diff --git a/docs/reference/settings/security-settings.asciidoc b/docs/reference/settings/security-settings.asciidoc index 20983ae2aeb8e..41b268da6244f 100644 --- a/docs/reference/settings/security-settings.asciidoc +++ b/docs/reference/settings/security-settings.asciidoc @@ -333,7 +333,7 @@ role mappings are not considered. Defaults to `false`. `files.role_mapping`:: The {xpack-ref}/security-files.html[location] for the {xpack-ref}/mapping-roles.html#mapping-roles[ YAML role mapping configuration file]. Defaults to -`CONFIG_DIR/role_mapping.yml`. +`ES_PATH_CONF/role_mapping.yml`. `follow_referrals`:: Specifies whether {security} should follow referrals returned @@ -499,7 +499,7 @@ considered. Defaults to `false`. `files.role_mapping`:: The {xpack-ref}/security-files.html[location] for the YAML -role mapping configuration file. Defaults to `CONFIG_DIR/role_mapping.yml`. +role mapping configuration file. Defaults to `ES_PATH_CONF/role_mapping.yml`. `user_search.base_dn`:: The context to search for a user. Defaults to the root @@ -724,7 +724,7 @@ for SSL. This setting cannot be used with `certificate_authorities`. `files.role_mapping`:: Specifies the {xpack-ref}/security-files.html[location] of the {xpack-ref}/mapping-roles.html[YAML role mapping configuration file]. -Defaults to `CONFIG_DIR/role_mapping.yml`. +Defaults to `ES_PATH_CONF/role_mapping.yml`. `cache.ttl`:: Specifies the time-to-live for cached user entries. A user and a hash of its diff --git a/x-pack/docs/en/security/auditing/output-logfile.asciidoc b/x-pack/docs/en/security/auditing/output-logfile.asciidoc index 849046bdb9db0..ee33f618f9665 100644 --- a/x-pack/docs/en/security/auditing/output-logfile.asciidoc +++ b/x-pack/docs/en/security/auditing/output-logfile.asciidoc @@ -47,7 +47,7 @@ audited in plain text when including the request body in audit events. [[logging-file]] You can also configure how the logfile is written in the `log4j2.properties` -file located in `CONFIG_DIR`. By default, audit information is appended to the +file located in `ES_PATH_CONF`. By default, audit information is appended to the `_access.log` file located in the standard Elasticsearch `logs` directory (typically located at `$ES_HOME/logs`). The file rolls over on a daily basis. diff --git a/x-pack/docs/en/security/authentication/configuring-file-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-file-realm.asciidoc index 8555902e503d3..683da76bb7b99 100644 --- a/x-pack/docs/en/security/authentication/configuring-file-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/configuring-file-realm.asciidoc @@ -5,7 +5,7 @@ You can manage and authenticate users with the built-in `file` internal realm. All the data about the users for the `file` realm is stored in two files on each node in the cluster: `users` and `users_roles`. Both files are located in -`CONFIG_DIR/` and are read on startup. +`ES_PATH_CONF` and are read on startup. [IMPORTANT] ============================== @@ -50,7 +50,7 @@ xpack: . Restart {es}. -. Add user information to the `CONFIG_DIR/users` file on each node in the +. Add user information to the `ES_PATH_CONF/users` file on each node in the cluster. + -- @@ -76,7 +76,7 @@ IMPORTANT: As the administrator of the cluster, it is your responsibility to -- -. Add role information to the `CONFIG_DIR/users_roles` file on each node +. Add role information to the `ES_PATH_CONF/users_roles` file on each node in the cluster. + -- diff --git a/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc index 6ea9b243aad4d..e32c9eb5300b3 100644 --- a/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc @@ -56,7 +56,7 @@ xpack: group_search: base_dn: "dc=example,dc=com" files: - role_mapping: "CONFIG_DIR/role_mapping.yml" + role_mapping: "ES_PATH_CONF/role_mapping.yml" unmapped_groups_as_roles: false ------------------------------------------------------------ diff --git