Does transport-coucbase support XDCR TLS encryption?


This has also been posted as an issue on the elasticsearch-transport GitHub repo but there doesn’t seem to be much activity there as this question has been asked by more people going back to 2015. So I am trying my luck here.

I’m trying to set up a XDCR Couchbase -> Elasticsearch replication to an ES-cluster secured with TLS(SearchGuard) for both transport and http, but it’s not working as expected…

  • Does the transport-plugin support XDCR with TLS encryption?
  • Is it possible to use the transport-plugin together with a secured ES-cluster(e.g. Shield or SearchGuard).
  • If the plugin support XSCR TLS. What certificate should we provide when setting up the remote cluster in CB?

If I set up a XDCR without TLS. I get the following error from CB:
cannot find remote cluster err = Failed to connect to cluster reference remoteCluster/XR-5xSFvC00J3G_o5Uazs7Wnd9BloouymtYpVBRe_Gs=

And in my ES log, I get this warning:
[2017-02-21 15:23:32,424][WARN ][org.eclipse.jetty.servlet.ServletHandler] /pools/default/buckets
ElasticsearchSecurityException[unauthenticated request indices:data/read/get for user User [name=_sg_internal, roles=[]]]

Perhaps someone has a better way of getting the data from Couchbase over to Elasticsearch in a secure way?

Best Regards,

Hi Viktor - this is a limitation of how the connector is built today. I explained a bit more about this here:

One update I can give you, although it doesn’t help you today, is that Couchbase is planning to rework the Elasticsearch Connector architecture in 2017 anyway so that we can properly support ES 5.x, and we will likely get SSL support in when we do that. That work won’t start for some months though. Hope that helps,