Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DOCS] Secure settings specified per node #31621

Conversation

albertzaharovits
Copy link
Contributor

It might not be obvious that SecureSettings need to be specified per node. If there's a mistake, and a node misses a setting, then the exception should be informative in most cases. It is not informative in the case of the S3 plugin. This might cause frustration, as per: https://discuss.elastic.co/t/is-repository-s3-plugin-fixed-in-6-3/135997/3

Even if this arguably does not mend the source of frustration (S3 plugin should not quietly default to using instance credentials), I think the proposed doc mention is not superfluous.

@albertzaharovits albertzaharovits added >docs General docs changes :Core/Infra/Settings Settings infrastructure and APIs v7.0.0 v6.4.0 v6.3.1 labels Jun 27, 2018
@albertzaharovits albertzaharovits self-assigned this Jun 27, 2018
@albertzaharovits albertzaharovits requested a review from rjernst June 27, 2018 18:18
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-core-infra

@albertzaharovits albertzaharovits requested a review from lcawl June 27, 2018 18:20
@@ -16,6 +16,10 @@ Elasticsearch.
NOTE: The elasticsearch keystore currently only provides obfuscation. In the future,
password protection will be added.

These settings, just like the ones in the regular `elasticsearch.yml` config file,
need to be specified for each cluster node. These are node-specific settings,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest maybe changing to "... need to be specified on each node in the cluster."

@@ -16,6 +16,10 @@ Elasticsearch.
NOTE: The elasticsearch keystore currently only provides obfuscation. In the future,
password protection will be added.

These settings, just like the ones in the regular `elasticsearch.yml` config file,
need to be specified for each cluster node. These are node-specific settings,
although they usually have the same value on every node.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think "usually" is accurate. They must be the same on every node.

@albertzaharovits
Copy link
Contributor Author

albertzaharovits commented Jun 28, 2018

@rjernst @lcawl I have followed your suggestions, can you please take another look.

Copy link
Contributor

@lcawl lcawl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@albertzaharovits albertzaharovits merged commit 85ec497 into elastic:master Jul 1, 2018
@albertzaharovits albertzaharovits deleted the docs-secure-settings-per-node branch July 1, 2018 08:11
albertzaharovits added a commit that referenced this pull request Jul 1, 2018
Make it clear that secure settings have to be set
on each cluster node.
albertzaharovits added a commit that referenced this pull request Jul 1, 2018
Make it clear that secure settings have to be set
on each cluster node.
jasontedor added a commit that referenced this pull request Jul 1, 2018
* elastic/master:
  Enable setting client path prefix to / (#30119)
  [DOCS] Secure settings specified per node (#31621)
  has_parent builder: exception message/param fix (#31182)
jasontedor added a commit that referenced this pull request Jul 1, 2018
* elastic/6.x:
  Enable setting client path prefix to / (#30119)
  [DOCS] Secure settings specified per node (#31621)
  Build test: Thread linger
  Build: Fix naming conventions task   (#31681)
  Introduce a Hashing Processor (#31087)
jasontedor added a commit to martijnvg/elasticsearch that referenced this pull request Jul 1, 2018
* elastic/ccr: (30 commits)
  Enable setting client path prefix to / (elastic#30119)
  [DOCS] Secure settings specified per node (elastic#31621)
  has_parent builder: exception message/param fix (elastic#31182)
  TEST: Randomize soft-deletes settings (elastic#31585)
  Mute 'Test typed keys parameter for suggesters' as we await a fix.
  Build test: Thread linger
  Fix gradle4.8 deprecation warnings (elastic#31654)
  Mute FileRealmTests#testAuthenticateCaching with an @AwaitsFix.
  Mute TransportChangePasswordActionTests#testIncorrectPasswordHashingAlgorithm with an @AwaitsFix.
  Build: Fix naming conventions task   (elastic#31681)
  Introduce a Hashing Processor (elastic#31087)
  Do not check for object existence when deleting repository index files (elastic#31680)
  Remove extra check for object existence in repository-gcs read object (elastic#31661)
  Support multiple system store types (elastic#31650)
  [Test] Clean up some repository-s3 tests (elastic#31601)
  [Docs] Use capital letters in section headings (elastic#31678)
  muted tests that will be replaced by the shard follow task refactoring: elastic#31581
  [DOCS] Add PQL language Plugin (elastic#31237)
  Merge AzureStorageService and AzureStorageServiceImpl and clean up tests (elastic#31607)
  TEST: Fix test task invocation (elastic#31657)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
:Core/Infra/Settings Settings infrastructure and APIs >docs General docs changes v6.3.1 v6.4.0 v7.0.0-beta1
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants