vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/css/umn/css_01_0182.html
Wuwan, Qi 050b395397 CSS UMN 23.2.1 20230926 
Reviewed-by: Kacur, Michal <michal.kacur@t-systems.com>
Co-authored-by: Wuwan, Qi <wuwanqi1@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-committed-by: Wuwan, Qi <wuwanqi1@noreply.gitea.eco.tsi-dev.otc-service.com>
2024-01-10 14:23:15 +00:00

397 lines
34 KiB
HTML
Raw Blame History

<a name="css_01_0182"></a><a name="css_01_0182"></a>
<h1 class="topictitle1">Connecting to a Dedicated Load Balancer</h1>
<div id="body0000001463438465"><p id="css_01_0182__en-us_topic_0000001463438465_p105781732162710">This section describes how to connect a CSS cluster to a dedicated load balancer.</p>
<div class="section" id="css_01_0182__en-us_topic_0000001463438465_section97785366278"><h4 class="sectiontitle">(Optional) Preparing a Self-signed Certificate</h4><p id="css_01_0182__en-us_topic_0000001463438465_p157451236141219">If the target ELB listener uses the HTTP protocol, skip this step.</p>
<p id="css_01_0182__en-us_topic_0000001463438465_p74355207612">Prepare and upload a self-signed certificate.</p>
<div class="note" id="css_01_0182__en-us_topic_0000001463438465_note053135603617"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="css_01_0182__en-us_topic_0000001463438465_p195321456203615">You are advised to use a certificate purchased in Cloud Certificate Manager (CCM) or issued by an authoritative organization.</p>
</div></div>
<ol id="css_01_0182__en-us_topic_0000001463438465_ol1862432210578"><li id="css_01_0182__en-us_topic_0000001463438465_li116241622155719">Log in to a Linux client where the OpenSSL tool and JDK are installed.</li><li id="css_01_0182__en-us_topic_0000001463438465_li178371116195818">Run the following commands to create a self-signed certificate:<div class="codecoloring" codetype="Bash" id="css_01_0182__en-us_topic_0000001463438465_screen7701624391"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre> 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73</pre></div></td><td class="code"><div class="highlight"><pre><span></span>mkdir ca
mkdir server
mkdir client
<span class="c1">#Use OpenSSL to create a CA certificate.</span>
<span class="nb">cd</span> ca
<span class="c1">#Create the OpenSSL configuration file ca_cert.conf for the CA certificate.</span>
cat &gt;ca_cert.conf <span class="s">&lt;&lt;EOF</span>
<span class="s">[ req ]</span>
<span class="s">distinguished_name = req_distinguished_name</span>
<span class="s">prompt = no</span>
<span class="s">[ req_distinguished_name ]</span>
<span class="s"> O = ELB</span>
<span class="s">EOF</span>
<span class="c1">#Create private key file ca.key for the CA certificate.</span>
openssl genrsa -out ca.key <span class="m">2048</span>
<span class="c1">#Create the CSR file ca.csr for the CA certificate.</span>
openssl req -out ca.csr -key ca.key -new -config ./ca_cert.conf
<span class="c1">#Create a self-signed CA certificate ca.crt.</span>
openssl x509 -req -in ca.csr -out ca.crt -sha1 -days <span class="m">5000</span> -signkey ca.key
<span class="c1">#Convert the CA certificate format to p12.</span>
openssl pkcs12 -export -clcerts -in ca.crt -inkey ca.key -out ca.p12
<span class="c1">#Convert the CA certificate format to JKS.</span>
keytool -importkeystore -srckeystore ca.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore ca.jks
<span class="c1">#Use the CA certificate to issue a server certificate.</span>
<span class="nb">cd</span> ../server
<span class="c1">#Create the OpenSSL configuration file server_cert.conf for the server certificate. Change the CN field to the domain name or IP address of the server as required.</span>
cat &gt;server_cert.conf <span class="s">&lt;&lt;EOF</span>
<span class="s">[ req ]</span>
<span class="s">distinguished_name = req_distinguished_name</span>
<span class="s">prompt = no</span>
<span class="s">[ req_distinguished_name ]</span>
