December 22 update

jails/config/elk/kibana.yml

@@ -27,6 +27,8 @@ server.name: "kibana.diyit.org"
 # The URLs of the Elasticsearch instances to use for all your queries.
 elasticsearch.hosts: ["https://elk.diyit.org:9200"]
 
+server.publicBaseUrl: "https://kibana.diyit.org"
+
 # When this setting's value is true Kibana uses the hostname specified in the server.host
 # setting. When the value of this setting is false, Kibana uses the hostname of the host
 # that connects to this Kibana instance.
@@ -43,7 +45,7 @@ elasticsearch.hosts: ["https://elk.diyit.org:9200"]
 # the username and password that the Kibana server uses to perform maintenance on the Kibana
 # index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
 # is proxied through the Kibana server.
-elasticsearch.username: "kibana"
+elasticsearch.username: "kibana_system"
 elasticsearch.password: "0AKzGiy2Cu4Klaz23asT"
 
 # Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
@@ -58,7 +60,7 @@ server.ssl.key: /mnt/certs/diyprivkeyr.pem
 #elasticsearch.ssl.certificate: /path/to/your/client.crt
 #elasticsearch.ssl.key: /path/to/your/client.key
 
-xpack.security.enabled: true
+#xpack.security.enabled: true
 xpack.encryptedSavedObjects.encryptionKey: "something_at_least_32_characters_this_is_it"
 
 # Optional setting that enables you to specify a path to the PEM file for the certificate

jails/config/elk/pkg-list-details-old.txt

@@ -0,0 +1,10 @@
+pkgp-freebsd-pkg____bash-5.2.9
+pkgp-freebsd-pkg____bash-completion-2.11_1,2
+pkgp-freebsd-pkg____beats7-7.17.7
+pkgp-freebsd-pkg____curl-7.85.0
+pkgp-freebsd-pkg____elasticsearch7-7.17.7
+pkgp-freebsd-pkg____kibana7-7.17.7
+pkgp-freebsd-pkg____logstash7-7.17.7
+pkgp-freebsd-pkg____nano-6.4
+pkgp-freebsd-pkg____openjdk11-11.0.17+8.1_1
+pkgp-freebsd-pkg____pkg-1.18.4

jails/config/elk/pkg-list-details.txt

@@ -1,10 +1,10 @@
-pkgp-freebsd-pkg____bash-5.1.16
-pkgp-freebsd-pkg____bash-completion-2.11_1,2
-pkgp-freebsd-pkg____beats7-7.16.3_1
-pkgp-freebsd-pkg____curl-7.82.0
-pkgp-freebsd-pkg____elasticsearch7-7.16.3
-pkgp-freebsd-pkg____kibana7-7.16.3
-pkgp-freebsd-pkg____logstash7-7.16.3
-pkgp-freebsd-pkg____nano-6.0
-pkgp-freebsd-pkg____openjdk11-11.0.14+9.1_1
-pkgp-freebsd-pkg____pkg-1.17.5_1
+pkgp-freebsd-pkg____bash-5.2.12
+pkgp-freebsd-pkg____bash-completion-2.11_2,2
+pkgp-freebsd-pkg____beats7-7.17.7
+pkgp-freebsd-pkg____curl-7.85.0
+pkgp-freebsd-pkg____elasticsearch7-7.17.7
+pkgp-freebsd-pkg____kibana7-7.17.7
+pkgp-freebsd-pkg____logstash7-7.17.7
+pkgp-freebsd-pkg____nano-7.0
+pkgp-freebsd-pkg____openjdk11-11.0.17+8.1_1
+pkgp-freebsd-pkg____pkg-1.18.4

jails/config/elk/pkg-list-old.txt

@@ -0,0 +1 @@
+bash bash-completion beats7 curl elasticsearch7 kibana7 logstash7 nano openjdk11 pkg

jails/config/elk/rc.d/elasticsearch

@@ -1,10 +1,8 @@
 #!/bin/sh
-#
-# $FreeBSD: head/textproc/elasticsearch7/files/elasticsearch.in 538703 2020-06-13 22:41:04Z glewis $
-#
+
 # PROVIDE: elasticsearch
-# REQUIRE: NETWORKING SERVERS
-# BEFORE: DAEMON
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
 # KEYWORD: shutdown
 #
 # Add the following line to /etc/rc.conf to enable elasticsearch:
@@ -17,7 +15,7 @@
 #               Set it to required group.
 # elasticsearch_config (path):   Set to /usr/local/etc/elasticsearch/elasticsearch.yml by default.
 #               Set it to the config file location.
-# elasticsearch_java_home (path): Set to /usr/local/openjdk8 by default.
+# elasticsearch_java_home (path): Set to /usr/local/openjdk11 by default.
 #               Set it to the root of the JDK to use.
 #
 . /etc/rc.subr
@@ -46,7 +44,7 @@ command=/usr/local/lib/elasticsearch/bin/elasticsearch
 command_args="-d --pidfile=${pidfile}"
 
 export ES_PATH_CONF=${elasticsearch_config}
-export JAVA_HOME=${elasticsearch_java_home}
+export ES_JAVA_HOME=${elasticsearch_java_home}
 
 elasticsearch_precmd()
 {

jails/config/elk/rc.d/filebeat

@@ -0,0 +1,43 @@
+#!/bin/sh
+
+# PROVIDE: filebeat
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf to enable filebeat:
+#
+# filebeat_enable (bool):	Set to YES to enable filebeat
+# 				Default: NO
+# filebeat_flags (str):		Extra flags passed to filebeat
+# filebeat_config (str):	filebeat configuration directory
+#				Default: ${PREFIX}/etc/beats
+# filebeat_conffile (str):	filebeat configuration file
+#				relative to ${filebeat_conf}
+#				Default: filebeat.yml
+
+. /etc/rc.subr
+
+name="filebeat"
+rcvar=${name}_enable
+load_rc_config $name
+
+: ${filebeat_enable:="NO"}
+: ${filebeat_config:="/usr/local/etc/beats"}
+: ${filebeat_conffile:="filebeat.yml"}
+: ${filebeat_home:="/usr/local/share/beats/filebeat"}
+: ${filebeat_logs:="/var/log/beats"}
+: ${filebeat_data:="/var/db/beats/filebeat"}
+
+# daemon
+start_precmd=filebeat_prestart
+command=/usr/sbin/daemon
+pidfile="/var/run/${name}"
+command_args="-frP ${pidfile} /usr/local/sbin/${name} ${filebeat_flags} --path.config ${filebeat_config} --path.home ${filebeat_home} --path.data ${filebeat_data} --path.logs ${filebeat_logs} -c ${filebeat_conffile}"
+
+filebeat_prestart() {
+# Have to empty rc_flags so they don't get passed to daemon(8)
+	rc_flags=""
+}
+
+run_rc_command "$1"

jails/config/elk/rc.d/heartbeat

@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# PROVIDE: heartbeat
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf to enable heartbeat:
+#
+# heartbeat_enable (bool):	Set to YES to enable heartbeat
+# 				Default: NO
+# heartbeat_flags (str):	Extra flags passed to heartbeat
+# heartbeat_config (str):	heartbeat configuration directory
+#				Default: ${PREFIX}/etc/beats
+# heartbeat_conffile (str):	heartbeat configuration file
+#				relative to ${heartbeat_conf}
+#				Default: heartbeat.yml
+
+. /etc/rc.subr
+
+name="heartbeat"
+rcvar=${name}_enable
+load_rc_config $name
+
+: ${heartbeat_enable:="NO"}
+: ${heartbeat_config:="/usr/local/etc/beats"}
+: ${heartbeat_conffile:="heartbeat.yml"}
+: ${heartbeat_home:="/usr/local/share/beats/heartbeat"}
+: ${heartbeat_logs:="/var/log/beats"}
+: ${heartbeat_data:="/var/db/beats/heartbeat"}
+
+
+# daemon
+start_precmd=heartbeat_prestart
+command=/usr/sbin/daemon
+pidfile="/var/run/${name}"
+command_args="-frP ${pidfile} /usr/local/sbin/${name} ${heartbeat_flags} --path.config ${heartbeat_config} --path.home ${heartbeat_home} --path.data ${heartbeat_data} --path.logs ${heartbeat_logs} -c ${heartbeat_conffile}"
+
+heartbeat_prestart() {
+# Have to empty rc_flags so they don't get passed to daemon(8)
+	rc_flags=""
+}
+
+run_rc_command "$1"

