Our guarantees around backwards compatibility and breaking changes do
not apply to the Elasticsearch application logs. This commit adds a note
to the docs about this.
To prevent leaking sensitive information such as credentials and keys in logs, this
commit prevents configuring some restricted loggers (currently `org.apache.http`
and `com.amazonaws.request`) at high verbosity unless the NetworkTraceFlag
(`es.insecure_network_trace_enabled`) is enabled.
* [DOCS] Add link to on-prem install tutorial
* Move link to bottom of packages section
* Rearrange things according to suggestions
* Add another link on the 'Install Elasticsearch with RPM' page
**Problem:**
For historical reasons, source files for the Elasticsearch Guide's security, watcher, and Logstash API docs are housed in the `x-pack/docs` directory. This can confuse new contributors who expect Elasticsearch Guide docs to be located in `docs/reference`.
**Solution:**
- Move the security, watcher, and Logstash API doc source files to the `docs/reference` directory
- Update doc snippet tests to use security
Rel: https://github.com/elastic/platform-docs-team/issues/208
**Problem:**
- The `elasticsearch-reset-password` commands in the ES Docker install docs are missing the required `-u` flag
- The `ifeval` blocks in the Kibana section of the ES Docker install docs aren't rendering correctly in released docs.
**Solution:**
- Add the `-u` flag to `elasticsearch-reset-password` examples
- Fix the Asciidoc syntax to correctly render the `ifeval` blocks. Example:
Rel: https://github.com/elastic/elasticsearch/pull/99112
**Problem:**
The [Kibana Docker install docs](https://www.elastic.co/guide/en/kibana/master/docker.html) duplicate the Elasticsearch Docker instructions. This makes the two doc sets harder to maintain. For example, the docs currently use different container names, which makes them incompatible.
**Solution:**
Adds Kibana setup instructions to the Elasticsearch Docker install docs. This will let us eventually merge the two doc sets.
**Issues:**
Rel: https://github.com/elastic/platform-docs-team/issues/182
- Deduplicates the JVM sizing instructions
- Links the `-m` tag tip section to the JVM sizing instructions
- Replaces the fully typed out container registry to {docker-image}
Co-authored-by: James Rodewig <james.rodewig@elastic.co>
Problem: The current install docs contain several `ifeval` statements that hide commands and code snippets based on the branch's release state. These statements make the Asciidoc hard to read and maintain. It also makes doc changes difficult to preview.
Solution: Remove `ifeval` statements that hide commands or code snippets. Leave in any `ifeval` statements used to add warnings.
Problem:
The current [single-node Docker instructions](https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#docker-cli-run-dev-mode) are overly verbose and contain a lot of unneeded info about security internals.
Solution:
- Restructure the above docs to focus primarily on actionable steps.
- Test the docs across operating systems (Mac, Linux, Windows) to ensure they work.
- Removes duplicated security autoconfiguration output from the docs. This is difficult to keep updated and makes the docs longer.
- Encourages the user to store the `elastic` password as an environment variable. Users don't need to rely on curl's password prompts.
- Removes unused `api-call-widget` files. These aren't published anywhere in the docs currently.
The index and transport versions are low level details of how a node
behaves in a cluster. They were recently added to the main endpoint
response, but they are too low level and should be moved to another
endpoint TBD.
This commit removes those versions from the main endpoint response. Due
to the fact lucene version is now derived from index version, this
commit also adds an explicit lucene version member to the main response.
The root endpoint for Elasticsearch contains diagnostic information
about what Elasticsearch is running. This commit adds TransportVersion
to this diagnostic information, alongside the existing version
information.
- Bury these docs a little more, there's no need for them to be on the landing page for "Set up Elasticsearch".
- Clarify the responsibilities for JDK updates.
* [DOCS] Verifying Elasticsearch container image signatures with Cosign/Sigstore
This commit adds a step to verify the Elasticsearch container image signatures after pulling the image and before starting any cluster.
