Hi, Am Donnerstag, Mai 03, 2018 16:27 CEST, Stuart Henderson <s...@spacehopper.org> schrieb:
> On 2018/05/03 15:54, Sebastian Reitenbach wrote: > > Hi, > > > > Am Freitag, April 27, 2018 13:58 CEST, Pavel Korovin <p...@tristero.se> > > schrieb: > > > > > Dear all, > > > > > > Please find updates for > > > sysutils/logstash > > > textproc/elasticsearch > > > www/kibana > > > and new sysutils/x-pack port attached. > > > > > > I installed/updated all but the x-pack, but I still don't get logstash > > starting up with beats plugin with SSL enabled, > > seems I still hit: > > https://github.com/logstash-plugins/logstash-input-beats/issues/188 > > "still" -> sounds like this isn't any worse with the updates? with the current logstash 2.4.0, I can setup SSL between filebeat and logstash. The "still" refers to other intermediate versions I tried from the 5.x logstash series. > > > Here's my beats input config snippet, otherwise, using more or less the > > defaults that the updated package installs: > > > > cat /etc/logstash/conf.d/filebeat.yml > > > > > > input { > > beats { > > host => "127.0.0.1" > > port => 12364 > > ssl => true > > ssl_certificate => "/etc/logstash/logstash.crt" > > ssl_key => "/etc/logstash/logstash.key" > > ssl_certificate_authorities => [ "/etc/logstash/logstash-ca.crt" ] > > ssl_verify_mode => "force_peer" > > cipher_suites => [ 'TLS_RSA_WITH_AES_256_CBC_SHA' ] > > # cipher_suites => [ 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' ] > > } > > } > > ... > > > > > > I tried to play with different ciphers, but to no avail. Some more info I > > added to the issue mentioned above. > > But maybe I'm missing something obvious, so if someone gets the beats input > > to work with SSL I'm all ears > > I'm not using any of this stuff, but could this be as simple as having > to build OpenBSD .so files for netty-tcnative (similar to what I'm having > to do for snappy-java with net/unifi)? > I checked what you did there, and that might work. A quick try building netty-tcnactive following instructions here: http://netty.io/wiki/forked-tomcat-native.html#building-on-linux It failed on me like this: however, it quickly fails like this for me: [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary: [INFO] [INFO] Netty/TomcatNative [Parent] 2.0.9.Final-SNAPSHOT ... SUCCESS [ 29.771 s] [INFO] Netty/TomcatNative [OpenSSL - Dynamic] ............. FAILURE [ 9.080 s] [INFO] Netty/TomcatNative [OpenSSL - Static] .............. SKIPPED [INFO] Netty/TomcatNative [BoringSSL - Static] ............ SKIPPED [INFO] Netty/TomcatNative [LibreSSL - Static] 2.0.9.Final-SNAPSHOT SKIPPED [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 44.556 s [INFO] Finished at: 2018-05-04T14:47:03+02:00 [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:compile (default-compile) on project netty-tcnative: Compilation failure -> [Help 1] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:compile (default-compile) on project netty-tcnative: Compilation failure at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:213) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:154) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:146) .... and I'm lost here, that doesn't tell me anything. My Maven/java knowledge is rather limited. However, when it even would come to build boringssl-static,I guess the boringssl-static/pom.xml might need some tweaks as well, adding some OpenBSD target. Sebastian