jails/config/elk/rc.d/kibana

@@ -0,0 +1,84 @@
+#!/bin/sh
+
+# PROVIDE: kibana
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name=kibana
+rcvar=kibana_enable
+
+load_rc_config $name
+
+: ${kibana_enable:="NO"}
+: ${kibana_config:="/usr/local/etc/kibana/kibana.yml"}
+: ${kibana_user:="www"}
+: ${kibana_group:="www"}
+: ${kibana_log:="/var/log/kibana.log"}
+: ${kibana_syslog_output_enable:="NO"}
+
+start_precmd="kibana_start_precmd"
+reload_cmd="kibana_reload_cmd"
+extra_commands="reload"
+
+if checkyesno kibana_syslog_output_enable; then
+	if [ -n "${kibana_syslog_output_tag}" ]; then
+		kibana_syslog_output_flags="-T ${kibana_syslog_output_tag}"
+	else
+		kibana_syslog_output_flags="-T ${name}"
+	fi
+	if [ -n "${kibana_syslog_output_priority}" ]; then
+		kibana_syslog_output_flags="${kibana_syslog_output_flags} -s ${kibana_syslog_output_priority}"
+	fi
+	if [ -n "${kibana_syslog_output_facility}" ]; then
+		kibana_syslog_output_flags="${kibana_syslog_output_flags} -l ${kibana_syslog_output_facility}"
+	fi
+fi
+
+NODE="/usr/local/bin/node"
+
+required_files="${kibana_config}"
+pidfile="/var/run/${name}-daemon.pid"
+_kpidfile="/var/run/${name}.pid"
+
+command="/usr/sbin/daemon"
+command_args="-f ${kibana_syslog_output_flags} -P ${pidfile} -t ${name} \
+	/usr/bin/env BABEL_DISABLE_CACHE=1 NODE_ENV=production ${kibana_env} \
+	${NODE} --no-warnings --max-http-header-size=65536 \
+	/usr/local/www/kibana7/src/cli/dist serve \
+	--config ${kibana_config} --log-file ${kibana_log} --allow-root \
+	--xpack.reporting.enabled=false ${kibana_args}"
+
+kibana_start_precmd()
+{
+	if [ ! -e "${pidfile}" ]; then
+		install -m 0600 -o ${kibana_user} -g ${kibana_group} /dev/null ${pidfile}
+	fi
+	if [ ! -e "${_kpidfile}" ]; then
+		install -m 0600 -o ${kibana_user} -g ${kibana_group} /dev/null ${_kpidfile}
+	fi
+	if [ ! -f ${kibana_log} ]; then
+		install -o ${kibana_user} -g ${kibana_group} -m 640 /dev/null ${kibana_log}
+	fi
+	if [ ! -d /usr/local/www/kibana7/optimize ]; then
+		install -d -o ${kibana_user} -g ${kibana_group} /usr/local/www/kibana7/optimize
+	else
+		# We may have installed a plugin as root which will cause files in here
+		# to be owned by root:wheel. Fix with a chown.
+		chown -R ${kibana_user}:${kibana_group} /usr/local/www/kibana7/optimize
+	fi
+}
+
+kibana_reload_cmd()
+{
+	if [ -z "$rc_pid" ]; then
+		_run_rc_notrunning
+		return 1
+	else
+		pkill -HUP -P ${rc_pid}
+	fi
+}
+
+run_rc_command "$1"

jails/config/elk/rc.d/metricbeat

@@ -0,0 +1,51 @@
+#!/bin/sh
+
+# PROVIDE: metricbeat
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf to enable metricbeat:
+#
+# metricbeat_enable (bool):	Set to YES to enable metricbeat
+# 				Default: NO
+# metricbeat_flags (str):	Extra flags passed to metricbeat
+# metricbeat_config (str):	metricbeat configuration directory
+#				Default: ${PREFIX}/etc/beats
+# metricbeat_conffile (str):	metricbeat configuration file
+#				relative to ${metricbeat_conf}
+#				Default: metricbeat.yml
+
+. /etc/rc.subr
+
+name="metricbeat"
+rcvar=${name}_enable
+load_rc_config $name
+
+: ${metricbeat_enable:="NO"}
+: ${metricbeat_config:="/usr/local/etc/beats"}
+: ${metricbeat_conffile:="metricbeat.yml"}
+: ${metricbeat_home:="/usr/local/share/beats/metricbeat"}
+: ${metricbeat_logs:="/var/log/beats"}
+: ${metricbeat_data:="/var/db/beats/metricbeat"}
+
+# daemon
+start_precmd=metricbeat_prestart
+command=/usr/sbin/daemon
+pidfile="/var/run/${name}"
+command_args="-frP ${pidfile} /usr/local/sbin/${name} ${metricbeat_flags} --path.config ${metricbeat_config} --path.home ${metricbeat_home} --path.data ${metricbeat_data} --path.logs ${metricbeat_logs} -c ${metricbeat_conffile}"
+
+metricbeat_prestart() {
+# Have to empty rc_flags so they don't get passed to daemon(8)
+	rc_flags=""
+}
+
+# metricbeat will refuse to quit if linprocfs is mounted, and sadly requires -9
+[ -f /compat/linux/proc/cpuinfo ] && stop_cmd=metricbeat_stop
+
+metricbeat_stop() {
+	pkill -9 -F ${pidfile} > /dev/null 2>&1
+	pkill -9 -F ${pidfile}.child > /dev/null 2>&1
+}
+
+run_rc_command "$1"