Copy Search Guard config to dedicated directory

Closes #191

Copy Search Guard config to dedicated directory
Closes #191
36f983b4 · Antoine Cotten · 132637bc · 36f983b4 · 36f983b4 · 36f983b4
Unverified Commit 36f983b4 authored Jan 02, 2018 by Antoine Cotten
12 changed files
--- a/README.md
+++ b/README.md
@@ -89,11 +89,11 @@ $ docker-compose up -d
 Search Guard must be initialized after Elasticsearch is started:
-```bash
+```console
 $ docker-compose exec -T elasticsearch bin/init_sg.sh
 ```
-_This executes sgadmin and loads the configuration from `elasticsearch/config/sg*.yml`_
+_This executes sgadmin and loads the configuration from `elasticsearch/config/sg/sg*.yml`_
 Give Kibana a few seconds to initialize, then access the Kibana web UI by hitting
 [http://localhost:5601](http://localhost:5601) with a web browser and use the aforementioned credentials to login.

--- a/elasticsearch/Dockerfile
+++ b/elasticsearch/Dockerfile
 # https://github.com/elastic/elasticsearch-docker
 FROM docker.elastic.co/elasticsearch/elasticsearch-oss:6.1.0
-COPY config/ config/
+COPY config/sg/ config/sg/
 COPY bin/ bin/
 # Search Guard plugin
@@ -9,7 +9,9 @@ COPY bin/ bin/
 RUN elasticsearch-plugin install --batch com.floragunn:search-guard-6:6.1.0-20.1 \
 	&& chmod +x \
 		plugins/search-guard-6/tools/hash.sh \
-		plugins/search-guard-6/tools/sgadmin.sh
+		plugins/search-guard-6/tools/sgadmin.sh \
+	&& chown -R elasticsearch config/sg/ \
+	&& chmod -R go= config/sg/
 # Add your elasticsearch plugins setup here
 # Example: RUN elasticsearch-plugin install analysis-icu
--- a/elasticsearch/bin/init_sg.sh
+++ b/elasticsearch/bin/init_sg.sh
 #!/bin/sh
 plugins/search-guard-6/tools/sgadmin.sh \
-	-cd config/ \
+	-cd config/sg/ \
-	-ts config/truststore.jks \
+	-ts config/sg/truststore.jks \
-	-ks config/kirk-keystore.jks \
+	-ks config/sg/kirk-keystore.jks \
 	-nhnv \
 	-icl
--- a/elasticsearch/config/elasticsearch.yml
+++ b/elasticsearch/config/elasticsearch.yml
@@ -19,8 +19,8 @@ discovery.type: single-node
 #
 searchguard.enterprise_modules_enabled: false
-searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
+searchguard.ssl.transport.keystore_filepath: sg/node-0-keystore.jks
-searchguard.ssl.transport.truststore_filepath: truststore.jks
+searchguard.ssl.transport.truststore_filepath: sg/truststore.jks
 searchguard.ssl.transport.enforce_hostname_verification: false
 searchguard.authcz.admin_dn:

--- a/elasticsearch/config/kirk-keystore.jks
+++ b/elasticsearch/config/kirk-keystore.jks
--- a/elasticsearch/config/node-0-keystore.jks
+++ b/elasticsearch/config/node-0-keystore.jks
--- a/elasticsearch/config/sg_action_groups.yml
+++ b/elasticsearch/config/sg_action_groups.yml
--- a/elasticsearch/config/sg_config.yml
+++ b/elasticsearch/config/sg_config.yml
--- a/elasticsearch/config/sg_internal_users.yml
+++ b/elasticsearch/config/sg_internal_users.yml
--- a/elasticsearch/config/sg_roles.yml
+++ b/elasticsearch/config/sg_roles.yml
--- a/elasticsearch/config/sg_roles_mapping.yml
+++ b/elasticsearch/config/sg_roles_mapping.yml
--- a/elasticsearch/config/truststore.jks
+++ b/elasticsearch/config/truststore.jks