<span class="s"> O = ELB</span>
<span class="s"> CN = 127.0.0.1</span>
<span class="s">EOF</span>
<span class="c1">#Create the private key file server.key for the server certificate.</span>
openssl genrsa -out server.key <span class="m">2048</span>
<span class="c1">#Create the CSR request file server.csr for the server certificate.</span>
openssl req -out server.csr -key server.key -new -config ./server_cert.conf
<span class="c1">#Use the CA certificate to issue the server certificate server.crt.</span>
openssl x509 -req -in server.csr -out server.crt -sha1 -CAcreateserial -days <span class="m">5000</span> -CA ../ca/ca.crt -CAkey ../ca/ca.key
<span class="c1">#Convert the server certificate format to p12.</span>
openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12
<span class="c1">#Convert the service certificate format to JKS.</span>
keytool -importkeystore -srckeystore server.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore server.jks
<span class="c1">#Use the CA certificate to issue a client certificate.</span>
<span class="nb">cd</span> ../client
<span class="c1">#Create the OpenSSL configuration file client_cert.conf for the client certificate. Change the CN field to the domain name or IP address of the server as required.</span>
cat &gt;client_cert.conf <span class="s">&lt;&lt;EOF</span>
<span class="s">[ req ]</span>
<span class="s">distinguished_name = req_distinguished_name</span>
<span class="s">prompt = no</span>
<span class="s">[ req_distinguished_name ]</span>
<span class="s">O = ELB</span>
<span class="s">CN = 127.0.0.1</span>
<span class="s">EOF</span>
<span class="c1">#Create private key client.key for the client certificate.</span>
openssl genrsa -out client.key <span class="m">2048</span>
<span class="c1">#Create the CSR file client.csr for the client certificate.</span>
openssl req -out client.csr -key client.key -new -config ./client_cert.conf
<span class="c1">#Use the CA certificate to issue the client certificate client.crt.</span>
openssl x509 -req -in client.csr -out client.crt -sha1 -CAcreateserial -days <span class="m">5000</span> -CA ../ca/ca.crt -CAkey ../ca/ca.key
<span class="c1">#Convert the client certificate to a p12 file that can be identified by the browser.</span>
openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
<span class="c1">#Convert the client certificate format to JKS.</span>
keytool -importkeystore -srckeystore client.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore client.jks
</pre></div>
</td></tr></table></div>
</li><li id="css_01_0182__en-us_topic_0000001463438465_li1350483916585">Upload the self-signed certificate. For details, see the section "Configuring the Server Certificate and Private Key" in <em id="css_01_0182__i4183184311263">Elastic Load Balance User Guide</em><a href="https://docs.otc.t-systems.com/elastic-load-balancing/umn/advanced_features_of_http_https_listeners/mutual_authentication.html#configuring-the-server-certificate-and-private-key" target="_blank" rel="noopener noreferrer">Configuring the Server Certificate and Private Key</a>.</li></ol>
</div>
<div class="section" id="css_01_0182__en-us_topic_0000001463438465_section7323118163219"><h4 class="sectiontitle">Creating a Dedicated Load Balancer</h4><ol id="css_01_0182__en-us_topic_0000001463438465_ol103047454109"><li id="css_01_0182__en-us_topic_0000001463438465_li33041445101014">Log in to the ELB management console.</li><li id="css_01_0182__en-us_topic_0000001463438465_li121361146181017">Create a dedicated load balancer. For details, see <a href="https://docs.otc.t-systems.com/elastic-load-balancing/umn/load_balancer/creating_a_dedicated_load_balancer.html" target="_blank" rel="noopener noreferrer">Creating a Dedicated Load Balancer</a>. <a href="#css_01_0182__en-us_topic_0000001463438465_table937081413137">Table 1</a> describes the parameters required for connecting a CSS cluster with a dedicated load balancer.