a/x-pack/docs/en/security/authorization/managing-roles.asciidoc b/x-pack/docs/en/security/authorization/managing-roles.asciidoc index 6ee5d9d39bbf2..b8a01aa4519c6 100644 --- a/x-pack/docs/en/security/authorization/managing-roles.asciidoc +++ b/x-pack/docs/en/security/authorization/managing-roles.asciidoc @@ -137,7 +137,7 @@ see {ref}/security-api-roles.html[Role Management APIs]. === File-based role management Apart from the _Role Management APIs_, roles can also be defined in local -`roles.yml` file located in `CONFIG_DIR`. This is a YAML file where each +`roles.yml` file located in `ES_PATH_CONF`. This is a YAML file where each role definition is keyed by its name. [IMPORTANT] diff --git a/x-pack/docs/en/security/reference/files.asciidoc b/x-pack/docs/en/security/reference/files.asciidoc index dcf673d9a9f26..ac4cc0aa201ee 100644 --- a/x-pack/docs/en/security/reference/files.asciidoc +++ b/x-pack/docs/en/security/reference/files.asciidoc @@ -1,23 +1,23 @@ [[security-files]] === Security Files -The {security} uses the following files: +{security} uses the following files: -* `CONFIG_DIR/roles.yml` defines the roles in use on the cluster +* `ES_PATH_CONF/roles.yml` defines the roles in use on the cluster (read more <>). -* `CONFIG_DIR/elasticsearch-users` defines the users and their hashed passwords for +* `ES_PATH_CONF/elasticsearch-users` defines the users and their hashed passwords for the <>. -* `CONFIG_DIR/elasticsearch-users_roles` defines the user roles assignment for the +* `ES_PATH_CONF/elasticsearch-users_roles` defines the user roles assignment for the the <>. -* `CONFIG_DIR/role_mapping.yml` defines the role assignments for a +* `ES_PATH_CONF/role_mapping.yml` defines the role assignments for a Distinguished Name (DN) to a role. This allows for LDAP and Active Directory groups and users and PKI users to be mapped to roles (read more <>). -* `CONFIG_DIR/log4j2.properties` contains audit information (read more +* `ES_PATH_CONF/log4j2.properties` contains audit information (read more <>). [[security-files-location]] diff --git a/x-pack/docs/en/security/securing-communications/tls-ad.asciidoc b/x-pack/docs/en/security/securing-communications/tls-ad.asciidoc index d189501f1e2a5..2421925f08ebe 100644 --- a/x-pack/docs/en/security/securing-communications/tls-ad.asciidoc +++ b/x-pack/docs/en/security/securing-communications/tls-ad.asciidoc @@ -37,7 +37,7 @@ xpack: domain_name: ad.example.com url: ldaps://ad.example.com:636 ssl: - certificate_authorities: [ "CONFIG_DIR/cacert.pem" ] + certificate_authorities: [ "ES_PATH_CONF/cacert.pem" ] -------------------------------------------------- The CA cert must be a PEM encoded certificate. diff --git a/x-pack/docs/en/security/securing-communications/tls-ldap.asciidoc b/x-pack/docs/en/security/securing-communications/tls-ldap.asciidoc index b7f0b7d300590..1ffc667cd33c1 100644 --- a/x-pack/docs/en/security/securing-communications/tls-ldap.asciidoc +++ b/x-pack/docs/en/security/securing-communications/tls-ldap.asciidoc @@ -29,7 +29,7 @@ xpack: order: 0 url: "ldaps://ldap.example.com:636" ssl: - certificate_authorities: [ "CONFIG_DIR/cacert.pem" ] + certificate_authorities: [ "ES_PATH_CONF/cacert.pem" ] -------------------------------------------------- The CA certificate must be a PEM encoded. diff --git a/x-pack/docs/en/security/troubleshooting.asciidoc b/x-pack/docs/en/security/troubleshooting.asciidoc index 0bc043abd35cc..a8bf0a50b0340 100644 --- a/x-pack/docs/en/security/troubleshooting.asciidoc +++ b/x-pack/docs/en/security/troubleshooting.asciidoc @@ -125,7 +125,7 @@ The role definition might be missing or invalid. |====================== To help track down these possibilities, add the following lines to the end of -the `log4j2.properties` configuration file in the `CONFIG_DIR`: +the `log4j2.properties` configuration file in the `ES_PATH_CONF`: [source,properties] ----------------