Configuring aerospike metricbeat module with TLS

sentient · January 18, 2022, 7:14pm

I am looking at the code

elastic/beats/blob/master/metricbeat/module/aerospike/aerospike.go

// Licensed to Elasticsearch B.V. under one or more contributor
// license agreements. See the NOTICE file distributed with
// this work for additional information regarding copyright
// ownership. Elasticsearch B.V. licenses this file to you under
// the Apache License, Version 2.0 (the "License"); you may
// not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied.  See the License for the
// specific language governing permissions and limitations
// under the License.

package aerospike

import (

This file has been truncated. show original

and trying to figure out how I should configure TLS certificates to get access to the aerospike service endpoint with TLS configured.

Does anybody have a successful module configuration example for this?

I tried

   - module: aerospike
     metricsets: ["namespace"]
     enabled: true
     period: 10s
     hosts: ["localhost:3000"]
     ssl.certificate: /my_aerospike_certs/cert.pem
     ssl.key: /my_aerospike_certs/key.pem
     ssl.certificate_authorities: /my_aerospike_certs/ca.pem

but I keep getting this error

127.0.0.1:3000: read: connection reset by peer

Not sure when these ssl. are being applied in the module code

Thanks for any help

sentient · January 28, 2022, 5:12pm

Looking at the elastic code implementation and the aerospike client api,
this functionality is not implemented.
It should be something like this:

	serverCertPool, clientCertPool := readCertificates(*serverCertDir, *clientCertFile, *clientKeyFile)

	clientPolicy := as.NewClientPolicy()

	if len(*tlsName) > 0 || *encryptOnly == true {
		// Setup TLS Config
		tlsConfig := &tls.Config{
			Certificates:             clientCertPool,
			RootCAs:                  serverCertPool,
			InsecureSkipVerify:       *encryptOnly,
			PreferServerCipherSuites: true,
		}
		tlsConfig.BuildNameToCertificate()

		clientPolicy.TlsConfig = tlsConfig
	}

	client, err := as.NewClientWithPolicy(clientPolicy, *host, *port)
	if err != nil {
		log.Fatalln("Failed to connect to the server cluster: ", err)
	}

	log.Println("Connection successful. Discovered nodes:", client.Cluster().GetNodes())

Mario_Castro · February 8, 2022, 11:45am

Hi @sentient would you mind open a PR for this? It will be very appreciated. Thanks!

system · March 8, 2022, 1:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.