Can't connect to elasticsearch cluster with basic auth

trevorndodds / elasticsearch-metrics

102 stars 99 forks source link

Can't connect to elasticsearch cluster with basic auth #20

Closed kamenmackay closed 6 years ago

kamenmackay commented 6 years ago

I recently added auth to my ELK stack using readonlyrest. Elasticsearch-metrics was working fine before the auth but won't connect anymore. Snooping through elasticsearch2elastic.py, I see that there is no code to handle a username/password combination and forward it as part of the request.

BBQigniter commented 6 years ago

quick and dirty

try for example at line 11: elasticServer = os.environ.get('ES_METRICS_CLUSTER_URL', 'http://my_basic_auth_user:my_basic_auth_password@server1:9200')

worked for me - it is not nice and absolutely not recommended but it works :)

keyboardfann commented 6 years ago

HI, I try put username and password in the config, but it shows Error: <urlopen error [Errno -2] Name or service not known>. So I modify the code and submit a merge request.

Config:

# ElasticSearch Cluster to Monitor
elasticServer = os.environ.get('ES_METRICS_CLUSTER_URL', 'http://elastic:xRoCwe7LRjhtploQelne@xxx:9200')
interval = int(os.environ.get('ES_METRICS_INTERVAL', '60'))

# ElasticSearch Cluster to Send Metrics
elasticIndex = os.environ.get('ES_METRICS_INDEX_NAME', 'elasticsearch_metrics')
elasticMonitoringCluster = os.environ.get('ES_METRICS_MONITORING_CLUSTER_URL', 'http://elastic:xRoCwe7LRjhtploQelne@xxx:9200')

Result:

[root@xxx ~]# python elasticsearch2elastic2.py 
Error:  <urlopen error [Errno -2] Name or service not known>
Error:  <urlopen error [Errno -2] Name or service not known>
Error:  <urlopen error [Errno -2] Name or service not known>
Error:  <urlopen error [Errno -2] Name or service not known>
Total Elapsed Time: 0.197922945023

keyboardfann commented 6 years ago

Hi @kamenmackay, The new code has merged into the master branch, could you try the new code?

Config

# Enable Elasticsearch Security
es_security_enable = True
read_username = "elastic"
read_password = "xxx"
write_username =  "elastic"
write_password =  "xxxxxx"

trevorndodds commented 6 years ago

It would be good to have an option to separate es_security enabled from both read and write. If for some reason the monitoring cluster does not use auth.

keyboardfann commented 6 years ago

The default es_security_enable is set to false and it will not use auth. If the user wants to collect info from one security cluster and send to another security cluster, they may use different user & password, so I separate it.

trevorndodds commented 6 years ago

Correct but for example my monitoring cluster doesn’t have auth yet my main cluster does. So setting a different flag for the monitoring cluster might be required.

keyboardfann commented 6 years ago

Hi @trevorndodds, I got your point, This is what I did not think about , resubmit a merge request but conflict.

trevorndodds commented 6 years ago

@keyboardfann thanks, all good now.

keyboardfann commented 6 years ago

@trevorndodds Cool, also thank your help to come out and review the feature, hope it can help others.