From fc24e9af7cc8e8adb5dac1784b92c5e958072bc9 Mon Sep 17 00:00:00 2001
From: Krzysztof Klimonda <kklimonda@cloudferro.com>
Date: Thu, 30 May 2019 13:26:50 +0000
Subject: [PATCH] Add support for elasticsearch TLS and authentication in
fluentd
Add options for configuring TLS and authentication for elasticsearch
connections in in fluentd.
Change-Id: I936adc2aeaa3c87081be1c44aa0221caf2124e23
Closes-Bug: #1831078
---
ansible/roles/common/defaults/main.yml | 10 ++++++++
.../templates/conf/output/00-local.conf.j2 | 24 +++++++++++++++++++
.../templates/conf/output/01-es.conf.j2 | 12 ++++++++++
3 files changed, 46 insertions(+)
diff --git a/ansible/roles/common/defaults/main.yml b/ansible/roles/common/defaults/main.yml
index 7076c81f79..25b63eb6e7 100644
--- a/ansible/roles/common/defaults/main.yml
+++ b/ansible/roles/common/defaults/main.yml
@@ -45,6 +45,16 @@ common_services:
- "kolla_logs:/var/log/kolla/"
dimensions: "{{ cron_dimensions }}"
+#######################
+# TLS and authenication
+#######################
+
+fluentd_elasticsearch_path: ""
+fluentd_elasticsearch_scheme: "http"
+fluentd_elasticsearch_user: ""
+fluentd_elasticsearch_password: ""
+fluentd_elasticsearch_ssl_version: "TLSv1_2"
+fluentd_elasticsearch_ssl_verify: "true"
####################
# Docker
diff --git a/ansible/roles/common/templates/conf/output/00-local.conf.j2 b/ansible/roles/common/templates/conf/output/00-local.conf.j2
index 1837b0c5ce..a46c6a7488 100644
--- a/ansible/roles/common/templates/conf/output/00-local.conf.j2
+++ b/ansible/roles/common/templates/conf/output/00-local.conf.j2
@@ -12,6 +12,18 @@
type elasticsearch
host {{ elasticsearch_address }}
port {{ elasticsearch_port }}
+ scheme {{ fluentd_elasticsearch_scheme }}
+{% if fluentd_elasticsearch_path != '' %}
+ path {{ fluentd_elasticsearch_path }}
+{% endif %}
+{% if fluentd_elasticsearch_scheme == 'https' %}
+ ssl_version {{ fluentd_elasticsearch_ssl_version }}
+ ssl_verify {{ fluentd_elasticsearch_ssl_verify }}
+{% endif %}
+{% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%}
+ user {{ fluentd_elasticsearch_user }}
+ password {{ fluentd_elasticsearch_password }}
+{% endif %}
logstash_format true
logstash_prefix {{ kibana_log_prefix }}
flush_interval 15s
@@ -47,6 +59,18 @@
type elasticsearch
host {{ elasticsearch_address }}
port {{ elasticsearch_port }}
+ scheme {{ fluentd_elasticsearch_scheme }}
+{% if fluentd_elasticsearch_path != '' %}
+ path {{ fluentd_elasticsearch_path }}
+{% endif %}
+{% if fluentd_elasticsearch_scheme == 'https' %}
+ ssl_version {{ fluentd_elasticsearch_ssl_version }}
+ ssl_verify {{ fluentd_elasticsearch_ssl_verify }}
+{% endif %}
+{% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%}
+ user {{ fluentd_elasticsearch_user }}
+ password {{ fluentd_elasticsearch_password }}
+{% endif %}
logstash_format true
logstash_prefix {{ kibana_log_prefix }}
flush_interval 15s
diff --git a/ansible/roles/common/templates/conf/output/01-es.conf.j2 b/ansible/roles/common/templates/conf/output/01-es.conf.j2
index 1ab109aaef..178acf407a 100644
--- a/ansible/roles/common/templates/conf/output/01-es.conf.j2
+++ b/ansible/roles/common/templates/conf/output/01-es.conf.j2
@@ -4,6 +4,18 @@
@type elasticsearch
host {{ elasticsearch_address }}
port {{ elasticsearch_port }}
+ scheme {{ fluentd_elasticsearch_scheme }}
+{% if fluentd_elasticsearch_path != '' %}
+ path {{ fluentd_elasticsearch_path }}
+{% endif %}
+{% if fluentd_elasticsearch_scheme == 'https' %}
+ ssl_version {{ fluentd_elasticsearch_ssl_version }}
+ ssl_verify {{ fluentd_elasticsearch_ssl_verify }}
+{% endif %}
+{% if fluentd_elasticsearch_user != '' and fluentd_elasticsearch_password != ''%}
+ user {{ fluentd_elasticsearch_user }}
+ password {{ fluentd_elasticsearch_password }}
+{% endif %}
logstash_format true
logstash_prefix {{ kibana_log_prefix }}
flush_interval 15s