From 574f17cebd2d800d624257967c9d4f42403f4a12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Fri, 24 Oct 2025 14:59:36 +0200 Subject: [PATCH 1/6] initial changes to examples --- .../remote-clusters/remote-clusters-api-key.md | 16 ++++++++-------- .../remote-clusters/remote-clusters-cert.md | 18 +++++++++--------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/deploy-manage/remote-clusters/remote-clusters-api-key.md b/deploy-manage/remote-clusters/remote-clusters-api-key.md index e6406c64a5..a84747dd63 100644 --- a/deploy-manage/remote-clusters/remote-clusters-api-key.md +++ b/deploy-manage/remote-clusters/remote-clusters-api-key.md @@ -180,7 +180,7 @@ PUT /_cluster/settings "remote" : { "cluster_one" : { <1> "seeds" : [ - "127.0.0.1:9443" <2> + "my.remote.cluster.com:9443" <2> ] } } @@ -205,7 +205,7 @@ The API response indicates that the local cluster is connected to the remote clu { "cluster_one" : { "seeds" : [ - "127.0.0.1:9443" + "my.remote.cluster.com:9443" ], "connected" : true, "num_nodes_connected" : 1, <1> @@ -239,20 +239,20 @@ PUT _cluster/settings "remote": { "cluster_one": { "seeds": [ - "127.0.0.1:9443" + "my.remote.cluster.com:9443" ] }, "cluster_two": { "mode": "sniff", "seeds": [ - "127.0.0.1:9444" + "my.second.remote.cluster.com:9443" ], "transport.compress": true, "skip_unavailable": true }, "cluster_three": { "mode": "proxy", - "proxy_address": "127.0.0.1:9445" + "proxy_address": "my.third.remote.cluster.com:9443" } } } @@ -322,15 +322,15 @@ In the following example, `cluster_one`, `cluster_two`, and `cluster_three` are cluster: remote: cluster_one: - seeds: 127.0.0.1:9443 + seeds: my.remote.cluster.com:9443 cluster_two: mode: sniff - seeds: 127.0.0.1:9444 + seeds: my.second.remote.cluster.com:9443 transport.compress: true <1> skip_unavailable: true <2> cluster_three: mode: proxy - proxy_address: 127.0.0.1:9445 <3> + proxy_address: my.third.remote.cluster.com:9443 <3> ``` 1. Compression is explicitly enabled for requests to `cluster_two`. diff --git a/deploy-manage/remote-clusters/remote-clusters-cert.md b/deploy-manage/remote-clusters/remote-clusters-cert.md index 48448af8bd..82e814c967 100644 --- a/deploy-manage/remote-clusters/remote-clusters-cert.md +++ b/deploy-manage/remote-clusters/remote-clusters-cert.md @@ -86,7 +86,7 @@ PUT /_cluster/settings "remote" : { "cluster_one" : { <1> "seeds" : [ - "127.0.0.1:9300" <2> + "my.remote.cluster.com:9300" <2> ] } } @@ -96,7 +96,7 @@ PUT /_cluster/settings ``` 1. The cluster alias of this remote cluster is `cluster_one`. -2. Specifies the hostname and transport port of a seed node in the remote cluster. +2. Specifies the hostname and transport port of at least a seed node in the remote cluster. You can use the [remote cluster info API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-remote-info) to verify that the local cluster is successfully connected to the remote cluster: @@ -111,7 +111,7 @@ The API response indicates that the local cluster is connected to the remote clu { "cluster_one" : { "seeds" : [ - "127.0.0.1:9300" + "my.remote.cluster.com:9300" ], "connected" : true, "num_nodes_connected" : 1, <1> @@ -143,20 +143,20 @@ PUT _cluster/settings "remote": { "cluster_one": { "seeds": [ - "127.0.0.1:9300" + "my.remote.cluster.com:9300" ] }, "cluster_two": { "mode": "sniff", "seeds": [ - "127.0.0.1:9301" + "my.second.remote.cluster.com:9300" ], "transport.compress": true, "skip_unavailable": true }, "cluster_three": { "mode": "proxy", - "proxy_address": "127.0.0.1:9302" + "proxy_address": "my.third.remote.cluster.com:9302" } } } @@ -226,15 +226,15 @@ In the following example, `cluster_one`, `cluster_two`, and `cluster_three` are cluster: remote: cluster_one: - seeds: 127.0.0.1:9300 + seeds: my.remote.cluster.com:9300 cluster_two: mode: sniff - seeds: 127.0.0.1:9301 + seeds: my.second.remote.cluster.com:9300 transport.compress: true <1> skip_unavailable: true <2> cluster_three: mode: proxy - proxy_address: 127.0.0.1:9302 <3> + proxy_address: my.third.remote.cluster.com:9302 <3> ``` 1. Compression is explicitly enabled for requests to `cluster_two`. From ab05281b3817b31f9f5ba3bb68e02271cb91789f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Tue, 28 Oct 2025 13:30:39 +0100 Subject: [PATCH 2/6] ip addressess updated to RFC1166 --- .../_snippets/rcs-elasticsearch-api-snippet-self.md | 4 ++-- .../_snippets/rcs-elasticsearch-api-snippet.md | 4 ++-- .../remote-clusters/ec-remote-cluster-self-managed.md | 4 ++-- .../remote-clusters/ece-remote-cluster-self-managed.md | 4 ++-- deploy-manage/remote-clusters/remote-clusters-api-key.md | 4 ++-- deploy-manage/remote-clusters/remote-clusters-cert.md | 2 +- deploy-manage/remote-clusters/remote-clusters-migrate.md | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md index a30bd8bea2..a82354408d 100644 --- a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md +++ b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md @@ -27,8 +27,8 @@ PUT /_cluster/settings "remote": { "alias-for-my-remote-cluster": { // Align the alias with the remote cluster name used when adding the API key. "mode":"proxy", - "proxy_address": "a542184a7a7d45b88b83f95392f450ab.192.168.44.10.ip.es.io:9400", - "server_name": "a542184a7a7d45b88b83f95392f450ab.192.168.44.10.ip.es.io" + "proxy_address": "a542184a7a7d45b88b83f95392f450ab.192.0.2.10.ip.es.io:9400", + "server_name": "a542184a7a7d45b88b83f95392f450ab.192.0.2.10.ip.es.io" } } } diff --git a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md index f2dac811ef..1215a784a1 100644 --- a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md +++ b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md @@ -35,8 +35,8 @@ PUT /_cluster/settings "remote": { "alias-for-my-remote-cluster": { // Remote cluster alias "mode":"proxy", - "proxy_address": "a542184a7a7d45b88b83f95392f450ab.192.168.44.10.ip.es.io:9400", - "server_name": "a542184a7a7d45b88b83f95392f450ab.192.168.44.10.ip.es.io" + "proxy_address": "a542184a7a7d45b88b83f95392f450ab.192.0.2.10.ip.es.io:9400", + "server_name": "a542184a7a7d45b88b83f95392f450ab.192.0.2.10.ip.es.io" } } } diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md index 04c25ca90f..6141e17a2a 100644 --- a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md +++ b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md @@ -146,11 +146,11 @@ A deployment can be configured to trust all or specific deployments in any envir instances: - name: "node1" dns: ["node1.mydomain.com"] - ip: ["192.168.1.1"] + ip: ["192.0.2.1"] cn: ["node1.node.1234567abcd.cluster.myscope.account"] - name: "node2" dns: ["node2.mydomain.com"] - ip: ["192.168.1.2"] + ip: ["192.0.2.2"] cn: ["node2.node.1234567abcd.cluster.myscope.account"] ``` diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md index 5458c7fda8..b052ebbb0d 100644 --- a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md +++ b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md @@ -146,11 +146,11 @@ A deployment can be configured to trust all or specific deployments in any envir instances: - name: "node1" dns: ["node1.mydomain.com"] - ip: ["192.168.1.1"] + ip: ["192.0.2.1"] cn: ["node1.node.1234567abcd.cluster.myscope.account"] - name: "node2" dns: ["node2.mydomain.com"] - ip: ["192.168.1.2"] + ip: ["192.0.2.2"] cn: ["node2.node.1234567abcd.cluster.myscope.account"] ``` diff --git a/deploy-manage/remote-clusters/remote-clusters-api-key.md b/deploy-manage/remote-clusters/remote-clusters-api-key.md index a84747dd63..fe8ce5b34e 100644 --- a/deploy-manage/remote-clusters/remote-clusters-api-key.md +++ b/deploy-manage/remote-clusters/remote-clusters-api-key.md @@ -76,7 +76,7 @@ If a remote cluster is part of an {{ech}} (ECH) deployment, the remote cluster s 3. Generate a certificate and private key