CMK version: 2.0.0p19 (CRE)
OS version: Centos 7.9
We have recently upgraded out elastic stack to use TLS ( inter node ) and HTTPS ( browser <> Kibana )
The elasticsearch integration was working fine before this change however now it doesnt seem to get any data.
I have updated the user credentials however that didnt help. Has anyone tried monitoring elastic stack using TLS encryption if yes, are there any additional steps on Checkmk / Elasticsearch sides to get this data via checkmk agent ?
Hi.
The Elasticsearch check collect the data over https protocol. After changing the protocol, did you check that ES is reachable from outsite and the port is bind to all interfaces?
RG, Christian
I set the protocol to HTTPS, i am not able to get data from shell and get "curl: (52) Empty reply from server" when i try to access ES from checkmk server.
There is one interface and ES is bind to it, also i can telnet on port 9200 fine.
@ChristianM I am able to get index info from checkmk host. I was missing the https earlier while trying with curl, i have selected the https option in checkmk UI however not getting the data there. Any idea what may be wrong ?
I dug in bit more and seems like the cert is the problem
Error: HTTPSConnectionPool(host='XXXXXXX', port=9200): Max retries exceeded with url: /_cluster/health (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: self signed certificate in certificate chain (_ssl.c:1125)')))
I was able to get data after adding the certs in checkmk after getting them using below command
openssl s_client -connect XXXX:9200 -showcerts
Please consider this issue resolved.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.