<div class="tablenoborder"><a name="css_01_0182__en-us_topic_0000001463438465_table937081413137"></a><a name="en-us_topic_0000001463438465_table937081413137"></a><table cellpadding="4" cellspacing="0" summary="" id="css_01_0182__en-us_topic_0000001463438465_table937081413137" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for interconnecting a CSS cluster with a dedicated load balancer</caption><thead align="left"><tr id="css_01_0182__en-us_topic_0000001463438465_row73711814201312"><th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.3.2.2.3.2.4.1.1"><p id="css_01_0182__en-us_topic_0000001463438465_p637112149139">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.3.2.2.3.2.4.1.2"><p id="css_01_0182__en-us_topic_0000001463438465_p5371161431311">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.3.2.2.3.2.4.1.3"><p id="css_01_0182__en-us_topic_0000001463438465_p0371114121318">Example</p>
</th>
</tr>
</thead>
<tbody><tr id="css_01_0182__en-us_topic_0000001463438465_row637191431312"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p63719141134">Type</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.2 "><p id="css_01_0182__en-us_topic_0000001463438465_p18257539145">Load balancer type. Select <strong id="css_01_0182__en-us_topic_0000001463438465_b842613297441">Dedicated</strong>.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.3 "><p id="css_01_0182__en-us_topic_0000001463438465_p18256534146">Dedicated</p>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row4371131411316"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p1535014931516">Billing Mode</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.2 "><p id="css_01_0182__en-us_topic_0000001463438465_p163501496156">Billing mode of the dedicated load balancer.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.3 "><p id="css_01_0182__en-us_topic_0000001463438465_p335012911159">Pay-per-use</p>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row1837111441320"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p95351639101512">Region</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.2 "><p id="css_01_0182__en-us_topic_0000001463438465_p7535133921519">Region where the CSS cluster is located.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.3 "><p id="css_01_0182__en-us_topic_0000001463438465_p5371121481311">-</p>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row14371181411315"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p12504560158">IP as Backend Servers</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.2 "><p id="css_01_0182__en-us_topic_0000001463438465_p1350105651510">A CSS cluster can be connected only after the cross-VPC backend is enabled.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.3 "><p id="css_01_0182__en-us_topic_0000001463438465_p55045615159">Enabled</p>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row1337110143138"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p43718146133">Network Type</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.2 "><p id="css_01_0182__en-us_topic_0000001463438465_p1971182516196">Type of the network used by the load balancer to provide services for external systems.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.3 "><p id="css_01_0182__en-us_topic_0000001463438465_p1223575501619">Private IPv4 network</p>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row1437121419133"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p2089963362015">VPC</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.2 "><p id="css_01_0182__en-us_topic_0000001463438465_p684815252017">VPC where the load balancer works. This parameter is mandatory no matter which network type is selected.</p>
<p id="css_01_0182__en-us_topic_0000001463438465_p12899133362014">Select the VPC of the CSS cluster</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.3 "><p id="css_01_0182__en-us_topic_0000001463438465_p14899173322014">-</p>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row337181431316"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p1262014288218">Subnet</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.2 "><p id="css_01_0182__en-us_topic_0000001463438465_p283710412210">Subnet where the load balancer is to be created. This parameter is mandatory no matter which network type is selected.</p>
