-
Notifications
You must be signed in to change notification settings - Fork 97
Update s3-repository docs after upgrade #1356
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 6 commits
Commits
Show all changes
11 commits
Select commit
Hold shift + click to select a range
057eb4e
Update s3-repository docs after upgrade
nicktindall e555217
Update s3-repository.md
nicktindall 3481a19
Update s3-repository.md
nicktindall e58411f
Update s3-repository.md
nicktindall 4a159fc
Region description
nicktindall 21db89b
Default for endpoint setting
nicktindall 1c3b4ea
Update deploy-manage/tools/snapshot-and-restore/s3-repository.md
nicktindall b95c62c
Reinstate protocol description
nicktindall 20a1688
Whitespace
nicktindall f3016cb
Update deploy-manage/tools/snapshot-and-restore/s3-repository.md
nicktindall 63d4e67
Merge branch 'main' into nicktindall-s3-repo-settings
nicktindall File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -77,6 +77,9 @@ Define the relevant secure settings in each node’s keystore before starting th | |
|
||
The following list contains the available client settings. Those that must be stored in the keystore are marked as "secure" and are **reloadable**; the other settings belong in the [`elasticsearch.yml`](/deploy-manage/stack-settings.md) file. | ||
|
||
`region` | ||
: Specifies the region to use. When configured this value will determine the signing region and regional endpoint to use, unless the endpoint is overridden via the `endpoint` setting. If not specified, we will attempt to determine the region automatically using the SDK. | ||
|
||
`access_key` ([Secure](/deploy-manage/security/secure-settings.md), [reloadable](../../security/secure-settings.md#reloadable-secure-settings)) | ||
: An S3 access key. If set, the `secret_key` setting must also be specified. If unset, the client will use the instance or container role instead. | ||
|
||
|
@@ -87,10 +90,7 @@ The following list contains the available client settings. Those that must be st | |
: An S3 session token. If set, the `access_key` and `secret_key` settings must also be specified. | ||
|
||
`endpoint` | ||
: The S3 service endpoint to connect to. This defaults to `s3.amazonaws.com` but the [AWS documentation](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) lists alternative S3 endpoints. If you are using an [S3-compatible service](#repository-s3-compatible-services) then you should set this to the service’s endpoint. | ||
|
||
`protocol` | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This setting is now in use again, see #127744. It's deprecated, users should be setting I support moving the info about the trust store to the |
||
: The protocol to use to connect to S3. Valid values are either `http` or `https`. Defaults to `https`. When using HTTPS, this repository type validates the repository’s certificate chain using the JVM-wide truststore. Ensure that the root certificate authority is in this truststore using the JVM’s `keytool` tool. If you have a custom certificate authority for your S3 repository and you use the {{es}} [bundled JDK](../../deploy/self-managed/installing-elasticsearch.md#jvm-version), then you will need to reinstall your CA certificate every time you upgrade {{es}}. | ||
: The S3 service endpoint to connect to. This defaults to the regional endpoint corresponding to the configured `region`, but the [AWS documentation](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) lists alternative S3 endpoints. If you are using an [S3-compatible service](#repository-s3-compatible-services) then you should set this to the service’s endpoint. The endpoint should specify the protocol and host name, e.g. `https://s3.ap-southeast-4.amazonaws.com`, `http://minio.local:9000`. When using HTTPS, this repository type validates the repository’s certificate chain using the JVM-wide truststore. Ensure that the root certificate authority is in this truststore using the JVM’s `keytool` tool. If you have a custom certificate authority for your S3 repository and you use the {{es}} [bundled JDK](../../deploy/self-managed/installing-elasticsearch.md#jvm-version), then you will need to reinstall your CA certificate every time you upgrade {{es}}. | ||
nicktindall marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
`proxy.host` | ||
: The host name of a proxy to connect to S3 through. | ||
|
@@ -116,9 +116,6 @@ The following list contains the available client settings. Those that must be st | |
`max_retries` | ||
: The number of retries to use when an S3 request fails. The default value is `3`. | ||
|
||
`use_throttle_retries` | ||
: Whether retries should be throttled (i.e. should back off). Must be `true` or `false`. Defaults to `true`. | ||
|
||
`path_style_access` | ||
: Whether to force the use of the path style access pattern. If `true`, the path style access pattern will be used. If `false`, the access pattern will be automatically determined by the AWS Java SDK (See [AWS documentation](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/AmazonS3Builder.html#setPathStyleAccessEnabled-java.lang.Boolean-) for details). Defaults to `false`. | ||
|
||
|
@@ -132,12 +129,6 @@ In versions `7.0`, `7.1`, `7.2` and `7.3` all bucket operations used the [now-de | |
`disable_chunked_encoding` | ||
: Whether chunked encoding should be disabled or not. If `false`, chunked encoding is enabled and will be used where appropriate. If `true`, chunked encoding is disabled and will not be used, which may mean that snapshot operations consume more resources and take longer to complete. It should only be set to `true` if you are using a storage service that does not support chunked encoding. See the [AWS Java SDK documentation](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/AmazonS3Builder.html#disableChunkedEncoding--) for details. Defaults to `false`. | ||
|
||
`region` | ||
: Allows specifying the signing region to use. Specificing this setting manually should not be necessary for most use cases. Generally, the SDK will correctly guess the signing region to use. It should be considered an expert level setting to support S3-compatible APIs that require [v4 signatures](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) and use a region other than the default `us-east-1`. Defaults to empty string which means that the SDK will try to automatically determine the correct signing region. | ||
|
||
`signer_override` | ||
: Allows specifying the name of the signature algorithm to use for signing requests by the S3 client. Specifying this setting should not be necessary for most use cases. It should be considered an expert level setting to support S3-compatible APIs that do not support the signing algorithm that the SDK automatically determines for them. See the [AWS Java SDK documentation](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#setSignerOverride-java.lang.String-) for details. Defaults to empty string which means that no signing algorithm override will be used. | ||
|
||
|
||
## Repository settings [repository-s3-repository] | ||
|
||
|
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.