[DOCS] Added sysgenkey command and watcher settings
Original commit: elastic/x-pack-elasticsearch@8e0b2027a6
This commit is contained in:
lcawley
parent
43a2572e7d
commit
7ae8f1cd9b
|
|
@ -9,10 +9,12 @@
|
|||
|
||||
* <<certgen>>
|
||||
* <<setup-passwords>>
|
||||
* <<syskeygen>>
|
||||
* <<users-command>>
|
||||
|
||||
--
|
||||
|
||||
include::certgen.asciidoc[]
|
||||
include::setup-passwords.asciidoc[]
|
||||
include::syskeygen.asciidoc[]
|
||||
include::users-command.asciidoc[]
|
||||
|
|
|
|||
|
|
@ -0,0 +1,60 @@
|
|||
[role="xpack"]
|
||||
[[syskeygen]]
|
||||
== syskeygen
|
||||
|
||||
The `syskeygen` command creates a system key file in
|
||||
`CONFIG_DIR/x-pack/system_key`. You can then copy the generated system key to
|
||||
the rest of the nodes in the cluster.
|
||||
|
||||
//TBD: Why? What's its purpose?
|
||||
|
||||
IMPORTANT: The system key is a symmetric key, so the same key must be on every
|
||||
node in the cluster. You must also ensure that the file permissions are set
|
||||
such that the key can be read by the user that {es} runs as.
|
||||
|
||||
[float]
|
||||
=== Synopsis
|
||||
|
||||
[source,shell]
|
||||
--------------------------------------------------
|
||||
bin/x-pack/syskeygen
|
||||
[-E <KeyValuePair>] [-h, --help]
|
||||
([-s, --silent] | [-v, --verbose])
|
||||
--------------------------------------------------
|
||||
|
||||
[float]
|
||||
=== Description
|
||||
|
||||
Encryption of sensitive data requires a key. For example, if you enable the
|
||||
<<notification-settings,`xpack.watcher.encrypt_sensitive_data` setting>>,
|
||||
//TBD: Can we clarify what type of sensitive data is encrypted when this is enabled?
|
||||
you must also create a system key file and place it in the secure setting store.
|
||||
After you run the `syskeygen` command, run the
|
||||
`elasticsearch-keystore add-file xpack.watcher.encryption_key <filepath>`
|
||||
command. Finally, remove the `system_key` file from the filesystem. Repeat these
|
||||
steps on every node in the cluster.
|
||||
|
||||
//TBD: Are there other scenarios where you could use this system file?
|
||||
|
||||
[float]
|
||||
=== Parameters
|
||||
|
||||
`-E <KeyValuePair>`:: Configures a setting.
|
||||
|
||||
`-h, --help`:: Returns all of the command parameters.
|
||||
|
||||
`-s, --silent`:: Shows minimal output.
|
||||
|
||||
`-v, --verbose`:: Shows verbose output.
|
||||
|
||||
////
|
||||
[float]
|
||||
=== Examples
|
||||
|
||||
//TBD: What's an example of a -E value that we might use in this command?
|
||||
|
||||
[source, sh]
|
||||
--------------------------------------------------
|
||||
bin/x-pack/syskeygen
|
||||
--------------------------------------------------
|
||||
////
|
||||
|
|
@ -5,10 +5,16 @@
|
|||
<titleabbrev>{watcher} Settings</titleabbrev>
|
||||
++++
|
||||
|
||||
You configure `xpack.notification` settings in `elasticsearch.yml` to
|
||||
send set up {watcher} and send notifications via <<email-notification-settings, email>>,
|
||||
<<hipchat-notification-settings, HipChat>>, <<slack-notification-settings,
|
||||
Slack>>, and <<pagerduty-notification-settings, PagerDuty>>.
|
||||
You configure {watcher} settings to set up {watcher} and send notifications via
|
||||
<<email-notification-settings,email>>,
|
||||
<<hipchat-notification-settings,HipChat>>,
|
||||
<<slack-notification-settings,Slack>>, and
|
||||
<<pagerduty-notification-settings, PagerDuty>>.
|
||||
|
||||
All of these settings can be added to the `elasticsearch.yml` configuration file,
|
||||
with the exception of the secure settings, which you add to the {es} keystore.
|
||||
For more information about creating and updating the {es} keystore, see
|
||||
<<secure-settings>>.
|
||||
|
||||
[float]
|
||||
[[general-notification-settings]]
|
||||
|
|
@ -16,6 +22,20 @@ Slack>>, and <<pagerduty-notification-settings, PagerDuty>>.
|
|||
`xpack.watcher.enabled`::
|
||||
Set to `false` to disable {watcher} on the node.
|
||||
|
||||
`xpack.watcher.encrypt_sensitive_data` (<<secure-settings,Secure>>)::
|
||||
Set to `true` to encrypt sensitive data. If this setting is enabled, you
|
||||
must also specify the `xpack.watcher.encryption_key` setting.
|
||||
//TBD: Can we be more specific about what type of watcher data it's encrypting?
|
||||
|
||||
`xpack.watcher.encryption_key` (<<secure-settings,Secure>>)::
|
||||
Specifies the path to a file that contains a key for encrypting sensitive data.
|
||||
If `xpack.watcher.encrypt_sensitive_data` is set to `true`, this setting is
|
||||
required. For example, to generate the key file, run the <<syskeygen>> tool.
|
||||
Then import the key into the secure setting store with the
|
||||
`elasticsearch-keystore add-file xpack.watcher.encryption_key <filepath>`
|
||||
command. Finally, remove the system_key file from the filesystem. Repeat this on
|
||||
every node in the cluster.
|
||||
|
||||
`xpack.watcher.history.cleaner_service.enabled`::
|
||||
Set to `false` (default) to disable the cleaner service, which removes previous
|
||||
versions of {watcher} indices (for example, .watcher-history*) when it
|
||||
|
|
|
|||
Loading…
Reference in New Issue