_groups/name=elasticsearch-master/jobs/- 28 | value: 29 | name: repository-s3 30 | release: elasticsearch 31 | - type: replace 32 | path: /instance_groups/name=elasticsearch-master/jobs/- 33 | value: 34 | name: repository-gcs 35 | release: elasticsearch 36 | - type: replace 37 | path: /instance_groups/name=elasticsearch-master/jobs/- 38 | value: 39 | name: repository-azure 40 | release: elasticsearch -------------------------------------------------------------------------------- /ops-files/elasticsearch-allow-ingest.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=elasticsearch-master/jobs/name=elasticsearch/properties/elasticsearch/node?/allow_ingest 3 | value: true -------------------------------------------------------------------------------- /ops-files/elasticsearch-data-heapsize.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=elasticsearch-data/jobs/name=elasticsearch/properties/elasticsearch/heap_size? 3 | value: ((elasticsearch_heapsize)) -------------------------------------------------------------------------------- /ops-files/elasticsearch-https-and-basic-auth.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/name=nginx? 3 | value: 4 | name: nginx 5 | version: ((nginx_version)) 6 | url: https://bosh.io/d/github.com/cloudfoundry-community/nginx-release?v=((nginx_version)) 7 | sha1: ((nginx_sha1))) 8 | 9 | - type: replace 10 | path: /instance_groups/name=elasticsearch-master/jobs/name=nginx? 11 | value: 12 | name: nginx 13 | release: nginx 14 | properties: 15 | pre_start: | 16 | #!/bin/bash 17 | JOB_NAME=nginx 18 | BASE_DIR=/var/vcap 19 | JOB_DIR=$BASE_DIR/jobs/$JOB_NAME 20 | CONFIG_DIR=$JOB_DIR/etc 21 | USER="((elasticsearch_username))" 22 | PASS="((elasticsearch_password))" 23 | echo "${USER}:$(echo "${PASS}" | openssl passwd -apr1 -stdin)" > ${CONFIG_DIR}/htpasswd.conf 24 | ssl_key: ((nginx.private_key)) 25 | ssl_chained_cert: ((nginx.certificate)) 26 | nginx_conf: | 27 | user nobody vcap; # group vcap can read /var/vcap/jobs 28 | worker_processes 1; 29 | error_log /var/vcap/sys/log/nginx/error.log warn; 30 | events { 31 | worker_connections 1024; 32 | } 33 | http { 34 | access_log /var/vcap/sys/log/nginx/access.log; 35 | server { 36 | listen 80; 37 | return 301 https://$host$request_uri; 38 | } 39 | server { 40 | listen 443 default_server ssl; 41 | ssl on; 42 | ssl_certificate /var/vcap/jobs/nginx/etc/ssl_chained.crt.pem; 43 | ssl_certificate_key /var/vcap/jobs/nginx/etc/ssl.key.pem; 44 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 45 | 46 | location / { 47 | proxy_pass_request_headers on; 48 | proxy_pass http://localhost:9200; 49 | proxy_set_header X-Real-IP $remote_addr; 50 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 51 | proxy_set_header Host $host; 52 | proxy_http_version 1.1; 53 | proxy_set_header Connection ""; 54 | proxy_buffering off; 55 | client_max_body_size 0; 56 | proxy_read_timeout 36000s; 57 | proxy_redirect off; 58 | } 59 | 60 | auth_basic "Elasticsearch Basic Auth"; 61 | auth_basic_user_file /var/vcap/jobs/nginx/etc/htpasswd.conf; 62 | } 63 | } 64 | 65 | - type: replace 66 | path: /instance_groups/name=elasticsearch-master/jobs/name=elasticsearch/properties/elasticsearch/client? 67 | value: 68 | protocol: https 69 | port: 443 70 | username: ((elasticsearch_username)) 71 | password: ((elasticsearch_password)) 72 | 73 | - type: replace 74 | path: /variables?/name=elasticsearch_password? 75 | value: 76 | name: elasticsearch_password 77 | type: password 78 | 79 | - type: replace 80 | path: /variables?/name=nginx_ca? 81 | value: 82 | name: nginx_ca 83 | type: certificate 84 | options: 85 | is_ca: true 86 | common_name: nginx_ca 87 | 88 | - type: replace 89 | path: /variables?/name=nginx? 