This document provides instructions for configuring cross-cluster search with TLS between Elasticsearch clusters. It involves generating transport certificates signed by a CA, configuring the remote servers to use the certificates for TLS communication on port 9300, and adding the remote clusters to Kibana for cross-cluster search.
This document provides instructions for configuring cross-cluster search with TLS between Elasticsearch clusters. It involves generating transport certificates signed by a CA, configuring the remote servers to use the certificates for TLS communication on port 9300, and adding the remote clusters to Kibana for cross-cluster search.
This document provides instructions for configuring cross-cluster search with TLS between Elasticsearch clusters. It involves generating transport certificates signed by a CA, configuring the remote servers to use the certificates for TLS communication on port 9300, and adding the remote clusters to Kibana for cross-cluster search.
a. Masuk ke server remote elasticsearch master IP 10.91.1.240 b. Buat file instance.yml dengan menambahkan node dan ip member seperti dibawah ini: instances: - name: "af-mstselastic" ip: - "10.91.1.240" - "10.91.1.241" - "10.91.1.242" - "10.91.1.221" - "127.0.0.1" - "10.50.6.19" - "10.50.7.205" - "10.50.7.206" - "10.162.17.145" - "10.162.17.146" - "172.28.128.151" - "172.28.129.164" - "172.28.129.72" - "10.50.5.15" - name: "elasticseach-bpr-uat" ip: - "10.91.1.240" - "10.91.1.241" - "10.91.1.242" - "10.91.1.221" - "127.0.0.1" - "10.50.6.19" - "10.50.7.205" - "10.50.7.206" - "10.162.17.145" - "10.162.17.146" - "172.28.128.151" - "172.28.129.164" - "172.28.129.72" - name: "elasticseach-bpr-staging" ip: - "10.91.1.240" - "10.91.1.241" - "10.91.1.242" - "10.91.1.221" - "127.0.0.1" - "10.50.5.15" c. Pindah ke direktori ‘/usr/share/elasticsearch/’ d. Eksekusi command berikut. ./bin/elasticsearch-certutil cert --ca-cert /etc/elasticsearch/ca/ca.crt --ca-key /etc/elasticsearch/ca/ca.key --pem --in /etc/kibana/instance3.yml --out /usr/share/elasticsearch/new- certs-bpr.zip 2. Konfigurasi server remote a. Edit file elasticsearch.yml pada semua node server remote elasticsearch, tambahkan konfigurasi seperti dibawah ini, dengan menggunakan file hasil ekstrac dari generate sertifikat. xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.key: /etc/elasticsearch/af-mstselastic/af-mstselastic.key xpack.security.transport.ssl.certificate: /etc/elasticsearch/af-mstselastic/af-mstselastic.crt xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch/ca/ca.crt xpack.security.transport.ssl.client_authentication: none xpack.security.transport.ssl.verification_mode: none b. Restart elasticsearch service c. Pengecekan sertifikat untuk port 9300 dengan menjalankan command berikut. curl 'https://10.91.1.240:9300' --cacert /etc/elasticsearch/ca/ca.crt --cert /home/adm-app/Downloads/elasticseach-bpr-staging/elasticseach-bpr-staging.crt --key /home/adm- app/Downloads/elasticseach-bpr-staging/elasticseach-bpr-staging.key
3. Konfigurasi server client remote
a. Edit file elasticsearch.yml pada semua node server client remote elasticsearch, tambahkan konfigurasi seperti dibawah ini xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.key: /etc/elasticsearch/elasticseach-bpr-staging/elasticseach-bpr- staging .key xpack.security.transport.ssl.certificate: /etc/elasticsearch/elasticseach-bpr-staging/elasticseach-bpr- staging .crt xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch/ca/ca.crt xpack.security.transport.ssl.client_authentication: none xpack.security.transport.ssl.verification_mode: none b. Restart elasticsearch service 4. Penambahan Cluster remote pada kibana a. Buka kibana, masuk ke menu stack management -> cross cluster, klik add remote cluster, isi form, dan klik save