I have the same issue discussed in this question. The error log is:
sept. 12 14:57:47 local logstash[45016]: # File does not exist or cannot be opened /etc/logstash/certs/http_ca.crt
sept. 12 14:57:47 local logstash[45016]: ssl_certificate_authorities => "/etc/logstash/certs/http_ca.crt
The accepted answer is to change the file permissions but by default the file permission of files in /etc/logstash is all root:root.
What I want to know is:
what is the best practice for dealing with this issue ?
Should the ssl_certificate_authorities parameter be the path to the Elasticsearch CA cert ? I'm asking this because it seems to not be mentioned in the documentation. If this is the case, should we copy this certificate or put it in a shared folder.
This is the ownership, the permissions for /etc/logstash/ and its file are to allow read for everyone, certs is not a default path, neither is http_ca.crt a default file, so you need to check if the permissions for the certs sub-directory and the http_ca.crt file allows read by everyone since the logstash service is executed under the logstash user.
Not sure if there is one, this is unrelated to Logstash, it is related to Linux permissions.
Personally I prefer to have under /etc/logstash just the required configuration files, logstash.yml, pipelines.yml and jvm.options, everything else, including configuration for pipelines are stored under /opt/logstash, which is fully owned by the logstash user
The path doesn't matter, it is a user choice, the logstash user just needs to have permissions to read it.
Another question: there's a logstash user so why it is that the permission of files under /etc/logstash are root:root ? What's the use of a logstash user in that case ?
Everything under /etc is owned by the root user and root group, this path is for, in most of the case, system-wide configurations, so the permissions should be limited to the root user.
The logstash use is used to run the Logstash service as it is not recommended to run Logstash with root permissions.
Different tools may have different requirements, maybe there are some default cases where you need /etc/elasticsearch/ to be owned by the elasticsearch group to make things easier for the user as some certificates and other configurations are created automatically.
In Logstash you will not have any path named certs created by default, as you will also not have any certificated created by default, it is all user configured, so it does not matter where they are, just that the logstash user running the Logstash service can read the files.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.