Best practice for distributed install of ELK/SG

Hi All,

I have two nodes for initial poc and perhaps even promote to production later on! I do have an older ELK stack running in production that we like to replace this with!

Nodes are:
front-end (nginx,kibana, logstash)
back-end (elasticserach/serachguard (ES/SG)

I like to install all latest version of ELK/searcguard the community based sources first (non-enterprise)

I have tried the bundle and moved kibana from bundle in front and was promising in access/connection, but I do see more work to be done with TLS for kibana and logstash!

So I want to stop and first ask what’s the best way to install serachugard in my situation?
Bundle might not be the best case for me as it has localhost for ES/Kibana or I might need to regenerate certificates…

Does demo ssl install script will help me?
I see search-guard-ssl examples and also search-guard-client. How do I go about using them to setup my clients and ssl situation.

What’s the best way to get a POC up with TLS up and running on all my nodes including TLS from logstash and kibana to searchguard?
Some procedure that is quick that people know it will work and address the TLS identiy and access for my case.

Backend ES/SG will be bound to external interface and same with Kibana and logstash toward ES/SG

Thank you for your time to provide the best practice/quickest way and experienced way for me to try to get a full ELK/SG with SSL up for my configuration.

-Ben

use the demo install script, that is the reason why it is there :wink:

···

Am 26.10.2017 um 18:12 schrieb Ben Fallah <dragon64y2k@gmail.com>:

Hi All,

I have two nodes for initial poc and perhaps even promote to production later on! I do have an older ELK stack running in production that we like to replace this with!

Nodes are:
front-end (nginx,kibana, logstash)
back-end (elasticserach/serachguard (ES/SG)

I like to install all latest version of ELK/searcguard the community based sources first (non-enterprise)

I have tried the bundle and moved kibana from bundle in front and was promising in access/connection, but I do see more work to be done with TLS for kibana and logstash!

So I want to stop and first ask what's the best way to install serachugard in my situation?
Bundle might not be the best case for me as it has localhost for ES/Kibana or I might need to regenerate certificates..

Does demo ssl install script will help me?
I see search-guard-ssl examples and also search-guard-client. How do I go about using them to setup my clients and ssl situation.

What's the best way to get a POC up with TLS up and running on all my nodes including TLS from logstash and kibana to searchguard?
Some procedure that is quick that people know it will work and address the TLS identiy and access for my case.

Backend ES/SG will be bound to external interface and same with Kibana and logstash toward ES/SG

Thank you for your time to provide the best practice/quickest way and experienced way for me to try to get a full ELK/SG with SSL up for my configuration.

-Ben

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a80e668e-600f-4575-9cb5-7fc3d6c85c63%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

I was about to give up! lol! Someone with experience and knowlege and time finally answered. .Thank you

Yea, I found these three links below that I was going to go thru first…that can get me up and running with Logstash and SG on differnet nodes

TLS demo certificates
https://github.com/floragunncom/search-guard/blob/master/tools/install_demo_configuration.sh

Certificate generator
https://floragunn.com/tls-certificate-generator/


TLS for Production environments
https://github.com/floragunncom/search-guard-docs/blob/master/tls_certificates_production.md

So maybe I try demo first and see if I can get it work…and then if successful .then I can backup the POC and use our own PKI to generate and use the link above for prod env POC

···

On Wednesday, November 1, 2017 at 1:31:17 PM UTC-7, Search Guard wrote:

use the demo install script, that is the reason why it is there :wink:

Am 26.10.2017 um 18:12 schrieb Ben Fallah drago...@gmail.com:

Hi All,

I have two nodes for initial poc and perhaps even promote to production later on! I do have an older ELK stack running in production that we like to replace this with!

Nodes are:

front-end (nginx,kibana, logstash)

back-end (elasticserach/serachguard (ES/SG)

I like to install all latest version of ELK/searcguard the community based sources first (non-enterprise)

I have tried the bundle and moved kibana from bundle in front and was promising in access/connection, but I do see more work to be done with TLS for kibana and logstash!

So I want to stop and first ask what’s the best way to install serachugard in my situation?

Bundle might not be the best case for me as it has localhost for ES/Kibana or I might need to regenerate certificates…

Does demo ssl install script will help me?

I see search-guard-ssl examples and also search-guard-client. How do I go about using them to setup my clients and ssl situation.

What’s the best way to get a POC up with TLS up and running on all my nodes including TLS from logstash and kibana to searchguard?

Some procedure that is quick that people know it will work and address the TLS identiy and access for my case.

Backend ES/SG will be bound to external interface and same with Kibana and logstash toward ES/SG

Thank you for your time to provide the best practice/quickest way and experienced way for me to try to get a full ELK/SG with SSL up for my configuration.

-Ben


You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a80e668e-600f-4575-9cb5-7fc3d6c85c63%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Ah, I know what the issue was! The bundle doesn’t have the install_demo_configuration in `/plugins/search-guard-5/tools

it is in another place and that breaks the script.

maybe I should remove bundle and install the unbundled one or modify the script!

