Closed joshuar closed 7 years ago
@jaymode could you provide more info about what settings should be migrated here?
I went through the changes and I believe I've captured it all below.
Settings that map to a new setting:
Shield Setting | X-Pack Setting | Notes |
---|---|---|
shield.ssl | xpack.security.transport.ssl.enabled | |
shield.ssl.ciphers | xpack.ssl.cipher_suites | |
shield.ssl.hostname_verification | xpack.ssl.verification_mode | Values changed as well. true in shield maps to full and false maps to none |
shield.transport.ssl.client.auth | xpack.ssl.client_authentication | No longer accepts true or false . One of required , optional , or none |
shield.http.ssl | xpack.security.http.ssl.enabled | |
shield.http.ssl.client.auth | xpack.security.http.ssl.client_authentication | No longer accepts true or false . One of required , optional , or none |
transport.profiles.$PROFILE.shield.ssl | transport.profiles.$PROFILE.xpack.security.ssl.enabled | |
transport.profiles.$PROFILE.shield.ciphers | transport.profiles.$PROFILE.xpack.security.ssl.cipher_suites | |
transport.profiles.$PROFILE.shield.hostname_verification | transport.profiles.$PROFILE.xpack.security.ssl.verification_mode | See note above on verification mode |
transport.profiles.$PROFILE.shield.ssl.client.auth | transport.profiles.$PROFILE.xpack.security.ssl.client_authentication | No longer accepts true or false . One of required , optional , or none |
shield.authc.realms.$REALM_NAME.hostname_verification | xpack.security.authc.realms.$REALM_NAME.ssl.verification_mode | See note above on verification mode |
The following settings have been removed:
For the other settings under shield.ssl.
, these have simply been renamed to xpack.ssl.
Migrating from keystores to the PEM files is probably ok to leave out of the migration tool as it is not necessary but the changes above are.
thanks @jaymode
Closed by f5beadd4541bed49a07658d2cc2c64f4c87f4b67
Currently, the migration seems to ignore settings like:
shield.ssl.keystore.*
. It should suggest migrating these config options to the new PEM based options (xpack.ssl.key
,xpack.ssl.certificate
andxpack.ssl.certificate_authorities
)?