mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-04-25 07:37:19 -04:00
537f371f34
Add a --url option for elasticsearch-reset-password and elasticsearch-create-enrollment-token CLI Tools ( and any tools that would extend BaseRunAsSuperuserCommand ). The tools use CommandLineHttpClient internally, which tries its best to deduce the URL of the local node based on the configuration but there are certain cases where it either fails or returns an unwanted result. Concretely: - CommandLineHttpClient#getDefaultURL will always return a URL with the port set to 9200, unless otherwise explicitly set in the configuration. When running multiple nodes on the same host, subsequent nodes get sequential port numbers after 9200 by default and this means that the CLI tool will always connect the first of n nodes in a given host. Since these tools depend on a file realm local user, requests to other nodes would fail - When an ES node binds and listens to many addresses, there can be the case that not all of the IP addresses are added as SANs in the certificate that is used for TLS on the HTTP layer. CommandLineHttpClient#getDefaultURL will pick an address based on a preference order but that address might not be in the SANs and thus all requests to the node would fail due to failed hostname verification. Manually setting `--url` to an appropriate value allows users to overcome these edge cases. |
||
|---|---|---|
| .. | ||
| certgen.asciidoc | ||
| certutil.asciidoc | ||
| create-enrollment-token.asciidoc | ||
| croneval.asciidoc | ||
| index.asciidoc | ||
| keystore.asciidoc | ||
| node-tool.asciidoc | ||
| reset-password.asciidoc | ||
| saml-metadata.asciidoc | ||
| service-tokens-command.asciidoc | ||
| setup-passwords.asciidoc | ||
| shard-tool.asciidoc | ||
| syskeygen.asciidoc | ||
| users-command.asciidoc | ||