Simonx123
Simonx123
/ NAT_gateway.tf
Created
September 7, 2020 00:58
— forked from Callonski/NAT_gateway.tf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "google_compute_router_nat" "elastic-nat" { | |
| name = "elastic-router-nat" | |
| router = google_compute_router.elastic-router.name | |
| region = var.region | |
| nat_ip_allocate_option = "AUTO_ONLY" | |
| source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS" | |
| subnetwork { | |
| name = google_compute_subnetwork.my-elastic-subnet.namesource_ip_ranges_to_nat = ["ALL_IP_RANGES"] | |
| } | |
| log_config { |
Simonx123
/ network.tf
Created
September 7, 2020 00:58
— forked from Callonski/network.tf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "google_compute_network" "my-elastic-network" { | |
| name = "${var.project_name}-elastic-vpc" | |
| auto_create_subnetworks = false | |
| } | |
| resource "google_compute_subnetwork" "my-elastic-subnet" { | |
| name = "my-elastic-subnet" | |
| ip_cidr_range = "select a range in your region" | |
| network = google_compute_network.my-elastic-network.self_link | |
| region = var.region |
Simonx123
/ load_balancer.tf
Created
September 7, 2020 01:01
— forked from Callonski/load_balancer.tf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "google_compute_region_backend_service" "elastic-internal-lb-i" { | |
| name = "elastic-internal-lb-i" | |
| load_balancing_scheme = "INTERNAL" | |
| health_checks = [google_compute_health_check.my-tcp-health-check.self_link] | |
| region = var.region | |
| backend { | |
| group = google_compute_instance_group.eu-elastic-ig-zone-d.self_link | |
| } | |
| backend { | |
| group = google_compute_instance_group.eu-elastic-ig-zone-c.self_link |
Simonx123
/ kibana_prerequisites.sh
Created
September 7, 2020 01:04
— forked from Callonski/kibana_prerequisites.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############## INSTALL PREREQUISITIES ######################### | |
| sudo apt-get install openjdk-8-jre -y | |
| sudo apt update | |
| sudo apt install -y -qq apt-transport-https | |
| sudo apt install -y fonts-liberation | |
| sudo apt install -y libfontconfig1 | |
| sudo apt install -y logstash | |
| sudo apt install -y snapd | |
| sudo snap install micro - classic | |
| cat <<EOT >> ~/.bashrc |
Simonx123
/ backup_snapshot_roles_etc.sh
Created
September 7, 2020 01:04
— forked from Callonski/backup_snapshot_roles_etc.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################### REGISTER BACKUP REPOSITORY ################### | |
| curl -X PUT "https://elastic:${elastic_pw}@0.0.0.0:9200/_snapshot/backup?pretty" -k -H 'Content-Type: application/json' -d '{"type": "gcs","settings": {"bucket": "${backup_bucket}","service_account": "/usr/share/credentials.json"}}' | |
| ############ CREATE BACKUP POLICY FOR DAILY SNAPSHOTS ############## | |
| curl -X PUT -k "https://elastic:${elastic_pw}@0.0.0.0:9200/_slm/policy/nightly-snapshots?pretty" -H 'Content-Type: application/json' -d'{ "schedule": "0 30 1 * * ?", "name": "elastic-snapshot", "repository": "backup", "config": {"indices": ["*"]}, "retention": {"expire_after": "30d", "min_count": 5, "max_count": 30 }}' | |
| ################### CREATE CUSTOM ROLES ########################## | |
| curl -X PUT -k "https://elastic:${elastic_pw}@0.0.0.0:9200/_security/role/API" -H 'Content-Type: application/json' -d '{ "indices": [{ "names": [ "*-read-alias", "*-write-alias"], "privileges": ["read"] } ]}' | |
| curl -X PUT -k "https://elastic:${elastic_pw}@0.0.0.0:9200 |
Simonx123
/ terraform_deploy.tf
Created
September 7, 2020 01:04
— forked from Callonski/terraform_deploy.tf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform apply -var 'elastic_pw={pw_elastic}' -var-file=env/prod.tfvars -auto-approve |
Simonx123
/ terraform_deploy.tf
Created
September 7, 2020 01:04
— forked from Callonski/terraform_deploy.tf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform apply -var 'elastic_pw={pw_elastic}' -var-file=env/test.tfvars -auto-approve |
Simonx123
/ xpac_elasticsearch.sh
Created
September 7, 2020 01:04
— forked from Callonski/xpac_elasticsearch.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################### X-PAC SECURITY FEATURES ####################### | |
| gsutil cp "my-gcs-bucket-with-elastic-certificates" /etc/elasticsearch | |
| gsutil cp "${ca_bucket}http.p12" /etc/elasticsearch | |
| chmod 777 /etc/elasticsearch | |
| cat <<EOT >> /etc/elasticsearch/elasticsearch.yml | |
| xpack.security.http.ssl.enabled: true | |
| xpack.security.http.ssl.keystore.path: /etc/elasticsearch/http.p12 | |
| xpack.security.http.ssl.keystore.secure_password: '' | |
| xpack.security.enabled: true | |
| xpack.security.transport.ssl.enabled: true |
Simonx123
/ xpac_elasticsearch.sh
Created
September 7, 2020 01:04
— forked from Callonski/xpac_elasticsearch.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################### X-PAC SECURITY FEATURES ####################### | |
| gsutil cp "my-gcs-bucket-with-elastic-certificates" /etc/elasticsearch | |
| gsutil cp "${ca_bucket}http.p12" /etc/elasticsearch | |
| chmod 777 /etc/elasticsearch | |
| cat <<EOT >> /etc/elasticsearch/elasticsearch.yml | |
| xpack.security.http.ssl.enabled: true | |
| xpack.security.http.ssl.keystore.path: /etc/elasticsearch/http.p12 | |
| xpack.security.http.ssl.keystore.secure_password: '' | |
| xpack.security.enabled: true | |
| xpack.security.transport.ssl.enabled: true |
Simonx123
/ xpac_monitoring.sh
Last active
September 7, 2020 01:04
— forked from Callonski/xpac_monitoring.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################### ENABLE X-PAC MONITORING #################### | |
| curl -X PUT "0.0.0.0:9200/_cluster/settings?pretty" -H 'Content-Type: application/json' -d' {"persistent": {"xpack.monitoring.collection.enabled": true}}' |