90 | value: 91 | name: nginx 92 | type: certificate 93 | options: 94 | ca: nginx_ca 95 | common_name: 127.0.0.1 96 | alternative_names: 97 | - "*.sslip.io" 98 | - "*.ap-northeast-1.elb.amazonaws.com" 99 | - "*.japaneast.cloudapp.azure.com" 100 | - "*.elasticsearch-master.default.elastic-stack.bosh" 101 | -------------------------------------------------------------------------------- /ops-files/elasticsearch-master-heapsize.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=elasticsearch-master/jobs/name=elasticsearch/properties/elasticsearch/heap_size? 3 | value: ((elasticsearch_heapsize)) -------------------------------------------------------------------------------- /ops-files/elasticsearch-migrate-6.7-to-7.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=elasticsearch-master/jobs/name=elasticsearch/properties/elasticsearch/migrate_6_to_7? 3 | value: true 4 | -------------------------------------------------------------------------------- /ops-files/elasticsearch-share-link.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=elasticsearch-master/jobs/name=elasticsearch/provides/elasticsearch/shared? 3 | value: true 4 | -------------------------------------------------------------------------------- /ops-files/instances.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=elasticsearch-master/instances 3 | value: ((elasticsearch_master_instances)) 4 | - type: replace 5 | path: /instance_groups/name=logstash/instances 6 | value: ((logstash_instances)) 7 | - type: replace 8 | path: /instance_groups/name=kibana/instances 9 | value: ((kibana_instances)) -------------------------------------------------------------------------------- /ops-files/kibana-add-lb.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=kibana/vm_extensions?/- 3 | value: kibana-lb 4 | -------------------------------------------------------------------------------- /ops-files/kibana-elasticsearch-basic-auth.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=kibana/jobs/name=kibana/properties/kibana?/elasticsearch?/username? 3 | value: ((elasticsearch_username)) 4 | - type: replace 5 | path: /instance_groups/name=kibana/jobs/name=kibana/properties/kibana?/elasticsearch?/password? 6 | value: ((elasticsearch_password)) 7 | -------------------------------------------------------------------------------- /ops-files/kibana-elasticsearch-https.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=kibana/jobs/name=kibana/properties/kibana?/elasticsearch?/protocol? 3 | value: https 4 | - type: replace 5 | path: /instance_groups/name=kibana/jobs/name=kibana/properties/kibana?/elasticsearch?/port? 6 | value: "443" 7 | - type: replace 8 | path: /instance_groups/name=kibana/jobs/name=kibana/properties/kibana?/elasticsearch?/ssl?/verificationMode? 9 | value: ((kibana_elasticsearch_ssl_verification_mode)) 10 | -------------------------------------------------------------------------------- /ops-files/kibana-https-and-basic-auth.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/name=nginx? 3 | value: 4 | name: nginx 5 | version: ((nginx_version)) 6 | url: https://bosh.io/d/github.com/cloudfoundry-community/nginx-release?v=((nginx_version)) 7 | sha1: ((nginx_sha1)) 8 | 9 | - type: replace 10 | path: /instance_groups/name=kibana/jobs/name=nginx? 11 | value: 12 | name: nginx 13 | release: nginx 14 | properties: 15 | pre_start: | 16 | #!/bin/bash 17 | JOB_NAME=nginx 18 | BASE_DIR=/var/vcap 19 | JOB_DIR=$BASE_DIR/jobs/$JOB_NAME 20 | CONFIG_DIR=$JOB_DIR/etc 21 | USER="((kibana_username))" 22 | PASS="((kibana_password))" 23 | echo "${USER}:$(echo "${PASS}" | openssl passwd -apr1 -stdin)" > ${CONFIG_DIR}/htpasswd.conf 24 | ssl_key: ((nginx.private_key)) 25 | ssl_chained_cert: ((nginx.certificate)) 26 | nginx_conf: | 27 | user nobody vcap; # group vcap can read /var/vcap/jobs 28 | worker_processes 1; 29 | error_log /var/vcap/sys/log/nginx/error.log warn; 30 | events { 31 | worker_connections 1024; 32 | } 33 | http { 34 | access_log /var/vcap/sys/log/nginx/access.log; 35 | server { 36 | listen 80; 37 | return 301 https://$host$request_uri; 38 | } 39 | server { 40 | listen 443 default_server ssl; 41 | ssl on; 42 | ssl_certificate /var/vcap/jobs/nginx/etc/ssl_chained.crt.pem; 43 | ssl_certificate_key /var/vcap/jobs/nginx/etc/ssl.key.pem; 44 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 45 | 46 | location / { 47 | proxy_pass_request_headers on; 48 | proxy_pass http://localhost:5601; 49 | proxy_set_header X-Real-IP $remote_addr; 50 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 51 | proxy_set_header Host $host; 52 | proxy_set_header Authorization ""; 53 | proxy_http_version 1.1; 54 | proxy_set_header Connection ""; 55 | proxy_buffering off; 56 | proxy_buffer_size 8k; 57 | client_max_body_size 0; 58 | proxy_read_timeout 36000s; 59 | proxy_redirect off; 60 | } 61 | 62 | auth_basic "Kibana Basic Auth"; 63 | auth_basic_user_file /var/vcap/jobs/nginx/etc/htpasswd.conf; 64 | } 65 | } 66 | 67 | - type: replace 68 | path: /variables?/name=kibana_password? 69 | value: 70 | name: kibana_password 71 | type: password 72 | 73 | - type: replace 74 | path: /variables?/name=nginx_ca? 75 | value: 76 | name: nginx_ca 77 | type: certificate 78 | options: 79 | is_ca: true 80 | common_name: nginx_ca 81 | 82 | - type: replace 83 | path: /variables?/name=nginx? 84 | value: 85 | name: nginx 86 | type: certificate 87 | options: 88 | ca: nginx_ca 89 | common_name: 127.0.0.1 90 | alternative_names: 91 | - "*.sslip.io" 92 | - "*.ap-northeast-1.elb.amazonaws.com" 93 | - "*.japaneast.cloudapp.azure.com" 94 | - "*.kibana.default.elastic-stack.bosh" 95 | -------------------------------------------------------------------------------- /ops-files/logstash-add-lb.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=logstash/vm_extensions?/- 3 | value: logstash-lb 4 | -------------------------------------------------------------------------------- /ops-files/logstash-consume-from-elasticsearch-data-node.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=logstash/jobs/name=logstash/consumes/elasticsearch/from 3 | value: elasticsearch-data 4 | -------------------------------------------------------------------------------- /ops-files/logstash-elasticsearch-basic-auth.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=logstash/jobs/name=logstash/properties/elasticsearch?/username? 3 | value: ((elasticsearch_username)) 4 | - type: replace 5 | path: /instance_groups/name=logstash/jobs/name=logstash/properties/elasticsearch?/password? 6 | value: ((elasticsearch_password)) -------------------------------------------------------------------------------- /ops-files/logstash-elasticsearch-https.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=logstash/jobs/name=logstash/properties/elasticsearch?/protocol? 3 | value: https 4 | - type: replace 5 | path: /instance_groups/name=logstash/jobs/name=logstash/properties/elasticsearch?/port? 6 | value: "443" -------------------------------------------------------------------------------- /ops-files/logstash-heapsize.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=logstash/jobs/name=logstash/properties/logstash/jvm?/heap_size 3 | value: ((logstash_heapsize)) 4 | -------------------------------------------------------------------------------- /ops-files/logstash-persistent-queue.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=logstash/jobs/name=logstash/properties/logstash/config_options?/queue.type 3 | value: persisted 4 | - type: replace 5 | path: /instance_groups/name=logstash/jobs/name=logstash/properties/logstash/config_options?/queue.max_bytes 6 | value: ((logstash_queue_max_bytes)) -------------------------------------------------------------------------------- /ops-files/logstash-readiness-probe.