-
Notifications
You must be signed in to change notification settings - Fork 118
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Logstash improvements: auto pipeline reload. (#1668)
* Logstash improvements: auto pipeline reload, enable SSL between LS and agent, remove doc id in pipeline config to cover generic cases. * Revert SSL changes between agent and Logstash. * Make Logstash pipeline configs changeable. * Let's focus on Logstash integration plugin and avoid connection failures with ES. * Put back config changes and make overwritable config separating from Docker volumes which will be busy during the Logstash run. * Separate Logstash initialization script and define it as a resource. * Revise the comment to make the generic statement. * Test if permissions inherited on mounted fs. * Apply suggestions from code review Read-only mounted certificates, set proper permission to a Logstash startup shell script. Co-authored-by: Jaime Soriano Pastor <[email protected]> * Refining the logics applied by code review: same apply on serverless. * Revert the read-only mounting since it is failing on BK agent. * Enable SSL between LS and agent. * Make mounted files read-only except certs folder. --------- Co-authored-by: Jaime Soriano Pastor <[email protected]>
- Loading branch information
Showing
5 changed files
with
58 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
#!/bin/bash | ||
|
||
set -euo pipefail | ||
|
||
LOGSTASH_HOME="/usr/share/logstash/" | ||
|
||
# logstash expects the key in pkcs8 format. | ||
# Hence converting the key.pem to pkcs8 format using openssl. | ||
create_cert() { | ||
ls_cert_path="$LOGSTASH_HOME/config/certs" | ||
openssl pkcs8 -inform PEM -in "$ls_cert_path/key.pem" -topk8 -nocrypt -outform PEM -out "/tmp/logstash.pkcs8.key" | ||
chmod 777 "/tmp/logstash.pkcs8.key" | ||
} | ||
|
||
# config copy is intentional that mounted volumes will be busy and cannot be overwritten | ||
overwrite_pipeline_config() { | ||
ls_pipeline_config_path="$LOGSTASH_HOME/pipeline/" | ||
cat "$ls_pipeline_config_path/generated_logstash.conf" > "$ls_pipeline_config_path/logstash.conf" | ||
} | ||
|
||
# installs the given plugin if it is not installed | ||
install_plugin_if_missing() { | ||
plugin_name=$1 | ||
if [[ ! $(bin/logstash-plugin list) == *"$plugin_name"* ]]; then | ||
echo "Missing plugin $plugin_name, installing now" | ||
bin/logstash-plugin install "$plugin_name" | ||
fi | ||
} | ||
|
||
# runs Logstash | ||
run() { | ||
bin/logstash -f "$LOGSTASH_HOME/pipeline/logstash.conf" --config.reload.automatic | ||
} | ||
|
||
create_cert | ||
overwrite_pipeline_config | ||
install_plugin_if_missing "logstash-filter-elastic_integration" | ||
run |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters