Merge pull request #483 from wazuh/orsifacundo-production_cluster-cha…

…nges Add admin keypair to production deployment
wazuh · Jun 10, 2021 · 4b75a66 · 4b75a66
2 parents 7b56e24 + 3f3a688
commit 4b75a66
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 3 deletions.
diff --git a/production-cluster.yml b/production-cluster.yml
@@ -86,6 +86,8 @@ services:
       - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
       - ./production_cluster/ssl_certs/node1.key:/usr/share/elasticsearch/config/node1.key
       - ./production_cluster/ssl_certs/node1.pem:/usr/share/elasticsearch/config/node1.pem
+      - ./production_cluster/ssl_certs/admin.pem:/usr/share/elasticsearch/config/admin.pem
+      - ./production_cluster/ssl_certs/admin.key:/usr/share/elasticsearch/config/admin.key      
       - ./production_cluster/elastic_opendistro/elasticsearch-node1.yml:/usr/share/elasticsearch/config/elasticsearch.yml
       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 

diff --git a/production_cluster/elastic_opendistro/elasticsearch-node1.yml b/production_cluster/elastic_opendistro/elasticsearch-node1.yml
@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
     - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: []
+opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
 opendistro_security.audit.type: internal_elasticsearch
 opendistro_security.enable_snapshot_restore_privilege: true
 opendistro_security.check_snapshot_restore_write_privileges: true

diff --git a/production_cluster/elastic_opendistro/elasticsearch-node2.yml b/production_cluster/elastic_opendistro/elasticsearch-node2.yml
@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
     - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: []
+opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
 opendistro_security.audit.type: internal_elasticsearch
 opendistro_security.enable_snapshot_restore_privilege: true
 opendistro_security.check_snapshot_restore_write_privileges: true

diff --git a/production_cluster/elastic_opendistro/elasticsearch-node3.yml b/production_cluster/elastic_opendistro/elasticsearch-node3.yml
@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
     - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
     - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: []
+opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
 opendistro_security.audit.type: internal_elasticsearch
 opendistro_security.enable_snapshot_restore_privilege: true
 opendistro_security.check_snapshot_restore_write_privileges: true

diff --git a/production_cluster/ssl_certs/certs.yml b/production_cluster/ssl_certs/certs.yml
@@ -28,3 +28,8 @@ nodes:
     dn: CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com
     dns: 
       - wazuh 
+
+clients:
+  - name: admin
+    dn: CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com
+    admin: true