Fix #40

afeefghannam89 · afeefghannam89 · commit 0f957ad0e536 · 2023-02-06T10:14:15.000+01:00
diff --git a/docs/role-logstash.md b/docs/role-logstash.md
@@ -55,7 +55,6 @@ Aside from `logstash.yml` we can manage Logstashs pipelines.
 * *logstash_beats_input*: Enable default pipeline with `beats` input (default: `true`)
 * *logstash_beats_input_congestion*: Optional congestion threshold for the beats input pipeline
 * *logstash_beats_tls*: Activate TLS for the beats input pipeline (default: none but `true` with full stack setup if not set)
-* *logstash_beats_tls_encryptkey*: Enable encryption of key for beats input - disabling used as a workaround on certain hosts (default: true)
 * *logstash_tls_key_passphrase*: Passphrase for Logstash certificates (default: `ChangeMe`)
 * *logstash_elasticsearch*: Address of Elasticsearch instance for default output (default: list of Elasticsearch nodes from `elasticsearch` role or `localhost` when used standalone)
 * *logstash_security*: Enable X-Security (No default set, but will be activated when in full stack mode)
diff --git a/roles/logstash/defaults/main.yml b/roles/logstash/defaults/main.yml
@@ -35,7 +35,6 @@ logstash_pipelines:
 #     source: https://github.com/widhalmt/shipper-logstash-pipeline.git
 logstash_elasticsearch_output: true
 logstash_beats_input: true
-logstash_beats_tls_encryptkey: true
 
 # logstash security
 logstash_user: logstash_writer
diff --git a/roles/logstash/tasks/logstash-security.yml b/roles/logstash/tasks/logstash-security.yml
@@ -125,18 +125,6 @@
   tags:
     - certificates
 
-- name: Create Logstash compatible key
-  command: >
-    openssl pkcs8
-    -in {{ logstash_certs_dir }}/{{ inventory_hostname }}.key
-    -topk8
-    -passin pass:{{ logstash_tls_key_passphrase }}
-    -out {{ logstash_certs_dir }}/{{ inventory_hostname }}-pkcs8.key
-    -passout pass:{{ logstash_tls_key_passphrase }}
-  args:
-    creates: "{{ logstash_certs_dir }}/{{ inventory_hostname }}-pkcs8.key"
-  when: logstash_beats_tls_encryptkey | bool
-
 - name: Create unencrypted Logstash compatible key
   command: >
     openssl pkcs8
@@ -147,7 +135,6 @@
     -nocrypt
   args:
     creates: "{{ logstash_certs_dir }}/{{ inventory_hostname }}-pkcs8.key"
-  when: not logstash_beats_tls_encryptkey | bool
 
 - name: Set permissions on Logstash key
   file:
diff --git a/roles/logstash/templates/beats-input.conf.j2 b/roles/logstash/templates/beats-input.conf.j2
@@ -8,10 +8,6 @@ input {
     ssl_verify_mode => force_peer
     ssl_certificate_authorities => ["{{ logstash_certs_dir }}/ca.crt"]
     ssl_peer_metadata => false
-{% if logstash_beats_tls_encryptkey | bool %}
-    ssl_key_passphrase => "{{ logstash_tls_key_passphrase }}"
 {% endif %}
-{% endif %}
-
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -8,10 +8,6 @@ input {`
`8`	`8`	`ssl_verify_mode => force_peer`
`9`	`9`	`ssl_certificate_authorities => ["{{ logstash_certs_dir }}/ca.crt"]`
`10`	`10`	`ssl_peer_metadata => false`
`11`		`-{% if logstash_beats_tls_encryptkey \| bool %}`
`12`		`- ssl_key_passphrase => "{{ logstash_tls_key_passphrase }}"`
`13`	`11`	`{% endif %}`
`14`		`-{% endif %}`
`15`		`-`
`16`	`12`	`}`
`17`	`13`	`}`