Best practice for distributed install of ELK/SG
52 views
Skip to first unread message
Ben Fallah
Oct 26, 2017, 12:12:55 PM10/26/17
to Search Guard Community Forum
Hi All,
I have two nodes for initial poc and perhaps even promote to production later on! I do have an older ELK stack running in production that we like to replace this with!
Nodes are:
front-end (nginx,kibana, logstash)
back-end (elasticserach/serachguard (ES/SG)
I like to install all latest version of ELK/searcguard the community based sources first (non-enterprise)
I have tried the bundle and moved kibana from bundle in front and was promising in access/connection, but I do see more work to be done with TLS for kibana and logstash!
So I want to stop and first ask what's the best way to install serachugard in my situation?
Bundle might not be the best case for me as it has localhost for ES/Kibana or I might need to regenerate certificates..
Does demo ssl install script will help me?
I see search-guard-ssl examples and also search-guard-client. How do I go about using them to setup my clients and ssl situation.
What's the best way to get a POC up with TLS up and running on all my nodes including TLS from logstash and kibana to searchguard?
Some procedure that is quick that people know it will work and address the TLS identiy and access for my case.
Backend ES/SG will be bound to external interface and same with Kibana and logstash toward ES/SG
Thank you for your time to provide the best practice/quickest way and experienced way for me to try to get a full ELK/SG with SSL up for my configuration.
-Ben
I have two nodes for initial poc and perhaps even promote to production later on! I do have an older ELK stack running in production that we like to replace this with!
Nodes are:
front-end (nginx,kibana, logstash)
back-end (elasticserach/serachguard (ES/SG)
I like to install all latest version of ELK/searcguard the community based sources first (non-enterprise)
I have tried the bundle and moved kibana from bundle in front and was promising in access/connection, but I do see more work to be done with TLS for kibana and logstash!
So I want to stop and first ask what's the best way to install serachugard in my situation?
Bundle might not be the best case for me as it has localhost for ES/Kibana or I might need to regenerate certificates..
Does demo ssl install script will help me?
I see search-guard-ssl examples and also search-guard-client. How do I go about using them to setup my clients and ssl situation.
What's the best way to get a POC up with TLS up and running on all my nodes including TLS from logstash and kibana to searchguard?
Some procedure that is quick that people know it will work and address the TLS identiy and access for my case.
Backend ES/SG will be bound to external interface and same with Kibana and logstash toward ES/SG
Thank you for your time to provide the best practice/quickest way and experienced way for me to try to get a full ELK/SG with SSL up for my configuration.
-Ben
SG
Nov 1, 2017, 4:31:17 PM11/1/17
to search...@googlegroups.com
use the demo install script, that is the reason why it is there ;-)
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a80e668e-600f-4575-9cb5-7fc3d6c85c63%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a80e668e-600f-4575-9cb5-7fc3d6c85c63%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Ben Fallah
Nov 1, 2017, 5:01:38 PM11/1/17
to Search Guard Community Forum
I was about to give up! lol! Someone with experience and knowlege and time finally answered. .Thank you
Yea, I found these three links below that I was going to go thru first..that can get me up and running with Logstash and SG on differnet nodes
Yea, I found these three links below that I was going to go thru first..that can get me up and running with Logstash and SG on differnet nodes
TLS demo certificates
https://github.com/floragunncom/search-guard/blob/master/tools/install_demo_configuration.sh
Certificate generator https://floragunn.com/tls-certificate-generator/
TLS for Production environments
https://github.com/floragunncom/search-guard-docs/blob/master/tls_certificates_production.md
So maybe I try demo first and see if I can get it work..and then if successful .then I can backup the POC and use our own PKI to generate and use the link above for prod env POC
Ben Fallah
Nov 2, 2017, 1:18:47 AM11/2/17
to Search Guard Community Forum
Ah, I know what the issue was! The bundle doesn't have the install_demo_configuration in
<Elasticsearch directory>/plugins/search-guard-5/tools
it is in another place and that breaks the script.
maybe I should remove bundle and install the unbundled one or modify the script!
Ben Fallah
Nov 2, 2017, 2:13:59 AM11/2/17
to Search Guard Community Forum
installed ES 5.6.3
install SG plugin version
Ran the demo install
Ran sgadmin_demo
curl and browser test good on 9200
next..I will work on kibana and logstash in other server
What do I need to put on those configs for certificates?
install SG plugin version
Ran the demo install
Ran sgadmin_demo
curl and browser test good on 9200
next..I will work on kibana and logstash in other server
What do I need to put on those configs for certificates?
Reply all
Reply to author
Forward
0 new messages