Versions Compared

Old Version 11

changes.mady.by.user Tzanetos Balitsaris

Saved on

compared with

New Version Current

changes.mady.by.user Nathan Gosse

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Securing Elasticsearch

Elasticsearch allows encryption of communication with TLS with their X-pack module. This module is available out of the box with ES version 7.7 (shipping with Squirro 3.1.0 release).

SSL certificate

For this the certificate files can be put into /etc/elasticsearch/certs as:

  • servername.key

  • servername.crt

  • ca.crt

They are then referenced in /etc/elasticsearch/elasticsearch.yml by adding the following lines:

Code Block
xpack.ssl.key: certs/servername.key
xpack.ssl.certificate: certs/servername.crt
xpack.ssl.certificate_authorities: certs/ca.crt

xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true

Full documentation is available in the Elasticsearch manual at Encrypting Communications.

Access to Elasticsearch is passed through Nginx as well. To use HTTPS, the configuration needs to be adjusted in /etc/nginx/conf.d/00-default.conf to access https://elastic instead of http://elastic. This can be achieved with the following command on the shell:

Code Block
$> sed -i'' -e 's@http://elastic@https://elastic@' /etc/nginx/conf.d/00-default.conf
$> nginx -t
$> service nginx reload

To change the connection pattern in Elastisearch you must edit /etc/squirro/common.ini and change th following line:

Code Block
es_index_servers = http://127.0.0.1:81/ext/elastic

To:

es_index_servers = https://127.0.0.1:81/ext/elastic

All the relevant service accessing Elasticsearch must be restarted after this configuration. It’s best to use squirro_restart utility to restart all services

Password

A password can be defined to access Elasticsearch. For this the following line needs to be added to /etc/elasticsearch/elasticsearch.yml:

Code Block
xpack.security.enabled: true

Then restart Elasticsearch

Code Block
systemctl restart elasticsearch

The password can then be defined by calling the command:

Code Block
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

After you set your password, you are required to add this parameter to Squirro. You must edit the /etc/squirro/common.ini file and add the following lines (under the [index] section):

Code Block
es_auth_user = elastic # or the user you selected
es_auth_password = YOUR_PASSWORD

NB: you can also generate a random password by calling:

Code Block
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto -b

Restart all the Squirro services

Code Block
squirrro_restart

Important: on ES version < 7.7.1 you must first install x-pack and then the commands change as follow:

Code Block
/usr/share/elasticsearch/bin/bin/x-pack/elasticsearch-setup-passwords auto -b
/usr/share/elasticsearch/bin/x-pack/setup-passwords interactive

Cluster references:

https://www.elastic.co/guide/en/elasticsearch/reference/7.8/configuring-tls.html#tls-transport

Securing MariaDB

SSL can be enabled for MariaDB connections by setting the following configuration value in /etc/squirro/common.ini:

Code Block
[db]
ssl=true
ssl_ca=<PATH_TO_SSL_CERTIFICATE>

The [db] section will already exist in the config file, thus the full section will then look something like this:

...

This page can now be found at Securing Elasticsearch and MariaDB on the Squirro Docs site.