github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-25 07:37:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

[DOCS] Move settings out of reindex API (#120260) (#120310)

Browse source
This commit is contained in:
Lisa Cawley 2025-01-16 09:56:40 -08:00 committed by GitHub
parent d4170cd349
commit 106bc7b7bd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 99 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

89
docs/reference/docs/reindex.asciidoc
View file

@ -1132,91 +1132,4 @@ Reindex from remote supports configurable SSL settings. These must be
specified in the `elasticsearch.yml` file, with the exception of the specified in the `elasticsearch.yml` file, with the exception of the
secure settings, which you add in the Elasticsearch keystore. secure settings, which you add in the Elasticsearch keystore.
It is not possible to configure SSL in the body of the `_reindex` request. It is not possible to configure SSL in the body of the `_reindex` request.
Refer to <<reindex-settings>>.
The following settings are supported:
`reindex.ssl.certificate_authorities`::
List of paths to PEM encoded certificate files that should be trusted.
You cannot specify both `reindex.ssl.certificate_authorities` and
`reindex.ssl.truststore.path`.
`reindex.ssl.truststore.path`::
The path to the Java Keystore file that contains the certificates to trust.
This keystore can be in "JKS" or "PKCS#12" format.
You cannot specify both `reindex.ssl.certificate_authorities` and
`reindex.ssl.truststore.path`.
`reindex.ssl.truststore.password`::
The password to the truststore (`reindex.ssl.truststore.path`).
deprecated:[7.17.0] Prefer `reindex.ssl.truststore.secure_password` instead.
This setting cannot be used with `reindex.ssl.truststore.secure_password`.
`reindex.ssl.truststore.secure_password` (<<secure-settings,Secure>>)::
The password to the truststore (`reindex.ssl.truststore.path`).
This setting cannot be used with `reindex.ssl.truststore.password`.
`reindex.ssl.truststore.type`::
The type of the truststore (`reindex.ssl.truststore.path`).
Must be either `jks` or `PKCS12`. If the truststore path ends in ".p12", ".pfx"
or "pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.
`reindex.ssl.verification_mode`::
Indicates the type of verification to protect against man in the middle attacks
and certificate forgery.
One of `full` (verify the hostname and the certificate path), `certificate`
(verify the certificate path, but not the hostname) or `none` (perform no
verification - this is strongly discouraged in production environments).
Defaults to `full`.
`reindex.ssl.certificate`::
Specifies the path to the PEM encoded certificate (or certificate chain) to be
used for HTTP client authentication (if required by the remote cluster)
This setting requires that `reindex.ssl.key` also be set.
You cannot specify both `reindex.ssl.certificate` and `reindex.ssl.keystore.path`.
`reindex.ssl.key`::
Specifies the path to the PEM encoded private key associated with the
certificate used for client authentication (`reindex.ssl.certificate`).
You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.
`reindex.ssl.key_passphrase`::
Specifies the passphrase to decrypt the PEM encoded private key
(`reindex.ssl.key`) if it is encrypted.
deprecated:[7.17.0] Prefer `reindex.ssl.secure_key_passphrase` instead.
Cannot be used with `reindex.ssl.secure_key_passphrase`.
`reindex.ssl.secure_key_passphrase` (<<secure-settings,Secure>>)::
Specifies the passphrase to decrypt the PEM encoded private key
(`reindex.ssl.key`) if it is encrypted.
Cannot be used with `reindex.ssl.key_passphrase`.
`reindex.ssl.keystore.path`::
Specifies the path to the keystore that contains a private key and certificate
to be used for HTTP client authentication (if required by the remote cluster).
This keystore can be in "JKS" or "PKCS#12" format.
You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.
`reindex.ssl.keystore.type`::
The type of the keystore (`reindex.ssl.keystore.path`). Must be either `jks` or `PKCS12`.
If the keystore path ends in ".p12", ".pfx" or "pkcs12", this setting defaults
to `PKCS12`. Otherwise, it defaults to `jks`.
`reindex.ssl.keystore.password`::
The password to the keystore (`reindex.ssl.keystore.path`).
deprecated:[7.17.0] Prefer `reindex.ssl.keystore.secure_password` instead.
This setting cannot be used with `reindex.ssl.keystore.secure_password`.
`reindex.ssl.keystore.secure_password` (<<secure-settings,Secure>>)::
The password to the keystore (`reindex.ssl.keystore.path`).
This setting cannot be used with `reindex.ssl.keystore.password`.
`reindex.ssl.keystore.key_password`::
The password for the key in the keystore (`reindex.ssl.keystore.path`).
Defaults to the keystore password.
deprecated:[7.17.0] Prefer `reindex.ssl.keystore.secure_key_password` instead.
This setting cannot be used with `reindex.ssl.keystore.secure_key_password`.
`reindex.ssl.keystore.secure_key_password` (<<secure-settings,Secure>>)::
The password for the key in the keystore (`reindex.ssl.keystore.path`).
Defaults to the keystore password. This setting cannot be used with
`reindex.ssl.keystore.key_password`.

