Search Guard Security
Search Guard is a security system that can be used to protect Elasticsearch clusters.
When secured, a cluster requires the use of keystores, truststores, and user / password authentication to be accessed.
This page explains how to work with Search Guard in Semarchy xDI.
|We recommand to learn the basics in Getting Started With Elasticsearch Component before following this page.
The first step is to retrieve and add in your Elasticsearch Module the Search Guard third-party libraries.
Make sure to use the same third-party libraries versions between Search Guard and Elasticsearch
|We cannot provide the exact list of third-party libraries as it depends on the Search Guard and Elasticsearch versions. In most cases, the required third-party libraries can be found in the lib/ folder of the Elasticsearch server installation.
Below, an example of libraries for the 2.4.1 version of Elasticsearch and Search Guard
Open the Elasticsearch Metadata and configure it as follow.
Set the HTTP user and password
Set the Path Home
Open the Security tab and fill the Security settings
The HTTP user and password will be used when performing reverse operations on the cluster.
This is the login asked when trying to access the cluster from a browser, for instance.
The Path Home is the Elasticsearch installation path on the server.
You can use "." to tell the Elasticsearch driver to use the current installation.
The Security settings are defined in Security tab.
The security settings allow to define the location and properties of the Key Store and Trust Store that will be used by the Runtime when executing Elasticsearch flows.
The Key Store and Trust Store to use are the ones authorized on SearchGuard.
The following propertie are available:
Set it to true to enable the security
The Java class to use for security.
Location of the Key Store file. The Runtime must be able to access it.
Key Store Type
Key Store Type (JKS or PKCS12)
Key Store Password
Password of the Key Store file.
Location of the Trust Store file. The Runtime must be able to access it.
Trust Store Type
Trust Store Type (JKS or PKCS12)
Trust Store Password
Password of the Trust Store file.
That’s it, Semarchy xDI is now ready to work with Search Guard secured Elasticsearch clusters.
You can design your Mappings and Processes as usual.
The security will be handled by the Metadata and the Runtime.