pair for the nodes in the remote cluster: ```sh - ./bin/elasticsearch-certutil cert --out=cross-cluster.p12 --pass=CERT_PASSWORD --ca-cert=ca/ca.crt --ca-key=ca/ca.key --ca-pass=CA_PASSWORD --dns=example.com --ip=127.0.0.1 + ./bin/elasticsearch-certutil cert --out=cross-cluster.p12 --pass=CERT_PASSWORD --ca-cert=ca/ca.crt --ca-key=ca/ca.key --ca-pass=CA_PASSWORD --dns=example.com --ip=192.0.2.1 ``` * Replace `CA_PASSWORD` with the CA password from the previous step. @@ -158,7 +158,7 @@ To add a remote cluster from Stack Management in {{kib}}: 2. Select **Add a remote cluster**. 3. Select **API keys** as the connection type. 4. Enter a name (*cluster alias*) for the remote cluster. -5. Specify the {{es}} endpoint URL, or the IP address or host name of the remote cluster followed by the remote cluster port (defaults to `9443`). For example, `cluster.es.eastus2.staging.azure.foundit.no:9443` or `192.168.1.1:9443`. +5. Specify the {{es}} endpoint URL, or the IP address or host name of the remote cluster followed by the remote cluster port (defaults to `9443`). For example, `cluster.es.eastus2.staging.azure.foundit.no:9443` or `192.0.2.1:9443`. Starting with {{kib}} 9.2, you can also specify IPv6 addresses. diff --git a/deploy-manage/remote-clusters/remote-clusters-cert.md b/deploy-manage/remote-clusters/remote-clusters-cert.md index 82e814c967..94a614fcf5 100644 --- a/deploy-manage/remote-clusters/remote-clusters-cert.md +++ b/deploy-manage/remote-clusters/remote-clusters-cert.md @@ -68,7 +68,7 @@ To add a remote cluster from Stack Management in {{kib}}: 2. Select **Add a remote cluster**. 3. Select **Certificates** as the connection type. 4. Enter a name (*cluster alias*) for the remote cluster. -5. Specify the {{es}} endpoint URL, or the IP address or host name of the remote cluster followed by the transport port (defaults to `9300`). For example, `cluster.es.eastus2.staging.azure.foundit.no:9300` or `192.168.1.1:9300`. +5. Specify the {{es}} endpoint URL, or the IP address or host name of the remote cluster followed by the transport port (defaults to `9300`). For example, `cluster.es.eastus2.staging.azure.foundit.no:9300` or `192.0.2.1:9300`. Starting with {{kib}} 9.2, you can also specify IPv6 addresses. diff --git a/deploy-manage/remote-clusters/remote-clusters-migrate.md b/deploy-manage/remote-clusters/remote-clusters-migrate.md index f7cfbdb459..7d5a0fd062 100644 --- a/deploy-manage/remote-clusters/remote-clusters-migrate.md +++ b/deploy-manage/remote-clusters/remote-clusters-migrate.md @@ -69,7 +69,7 @@ On the remote cluster: 3. Generate a certificate and private key pair for the nodes in the remote cluster: ```sh - ./bin/elasticsearch-certutil cert --out=cross-cluster.p12 --pass=CERT_PASSWORD --ca-cert=ca/ca.crt --ca-key=ca/ca.key --ca-pass=CA_PASSWORD --dns=example.com --ip=127.0.0.1 + ./bin/elasticsearch-certutil cert --out=cross-cluster.p12 --pass=CERT_PASSWORD --ca-cert=ca/ca.crt --ca-key=ca/ca.key --ca-pass=CA_PASSWORD --dns=example.com --ip=192.0.2.1 ``` * Replace `CA_PASSWORD` with the CA password from the previous step. From cc8fbcd4a2b3e310f4b5dd304070923d3325c5b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Wed, 29 Oct 2025 10:30:40 +0100 Subject: [PATCH 3/6] all urls and ips updated --- .../rcs-elasticsearch-api-snippet-self.md | 4 ++-- .../_snippets/rcs-elasticsearch-api-snippet.md | 4 ++-- .../ec-remote-cluster-self-managed.md | 8 ++++---- .../ece-remote-cluster-self-managed.md | 8 ++++---- .../remote-clusters/remote-clusters-api-key.md | 18 +++++++++--------- .../remote-clusters/remote-clusters-cert.md | 16 ++++++++-------- .../remote-clusters/remote-clusters-migrate.md | 6 +++--- 7 files changed, 32 insertions(+), 32 deletions(-) diff --git a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md index a82354408d..55b8e8f24b 100644 --- a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md +++ b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md @@ -27,8 +27,8 @@ PUT /_cluster/settings "remote": { "alias-for-my-remote-cluster": { // Align the alias with the remote cluster name used when adding the API key. "mode":"proxy", - "proxy_address": "a542184a7a7d45b88b83f95392f450ab.192.0.2.10.ip.es.io:9400", - "server_name": "a542184a7a7d45b88b83f95392f450ab.192.0.2.10.ip.es.io" + "proxy_address": ":9443", + "server_name": "" } } } diff --git a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md index 1215a784a1..82167d9272 100644 --- a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md +++ b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet.md @@ -35,8 +35,8 @@ PUT /_cluster/settings "remote": { "alias-for-my-remote-cluster": { // Remote cluster alias "mode":"proxy", - "proxy_address": "a542184a7a7d45b88b83f95392f450ab.192.0.2.10.ip.es.io:9400", - "server_name": "a542184a7a7d45b88b83f95392f450ab.192.0.2.10.ip.es.io" + "proxy_address": ":9443", + "server_name": "" } } } diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md index 6141e17a2a..7f393b97f2 100644 --- a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md +++ b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md @@ -161,7 +161,7 @@ A deployment can be configured to trust all or specific deployments in any envir * two specific clusters with the cluster IDs `aaaabbbbaaaabbbb`<1> and `xxxxyyyyxxxxyyyy`<2> from an organization with organization ID `1053523734` * <3> any cluster from an organization with organization ID `83988631` - * <4> The nodes from its own cluster (whose certificates follow a different convention: `CN = node1.example.com`, `CN = node2.example.com` and `CN = node3.example.com`) + * <4> The nodes from its own cluster (whose certificates follow a different convention: `CN = node1.`, `CN = node2.` and `CN = node3.`) ``` @@ -169,7 +169,7 @@ A deployment can be configured to trust all or specific deployments in any envir - *.node.aaaabbbbaaaabbbb.cluster.1053523734.account - *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account - *.node.*.cluster.83988631.account - - node*.example.com + - node*. ``` ::::{tip} @@ -180,7 +180,7 @@ Generate new node certificates for an entire cluster using the file input mode o ::::{dropdown} Using the API You can update a deployment using the appropriate trust settings for the {{es}} payload. -In order to trust a cluster whose nodes present certificates with the subject names: "CN = node1.example.com", "CN = node2.example.com" and "CN = node3.example.com" in a self-managed environment, you could update the trust settings with an additional direct trust relationship like this: +In order to trust a cluster whose nodes present certificates with the subject names: "CN = node1.", "CN = node2." and "CN = node3." in a self-managed environment, you could update the trust settings with an additional direct trust relationship like this: ```json { @@ -195,7 +195,7 @@ In order to trust a cluster whose nodes present certificates with the subject na { "type" : "generic", "name" : "My Self-managed environment", - "additional_node_names" : ["node1.example.com", "node2.example.com", "node3.example.com",], + "additional_node_names" : ["node1.", "node2.", "node3.",], "certificates" : [ { "pem" : "-----BEGIN CERTIFICATE-----\nMIIDTzCCA...H0=\n-----END CERTIFICATE-----" diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md index b052ebbb0d..ba16a71245 100644 --- a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md +++ b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md @@ -164,12 +164,12 @@ A deployment can be configured to trust all or specific deployments in any envir - *.node.aaaabbbbaaaabbbb.cluster.1053523734.account <1> - *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account <1> - *.node.