This repository has been archived by the owner on Sep 12, 2023. It is now read-only.
forked from CogStack/CogStack-NiFi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
create_es_native_credentials.sh
70 lines (57 loc) · 2.58 KB
/
create_es_native_credentials.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#!/bin/bash
set -e
if [[ -z "${ELASTIC_HOST}" ]]; then
ELASTIC_HOST=localhost
echo "ELASTIC_HOST not set, defaulting to ELASTIC_HOST=localhost"
fi
if [[ -z "${ELASTIC_PASSWORD}" ]]; then
ELASTIC_PASSWORD=kibanaserver
echo "ELASTIC_PASSWORD not set, defaulting to ELASTIC_PASSWORD=kibanaserver"
fi
if [[ -z "${ELASTIC_USER}" ]]; then
ELASTIC_USER=elastic
echo "ELASTIC_USER not set, defaulting to ELASTIC_USER=elastic"
fi
if [[ -z "${KIBANA_USER}" ]]; then
KIBANA_USER=kibanaserver
echo "KIBANA_USER not set, defaulting to KIBANA_USER=kibanaserver"
fi
if [[ -z "${KIBANA_PASSWORD}" ]]; then
KIBANA_PASSWORD=kibanaserver
echo "KIBANA_PASSWORD not set, defaulting to KIBANA_PASSWORD=kibanaserver"
fi
if [[ -z "${INGEST_SERVICE_USER}" ]]; then
INGEST_SERVICE_USER=ingest_service
echo "INGEST_SERVICE_USER not set, defaulting to INGEST_SERVICE_USER=ingest_service"
fi
if [[ -z "${INGEST_SERVICE_PASSWORD}" ]]; then
INGEST_SERVICE_PASSWORD=ingest_service
echo "INGEST_SERVICE_PASSWORD not set, defaulting to INGEST_SERVICE_PASSWORD=ingest_service"
fi
if [[ -z "${ES_ADMIN_EMAIL}" ]]; then
ES_ADMIN_EMAIL="[email protected]"
echo "ES_ADMIN_EMAIL not set, defaulting to [email protected]"
fi
echo "Waiting for Elasticsearch availability"
curl -k --cacert ./es_certificates/es_native/elastic-stack-ca.crt.pem -key ./es_certificates/es_native/elastic-stack-ca.key.pem -u elastic:$ELASTIC_PASSWORD https://$ELASTIC_HOST:9200
echo "Setting kibana_system password"
curl -k -X POST --cacert ./es_certificates/es_native/elastic-stack-ca.crt.pem -u elastic:$ELASTIC_PASSWORD -H "Content-Type:application/json" https://$ELASTIC_HOST:9200/_security/user/kibana_system/_password -d "{\"password\":\"$KIBANA_PASSWORD\"}"
echo "Creating users"
# Create the actual kibanaserver user
curl -k -X POST -u elastic:$ELASTIC_PASSWORD --cacert ./es_certificates/es_native/elastic-stack-ca.crt.pem "https://$ELASTIC_HOST:9200/_security/user/$KIBANA_USER?pretty" -H 'Content-Type:application/json' -d'
{
"password" :"'$KIBANA_PASSWORD'",
"roles" : ["kibana_system", "kibana_admin", "ingest_admin"],
"full_name" : "kibanaserver",
"email" : "'${ES_ADMIN_EMAIL}'"
}
'
# Create the actual kibanaserver user
curl -k -X POST -u elastic:$ELASTIC_PASSWORD --cacert ./es_certificates/es_native/elastic-stack-ca.crt.pem "https://$ELASTIC_HOST:9200/_security/user/$INGEST_SERVICE_USER?pretty" -H 'Content-Type:application/json' -d'
{
"password" :"'$INGEST_SERVICE_PASSWORD'",
"roles" : ["ingest_admin"],
"full_name" : "ingestion service",
"email" : "'${ES_ADMIN_EMAIL}'"
}
'