105
docs/reference/modules/indices/index_management.asciidoc
View file

@ -27,13 +27,6 @@ cannot close open indices. Defaults to `true`.
+ +
NOTE: Closed indices still consume a significant amount of disk space. NOTE: Closed indices still consume a significant amount of disk space.
[[reindex-remote-whitelist]]
// tag::reindex-remote-whitelist[]
`reindex.remote.whitelist` {ess-icon}::
(<<static-cluster-setting,Static>>)
Specifies the hosts that can be <<reindex-from-remote,reindexed from remotely>>. Expects a YAML array of `host:port` strings. Consists of a comma-delimited list of `host:port` entries. Defaults to `["\*.io:*", "\*.com:*"]`.
// end::reindex-remote-whitelist[]
[[stack-templates-enabled]] [[stack-templates-enabled]]
`stack.templates.enabled`:: `stack.templates.enabled`::
+ +
@ -52,3 +45,101 @@ This setting also affects the following built-in component templates:
include::{es-ref-dir}/indices/put-component-template.asciidoc[tag=built-in-component-templates] include::{es-ref-dir}/indices/put-component-template.asciidoc[tag=built-in-component-templates]
-- --
[discrete]
[[reindex-settings]]
==== Reindex settings
[[reindex-remote-whitelist]]
// tag::reindex-remote-whitelist[]
`reindex.remote.whitelist` {ess-icon}::
(<<static-cluster-setting,Static>>)
Specifies the hosts that can be <<reindex-from-remote,reindexed from remotely>>. Expects a YAML array of `host:port` strings. Consists of a comma-delimited list of `host:port` entries. Defaults to `["\*.io:*", "\*.com:*"]`.
// end::reindex-remote-whitelist[]
`reindex.ssl.certificate`::
Specifies the path to the PEM encoded certificate (or certificate chain) to be
used for HTTP client authentication (if required by the remote cluster)
This setting requires that `reindex.ssl.key` also be set.
You cannot specify both `reindex.ssl.certificate` and `reindex.ssl.keystore.path`.
`reindex.ssl.certificate_authorities`::
List of paths to PEM encoded certificate files that should be trusted.
You cannot specify both `reindex.ssl.certificate_authorities` and
`reindex.ssl.truststore.path`.
`reindex.ssl.key`::
Specifies the path to the PEM encoded private key associated with the
certificate used for client authentication (`reindex.ssl.certificate`).
You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.
`reindex.ssl.key_passphrase`::
Specifies the passphrase to decrypt the PEM encoded private key
(`reindex.ssl.key`) if it is encrypted.
deprecated:[7.17.0] Prefer `reindex.ssl.secure_key_passphrase` instead.
Cannot be used with `reindex.ssl.secure_key_passphrase`.
`reindex.ssl.keystore.key_password`::
The password for the key in the keystore (`reindex.ssl.keystore.path`).
Defaults to the keystore password.
deprecated:[7.17.0] Prefer `reindex.ssl.keystore.secure_key_password` instead.
This setting cannot be used with `reindex.ssl.keystore.secure_key_password`.
`reindex.ssl.keystore.password`::
The password to the keystore (`reindex.ssl.keystore.path`).
deprecated:[7.17.0] Prefer `reindex.ssl.keystore.secure_password` instead.
This setting cannot be used with `reindex.ssl.keystore.secure_password`.
`reindex.ssl.keystore.path`::
Specifies the path to the keystore that contains a private key and certificate
to be used for HTTP client authentication (if required by the remote cluster).
This keystore can be in "JKS" or "PKCS#12" format.
You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.
`reindex.ssl.keystore.type`::
The type of the keystore (`reindex.ssl.keystore.path`). Must be either `jks` or `PKCS12`.
If the keystore path ends in ".p12", ".pfx" or "pkcs12", this setting defaults
to `PKCS12`. Otherwise, it defaults to `jks`.
`reindex.ssl.secure_key_passphrase` (<<secure-settings,Secure>>)::
Specifies the passphrase to decrypt the PEM encoded private key
(`reindex.ssl.key`) if it is encrypted.
Cannot be used with `reindex.ssl.key_passphrase`.
`reindex.ssl.keystore.secure_key_password` (<<secure-settings,Secure>>)::
The password for the key in the keystore (`reindex.ssl.keystore.path`).
Defaults to the keystore password. This setting cannot be used with
`reindex.ssl.keystore.key_password`.
`reindex.ssl.keystore.secure_password` (<<secure-settings,Secure>>)::
The password to the keystore (`reindex.ssl.keystore.path`).
This setting cannot be used with `reindex.ssl.keystore.password`.
`reindex.ssl.truststore.password`::
The password to the truststore (`reindex.ssl.truststore.path`).
deprecated:[7.17.0] Prefer `reindex.ssl.truststore.secure_password` instead.
This setting cannot be used with `reindex.ssl.truststore.secure_password`.
`reindex.ssl.truststore.path`::
The path to the Java Keystore file that contains the certificates to trust.
This keystore can be in "JKS" or "PKCS#12" format.
You cannot specify both `reindex.ssl.certificate_authorities` and
`reindex.ssl.truststore.path`.
`reindex.ssl.truststore.secure_password` (<<secure-settings,Secure>>)::
The password to the truststore (`reindex.ssl.truststore.path`).
This setting cannot be used with `reindex.ssl.truststore.password`.
`reindex.ssl.truststore.type`::
The type of the truststore (`reindex.ssl.truststore.path`).
Must be either `jks` or `PKCS12`. If the truststore path ends in ".p12", ".pfx"
or "pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.
`reindex.ssl.verification_mode`::
Indicates the type of verification to protect against man in the middle attacks
and certificate forgery.
One of `full` (verify the hostname and the certificate path), `certificate`
(verify the certificate path, but not the hostname) or `none` (perform no
verification - this is strongly discouraged in production environments).
Defaults to `full`.