sentient
(Sentient)
January 18, 2022, 7:14pm
1
I am looking at the code
// Licensed to Elasticsearch B.V. under one or more contributor
// license agreements. See the NOTICE file distributed with
// this work for additional information regarding copyright
// ownership. Elasticsearch B.V. licenses this file to you under
// the Apache License, Version 2.0 (the "License"); you may
// not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package aerospike
import (
This file has been truncated. show original
and trying to figure out how I should configure TLS certificates to get access to the aerospike service endpoint with TLS configured.
Does anybody have a successful module configuration example for this?
I tried
- module: aerospike
metricsets: ["namespace"]
enabled: true
period: 10s
hosts: ["localhost:3000"]
ssl.certificate: /my_aerospike_certs/cert.pem
ssl.key: /my_aerospike_certs/key.pem
ssl.certificate_authorities: /my_aerospike_certs/ca.pem
but I keep getting this error
127.0.0.1:3000: read: connection reset by peer
Not sure when these ssl. are being applied in the module code
Thanks for any help
sentient
(Sentient)
January 28, 2022, 5:12pm
2
Looking at the elastic code implementation and the aerospike client api,
this functionality is not implemented.
It should be something like this:
serverCertPool, clientCertPool := readCertificates(*serverCertDir, *clientCertFile, *clientKeyFile)
clientPolicy := as.NewClientPolicy()
if len(*tlsName) > 0 || *encryptOnly == true {
// Setup TLS Config
tlsConfig := &tls.Config{
Certificates: clientCertPool,
RootCAs: serverCertPool,
InsecureSkipVerify: *encryptOnly,
PreferServerCipherSuites: true,
}
tlsConfig.BuildNameToCertificate()
clientPolicy.TlsConfig = tlsConfig
}
client, err := as.NewClientWithPolicy(clientPolicy, *host, *port)
if err != nil {
log.Fatalln("Failed to connect to the server cluster: ", err)
}
log.Println("Connection successful. Discovered nodes:", client.Cluster().GetNodes())
Hi @sentient would you mind open a PR for this? It will be very appreciated. Thanks!
system
(system)
Closed
March 8, 2022, 1:45pm
4
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.