• caglararli@hotmail.com
  • 05386281520

Connecting Logstash To Elasticsearch via SSL (Docker Container)

Çağlar Arlı      -    10 Views

Connecting Logstash To Elasticsearch via SSL (Docker Container)

My environment consists of 2 docker containers, one running Logstash and another running Elasticsearch on the SAME host & SAME docker network. I am trying to setup SSL between the 2 of them (this is because Elasticsearch needs SSL and can be reached out to by sources outside the network, thus Logstash also needs to communicate with Elasticsearch via SSL). Since I’m testing this out I’m using self signed certificates.

I have been running into various issues as far as configuration is concerned, I only have 1 pair of SSL key & certificate which I’m using across my dev/test environment.

Here’s what my elasticsearch configuration looks like

[root@hdp100:~ (default)]$ docker exec -it elastic_default bash -c "cat /usr/share/elasticsearch/config/elasticsearch.yml"
    network.host: 0.0.0.0
    node.roles: [ data, master ]
    cluster.name: "docker-cluster"
    discovery.type: single-node
    # Enable security features
    xpack.security.enabled: true
    xpack.security.authc.realms.file.file1.order: 0
    xpack.security.http.ssl.enabled: true
    xpack.security.http.ssl.key: /usr/share/elasticsearch/config/security/logstore_server.key
    xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/security/logstore_server.crt

Here's what my output section looks like for logstash

output {
  if [kubernetes] {
     if [kubernetes][labels][adcomponent] {
          elasticsearch {
           user => “test"
           password => “pass@word"
           hosts => ["https://ad-elastic:9200"]
           manage_template => false
           index => "kubernetes-logs-%{[kubernetes][labels][adcomponent]}-%{+yyyy.MM.dd}"
           ssl_enabled => true
           cacert => ["/usr/share/logstash/config/security/logparse_server.crt"]
         }
     }
     else {
        elasticsearch {
         user => “test"
         password => “pass@word"
         hosts => ["https://ad-elastic:9200"]
         manage_template => false
         index => "kubernetes-logs-kubernetes-%{+yyyy.MM.dd}"
         ssl_enabled => true
         cacert => ["/usr/share/logstash/config/security/logparse_server.crt"]
       }
     }
   }
}

I keep getting the following error in logstash, ad-elastic resolves to the IP of the docker container running elastic.

[2024-02-14T09:51:57,824][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://test:xxxxxx@ad-elastic:9200/", :exception=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://ad-elastic:9200/][Manticore::UnknownException] Certificate for doesn't match any of the subject alternative names: [vm001.sre.test.dev, *.sre.test.dev]"}

What is the right way to configure SSL here ? Should I be looking into using truststore ?