[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [logging]



Not sure how logstash chooses which cert/key to use from the truststore.  You might ask on a logstash forum.

Or, just use the fluentd cert/key with plain old client cert and key files in pem format, if logstash supports that.  You can dump the fluentd ca, cert, and key using

oc extract -n logging secret/logging-fluentd --keys=cert --to=- fluentd-cert.pem

etc.


On 05/31/2018 06:02 AM, Himmat Singh wrote:
Hi,
Anybody worked on sending logs from logstash server (pod running on openshift) with existing elasticsearch of openshift efk solution which is secured with searchguard..

Please share configuration details how to get connectivity between them.

I am getting same kind of below error again again..



On Wed, May 30, 2018, 3:16 PM Himmat Singh <himmat singh balot gmail com <mailto:himmat singh balot gmail com>> wrote:

    Hi Team,

    I have deployed rabbitmq, logstash server on openshift to make
    another ELK pipeline for logging which supports some set of
    application and want to forward logs from those application logs
    through ELK pipeline but Elasticsearch will be the common For both
    EFK/ELK pipeline.

    I have below secrets on openshift logging-elasticsearch :

    |logging-elasticsearch created 3 months ago Opaque Reveal Secret
    admin-ca ***** admin-cert ***** admin-key ***** admin.jks *****
    key ***** searchguard.key ***** searchguard.truststore *****
    truststore ***** |

    ------------------------------------------------------------------------

    I have grabbed truststore key using below command and used
    truststore_password => tspass from elasticsaerch.yml :

    |sudo oc get secret logging-elasticsearch --template='{{index .data
    "truststore"}}' | base64 -d > truststore.jks |

    Please help me with procedure i need to follow if i want to
    connect using truststore keys,username,password for truststore.

    Below is logstash.conf file : :

    |input { rabbitmq { host => "rabbitmq-logstash" queue => "logstash"
    durable => true port => 5672 user => "admin" password => "admin" }
    } output { elasticsearch { hosts => ["logging-es:9200"] #cacert =>
    '/etc/logstash/conf.d/keys/es-ca.crt' #user => 'fluentd' #password
    => 'changeme' ssl => true ssl_certificate_verification => false
    truststore => "/etc/logstash/conf.d/keys/truststore.jks"
    truststore_password => tspass index => "logstash-%{+YYYY.MM.dd}"
    manage_template => false document_type => "%{[ metadata][type]}" }
    stdout { codec => rubydebug } } |

    I am facing below error:

    10:51:56.154 [Ruby-0-Thread-5:
    /usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-7.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:228]
    WARN logstash.outputs.elasticsearch - Attempted to resurrect
    connection to dead ES instance, but got an error.
    {:url=>"https://logging-es:9200/";,
    :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError,
    :error=>"Got response code '401' contacting Elasticsearch at URL
    'https://logging-es:9200/'"} <https://logging-es:9200/%27%22%7D>
    10:52:01.155 [Ruby-0-Thread-5:
    /usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-7.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:228]
    INFO logstash.outputs.elasticsearch - Running health check to see
    if an Elasticsearch connection is working
    {:healthcheck_url=>https://logging-es:9200/, :path=>"/"}
      | 10:52:01.158 [Ruby-0-Thread-5:
    /usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-7.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:228]
    WARN logstash.outputs.elasticsearch - Attempted to resurrect
    connection to dead ES instance, but got an error.
    {:url=>"https://logging-es:9200/";,
    :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError,
    :error=>"Got response code '401' contacting Elasticsearch at URL
    'https://logging-es:9200/'"} <https://logging-es:9200/%27%22%7D>

    Please help me with correct configuration how do i get all
    parameter username, password and truststore_password, truststore,
    ca certificate.


    *Thanks and Regards, *
    *Himmat Singh.*
    *Virtusa|Polaris Pvt Ltd*
    *8465009408*
    *
    *
    *
    *



_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]