-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DOCS] Secure settings specified per node #31621
[DOCS] Secure settings specified per node #31621
Conversation
Pinging @elastic/es-core-infra |
@@ -16,6 +16,10 @@ Elasticsearch. | |||
NOTE: The elasticsearch keystore currently only provides obfuscation. In the future, | |||
password protection will be added. | |||
|
|||
These settings, just like the ones in the regular `elasticsearch.yml` config file, | |||
need to be specified for each cluster node. These are node-specific settings, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest maybe changing to "... need to be specified on each node in the cluster."
@@ -16,6 +16,10 @@ Elasticsearch. | |||
NOTE: The elasticsearch keystore currently only provides obfuscation. In the future, | |||
password protection will be added. | |||
|
|||
These settings, just like the ones in the regular `elasticsearch.yml` config file, | |||
need to be specified for each cluster node. These are node-specific settings, | |||
although they usually have the same value on every node. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think "usually" is accurate. They must be the same on every node.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Make it clear that secure settings have to be set on each cluster node.
Make it clear that secure settings have to be set on each cluster node.
* elastic/ccr: (30 commits) Enable setting client path prefix to / (elastic#30119) [DOCS] Secure settings specified per node (elastic#31621) has_parent builder: exception message/param fix (elastic#31182) TEST: Randomize soft-deletes settings (elastic#31585) Mute 'Test typed keys parameter for suggesters' as we await a fix. Build test: Thread linger Fix gradle4.8 deprecation warnings (elastic#31654) Mute FileRealmTests#testAuthenticateCaching with an @AwaitsFix. Mute TransportChangePasswordActionTests#testIncorrectPasswordHashingAlgorithm with an @AwaitsFix. Build: Fix naming conventions task (elastic#31681) Introduce a Hashing Processor (elastic#31087) Do not check for object existence when deleting repository index files (elastic#31680) Remove extra check for object existence in repository-gcs read object (elastic#31661) Support multiple system store types (elastic#31650) [Test] Clean up some repository-s3 tests (elastic#31601) [Docs] Use capital letters in section headings (elastic#31678) muted tests that will be replaced by the shard follow task refactoring: elastic#31581 [DOCS] Add PQL language Plugin (elastic#31237) Merge AzureStorageService and AzureStorageServiceImpl and clean up tests (elastic#31607) TEST: Fix test task invocation (elastic#31657) ...
It might not be obvious that
SecureSettings
need to be specified per node. If there's a mistake, and a node misses a setting, then the exception should be informative in most cases. It is not informative in the case of the S3 plugin. This might cause frustration, as per: https://discuss.elastic.co/t/is-repository-s3-plugin-fixed-in-6-3/135997/3Even if this arguably does not mend the source of frustration (S3 plugin should not quietly default to using instance credentials), I think the proposed doc mention is not superfluous.