Table of Contents

Search

  1. Preface
  2. Upgrade Overview
  3. Pre-Upgrade Tasks
  4. Database Tasks
  5. Application Server Tasks
  6. Hub Store Upgrade
  7. Hub Server Upgrade (In-place Upgrade)
  8. Process Server Upgrade (In-place Upgrade)
  9. Resource Kit Upgrade (In-place Upgrade)
  10. Post-Upgrade Tasks
  11. Search Configuration Upgrade
  12. ActiveVOS Post-Installation Tasks for the Application Server
  13. ActiveVOS Post-Upgrade Tasks for Business Entity Adapter
  14. ActiveVOS Post-Upgrade Tasks for Subject Areas Adapter
  15. Troubleshooting the Upgrade Process
  16. Frequently Asked Questions
  17. Processing Existing ActiveVOS Tasks
  18. Configuring Metadata Caching

Upgrading from Version 9.7.1

Upgrading from Version 9.7.1

Secure the Elasticsearch Cluster

Secure the Elasticsearch Cluster

To secure the Elasticsearch cluster, configure the Search Guard security plugin. To configure the security plugin, edit the Search Guard sample configuration files, which include the required settings.
If you use certificates created by the
sip_ant
script, do not edit the sample configuration files.
  1. Find the Search Guard sample configuration files in the following directory:
    <elasticsearch installation directory>/plugins/search-guard-6/sgconfig
  2. If you did not use the
    sip_ant
    script to create the security certificates, use a text editor to open the files, and edit the parameters.
    Configuration File
    Purpose
    Required Edit
    sg_config.yml
    Authentication and authorization configuration
    Update the
    username_attribute
    . Default is
    cn
    .
    sg_roles.yml
    User role configuration
    Add the
    sg_mdm_access
    role for the MDM Hub. The role is required, because the client and administrator certificates for Elasticsearch are different and need to be mapped to this role.
    sg_role_mapping.yml
    User role mappings configuration
    Map the common name of the client certificate to the
    sg_mdm_access
    role. By default, the administrator and client roles are mapped to the common name of the client certificate
    CN=EsClient
    .
For more information about Search Guard configuration files, see the Search Guard documentation.

0 COMMENTS

We’d like to hear from you!