honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-17 10:25:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DOCS] Added sysgenkey command and watcher settings

Browse Source 
Original commit: elastic/x-pack-elasticsearch@8e0b2027a6
This commit is contained in:
lcawley 2017-11-16 15:40:51 -08:00
parent 43a2572e7d
commit 7ae8f1cd9b
3 changed files with 86 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/en/commands/index.asciidoc
View File

@ -9,10 +9,12 @@
* <<certgen>> * <<certgen>>
* <<setup-passwords>> * <<setup-passwords>>
* <<syskeygen>>
* <<users-command>> * <<users-command>>
-- --
include::certgen.asciidoc[] include::certgen.asciidoc[]
include::setup-passwords.asciidoc[] include::setup-passwords.asciidoc[]
include::syskeygen.asciidoc[]
include::users-command.asciidoc[] include::users-command.asciidoc[]

60
docs/en/commands/syskeygen.asciidoc Normal file
View File

@ -0,0 +1,60 @@
[role="xpack"]
[[syskeygen]]
== syskeygen
The `syskeygen` command creates a system key file in
`CONFIG_DIR/x-pack/system_key`. You can then copy the generated system key to
the rest of the nodes in the cluster.
//TBD: Why? What's its purpose?
IMPORTANT: The system key is a symmetric key, so the same key must be on every
node in the cluster. You must also ensure that the file permissions are set
such that the key can be read by the user that {es} runs as.
[float]
=== Synopsis
[source,shell]
--------------------------------------------------
bin/x-pack/syskeygen
[-E <KeyValuePair>] [-h, --help]
([-s, --silent] | [-v, --verbose])
--------------------------------------------------
[float]
=== Description
Encryption of sensitive data requires a key. For example, if you enable the
<<notification-settings,`xpack.watcher.encrypt_sensitive_data` setting>>,
//TBD: Can we clarify what type of sensitive data is encrypted when this is enabled?
you must also create a system key file and place it in the secure setting store.
After you run the `syskeygen` command, run the
`elasticsearch-keystore add-file xpack.watcher.encryption_key <filepath>`
command. Finally, remove the `system_key` file from the filesystem. Repeat these
steps on every node in the cluster.
//TBD: Are there other scenarios where you could use this system file?
[float]
=== Parameters
`-E <KeyValuePair>`:: Configures a setting.
`-h, --help`:: Returns all of the command parameters.
`-s, --silent`:: Shows minimal output.
`-v, --verbose`:: Shows verbose output.
////
[float]
=== Examples
//TBD: What's an example of a -E value that we might use in this command?
[source, sh]
--------------------------------------------------
bin/x-pack/syskeygen
--------------------------------------------------
////

28
docs/en/settings/notification-settings.asciidoc
View File

@ -5,10 +5,16 @@
<titleabbrev>{watcher} Settings</titleabbrev> <titleabbrev>{watcher} Settings</titleabbrev>
++++ ++++
You configure `xpack.notification` settings in `elasticsearch.yml` to You configure {watcher} settings to set up {watcher} and send notifications via
send set up {watcher} and send notifications via <<email-notification-settings, email>>, <<email-notification-settings,email>>,
<<hipchat-notification-settings, HipChat>>, <<slack-notification-settings, <<hipchat-notification-settings,HipChat>>,
Slack>>, and <<pagerduty-notification-settings, PagerDuty>>. <<slack-notification-settings,Slack>>, and
<<pagerduty-notification-settings, PagerDuty>>.
All of these settings can be added to the `elasticsearch.yml` configuration file,
with the exception of the secure settings, which you add to the {es} keystore.
For more information about creating and updating the {es} keystore, see
<<secure-settings>>.
[float] [float]
[[general-notification-settings]] [[general-notification-settings]]
@ -16,6 +22,20 @@ Slack>>, and <<pagerduty-notification-settings, PagerDuty>>.
`xpack.watcher.enabled`:: `xpack.watcher.enabled`::
Set to `false` to disable {watcher} on the node. Set to `false` to disable {watcher} on the node.
`xpack.watcher.encrypt_sensitive_data` (<<secure-settings,Secure>>)::
Set to `true` to encrypt sensitive data. If this setting is enabled, you
must also specify the `xpack.watcher.encryption_key` setting.
//TBD: Can we be more specific about what type of watcher data it's encrypting?
`xpack.watcher.encryption_key` (<<secure-settings,Secure>>)::
Specifies the path to a file that contains a key for encrypting sensitive data.
If `xpack.watcher.encrypt_sensitive_data` is set to `true`, this setting is
required. For example, to generate the key file, run the <<syskeygen>> tool.
Then import the key into the secure setting store with the
`elasticsearch-keystore add-file xpack.watcher.encryption_key <filepath>`
command. Finally, remove the system_key file from the filesystem. Repeat this on
every node in the cluster.
`xpack.watcher.history.cleaner_service.enabled`:: `xpack.watcher.history.cleaner_service.enabled`::
Set to `false` (default) to disable the cleaner service, which removes previous Set to `false` (default) to disable the cleaner service, which removes previous
versions of {watcher} indices (for example, .watcher-history*) when it versions of {watcher} indices (for example, .watcher-history*) when it