If you deployed Elasticsearch in your HCL
Connections™ deployment , use these
instructions to set up certificates before you configure type-ahead search.
Before you begin
Verify that the server where type-ahead search is hosted can connect to the Elasticsearch
server.
About this task
You can configure type-ahead search using either the stand-alone Elasticsearch server or the
Elasticsearch component of the Component Pack for Connections. Both metrics and type-ahead search
use Elasticsearch, they share the destination server URL and some certificate information. Check the
following steps to determine if they are required to be run type-ahead search servers, if
Elasticsearch has already been enabled.
Procedure
-
If metrics is not already enabled, then enable the type-ahead search service by completing the
following steps to provide the Elasticsearch URL and port:
If you enabled metrics, then this information was configured at that time.
-
Open wsadmin and start the Search service by running the following commands.
Linux example:
cd /opt/IBM/WebSphere/DeploymentManager/profiles/Dmgr01/bin
./wsadmin.sh -lang jython -user User_name -password Password
execfile('searchAdmin.py')
-
On the server where type-ahead search is hosted, run the following SearchService administration
command, which sets the URL that type-ahead search should use to connect to the Elasticsearch
instance:
SearchService.setESQuickResultsBaseUrl(url)
For
example:
SearchService.setESQuickResultsBaseUrl("https://example.org:30099")
For information on running SearchService commands, see SearchService commands.
-
If metrics is not already enabled, or metrics and type-ahead search will be hosted in different
WebSphere clusters, complete the following steps to ensure that both features can access the
certificate information.
If metrics is enabled and is hosted in the same WebSphere cluster as search, skip this step and
proceed to the next topic.
-
To ensure a secure connection to Elasticsearch, retrieve the PKCS12 and CA Signer certificates
from the Elasticsearch server.
If you are using the Component Pack Elasticsearch, run the following commands on the primary
Kubernetes master to retrieve the files:
kubectl get secret elasticsearch-secret -n connections -o=jsonpath="{.data['chain-ca\.pem']}" | base64 -d > chain-ca.pem
kubectl get secret elasticsearch-secret -n connections -o=jsonpath="{.data['elasticsearch-metrics\.p12']}" | base64 -d > elasticsearch-metrics.p12
-
Copy the certificate files to the Deployment Manager in a common location readable and writable
by all WebSphere® Application Server users.
-
Open wsadmin by running the following commands.
Linux example:
cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
./wsadmin.sh -lang jython -user User_name -password Password
-
Run the following command to merge the signer certificate into the
elasticsearch_metrics.p12
keystore:
execfile('esSearchAdmin.py')
enableSslForESSearch('Keystore_full_path', 'Store_password', 'Signer_CA_full_path', 'Elasticsearch_HTTPS_port')
quit
-
Copy the updated elasticsearch_metrics.p12 file from the Deployment
Manager to the same location on the WebSphere®
Application Server nodes.