# Clone Debian Stretch template, set up IPs, hostname, ssh keys
apt update
apt -y dist-upgrade

##############################################################################
# Install Java dependency
apt install openjdk-8-jre-headless


# Install Elasticsearch version 6 (latest)
# Get key
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
# Install deps (should be installed already):
apt-get -y install apt-transport-https
# Set up repo for release 6.x
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list

# Disable apt-cache in /etc/apt/apt.conf, it doesn't work with https
apt update

# It doesn't appear the open source version is in the repo, needs manual install. XXX
#apt install elasticsearch-oss
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.3.2.deb
dpkg -i elasticsearch-oss-6.3.2.deb

# Configure a cluster name and answer on IP.
# Open firewall
# Allow elasticsearch
-A INPUT -p tcp --dport 9200 -j ACCEPT
-A INPUT -p tcp --dport 9300 -j ACCEPT

# Set up configuration:
vim /etc/elasticsearch/elasticsearch.yml
# Set:
cluster.name: elasticsearch
network.host: 10.22.22.124

# Start:
systemctl start elasticsearch.service

# Start on boot:
systemctl enable elasticsearch.service

### XXX Backups
### XXX Prometheus :)

##############################################################################
# Setting up logging from rsyslog to Elasticsearch

# On client machine:
apt install rsyslog-elasticsearch

cat >  /etc/rsyslog.d/elasticsearch.conf <<EOF
module(load="omelasticsearch")
template(name="rsyslog"
         type="list"
         option.json="on") {
           constant(value="{")
             constant(value="\"timestamp\":\"")      property(name="timereported" dateFormat="rfc3339")
             constant(value="\",\"message\":\"")     property(name="msg")
             constant(value="\",\"host\":\"")        property(name="hostname")
             constant(value="\",\"severity\":\"")    property(name="syslogseverity-text")
             constant(value="\",\"facility\":\"")    property(name="syslogfacility-text")
             constant(value="\",\"syslogtag\":\"")   property(name="syslogtag")
           constant(value="\"}")
         }
action(type="omelasticsearch"
       server="10.22.22.124"
       serverport="9200"
       template="rsyslog"
       searchIndex="rsyslog-index"
       searchType="rsyslog-type"
       bulkmode="on"
       maxbytes="100m"
       queue.type="linkedlist"
       queue.size="5000"
       queue.dequeuebatchsize="300"
       action.resumeretrycount="-1")
EOF

systemctl restart rsyslog

##############################################################################
# Enable plugins for syslog:
/usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-geoip
##############################################################################