Hello Team,
We are having a single node ELK configuration, In the same server we have installed Elasticsearch logstash and kibana (8.0.1) (on-premises)
As per the guide if we are installing the Elasticsearch generates own SSL configuration default.
The Elasticsearch certs are,
in /etc/Elasticsearch/certs/
total 24
-rw-rw----. 1 root Elasticsearch 1915 Apr 29 12:33 http_ca.crt
-rw-rw----. 1 root Elasticsearch 10013 Apr 29 12:33 http.p12
-rw-rw----. 1 root Elasticsearch 5822 Apr 29 12:33 transport.p12
i have tried to configure the output.Elasticsearch in metricbeat in the same server,
Metricbeat configuration:
================================== Outputs ===================================
Configure what output to use when sending the data collected by the beat.
---------------------------- Elasticsearch Output ----------------------------
output.Elasticsearch:
Array of hosts to connect to.
hosts: ["https://sgelastic.saint-gobain.com:9200"]
Protocol - either http
(default) or https
.
#protocol: "https"
Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
username: "metricbeat_sg"
password: "${MB_PWD}"
#ssl.verification_mode: true
ssl.certificate_authorities: ["/etc/Elasticsearch/certs/http_ca.crt"]
ssl.certificate: "/etc/Elasticsearch/certs/transport.p12"
ssl.key: "/etc/Elasticsearch/Elasticsearch.keystore"
elasticesearch.yml configuration:
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
The following settings, TLS certificates, and keys have been automatically
generated to configure Elasticsearch security features on 29-04-2022 07:03:14
--------------------------------------------------------------------------------
Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
Create a new cluster with the current node only
Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["L04ELKChe001"]
Allow HTTP API connections from localhost and local networks
Connections are encrypted and require user authentication
http.host: [local, site]
Allow other nodes to join the cluster from localhost and local networks
Connections are encrypted and mutually authenticated
#transport.host: [local, site]
#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
While we try the metricbeat -e the below error i am facing, please guide me to fix this issue
{"log.level":"error","@timestamp":"2022-05-16T15:21:57.508+0530","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls.go","file.line":53},"message":"Failed reading certificate file /etc/Elasticsearch/certs/transport.p12: no pem file","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-05-16T15:21:57.509+0530","log.origin":{"file.name":"instance/beat.go","file.line":458},"message":"metricbeat stopped.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-05-16T15:21:57.509+0530","log.origin":{"file.name":"instance/beat.go","file.line":1023},"message":"Exiting: error initializing publisher: 1 error: no pem file /etc/Elasticsearch/certs/transport.p12 accessing 'output.Elasticsearch' (source:'/etc/metricbeat/metricbeat.yml')","service.name":"metricbeat","ecs.version":"1.6.0"}
Exiting: error initializing publisher: 1 error: no pem file /etc/Elasticsearch/certs/transport.p12 accessing 'output.Elasticsearch' (source:'/etc/metricbeat/metricbeat.yml')
{"log.level":"error","@timestamp":"2022-05-16T15:21:57.508+0530","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls.go","file.line":53},"message":"Failed reading certificate file /etc/Elasticsearch/certs/transport.p12: no pem file","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-05-16T15:21:57.509+0530","log.origin":{"file.name":"instance/beat.go","file.line":458},"message":"metricbeat stopped.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-05-16T15:21:57.509+0530","log.origin":{"file.name":"instance/beat.go","file.line":1023},"message":"Exiting: error initializing publisher: 1 error: no pem file /etc/Elasticsearch/certs/transport.p12 accessing 'output.Elasticsearch' (source:'/etc/metricbeat/metricbeat.yml')","service.name":"metricbeat","ecs.version":"1.6.0"}
Exiting: error initializing publisher: 1 error: no pem file /etc/Elasticsearch/certs/transport.p12 accessing 'output.Elasticsearch' (source:'/etc/metricbeat/metricbeat.yml')