santerikainulainen/ansible-role-elasticsearch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add an option to not upload SSL/TLS certs (#727)

Browse source
This commit is contained in:
Samuel Mutel 2020-10-12 10:02:25 +02:00 committed by GitHub
parent 2a3793ce82
commit fdfaa5c888
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/ssl-tls-setup.md
View file

@ -2,6 +2,8 @@
The role allows configuring HTTP and transport layer SSL/TLS for the cluster. You will need to generate and provide your own PKCS12 or PEM encoded certificates as described in [Encrypting communications in Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/7.4/configuring-tls.html#configuring-tls).
By default this role will upload the certs to your elasticsearch servers. If you already copied the certs by your own way, set `es_ssl_upload` to `false` (default: `true`)
If you don't want this role to add autogenerated SSL configuration to elasticsearch.yml set `es_enable_auto_ssl_configuration` to `false` (default: `true`).
The following should be configured to ensure a security-enabled cluster successfully forms: