Shield w/ Logstash Offline Install

security

#1

Hi,

I am installing ELK on a network that does not have internet access and am following the instructions at the link below to get Logstash to work with Shield enabled. However, it seems that the instructions require internet access.
Link: https://www.elastic.co/guide/en/shield/current/logstash.html

How can I install the "logstash-output-elasticsearch-shield" logstash plugin without internet access?

root@hostname logstash]# bin/plugin install logstash-output-elasticsearch-shield
Validating logstash-output-elasticsearch-shield
Unable to download data from https://rubygems.org/ - SocketError: Network is unreachable (https://api.rubygems.org/latest_specs.4.8.gz)
ERROR: Installation aborted, verification failed for logstash-output-elasticsearch-shield

Thanks!


(Paul Echeverri) #2

Hi!

This worked locally, so with the caveat that I haven't tested the installation to verify it's up and running, it might be worth trying:

  • On a machine with Internet access, execute curl -L -o logstash-output-elasticsearch-shield-1.0.0.gem https://rubygems.org/downloads/logstash-output-elasticsearch-shield-1.0.0.gem
  • Transfer the downloaded logstash-output-elasticsearch-shield-1.0.0.gem file to the machine that doesn't have Internet access
  • On the target machine, execute bin/plugin install ./logstash-output-elasticsearch-shield-1.0.0.gem

Please let me know if this helps!

Paul E
Sr. Technical Writer, Elastic


#3

Paul,

Thanks for the response. I downloaded the gem file but when I went to install it I got the following error:

    [root@hostname media]# /opt/logstash/bin/plugin install /root/elk_artifacts/media/logstash-output-elasticsearch-shield-1.0.0.gem
Validating /root/elk_artifacts/media/logstash-output-elasticsearch-shield-1.0.0.gem
Installing logstash-output-elasticsearch-shield
Error Bundler::HTTPError, retrying 1/10
Could not fetch specs from https://rubygems.org/
Error Bundler::HTTPError, retrying 2/10
Could not fetch specs from https://rubygems.org/
Error Bundler::HTTPError, retrying 3/10
Could not fetch specs from https://rubygems.org/
Error Bundler::HTTPError, retrying 4/10
Could not fetch specs from https://rubygems.org/
Error Bundler::HTTPError, retrying 5/10
Could not fetch specs from https://rubygems.org/
Error Bundler::HTTPError, retrying 6/10
Could not fetch specs from https://rubygems.org/
Error Bundler::HTTPError, retrying 7/10
Could not fetch specs from https://rubygems.org/
Error Bundler::HTTPError, retrying 8/10
Could not fetch specs from https://rubygems.org/
Error Bundler::HTTPError, retrying 9/10
Could not fetch specs from https://rubygems.org/
Error Bundler::HTTPError, retrying 10/10
Could not fetch specs from https://rubygems.org/
Too many retries, aborting, caused by Bundler::HTTPError
ERROR: Installation Aborted, message: Could not fetch specs from https://rubygems.org/

(Paul Echeverri) #4

I'm afraid that it looks like you've run into an issue with offline installation; we're opening an issue internally to track it. I'll update you as I know more.


#5

Thanks Paul!


(Paul Echeverri) #6

You can track this issue on our Logstash Github repo: https://github.com/elastic/logstash/issues/3571


(system) #7