Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SearchGuard compatibility #45

Closed
1 of 7 tasks
vir-dis opened this issue Feb 19, 2019 · 3 comments
Closed
1 of 7 tasks

SearchGuard compatibility #45

vir-dis opened this issue Feb 19, 2019 · 3 comments
Labels
feature request Categorizes issue or PR as related to a new feature or enhancement.

Comments

@vir-dis
Copy link

vir-dis commented Feb 19, 2019

Description of the problem

When using SearchGuard, all of the cluster listeners use https. This works when the hostname matches the certificate, but in HA/cloud environments there is often a load balancer (or DNS alias) in front of a pool of nodes instead. This means that the request is to localhost (or even to the internal name) but the certificate is from foo.bar.baz.

Without a flag to "accept any certificate", the integration cannot connect to the node.

OS
  • All of them
  • Amazon Linux, all versions
  • CentOS, version 6 or higher
  • Debian, version 7 ("Wheezy") or higher
  • Red Hat Enterprise Linux (RHEL), version 6 or higher
  • Ubuntu, versions 12.04, 14.04, and 16.04 (LTS versions)
  • Windows Server, 2008 and 2012 and their service packs
@cpheps cpheps added the feature request Categorizes issue or PR as related to a new feature or enhancement. label Feb 20, 2019
@cpheps
Copy link
Contributor

cpheps commented Feb 20, 2019

This is currently a limitation of the newrelic/infra-integrations-sdk's built in HTTP client. It does not currently allow SSL without verifying the server certificate. A feature request has been logged for the SDK and we will update Elasticsearch once that feature is implemented.

@camdencheek camdencheek reopened this Mar 12, 2019
@camdencheek camdencheek mentioned this issue Aug 6, 2019
Closed
14 tasks
@chrisferry
Copy link

FYI the SDK has been updated: newrelic/infra-integrations-sdk#220

@camdencheek
Copy link
Contributor

Released v4.3.0 with the added ssl_alternative_hostname argument to take advantage of the SDK change 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request Categorizes issue or PR as related to a new feature or enhancement.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@chrisferry @cpheps @camdencheek @vir-dis