Hi. I disabled certificate validation within Metricbeat, yet it's still throwing untrusted certificate errors when hitting Elasticsearch.
I'm using these versions:
Elasticsearch: 7.16.2
Metricbeat: 7.16.1
I have the following YAML settings configured:
metricbeat.yml:
metricbeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
index.codec: best_compression
setup.kibana:
host: "https://server10.domain.com:5601"
ssl.enabled: true
ssl.certificate_authorities: ["/etc/metricbeat/internal_ca.pem"]
ssl.verification_mode: "none"
output.elasticsearch:
hosts: ["server10.domain.com:9200"]
protocol: "https"
#api_key: "id:api_key"
username: "remote_monitoring_user"
password: "password"
ssl.enabled: true
ssl.certificate_authorities: ["/etc/metricbeat/internal_ca.pem"]
ssl.verification_mode: "none"
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/metricbeat
name: metricbeat
keepfiles: 7
permissions: 0640
elasticsearch-xpack.yml
- module: elasticsearch
xpack.enabled: true
period: 10s
hosts: ["https://server10.domain.com:9200"]
username: "remote_monitoring_user"
password: "password"
ssl.certificate_authorities: ["/etc/metricbeat/internal_ca.pem"]
ssl.verification_mode: "none"
I verified that Metricbeat is honoring that configuration setting by checking the log file after restarting the service. Here's the entry that appeared after making the change:
2023-02-05T21:03:28.877Z WARN [tls] tlscommon/tls_config.go:98 SSL/TLS verifications disabled.
So far, so good, right?
However, Metricbeat immediatly throws a lot of untrusted cert errors similar to this one:
2023-02-05T21:03:28.909Z ERROR module/wrapper.go:259 Error fetching data for metricset elasticsearch.shard: error determining if connected Elasticsearch node is master: error making http request: Get "https://server10.domain.com:9200/_nodes/_local/nodes": x509: certificate signed by unknown authority
(I obfuscated the server name.)
So what am I overlooking?
Thanks!
Van
P.S. Yes, disabling certificate validation is a bad practice. However, this a dev environment, and I'm just doing some temporary troubleshooting.