Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###
- ### Self-generated certificate authority
- ###
- #
- # If you want to create a new certificate authority, you must specify its parameters here.
- # You can skip this section if you only want to create CSRs
- #
- ###
- ### Default values and global settings
- ###
- defaults:
- # The validity of the generated certificate in days from now
- validityDays: 3650
- # Password for private key
- # Possible values:
- # - auto: automatically generated password, returned in config output;
- # - none: unencrypted private key;
- # - other values: other values are used directly as password
- pkPassword: none
- # Specifies to recognize legitimate nodes by the distinguished names
- # of the certificates. This can be a list of DNs, which can contain wildcards.
- # Furthermore, it is possible to specify regular expressions by
- # enclosing the DN in //.
- # Specification of this is optional. The tool will always include
- # the DNs of the nodes specified in the nodes section.
- #nodesDn:
- #- "CN=*.example.com,OU=Ops,O=Example Com\\, Inc.,DC=example,DC=com"
- # - 'CN=node.other.com,OU=SSL,O=Test,L=Test,C=DE'
- # - 'CN=*.example.com,OU=SSL,O=Test,L=Test,C=DE'
- # - 'CN=elk-devcluster*'
- # - '/CN=.*regex/'
- # If you want to use OIDs to mark legitimate node certificates,
- # the OID can be included in the certificates by specifying the following
- # attribute
- # nodeOid: "1.2.3.4.5.5"
- # The length of auto generated passwords
- generatedPasswordLength: 12
- # Set this to true in order to generate config and certificates for
- # the HTTP interface of nodes
- httpsEnabled: true
- # Set this to true in order to re-use the node transport certificates
- # for the HTTP interfaces. Only recognized if httpsEnabled is true
- reuseTransportCertificatesForHttp: true
- # Set this to true to enable hostname verification
- #verifyHostnames: false
- # Set this to true to resolve hostnames
- #resolveHostnames: false
- ###
- ### Nodes
- ###
- #
- # Specify the nodes of your ES cluster here
- #
- nodes:
- - name: scvelastic01
- dn: CN=scvelastic01.pankl.local,OU=IT,O=PANKL,C=AT,L=Kapfenberg,S=Styria,DC=pankl,DC=local
- dns:
- - scvelastic01.pankl.local
- - kibana.pankl.local
- - elastic01.pankl.local
- ip: 172.17.0.121
- - name: scvelastic02
- dn: CN=scvelastic02.pankl.local,OU=IT,O=PANKL,C=AT,L=Kapfenberg,S=Styria,DC=pankl,DC=local
- dns:
- - scvelastic02.pankl.local
- - elastic02.pankl.local
- ip: 172.17.0.122
- - name: scvelastic03
- dn: CN=scvelastic03.pankl.local,OU=IT,O=PANKL,C=AT,L=Kapfenberg,S=Styria,DC=pankl,DC=local
- dns:
- - scvelastic03.pankl.local
- - elastic03.pankl.local
- ip: 172.17.0.123
- ###
- ### Clients
- ###
- #
- # Specify the clients that shall access your ES cluster with certificate authentication here
- #
- # At least one client must be an admin user (i.e., a super-user). Admin users can
- # be specified with the attribute admin: true
- #
- clients:
- - name: sgadmin
- dn: CN=sgadmin,OU=IT,O=PANKL,C=AT,L=Kapfenberg,S=Styria,DC=pankl,DC=local
- admin: true
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement