Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Usage of filebeat_xpack_security should not require a client side certificate #558

Open
redgryphon opened this issue Mar 27, 2021 · 0 comments
Open

Usage of filebeat_xpack_security should not require a client side certificate #558

redgryphon opened this issue Mar 27, 2021 · 0 comments
Labels
cicd-tracked

Comments

@redgryphon
Copy link

In the actual template of filebeat.yml there is no way of using secure communications with the ELK stack but without the usage of a client side certificate.

The easiest way of enabling this option is to place the two lines regarding the client side certificate only when those files are provided but there could also be another variable (eg client_certificates: true) to allow this.
The template would then be something like:

{% if filebeat_xpack_security %}
  username: {{ elasticsearch_xpack_security_user }}
  password: {{ elasticsearch_xpack_security_password }}
  protocol: https
{% if generate_CA == true %}
  ssl.certificate_authorities: 
    - {{node_certs_destination}}/ca.crt
{% elif generate_CA == false %}
  ssl.certificate_authorities:
    - {{node_certs_destination}}/{{ca_cert_name}}
{% endif %}
{% if client_certificates == true %}
  ssl.certificate: "{{node_certs_destination}}/{{ filebeat_node_name }}.crt" 
  ssl.key: "{{node_certs_destination}}/{{ filebeat_node_name }}.key"
{% endif %}
{% endif %}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cicd-tracked
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alberpilot @redgryphon