<p id="css_01_0182__en-us_topic_0000001463438465_p2620172810217">Select the subnet of the CSS cluster</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.3 "><p id="css_01_0182__en-us_topic_0000001463438465_p1162113282213">-</p>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row18576310218"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p1758231192117">Specifications</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.2 "><p id="css_01_0182__en-us_topic_0000001463438465_p682012565229">You are advised to select <strong id="css_01_0182__en-us_topic_0000001463438465_b1455414417347">Application load balancing (HTTP/HTTPS)</strong>, which provides better functions and performance.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.2.3.2.4.1.3 "><p id="css_01_0182__p260011248348">Application load balancing (HTTP/HTTPS)</p>
<p id="css_01_0182__en-us_topic_0000001463438465_p12820145672211">Small I</p>
</td>
</tr>
</tbody>
</table>
</div>
</li></ol>
</div>
<div class="section" id="css_01_0182__section1566363619613"><h4 class="sectiontitle">Interconnecting with a Load Balancer</h4><div class="note" id="css_01_0182__note1750016921710"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="css_01_0182__p35012099174">A cluster in security mode with HTTPS access enabled does not support HTTP protocol authentication. If you need to enable HTTP protocol authentication, disable the security mode of the cluster.</p>
<p id="css_01_0182__p4377126162316">Before changing the security mode, disable load balancing. After the security mode is changed, enable load balancing.</p>
</div></div>
<ol id="css_01_0182__ol1470215481661"><li id="css_01_0182__li1670216481163">Log in to the <span id="css_01_0182__text1661195141510">CSS</span> management console.</li><li id="css_01_0182__li139707915916">On the <span class="uicontrol" id="css_01_0182__uicontrol18713153416168"><b>Clusters</b></span> page, select the cluster you want to connect to the load balancer and click the cluster name. The cluster basic information page is displayed.</li><li id="css_01_0182__li1121323131018">In the navigation pane, choose <span class="uicontrol" id="css_01_0182__uicontrol5708134010101"><b>Load Balancing</b></span>. Toggle on the load balancing switch and configure basic load balancing information.<ul id="css_01_0182__ul13680511121513"><li id="css_01_0182__li17680511101518"><strong id="css_01_0182__b242175411346">Load Balancer</strong>: Select a created load balancer. You can also click <strong id="css_01_0182__b1410919554423">Create Load Balancer</strong> to create one.</li><li id="css_01_0182__li1252133791512"><strong id="css_01_0182__b3451959133410">Agency</strong>: Select an agency name. If no agency is available, click <strong id="css_01_0182__b818617388169">Create Agency</strong> to create one. The selected agency must have the <strong id="css_01_0182__b20187133812162">ELB Administrator</strong> and <strong id="css_01_0182__b1118773817164">ELB FullAccess</strong> permissions.<div class="fignone" id="css_01_0182__fig25293718154"><span class="figcap"><b>Figure 1 </b>Enabling load balancing</span><br><span><img id="css_01_0182__image1752737131512" src="en-us_image_0000001714802149.png"></span></div>
</li></ul>
</li><li id="css_01_0182__li13232203721215">Click <span class="uicontrol" id="css_01_0182__uicontrol11593165434116"><b>OK</b></span>. The listener configuration page is displayed.<div class="fignone" id="css_01_0182__fig1098915587195"><span class="figcap"><b>Figure 2 </b>Creating a listener</span><br><span><img id="css_01_0182__image498985817194" src="en-us_image_0000001667002386.png"></span></div>
</li><li id="css_01_0182__li1672965911411">In the <strong id="css_01_0182__b841885710452">Listener Configuration</strong> area, click <span><img id="css_01_0182__image137423386411" src="en-us_image_0000001666842670.png"></span> to configure listener information.<div class="fignone" id="css_01_0182__fig9367028279"><span class="figcap"><b>Figure 3 </b>Configuring a listener</span><br><span><img id="css_01_0182__image1836811215278" src="en-us_image_0000001714922005.png"></span></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="css_01_0182__table145381018102516" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Listener configuration information</caption><thead align="left"><tr id="css_01_0182__row1453731811254"><th align="left" class="cellrowborder" valign="top" width="23.49%" id="mcps1.3.4.3.5.4.2.3.1.1"><p id="css_01_0182__p10537418182518">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="76.51%" id="mcps1.3.4.3.5.4.2.3.1.2"><p id="css_01_0182__p2537418172512">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="css_01_0182__row953741820251"><td class="cellrowborder" valign="top" width="23.49%" headers="mcps1.3.4.3.5.4.2.3.1.1 "><p id="css_01_0182__p65370181250">Frontend Protocol</p>
