#!/bin/bash

# run:  . configure_sg.sh /etc/elasticsearch/config
# Bedingung: Eingebasht im laufenden Container (nach Initierung start.sh)
echo "============================> Configuring Elasticsearch"
service elasticsearch stop
cd /opt/elasticsearch/
bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:6.4.2-23.1

cd /etc/elasticsearch
sed -i '$ a searchguard.enterprise_modules_enabled: false' elasticsearch.yml


cd /opt/tls/tools
./sgtlstool.sh -c /etc/elasticsearch/certificates/config.yml -ca -crt -t /etc/elasticsearch/

sleep 5s
echo "============================> Waiting 5 seconds after the creation of the certificates"
echo "============================> Updating elasticsearch.yml"
cd /etc/elasticsearch
sed -i '$ a searchguard.ssl.transport.pemcert_filepath: node-1.pem' elasticsearch.yml
sed -i '$ a searchguard.ssl.transport.pemkey_filepath: node-1.key' elasticsearch.yml
sed -i '$ a searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem' elasticsearch.yml
sed -i '$ a searchguard.ssl.transport.enforce_hostname_verification: false' elasticsearch.yml
sed -i '$ a searchguard.ssl.transport.resolve_hostname: false' elasticsearch.yml
sed -i '$ a searchguard.ssl.http.enabled: false' elasticsearch.yml
sed -i '$ a searchguard.authcz.admin_dn: ' elasticsearch.yml
sed -i '$ a - CN=kirk.localhost,OU=Ops,O=localhost\, Inc.,DC=localhost' elasticsearch.yml
sed -i '$ a searchguard.cert.oid: 1.2.3.4.5.5' elasticsearch.yml
sed -i '$ a searchguard.restapi.roles_enabled: ["sg_all_access"]' elasticsearch.yml
sed -i '$ a xpack.security.enabled: false' elasticsearch.yml

service elasticsearch start
echo "============================> Waiting 10 seconds after starting elastic-search"
sleep 5s
echo "============================> Executing sgadmin.sh"
cd /opt/elasticsearch/plugins/search-guard-6/tools
chmod +x sgadmin.sh
./sgadmin.sh -esa -cd ../sgconfig/ -icl -nhnv -icl -nhnv -cacert /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key /etc/elasticsearch/kirk.key
./sgadmin.sh -cd ../sgconfig/ -icl -nhnv -icl -nhnv -cacert /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key /etc/elasticsearch/kirk.key
sleep 5s

# echo "============================> Configuring Kibana"
# cd /opt/kibana
# bin/kibana-plugin install https://oss.sonatype.org/service/local/repositories/releases/content/com/floragunn/search-guard-kibana-plugin/6.4.2-15/search-guard-kibana-plugin-6.4.2-15.zip
# cd /opt/kibana/config
# service kibana stop
# sleep 3s
# echo "=============================> Updating kibana.yml"
# sed -i '$ a xpack.segurity.enabled: false' kibana.yml
# sed -i '$ a searchguard.auth.type: "basicauth"' kibana.yml
# sed -i '$ a elasticsearch.url: "http://localhost:9200"' kibana.yml
# sed -i '$ a elasticsearch.ssl.verificationMode: none' kibana.yml
# sed -i '$ a elasticsearch.username: "kibanaserver"' kibana.yml
# sed -i '$ a elasticsearch.password: "kibanaserver"' kibana.yml
# sed -i '$ a searchguard.readonly_mode.roles: ["sg_guest"]'  kibana.yml
# sed -i '$ a #Client mode' kibana.yml
# sed -i '$ a #searchguard.client_mode.roles: ["sg_client"]'  kibana.yml
# sed -i '$ a #Login page customization'  kibana.yml
# service kibana start