-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add docs about configuring SSL for the Logstash output #1807
Conversation
A documentation preview will be available soon: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I took a look at the docs previews and things are looking great here! Thanks for your hard work on this ❤️
I answered what I could from the reviewer questions, but I'm similarly not 100% confident in my knowledge around SSL certificate specifics. Hopefully what I've provided here is helpful.
Thanks again!
docs/en/ingest-management/security/logstash-certificates.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/ingest-management/security/logstash-certificates.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/ingest-management/security/logstash-certificates.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/ingest-management/security/logstash-certificates.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/ingest-management/security/logstash-certificates.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/ingest-management/security/logstash-certificates.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/ingest-management/security/logstash-certificates.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/ingest-management/security/logstash-certificates.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/ingest-management/security/logstash-certificates.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/ingest-management/security/logstash-certificates.asciidoc
Outdated
Show resolved
Hide resolved
docs/en/ingest-management/security/logstash-certificates.asciidoc
Outdated
Show resolved
Hide resolved
Co-authored-by: Kyle Pollich <[email protected]>
docs/en/ingest-management/security/logstash-certificates.asciidoc
Outdated
Show resolved
Hide resolved
Merging now, but we can iterate over this after beta if more changes are required. |
* Add docs about configuring SSL for the Logstash output * Add missing settings * Apply suggestions from code review Co-authored-by: Kyle Pollich <[email protected]> * Remove review question Co-authored-by: Kyle Pollich <[email protected]> (cherry picked from commit 2557357)
* Add docs about configuring SSL for the Logstash output * Add missing settings * Apply suggestions from code review Co-authored-by: Kyle Pollich <[email protected]> * Remove review question Co-authored-by: Kyle Pollich <[email protected]> (cherry picked from commit 2557357) Co-authored-by: DeDe Morton <[email protected]>
* Add docs about configuring SSL for the Logstash output * Add missing settings * Apply suggestions from code review Co-authored-by: Kyle Pollich <[email protected]> * Remove review question Co-authored-by: Kyle Pollich <[email protected]>
Closes #1691
Preview links:
Configure SSL/TLS for the Logstash output
Fleet settings
Reviewers: Please respond to the questions I've added that begin with
//REVIEWERS
in the source files.I want users to be able to find these docs after following the link we've put in the UI. So for now, I'm putting all the content about generating the certs and configuring the settings in the UI + logstash pipeline in one guide to make it easier for users to see which certs/keys get specified and where. This sort of buries the lede, though. I think it's good enough for beta, but we might want to revisit this alter.
Also, I ran into a couple of errors. Let me know if they are expected:
[ERROR][logstash.outputs.elasticsearch][elastic-agent-pipeline] Failed to install template. Issue open here: Logstash throws a "Failed to install template" on events sent from Elastic Agent logstash-plugins/logstash-output-elasticsearch#1071
Does the API key that Fleet generates include the privileges required on Logstash to install templates? Not sure this causes any problems for our use case, but the error might bother users:
curl -v --cacert ca.crt https://localhost:5044/
I get the following output, which might be expected becausessl_verify_mode
is set toforce_peer
. Maybe I need to do this differently? Anyhow, it looks like the exception isn't handled in Logstash. Is this to be expected, or have I done something wrong with my TLS setup?LS dev confirmed that the TLS setup in the docs is OK. This is just a testing thing.
Message from Logstash: