Marvel and Shield + PKI realm

monitoring

(Hugues Bernard) #1

Hello all,
I set-up Shield to use a PKI realm and force both Transport and HTTP to use SSL with client authentication. How should I configure the Marvel agent in such case ? Is it even possible to use Marvel with HTTPS and client authentication ?

The Marvel agent, when connecting to the monitoring cluster (same as production in my case), needs to provide a client certificate... But I see no way to define the keystore containing the client certificate to use. The config parameter marvel.agent.exporter.es.ssl.truststore contains certificates to trust. But what about the identity certificate ?

Any experience with such a set-up ?
Note: using Elasticsearch 1.7, Shield 1.3 and Marvel 1.3

Thanks!


(system) #2