</td>
<td class="cellrowborder" valign="top" width="76.51%" headers="mcps1.3.4.3.5.4.2.3.1.2 "><p id="css_01_0182__p12537181872516">The protocol used by the client and listener to distribute traffic.</p>
<p id="css_01_0182__p1253741817253">Select a protocol as required.</p>
</td>
</tr>
<tr id="css_01_0182__row1853721842519"><td class="cellrowborder" valign="top" width="23.49%" headers="mcps1.3.4.3.5.4.2.3.1.1 "><p id="css_01_0182__p1537141819253">Frontend Port</p>
</td>
<td class="cellrowborder" valign="top" width="76.51%" headers="mcps1.3.4.3.5.4.2.3.1.2 "><p id="css_01_0182__p165372186250">The port used by the client and listener to distribute traffic.</p>
<p id="css_01_0182__p453711872520">For example, 9200. You need to specify this parameter as required.</p>
</td>
</tr>
<tr id="css_01_0182__row3538161814252"><td class="cellrowborder" valign="top" width="23.49%" headers="mcps1.3.4.3.5.4.2.3.1.1 "><p id="css_01_0182__p8537201872513">SSL Authentication</p>
</td>
<td class="cellrowborder" valign="top" width="76.51%" headers="mcps1.3.4.3.5.4.2.3.1.2 "><p id="css_01_0182__p16537118182519">Authentication mode for the client to access the server.</p>
<p id="css_01_0182__p1353811812514">Select a parsing mode as required.</p>
</td>
</tr>
<tr id="css_01_0182__row1653811186253"><td class="cellrowborder" valign="top" width="23.49%" headers="mcps1.3.4.3.5.4.2.3.1.1 "><p id="css_01_0182__p1553814189257">Server Certificate</p>
</td>
<td class="cellrowborder" valign="top" width="76.51%" headers="mcps1.3.4.3.5.4.2.3.1.2 "><p id="css_01_0182__p19538818112514">The server certificate is used for SSL handshake negotiation. The certificate content and private key must be provided.</p>
<p id="css_01_0182__p253812185252">When <strong id="css_01_0182__b510962217475">SSL Authentication</strong> is set to <strong id="css_01_0182__b510914223471">Two-way authentication</strong>, this parameter is mandatory.</p>
</td>
</tr>
<tr id="css_01_0182__row16538151818253"><td class="cellrowborder" valign="top" width="23.49%" headers="mcps1.3.4.3.5.4.2.3.1.1 "><p id="css_01_0182__p155381518152515">CA Certificate</p>
</td>
<td class="cellrowborder" valign="top" width="76.51%" headers="mcps1.3.4.3.5.4.2.3.1.2 "><p id="css_01_0182__p135381518112513">Also called client CA public key certificate. It is used to verify the issuer of a client certificate.</p>
<p id="css_01_0182__p95381818182517">When the HTTPS two-way authentication is enabled, an HTTPS connection can be established only when the client can provide the certificate issued by a specified CA.</p>
<p id="css_01_0182__p3538318152518">This parameter is mandatory only when the <strong id="css_01_0182__b4930162434810">Frontend Protocol</strong> is set to <strong id="css_01_0182__b593011241481">HTTPS</strong>.</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="css_01_0182__li899511109616">(Optional) In the <strong id="css_01_0182__b6717135314814">Connection Mode</strong> area, you can click <span class="uicontrol" id="css_01_0182__uicontrol1715131213459"><b>Settings</b></span> next to <span class="uicontrol" id="css_01_0182__uicontrol135716924515"><b>Access Control</b></span> to configure the IP addresses or network segments that are allowed to access the system. If you do not set the IP addresses or network segments, all IP addresses are allowed to access the system by default.<div class="fignone" id="css_01_0182__fig143211234133315"><span class="figcap"><b>Figure 4 </b>Configuring access control</span><br><span><img id="css_01_0182__image932112344332" src="en-us_image_0000001666842658.png"></span></div>
</li></ol>
<div class="p" id="css_01_0182__p115811230920">In the <strong id="css_01_0182__b1225912011115">Health Check</strong> area, you can view the health check result of each node IP address. The following table describes the health check results.
