New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xpack.monitoring.elasticsearch.ssl.verification_mode is not honored #9716
Comments
My recommendation is that we use |
+1 FWIW, the recommended options for standardization (which we havn't implemented yet) are for these options: "none" , "certificate" , "full" Where the difference between "certificate" and "full" is validation of the hostname. Based on the underlying library [1], "full" (not "certificate") is the actual default, and should be renamed as such. I am not sure if we can support the intended definition of "certificate" based on the options provided by the underlying library [1] [1] |
I also agree that |
Related issue on the modules side of things: #9734 |
I see this closed in #9866 , but unclear as to the actual implementation: did we get all three options ( |
Is this issue the reason we get the following warning for the .monitoring-logstash pipeline when logstash restarts?
Config:
Tried adding:
But didn't help. I don't find any documentation about usage of 'ssl_certificate_verification' in the 'xpack.monitoring.elasticsearch' part for logstash.yml.. |
Same issue in 7.5.1 |
This will be present in 7.9.1 with #12162 |
xpack.monitoring.elasticsearch.ssl.verification_mode
is a valid configuration option. According to the source code, "certificate, "none" are the valid options.However, after closer inspection, it appears that it never gets translated into something useful. XPack monitoring uses the Elasticsearch output under the covers, and should map to https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-ssl_certificate_verification.
We could simply map "certificate" -> true (it is already by default), and "none" -> false.
Also, it appears that xpack management doesn't even expose this option, though it probably should.
The text was updated successfully, but these errors were encountered: