Commit Graph

6679 Commits

Author SHA1 Message Date
Jay Modi dbbdcea128
Update ciphers for TLSv1.3 and JDK11 if available (#42082)
This commit updates the default ciphers and TLS protocols that are used
when the runtime JDK supports them. New cipher support has been
introduced in JDK 11 and 12 along with performance fixes for AES GCM.
The ciphers are ordered with PFS ciphers being most preferred, then
AEAD ciphers, and finally those with mainstream hardware support. When
available stronger encryption is preferred for a given cipher.

This is a backport of #41385 and #41808. There are known JDK bugs with
TLSv1.3 that have been fixed in various versions. These are:

1. The JDK's bundled HttpsServer will endless loop under JDK11 and JDK
12.0 (Fixed in 12.0.1) based on the way the Apache HttpClient performs
a close (half close).
2. In all versions of JDK 11 and 12, the HttpsServer will endless loop
when certificates are not trusted or another handshake error occurs. An
email has been sent to the openjdk security-dev list and #38646 is open
to track this.
3. In JDK 11.0.2 and prior there is a race condition with session
resumption that leads to handshake errors when multiple concurrent
handshakes are going on between the same client and server. This bug
does not appear when client authentication is in use. This is
JDK-8213202, which was fixed in 11.0.3 and 12.0.
4. In JDK 11.0.2 and prior there is a bug where resumed TLS sessions do
not retain peer certificate information. This is JDK-8212885.

The way these issues are addressed is that the current java version is
checked and used to determine the supported protocols for tests that
provoke these issues.
2019-05-20 09:45:36 -04:00
Lisa Cawley fd2d4d761b [DOCS] Updates TLS configuration info (#41983) 2019-05-20 09:13:37 -04:00
Nhat Nguyen 1362944c23 Minor improvement translog docs (#42184)
Closes #42183
2019-05-19 20:45:34 -04:00
David Turner 51376f98a7 Clarify rolling upgrade fallback to restart upgrade (#42161)
Adds a note that restarting half-or-more of the master-eligible nodes means
you're no longer doing a rolling upgrade, and may need to upgrade all the
things before the cluster returns to health.
2019-05-16 13:38:48 -04:00
Hendrik Muhs 4063701f5e [DOCS] add a warning about bypassing PUT API's, update example responses (#42062)
Configurations are stored in the .data-frame-internal-1
index, but users should not add configurations directly to
the index as additional information to enable access control
is added. This adds a warning against allowing access to the
internal index.
2019-05-16 10:12:19 -04:00
Ryan Ernst fa1d1d1f57 Deprecate the native realm migration tool (#42142)
The migrate tool was added when the native realm was created, to aid
users in converting from file realms that were per node, into the
cluster managed native realm. While this tool was useful at the time,
users should now be using the native realm directly. This commit
deprecates the tool, to be removed in a followup for 8.0.
2019-05-16 09:52:31 -04:00
Igor Motov 2f8c5ac6f8 Docs: Mark SQL Geo functionality as beta (#42138)
Adds beta marker to geosql documentation
2019-05-15 10:51:33 -04:00
David Turner 15fd233ae3 Minor cluster coordination docs fixes (#42111)
Fixes a typo and a badly-formatted warning.
2019-05-15 09:27:08 -04:00
Igor Motov 70ea3cf847
SQL: Add initial geo support (#42031) (#42135)
Adds an initial limited implementations of geo features to SQL. This implementation is based on the [OpenGIS® Implementation Standard for Geographic information - Simple feature access](http://www.opengeospatial.org/standards/sfs), which is the current standard for GIS system implementation. This effort is concentrate on SQL option AKA ISO 19125-2. 

Queries that are supported as a result of this initial implementation

Metadata commands

- `DESCRIBE table`  - returns the correct column types `GEOMETRY` for geo shapes and geo points.
- `SHOW FUNCTIONS` - returns a list that includes supported `ST_` functions
- `SYS TYPES` and `SYS COLUMNS` display correct types `GEO_SHAPE` and `GEO_POINT` for geo shapes and geo points accordingly. 

Returning geoshapes and geopoints from elasticsearch

- `SELECT geom FROM table` - returns the geoshapes and geo_points as libs/geo objects in JDBC or as WKT strings in console.
- `SELECT ST_AsWKT(geom) FROM table;` and `SELECT ST_AsText(geom) FROM table;`- returns the geoshapes ang geopoints in their WKT representation;

Using geopoints to elasticsearch

- The following functions will be supported for geopoints in queries, sorting and aggregations: `ST_GeomFromText`, `ST_X`, `ST_Y`, `ST_Z`, `ST_GeometryType`, and `ST_Distance`. In most cases when used in queries, sorting and aggregations, these function are translated into script. These functions can be used in the SELECT clause for both geopoints and geoshapes. 
- `SELECT * FROM table WHERE ST_Distance(ST_GeomFromText(POINT(1 2), point) < 10;` - returns all records for which `point` is located within 10m from the `POINT(1 2)`. In this case the WHERE clause is translated into a range query.

Limitations:

Geoshapes cannot be used in queries, sorting and aggregations as part of this initial effort. In order to fully take advantage of geoshapes we would need to have access to geoshape doc values, which is coming in #37206. `ST_Z` cannot be used on geopoints in queries, sorting and aggregations since we don't store altitude in geo_point doc values.

Relates to #29872
Backport of #42031
2019-05-14 18:57:12 -05:00
James Rodewig 58f2e91684 [DOCS] Rewrite 'rewrite' parameter docs (#42018) 2019-05-13 08:43:12 -04:00
Benjamin Trent febee07dcc
[ML] adding pivot.max_search_page_size option for setting paging size (#41920) (#42079)
* [ML] adding pivot.size option for setting paging size

* Changing field name to address PR comments

* fixing ctor usage

* adjust hlrc for field name change
2019-05-10 13:22:31 -05:00
Jason Tedor cd5f1b53e8
Remove reference to fs.data.spins in docs
We long ago removed fs.data.spins from the nodes stats. This commit
removes reference to this in the docs.
2019-05-10 11:49:01 -04:00
David Turner 1be5bb5bfd Recognise direct buffers in heap size docs (#42070)
This commit slightly reworks the recommendations in the docs about setting the
heap size:

* the "rules of thumb" are actually instructions that should be followed

* the reason for setting `Xmx` to 50% of the heap size is more subtle than just
  leaving space for the filesystem cache

* it is normal to see Elasticsearch using more memory than `Xmx`

* replace `cutoff` and `limit` with `threshold` since all three terms are used
  interchangeably

* since we recommend setting `Xmx` equal to `Xms`, avoid talking about setting
  `Xmx` in isolation

Relates #41954
2019-05-10 13:56:47 +01:00
Christian Mesh 99a50ac3b7 Add painless string split function (splitOnToken) (#39772)
Adds two String split functions to Painless that can be used without enabling regexes.
2019-05-09 15:16:11 -07:00
James Rodewig 732ef15f0d [DOCS] Adds placeholder for 7.1.0 release notes (#42024) 2019-05-09 13:17:04 -04:00
James Rodewig ea5019665a [DOCS] Replace table with def list for ids query (#41865) 2019-05-09 09:52:20 -04:00
Daniel Schneiter 0b21fb0ee6
Mentioned the name of the icu_analyzer 2019-05-09 15:08:31 +02:00
Alexander Reelsen 8e33a5292a Add HTML strip processor (#41888)
This processor uses the lucene HTMLStripCharFilter class to remove HTML
entities from a field. This adds to the char filter, so that there is
possibility to store the stripped version as well.

Note, that the characeter filter replaces tags with a newline, so that
the produced HTML will look slightly different than the incoming HTML
with regards to newlines.
2019-05-09 13:01:07 +02:00
Flavio Pompermaier 83fef23fd1
Fix wrong property name (#40636) 2019-05-09 08:53:05 +02:00
Gordon Brown 4358cc6ac8
Add note about ILM action ordering (#41771)
Adds a note clarifying that actions are ordered automatically.
2019-05-08 16:42:50 -06:00
Jack Conradson 2c561481cd Add static section whitelist info to api docs generation (#41870)
This change adds imported methods, class bindings, and instance bindings to the documentation generation for the Painless Context APIs.
2019-05-08 11:15:38 -07:00
David Turner 60f84a2eb2 Remove mention of bulk threadpool in examples (#41935)
The `bulk` threadpool is now called `write`, but `bulk` is still
used in some examples. This commit fixes that.

Also, the only way `threadpool.bulk.write: 30` is a valid increase in the size
of this threadpool is if you have 29 processors, which is an odd number of
processors to have. This commit removes the "more threads" bit.
2019-05-08 12:14:23 +01:00
David Turner 99b5a27ea0 Node names in bootstrap config have no ports (#41569)
In cases where node names and transport addresses can be muddled, it is unclear
that `cluster.initial_master_nodes: master-a:9300` means to look for a node
called `master-a:9300` rather than a node called `master-a` with transport port
`9300`. This commit adds docs to that effect.
2019-05-08 10:38:40 +01:00
Yannick Welsch 818e05c05f Highlight the use of single-node discovery in docker docs (#41241)
Relates to https://discuss.elastic.co/t/es-7-and-docker-single-node-cluster/176585
2019-05-08 09:38:37 +02:00
David Turner 4c909e93bb
Reject port ranges in `discovery.seed_hosts` (#41905)
Today Elasticsearch accepts, but silently ignores, port ranges in the
`discovery.seed_hosts` setting:

```
discovery.seed_hosts: 10.1.2.3:9300-9400
```

Silently ignoring part of a setting like this is trappy. With this change we
reject seed host addresses of this form.

Closes #40786
Backport of #41404
2019-05-08 08:34:32 +01:00
Tim Vernum e04953a2bf
Clarify settings in default SSL/TLS (#41930)
The settings listed under the "Default values for TLS/SSL settings"
heading are not actual settings, rather they are common suffixes that
are used for settings that exist in a variety of contexts.

This commit changes the way they are presented to reduce this
confusion.

Backport of: #41779
2019-05-08 16:07:21 +10:00
Marios Trivyzas d5b0badeb7
SQL: Remove CircuitBreaker from parser (#41835)
The CircuitBreaker was introduced as means of preventing a
`StackOverflowException` during the build of the AST by the parser.

The ANTLR4 grammar causes a weird behaviour for a Parser Listener.
The `enterEveryRule()` method is often called with a different parsing
context than the respective `exitEveryRule()`. This makes it difficult
to keep track of the tree's depth, and a custom Map was used as an
attempt of matching the contextes as they are encounter during `enter`
and during `exit` of the rules.

This approach had 2 important drawbacks:
1. It's hard to maintain this custom Map as the grammar changes.
2. The CircuitBreaker could often lead to false positives which caused
valid queries to return an Exception and prevent them from executing.

So, this removes completely the CircuitBreaker which is replaced be
a simple handling of the `StackOverflowException`

Fixes: #41471
(cherry picked from commit 1559a8e2dbd729138b52e89b7e80264c9f4ad1e7)
2019-05-07 23:25:37 +03:00
Lisa Cawley cf8a2be27b [DOCS] Fix callouts for dataframe APIs (#41904) 2019-05-07 10:07:04 -07:00
James Rodewig 77f634ba25 [DOCS] Rewrite `exists` query docs (#41868) 2019-05-07 09:23:20 -04:00
James Rodewig f5bb1cc65a [DOCS] Fix typo referring to multi search API 2019-05-07 09:08:36 -04:00
Jason Tedor d7fd51a84e
Provide names for all artifact repositories (#41857)
This commit adds a name for each Maven and Ivy repository used in the
build.
2019-05-07 06:35:28 -04:00
Alan Woodward 3a35427b6d Improvements to docs around multiplexer and synonyms (#41645)
This commit fixes a multiplexer doc error concerning synonyms, and adds
suggestions on how to combine the two filters.
2019-05-07 09:10:14 +01:00
Julie Tibshirani a90aac1c71 Clarify that path_match also considers object fields. (#41658)
The `path_match` and `path_unmatch` parameters in dynamic templates match on
object fields in addition to leaf fields. This is not obvious and can cause
surprising errors when a template is meant for a leaf field, but there are
object fields that match. This PR adds a note to the docs to describe the
current behavior.
2019-05-06 14:48:08 -07:00
Issam EL-ATIF 2cdd75e2c8 [DOCS] remove 'es.scripting.update.ctx_in_params' system property for 7.0 (#41643) 2019-05-06 11:24:00 -07:00
Julie Tibshirani eb9bce3930 Clarify _doc is a permanent part of certain document APIs. (#41727)
We received some feedback that it is not completely clear why `_doc` is present
in the typeless document APIs:

> The new index APIs are PUT {index}/_doc/{id} in case of explicit ids and POST
{index}/_doc for auto-generated ids."_ Isn't this contradicting? Specifying
*types in requests is deprecated*, but we are supposed to still mention *_doc*
in write requests?

