Disable SSL for the Elastic Stack services.
Before you begin
You must be a cluster administrator.
About this task
You can optionally disable SSL for the Elastic Stack by changing the parameters in the Elastic
Stack configuration files.
Note: Only communication on the http protocol for Elasticsearch can be
disabled. The transport protocol for Elasticsearch cannot be disabled.
Procedure
-
Stop the Elastic Stack services:
egosh service stop elk-shipper
egosh service stop elk-indexer
egosh service stop elk-elasticsearch
egosh service stop elk-manager
-
Disable SSL for the Elasticsearch services by setting the value of the
searchguard.ssl.http.enabled parameter to false in the
$EGO_CONFDIR/../../integration/elk/conf/elasticsearch/elasticsearch.yml
configuration file.
-
Disable SSL for the elk-shipper and elk-indexer services
by adding a number sign to comment out the following parameters in the corresponding configuration
files:
- To disable SSL for the elk-shipper service, edit the
$EGO_TOP/integration/elk/conf/indexer/indexer.conf configuration
file:
#ssl => true
#ssl_certificate => "../../scripts/lumberjack.crt"
#ssl_key => "../../scripts/lumberjack.key"
- To disable SSL for the elk-indexer service, edit the
$EGO_TOP/integration/elk/conf/filebeat.yml.template configuration
file:
#ssl.certificate_authorities: ["${DEPLOY_HOME}/${ELK_VERSION}/scripts/lumberjack.crt"]
#ssl.verification_mode: none
-
Restart the Elastic Stack services:
egosh service start elk-manager
egosh service start elk-elasticsearch
egosh service start elk-indexer
egosh service start elk-shipper
- Update the Explorer access protocol so that you
can view Explorer reports in the cluster management console after disabling SSL for the
Elastic Stack:
- Open the $EGO_CONFDIR/../../explorer/config/config.json file for
editing.
- Locate the
"protocol":"https"
line, and change it to
"protocol":"http"
.
For
example:
{
"pa.net.port": 5000,
"pa.metadata": {
"datasource": "ds1",
"index": "model"
},
"pa.dashboard.default": "cluster_overview",
"pa.query.size.max": 10000,
"pa.query.timeout" : 300000,
"pa.logging": {
"logLevel": "debug",
"appName": "server",
"logDir": "logs",
"datasource": "ds1"
},
"pa.datasources": {
"ds1": {"name": "ES Instance1", "type": "elasticsearch", "hosts": [{"host" : "user.example.ibm.com", "port": 9200, "protocol":"http"}]}
},
"pa.allow.cross.domain": "false",
"pa.allow.limited.access": "true",
"pa.allow.access.ips": "9.21.52.21",
"elasticsearch.version" : "5.4.2"
}
- Save and close the file.
- Restart the Explorer service for the changes to take effect:
egosh service stop Explorer
egosh service start Explorer