Cmd line tool talks HTTP with the local node only

[albertzaharovits]

We have added two new cmd line tools that only talk to the local node, see BaseRunAsSuperuserCommand. It was intentional that the level of access privilege to invoke these tools be that of the system adminitrator, the one which usually deals with the TLS keys and file based credentials.

The issue we're seeing is that the tools have to rely on guessing the local node's http network socket. The elasticsearch.yml is helpful, but there's still guessing involved, see https://github.com/elastic/elasticsearch/issues/80481 . If the guesing is wrong the tool throws connection or certificate verify exceptions which then requires some reasoning from the human.

Can we make it easier to automatically figure out the HTTP network socket of the node, given access to its config directory, ie output the node.portsfile? Alternatively, could we open a UNIX domain socket?

Are there other cases where we might need that a cmd line tool only be able to talk to the local node?

• Node shutdown ?

[elasticmachine]

Pinging @elastic/es-core-infra (Team:Core/Infra)

[elasticmachine]

Pinging @elastic/es-security (Team:Security)