Callonski

// First create a Workload Identity Pool
resource "google_iam_workload_identity_pool" "github" {
  provider                  = google-beta
  project                   = var.project_id
  workload_identity_pool_id = "github"
  display_name              = "Github Actions"
  description               = "Used to authenticate Github Actions without Service Account Keys"
}

// Create a Workload Identity Provider in that pool:

Callonski

############### CERTIFICATES FOR KIBANA ##############
gsutil cp "${ca_bucket}http.p12" /etc/kibana
gsutil cp "${ca_bucket}elasticsearch-ca.pem" /etc/kibana
chmod 777 /etc/kibana/http.p12
chmod 777 /etc/kibana/elasticsearch-ca.pem
chmod 777 /etc/ssl/certs/elasticsearch-ca.pem
cp /etc/kibana/elasticsearch-ca.pem /etc/ssl/certs
touch /var/log/kibana.log
sudo chmod 777 /var/log/kibana.log

Callonski

############## APPEND TO KIBANA CONFIGURATION FILE ############
cat <<EOT >> /etc/kibana/kibana.yml
elasticsearch.hosts: ['https://${internal_lb_ip}:9200']
server.name: my-elastic-kibana
server.host: 0.0.0.0
server.port: 8080
kibana.index: .kibanana
logging.dest: /var/log/kibana.log
logging.verbose: true
csp.strict: true

Callonski

###################### START KIBANA ##########################
sudo systemctl daemon-reload
sudo systemctl enable kibana.service
sudo systemctl start kibana.service

Callonski

################## CONFIGURE FILEBEAT #######################
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-x.x.x-amd64.deb // Replace x.x.x with version
sudo dpkg -i filebeat-x.x.x-amd64.deb  // Replace x.x.x with version
sudo filebeat keystore create
echo "${elastic_pw}" | sudo bin/filebeat keystore add ES_PASSWORD

cat <<EOT >> /etc/filebeat/filebeat.yml
output.elasticsearch:
hosts: ['https://${internal_lb_ip}:9200']
username: "elastic"

Callonski

################## START FILEBEAT  #######################
sudo systemctl daemon-reload
sudo systemctl enable filebeat
sudo filebeat modules enable system nginx mysql elasticsearch kibana googlecloud
cd /etc/filebeat/
sudo filebeat setup -e
sudo systemctl start filebeat

Callonski

##################### APM ##########################
curl -L -O https://artifacts.elastic.co/downloads/apm-server/apm-server-7.8.0-amd64.deb
sudo dpkg -i apm-server-7.7.0-amd64.deb

sudo apm-server keystore create
echo "${elastic_pw}" | sudo bin/apm-server keystore add ES_PASSWORD

cat <<EOT >> /etc/apm-server/apm-server.yml
output.elasticsearch:
hosts: ['https://${elastic_host_1}:9200','https://${elastic_host_2}:9200','https://${elastic_host_3}:9200']

Callonski

########################### HEARTBEAT ##################################

sudo heartbeat keystore create
echo "${elastic_pw}" | sudo bin/heartbeat keystore add ES_PASSWORD


cat <<EOT >> /etc/heartbeat/heartbeat.yml
output.elasticsearch:
hosts: ['https://${elastic_host_1}:9200','https://${elastic_host_2}:9200','https://${elastic_host_3}:9200']
username: 'elastic'

Callonski

################### INSTALL METRICSBEAT ######################
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo 'deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main' | sudo tee /etc/apt/sources.list.d/beats.list
sudo apt-get update && sudo apt-get install metricbeat
sudo metricbeat keystore create
echo "${elastic_pw}" | sudo bin/metricbeat-keystore add ES_PASSWORD

# echo "setup.dashboards.enabled: true" >> /etc/metricbeat/metricbeat.yml
cat <<EOT >> /etc/metricbeat/metricbeat.yml
output.elasticsearch:

Callonski

################ LOGSTASH ##############################
sudo systemctl enable logstash
sudo systemctl start logstash
sudo /usr/share/logstash/bin/logstash-plugin install x-pack
sudo bin/logstash-keystore create
echo "${elastic_pw}" | sudo bin/logstash-keystore add ES_PASSWORD


cat <<EOT >> /etc/logstash/logstash.yml
xpack.monitoring.enabled: true