Connecting Logstash To Elasticsearch via SSL (Docker Container)

Elastic Stack Elasticsearch
,
1

My environment consists of 2 docker containers, one running Logstash and another running Elasticsearch on the SAME host & SAME docker network.
I am trying to setup SSL between the 2 of them (this is because Elasticsearch needs SSL and can be reached out to by sources outside the network, thus Logstash also needs to communicate with Elasticsearch via SSL). Since I’m testing this out I’m using self signed certificates.

I have been running into various issues as far as configuration is concerned, I only have 1 pair of SSL key & certificate which I’m using across my dev/test environment.

Here’s what my elasticsearch configuration looks like

[root@hdp100:~ (default)]$ docker exec -it elastic_default bash -c "cat /usr/share/elasticsearch/config/elasticsearch.yml"
    network.host: 0.0.0.0
    node.roles: [ data, master ]
    cluster.name: "docker-cluster"
    discovery.type: single-node
    # Enable security features
    xpack.security.enabled: true
    xpack.security.authc.realms.file.file1.order: 0
    xpack.security.http.ssl.enabled: true
    xpack.security.http.ssl.key: /usr/share/elasticsearch/config/security/logstore_server.key
    xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/security/logstore_server.crt


output {
  if [kubernetes] {
     if [kubernetes][labels][adcomponent] {
          elasticsearch {
           user => “test"
           password => “pass@word"
           hosts => ["https://ad-elastic:9200"]
           manage_template => false
           index => "kubernetes-logs-%{[kubernetes][labels][adcomponent]}-%{+yyyy.MM.dd}"
           ssl_enabled => true
           cacert => ["/usr/share/logstash/config/security/logparse_server.crt"]
         }
     }
     else {
        elasticsearch {
         user => “test"
         password => “pass@word"
         hosts => ["https://ad-elastic:9200"]
         manage_template => false
         index => "kubernetes-logs-kubernetes-%{+yyyy.MM.dd}"
         ssl_enabled => true
         cacert => ["/usr/share/logstash/config/security/logparse_server.crt"]
       }
     }
   }
}

I keep getting the following error in logstash, ad-elastic resolves to the IP of the docker container running elastic.

[2024-02-14T09:51:57,824][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://test:xxxxxx@ad-elastic:9200/", :exception=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://ad-elastic:9200/][Manticore::UnknownException] Certificate for doesn't match any of the subject alternative names: [vm001.sre.test.dev, *.sre.test.dev]"}

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.