Community Articles

Setting up Log Search SSL and HTTPS

A keystore and a truststore are required for this setup. These instructions assume that you have already created .jks for the keystore and truststore

1. Create keystore location

a. Keystore Setup

Place the keystore in /etc/security/certs/ and else by using a symlink you can point to another location of your keystore.jks

b. Ensure log search user can read the keystore

chown logsearch:hadoop *.keyStore.jks

2. Create a truststore for logsearch:

a. Cert signed by CA:

i. Copy the keystore into <host>.trustStore.jks

ii. Create a symlink to this similar to the keystore

/etc/security/certs/truststore.jks -> /etc/security/certs/<host>.trustStore.jks

b. Ensure log search user can read the trust store

chown logsearch:hadoop *.trustStore.jks

3. Update Ambari configuration

a. Update logsearch UI Protocol to https

b. Update Trust store location ( logsearch_truststore_location ) and password

c. Update Keystore location ( logsearch_keystore_location ) and password

4. Restart log search server

UPDATE Logsearch Alert in Ambari

Once the Log Search is configured to be accessed using SSL, the following steps are to be performed to update the Alert Definition of "Log Search Web UI" to check https URL.

Note: Please replace the variables with appropriate values for your cluster ( Admin credentials, Ambari host and Cluster name )

1. GET Alert Definition ID.

Execute the below command, by replacing the variables with appropriate values. and search for logsearch_ui section

curl -s -k -u $AMB_USER:$AMB_PASS -H 'X-Requested-By: ambari' -X GET http://<Ambari_HOST>:8443/api/v1/clusters/<CLUSTER_NAME>/alert_definitions

Sample output for logsearch_ui section:

{

"href" : "http://sandbox.hortonworks.com:8443/api/v1/clusters/sandbox/alert_definitions/451",

"AlertDefinition" : {

"cluster_name" : “sandbox",

"id" : 451,

"label" : "Log Search Web UI",

"name" : "logsearch_ui"

}

},

2. GET the Alert Definition.

Use the href value from the above step's sample output to get the Alert Definition of "Log Search Web UI" by executing the below command.

curl -s -k -u $AMB_USER:$AMB_PASS -H 'X-Requested-By: ambari' -X GET http://sandbox.hortonworks.com:8443/api/v1/clusters/sandbox/alert_definitions/451

Sample Output:

{

"href" : "http://sandbox.hortonworks.com.com:8443/api/v1/clusters/sandbox/alert_definitions/451",

"AlertDefinition" : {

"cluster_name" : “sandbox",

"component_name" : "LOGSEARCH_SERVER",

"description" : "This host-level alert is triggered if the Log Search UI is unreachable.",

"enabled" : true,

"help_url" : null,

"id" : 451,

"ignore_host" : false,

"interval" : 1,

"label" : "Log Search Web UI",

"name" : "logsearch_ui",

"repeat_tolerance" : 1,

"repeat_tolerance_enabled" : false,

"scope" : "ANY",

"service_name" : "LOGSEARCH",

"source" : {

"reporting" : {

"critical" : {

"text" : "Connection failed to {1} ({3})"

},

"ok" : {

"text" : "HTTP {0} response in {2:.3f}s"

},

"warning" : {

"text" : "HTTP {0} response from {1} in {2:.3f}s ({3})"

}

},

"type" : "WEB",

"uri" : {

"http": "{{logsearch-env/logsearch_ui_port}}",

"https": "{{logsearch-env/logsearch_ui_port}}",

"default_port": 61888,

"connection_timeout": 5

}

}

}

}

3. Create a temp file with new variables. Create a temp file (in this example: logsearch_uri) with below contents to update the URI sections to include https_property and https_property_value variables and values.

logsearch_uri file contents:

{

"AlertDefinition": {

"source": {

"reporting": {

"ok": {

"text": "HTTP {0} response in {2:.3f}s"

},

"warning": {

"text": "HTTP {0} response from {1} in {2:.3f}s ({3})"

},

"critical": {

"text": "Connection failed to {1} ({3})"

}

},

"type": "WEB",

"uri": {

"http": "{{logsearch-env/logsearch_ui_port}}",

"https": "{{logsearch-env/logsearch_ui_port}}",

"https_property": "{{logsearch-env/logsearch_ui_protocol}}",

"https_property_value": "https",

"default_port": 61888,

"connection_timeout": 5

}

}

}

}

4. PUT the updated Alert Definition.

Execute the below command to update the Alert Definition using logsearch_uri file created in the previous step. There will be no output to displayed after the execution of this command.

curl -s -k -u $AMB_USER:$AMB_PASS -H 'X-Requested-By: ambari' -X PUT -d @logsearch_uri http://sandbox.hortonworks.com:8443/api/v1/clusters/sandbox/alert_definitions/451

5. Validate the update

Execute again the get Alert Definition command (as below) and verify the https_property and https_propert_value are now part of uri section.

curl -s -k -u $AMB_USER:$AMB_PASS -H 'X-Requested-By: ambari' -X GET http://sandbox.hortonworks.com:8443/api/v1/clusters/sandbox/alert_definitions/451

Sample Output:

{

"href" : "http://sandbox.hortonworks.com:8443/api/v1/clusters/sandbox/alert_definitions/451",

"AlertDefinition" : {

"cluster_name" : “sandbox",

"component_name" : "LOGSEARCH_SERVER",

"description" : "This host-level alert is triggered if the Log Search UI is unreachable.",

"enabled" : true,

"help_url" : null,

"id" : 451,

"ignore_host" : false,

"interval" : 1,

"label" : "Log Search Web UI",

"name" : "logsearch_ui",

"repeat_tolerance" : 1,

"repeat_tolerance_enabled" : false,

"scope" : "ANY",

"service_name" : "LOGSEARCH",

"source" : {

"reporting" : {

"critical" : {

"text" : "Connection failed to {1} ({3})"

},

"ok" : {

"text" : "HTTP {0} response in {2:.3f}s"

},

"warning" : {

"text" : "HTTP {0} response from {1} in {2:.3f}s ({3})"

}

},

"type" : "WEB",

"uri" : {

"http": "{{logsearch-env/logsearch_ui_port}}",

"https": "{{logsearch-env/logsearch_ui_port}}",

"https_property": "{{logsearch-env/logsearch_ui_protocol}}",

"https_property_value": "https",

"default_port": 61888,

"connection_timeout": 5

}

}

}

}

NOTE: In the first if you had disabled Alert Definition for "Log Search Web UI" in Ambari, then Enable it again, else wait for the time interval for alert check to execute.