Enabling security with the security tool
Use the
security tool (ssltool.py) to enable
security for the cluster management console (webgui), RESTful
APIs (rest), Elastic Stack (elk-*), instance groups
(instancegroups), notebooks (notebooks), or for all components.
Enabling security involves generating
TLS server certificates to encrypt information, and then configuring
components to use those certificates for security. The
security tool provides both of these functions:
- Certificate generation
- First, the security tool generates server certificates, which
start from a root certificate:
- If you provide a root certificate, the security tool generates the server certificates signed by the provided root.
- If you do not provide a certificate, the security tool first generates a self-signed root certificate, and then generates server certificates signed by that root.
- Security configuration
- After the tool generates the server certificates, it automatically configures
security using these certificates.
The security tool uses parameters from the ssltool.conf file to configure security. It uses the defaults set in that file, or any modifications you may have made to the defaults.
Before you begin
- Python 2.7.5 or higher must be installed on your hosts.
- You must be a cluster administrator to run ssltool.py.
- To
use the SSL tool, ensure that you include the JRE bin directory in your
operating system PATH; for
example:
export PATH=$EGO_TOP/jre/4.0/operating_system_type/bin:$PATH
About this task
The ssltool.py tool and a README.txt file are located in the $EGO_TOP/4.0/scripts/ssltool/ directory. For detailed usage information, refer to this file.
To learn about enabling security between system daemons or components, see IBM Spectrum Conductor and security.