Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DOCS] Move settings out of reindex API #120260

Merged
merged 1 commit into from
Jan 16, 2025
+99 −95
Merged

[DOCS] Move settings out of reindex API #120260

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
89 changes: 1 addition & 88 deletions docs/reference/docs/reindex.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1132,91 +1132,4 @@ Reindex from remote supports configurable SSL settings. These must be
specified in the `elasticsearch.yml` file, with the exception of the
secure settings, which you add in the Elasticsearch keystore.
It is not possible to configure SSL in the body of the `_reindex` request.

The following settings are supported:

`reindex.ssl.certificate_authorities`::
List of paths to PEM encoded certificate files that should be trusted.
You cannot specify both `reindex.ssl.certificate_authorities` and
`reindex.ssl.truststore.path`.

`reindex.ssl.truststore.path`::
The path to the Java Keystore file that contains the certificates to trust.
This keystore can be in "JKS" or "PKCS#12" format.
You cannot specify both `reindex.ssl.certificate_authorities` and
`reindex.ssl.truststore.path`.

`reindex.ssl.truststore.password`::
The password to the truststore (`reindex.ssl.truststore.path`).
deprecated:[7.17.0] Prefer `reindex.ssl.truststore.secure_password` instead.
This setting cannot be used with `reindex.ssl.truststore.secure_password`.

`reindex.ssl.truststore.secure_password` (<<secure-settings,Secure>>)::
The password to the truststore (`reindex.ssl.truststore.path`).
This setting cannot be used with `reindex.ssl.truststore.password`.

`reindex.ssl.truststore.type`::
The type of the truststore (`reindex.ssl.truststore.path`).
Must be either `jks` or `PKCS12`. If the truststore path ends in ".p12", ".pfx"
or "pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.

`reindex.ssl.verification_mode`::
Indicates the type of verification to protect against man in the middle attacks
and certificate forgery.
One of `full` (verify the hostname and the certificate path), `certificate`
(verify the certificate path, but not the hostname) or `none` (perform no
verification - this is strongly discouraged in production environments).
Defaults to `full`.

`reindex.ssl.certificate`::
Specifies the path to the PEM encoded certificate (or certificate chain) to be
used for HTTP client authentication (if required by the remote cluster)
This setting requires that `reindex.ssl.key` also be set.
You cannot specify both `reindex.ssl.certificate` and `reindex.ssl.keystore.path`.

`reindex.ssl.key`::
Specifies the path to the PEM encoded private key associated with the
certificate used for client authentication (`reindex.ssl.certificate`).
You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.

`reindex.ssl.key_passphrase`::
Specifies the passphrase to decrypt the PEM encoded private key
(`reindex.ssl.key`) if it is encrypted.
deprecated:[7.17.0] Prefer `reindex.ssl.secure_key_passphrase` instead.
Cannot be used with `reindex.ssl.secure_key_passphrase`.

`reindex.ssl.secure_key_passphrase` (<<secure-settings,Secure>>)::
Specifies the passphrase to decrypt the PEM encoded private key
(`reindex.ssl.key`) if it is encrypted.
Cannot be used with `reindex.ssl.key_passphrase`.

`reindex.ssl.keystore.path`::
Specifies the path to the keystore that contains a private key and certificate
to be used for HTTP client authentication (if required by the remote cluster).
This keystore can be in "JKS" or "PKCS#12" format.
You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.

`reindex.ssl.keystore.type`::
The type of the keystore (`reindex.ssl.keystore.path`). Must be either `jks` or `PKCS12`.
If the keystore path ends in ".p12", ".pfx" or "pkcs12", this setting defaults
to `PKCS12`. Otherwise, it defaults to `jks`.

`reindex.ssl.keystore.password`::
The password to the keystore (`reindex.ssl.keystore.path`).
deprecated:[7.17.0] Prefer `reindex.ssl.keystore.secure_password` instead.
This setting cannot be used with `reindex.ssl.keystore.secure_password`.

`reindex.ssl.keystore.secure_password` (<<secure-settings,Secure>>)::
The password to the keystore (`reindex.ssl.keystore.path`).
This setting cannot be used with `reindex.ssl.keystore.password`.

`reindex.ssl.keystore.key_password`::
The password for the key in the keystore (`reindex.ssl.keystore.path`).
Defaults to the keystore password.
deprecated:[7.17.0] Prefer `reindex.ssl.keystore.secure_key_password` instead.
This setting cannot be used with `reindex.ssl.keystore.secure_key_password`.

`reindex.ssl.keystore.secure_key_password` (<<secure-settings,Secure>>)::
The password for the key in the keystore (`reindex.ssl.keystore.path`).
Defaults to the keystore password. This setting cannot be used with
`reindex.ssl.keystore.key_password`.
Refer to <<reindex-settings>>.
105 changes: 98 additions & 7 deletions docs/reference/modules/indices/index_management.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,6 @@ cannot close open indices. Defaults to `true`.
+
NOTE: Closed indices still consume a significant amount of disk space.

