Versions Compared

Old Version 32

changes.mady.by.user Mr. Schmittberger

Saved on

compared with

New Version 33

changes.mady.by.user Technische Redaktion

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This guide describes how to install the yuuvis® RAD metrics-manager.

...

  • core-service
    • Navigate to the logging configuration of the REST-WS gui page at http://<gateway>/rest-ws/#PAGE:monitor/logging

    • Set the logger "com.os.ecm.ws.metrics" to the log level "TRACE".
      Make sure that "use parent handler" is not checked.

    • The change takes immediate effect.
  • service-manager
    • Edit the file <service-manager>\config\application-prod.yml
    • Set the parameter "monitoring.trace.enabled" to true
    • Save the file and restart the service-manager

...

The list of e-mail recipients is globally defined in the file <metrics-manager>\config\elastalert\elastalert.yaml file in the 'email' field. The value can either be a single address or an array of addresses in the form ["recipient@one", "recipient@two", ...]. You can also overwrite this list within the rule - files.


Enabling HTTPS

...

Communication

To enable HTTPS communication for Kibana (external) and/or for Elasticsearch, Logstash, Metricbeat and Filebeat (internal) follow the below instructions:

...

  • For Kibana a SSL/TLS certifcate in .cer / .crt and .key format is required. Place these two files in the folder <mertrics-manager>\config folder
  • Open th file the <metrics-manager>\config\kibana.yml file for editing 
    • Uncomment the following three lines and replace "certificate.cer" and "certificate.key" with the file names of your certificate files
      server.ssl.enabled: true
      server.ssl.certificate: ../../../config/certificate.cer
      server.ssl.key: ../../../config/certificate.key

    • Find the below lines and replace the hostname with the exact hostname defined in the certificate
      server.host: "metrics.optimal-systems.de"
      server.name: "metrics.optimal-systems.de"

    • Find the below line and change the protocol from http to https:
      server.publicBaseUrl: "https://metrics.optimal-systems.de:5601"

      (warning) Note: Do the following only if you're also enable enabling HTTPS for elasticsearch:
    • Find the below line and change the protocol from http to https:
      elasticsearch.hosts: ["https://metrics.optimal-systems.de:5200"]

    • Find the below line and uncomment it. If the used certificate is self-signed, set the value to 'none" else , otherwise leave it at 'full'
      elasticsearch.ssl.verificationMode: none
  • Save the file and restart Kibana. It is now accessible via "via https://metrics.optimal-systems.de:5601".

Elasticsearch

To enable HTTPS in elasticsearch, a certificate in .p12 format (the same as for the gateway - microservice) can be used. If Elasticsearch is set to HTTPS communication, the configuration of Kibana and Logstash needs to be changed so that https is used for communication with Elasticsearch. This can be done by following the below steps:

  • Elasticsearch
    • Place the certificate file in the folder <metrics-manager>\config\elasticsearch folder.
    • Edit the file <metrics <metrics-manager>\config\elasticsearch\elasticsearch.yml file.
    • Add the following lines at the end of the file. Replace certificate.p12 with the filename of your certificate and 'password' with the password for your certificate
      xpack.security.http.ssl.enabled: true
      xpack.security.http.ssl.verification_mode: certificate
      xpack.security.http.ssl.keystore.path: certificate.p12
      xpack.security.http.ssl.keystore.password: password

    • Save the file and restart Elasticsearch. It is now available at https://<certificate-hostname>:5200

  • Kibana 
    • If not already configured in the above steps (Kibana), follow these steps to use https communication with Elasticsearch.
    • Find the below line and change the protocol from http to https:
      elasticsearch.hosts: ["https://<certificate-hostname>:5200"]

    • Find the below line and uncomment it. If the used certificate is self-signed, set the value to 'none" else , otherwise leave it at 'full'
      elasticsearch.ssl.verificationMode: none

  • Logstash
    • Edit the file <metrics-manager>\config\logstash\logstash.conf file.
    • Find the following lines and change the url from http://<ip>:5200 to https://<certificate-hostname>:5200
      output {
          elasticsearch {
              hosts => ["https://metrics.optimal-systems.de:5200"]

Logstash

  • For Logstash a SSL/TLS certifcate in .cer / .crt and .key format is required. The .key file needs to be in unencrypted PKCS8 format. Place these two files in the folder <mertrics-manager>\config\logstash folder.

  • Open the file <metrics-manager>\config\logstash\logstash.conf file and expand the input section to look like below:

    Code Block
    languagejava
    input {
  # input from filebeat
  beats {
    # the port to listen on
    port => 5044
    ssl => true
    ssl_certificate => "D:\yuuvis\metrics-manager\config\logstash\certificate.cer"
    ssl_key => "D:\yuuvis\metrics-manager\config\logstash\certificate.key"
    ssl_verify_mode => "none"
  }
}

    Replace the certificate.cer and certificate.key file names with the actual names of the certificate files. If the certificate is self-signed use 'ssl_verify_mode" with value "none" (as shown above) else . Else, use "force_peer" as the value. Only absolute paths are valid.

...