This PR updates the 'removal of types' documentation to try to clarify that
`_doc` now represents the endpoint name, as opposed to a type.
2019-05-06 10:43:50 -07:00
Marios Trivyzas 228d23de6d
SQL: [Docs] Add example for custom bucketing with CASE (#41787)
Add a TIP on how to use CASE to achieve custom bucketing
with GROUP BY.

Follows: #41349

(cherry picked from commit eb5f5d45533c5f81e57dd0221d902a73ec400098)
2019-05-06 18:05:03 +03:00
James Rodewig 2306531815 [DOCS] Rewrite `term` query docs for new format (#41498)
* [DOCS] Restructure `term` query docs.
2019-05-06 10:36:53 -04:00
Jason Tedor 8df13b474d
Update some more S3 artifact locations to use https
This commit updates some additional S3 artifact locations to use https
instead of http.

Relates 241c4ef97a
2019-05-04 08:30:12 -04:00
David Kyle 4421744184 [ML DataFrame] Update Preview docs for source config change (#41761) 2019-05-03 16:34:10 +01:00
Gordon Brown 9a4cab9f77
Recommend use of ln1p/log1p to avoid negative scores (#41610)
As negative scores will now cause an error, and it is easy to
accidentally produce negative scores with some of the built-in modifiers
(especially `ln` and `log`), this adjusts the documentation to more
strongly recommend the use of `ln1p` and `log1p` instead.

Also corrects some awkward formatting on the note sections following the
table.
2019-05-03 09:10:29 -06:00
David Turner c942277822 Fix discovery config in docker-compose docs (#41753)
Today's `docker-compose` docs are missing the `discovery.seed_nodes` config on
one of the nodes. With today's configuration the cluster can still form the
first time it is started, because `cluster.initial_master_nodes` requires both
nodes to bootstrap the cluster which ensures that each discover the other.
However if `es02` is elected master it will remove `es01` from the voting
configuration and then when restarted it will form a cluster on its own without
needing to do any discovery. Meanwhile `es01` doesn't know how to find `es02`
after a restart so will be unable to join this cluster.

This commit fixes this by adding the missing configuration.

Relates #41394, which fixes a different `docker-compose.yml` in the same way.
2019-05-03 10:46:48 +02:00
lcawl 9f77ea26a9 [DOCS] Adds placeholder for 7.2 breaking changes 2019-05-02 15:36:31 -07:00
James Rodewig 33945463f3 [DOCS] Add `:` to render multiple inline macros in Asciidoctor (#41615) 2019-05-01 15:54:19 -04:00
lcawl 5fd3774d43 [DOCS] Adds missing 7.2.0 highlights page 2019-05-01 12:02:34 -07:00
Jason Tedor 7f3ab4524f
Bump 7.x branch to version 7.2.0
This commit adds the 7.2.0 version constant to the 7.x branch, and bumps
BWC logic accordingly.
2019-05-01 13:38:57 -04:00
James Rodewig c86f797df8 [DOCS] Reword `type` query deprecation note for Asciidoctor migration (#41595) 2019-05-01 09:29:05 -04:00
James Rodewig b65ceb36bc [DOCS] Escape quotes to avoid smart quotes in Asciidoctor (#41603) 2019-04-30 16:31:20 -04:00
James Rodewig 721787fa76 [DOCS] Remove soft line breaks (+) for Asciidoctor migration (#41600) 2019-04-30 16:22:50 -04:00
James Rodewig 3e68164825 [DOCS] Move beta[] tag for Asciidoctor migration (#41599) 2019-04-30 16:03:24 -04:00
James Rodewig 9506e3f1c5 [DOCS] Escape commas in deprecated[] for Asciidoctor migration (#41598) 2019-04-30 15:52:57 -04:00