I have a connection problem between elasticsearch and logstash in fact logstash cannot connect to elasticsearch I tried several solutions but it does not work
- I can connect to elasticsearch in https by .p12
- Kibana also connects by both .crt and .key certificates
- I created a .pem certificate for Logstash and I can connect by Curl
docker exec -it -u root logstash curl --cacert /usr/share/logstash/config/certs/ca-chain.pem https://elasticsearch:9200 -u elastic
Enter host password for user 'elastic':
{
"name" : "180f8f0c68b6",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "oKlB3k7USJmWL8m0dpZ7kA", "version": { "number": "8.15.2", "build_flavor": "default", "build_type": "docker", "build_hash": "98adf7bf6bb69b66ab95b761c9e5aadb0bb059a3", "build_date": "2024-09-19T 10:06:03.564235954Z", "build_snapshot": false, "lucene_version": "9.11.1", "minimum_wire_compatibility_version": "7.17.0", "minimum_index_compatibility_version": "7.0.0" }, "tagline": "You Know, for Search" }
but on logstash logs I always have this error:
[2024-09-30T18:51:07,807][ERROR][logstash.javapipeline ][main] Pipeline error {:pipeline_id=>"main", :exception=>#<Java::JavaSecurityCert::CertificateParsingException: signed fields invalid> :backtrace=>["sun.security.x509.X 509CertImpl.parse(sun/security/x509/X509CertImpl.java:1443)", "sun.security.x509.X509CertImpl.<init>(sun/security/x509/X509CertImpl.java:143)", "sun.security.x509.X509CertImpl.newX509CertImpl(sun/security/x509/X509CertImpl.java:253)", "sun.security.provider.X509Factory.parseX509orPKCS7Cert(sun/security/provider/X509Factory.java:475)", "sun.security.provider.X509 Factory.engineGenerateCertificates(sun/security/provider/X509Factory.java:360)", "java.security.cert.CertificateFactory.generateCertificates(java/security/cert/CertificateFactory.java:480)", "jdk.internal.reflect.DirectMethodHandleAccessor.invoke(jdk/internal/reflect/DirectMethodHandleAccessor.java:103)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:580)", "org.jruby.javasupport.JavaMethod.invokeWithExceptionHandling(org/jru) .......
Here is my config of logstash.conf
output {
elasticsearch {
hosts => ["https://elasticsearch:9200"]
user => "elastic"
password => "pass"
ssl => true
ssl_certificate_authorities => "/usr/share/logstash/config/certs/ca-chain.pem" # Facultatif si vous utilisez des certificats
}
}
Finally here is my docker-compose.yml
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.15.2
container_name: elasticsearch
environment:
- discovery.type=single-node
networks:
- elasticsearch-net
ports:
- "9200:9200"
volumes:
- ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- ./certs:/usr/share/elasticsearch/config/certs
- ./elasticsearch/config/openssl.cnf:/usr/share/elasticsearch/config/openssl.cnf # Ajouter le fichier de config OpenSSL
restart: always
command: >
bash -c "
if [ ! -f /usr/share/elasticsearch/config/certs/elasticsearch-certificates.p12 ]; then
mkdir -p /usr/share/elasticsearch/config/certs && \
/usr/share/elasticsearch/bin/elasticsearch-certutil ca --silent --out /usr/share/elasticsearch/config/certs/ca.p12 --pass '' && \
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --silent --ca /usr/share/elasticsearch/config/certs/ca.p12 --ca-pass '' --out /usr/share/elasticsearch/config/certs/elasticsearch-certificates.p12 --dns localhost --dns elasticsearch --ip 127.0.0.1 --pass '' && \
chmod 600 /usr/share/elasticsearch/config/certs/elasticsearch-certificates.p12 && \
openssl pkcs12 -in /usr/share/elasticsearch/config/certs/elasticsearch-certificates.p12 -clcerts -out /usr/share/elasticsearch/config/certs/kibana.crt -nodes -passin pass:'' && \
openssl pkcs12 -in /usr/share/elasticsearch/config/certs/elasticsearch-certificates.p12 -clcerts -out /usr/share/elasticsearch/config/certs/kibana.key -nodes -passin pass:'' && \
chmod 644 /usr/share/elasticsearch/config/certs/kibana.crt && \
chmod 644 /usr/share/elasticsearch/config/certs/kibana.key && \
openssl rsa -in /usr/share/elasticsearch/config/certs/kibana.key -out /usr/share/elasticsearch/config/certs/certificate_unencrypted.key && \
openssl pkcs12 -in /usr/share/elasticsearch/config/certs/elasticsearch-certificates.p12 -cacerts -out /usr/share/elasticsearch/config/certs/elastic-stack-ca.pem -nodes -passin pass:'' ;
fi;
/bin/tini -- /usr/local/bin/docker-entrypoint.sh"
kibana:
image: docker.elastic.co/kibana/kibana:8.15.2
container_name: kibana
environment:
ELASTICSEARCH_URL: "https://elasticsearch:9200"
networks:
- elasticsearch-net
ports:
- "5601:5601"
volumes:
- ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml
- ./certs:/usr/share/kibana/config/certs
restart: always
depends_on:
- elasticsearch
command: >
bash -c "
if [ ! -f /usr/share/kibana/config/certs/elasticsearch-certificates.p12 ]; then
chmod 644 /usr/share/kibana/config/certs/elasticsearch-certificates.p12 && \
chown kibana:kibana /usr/share/kibana/config/certs/* && \
chmod 644 /usr/share/kibana/config/certs/*;
fi;
/bin/tini -- /usr/local/bin/kibana-docker"
logstash:
image: docker.elastic.co/logstash/logstash:8.15.2
container_name: logstash
environment:
ELASTICSEARCH_HOSTS: "https://elasticsearch:9200"
networks:
- elasticsearch-net
ports:
- "5044:5044"
volumes:
- ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml
- ./logstash/config/logstash.conf:/usr/share/logstash/pipeline/logstash.conf
#- ./logstash/config/springboot-pipeline.conf:/usr/share/logstash/pipeline/springboot-pipeline.conf # Monté en read-only
- ./certs:/usr/share/logstash/config/certs # Monté en read-only
restart: always
depends_on:
- elasticsearch
command: >
bash -c "
if [ -f /usr/share/logstash/config/certs/elasticsearch-certificates.p12 ]; then
chmod 640 /usr/share/logstash/config/certs/elasticsearch-certificates.p12 && \
chmod 644 /usr/share/logstash/config/certs/elastic-stack-ca.pem && \
chmod 600 /usr/share/logstash/config/certs/kibana.key;
fi;
/usr/share/logstash/bin/logstash"
networks:
elasticsearch-net:
driver: bridge
Does anyone have any ideas about my problem ???????