add appendices, mostly

kilfoyle · kilfoyle · commit d7dfb7898b01 · 2023-07-05T15:42:24.000-04:00
diff --git a/docs/en/install-upgrade/air-gapped-install.asciidoc b/docs/en/install-upgrade/air-gapped-install.asciidoc
@@ -198,52 +198,298 @@ The following script generates a SystemD service file on a RHEL 8 system in orde
 
 [source,shell]
 ----
-toast
+#!/usr/bin/env bash
+
+EPR_BIND_ADDRESS="0.0.0.0"
+EPR_BIND_PORT="8443"
+EPR_TLS_CERT="/etc/elastic/epr/epr.pem"
+EPR_TLS_KEY="/etc/elastic/epr/epr-key.pem"
+EPR_IMAGE="docker.elastic.co/package-registry/distribution:8.4.3"
+
+podman create \
+  --name "elastic-epr" \
+  -p "$EPR_BIND_ADDRESS:$EPR_BIND_PORT:$EPR_BIND_PORT" \
+  -v "$EPR_TLS_CERT:/etc/ssl/epr.crt:ro" \
+  -v "$EPR_TLS_KEY:/etc/ssl/epr.key:ro" \
+  -e "EPR_ADDRESS=0.0.0.0:$EPR_BIND_PORT" \
+  -e "EPR_TLS_CERT=/etc/ssl/epr.crt" \
+  -e "EPR_TLS_KEY=/etc/ssl/epr.key" \
+  "$EPR_IMAGE"
+
+## creates service file in the root directory
+# podman generate systemd --new --files --name elastic-epr --restart-policy always
+----
+
+The following is an example of an actual SystemD service file for an EPR, launched as a Podman service.
+
+[source,shell]
+----
+# container-elastic-epr.service
+# autogenerated by Podman 4.1.1
+# Wed Oct 19 13:12:33 UTC 2022
+
+[Unit]
+Description=Podman container-elastic-epr.service
+Documentation=man:podman-generate-systemd(1)
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=%t/containers
+
+[Service]
+Environment=PODMAN_SYSTEMD_UNIT=%n
+Restart=always
+TimeoutStopSec=70
+ExecStartPre=/bin/rm -f %t/%n.ctr-id
+ExecStart=/usr/bin/podman run \
+	--cidfile=%t/%n.ctr-id \
+	--cgroups=no-conmon \
+	--rm \
+	--sdnotify=conmon \
+	-d \
+	--replace \
+	--name elastic-epr \
+	-p 0.0.0.0:8443:8443 \
+	-v /etc/elastic/epr/epr.pem:/etc/ssl/epr.crt:ro \
+	-v /etc/elastic/epr/epr-key.pem:/etc/ssl/epr.key:ro \
+	-e EPR_ADDRESS=0.0.0.0:8443 \
+	-e EPR_TLS_CERT=/etc/ssl/epr.crt \
+	-e EPR_TLS_KEY=/etc/ssl/epr.key docker.elastic.co/package-registry/distribution:8.6.2
+ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
+ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=default.target
 ----
 
 [discrete]
 [[air-gapped-elastic-artifact-registry-example]]
 === Appendix B - Elastic Artifact Registry
 
-tbd
+The following example script downloads artifacts from the internet to be later served as a private Elastic Package Registry.
+
+[source,shell]
+----
+#!/usr/bin/env bash
+set -o nounset -o errexit -o pipefail
+
+STACK_VERSION=8.4.3
+ARTIFACT_DOWNLOADS_BASE_URL=https://artifacts.elastic.co/downloads
+
+DOWNLOAD_BASE_DIR=${DOWNLOAD_BASE_DIR:?"Make sure to set DOWNLOAD_BASE_DIR when running this script"}
+
+COMMON_PACKAGE_PREFIXES="apm-server/apm-server beats/auditbeat/auditbeat beats/elastic-agent/elastic-agent beats/filebeat/filebeat beats/heartbeat/heartbeat beats/metricbeat/metricbeat beats/osquerybeat/osquerybeat beats/packetbeat/packetbeat cloudbeat/cloudbeat endpoint-dev/endpoint-security fleet-server/fleet-server"
+
+WIN_ONLY_PACKAGE_PREFIXES="beats/winlogbeat/winlogbeat"
+
+RPM_PACKAGES="beats/elastic-agent/elastic-agent"
+DEB_PACKAGES="beats/elastic-agent/elastic-agent"
+
+function download_packages() {
+  local url_suffix="$1"
+  local package_prefixes="$2"
+
+  local _url_suffixes="$url_suffix ${url_suffix}.sha512 ${url_suffix}.asc"
+  local _pkg_dir=""
+  local _dl_url=""
+
+  for _download_prefix in $package_prefixes; do
+    for _pkg_url_suffix in $_url_suffixes; do
+          _pkg_dir=$(dirname ${DOWNLOAD_BASE_DIR}/${_download_prefix})
+          _dl_url="${ARTIFACT_DOWNLOADS_BASE_URL}/${_download_prefix}-${_pkg_url_suffix}"
+          (mkdir -p $_pkg_dir && cd $_pkg_dir && curl -O "$_dl_url")
+    done
+  done
+}
+
+# and we download
+for _os in linux windows; do
+  case "$_os" in
+    linux)
+      PKG_URL_SUFFIX="${STACK_VERSION}-${_os}-x86_64.tar.gz"
+      ;;
+    windows)
+      PKG_URL_SUFFIX="${STACK_VERSION}-${_os}-x86_64.zip"
+      ;;
+    *)
+      echo "[ERROR] Something happened"
+      exit 1
+      ;;
+  esac
+
+  download_packages "$PKG_URL_SUFFIX" "$COMMON_PACKAGE_PREFIXES"
+  
+  if [[ "$_os" = "windows" ]]; then
+    download_packages "$PKG_URL_SUFFIX" "$WIN_ONLY_PACKAGE_PREFIXES"
+  fi
+
+  if [[ "$_os" = "linux" ]]; then
+    download_packages "${STACK_VERSION}-x86_64.rpm" "$RPM_PACKAGES"
+    download_packages "${STACK_VERSION}-amd64.deb" "$DEB_PACKAGES"
+  fi
+done
+
+
+## selinux tweaks
+# semanage fcontext -a -t "httpd_sys_content_t" '/opt/elastic-packages(/.*)?'
+# restorecon -Rv /opt/elastic-packages
+
+----
+
+The following is an example NGINX configuration for running a web server for the Elastic Artifact Registry.
+
+[source,shell]
+----
+user  nginx;
+worker_processes  2;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log          /var/log/nginx/access.log  main;
+    sendfile            on;
+    keepalive_timeout   65;
+
+    server {
+        listen                  9080 default_server;
+        server_name             _;
+        root                    /opt/elastic-packages;
+
+        location / {
+
+        }
+    }
+
+}
+
+----
 
