github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-29 01:44:36 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update docs to reflect new validation in reload_secure_settings api (#103550)

Browse source
This commit is contained in:
Johannes Fredén 2023-12-20 12:06:20 +01:00 committed by GitHub
parent 1900a99018
commit 52eba9c8ca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

22
docs/reference/setup/secure-settings.asciidoc
View file

@ -6,11 +6,11 @@ their values is not sufficient. For this use case, {es} provides a
keystore and the <<elasticsearch-keystore,`elasticsearch-keystore` tool>> to keystore and the <<elasticsearch-keystore,`elasticsearch-keystore` tool>> to
manage the settings in the keystore. manage the settings in the keystore.
IMPORTANT: Only some settings are designed to be read from the keystore. However, IMPORTANT: Only some settings are designed to be read from the keystore.
the keystore has no validation to block unsupported settings. Adding unsupported Adding unsupported settings to the keystore causes the validation in the
settings to the keystore causes {es} to fail to start. To see whether a setting `_nodes/reload_secure_settings` API to fail and if not addressed, will
is supported in the keystore, look for a "Secure" qualifier in the setting cause {es} to fail to start. To see whether a setting is supported in the
reference. keystore, look for a "Secure" qualifier in the setting reference.
All the modifications to the keystore take effect only after restarting {es}. All the modifications to the keystore take effect only after restarting {es}.
@ -42,12 +42,12 @@ POST _nodes/reload_secure_settings
<1> The password that the {es} keystore is encrypted with. <1> The password that the {es} keystore is encrypted with.
This API decrypts and re-reads the entire keystore, on every cluster node, This API decrypts, re-reads the entire keystore and validates all settings on
but only the *reloadable* secure settings are applied. Changes to other every cluster node, but only the *reloadable* secure settings are applied.
settings do not go into effect until the next restart. Once the call returns, Changes to other settings do not go into effect until the next restart. Once
the reload has been completed, meaning that all internal data structures the call returns, the reload has been completed, meaning that all internal data
dependent on these settings have been changed. Everything should look as if the structures dependent on these settings have been changed. Everything should
settings had the new value from the start. look as if the settings had the new value from the start.
When changing multiple *reloadable* secure settings, modify all of them on each When changing multiple *reloadable* secure settings, modify all of them on each
cluster node, then issue a <<cluster-nodes-reload-secure-settings, `reload_secure_settings`>> cluster node, then issue a <<cluster-nodes-reload-secure-settings, `reload_secure_settings`>>