Commit Graph

248 Commits

Author SHA1 Message Date
Ryan Ernst 1bd5cecc34 Docs: Add note about which secure settings are valid (#25212)
This commit adds a note to the docs to clarify that only some settings
can be used with the keystore.
2017-06-13 21:04:16 -07:00
Lisa Cawley 2f7de46b72 [DOC] Add X-Pack links to Elasticsearch Reference (#25164)
* [DOC] Add X-Pack links to Elasticsearch Reference

* [DOCS] Address alignment of attributes in Versions.asciidoc
2017-06-12 13:43:06 -07:00
Christian Hofstaedtler c3ec6a1714 Honor masking of systemd-sysctl.service
During package install on systemd-based systems, some sysctl settings
should be set (e.g. vm.max_map_count).

In some environments, changing sysctl settings plainly does not work;
previously a global environment variable named
ES_SKIP_SET_KERNEL_PARAMETERS was introduced to skip calling sysctl, but
this causes trouble for:
 - configuration management systems, which usually cannot apply an env
   var when running a package manager
 - package upgrades, which will not have the env var set any more, and
   thus leaving the package management system in a bad state (possibly
   half-way upgraded, can be very hard to recover)

This removes the env var again and instead of calling systemd-sysctl
manually, tells systemd to restart the wrapper unit - which itself can
be masked by system administrators or management tools if it is known
that sysctl does not work in a given environment.

The restart is not silent on systems in their default configuration, but
is ignored if the unit is masked.

Relates #24234
2017-06-06 10:44:41 -04:00
Sergey Novikov a7b21534b1 Docs: Fix typo in docker docs (#24988)
`boostrap.memory_lock` -> `bootstrap.memory_lock`
2017-05-31 13:42:47 -04:00
Oleksandr Chychkan 065d91bccc Typo in setup/configuration.asciidoc (#24797) 2017-05-19 10:49:56 -04:00
Ryan Ernst 463fe2f4d4 Scripting: Remove file scripts (#24627)
This commit removes file scripts, which were deprecated in 5.5.

closes #21798
2017-05-17 14:42:25 -07:00
Daniel Mitterdorfer 77762fcbb0 Use correct script name in docs for Windows
With this commit we correct the name of the ES batch script to
`elasticsearch.bat` in the docs and use backslashes in path names.
2017-05-16 15:57:05 +02:00
Jason Tedor 4e21a33689 Clarify disabling swap in docs
Our strong recommendation is disabling swap over any other alternative
to avoid the JVM from landing on disk. This commit clarifies the docs in
this regard.
2017-05-12 16:09:52 -04:00
Clinton Gormley b8dede06b5 Fixed prerelease URLs for RPM and Deb repos in docs 2017-05-09 18:33:23 +02:00
Dimitrios Liappis 79857357bf Docs: Update production notes for Docker
Add info about the base image used and the github repo of
elasticsearch-docker.

Clarify that setting `memlock=-1:-1` is only a requirement when
`bootstrap_memory_lock=true` and the alternatives we document
elsewhere in docs for disabling swap are valid for Docker as well.

Additionally, with latest versions of docker-ce shipping with
unlimited (or high enough) defaults for `nofile` and `nproc`, clarify
that explicitly setting those per ES container is not required, unless
they are not defined in the Docker daemon.

Finally simplify production `docker-compose.yml` example by removing
unneeded options.

Relates #24389
2017-05-03 14:27:31 +03:00
Jason Tedor 108d8905e2 Add note to docs regarding JAVA_HOME on Windows
For the Windows service, JAVA_HOME should be set to the path to the
JDK. We should make this clear in the docs to help users avoid
frustrating startup problems.

Relates #24260
2017-04-21 18:22:55 -04:00
Jason Tedor 446124b9d5 Reword note on whitespace in Log4j settings
This commit rewords the note on whitespace in Log4j settings to not
refer to only of the examples on the page, but instead be clear that the
note applies to all the examples on the page.
2017-04-20 07:34:30 -04:00
Jason Tedor 7a934bd6f4 Add note to docs on whitespace in Log4j settings
A confusing thing that can happen when configuring Log4j is that
extraneous whitespace throws off its configuration parsing yet the error
messages that arise give no indication that this is the problem. This
commit adds a note to the docs.

Relates #24198
2017-04-20 07:29:21 -04:00
Dimitrios Liappis c0ac50eaa4 Clarify elasticsearch user uid:gid mapping in Docker docs
Elasticsearch runs as user elasticsearch with uid:gid 1000:1000 inside
the Docker container. Clarify that bind mounted local directories need
to be accessible by this user.

Relates #24092
2017-04-19 15:12:46 +03:00
Lee Hinman 162ce85ff2 Remove customization of ES_USER and ES_GROUP
This removes the ability to configure Elasticsearch to use custom username
and/or group when it is run.

Resolves #23848
2017-04-14 13:24:21 -06:00
Jason Tedor 99e0268e0a Remove support for default settings
Today Elasticsearch allows default settings to be used only if the
actual setting is not set. These settings are trappy, and the complexity
invites bugs. This commit removes support for default settings with the
exception of default.path.data, default.path.conf, and default.path.logs
which are maintainted to support packaging. A follow-up will remove
support for these as well.

Relates #24093
2017-04-13 14:25:45 -04:00
Jayant Ameta 47160ba6ed Update secure-settings.asciidoc (#23891) 2017-04-05 11:18:23 +02:00
Jason Tedor 51b5dbffb7 Disable bootstrap checks for single-node discovery
While there are use-cases where a single-node is in production, there
are also use-cases for starting a single-node that binds transport to an
external interface where the node is not in production (for example, for
testing the transport client against a node started in a Docker
container). It's tricky to balance the desire to always enforce the
bootstrap checks when a node might be in production with the need for
the community to perform testing in situations that would trip the
bootstrap checks. This commit enables some flexibility for these
users. By setting the discovery type to "single-node", we disable the
bootstrap checks independently of how transport is bound. While this
sounds like a hole in the bootstrap checks, the bootstrap checks can
already be avoided in the single-node use-case by binding only HTTP but
not transport. For users that are genuinely in production on a
single-node use-case with transport bound to an external use-case, they
can set the system property "es.enable.bootstrap.checks" to force
running the bootstrap checks. It would be a mistake for them not to do
this.

Relates #23598
2017-04-04 09:39:04 -04:00
Jason Tedor a6c4234575 Add early-access check
The OpenJDK project provides early-access builds of upcoming
releases. These early-access builds are not suitable for
production. These builds sometimes end up on systems due to aggressive
packaging (e.g., Ubuntu). This commit adds a bootstrap check to ensure
these early-access builds are not being used in production.

Relates #23743
2017-03-24 14:52:50 -04:00
Nik Everett 1c1b29400b Docs: Fix language on a few snippets
They aren't `js`, they are their own thing.

Relates to #18160
2017-03-22 15:57:28 -04:00
Max Goodridge faa6ade035 Fix typo 'Elastisearch' -> 'Elasticsearch' (#23633)
Corrects `Elastisearch` to `Elasticsearch` in some docs and a packaging test utility.
2017-03-20 10:07:59 -04:00
Jason Tedor f7b8128f92 Enable explicitly enforcing bootstrap checks
This commit adds a system property that enables end-users to explicitly
enforce the bootstrap checks, independently of the binding of the
transport protocol. This can be useful for single-node production
systems that do not bind the transport protocol (and thus the bootstrap
checks would not be enforced).

Relates #23585
2017-03-15 10:36:17 -07:00
Shashank Singh 7420bda8ed Fix link to Debian install instructions
The link for the Debian install instructions was mistakenly pointing to
the RPM instructions. This commit fixes the reference.

Relates #23485
2017-03-06 14:41:30 -08:00
Jason Tedor e256ce452b Add documentation for Bash requirement
This commit adds a note to the docs regarding the requirements for Bash.

Relates #23464
2017-03-02 13:36:39 -05:00
Jason Tedor 21181d7865 Fix more missing markup in configuration docs
This commit fixes some missing markup in the configuration docs in the
logging configuration section.
2017-02-16 19:00:49 -05:00
Jason Tedor 0e3e111921 Replace HTTP link with HTTPS link
This commit replaces an HTTP link in the configuration docs with an
HTTPS link.
2017-02-16 12:19:30 -05:00
Jason Tedor 69dc730341 Fix missing markup in configuration docs
This commit adds a missing backtick in the configuration docs.
2017-02-16 12:19:30 -05:00
Jonathan D Strootman cb35b3785a Adding `ansible-elasticsearch` to list of CM tools (#23058) 2017-02-09 21:14:30 +01:00
Jordan Robinson 693b0017af Small typo fix in Windows service documentation
This commit removes a duplicate definite article in the Windows service
documentation.