 [discrete]
 [[air-gapped-epr-kubernetes-example]]
 === Appendix C - EPR Kubernetes Deployment
 
+The following is a sample EPR Kubernetes deployment YAML file.
+
+[source,yaml]
+----
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: elastic-package-registry
+  namespace: default
+  labels:
+    app: elastic-package-registry
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: elastic-package-registry
+  template:
+    metadata:
+      name: elastic-package-registry
+      labels:
+        app: elastic-package-registry
+    spec:
+      containers:
+        - name: epr
+          image: docker.elastic.co/package-registry/distribution:8.6.1
+          ports:
+            - containerPort: 8080
+              name: http
+          livenessProbe:
+            tcpSocket:
+              port: 8080
+            initialDelaySeconds: 20
+            periodSeconds: 30
+          resources:
+            requests:
+              cpu: 125m
+              memory: 128Mi
+            limits:
+              cpu: 1000m
+              memory: 512Mi
+          env:
+            - name: EPR_ADDRESS
+              value: "0.0.0.0:8080"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: elastic-package-registry
+  name: elastic-package-registry
+spec:
+  ports:
+  - port: 80
+    name: http
+    protocol: TCP
+    targetPort: http
+  selector:
+    app: elastic-package-registry
+----
+
 [discrete]
 [[air-gapped-agent-integration-guide]]
 === Appendix D - Agent Integration Guide
 
-tbd
+When configuring any integration in {agent}, you need to set up integration settings within whatever policy is ultimately assigned to that agent.
 
 [discrete]
 [[air-gapped-agent-integration-terminology]]
 ==== D.1. Terminology
 
-tbd
+Note the following terms and definitions:
+
+Integration::
+A variety of optional capabilities that can be deployed on top of the {stack}. refer to link:https://www.elastic.co/integrations/[Integrations] to learn more.
+
+Agent integration::
+The integrations that require {agent} to run. For example, the Sample Data integration requires only {es} and {kib} and consists of dashboards, data, and related objects, but the APM integration not only has some {es} objects, but also needs {agent} to run the APM Server.
+
+Package::
+A set of dependencies (such as dashboards, scripts, and others) for a given  integration that, typically, needs to be retrieved from the <<air-gapped-elastic-package-registry,Elastic Package Registry>> before an integration can be correctly installed and configured.
+
+Agent policy::
+A configuration for the {agent} that may include one or more {agent} integrations, and configurations for each of those integrations.
 
 [discrete]
 [[air-gapped-agent-integration-configure]]
 ==== D.2. How to configure
 
-tbd
+There are three ways to configure {agent} integrations:
+
+* <<air-gapped-agent-integration-configure-kibana>>
+* <<air-gapped-agent-integration-configure-yml>>
+* <<air-gapped-agent-integration-configure-fleet-api>>
 
 [discrete]
 [[air-gapped-agent-integration-configure-kibana]]
-==== D.2.1. Using {kib} UI
+==== D.2.1. Using the {kib} UI
 
 tbd
 
 [discrete]
 [[air-gapped-agent-integration-configure-yml]]
-==== D.2.2. Using `kibana.yml` config file
+==== D.2.2. Using the `kibana.yml` config file
 
 tbd
 
 [discrete]
 [[air-gapped-agent-integration-configure-fleet-api]]
-==== D.2.3. Using {kib} {fleet} API
+==== D.2.3. Using the {kib} {fleet} API
 
 tbd
 
