Github user mmiklavc commented on the issue:
https://github.com/apache/metron/pull/1242
## Testing Notes For X-Pack AND SSL (I know, gettin fancy):
1. Install X-Pack
This will also install the certgen tool which can be used for
generating certificates for SSL.
```
/usr/share/elasticsearch/bin/elasticsearch-plugin install x-pack
```
1. Setup X-Pack User
username = xpack_client_user
password = changeme
role = superuser
```
sudo /usr/share/elasticsearch/bin/x-pack/users useradd
xpack_client_user -p changeme -r superuser
```
1. Setup cert using the ES certgen tools
Run the certgen tool. You can store the certs in
/etc/elasticsearch/ssl/certs.zip when prompted. Use "node1" as the instance
name in fulldev because you'll want it to match your host. You can leave the IP
and DNS details blank.
```
/usr/share/elasticsearch/bin/x-pack/certgen --pass
```
Extract the certs
```
cd /etc/elasticsearch/ssl
unzip certs.zip
# I flattened all ca/certs so it looks as follows
ls -1 /etc/elasticsearch/ssl
ca.crt
ca.key
esnode.crt
esnode.key
```
1. Setup Elasticsearch to use the certs
https://www.elastic.co/guide/en/x-pack/5.6/ssl-tls.html
1. Modify /etc/elasticsearch/elasticsearch.yml
```
xpack.ssl.key: /etc/elasticsearch/ssl/esnode.key
xpack.ssl.certificate: /etc/elasticsearch/ssl/esnode.crt
xpack.ssl.certificate_authorities: [
"/etc/elasticsearch/ssl/ca.crt" ]
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true
```
1. Setup the client truststore
1. Import the Certificate Authority (CA).
* Specify an alias of your choosing. I chose "elasticCA".
* You'll also be prompted for a password, which must be at least 6
characters. I used "apachemetron".
* When prompted to "Trust this certificate?" type yes and hit enter.
```
keytool -import -alias elasticCA -file
/etc/elasticsearch/ssl/ca.crt -keystore clienttruststore.jks
```
1. Import the data node certificate.
* Specify an alias of your choosing. In fulldev use "node1" as it
will need to match your hostname.
* Enter the password that you set when creating the truststore.
```
keytool -importcert -keystore clienttruststore.jks -alias node1
-file /etc/elasticsearch/ssl/esnode.crt
```
1. Put the truststore in the storm user home dir for the purpose of our
tests.
```
mv clienttruststore.jks /home/storm/
chown storm:hadoop /home/storm/clienttruststore.jks
```
1. Configure the Elasticsearch client in Metron
1. Load the passwords in HDFS for x-pack and the truststore
```
echo changeme > /tmp/xpack-password
echo apachemetron > /tmp/truststore-password
sudo -u hdfs hdfs dfs -mkdir /apps/metron/elasticsearch/
sudo -u hdfs hdfs dfs -put /tmp/xpack-password
/apps/metron/elasticsearch/
sudo -u hdfs hdfs dfs -put /tmp/truststore-password
/apps/metron/elasticsearch/
sudo -u hdfs hdfs dfs -chown metron:metron
/apps/metron/elasticsearch/*
```
1. Modify the Metron global config with the SSL and X-Pack properties
* Pull down the latest global config
```
$METRON_HOME/bin/zk_load_configs.sh -m PULL -o
$METRON_HOME/config/zookeeper -z $ZOOKEEPER -f
```
* Update the configuration by adding the es.client.settings for
xpack and SSL.
```
"es.client.settings" : {
"xpack.username" : "xpack_client_user",
"xpack.password.file" :
"/apps/metron/elasticsearch/xpack-password",
"ssl.enabled" : true,
"keystore.type" : "jks",
"keystore.path" : "/home/storm/clienttruststore.jks",
"keystore.password.file" :
"/apps/metron/elasticsearch/truststore-password"
}
```
* Push the changes to Zookeeper
```
$METRON_HOME/bin/zk_load_configs.sh -m PUSH -i
$METRON_HOME/config/zookeeper -z $ZOOKEEPER
# Confirm your changes are there
$METRON_HOME/bin/zk_load_configs.sh -z $ZOOKEEPER -m DUMP -c
GLOBAL
```
1. Restart Elasticsearch
__Note:__ The custom properties were never, and still are not exposed
via the Elasticsearch MPack. Restarting via Ambari will overwrite any changes
you make manually.
`service elasticsearch start`
* You should be able to connect to Elasticsearch via SSL in your
browser: `https://node1:9200/_cat/health?v`.
* The Head plugin should also allow you to connect by slightly changing
your URL to use https for SSL: `https://node1:9200/`
1. Get rid of existing indexes so that we can easily tell that new data is
flowing into Elasticsearch.
__Note:__ Use "node1" for the hostname. Otherwise, the cert will fail,
triumphantly announcing `curl: (51) SSL: certificate subject name 'node1' does
not match target host name 'localhost'`.
```
curl --cacert /etc/elasticsearch/ssl/ca.crt --user
xpack_client_user:changeme -XDELETE "https://node1:9200/squid*";
curl --cacert /etc/elasticsearch/ssl/ca.crt --user
xpack_client_user:changeme -XDELETE "https://node1:9200/bro*";
curl --cacert /etc/elasticsearch/ssl/ca.crt --user
xpack_client_user:changeme -XDELETE "https://node1:9200/snort*";
curl --cacert /etc/elasticsearch/ssl/ca.crt --user
xpack_client_user:changeme -XDELETE "https://node1:9200/yaf*";
```
1. Restart the indexing topology
Ambari > Metron > Summary > Metron Indexing, choose restart
---