Relates #23028
2017-02-07 17:25:46 -05:00
Clinton Gormley e181a020a9 Replaced absolute URLs in docs with attributes 2017-02-04 12:05:03 +01:00
Clinton Gormley c1be26f2e1 Centralised doc versions in docs/Versions.asciidoc 2017-02-04 11:16:19 +01:00
Ryan Ernst 003805e875 Docs: Add setup section for the keystore tool and secure settings (#22838) 2017-01-30 14:56:45 -08:00
Jason Tedor d9a3ffcea0 Add note regarding custom jvm.options
When users need to specify a custom location for configuration files,
they also need to specify a custom location for the jvm.options file yet
our docs are absent in this regard. This commit adds a note to the
rolling upgrade docs explaining this situation.

Relates #22747
2017-01-23 10:39:11 -05:00
Jason Tedor fc3280b3cf Expose logs base path
For certain situations, end-users need the base path for Elasticsearch
logs. Exposing this as a property is better than hard-coding the path
into the logging configuration file as otherwise the logging
configuration file could easily diverge from the Elasticsearch
configuration file. Additionally, Elasticsearch will only have
permissions to write to the log directory configured in the
Elasticsearch configuration file. This commit adds a property that
exposes this base path.

One use-case for this is configuring a rollover strategy to retain logs
for a certain period of time. As such, we add an example of this to the
documentation.

Additionally, we expose the property es.logs.cluster_name as this is
used as the name of the log files in the default configuration.

Finally, we expose es.logs.node_name in cases where node.name is
explicitly set in case users want to include the node name as part of
the name of the log files.

Relates #22625
2017-01-16 07:39:37 -05:00
Jason Tedor b7995fbc0d Fix default port for unicast zen ping hosts
Today when you do not specify a port for an entry in
discovery.zen.ping.unicast.hosts, the default port is the value of the
setting transport.profiles.default.port and falls back to the value of
transport.tcp.port if this is not set. For a node that is explicitly
bound to a different port than the default port, this means that the
default port will be equal to this explicitly bound port. Yet, the docs
say that we fall back to 9300 here. This commit corrects the docs.

Relates #22568
2017-01-11 17:10:56 -05:00
Dimitrios Liappis 91b5669d99 [docs] Add missing RUN command from custom docker config
Fix the `Dockerfile` example in the `Customizing image` third configuration
method by adding the missing RUN instruction.

Originally reported by Shankar Vasudevan (@vshank77).

Relates #21973
2017-01-11 11:13:05 +02:00
Chris Adams 61213f7917 Update Debian package installation documentation (#22405)
#9261 added a warning about the use of `add-apt-repository` which is becoming obsolete over time as new distribution releases include later versions of `add-apt-repository` which don't automatically add the `deb-src` line. This change updates the documentation to make the block a note rather than a warning and adds two other reasons for avoiding `add-apt-repository` which are still relevant: avoiding edits to a system shared file and not requiring a large number of non-default packages to add one line of text to a file.
2017-01-10 19:49:57 +01:00
Itamar Syn-Hershko dea8cee70f Fixing a second "second" reference in docs (#22345) 2016-12-28 18:50:10 +01:00
Jason Tedor 30806af6bd Rename bootstrap.seccomp to bootstrap.system_call_filter
We try to install a system call filter on various operating systems
(Linux, macOS, BSD, Solaris, and Windows) but the setting
(bootstrap.seccomp) to control this is named after the Linux
implementation (seccomp). This commit replaces this setting with
bootstrap.system_call_filter. For backwards compatibility reasons, we
fallback to bootstrap.seccomp and log a deprecation message if
bootstrap.seccomp is set. We intend to remove this fallback in
6.0.0. Note that now is the time to make this change it's likely that
most users are not making this setting anyway as prior to version 5.2.0
(currently unreleased) it was not necessary to configure anything to
enable a node to start up if the system call filter failed to install
(we marched on anyway) but starting in 5.2.0 it will be necessary in
this case.

