Elasticsearch authentication

[Diogo Carlos Paganini Domingos]

Hello Sentilo Team!

I'm using sentilo together with elasticsearch 7.15 and before enabling elasticsearch with minimal security, sentilo was able to send and store data in elasticsearch.
So with the need to use elasticsearch REST APIs, we do the 3 steps to secure elasticsearch and enable https there. (Configure security for the Elastic Stack)

But still in elasticsearch's first security step (Set up minimal security for Elasticsearch), authentication was enabled and sentilo can no longer send data there.
Do you know any way to use sentilo + elasticsearch with user authentication?

Thanks

[Sentilo IO]

Hi Diogo,

It is possible to publish data to a secured Elasticsearch cluster.

What need to follow these steps:

1. Edit the file sentilo-agent-activity-monitor/src/main/resources/spring/monitor-context.xml and add the yellow lines:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context"
        xmlns:task="http://www.springframework.org/schema/task"
        xmlns:c="http://www.springframework.org/schema/c"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
            http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd
                http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

        <context:annotation-config />

        <import resource="classpath:spring/monitor-properties-context.xml" />
        <import resource="classpath:spring/monitor-pubsub-context.xml" />
        <import resource="classpath:spring/monitor-persistence-context.xml" />

        <context:component-scan base-package="org.sentilo.agent.activity.monitor" />
        <context:component-scan base-package="org.sentilo.agent.common.listener" />
        <context:component-scan base-package="org.sentilo.agent.common.service" />
        <context:component-scan base-package="org.sentilo.agent.common.repository" />
        <context:component-scan base-package="org.sentilo.agent.common.scheduler" />
        <context:component-scan base-package="org.sentilo.agent.common.config" />
        <context:component-scan base-package="org.sentilo.common.config" />
        <context:component-scan base-package="org.sentilo.common.metrics" />

        <bean id="restClient" class="org.sentilo.common.rest.impl.RESTClientImpl" p:host="${elasticsearch.url}" p:credentials-ref="usernameAndPassword" />
        <bean id="usernameAndPassword" class="org.apache.http.auth.UsernamePasswordCredentials" c:userName="${elasticsearch.username}" c:password="${elasticsearch.password}" />

        <task:annotation-driven scheduler="platformScheduler" />
        <task:scheduler id="platformScheduler" pool-size="5" />
</beans>

2. Next you just have to define additional properties in sentilo-agent-activity-monitor/src/main/resources/properties/monitor-config.properties :

elasticsearch.username=yourelasticuser
elasticsearch.password=yourpassword

3. Finally you just recompile the module with

mvn package appassembler:assemble

Now you can run the agent with one of the scripts generated in sentilo-agent-activity-monitor/target/appassembler/bin.

We'll try to improve this in future releases, so it won't be necessary to recompile the module.

Best regards,

Sentilo Team

[Diogo Carlos Paganini Domingos]

Great!
Thank you for the response, we will try this approach!

Diogo Paganini