re-implement distributed feature, without ssh

add sensor compose file add distributed option to tpot config housekeeping / cleanup
2025-07-02 01:27:27 -04:00 · 2024-01-05 20:19:50 +01:00
parent c634d294c7
commit 1da37b5f85
16 changed files with 726 additions and 235 deletions
--- a/docker/elk/logstash/Dockerfile
+++ b/docker/elk/logstash/Dockerfile
@ -9,12 +9,9 @@ COPY dist/ /root/dist/
 RUN apt-get update -y && \
    apt-get install -y \
             aria2 \
-	     autossh \
             bash \
             bzip2 \
-	     curl \
-#             openjdk-11-jre \
-             openssh-client && \
+             curl && \
 #
 # Determine arch, get and install packages
    ARCH=$(arch) && \
--- a/docker/elk/logstash/dist/entrypoint.sh
+++ b/docker/elk/logstash/dist/entrypoint.sh
@ -42,25 +42,27 @@ if [ "$myCHECK" == "0" ];
    echo "Cannot reach Listbot, starting Logstash without latest translation maps."
 fi

-# Distributed T-Pot installation needs a different pipeline config and autossh tunnel. 
-if [ "$MY_TPOT_TYPE" == "SENSOR" ];
+# Distributed T-Pot installation needs a different pipeline config 
+if [ "$TPOT_TYPE" == "SENSOR" ];
  then
    echo
-    echo "Distributed T-Pot setup, sending T-Pot logs to $MY_HIVE_IP."
+    echo "Distributed T-Pot setup, sending T-Pot logs to $TPOT_HIVE_IP."
    echo
-    echo "T-Pot type: $MY_TPOT_TYPE"
-    echo "Keyfile used: $MY_SENSOR_PRIVATEKEYFILE"
-    echo "Hive username: $MY_HIVE_USERNAME"
-    echo "Hive IP: $MY_HIVE_IP"
+    echo "T-Pot type: $TPOT_TYPE"
+    echo "Hive IP: $TPOT_HIVE_IP"
    echo
-    # Ensure correct file permissions for private keyfile or SSH will ask for password
-    chmod 600 $MY_SENSOR_PRIVATEKEYFILE
+   # Ensure correct file permissions for private keyfile or SSH will ask for password
    cp /usr/share/logstash/config/pipelines_sensor.yml /usr/share/logstash/config/pipelines.yml
-    autossh -f -M 0 -4 -l $MY_HIVE_USERNAME -i $MY_SENSOR_PRIVATEKEYFILE -p 64295 -N -L64305:127.0.0.1:64305 $MY_HIVE_IP -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile=/dev/null"
 fi

-if [ "$MY_TPOT_TYPE" != "SENSOR" ];
+if [ "$TPOT_TYPE" != "SENSOR" ];
  then
+    echo
+    echo "This is a T-Pot STANDARD / HIVE installation."
+    echo
+    echo "T-Pot type: $TPOT_TYPE"
+    echo
+
    # Index Management is happening through ILM, but we need to put T-Pot ILM setting on ES.
    myTPOTILM=$(curl -s -XGET "http://elasticsearch:9200/_ilm/policy/tpot" | grep "Lifecycle policy not found: tpot" -c)
    if [ "$myTPOTILM" == "1" ];
--- a/docker/elk/logstash/dist/http_output.conf
+++ b/docker/elk/logstash/dist/http_output.conf
@ -708,7 +708,10 @@ output {
      id => "${MY_HOSTNAME}"
      codec => "json"
      format => "json_batch"
-      url => "http://127.0.0.1:64305"
+      url => "https://${TPOT_HIVE_IP}:64294"
+      cacert => "/data/hive.crt"
+      headers => {
+        "Authorization" => "Basic ${TPOT_HIVE_USER}"
+      }
    }
-
 }