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="css_01_0182__table498210896" frame="border" border="1" rules="all"><thead align="left"><tr id="css_01_0182__row109822018917"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.4.2.1.3.1.1"><p id="css_01_0182__p8982801591">Health Check Result</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.4.2.1.3.1.2"><p id="css_01_0182__p17982601697">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="css_01_0182__row8982110799"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.4.2.1.3.1.1 "><p id="css_01_0182__p1198250192">Normal</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.4.2.1.3.1.2 "><p id="css_01_0182__p18983403917">The IP address of the node is properly connected.</p>
</td>
</tr>
<tr id="css_01_0182__row189830016919"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.4.2.1.3.1.1 "><p id="css_01_0182__p49831701891">Abnormal</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.4.2.1.3.1.2 "><p id="css_01_0182__p89831302910">The node IP address is connected and unavailable.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="section" id="css_01_0182__en-us_topic_0000001463438465_section6525113933311"><h4 class="sectiontitle">Accessing a Cluster Using the Curl Command</h4><p id="css_01_0182__en-us_topic_0000001463438465_p76791918153519">Run the following commands to check whether the dedicated load balancer can be connected to a cluster.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="css_01_0182__en-us_topic_0000001463438465_table4446327845" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Commands for accessing different clusters</caption><thead align="left"><tr id="css_01_0182__en-us_topic_0000001463438465_row4446127145"><th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.5.3.2.4.1.1"><p id="css_01_0182__en-us_topic_0000001463438465_p54462271544">Security Mode</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="20%" id="mcps1.3.5.3.2.4.1.2"><p id="css_01_0182__en-us_topic_0000001463438465_p114467271947">Service Form Provided by ELB for External Systems</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="60%" id="mcps1.3.5.3.2.4.1.3"><p id="css_01_0182__en-us_topic_0000001463438465_p3582618154718">Curl Command for Accessing a Cluster</p>
</th>
</tr>
</thead>
<tbody><tr id="css_01_0182__en-us_topic_0000001463438465_row2447527049"><td class="cellrowborder" rowspan="3" valign="top" width="20%" headers="mcps1.3.5.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p1044715275413">Non-security</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.5.3.2.4.1.2 "><p id="css_01_0182__en-us_topic_0000001463438465_p1544712276420">No authentication</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.5.3.2.4.1.3 "><pre class="screen" id="css_01_0182__en-us_topic_0000001463438465_screen1747520910129">curl http://<i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname12300182561212">IP</span></i>:9200</pre>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row889765821011"><td class="cellrowborder" valign="top" headers="mcps1.3.5.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p78978581104">One-way authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.5.3.2.4.1.2 "><pre class="screen" id="css_01_0182__en-us_topic_0000001463438465_screen12237201218113">curl -k --cert ./client.crt --key ./client.key https://<i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname16705161931118">IP</span></i>:9200</pre>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row9447132710410"><td class="cellrowborder" valign="top" headers="mcps1.3.5.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p544711271341">Two-way authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.5.3.2.4.1.2 "><pre class="screen" id="css_01_0182__en-us_topic_0000001463438465_screen149821446191116">curl --cacert ./ca.crt --cert ./client.crt --key ./client.key https://<i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname9483927412">IP</span></i>:9200</pre>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row11447172714420"><td class="cellrowborder" rowspan="3" valign="top" width="20%" headers="mcps1.3.5.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p1044712271441">Security mode + HTTP</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.5.3.2.4.1.2 "><p id="css_01_0182__en-us_topic_0000001463438465_p17447727547">Password authentication</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.5.3.2.4.1.3 "><pre class="screen" id="css_01_0182__en-us_topic_0000001463438465_screen0777171751218">curl http://<i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname1955572217129">IP</span></i>:9200 -u <i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname115297311313">user</span></i>:<i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname5529437139">pwd</span></i></pre>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row129161432141217"><td class="cellrowborder" valign="top" headers="mcps1.3.5.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p4916332141216">One-way authentication + Password authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.5.3.2.4.1.2 "><pre class="screen" id="css_01_0182__en-us_topic_0000001463438465_screen10521175018129">curl -k --cert ./client.crt --key ./client.key https://<i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname398915511123">IP</span></i>:9200 -u <i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname631114061314">user</span></i>:<i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname376432131312">pwd</span></i></pre>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row1944819273415"><td class="cellrowborder" valign="top" headers="mcps1.3.5.