Community Articles

The Log Search service may use SSL for three things:

1. Encrypt communication between Solr and the Log Search Server / Log Feeders
2. Encrypt communication with the portal by using https protocol
3. Encrypt communication with the Ambari Server for authentication

In all of these cases the Log Search Server should have a trust store / key store available which should be configured in the logsearch-env.sh file. In case #1 the Log Feeders should also have a trust store / key store available which should be configured in logfeeder-env.sh.

How to configure to use SSL in these cases?

For all cases you should configure the stores for the Portal (and the Log Feeders in case of #1), see below how to do it.

Using SSL for the communication with Solr you should configure your Solr server to use SSL.

Using https as the portal protocol you should set the property Advanced logsearch-env / logsearch_ui_protocol to https. If you are not using Ambari you should add (or update the value of) logsearch.protocol=https to the file /etc/ambari-logsearch-portal/conf/logsearch.properties.

Using https for authentication with Ambari Server you should set up the Ambari Server to use https.

How to configure the stores for the Portal and the Log Feeders?

Using Ambari to install Log Search all you have to do is to set the location of the stores, the type of the stores and also the password for the stores at Advanced logsearch-env and Advanced logfeeder-env.

Without Ambari you should set the locations and the types at the env files:

Log Search Server (/etc/ambari-logsearch-portal/conf/logsearch-env.sh):

export LOGSEARCH_SSL="true"
export LOGSEARCH_KEYSTORE_LOCATION=...
export LOGSEAERCH_KEYSTORE_TYPE=...
export LOGSEARCH_TRUSTSTORE_LOCATION=...
export LOGSEARCH_TRUSTSTORE_TYPE=...

Log Feeder (/etc/ambari-logsearch-logfeeder/conf/logfeeder-env.sh):

export LOGFEEDER_SSL="true"
export LOGFEEDER_KEYSTORE_LOCATION=...
export LOGFEEDER_KEYSTORE_TYPE=...
export LOGFEEDER_TRUSTSTORE_LOCATION=...
export LOGFEEDER_TRUSTSTORE_TYPE=...

You should also enter the passwords into the following files as plain text:

• /etc/ambari-logsearch-portal/conf/keys/ks_pass.txt
• /etc/ambari-logsearch-portal/conf/keys/ts_pass.txt
• /etc/ambari-logsearch-logfeeder/conf/keys/ks_pass.txt
• /etc/ambari-logsearch-logfeeder/conf/keys/ts_pass.txt

Should I create the stores myself?

Starting from Ambari 2.5 the Log Search Server creates the key store containing a self signed certificate if

• it is not present at the specified location
• it's type is jks

With this key store and the certificate you will be able to use https for the portal. I you don't want to use the default key store, or don't want to use a jks key store, or you want to use SSL for the communication with Solr, or the Ambari Server you should create your own key store and trust store.

Here is a sample command how to create a store containing a self signed certificate with openssl:

sudo keytool -genkeypair -alias logsearch -keyalg RSA -keysize 2048 -keypass bigdata -storepass bigdata -validity 9999 -keystore /etc/security/serverKeys/logsearch.keyStore.jks -ext SAN=DNS:c6401.ambari.apache.org,IP:192.168.64.101,IP:127.0.0.1 -dname "CN=c6401.ambari.apache.org, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country" -rfc