OPGOPS-1734 Enable ssl for elasticsearch5 #127
Conversation
carinadigital
changed the title
carinadigital
force-pushed
the
OPGOPS-1734
branch
2 times, most recently
from
dde8d57
to
2c19c05
Compare
|
Default for ES5 is SSL enabled. Just wondering if this is correct for integrating further upstream. |
carinadigital
force-pushed
the
OPGOPS-1734
branch
from
2c19c05
to
ff66b57
Compare
| {{ else }} | ||
| xpack.security.transport.ssl.enabled: false | ||
| xpack.security.http.ssl.enabled: false | ||
| {{end}} |
There was a problem hiding this comment.
how does elasticsearch behave if the certs are in place, but ssl is disabled
There was a problem hiding this comment.
As expected. elasticsearch starts but communication with external client and also between nodes is via HTTP.
The ports don't change when SSL is enabled.
There was a problem hiding this comment.
We get default authorisation too. use
curl -k -u elastic:changeme https://localhost:9200
| @@ -0,0 +1,33 @@ | |||
| #!/bin/sh | |||
There was a problem hiding this comment.
Could we use a different init number here so we don't overwrite the base image behaviour?
They could survive in parallel quite happily.
There was a problem hiding this comment.
Overriding keeps it simple.
carinadigital
changed the title
carinadigital
force-pushed
the
OPGOPS-1734
branch
from
d8473ef
to
876daaa
Compare
| @@ -76,3 +77,5 @@ RUN ln -s /etc/sv/elasticsearch /etc/service/ | |||
| RUN ln -sf /dev/stdout /var/log/elastic-scripts.log | |||
There was a problem hiding this comment.
Is this still relevant.
There was a problem hiding this comment.
I don't have the context of where elastic-scripts was used. They were empty during my runs
Shall I remove?
|
|
||
| elasticsearch02: | ||
| build: elasticsearch5 | ||
| mem_limit: 1000000000 |
There was a problem hiding this comment.
this is known to cause issues. Use ES_JAVA_OPTS instead to limit the memory
|
Is this still needed? |
No description provided.