-
Notifications
You must be signed in to change notification settings - Fork 24.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DOCS] Clarify security aspects for CCR #40724
Comments
Pinging @elastic/es-distributed |
[docs issue triage] Leaving open. This is still relevant. |
Pinging @elastic/es-security (:Security/Security) |
@tahaderouiche, are the steps for configuring security between the cluster containing the leader index and the remote clusters the same as configuring security for clusters using CCS? You mentioned that both rely on the same mechanism, so perhaps we can clean up and clarify the instructions for Configuring security for CCS and then share much of that information with a new page for configuring security for CCR. |
@lockewritesdocs Both CCS and CCR have two steps for their configuration. The first step is to setup the general trust relationship between the two clusters. The second step is about actually setting up the permissions around them. The first step is the same for both CCS and CCR. Hence their security concern is also the same and this includes permissions to `PUT _cluster/settings' and relevant TLS trust setup at transport layer. The second step is different and CCS is simpler compared to CCR. One thing in common is that they both require the same role names on both local and remote clusters to be used for their configuration. Please note what really matters is the role names, actual definitions of the role can be different on different clusters and in fact they are often different. CCS
CCR
|
Description: Explain how security/trust works between a local(follow) cluster and remote (leader) cluster.
Similar to what is being done in CCS, it would be great to clarify how security works for CCR.
Both rely on the same mechanism, so it would be about rephrasing for the CCR context.
The text was updated successfully, but these errors were encountered: