Hello everyone
Would really appreciate anyone's input on this..
I've been struggling with a certificate problem between 2 logstash servers.
I have the following setup basically:
agents > LogstashA > LogstashB > Elasticsearch
I used the following as reference for the configuration: https://www.elastic.co/guide/en/logstash/current/ls-to-ls.html
With the selfsigned certificates, everything works correctly. But when I use the certs from our CA, I get errors.
Please see below the relevant config for both Logstash Servers and the errors.
Logstash A:
output {
lumberjack {
hosts => [ "LOGSTASHB" ]
port => 5000
ssl_certificate => "/etc/logstash/ca.crt"
codec => "json"
}
}
Logstash B:
input {
lumberjack {
port => 5000
ssl_certificate => "/etc/logstash/LOGSTASHB.crt"
ssl_key => "/etc/logstash/LOGSTASHB.pkcs8.key"
codec => "json"
}
}
Error on Logstash A
[ERROR][logstash.outputs.lumberjack][main] All hosts unavailable, sleeping {:hosts=>["logstash B ip"], :e=>#<OpenSSL::SSL::SSLError: certificate verify failed>, :backtrace=>["org/jruby/ext/openssl/SSLSocket.java:266:in connect'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jls-lumberjack-0.0.26/lib/lumberjack/client.rb:95:in connection_start'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jls-lumberjack-0.0.26/lib/lumberjack/client.rb:76:in initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jls-lumberjack-0.0.26/lib/lumberjack/client.rb:34:in connect'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jls-lumberjack-0.0.26/lib/lumberjack/client.rb:24:in initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-lumberjack-3.1.7/lib/logstash/outputs/lumberjack.rb:86:in connect'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-lumberjack-3.1.7/lib/logstash/outputs/lumberjack.rb:49:in register'", "org/logstash/config/ir/compiler/OutputStrategyExt.java:126:in register'", "org/logstash/config/ir/compiler/AbstractOutputDelegatorExt.java:68:in register'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:226:in block in register_plugins'", "org/jruby/RubyArray.java:1809:in each'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:225:in register_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:541:in maybe_setup_out_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:238:in start_workers'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:183:in run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134:in block in start'"]}
I actually wasn't sure if I need to use the ca.crt in the output of Logstash A or the LOGSTASHB.crt, but we have another environment where it's set up like this and is working. Only difference is that the CA is a chained one in this case.
Thanks in advance,
Yan