`

···

On Wednesday, November 1, 2017 at 2:01:38 PM UTC-7, Ben Fallah wrote:

I was about to give up! lol! Someone with experience and knowlege and time finally answered. .Thank you

Yea, I found these three links below that I was going to go thru first…that can get me up and running with Logstash and SG on differnet nodes

TLS demo certificates
https://github.com/floragunncom/search-guard/blob/master/tools/install_demo_configuration.sh

Certificate generator
https://floragunn.com/tls-certificate-generator/


TLS for Production environments
https://github.com/floragunncom/search-guard-docs/blob/master/tls_certificates_production.md

So maybe I try demo first and see if I can get it work…and then if successful .then I can backup the POC and use our own PKI to generate and use the link above for prod env POC

On Wednesday, November 1, 2017 at 1:31:17 PM UTC-7, Search Guard wrote:

use the demo install script, that is the reason why it is there :wink:

Am 26.10.2017 um 18:12 schrieb Ben Fallah drago...@gmail.com:

Hi All,

I have two nodes for initial poc and perhaps even promote to production later on! I do have an older ELK stack running in production that we like to replace this with!

Nodes are:

front-end (nginx,kibana, logstash)

back-end (elasticserach/serachguard (ES/SG)

I like to install all latest version of ELK/searcguard the community based sources first (non-enterprise)

I have tried the bundle and moved kibana from bundle in front and was promising in access/connection, but I do see more work to be done with TLS for kibana and logstash!

So I want to stop and first ask what’s the best way to install serachugard in my situation?

Bundle might not be the best case for me as it has localhost for ES/Kibana or I might need to regenerate certificates…

Does demo ssl install script will help me?

I see search-guard-ssl examples and also search-guard-client. How do I go about using them to setup my clients and ssl situation.

What’s the best way to get a POC up with TLS up and running on all my nodes including TLS from logstash and kibana to searchguard?

Some procedure that is quick that people know it will work and address the TLS identiy and access for my case.

Backend ES/SG will be bound to external interface and same with Kibana and logstash toward ES/SG

Thank you for your time to provide the best practice/quickest way and experienced way for me to try to get a full ELK/SG with SSL up for my configuration.

-Ben


You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a80e668e-600f-4575-9cb5-7fc3d6c85c63%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

installed ES 5.6.3
install SG plugin version
Ran the demo install
Ran sgadmin_demo
curl and browser test good on 9200

next…I will work on kibana and logstash in other server

What do I need to put on those configs for certificates?

···

On Wednesday, November 1, 2017 at 10:18:47 PM UTC-7, Ben Fallah wrote:

Ah, I know what the issue was! The bundle doesn’t have the install_demo_configuration in `/plugins/search-guard-5/tools

it is in another place and that breaks the script.

maybe I should remove bundle and install the unbundled one or modify the script!

`
On Wednesday, November 1, 2017 at 2:01:38 PM UTC-7, Ben Fallah wrote:

I was about to give up! lol! Someone with experience and knowlege and time finally answered. .Thank you

Yea, I found these three links below that I was going to go thru first…that can get me up and running with Logstash and SG on differnet nodes

TLS demo certificates
https://github.com/floragunncom/search-guard/blob/master/tools/install_demo_configuration.sh

Certificate generator
https://floragunn.com/tls-certificate-generator/


TLS for Production environments
https://github.com/floragunncom/search-guard-docs/blob/master/tls_certificates_production.md

So maybe I try demo first and see if I can get it work…and then if successful .then I can backup the POC and use our own PKI to generate and use the link above for prod env POC

On Wednesday, November 1, 2017 at 1:31:17 PM UTC-7, Search Guard wrote:

use the demo install script, that is the reason why it is there :wink:

Am 26.10.2017 um 18:12 schrieb Ben Fallah drago...@gmail.com:

Hi All,

I have two nodes for initial poc and perhaps even promote to production later on! I do have an older ELK stack running in production that we like to replace this with!

Nodes are:

front-end (nginx,kibana, logstash)

back-end (elasticserach/serachguard (ES/SG)

I like to install all latest version of ELK/searcguard the community based sources first (non-enterprise)

I have tried the bundle and moved kibana from bundle in front and was promising in access/connection, but I do see more work to be done with TLS for kibana and logstash!

So I want to stop and first ask what’s the best way to install serachugard in my situation?

Bundle might not be the best case for me as it has localhost for ES/Kibana or I might need to regenerate certificates…

Does demo ssl install script will help me?

I see search-guard-ssl examples and also search-guard-client. How do I go about using them to setup my clients and ssl situation.

What’s the best way to get a POC up with TLS up and running on all my nodes including TLS from logstash and kibana to searchguard?

Some procedure that is quick that people know it will work and address the TLS identiy and access for my case.

Backend ES/SG will be bound to external interface and same with Kibana and logstash toward ES/SG

Thank you for your time to provide the best practice/quickest way and experienced way for me to try to get a full ELK/SG with SSL up for my configuration.

-Ben


You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a80e668e-600f-4575-9cb5-7fc3d6c85c63%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.