*.cluster.83988631.account <2> - - node*.example.com <4> + - node*. <4> ``` 1. two specific clusters with cluster ids `aaaabbbbaaaabbbb` and `xxxxyyyyxxxxyyyy` in an ECE environment with Environment ID `1053523734` 2. any cluster from an ECE environment with Environment ID `83988631` - 3. the nodes from its own cluster (whose certificates follow a different convention: `CN = node1.example.com`, `CN = node2.example.com` and `CN = node3.example.com`) + 3. the nodes from its own cluster (whose certificates follow a different convention: `CN = node1.`, `CN = node2.` and `CN = node3.`) ::::{tip} Generate new node certificates for an entire cluster using the file input mode of the certutil. @@ -179,7 +179,7 @@ Generate new node certificates for an entire cluster using the file input mode o ::::{dropdown} Using the API You can update a deployment using the appropriate trust settings for the {{es}} payload. -In order to trust a cluster whose nodes present certificates with the subject names: "CN = node1.example.com", "CN = node2.example.com" and "CN = node3.example.com" in a self-managed environment, you could update the trust settings with an additional direct trust relationship like this: +In order to trust a cluster whose nodes present certificates with the subject names: "CN = node1.", "CN = node2." and "CN = node3." in a self-managed environment, you could update the trust settings with an additional direct trust relationship like this: ```json { @@ -194,7 +194,7 @@ In order to trust a cluster whose nodes present certificates with the subject na { "type" : "generic", "name" : "My Self-managed environment", - "additional_node_names" : ["node1.example.com", "node2.example.com", "node3.example.com",], + "additional_node_names" : ["node1.", "node2.", "node3.",], "certificates" : [ { "pem" : "-----BEGIN CERTIFICATE-----\nMIIDTzCCA...H0=\n-----END CERTIFICATE-----" diff --git a/deploy-manage/remote-clusters/remote-clusters-api-key.md b/deploy-manage/remote-clusters/remote-clusters-api-key.md index fe8ce5b34e..5f3ea695d1 100644 --- a/deploy-manage/remote-clusters/remote-clusters-api-key.md +++ b/deploy-manage/remote-clusters/remote-clusters-api-key.md @@ -76,7 +76,7 @@ If a remote cluster is part of an {{ech}} (ECH) deployment, the remote cluster s 3. Generate a certificate and private key pair for the nodes in the remote cluster: ```sh - ./bin/elasticsearch-certutil cert --out=cross-cluster.p12 --pass=CERT_PASSWORD --ca-cert=ca/ca.crt --ca-key=ca/ca.key --ca-pass=CA_PASSWORD --dns=example.com --ip=192.0.2.1 + ./bin/elasticsearch-certutil cert --out=cross-cluster.p12 --pass=CERT_PASSWORD --ca-cert=ca/ca.crt --ca-key=ca/ca.key --ca-pass=CA_PASSWORD --dns= --ip=192.0.2.1 ``` * Replace `CA_PASSWORD` with the CA password from the previous step. @@ -180,7 +180,7 @@ PUT /_cluster/settings "remote" : { "cluster_one" : { <1> "seeds" : [ - "my.remote.cluster.com:9443" <2> + ":9443" <2> ] } } @@ -205,7 +205,7 @@ The API response indicates that the local cluster is connected to the remote clu { "cluster_one" : { "seeds" : [ - "my.remote.cluster.com:9443" + ":9443" ], "connected" : true, "num_nodes_connected" : 1, <1> @@ -239,20 +239,20 @@ PUT _cluster/settings "remote": { "cluster_one": { "seeds": [ - "my.remote.cluster.com:9443" + ":9443" ] }, "cluster_two": { "mode": "sniff", "seeds": [ - "my.second.remote.cluster.com:9443" + ":9443" ], "transport.compress": true, "skip_unavailable": true }, "cluster_three": { "mode": "proxy", - "proxy_address": "my.third.remote.cluster.com:9443" + "proxy_address": ":9443" } } } @@ -322,15 +322,15 @@ In the following example, `cluster_one`, `cluster_two`, and `cluster_three` are cluster: remote: cluster_one: - seeds: my.remote.cluster.com:9443 + seeds: :9443 cluster_two: mode: sniff - seeds: my.second.remote.cluster.com:9443 + seeds: :9443 transport.compress: true <1> skip_unavailable: true <2> cluster_three: mode: proxy - proxy_address: my.third.remote.cluster.com:9443 <3> + proxy_address: :9443 <3> ``` 1. Compression is explicitly enabled for requests to `cluster_two`. diff --git a/deploy-manage/remote-clusters/remote-clusters-cert.md b/deploy-manage/remote-clusters/remote-clusters-cert.md index 94a614fcf5..e3618f7dfe 100644 --- a/deploy-manage/remote-clusters/remote-clusters-cert.md +++ b/deploy-manage/remote-clusters/remote-clusters-cert.md @@ -86,7 +86,7 @@ PUT /_cluster/settings "remote" : { "cluster_one" : { <1> "seeds" : [ - "my.remote.cluster.com:9300" <2> + ":9300" <2> ] } } @@ -111,7 +111,7 @@ The API response indicates that the local cluster is connected to the remote clu { "cluster_one" : { "seeds" : [ - "my.remote.cluster.com:9300" + ":9300" ], "connected" : true, "num_nodes_connected" : 1, <1> @@ -143,20 +143,20 @@ PUT _cluster/settings "remote": { "cluster_one": { "seeds": [ - "my.remote.cluster.com:9300" + ":9300" ] }, "cluster_two": { "mode": "sniff", "seeds": [ - "my.second.remote.cluster.com:9300" + ":9300" ], "transport.compress": true, "skip_unavailable": true }, "cluster_three": { "mode": "proxy", - "proxy_address": "my.third.remote.cluster.com:9302" + "proxy_address": ":9300" } } } @@ -226,15 +226,15 @@ In the following example, `cluster_one`, `cluster_two`, and `cluster_three` are cluster: remote: cluster_one: - seeds: my.remote.cluster.com:9300 + seeds: :9300 cluster_two: mode: sniff - seeds: my.second.remote.cluster.com:9300 + seeds: :9300 transport.compress: true <1> skip_unavailable: true <2> cluster_three: mode: proxy - proxy_address: my.third.remote.cluster.com:9302 <3> + proxy_address: :9300 <3> ``` 1. Compression is explicitly enabled for requests to `cluster_two`. diff --git a/deploy-manage/remote-clusters/remote-clusters-migrate.md b/deploy-manage/remote-clusters/remote-clusters-migrate.md index 7d5a0fd062..9753902523 100644 --- a/deploy-manage/remote-clusters/remote-clusters-migrate.md +++ b/deploy-manage/remote-clusters/remote-clusters-migrate.md @@ -69,7 +69,7 @@ On the remote cluster: 3. Generate a certificate and private key pair for the nodes in the remote cluster: ```sh - ./bin/elasticsearch-certutil cert --out=cross-cluster.p12 --pass=CERT_PASSWORD --ca-cert=ca/ca.crt --ca-key=ca/ca.key --ca-pass=CA_PASSWORD --dns=example.com --ip=192.0.2.1 + ./bin/elasticsearch-certutil cert --out=cross-cluster.p12 --pass=CERT_PASSWORD --ca-cert=ca/ca.crt --ca-key=ca/ca.key --ca-pass=CA_PASSWORD --dns= --ip=192.0.2.1 ``` * Replace `CA_PASSWORD` with the CA password from the previous step. @@ -169,7 +169,7 @@ On the local cluster: "remote" : { "my_remote" : { <1> "mode": "proxy", - "proxy_address": "my.remote.cluster.com:9443" <2> + "proxy_address": ":9443" <2> } } } @@ -198,7 +198,7 @@ On the local cluster: "my_remote": { "connected": true, <1> "mode": "proxy", - "proxy_address": "my.remote.cluster.com:9443", + "proxy_address": ":9443", "server_name": "", "num_proxy_sockets_connected": 0, "max_proxy_socket_connections": 18, From 890ce6b05bdbabada99f5d9d8d6b35b1650b5d1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Wed, 29 Oct 2025 16:55:23 +0100 Subject: [PATCH 4/6] suggestion applied --- .../remote-clusters/ec-remote-cluster-self-managed.md | 4 ++-- .../remote-clusters/ece-remote-cluster-self-managed.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md index 7f393b97f2..a931da9b02 100644 --- a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md +++ b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md @@ -145,11 +145,11 @@ A deployment can be configured to trust all or specific deployments in any envir ```yaml instances: - name: "node1" - dns: ["node1.mydomain.com"] + dns: [""] ip: ["192.0.2.1"] cn: ["node1.node.1234567abcd.cluster.myscope.account"] - name: "node2" - dns: ["node2.mydomain.com"] + dns: [""] ip: ["192.0.2.2"] cn: ["node2.node.1234567abcd.cluster.myscope.account"] ``` diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md