tlstool-config

1. ###
2. ### Self-generated certificate authority
3. ###
4. #
5. # If you want to create a new certificate authority, you must specify its parameters here.
6. # You can skip this section if you only want to create CSRs
7. #
8.  
9. ###
10. ### Default values and global settings
11. ###
12. defaults:
13.  
14. # The validity of the generated certificate in days from now
15. validityDays: 3650
16.  
17. # Password for private key
18. # Possible values:
19. # - auto: automatically generated password, returned in config output;
20. # - none: unencrypted private key;
21. # - other values: other values are used directly as password
22. pkPassword: none
23.  
24. # Specifies to recognize legitimate nodes by the distinguished names
25. # of the certificates. This can be a list of DNs, which can contain wildcards.
26. # Furthermore, it is possible to specify regular expressions by
27. # enclosing the DN in //.
28. # Specification of this is optional. The tool will always include
29. # the DNs of the nodes specified in the nodes section.
30. #nodesDn:
31. #- "CN=*.example.com,OU=Ops,O=Example Com\\, Inc.,DC=example,DC=com"
32. # - 'CN=node.other.com,OU=SSL,O=Test,L=Test,C=DE'
33. # - 'CN=*.example.com,OU=SSL,O=Test,L=Test,C=DE'
34. # - 'CN=elk-devcluster*'
35. # - '/CN=.*regex/'
36.  
37. # If you want to use OIDs to mark legitimate node certificates,
38. # the OID can be included in the certificates by specifying the following
39. # attribute
40.  
41. # nodeOid: "1.2.3.4.5.5"
42.  
43. # The length of auto generated passwords
44. generatedPasswordLength: 12
45.  
46. # Set this to true in order to generate config and certificates for
47. # the HTTP interface of nodes
48. httpsEnabled: true
49.  
50. # Set this to true in order to re-use the node transport certificates
51. # for the HTTP interfaces. Only recognized if httpsEnabled is true
52.  
53. reuseTransportCertificatesForHttp: true
54.  
55. # Set this to true to enable hostname verification
56. #verifyHostnames: false
57.  
58. # Set this to true to resolve hostnames
59. #resolveHostnames: false
60.  
61.  
62. ###
63. ### Nodes
64. ###
65. #
66. # Specify the nodes of your ES cluster here
67. #
68. nodes:
69. - name: scvelastic01
70. dn: CN=scvelastic01.pankl.local,OU=IT,O=PANKL,C=AT,L=Kapfenberg,S=Styria,DC=pankl,DC=local
71. dns:
72. - scvelastic01.pankl.local
73. - kibana.pankl.local
74. - elastic01.pankl.local
75. ip: 172.17.0.121
76. - name: scvelastic02
77. dn: CN=scvelastic02.pankl.local,OU=IT,O=PANKL,C=AT,L=Kapfenberg,S=Styria,DC=pankl,DC=local
78. dns:
79. - scvelastic02.pankl.local
80. - elastic02.pankl.local
81. ip: 172.17.0.122
82. - name: scvelastic03
83. dn: CN=scvelastic03.pankl.local,OU=IT,O=PANKL,C=AT,L=Kapfenberg,S=Styria,DC=pankl,DC=local
84. dns:
85. - scvelastic03.pankl.local
86. - elastic03.pankl.local
87. ip: 172.17.0.123
88.  
89. ###
90. ### Clients
91. ###
92. #
93. # Specify the clients that shall access your ES cluster with certificate authentication here
94. #
95. # At least one client must be an admin user (i.e., a super-user). Admin users can
96. # be specified with the attribute admin: true
97. #
98. clients:
99. - name: sgadmin
100. dn: CN=sgadmin,OU=IT,O=PANKL,C=AT,L=Kapfenberg,S=Styria,DC=pankl,DC=local
101. admin: true