OpenShift Log Aggregation - Directly querying elasticsearch

Solution In Progress - Updated -

Issue

  • A client requirement has arisen in which directly querying the elasticsearch instance as provided by the the OpenShift log aggregation deployment.

  • Looking at the elasticsearch pod, I've noted that there are 3 ACL's configured system.logging.fluentd, system.logging.kibana and system.admin

  • For this specific requirement, read access to all indices will be required (and hence will be using the system.admin ACL).

  • I'd like to find out where I can find the cert and keypair for the system.admin user? I've extracted the fluent and kibana certs/key pairs from the pods directly, but unfortunately neither have sufficient privileges:

curl -XGET -k -E ./cert.pem --key ./key 'https://172.30.x.x:9200/_cat/count'
{"error":"ForbiddenException[Attempt from null to _all indices for indices:data/read/count and User [name=system.logging.kibana, roles=[]]]","status":403}

I've also looked at the trustedstore java kestore but it does not appear to contain a key.

Environment

  • Red Hat OpenShift Container Platform
    • 3.0+

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content