Securing Elasticsearch
Elasticsearch allows encryption of communication with TLS with their X-pack module. This module is available out of the box with ES version 7.7 (shipping with Squirro 3.1.0 release).
SSL certificate
For this the certificate files can be put into /etc/elasticsearch/certs
as:
servername.key
servername.crt
ca.crt
They are then referenced in /etc/elasticsearch/elasticsearch.yml
by adding the following lines:
Code Block |
---|
xpack.ssl.key: certs/servername.key
xpack.ssl.certificate: certs/servername.crt
xpack.ssl.certificate_authorities: certs/ca.crt
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true |
Full documentation is available in the Elasticsearch manual at Encrypting Communications.
Access to Elasticsearch is passed through Nginx as well. To use HTTPS, the configuration needs to be adjusted in /etc/nginx/conf.d/00-default.conf
to access https://elastic
instead of http://elastic
. This can be achieved with the following command on the shell:
Code Block |
---|
$> sed -i'' -e 's@http://elastic@https://elastic@' /etc/nginx/conf.d/00-default.conf
$> nginx -t
$> service nginx reload |
To change the connection pattern in Elastisearch you must edit /etc/squirro/common.ini and change th following line:
Code Block |
---|
es_index_servers = http://127.0.0.1:81/ext/elastic
To:
es_index_servers = https://127.0.0.1:81/ext/elastic |
All the relevant service accessing Elasticsearch must be restarted after this configuration. It’s best to use squirro_restart
utility to restart all services
Password
A password can be defined to access Elasticsearch. For this the following line needs to be added to /etc/elasticsearch/elasticsearch.yml
:
Code Block |
---|
xpack.security.enabled: true |
Then restart Elasticsearch
Code Block |
---|
systemctl restart elasticsearch |
The password can then be defined by calling the command:
Code Block |
---|
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive |
After you set your password, you are required to add this parameter to Squirro. You must edit the /etc/squirro/common.ini
file and add the following lines (under the [index] section):
Code Block |
---|
es_auth_user = elastic # or the user you selected
es_auth_password = YOUR_PASSWORD |
NB: you can also generate a random password by calling:
Code Block |
---|
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto -b |
Restart all the Squirro services
Code Block |
---|
squirrro_restart |
Important: on ES version < 7.7.1 you must first install x-pack and then the commands change as follow:
Code Block |
---|
/usr/share/elasticsearch/bin/bin/x-pack/elasticsearch-setup-passwords auto -b
/usr/share/elasticsearch/bin/x-pack/setup-passwords interactive |
Cluster references:
https://www.elastic.co/guide/en/elasticsearch/reference/7.8/configuring-tls.html#tls-transport
Securing MariaDB
SSL can be enabled for MariaDB connections by setting the following configuration value in /etc/squirro/common.ini
:
Code Block |
---|
[db]
ssl=true
ssl_ca=<PATH_TO_SSL_CERTIFICATE> |
The [db]
section will already exist in the config file, thus the full section will then look something like this:
...
This page can now be found at Securing Elasticsearch and MariaDB on the Squirro Docs site.