honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[DOCS] TLS file resources are reloadable (#33258) 

Make clearer that file resources that are used as key trust material
are polled and will be reloaded upon modification.
This commit is contained in:
Ioannis Kakavas 2018-08-30 13:59:19 +03:00 committed by GitHub
parent b6f762d131
commit 557eabf7b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
x-pack/docs/en/security/securing-communications/tls-http.asciidoc
View File

@ -77,7 +77,17 @@ bin/elasticsearch-keystore add xpack.security.http.ssl.secure_key_passphrase
. Restart {es}.
NOTE: All TLS-related node settings are considered to be highly sensitive and
[NOTE]
===============================
* All TLS-related node settings are considered to be highly sensitive and
therefore are not exposed via the
{ref}/cluster-nodes-info.html#cluster-nodes-info[nodes info API] For more
information about any of these settings, see <<security-settings>>.
* {es} monitors all files such as certificates, keys, keystores, or truststores
that are configured as values of TLS-related node settings. If you update any of
these files (for example, when your hostnames change or your certificates are
due to expire), {es} reloads them. The files are polled for changes at
a frequency determined by the global {es} `resource.reload.interval.high`
setting, which defaults to 5 seconds.
===============================

12
x-pack/docs/en/security/securing-communications/tls-transport.asciidoc
View File

@ -95,7 +95,17 @@ vice-versa). After enabling TLS you must restart all nodes in order to maintain
communication across the cluster.
--
NOTE: All TLS-related node settings are considered to be highly sensitive and
[NOTE]
===============================
* All TLS-related node settings are considered to be highly sensitive and
therefore are not exposed via the
{ref}/cluster-nodes-info.html#cluster-nodes-info[nodes info API] For more
information about any of these settings, see <<security-settings>>.
* {es} monitors all files such as certificates, keys, keystores, or truststores
that are configured as values of TLS-related node settings. If you update any of
these files (for example, when your hostnames change or your certificates are
due to expire), {es} reloads them. The files are polled for changes at
a frequency determined by the global {es} `resource.reload.interval.high`
setting, which defaults to 5 seconds.
===============================