Elasticsearch
Elasticsearch in HCL Connections Componentpack is secured with Searchguard and needs certificates to work properly. These certificates are generated by bootstrap during the initial container deployment with helm
.
These certificates are valid for 10 years (chain_ca.pem
) or 2 years (elasticsearch*.pem
) and stored in the Kubernetes secrets elasticsearch-secret
, elasticsearch-7-secret
. So when your HCL Connections deployment is running for 2 years, the certficates stop working.
Last week I played around with the HCL Connections documentation to backup Elasticsearch in the article Backup Elasticsearch Indices in Component Pack .
In the end I found that I couldn’t get the snapshot restored and that I have to run a command outside of my Kubernetes cluster to get a snapshot on a daily basis. That’s not what I want.
During a migration from Cognos Metrics to Elasticsearch Metrics, I had some issues with the index. So I wanted to create a backup of the already migrated data and start over from scratch.
The official documentation has an article on the topic: Backing up and restoring data for Elasticsearch-based components , but I had to slightly adjust the commands to get a successful snapshot.
Last Update: Read in about 6 min
CVE-2021-44228 was a very serious problem end of 2021, and we are still finding new occurrences, or security teams scan servers and find vulnerable log4j files. Don’t get me wrong most of these occurrences are not vulnerable any more, because the JVM is hardened like in the Elasticsearch 7 containers, or they use of the JVM parameter -Dlog4j2.formatMsgNoLookups=true
.
Today I activated Elasticsearch Metrics and Typeahead Search on my demo HCL Connections cluster .
To my surprise the indices weren’t created and I got errors on the wsadmin.sh
commands.
SearchService.createESQuickResultsIndex()
I checked the Elasticsearch pods which showed a running state, but the logs showed following messages:
Last Update: Read in about 3 min
With IBM Connections 6 you can deploy the additional component Orient Me , which provides the first microservices which will build the new IBM Connections pink. Orient Me is installed on top of IBM Spectrum Conductor for Containers (CFC) a new product to help with clustering and orchestrating of the Docker containers.
Last Update: Read in about 5 min