index ba16a71245..711698f080 100644 --- a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md +++ b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md @@ -145,11 +145,11 @@ A deployment can be configured to trust all or specific deployments in any envir ```yaml instances: - name: "node1" - dns: ["node1.mydomain.com"] + dns: [""] ip: ["192.0.2.1"] cn: ["node1.node.1234567abcd.cluster.myscope.account"] - name: "node2" - dns: ["node2.mydomain.com"] + dns: [""] ip: ["192.0.2.2"] cn: ["node2.node.1234567abcd.cluster.myscope.account"] ``` From 2c8a362f13cabfe5bee83be68909200cbaeb9b2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Wed, 29 Oct 2025 17:09:27 +0100 Subject: [PATCH 5/6] TLS certs step aligned between ECE and ECH docs --- .../ec-remote-cluster-self-managed.md | 22 +++++++++---------- .../ece-remote-cluster-self-managed.md | 21 +++++++++--------- 2 files changed, 20 insertions(+), 23 deletions(-) diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md index a931da9b02..8c4e51cd43 100644 --- a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md +++ b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md @@ -159,18 +159,16 @@ A deployment can be configured to trust all or specific deployments in any envir * All the clusters in an {{ecloud}} region are signed by the same certificate authority. Therefore, adding this CA would make the self-managed cluster trust all the clusters in that region, including clusters from other organizations. This can be limited using the setting `xpack.security.transport.ssl.trust_restrictions.path` which points to a file that limits the certificates to trust based on their `otherName`-attribute. * For example, the following file would trust: - * two specific clusters with the cluster IDs `aaaabbbbaaaabbbb`<1> and `xxxxyyyyxxxxyyyy`<2> from an organization with organization ID `1053523734` - * <3> any cluster from an organization with organization ID `83988631` - * <4> The nodes from its own cluster (whose certificates follow a different convention: `CN = node1.`, `CN = node2.` and `CN = node3.`) - - -``` - trust.subject_name: - - *.node.aaaabbbbaaaabbbb.cluster.1053523734.account - - *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account - - *.node.*.cluster.83988631.account - - node*. -``` + ```yaml + trust.subject_name: + - *.node.aaaabbbbaaaabbbb.cluster.1053523734.account <1> + - *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account <1> + - *.node.*.cluster.83988631.account <2> + - node*. <3> + ``` + 1. two specific clusters with cluster ids `aaaabbbbaaaabbbb` and `xxxxyyyyxxxxyyyy` in an ECE environment with Environment ID `1053523734` + 2. any cluster from an ECE environment with Environment ID `83988631` + 3. the nodes from its own cluster (whose certificates follow a different convention: `CN = node1.`, `CN = node2.` and `CN = node3.`) ::::{tip} Generate new node certificates for an entire cluster using the file input mode of the certutil. diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md index 711698f080..1be5da8f7a 100644 --- a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md +++ b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md @@ -159,17 +159,16 @@ A deployment can be configured to trust all or specific deployments in any envir * All the clusters in your {{ece}} environment are signed by the same certificate authority. Therefore, adding this CA would make the self-managed cluster trust all your clusters in your ECE environment. This should be limited using the setting `xpack.security.transport.ssl.trust_restrictions.path` in [`elasticsearch.yml`](/deploy-manage/stack-settings.md), which points to a file that limits the certificates to trust based on their `otherName`-attribute. * For example, the following file would trust: - ```yaml - trust.subject_name: - - *.node.aaaabbbbaaaabbbb.cluster.1053523734.account <1> - - *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account <1> - - *.node.