No matter what technology we are working with, we always need to be mindful of security. Big data platforms are certainly no exception, as they can contain massive amounts of sensitive data that must be protected. Elasticsearch has made securing your cluster very easy with native security configurations and tools to ensure that your data is only accessible to authorized users. In this hands-on lab, you will have the opportunity to encrypt the client network of an Elasticsearch cluster in order to protect the integrity and privacy of API requests between a client and an Elasticsearch node.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Configure client network encryption.
Using the Secure Shell (SSH), log in to each node as
cloud_user
via the public IP address.Become the
root
user with:sudo su -
Add the following to
/etc/elasticsearch/elasticsearch.yml
on each node:xpack.security.http.ssl.enabled: true xpack.security.http.ssl.keystore.path: certificate.p12 xpack.security.http.ssl.truststore.path: certificate.p12
- Restart Elasticsearch.
Restart Elasticsearch with:
systemctl restart elasticsearch