Konfigurasi Cross cluster search dengan TLS.

1. Membuat Sertifikat transport

a. Masuk ke server remote elasticsearch master IP 10.91.1.240
b. Buat file instance.yml dengan menambahkan node dan ip member seperti dibawah ini:
instances:
- name: "af-mstselastic"
ip:
- "10.91.1.240"
- "10.91.1.241"
- "10.91.1.242"
- "10.91.1.221"
- "127.0.0.1"
- "10.50.6.19"
- "10.50.7.205"
- "10.50.7.206"
- "10.162.17.145"
- "10.162.17.146"
- "172.28.128.151"
- "172.28.129.164"
- "172.28.129.72"
- "10.50.5.15"
- name: "elasticseach-bpr-uat"
ip:
- "10.91.1.240"
- "10.91.1.241"
- "10.91.1.242"
- "10.91.1.221"
- "127.0.0.1"
- "10.50.6.19"
- "10.50.7.205"
- "10.50.7.206"
- "10.162.17.145"
- "10.162.17.146"
- "172.28.128.151"
- "172.28.129.164"
- "172.28.129.72"
- name: "elasticseach-bpr-staging"
ip:
- "10.91.1.240"
- "10.91.1.241"
- "10.91.1.242"
- "10.91.1.221"
- "127.0.0.1"
- "10.50.5.15"
c. Pindah ke direktori ‘/usr/share/elasticsearch/’
d. Eksekusi command berikut.
./bin/elasticsearch-certutil cert --ca-cert /etc/elasticsearch/ca/ca.crt --ca-key
/etc/elasticsearch/ca/ca.key --pem --in /etc/kibana/instance3.yml --out /usr/share/elasticsearch/new-
certs-bpr.zip
2. Konfigurasi server remote
a. Edit file elasticsearch.yml pada semua node server remote elasticsearch, tambahkan konfigurasi
seperti dibawah ini, dengan menggunakan file hasil ekstrac dari generate sertifikat.
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.key: /etc/elasticsearch/af-mstselastic/af-mstselastic.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/af-mstselastic/af-mstselastic.crt
xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch/ca/ca.crt
xpack.security.transport.ssl.client_authentication: none
xpack.security.transport.ssl.verification_mode: none
b. Restart elasticsearch service
c. Pengecekan sertifikat untuk port 9300 dengan menjalankan command berikut.
curl 'https://10.91.1.240:9300' --cacert /etc/elasticsearch/ca/ca.crt --cert
/home/adm-app/Downloads/elasticseach-bpr-staging/elasticseach-bpr-staging.crt --key /home/adm-
app/Downloads/elasticseach-bpr-staging/elasticseach-bpr-staging.key

3. Konfigurasi server client remote

a. Edit file elasticsearch.yml pada semua node server client remote elasticsearch, tambahkan
konfigurasi seperti dibawah ini
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.key: /etc/elasticsearch/elasticseach-bpr-staging/elasticseach-bpr-
staging .key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/elasticseach-bpr-staging/elasticseach-bpr-
staging .crt
xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch/ca/ca.crt
xpack.security.transport.ssl.client_authentication: none
xpack.security.transport.ssl.verification_mode: none
b. Restart elasticsearch service
4. Penambahan Cluster remote pada kibana
a. Buka kibana, masuk ke menu stack management -> cross cluster, klik add remote cluster, isi
form, dan klik save