Cluster Administration - UI Access and Security Configuration

Cluster Administration and Operations tools are available using special URL's available on node 1 ip address of the cluster.  These WebUI's are secured with a password configured during deployment.  This section also covers how to change passwords on admin tool UI and change the self signed cert on the webUI to a signed certificate.

• URL to Access Admin UI's
• How to add a signed cert to user login GUI

URL to Access Admin UI's

1. Solr index engine - allows index health status, document count, index size, error messages, advanced queries for administrators only.
   1. https://x.x.x.x/solr
      
2. Kafka Message processing - used to process file ingestions for full and incremental jobs.   HA features and cluster wide view of processing of messages.
   1. https://x.x.x.x/kafka-manager
      
3. How to Access
   1. Access the URL enter the user "ecaadmin" and the password that was configured during deployment.

How to add a signed cert to user login GUI

Best Practice:

1. Access the WebUI from node 1 and create a DNS entry for node to create a FQDN to create a signed cert.
2. The objective is to install the signed cert for nginx ECA Node-1
3. Create A record in DNS name for ECA Node-1 and verify with nslookup.. Example eca1.domain.com
4. SSH to ECA Node-1 as ecaadmin
5. cd /opt/superna/eca/conf/nginx
6. Verify that the nginx.key is there with ls -la 
7. Create csr with that key file
   1. Command: openssl req -key nginx.key -new -out nginx.csr
   2. SCP the nginx.csr file for signing
   3. Or type cat nginx.csr and copy and paste the text to submit for signing.
8. When it is asked about the Common Name: provide the fqdn of ECA Node-1 (the name registered in DNS e.g. search.domain.com)
9. With that CSR certificate submit the request to Certificate Authority at your enterprise
   1. NOTE: These steps are CA specific, consult with your security team
10. Once received the signed certificate encoded in PEM format
    1. scp (use WinSCP for WIndows) and copy this file to ECA-1 under /opt/superna/eca/conf/nginx with name nginx.crt
    2.  NOTE: if not in PEM format, convert to PEM format or ask your Security team for pem format
    3. Replace existing nginx.crt certificate with this new  signed CA certificate.
    4. mv nginx.crt nginx.crt.bak (backup old file)
    5. cp /pathtonewfile/nginx.crt to /opt/superna/eca/conf/nginx/nginx.crt 
11. Restart nginx
    1. ecactl containers stop nginx
    2. ecactl containers start nginx
12. Or bring down and up the ECA cluster to push the config to all the other ECA nodes
    1. ecactl cluster down
    2. ecactl cluster up
13. Verify the certificate when accessing the UI (e.g. https://FQDN)