Enabling Elasticsearch Metrics to connect to a Component Pack server

For the Elasticsearch Metrics component to work with IBM Connections Component Pack, you must run a script on the Component Pack system to set the Elasticsearch server base URL in Highway. Also, WebSphere Application Server, which hosts the Metrics component, must run Java 8 and use an SSL client certificate when sending HTTPS requests to Elasticsearch on the Component Pack system.

Before you begin

Make sure that secure connections are established in your deployment, as explained in Forcing traffic to use TLS 1.2.
Important: Elasticsearch Metrics requires that the WebSphere Application Server is running Java 8. If you have a new Filenet deployment and you temporarily switched to Java 6 to update Filenet components after applying Connections 6.0 CR1, make sure that you switch back to Java 8 before you start the following procedure.

Procedure

  1. If your single sign-on solution includes IBM Security Access Manager, SiteMinder, or SPNEGO with SiteMinder, update the URLs that require basic authentication to include /metricssc/configsetter by referring to the appropriate topic:
  2. Run the configuration script as follows:
    1. On the IBM Connections Component Pack system, verify that the IBM Cloud Private boot server has the correct fully qualified hostname setting by running hostname on the server. It should return example.ibm.com. If it returns "example" you must either fix this or use --pinkhost in step 2b to set the correct value for running the script.
    2. From the extracted zip folder in microservices/hybridcloud/bin, call the script by running the following Linux command: 
      python config_blue_metrics.py --skipSslCertCheck true
      • You must use --skipSslCertCheck (set to true) on systems that use self-signed SSL certificates.
      • Use --pinkhost on IBM Connections Component Pack deployments that use a floating hostname.
      • Use --namespace on an IBM Connections Component Pack deployment where connections is not the Kubernetes namespace to use.
      Here is a sample of the output from the script:
      [Adminuser@Server127 ~]$ python config_blue_metrics.py  --skipSslCertCheck True
Updating Metrics settings on: https://Server127.yourDomain.com/metricssc/configsetter
{"c2.export.elasticsearch.baseurl" : "https://Server127.swg.usma.ibm.com:30099"}
  3. Restart MetricsEventCapture and MetricsUI through the wasadmin console.
  4. To ensure a secure connection, retrieve the PKCS12 and CA Signer certificates from these locations on the Component Pack server:

    /opt/elasticsearch/elasticsearch-metrics.p12

    /opt/elasticsearch/ca/chain-ca.pem

  5. Copy the certificate files to the Deployment Manager in a common location readable and writable by all WebSphere Application Server nodes.
  6. Now, run some wsadmin commands:
    1. Open wsadmin, making sure that you use the -lang jython option. For example, on Unix, run the following commands to open wsadmin: 
      cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
./wsadmin.sh -lang jython
    2. Run the following commands to merge the signer certificate into the elasticsearch- metrics.p12 keystore: 
      execfile('esSecurityAdmin.py')
enableSslForMetrics('KEYSTORE_FULL_PATH', 'STORE_PASSWORD', 'SIGNER_CA_FULL_PATH', 'ELASTICSEARCH_HTTPS_PORT')
quit
      For example:
      execfile('esSecurityAdmin.py')
enableSslForMetrics('/opt/IBM/elasticsearch-metrics.p12', 'Elasticsearch_CA_password', '/opt/IBM/chain-ca.pem', '30099')
      Note:
      • The password is the one that the administrator supplied for the --set_elasticsearch_ca_password option during the IBM Cloud Private install.
      • See the sample output in step 2b for where to find your HTTPS port (the HTTPS port in the example in step 2b is 30099).
  7. Copy the updated elasticsearch-metrics.p12 file from the Deployment Manager to the common location on the WebSphere Application Server nodes.