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p194314694019">Two-way authentication + Password authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.5.3.2.4.1.2 "><pre class="screen" id="css_01_0182__en-us_topic_0000001463438465_screen12973123219133">curl --cacert ./ca.crt --cert ./client.crt --key ./client.key https://<i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname1046819361137">IP</span></i>:9200 -u <i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname181422402133">user</span></i>:<i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname22483439131">pwd</span></i></pre>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row24487273416"><td class="cellrowborder" rowspan="2" valign="top" width="20%" headers="mcps1.3.5.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p166041448144519">Security mode + HTTPS</p>
</td>
<td class="cellrowborder" valign="top" width="20%" headers="mcps1.3.5.3.2.4.1.2 "><p id="css_01_0182__en-us_topic_0000001463438465_p1144818274413">One-way authentication + Password authentication</p>
</td>
<td class="cellrowborder" valign="top" width="60%" headers="mcps1.3.5.3.2.4.1.3 "><pre class="screen" id="css_01_0182__en-us_topic_0000001463438465_screen724944101418">curl -k --cert ./client.crt --key ./client.key https://<i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname82494451420">IP</span></i>:9200 -u <i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname122496481412">user</span></i>:<i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname9249844143">pwd</span></i></pre>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row60175261311"><td class="cellrowborder" valign="top" headers="mcps1.3.5.3.2.4.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p7932175719401">Two-way authentication + Password authentication</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.5.3.2.4.1.2 "><pre class="screen" id="css_01_0182__en-us_topic_0000001463438465_screen72497412141">curl --cacert ./ca.crt --cert ./client.crt --key ./client.key https://<i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname324916410142">IP</span></i>:9200 -u <i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname324924161417">user</span></i>:<i><span class="varname" id="css_01_0182__en-us_topic_0000001463438465_varname424974171411">pwd</span></i></pre>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="css_01_0182__en-us_topic_0000001463438465_table111741414338" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Variables</caption><thead align="left"><tr id="css_01_0182__en-us_topic_0000001463438465_row91731411337"><th align="left" class="cellrowborder" valign="top" width="23.7%" id="mcps1.3.5.4.2.3.1.1"><p id="css_01_0182__en-us_topic_0000001463438465_p14171714153311">Variable</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="76.3%" id="mcps1.3.5.4.2.3.1.2"><p id="css_01_0182__en-us_topic_0000001463438465_p417131412333">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="css_01_0182__en-us_topic_0000001463438465_row192601805113"><td class="cellrowborder" valign="top" width="23.7%" headers="mcps1.3.5.4.2.3.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p19261218155110">IP</p>
</td>
<td class="cellrowborder" valign="top" width="76.3%" headers="mcps1.3.5.4.2.3.1.2 "><p id="css_01_0182__en-us_topic_0000001463438465_p42611819514">ELB IP address</p>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row131711473319"><td class="cellrowborder" valign="top" width="23.7%" headers="mcps1.3.5.4.2.3.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p4171147336">user</p>
</td>
<td class="cellrowborder" valign="top" width="76.3%" headers="mcps1.3.5.4.2.3.1.2 "><p id="css_01_0182__en-us_topic_0000001463438465_p111791417336">Username for accessing the CSS cluster</p>
</td>
</tr>
<tr id="css_01_0182__en-us_topic_0000001463438465_row161711420338"><td class="cellrowborder" valign="top" width="23.7%" headers="mcps1.3.5.4.2.3.1.1 "><p id="css_01_0182__en-us_topic_0000001463438465_p17171149336">pwd</p>
</td>
<td class="cellrowborder" valign="top" width="76.3%" headers="mcps1.3.5.4.2.3.1.2 "><p id="css_01_0182__en-us_topic_0000001463438465_p11713147339">Password of the user</p>
</td>
</tr>
</tbody>
</table>
</div>
<p id="css_01_0182__en-us_topic_0000001463438465_p55581652155510">If the Elasticsearch cluster information is returned, the connection is successful. For example, if a security cluster using the HTTPS protocol is connected to a load balancer using two-way authentication, the information shown in <a href="#css_01_0182__en-us_topic_0000001463438465_fig17880115545713">Figure 5</a> is returned.</p>
<div class="fignone" id="css_01_0182__en-us_topic_0000001463438465_fig17880115545713"><a name="css_01_0182__en-us_topic_0000001463438465_fig17880115545713"></a><a name="en-us_topic_0000001463438465_fig17880115545713"></a><span class="figcap"><b>Figure 5 </b>Accessing a cluster</span><br><span><img id="css_01_0182__en-us_topic_0000001463438465_image488018557576" src="en-us_image_0000001667002382.png"></span></div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="css_01_0184.html">(Optional) Interconnecting with a Dedicated Load Balancer</a></div>
</div>
</div>
View Git Blame Copy Permalink