diff --git a/internal/stack/_static/docker-compose-stack.yml.tmpl b/internal/stack/_static/docker-compose-stack.yml.tmpl index 15519ee8b8..19af7e6adc 100644 --- a/internal/stack/_static/docker-compose-stack.yml.tmpl +++ b/internal/stack/_static/docker-compose-stack.yml.tmpl @@ -170,16 +170,12 @@ services: interval: 60s timeout: 50s retries: 5 - # logstash expects the key in pkcs8 format. Hence converting the key.pem to pkcs8 format using openssl. - # Also logstash-filter-elastic_integration plugin is installed by default to run ingest pipelines in logstash. - # elastic-package#1637 made improvements to enable logstash stats through port 9600. - command: bash -c 'openssl pkcs8 -inform PEM -in /usr/share/logstash/config/certs/key.pem -topk8 -nocrypt -outform PEM -out /tmp/logstash.pkcs8.key && chmod +x /tmp/logstash.pkcs8.key && if [[ ! $(bin/logstash-plugin list) == *"logstash-filter-elastic_integration"* ]]; then echo "Missing plugin logstash-filter-elastic_integration, installing now" && bin/logstash-plugin install logstash-filter-elastic_integration; fi && bin/logstash -f /usr/share/logstash/pipeline/logstash.conf' + command: bash /usr/share/logstash/startup.sh volumes: - - "../certs/logstash/key.pem:/usr/share/logstash/config/certs/key.pem" - - "../certs/logstash/cert.pem:/usr/share/logstash/config/certs/cert.pem" - - "../certs/logstash/ca-cert.pem:/usr/share/logstash/config/certs/ca-cert.pem" - - "../certs/elasticsearch/cert.pem:/usr/share/logstash/config/certs/elasticsearch.pem" - - "./logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro" + - "../certs/logstash:/usr/share/logstash/config/certs" + - "../certs/elasticsearch/cert.pem:/usr/share/logstash/config/certs/elasticsearch.pem:ro" + - "./logstash.conf:/usr/share/logstash/pipeline/generated_logstash.conf:ro" + - "./logstash_startup.sh:/usr/share/logstash/startup.sh" ports: - "127.0.0.1:5044:5044" - "127.0.0.1:9600:9600" diff --git a/internal/stack/_static/logstash_startup.sh b/internal/stack/_static/logstash_startup.sh new file mode 100755 index 0000000000..ee74bd709b --- /dev/null +++ b/internal/stack/_static/logstash_startup.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +set -euo pipefail + +LOGSTASH_HOME="/usr/share/logstash/" + +# logstash expects the key in pkcs8 format. +# Hence converting the key.pem to pkcs8 format using openssl. +create_cert() { + ls_cert_path="$LOGSTASH_HOME/config/certs" + openssl pkcs8 -inform PEM -in "$ls_cert_path/key.pem" -topk8 -nocrypt -outform PEM -out "/tmp/logstash.pkcs8.key" + chmod 777 "/tmp/logstash.pkcs8.key" +} + +# config copy is intentional that mounted volumes will be busy and cannot be overwritten +overwrite_pipeline_config() { + ls_pipeline_config_path="$LOGSTASH_HOME/pipeline/" + cat "$ls_pipeline_config_path/generated_logstash.conf" > "$ls_pipeline_config_path/logstash.conf" +} + +# installs the given plugin if it is not installed +install_plugin_if_missing() { + plugin_name=$1 + if [[ ! $(bin/logstash-plugin list) == *"$plugin_name"* ]]; then + echo "Missing plugin $plugin_name, installing now" + bin/logstash-plugin install "$plugin_name" + fi +} + +# runs Logstash +run() { + bin/logstash -f "$LOGSTASH_HOME/pipeline/logstash.conf" --config.reload.automatic +} + +create_cert +overwrite_pipeline_config +install_plugin_if_missing "logstash-filter-elastic_integration" +run diff --git a/internal/stack/_static/serverless-docker-compose.yml.tmpl b/internal/stack/_static/serverless-docker-compose.yml.tmpl index 2ec85a1577..4069869111 100644 --- a/internal/stack/_static/serverless-docker-compose.yml.tmpl +++ b/internal/stack/_static/serverless-docker-compose.yml.tmpl @@ -35,13 +35,11 @@ services: interval: 60s timeout: 50s retries: 5 - # logstash expects the key in pkcs8 format. Hence converting the key.pem to pkcs8 format using openssl. - # Also logstash-filter-elastic_integration plugin is installed by default to run ingest pipelines in logstash. - # elastic-package#1637 made improvements to enable logstash stats through port 9600. - command: bash -c 'openssl pkcs8 -inform PEM -in /usr/share/logstash/config/certs/key.pem -topk8 -nocrypt -outform PEM -out /usr/share/logstash/config/certs/logstash.pkcs8.key && chmod 777 /usr/share/logstash/config/certs/logstash.pkcs8.key && if [[ ! $(bin/logstash-plugin list) == *"logstash-filter-elastic_integration"* ]]; then echo "Missing plugin logstash-filter-elastic_integration, installing now" && bin/logstash-plugin install logstash-filter-elastic_integration; fi && bin/logstash -f /usr/share/logstash/pipeline/logstash.conf' + command: bash /usr/share/logstash/startup.sh volumes: - "../certs/logstash:/usr/share/logstash/config/certs" - - "./logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro" + - "./logstash.conf:/usr/share/logstash/pipeline/generated_logstash.conf:ro" + - "./logstash_startup.sh:/usr/share/logstash/startup.sh" ports: - "127.0.0.1:5044:5044" - "127.0.0.1:9600:9600" diff --git a/internal/stack/resources.go b/internal/stack/resources.go index 885b464e32..a57e44905f 100644 --- a/internal/stack/resources.go +++ b/internal/stack/resources.go @@ -121,6 +121,12 @@ var ( Path: ElasticAgentEnvFile, Content: staticSource.Template("_static/elastic-agent.env.tmpl"), }, + &resource.File{ + Path: "logstash_startup.sh", + CreateParent: true, + Content: staticSource.Template("_static/logstash_startup.sh"), + Mode: resource.FileMode(0755), + }, } ) diff --git a/internal/stack/serverlessresources.go b/internal/stack/serverlessresources.go index 8eb9b1896a..1191f7742e 100644 --- a/internal/stack/serverlessresources.go +++ b/internal/stack/serverlessresources.go @@ -32,6 +32,12 @@ var ( Path: LogstashConfigFile, Content: staticSource.Template("_static/serverless-logstash.conf.tmpl"), }, + &resource.File{ + Path: "logstash_startup.sh", + CreateParent: true, + Content: staticSource.Template("_static/logstash_startup.sh"), + Mode: resource.FileMode(0755), + }, } )