Access your index – Elastic Search queries

Posted by

HCL Component Pack is fully set-up now, you’re interested what’s going on in that mysterious elasticsearch part? In CP 6.5 you’ve been able to access the ElasticSearch data directly through the kibana pod. With CP7 this seems to be gone.

If you really want/need to access the ElasticSearch environment, you may use the following path on your own risk

Step 1: get the necessary certificates

#!/bin/sh

echo "check directory"
cwd=`pwd`
if [ ! -d "$cwd/certs" ]; then
 mkdir -p $cwd/certs
fi
version='elasticsearch-7-secret'
#version='elasticsearch-secret'
echo "extract certificates"
if [ ! -f "$cwd/certs/elasticsearch-healthcheck.crt.pem" ]; then
	kubectl view-secret -n connections $version elasticsearch-healthcheck.crt.pem > $cwd/certs/elasticsearch-healthcheck.crt.pem
fi 
if [ ! -f "$cwd/certs/elasticsearch-http.crt.pem" ]; then
	kubectl view-secret -n connections $version elasticsearch-http.crt.pem > $cwd/certs/elasticsearch-http.crt.pem
fi
if [ ! -f "$cwd/certs/elasticsearch-healthcheck.des3.key" ]; then
	kubectl view-secret -n connections $version elasticsearch-healthcheck.des3.key > $cwd/certs/elasticsearch-healthcheck.des3.key
fi

echo "done"

This script requires the kubectl krew plugins installed in your kubectl client.
Run this on your master or a client which has kubectl and the krew plugin installed to get the secrets.

Then you could use the following script as an example:

#!/bin/bash
# An util script so that you can interact with es like what official site suggested:
# for additional usage, if you need to do much more complicated operation, pls
# refer to offcial site:
# https://www.elastic.co/


set -o errexit
set -o pipefail
set -o nounset

# the directory that all cert placed
# change this to your cert directory.
cert_dir=./certs
HOST=`hostname`
URL_base="https://localhost:30098"
#CP6.5:
#URL_base="https://localhost:30099"
#CP6.5: KEY_PASS=`kubectl view-secret -n connections elasticsearch-secret elasticsearch-key-password.txt`

KEY_PASS=`kubectl view-secret -n connections elasticsearch-7-secret elasticsearch-key-password.txt`

echo "[$KEY_PASS]"
if [ "${1:-}" = "" ] || [ "${2:-}" = "" ]; then
  echo "usage: sendRequest.sh   param_method param_url [additional param]"
  echo "Request is send to es client(coordinating node) by default. add param"
  echo "to send request to es master node"
  echo "refer: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html"
  exit 107
fi

# save the HTTPS METHOD.
_method=$1
# and then shfit this argument.
# since we need to pass the rest args to curl command unchanged.
shift 1

# turn off expansion to avoid asterisk becoming current directory
set -f
# please ensure those
#   cert, password, key, cacert
# are at the right location.
response_text=$(curl \
   --insecure \
   --cert $cert_dir/elasticsearch-healthcheck.crt.pem:${KEY_PASS} \
   --key  $cert_dir/elasticsearch-healthcheck.des3.key \
   --cacert $cert_dir/elasticsearch-http.crt.pem \
   -X${_method} \
   ${URL_base}"$@")

# echo to return to caller.
echo ${response_text}
# turn expansion back to 'on'
set +f

Now you can use it like this

./sendRequest.sh GET /_cat/indices > indices.txt

Disclaimer: use at your own risk