This has also been posted as an issue on the elasticsearch-transport GitHub repo but there doesn’t seem to be much activity there as this question has been asked by more people going back to 2015. So I am trying my luck here.
I’m trying to set up a XDCR Couchbase -> Elasticsearch replication to an ES-cluster secured with TLS(SearchGuard) for both transport and http, but it’s not working as expected…
- Does the transport-plugin support XDCR with TLS encryption?
- Is it possible to use the transport-plugin together with a secured ES-cluster(e.g. Shield or SearchGuard).
- If the plugin support XSCR TLS. What certificate should we provide when setting up the remote cluster in CB?
If I set up a XDCR without TLS. I get the following error from CB:
cannot find remote cluster err = Failed to connect to cluster reference remoteCluster/XR-5xSFvC00J3G_o5Uazs7Wnd9BloouymtYpVBRe_Gs=
And in my ES log, I get this warning:
[2017-02-21 15:23:32,424][WARN ][org.eclipse.jetty.servlet.ServletHandler] /pools/default/buckets
ElasticsearchSecurityException[unauthenticated request indices:data/read/get for user User [name=_sg_internal, roles=]]
Perhaps someone has a better way of getting the data from Couchbase over to Elasticsearch in a secure way?