Skip to content

Commit a51faea

Browse files
authored
Docs: Cleanup docs for ec2 discovery (#26065)
This commit clears up which settings are allowed for ec2 discovery, and clearly marks those that require setting in the keystore. closes #25619
1 parent d26becc commit a51faea

File tree

1 file changed

+44
-77
lines changed

1 file changed

+44
-77
lines changed

docs/plugins/discovery-ec2.asciidoc

Lines changed: 44 additions & 77 deletions
Original file line numberDiff line numberDiff line change
@@ -11,99 +11,72 @@ include::install_remove.asciidoc[]
1111
[[discovery-ec2-usage]]
1212
==== Getting started with AWS
1313

14-
The plugin will default to using
14+
The plugin provides a hosts provider for zen discovery named `ec2`. This hosts provider
15+
finds other Elasticsearch instances in EC2 through AWS metadata. Authentication is done using
1516
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html[IAM Role]
16-
credentials for authentication. These can be overridden by, in increasing
17-
order of precedence, system properties `aws.accessKeyId` and `aws.secretKey`,
18-
environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_KEY`, or the
19-
elasticsearch config using `cloud.aws.access_key` and `cloud.aws.secret_key`:
17+
credentials by default. The only necessary configuration change to enable the plugin
18+
is setting the unicast host provider for zen discovery:
2019

2120
[source,yaml]
2221
----
23-
cloud:
24-
aws:
25-
access_key: AKVAIQBF2RECL7FJWGJQ
26-
secret_key: vExyMThREXeRMm/b/LRzEB8jWwvzQeXgjqMX+6br
22+
discovery.zen.hosts_provider: ec2
2723
----
2824

29-
[[discovery-ec2-usage-security]]
30-
===== Transport security
25+
==== Settings
3126

32-
By default this plugin uses HTTPS for all API calls to AWS endpoints. If you wish to configure HTTP you can set
33-
`cloud.aws.protocol` in the elasticsearch config. You can optionally override this setting per individual service
34-
via: `cloud.aws.ec2.protocol` or `cloud.aws.s3.protocol`.
27+
EC2 host discovery supports a number of settings.
28+
Some settings are sensitive and must be stored in the {ref}/secure-settings.html[elasticsearch keystore].
29+
For example, to use explicit AWS access keys:
3530

36-
[source,yaml]
31+
[source,sh]
3732
----
38-
cloud:
39-
aws:
40-
protocol: https
41-
ec2:
42-
protocol: https
33+
bin/elasticsearch-keystore add discovery.ec2.access_key
34+
bin/elasticsearch-keystore add discovery.ec2.secret_key
4335
----
4436

45-
In addition, a proxy can be configured with the `proxy.host`, `proxy.port`, `proxy.username` and `proxy.password` settings
46-
(note that protocol can be `http` or `https`):
37+
The following are the available discovery settings. All should be prefixed with `discovery.ec2.`.
38+
Those that must be stored in the keystore are marked as `Secure`.
4739

48-
[source,yaml]
49-
----
50-
cloud:
51-
aws:
52-
protocol: https
53-
proxy:
54-
host: proxy1.company.com
55-
port: 8083
56-
username: myself
57-
password: theBestPasswordEver!
58-
----
5940

60-
You can also set different proxies for `ec2` and `s3`:
41+
`access_key`::
6142

62-
[source,yaml]
63-
----
64-
cloud:
65-
aws:
66-
s3:
67-
proxy:
68-
host: proxy1.company.com
69-
port: 8083
70-
username: myself1
71-
password: theBestPasswordEver1!
72-
ec2:
73-
proxy:
74-
host: proxy2.company.com
75-
port: 8083
76-
username: myself2
77-
password: theBestPasswordEver2!
78-
----
43+
An s3 access key. The `secret_key` setting must also be specified. (Secure)
7944

80-
===== Read timeout
45+
`secret_key`::
8146

82-
Read timeout determines the amount of time to wait for data to be transferred over an established,
83-
open connection before the connection is timed out. Defaults to AWS SDK default value (`50 s`).
84-
It can be configured with `cloud.aws.read_timeout` (or `cloud.aws.ec2.read_timeout`) setting:
47+
An s3 secret key. The `access_key` setting must also be specified. (Secure)
8548

86-
[source, yaml]
87-
----
88-
cloud.aws.read_timeout: 30s
89-
----
49+
`endpoint`::
9050

91-
[[discovery-ec2-discovery]]
92-
==== EC2 Discovery
51+
The ec2 service endpoint to connect to. This will be automatically
52+
figured out by the ec2 client based on the instance location, but
53+
can be specified explicitly. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region.
9354

94-
ec2 discovery allows to use the ec2 APIs to perform automatic discovery (similar to multicast in non hostile multicast
95-
environments). Here is a simple sample configuration:
55+
`protocol`::
9656

97-
[source,yaml]
98-
----
99-
discovery:
100-
zen.hosts_provider: ec2
101-
----
57+
The protocol to use to connect to ec2. Valid values are either `http`
58+
or `https`. Defaults to `https`.
59+
60+
`proxy.host`::
61+
62+
The host name of a proxy to connect to ec2 through.
63+
64+
`proxy.port`::
65+
66+
The port of a proxy to connect to ec2 through.
67+
68+
`proxy.username`::
10269

103-
The ec2 discovery is using the same credentials as the rest of the AWS services provided by this plugin (`repositories`).
104-
See <<discovery-ec2-usage>> for details.
70+
The username to connect to the `proxy.host` with. (Secure)
10571

106-
The following are a list of settings (prefixed with `discovery.ec2`) that can further control the discovery:
72+
`proxy.password`::
73+
74+
The password to connect to the `proxy.host` with. (Secure)
75+
76+
`read_timeout`::
77+
78+
The socket timeout for connecting to ec2. The value should specify the unit. For example,
79+
a value of `5s` specifies a 5 second timeout. The default value is 50 seconds.
10780

10881
`groups`::
10982

@@ -231,12 +204,6 @@ cloud.node.auto_attributes: true
231204
cluster.routing.allocation.awareness.attributes: aws_availability_zone
232205
----
233206

234-
[[discovery-ec2-endpoint]]
235-
===== Using other EC2 endpoint
236-
237-
If you are using any EC2 api compatible service, you can set the endpoint you want to use by setting
238-
`cloud.aws.ec2.endpoint` to your URL provider.
239-
240207
[[cloud-aws-best-practices]]
241208
==== Best Practices in AWS
242209

0 commit comments

Comments
 (0)