Disabling SSL for the Elastic Stack

Disable SSL for the Elastic Stack services.

Before you begin

You must be a cluster administrator.

About this task

You can optionally disable SSL for the Elastic Stack by changing the parameters in the Elastic Stack configuration files.
Note: Only communication on the http protocol for Elasticsearch can be disabled. The transport protocol for Elasticsearch cannot be disabled.

Procedure

  1. Stop the Elastic Stack services: 
    egosh service stop elk-shipper
egosh service stop elk-indexer
egosh service stop elk-elasticsearch
egosh service stop elk-manager
  2. Disable SSL for the Elasticsearch services by setting the value of the searchguard.ssl.http.enabled parameter to false in the $EGO_CONFDIR/../../integration/elk/conf/elasticsearch/elasticsearch.yml configuration file.
  3. Disable SSL for the elk-shipper and elk-indexer services by adding a number sign to comment out the following parameters in the corresponding configuration files:
    • To disable SSL for the elk-shipper service, edit the $EGO_TOP/integration/elk/conf/indexer/indexer.conf configuration file:
      #ssl => true
#ssl_certificate => "../../scripts/lumberjack.crt"
#ssl_key => "../../scripts/lumberjack.key"
    • To disable SSL for the elk-indexer service, edit the $EGO_TOP/integration/elk/conf/filebeat.yml.template configuration file:
      #ssl.certificate_authorities: ["${DEPLOY_HOME}/${ELK_VERSION}/scripts/lumberjack.crt"]
#ssl.verification_mode: none
  4. Restart the Elastic Stack services: 
    egosh service start elk-manager
egosh service start elk-elasticsearch
egosh service start elk-indexer
egosh service start elk-shipper
  5. Update the Explorer access protocol so that you can view Explorer reports in the cluster management console after disabling SSL for the Elastic Stack:
    1. Open the $EGO_CONFDIR/../../explorer/config/config.json file for editing.
    2. Locate the "protocol":"https" line, and change it to "protocol":"http".
      For example:
      
{
    "pa.net.port": 5000,
    "pa.metadata": {
        "datasource": "ds1",
        "index": "model"
    },
    "pa.dashboard.default": "cluster_overview",
    "pa.query.size.max": 10000,
    "pa.query.timeout" : 300000,
    "pa.logging": {
        "logLevel": "debug",
        "appName": "server",
        "logDir": "logs",
        "datasource": "ds1"
    },
    "pa.datasources": {
"ds1": {"name": "ES Instance1", "type": "elasticsearch", "hosts": [{"host" : "user.example.ibm.com", "port": 9200, "protocol":"http"}]}
    },
    "pa.allow.cross.domain": "false",
    "pa.allow.limited.access": "true",
    "pa.allow.access.ips": "9.21.52.21",
    "elasticsearch.version" : "5.4.2"
}
    3. Save and close the file.
    4. Restart the Explorer service for the changes to take effect: 
      egosh service stop Explorer
egosh service start Explorer