The goal is to introduce an easy and standard way for Elastic users to verify the provenance of the Elasticsearch container images before deploying them to any infrastructure and therefore protect against supply chain attacks.
* Update docker.asciidoc
* Update docs/reference/setup/install/docker.asciidoc
* Update docs/reference/setup/install/docker.asciidoc
* Update docs/reference/setup/install/docker.asciidoc
Co-authored-by: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com>
* Update docs/reference/setup/install/docker.asciidoc
Co-authored-by: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com>
* Remove JSON section from sample output
* Fix up command output format
* Change 'console' to 'sh'
---------
Co-authored-by: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com>
Co-authored-by: David Kilfoyle <david.kilfoyle@elastic.co>
There's no need to talk about unwelcome behaviour or power outages here,
and it caused at least one user some concern. This commit clarifies the
message.
Relates #95166
* Add note about ENV for systemd installs
This ES_TMPDIR env variable is not referenced in the /guide/en/elasticsearch/reference/current/setting-system-settings.html#sysconfig section, and when searching for the error mentioned in this page, it might not become too obvious.
* Restructure
---------
Co-authored-by: Abdon Pijpelink <abdon.pijpelink@elastic.co>
The systemd unit file is part of the Elasticsearch package and should
not be edited. Instead, we recommend creating a service override file.
This commit tweaks the docs for setting tmp dir with systemd to use the
override file instead of editing the unit file.
relates #93121
Today we suggest that users set `ES_TMPDIR` using `export`, which only
works if you're running things directly from the shell. Yet most users
encountering `ES_TMPDIR` problems seem to on RHEL and trying to run
things via `systemd`, for whom the `export` suggestion doesn't work.
This commit adds to the docs a suggestion of how to adjust the `systemd`
service file to set the appropriate environment variable.
Relates #80651
With this commit we specify `level` in JVM logs. `level` helps to filter
more severe messages from mere debugging messages in logs and with this
change we are able to use it also for JVM logs.
Here are a few example lines:
Before:
```
[2022-12-15T06:19:16.936+0000][15181][gc,start ] GC(0) Pause Young (Normal) (G1 Evacuation Pause)
```
After:
```
[2022-12-15T06:22:27.932+0000][16320][info][gc,start ] GC(0) Pause Young (Normal) (G1 Evacuation Pause)
[2022-12-15T06:22:27.932+0000][16320][debug][gc,age ] GC(0) Desired survivor size 14680064 bytes, new threshold 15 (max threshold 15)
[2022-12-15T06:22:27.935+0000][16320][info ][gc,phases ] GC(0) Pre Evacuate Collection Set: 0.1ms
[2022-12-15T06:22:27.935+0000][16320][trace][gc,age ] GC(0) Age table with threshold 15 (max threshold 15)
```
Notice, that the log level might have trailing spaces.
See also
https://docs.oracle.com/en/java/javase/19/docs/specs/man/java.html#xlog-tags-and-levels
for the available log levels.
The docs for the TCP readiness port have a preview warning, with custom
text. However, this doesn't render correctly in the docs. Rather than
figure out why the custom text doesn't render, this commit simply
removes the custom text in favor of the default preview text.
The current command to start the first Elasticsearch node includes `-p 9200:9200` and `-p 9300:9300`. This PR removes the extra ports so that they're not open unnecessarily.
Co-authored-by: Adam Locke <adam.locke@elastic.co>
The docs introduced in #91333 apply to older versions in which the `systemd`
startup timeout was 75s by default, but in #91338 we extended the `systemd`
startup timeout to 900s from 8.7.0 and 7.17.8 onwards. This commit adjusts the
docs to match.
ES_JAVA_OPTS is still the correct way to pass options to
the Elasticsearch process, CLI_JAVA_OPTS affects only the
command line tool. CLI_JAVA_OPTS is the correct way to pass
options for plugin installation or other tools.