Relates #22226
2016-12-16 18:22:54 -05:00
Juan Paulo Gutierrez acc39b1496 Fixed typo (#22066) 2016-12-09 10:34:29 +01:00
Jared Carey 317866894e Fix systemd override example in configuring docs
When overriding a systemd configuration via a drop-in file, the
[Service] header is required. This commit adds this to an example
drop-in override in the configuring docs.

Relates #22038
2016-12-07 19:41:59 -05:00
Nikhil Patel b5e3d351d9 Fix typos in threads docs
This commit fixes a typo in the threads docs where the past tense form
of a verb was used when current tense is needed.

Relates #22016
2016-12-07 08:22:49 -05:00
Jason Tedor 0afef53a17 Add system call filter bootstrap check
Today if system call filters fail to install on startup, we log a
message but otherwise march on. This might leave users without system
call filters installed not knowing that they have implicitly accepted
the additional risk. We should not be lenient like this, instead clearly
informing the user that they have to either fix their configuration or
accept the risk of not having system call filters installed. This commit
adds a bootstrap check that if system call filters are enabled, they
must successfully install.

Relates #21940
2016-12-02 14:27:54 -05:00
Jason Tedor 1e645bc2d6 Fix reference to jvm.options docs
The reference for the jvm.options docs recently changed from
es-java-opts to jvm-options. This commit fixes a broken reference that
arose as a result of this change.
2016-12-01 20:05:19 -05:00
Jason Tedor b9df2e2287 Improve the out-of-the-box experience
Elasticsearch can be run in a few different ways:
 - from the command line on Linux and Windows
 - as a service on Linux and Windows

on both 32-bit client and 64-bit server VMs. We strive for a great
out-of-the-box experience any of these combinations but today it is
lacking on 32-bit client JVMs and on the Windows service. There are two
deficiencies that arise:
 - on any 32-bit client JVM we fail to start out of the box because we
   force the server JVM in jvm.options
 - when installing the Windows service, the thread stack size must be
   specified in jvm.options

This commit attempts to address these deficiencies.

We should continue to force the server JVM because there are systems
where the server JVM is not active by default (e.g., the 32-bit JDK on
Windows). This does mean that if a user tries to run with a client JVM
they will see a failure message at startup but this is the best that we
can do if we want to continue to force the server JVM. Thus, this commit
at least documents this situation.

To improve the situation with installing the Windows service, this
commit adds a default setting for the thread stack size. This default is
chosen based on the default thread stack size across all 64-bit server
JVMs. This means that if a user tries to run with a 32-bit JVM they
could otherwise see significantly higher memory usage (this situation is
complicated, it's really only on Windows where the extra memory usage is
egregious, but cutting into the 32-bit address space on any system is
bad). So this commit makes it so that the out-of-the-box experience is
improved for the Windows service on 64-bit server JVMs and we document
the need to adjust this setting on 32-bit JVMs.

Again, we are focusing on the out-of-the-box experience here and this
means optimizing for the best experience on any 64-bit server JVM as
this covers the vast majority of the user base. The users that are on
32-bit JVMs will suffer a little bit but at least now any user on any
64-bit server JVM can start Elasticsearch out of the box.

Finally, we fix some references to the jvm.options documentation.

Relates #21920
2016-12-01 17:26:29 -05:00
Jason Tedor 32df032c59 Add option to skip kernel parameters on install
During package install on systemd-based systems, we try to set
vm.max_map_count. On some systems (e.g., containers), users do not have
the ability to tune these parameters from within the container. This
commit provides an option for these users to skip setting such kernel
parameters.

Relates #21899
2016-12-01 17:23:51 -05:00
Jason Tedor 0fe6b12553 Remove misplaced parenthesis from configuring docs
This commit removes a misplaced parenthesis from the systemd section of
the configuring docs.
2016-11-30 12:11:47 -05:00
Jason Tedor 5ca60fa78b Remove stale mention of minimum master nodes check
This commit removes a stale mention of the minimum master nodes boostrap
check from the docs.

Relates #21653
2016-11-18 06:56:23 -05:00
Nik Everett df2a5e7691 Mark snippet in docker docs NOTCONSOLE
That keeps us from failing the build because it is "unconverted".

Relates to #21497
2016-11-17 10:07:42 -05:00
Dimitrios Liappis 6c9ea0877d [docs] Document Docker installation method
Initial commit of the Docker installation method for Elasticsearch.

Relates #21497
2016-11-17 15:06:32 +02:00