*.cluster.83988631.account <2> - - node*. <4> - ``` - - 1. two specific clusters with cluster ids `aaaabbbbaaaabbbb` and `xxxxyyyyxxxxyyyy` in an ECE environment with Environment ID `1053523734` - 2. any cluster from an ECE environment with Environment ID `83988631` - 3. the nodes from its own cluster (whose certificates follow a different convention: `CN = node1.`, `CN = node2.` and `CN = node3.`) + ```yaml + trust.subject_name: + - *.node.aaaabbbbaaaabbbb.cluster.1053523734.account <1> + - *.node.xxxxyyyyxxxxyyyy.cluster.1053523734.account <1> + - *.node.*.cluster.83988631.account <2> + - node*. <3> + ``` + 1. two specific clusters with cluster ids `aaaabbbbaaaabbbb` and `xxxxyyyyxxxxyyyy` in an ECE environment with Environment ID `1053523734` + 2. any cluster from an ECE environment with Environment ID `83988631` + 3. the nodes from its own cluster (whose certificates follow a different convention: `CN = node1.`, `CN = node2.` and `CN = node3.`) ::::{tip} Generate new node certificates for an entire cluster using the file input mode of the certutil. From 1014e76ae07cbf719b2c21bfb7221e09e9098907 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edu=20Gonz=C3=A1lez=20de=20la=20Herr=C3=A1n?= <25320357+eedugon@users.noreply.github.com> Date: Wed, 29 Oct 2025 18:02:46 +0100 Subject: [PATCH 6/6] caps updated --- .../remote-clusters/ec-remote-cluster-self-managed.md | 6 +++--- .../remote-clusters/ece-remote-cluster-self-managed.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md index 8c4e51cd43..f52f5250c8 100644 --- a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md +++ b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md @@ -166,9 +166,9 @@ A deployment can be configured to trust all or specific deployments in any envir - *.node.*.cluster.83988631.account <2> - node*. <3> ``` - 1. two specific clusters with cluster ids `aaaabbbbaaaabbbb` and `xxxxyyyyxxxxyyyy` in an ECE environment with Environment ID `1053523734` - 2. any cluster from an ECE environment with Environment ID `83988631` - 3. the nodes from its own cluster (whose certificates follow a different convention: `CN = node1.`, `CN = node2.` and `CN = node3.`) + 1. Two specific clusters with cluster ids `aaaabbbbaaaabbbb` and `xxxxyyyyxxxxyyyy` in an ECE environment with Environment ID `1053523734` + 2. Any cluster from an ECE environment with Environment ID `83988631` + 3. The nodes from its own cluster (whose certificates follow a different convention: `CN = node1.`, `CN = node2.` and `CN = node3.`) ::::{tip} Generate new node certificates for an entire cluster using the file input mode of the certutil. diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md index 1be5da8f7a..42ccac69bb 100644 --- a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md +++ b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md @@ -166,9 +166,9 @@ A deployment can be configured to trust all or specific deployments in any envir - *.node.*.cluster.83988631.account <2> - node*. <3> ``` - 1. two specific clusters with cluster ids `aaaabbbbaaaabbbb` and `xxxxyyyyxxxxyyyy` in an ECE environment with Environment ID `1053523734` - 2. any cluster from an ECE environment with Environment ID `83988631` - 3. the nodes from its own cluster (whose certificates follow a different convention: `CN = node1.`, `CN = node2.` and `CN = node3.`) + 1. Two specific clusters with cluster ids `aaaabbbbaaaabbbb` and `xxxxyyyyxxxxyyyy` in an ECE environment with Environment ID `1053523734` + 2. Any cluster from an ECE environment with Environment ID `83988631` + 3. The nodes from its own cluster (whose certificates follow a different convention: `CN = node1.`, `CN = node2.` and `CN = node3.`) ::::{tip} Generate new node certificates for an entire cluster using the file input mode of the certutil.