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=logstash/jobs/name=logstash/properties/logstash/readiness_probe_http_port? 3 | value: ((logstash_readiness_probe_http_port)) 4 | - type: replace 5 | path: /instance_groups/name=logstash/jobs/name=logstash/properties/logstash/readiness_probe_tcp_port? 6 | value: ((logstash_readiness_probe_tcp_port)) 7 | -------------------------------------------------------------------------------- /ops-files/logstash-tls.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /variables?/- 3 | value: 4 | name: logstash_ca 5 | type: certificate 6 | options: 7 | is_ca: true 8 | common_name: ca 9 | 10 | - type: replace 11 | path: /variables?/- 12 | value: 13 | name: logstash_tls 14 | type: certificate 15 | options: 16 | ca: logstash_ca 17 | common_name: 127.0.0.1 18 | alternative_names: 19 | - "*.sslip.io" 20 | - "*.ap-northeast-1.elb.amazonaws.com" 21 | - "*.japaneast.cloudapp.azure.com" 22 | - "*.logstash.default.elastic-stack.bosh" 23 | - type: replace 24 | path: /instance_groups/name=logstash/jobs/name=logstash/properties/logstash/tls? 25 | value: 26 | certificate: ((logstash_tls.certificate)) 27 | private_key: ((logstash_tls.private_key)) 28 | -------------------------------------------------------------------------------- /ops-files/networks.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=elasticsearch-master/networks/name=default 3 | value: 4 | name: ((elasticsearch_master_network)) 5 | - type: replace 6 | path: /instance_groups/name=logstash/networks/name=default 7 | value: 8 | name: ((logstash_network)) 9 | - type: replace 10 | path: /instance_groups/name=kibana/networks/name=default 11 | value: 12 | name: ((kibana_network)) -------------------------------------------------------------------------------- /ops-files/remove-logstash.yml: -------------------------------------------------------------------------------- 1 | - type: remove 2 | path: /instance_groups/name=logstash 3 | -------------------------------------------------------------------------------- /ops-files/use-latest-version.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /releases/name=elasticsearch 3 | value: 4 | name: elasticsearch 5 | version: latest 6 | 7 | - type: replace 8 | path: /releases/name=logstash 9 | value: 10 | name: logstash 11 | version: latest 12 | 13 | - type: replace 14 | path: /releases/name=kibana 15 | value: 16 | name: kibana 17 | version: latest 18 | -------------------------------------------------------------------------------- /ops-files/vm_types.yml: -------------------------------------------------------------------------------- 1 | - type: replace 2 | path: /instance_groups/name=elasticsearch-master/vm_type 3 | value: ((elasticsearch_master_vm_type)) 4 | - type: replace 5 | path: /instance_groups/name=logstash/vm_type 6 | value: ((logstash_vm_type)) 7 | - type: replace 8 | path: /instance_groups/name=kibana/vm_type 9 | value: ((kibana_vm_type)) 10 | -------------------------------------------------------------------------------- /versions.yml: -------------------------------------------------------------------------------- 1 | elasticsearch_version: 0.23.0 2 | elasticsearch_sha1: 11b5eea1d9fc402fe06e90d9127010db0e4e10d6 3 | logstash_version: 0.15.0 4 | logstash_sha1: de8b1bae75c2dced8a245fbf2cb50b9301dcde2a 5 | kibana_version: 0.16.0 6 | kibana_sha1: bc8d93177007c7fcb24f4c36fe390b5b79416891 7 | openjdk_version: 8.0.4 8 | openjdk_sha1: 43979a6595282fcf4ac6269135968acc0d96d297 9 | nginx_version: 1.13.12 10 | nginx_sha1: bf156c545c45ed4e57563274f91dbd433000d776 11 | curator_version: 0.3.1 12 | curator_sha1: 7f9f40404e7c5a00d92807deae776c357d7f5dbc 13 | elastalert_version: 0.3.1 14 | elastalert_sha1: 9cad563306ee85bf8e3f849ed75336cd36fc2025 15 | cron_version: 1.1.3 16 | cron_sha1: 69a98ea02ee5e8cc5a9ad2d6cd08ef0a7fa2c292 17 | --------------------------------------------------------------------------------