Parameter | ||||||||
---|---|---|---|---|---|---|---|---|
|
Parameter | ||||||||
---|---|---|---|---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Tip |
---|
If none, it can be omitted |
Parameter | ||||
---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||
---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||||
---|---|---|---|---|---|---|
|
Parameter | ||||
---|---|---|---|---|
|
Parameter | ||||
---|---|---|---|---|
|
Parameter | ||||||||
---|---|---|---|---|---|---|---|---|
|
Parameter | ||||||||
---|---|---|---|---|---|---|---|---|
|
On the "caFilePath" key you enter the path where the new certificate is.
Code Block | ||
---|---|---|
| ||
"providers": [ { "name": "saga-provider", "type": "Elastic", "nodeUrls": ["http://localhost:9200"], "timestamp": "updatedAt", "indexName": "saga", "caFilePath": "", "trustAllSSL": false, "timeout": 90, "delay": 5, "retries": 3, "include": [], "exclude": [], "track_total_hits": true, "maxResults": 10000 } ] |
To connect to an Elasticsearch with basic authentication you will need to encrypt your password and add the right values to the configuration.
Follow the next steps:
In a terminal run, in Saga's root folder.
Code Block | ||||
---|---|---|---|---|
| ||||
java -jar bin/saga-secure-<version>.jar -ep=<password> -config="config/config.json" |
Update "providers" using authentication factor as "basic".
Code Block | ||
---|---|---|
| ||
"providers": [ { "name": "saga-provider", "type": "Elastic", "nodeUrls": ["http://localhost:9200"], "timestamp": "updatedAt", "indexName": "saga", "encryptionKeyFile" : "./bin/saga.ek", "caFilePath": "", "trustAllSSL": false, "authentication": "basic", "user": "<username>", "password": "<path_to_pwd_file>", "timeout": 90, "delay": 5, "retries": 3, "exclude": [] } ] |
Note |
---|
Notice the values of "user", "password" and "encryptionKeyFile" |
To connect to an Elasticsearch with Azure AD authentication you will need to set your Azure AD tenant and then you register your app in the Azure portal so the Microsoft identity platform can provide authentication and authorization services.
Follow the next steps:
Update "providers" using authentication factor as "azure".
Code Block | ||
---|---|---|
| ||
"providers": [ { "name": "filesystem-provider", "type": "FileSystem", "baseDir": "./config" }, { "name": "saga-provider", "type": "Elastic", "indexName": "saga", "nodeUrls": ["http://localhost:9200"], "caFilePath": "", "trustAllSSL": false, "authentication":"azure", "resourceId": "<resourceID>", "tenantId": "<tenantID>" "clientId": "<clientID>", "clientSecret": "<clientSecretKey>", timeout": 90, "delay": 5, "retries": 3, "maxResults": 2000000, "exclude": [] } ] |
Note |
---|
Notice the values of "resourceId", "tenantId", "clientId" and "clientSecret" using the values provided by the Azure Portal |
To connect to an Elasticsearch with AWS authentication you will need to set your Amazon Web Services credentials locally as environmental variables or get them from the ECS or EC2 credentials.
Follow the next steps:
Info | ||
---|---|---|
| ||
SagaElasticIndexer gets the credentials automatically by getting the credentials file. That is why you only need to specify region and service in the config file which is below this note. |
Update "providers" using authentication factor as "aws".
With Credential Chain Provider
Code Block | ||
---|---|---|
| ||
"providers": [ { "name": "saga-provider", "type": "Elastic", "nodeUrls": ["http://localhost:9200"], "timestamp": "updatedAt", "indexName": "saga", "encryptionKeyFile" : "./bin/saga.ek", "caFilePath": """", "trustAllSSL": false, "authentication": "aws", "awsRegion": "<region_where_the_aws_service_is_located>", "awsService": "<aws_service>", "useCredentialsProviderChain": true, "timeout": 90, "delay": 5, "retries": 3, "exclude": [] } ] |
Note |
---|
Notice the values of "awsService", "awsRegion" and "useCredentialsProviderChain" |
With Access & Secret Keys
Code Block | ||
---|---|---|
| ||
"providers": [ { "name": "saga-provider", "type": "Elastic", "nodeUrls": ["http://localhost:9200"], "timestamp": "updatedAt", "indexName": "saga", "encryptionKeyFile" : "./bin/saga.ek", "caFilePath": "", "trustAllSSL": false, "authentication": "aws", "awsRegion": "<region_where_the_aws_service_is_located>", "awsService": "<aws_service>", "awsAccessKey": "<service_access_key>", "awsSecretKey": "<service_secret_key>", "useCredentialsProviderChain": false, "timeout": 90, "delay": 5, "retries": 3, "exclude": [] } ] |
Note |
---|
Notice that now we also have the values of "awsAccessKey" and "awsSecretKey". You can ommit "useCredentialsProviderChain" if you want to |
If you are using Saga within Aspire, the configurations are the same for providers, but you will need to:
Copy Saga's encryption key file to <aspire>/bin/
Copy pwd.txt to <aspire>/bin/ as well.
Update the Saga's config file (the one within the Aspire configuration folder) to to reflect the relative path of those files:
Code Block | ||
---|---|---|
| ||
{ "config": { "security": { "encryptionKeyFile": "./bin/saga.ek" }, "libraryJars": [ "./lib" ], ... "providers": [ { "name": "filesystem-provider", "type": "FileSystem", "baseDir": "./config" }, { "name": "saga-provider", "type": "Elastic", "nodeUrls": ["http://localhost:9200"], "timestamp": "updatedAt", "indexName": "saga", "encryptionKeyFile" : "./bin/saga.ek", "caFilePath": "", "trustAllSSL": false, "authentication": "basic", "user": "<username>", "password": "<path_to_pwd_file>", "timeout": 90, "delay": 5, "retries": 3, "maxResults": 2000000 "exclude": [] } ] } |
To connect to an Elasticsearch running with security enabled (as it is by default in version 8.X) you need to add a certificate to SAGA, so SAGA can use it to make the connection to Elastic, in order to do that the steps are these:
NOTE: Save the zip file into the "certs" folder of Elasticsearch binaries root (for convenience).
Code Block | ||
---|---|---|
| ||
elasticsearch-certutil ca --pem -out <PATH_WHERE_YOU_WANT_THE_CERTS>\<NAME_OF_CERTIFICATE_AUTHORITY>.zip Example:elasticsearch-certutil ca --pem -out C:\dev\Elastic\elasticsearch-8.8.1\config\certs\ca.zip |
Code Block | ||
---|---|---|
| ||
elasticsearch-certutil cert -out <PATH_WHERE_YOU_WANT_THE_CERTS>\<NAME_OF_CERTIFICATE>.zip --name <NAME_OF_CERT> --ca-cert <PLACE_OF_CA_CREATED_EARLIER>.crt --ca-key <PLACE_OF_CA_CREATED_EARLIER>.key --pem Example:elasticsearch-certutil ca --pem -out C:\dev\Elastic\elasticsearch-8.8.1\config\certs\elastic.zip --name elastic --ca-cert C:\dev\Elastic\elasticsearch-8.8.1\config\certs\ca.crt --ca-key C:\dev\Elastic\elasticsearch-8.8.1\config\certs\ca.key |
The paths are on base the config folder inside Elastic.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents xpack.security.http.ssl: enabled: true certificate: certs/<REST_OF_THE_PATH_OF_CERTIFICATE>.crt key: certs/<REST_OF_THE_PATH_OF_CERTIFICATE>.key certificate_authorities: certs/<REST_OF_THE_PATH_OF_CERTIFICATE_AUTHORITY>.crt |
Code Block | ||||
---|---|---|---|---|
| ||||
{
"name": "saga-provider",
"type": "Elastic",
"nodeUrls": ["https://localhost:9200"],
"timestamp": "updatedAt",
"indexName": "saga",
"encryptionKeyFile" : "./bin/saga.ek",
"authentication": "basic",
"username": "<ELASTIC_USERNAME>",
"password": "<ELASTIC_PASSWORD>",
"caFilePath": "<PATH_OF_NEW_CERT>",
"trustAllSSL": false,
"timeout": 90,
"delay": 5,
"retries": 3,
"exclude": [ ]
} |
Content by Label | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Page properties | ||
---|---|---|
| ||
|