[[reindex-remote-whitelist]]
// tag::reindex-remote-whitelist[]
`reindex.remote.whitelist` {ess-icon}::
(<<static-cluster-setting,Static>>)
Specifies the hosts that can be <<reindex-from-remote,reindexed from remotely>>. Expects a YAML array of `host:port` strings. Consists of a comma-delimited list of `host:port` entries. Defaults to `["\*.io:*", "\*.com:*"]`.
// end::reindex-remote-whitelist[]

[[stack-templates-enabled]]
`stack.templates.enabled`::
+
Expand All @@ -52,3 +45,101 @@ This setting also affects the following built-in component templates:

include::{es-ref-dir}/indices/put-component-template.asciidoc[tag=built-in-component-templates]
--


[discrete]
[[reindex-settings]]
==== Reindex settings

[[reindex-remote-whitelist]]
// tag::reindex-remote-whitelist[]
`reindex.remote.whitelist` {ess-icon}::
(<<static-cluster-setting,Static>>)
Specifies the hosts that can be <<reindex-from-remote,reindexed from remotely>>. Expects a YAML array of `host:port` strings. Consists of a comma-delimited list of `host:port` entries. Defaults to `["\*.io:*", "\*.com:*"]`.
// end::reindex-remote-whitelist[]

`reindex.ssl.certificate`::
Specifies the path to the PEM encoded certificate (or certificate chain) to be
used for HTTP client authentication (if required by the remote cluster)
This setting requires that `reindex.ssl.key` also be set.
You cannot specify both `reindex.ssl.certificate` and `reindex.ssl.keystore.path`.

`reindex.ssl.certificate_authorities`::
List of paths to PEM encoded certificate files that should be trusted.
You cannot specify both `reindex.ssl.certificate_authorities` and
`reindex.ssl.truststore.path`.

`reindex.ssl.key`::
Specifies the path to the PEM encoded private key associated with the
certificate used for client authentication (`reindex.ssl.certificate`).
You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.

`reindex.ssl.key_passphrase`::
Specifies the passphrase to decrypt the PEM encoded private key
(`reindex.ssl.key`) if it is encrypted.
deprecated:[7.17.0] Prefer `reindex.ssl.secure_key_passphrase` instead.
Cannot be used with `reindex.ssl.secure_key_passphrase`.

`reindex.ssl.keystore.key_password`::
The password for the key in the keystore (`reindex.ssl.keystore.path`).
Defaults to the keystore password.
deprecated:[7.17.0] Prefer `reindex.ssl.keystore.secure_key_password` instead.
This setting cannot be used with `reindex.ssl.keystore.secure_key_password`.

`reindex.ssl.keystore.password`::
The password to the keystore (`reindex.ssl.keystore.path`).
deprecated:[7.17.0] Prefer `reindex.ssl.keystore.secure_password` instead.
This setting cannot be used with `reindex.ssl.keystore.secure_password`.

`reindex.ssl.keystore.path`::
Specifies the path to the keystore that contains a private key and certificate
to be used for HTTP client authentication (if required by the remote cluster).
This keystore can be in "JKS" or "PKCS#12" format.
You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.

`reindex.ssl.keystore.type`::
The type of the keystore (`reindex.ssl.keystore.path`). Must be either `jks` or `PKCS12`.
If the keystore path ends in ".p12", ".pfx" or "pkcs12", this setting defaults
to `PKCS12`. Otherwise, it defaults to `jks`.

`reindex.ssl.secure_key_passphrase` (<<secure-settings,Secure>>)::
Specifies the passphrase to decrypt the PEM encoded private key
(`reindex.ssl.key`) if it is encrypted.
Cannot be used with `reindex.ssl.key_passphrase`.

`reindex.ssl.keystore.secure_key_password` (<<secure-settings,Secure>>)::
The password for the key in the keystore (`reindex.ssl.keystore.path`).
Defaults to the keystore password. This setting cannot be used with
`reindex.ssl.keystore.key_password`.

`reindex.ssl.keystore.secure_password` (<<secure-settings,Secure>>)::
The password to the keystore (`reindex.ssl.keystore.path`).
This setting cannot be used with `reindex.ssl.keystore.password`.

`reindex.ssl.truststore.password`::
The password to the truststore (`reindex.ssl.truststore.path`).
deprecated:[7.17.0] Prefer `reindex.ssl.truststore.secure_password` instead.
This setting cannot be used with `reindex.ssl.truststore.secure_password`.

`reindex.ssl.truststore.path`::
The path to the Java Keystore file that contains the certificates to trust.
This keystore can be in "JKS" or "PKCS#12" format.
You cannot specify both `reindex.ssl.certificate_authorities` and
`reindex.ssl.truststore.path`.

`reindex.ssl.truststore.secure_password` (<<secure-settings,Secure>>)::
The password to the truststore (`reindex.ssl.truststore.path`).
This setting cannot be used with `reindex.ssl.truststore.password`.

`reindex.ssl.truststore.type`::
The type of the truststore (`reindex.ssl.truststore.path`).
Must be either `jks` or `PKCS12`. If the truststore path ends in ".p12", ".pfx"
or "pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.

`reindex.ssl.verification_mode`::
Indicates the type of verification to protect against man in the middle attacks
and certificate forgery.
One of `full` (verify the hostname and the certificate path), `certificate`
(verify the certificate path, but not the hostname) or `none` (perform no
verification - this is strongly discouraged in production environments).
Defaults to `full`.
Loading