diff --git a/x-pack/docs/en/commands/syskeygen.asciidoc b/x-pack/docs/en/commands/syskeygen.asciidoc index 8683d801d58..f4a198ff4bf 100644 --- a/x-pack/docs/en/commands/syskeygen.asciidoc +++ b/x-pack/docs/en/commands/syskeygen.asciidoc @@ -43,7 +43,7 @@ environment variable. === Examples The following command generates a `system_key` file in the -default `$ES_HOME/config/x-pack` directory: +default `$ES_HOME/config` directory: [source, sh] -------------------------------------------------- diff --git a/x-pack/docs/en/security/auditing.asciidoc b/x-pack/docs/en/security/auditing.asciidoc index 8bff8727f83..6cd31d076f9 100644 --- a/x-pack/docs/en/security/auditing.asciidoc +++ b/x-pack/docs/en/security/auditing.asciidoc @@ -330,7 +330,7 @@ audited in plain text when including the request body in audit events. [[logging-file]] You can also configure how the logfile is written in the `log4j2.properties` -file located in `CONFIG_DIR/x-pack`. By default, audit information is appended to the +file located in `CONFIG_DIR`. By default, audit information is appended to the `_access.log` file located in the standard Elasticsearch `logs` directory (typically located at `$ES_HOME/logs`). The file rolls over on a daily basis. diff --git a/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc b/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc index b43a0911e04..6ea9b243aad 100644 --- a/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc +++ b/x-pack/docs/en/security/authentication/configuring-ldap-realm.asciidoc @@ -56,7 +56,7 @@ xpack: group_search: base_dn: "dc=example,dc=com" files: - role_mapping: "CONFIG_DIR/x-pack/role_mapping.yml" + role_mapping: "CONFIG_DIR/role_mapping.yml" unmapped_groups_as_roles: false ------------------------------------------------------------ diff --git a/x-pack/docs/en/security/authorization.asciidoc b/x-pack/docs/en/security/authorization.asciidoc index 4a3ffe399de..ed171415056 100644 --- a/x-pack/docs/en/security/authorization.asciidoc +++ b/x-pack/docs/en/security/authorization.asciidoc @@ -295,7 +295,7 @@ see {ref}/security-api-roles.html[Role Management APIs]. === File-based Role Management Apart from the _Role Management APIs_, roles can also be defined in local -`roles.yml` file located in `CONFIG_DIR/x-pack`. This is a YAML file where each +`roles.yml` file located in `CONFIG_DIR`. This is a YAML file where each role definition is keyed by its name. [IMPORTANT] diff --git a/x-pack/docs/en/security/authorization/mapping-roles.asciidoc b/x-pack/docs/en/security/authorization/mapping-roles.asciidoc index 590546e217c..2c1f1998c68 100644 --- a/x-pack/docs/en/security/authorization/mapping-roles.asciidoc +++ b/x-pack/docs/en/security/authorization/mapping-roles.asciidoc @@ -36,7 +36,7 @@ To use file based role-mappings, you must configure the mappings in a YAML file and copy it to each node in the cluster. Tools like Puppet or Chef can help with this. -By default, role mappings are stored in `ES_PATH_CONF/x-pack/role_mapping.yml`, +By default, role mappings are stored in `ES_PATH_CONF/role_mapping.yml`, where `ES_PATH_CONF` is `ES_HOME/config` (zip/tar installations) or `/etc/elasticsearch` (package installations). To specify a different location, you configure the `files.role_mapping` realm settings in `elasticsearch.yml`. diff --git a/x-pack/docs/en/security/reference/files.asciidoc b/x-pack/docs/en/security/reference/files.asciidoc index cec8f9d1a3b..dcf673d9a9f 100644 --- a/x-pack/docs/en/security/reference/files.asciidoc +++ b/x-pack/docs/en/security/reference/files.asciidoc @@ -3,7 +3,7 @@ The {security} uses the following files: -* `CONFIG_DIR/x-pack/roles.yml` defines the roles in use on the cluster +* `CONFIG_DIR/roles.yml` defines the roles in use on the cluster (read more <>). * `CONFIG_DIR/elasticsearch-users` defines the users and their hashed passwords for @@ -12,12 +12,12 @@ The {security} uses the following files: * `CONFIG_DIR/elasticsearch-users_roles` defines the user roles assignment for the the <>. -* `CONFIG_DIR/x-pack/role_mapping.yml` defines the role assignments for a +* `CONFIG_DIR/role_mapping.yml` defines the role assignments for a Distinguished Name (DN) to a role. This allows for LDAP and Active Directory groups and users and PKI users to be mapped to roles (read more <>). -* `CONFIG_DIR/x-pack/log4j2.properties` contains audit information (read more +* `CONFIG_DIR/log4j2.properties` contains audit information (read more <>). [[security-files-location]] diff --git a/x-pack/docs/en/security/securing-communications/configuring-tls-docker.asciidoc b/x-pack/docs/en/security/securing-communications/configuring-tls-docker.asciidoc index affac534b6f..d93d4e523d9 100644 --- a/x-pack/docs/en/security/securing-communications/configuring-tls-docker.asciidoc +++ b/x-pack/docs/en/security/securing-communications/configuring-tls-docker.asciidoc @@ -41,7 +41,7 @@ instances: `.env`: [source,yaml] ---- -CERTS_DIR=/usr/share/elasticsearch/config/x-pack/certificates <1> +CERTS_DIR=/usr/share/elasticsearch/config/certificates <1> ELASTIC_PASSWORD=PleaseChangeMe <2> ---- <1> The path, inside the Docker image, where certificates are expected to be found. @@ -66,18 +66,18 @@ services: image: docker.elastic.co/elasticsearch/elasticsearch-platinum:{version} command: > bash -c ' - if [[ ! -d config/x-pack/certificates/certs ]]; then - mkdir config/x-pack/certificates/certs; + if [[ ! -d config/certificates/certs ]]; then + mkdir config/certificates/certs; fi; if [[ ! -f /local/certs/bundle.zip ]]; then - bin/elasticsearch-certgen --silent --in config/x-pack/certificates/instances.yml --out config/x-pack/certificates/certs/bundle.zip; - unzip config/x-pack/certificates/certs/bundle.zip -d config/x-pack/certificates/certs; <1> + bin/elasticsearch-certgen --silent --in config/certificates/instances.yml --out config/certificates/certs/bundle.zip; + unzip config/certificates/certs/bundle.zip -d config/certificates/certs; <1> fi; - chgrp -R 0 config/x-pack/certificates/certs + chgrp -R 0 config/certificates/certs ' user: $\{UID:-1000\} working_dir: /usr/share/elasticsearch - volumes: ['.:/usr/share/elasticsearch/config/x-pack/certificates'] + volumes: ['.:/usr/share/elasticsearch/config/certificates'] ---- <1> The new node certificates and CA certificate+key are placed under the local directory `certs`. @@ -184,9 +184,9 @@ WARNING: Windows users not running PowerShell will need to remove `\` and join l ---- docker exec es01 /bin/bash -c "bin/elasticsearch-setup-passwords \ auto --batch \ --Expack.ssl.certificate=x-pack/certificates/es01/es01.crt \ --Expack.ssl.certificate_authorities=x-pack/certificates/ca/ca.crt \ --Expack.ssl.key=x-pack/certificates/es01/es01.key \ +-Expack.ssl.certificate=certificates/es01/es01.crt \ +-Expack.ssl.certificate_authorities=certificates/ca/ca.crt \ +-Expack.ssl.key=certificates/es01/es01.key \ --url https://localhost:9200" ---- -- diff --git a/x-pack/docs/en/security/securing-communications/tls-http.asciidoc b/x-pack/docs/en/security/securing-communications/tls-http.asciidoc index dae088667c6..eb8e985a65b 100644 --- a/x-pack/docs/en/security/securing-communications/tls-http.asciidoc +++ b/x-pack/docs/en/security/securing-communications/tls-http.asciidoc @@ -40,9 +40,9 @@ This name should match the `keystore.path` value. [source, yaml] -------------------------------------------------- xpack.security.http.ssl.enabled: true -xpack.security.http.ssl.key: /home/es/config/x-pack/node01.key <1> -xpack.security.http.ssl.certificate: /home/es/config/x-pack/node01.crt <2> -xpack.security.http.ssl.certificate_authorities: [ "/home/es/config/x-pack/ca.crt" ] <3> +xpack.security.http.ssl.key: /home/es/config/node01.key <1> +xpack.security.http.ssl.certificate: /home/es/config/node01.crt <2> +xpack.security.http.ssl.certificate_authorities: [ "/home/es/config/ca.crt" ] <3> -------------------------------------------------- <1> The full path to the node key file. This must be a location within the {es} configuration directory. diff --git a/x-pack/docs/en/security/securing-communications/tls-ldap.asciidoc b/x-pack/docs/en/security/securing-communications/tls-ldap.asciidoc index f10ced77f71..b7f0b7d3005 100644 --- a/x-pack/docs/en/security/securing-communications/tls-ldap.asciidoc +++ b/x-pack/docs/en/security/securing-communications/tls-ldap.asciidoc @@ -29,7 +29,7 @@ xpack: order: 0 url: "ldaps://ldap.example.com:636" ssl: - certificate_authorities: [ "CONFIG_DIR/x-pack/cacert.pem" ] + certificate_authorities: [ "CONFIG_DIR/cacert.pem" ] -------------------------------------------------- The CA certificate must be a PEM encoded. diff --git a/x-pack/docs/en/security/securing-communications/tls-transport.asciidoc b/x-pack/docs/en/security/securing-communications/tls-transport.asciidoc index 9bce211a1e2..2e20a20f907 100644 --- a/x-pack/docs/en/security/securing-communications/tls-transport.asciidoc +++ b/x-pack/docs/en/security/securing-communications/tls-transport.asciidoc @@ -43,9 +43,9 @@ This name should match the `keystore.path` value. -------------------------------------------------- xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate <1> -xpack.security.transport.ssl.key: /home/es/config/x-pack/node01.key <2> -xpack.security.transport.ssl.certificate: /home/es/config/x-pack/node01.crt <3> -xpack.security.transport.ssl.certificate_authorities: [ "/home/es/config/x-pack/ca.crt" ] <4> +xpack.security.transport.ssl.key: /home/es/config/node01.key <2> +xpack.security.transport.ssl.certificate: /home/es/config/node01.crt <3> +xpack.security.transport.ssl.certificate_authorities: [ "/home/es/config/ca.crt" ] <4> -------------------------------------------------- <1> If you used the `--dns` or `--ip` options with the `elasticsearch-certutil cert` command and you want to enable strict hostname checking, set the verification mode to diff --git a/x-pack/docs/en/setup/bootstrap-checks-xes.asciidoc b/x-pack/docs/en/setup/bootstrap-checks-xes.asciidoc index a9150ec056c..6ee9c29b44f 100644 --- a/x-pack/docs/en/setup/bootstrap-checks-xes.asciidoc +++ b/x-pack/docs/en/setup/bootstrap-checks-xes.asciidoc @@ -43,7 +43,7 @@ to each user. If you use files to manage the role mappings, you must configure a YAML file and copy it to each node in the cluster. By default, role mappings are stored in -`ES_PATH_CONF/x-pack/role_mapping.yml`. Alternatively, you can specify a +`ES_PATH_CONF/role_mapping.yml`. Alternatively, you can specify a different role mapping file for each type of realm and specify its location in the `elasticsearch.yml` file. For more information, see {xpack-ref}/mapping-roles.html#mapping-roles-file[Using Role Mapping Files]. diff --git a/x-pack/docs/en/watcher/trigger/schedule/cron.asciidoc b/x-pack/docs/en/watcher/trigger/schedule/cron.asciidoc index c24668a688d..57d33051097 100644 --- a/x-pack/docs/en/watcher/trigger/schedule/cron.asciidoc +++ b/x-pack/docs/en/watcher/trigger/schedule/cron.asciidoc @@ -213,7 +213,7 @@ minute during the weekend: {xpack} ships with a `elasticsearch-croneval` command line tool that you can use to verify that your cron expressions are valid and produce the expected results. This tool is -provided in the `$ES_HOME/bin/x-pack` directory. +provided in the `$ES_HOME/bin` directory. To verify a cron expression, simply pass it in as a parameter to `elasticsearch-croneval`: