The upstream freedomofpress.generate-ssl-cert role now supports
fine-grained permissions management. Rather than place the certificate
and keyfile for the Logstash service in the system-wide CA directory,
place them in the Logstash config directory with permissions on the key
so that it is readable by the "logstash" user.
Requires a hard-coded change to the Logstash input config, since the
config files are not yet templatized, meaning no vars can be interpolated.
conorsch
commented
8 years ago
The upstream freedomofpress.generate-ssl-cert role now supports fine-grained permissions management. Rather than place the certificate and keyfile for the Logstash service in the system-wide CA directory, place them in the Logstash config directory with permissions on the key so that it is readable by the "logstash" user.
Requires a hard-coded change to the Logstash input config, since the config files are not yet templatized, meaning no vars can be interpolated.