Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 0421c4fe9b
Branches Tags
elasticsearch
/
docs
/
reference
/
modules
/
remote-clusters.asciidoc

remote-clusters.asciidoc 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 
  1. [[remote-clusters]]
    2. 

  2. == Remote clusters
    3. 

  3. You can connect a local cluster to other {es} clusters, known as _remote
    4. 

  4. clusters_. Remote clusters can be located in different datacenters or 
    5. 

  5. geographic regions, and contain indices or data streams that can be replicated
    6. 

  6. with {ccr} or searched by a local cluster using {ccs}.
    7. 

  7. 

  8. [[remote-clusters-ccr]]
    9. 

  9. [discrete]
    10. 

  10. === {ccr-cap}
    11. 

  11. 

  12. With <<xpack-ccr,{ccr}>>, you ingest data to an index on a remote cluster. This
    13. 

  13. _leader_ index is replicated to one or more read-only _follower_ indices on your
    14. 

  14. local cluster. Creating a multi-cluster architecture with {ccr} enables you to
    15. 

  15. configure disaster recovery, bring data closer to your users, or establish a
    16. 

  16. centralized reporting cluster to process reports locally.
    17. 

  17. 

  18. [[remote-clusters-ccs]]
    19. 

  19. [discrete]
    20. 

  20. === {ccs-cap}
    21. 

  21. 

  22. <<modules-cross-cluster-search,{ccs-cap}>> enables you to run a search request
    23. 

  23. against one or more remote clusters. This capability provides each region with a
    24. 

  24. global view of all clusters, allowing you to send a search request from a local
    25. 

  25. cluster and return results from all connected remote clusters. For full {ccs}
    26. 

  26. capabilities, the local and remote cluster must be on the same
    27. 

  27. {subscriptions}[subscription level].
    28. 

  28. 

  29. [[add-remote-clusters]]
    30. 

  30. [discrete]
    31. 

  31. === Add remote clusters
    32. 

  32. 

  33. To add remote clusters, you can choose between
    34. 

  34. <<remote-clusters-security-models,two security models>> and
    35. 

  35. <<sniff-proxy-modes,two connection modes>>. Both security models are compatible
    36. 

  36. with either of the connection modes.
    37. 

  37. 

  38. [[remote-clusters-security-models]]
    39. 

  39. [discrete]
    40. 

  40. ==== Security models
    41. 

  41. 

  42. API key based security model::
    43. 

  43. beta:[]
    44. 

  44. For clusters on version 8.10 or later, you can use an API key to authenticate
    45. 

  45. and authorize cross-cluster operations to a remote cluster. This model offers
    46. 

  46. administrators of both the local and the remote cluster fine-grained access
    47. 

  47. controls. <<remote-clusters-api-key>>.
    48. 

  48. 

  49. Certificate based security model::
    50. 

  50. Uses mutual TLS authentication for cross-cluster operations. User authentication
    51. 

  51. is performed on the local cluster and a user's role names are passed to the 
    52. 

  52. remote cluster. In this model, a superuser on the local cluster gains total read
    53. 

  53. access to the remote cluster, so it is only suitable for clusters that are in
    54. 

  54. the same security domain. <<remote-clusters-cert>>.
    55. 

  55. 

  56. [[sniff-proxy-modes]]
    57. 

  57. [discrete]
    58. 

  58. ==== Connection modes
    59. 

  59. 

  60. [[sniff-mode]]
    61. 

  61. Sniff mode::
    62. 

  62. In sniff mode, a cluster is created using a name and a list of seed nodes. When
    63. 

  63. a remote cluster is registered, its cluster state is retrieved from one of the
    64. 

  64. seed nodes and up to three _gateway nodes_ are selected as part of remote
    65. 

  65. cluster requests. This mode requires that the gateway node's publish addresses
    66. 

  66. are accessible by the local cluster.
    67. 

  67. +
    68. 

  68. Sniff mode is the default connection mode.
    69. 

  69. +
    70. 

  70. [[gateway-nodes-selection]]
    71. 

  71. The _gateway nodes_ selection depends on the following criteria:
    72. 

  72. +
    73. 

  73. * *version*: Remote nodes must be compatible with the cluster they are
    74. 

  74. registered to.
    75. 

  75. * *role*: By default, any non-<<master-node,master-eligible>> node can act as a
    76. 

  76. gateway node. Dedicated master nodes are never selected as gateway nodes.
    77. 

  77. * *attributes*: You can define the gateway nodes for a cluster by setting
    78. 

  78. <<cluster-remote-node-attr,`cluster.remote.node.attr.gateway`>> to `true`.
    79. 

  79. However, such nodes still have to satisfy the two above requirements.
    80. 

  80. 

  81. [[proxy-mode]]
    82. 

  82. Proxy mode::
    83. 

  83. In proxy mode, a cluster is created using a name and a single proxy address.
    84. 

  84. When you register a remote cluster, a configurable number of socket connections
    85. 

  85. are opened to the proxy address. The proxy is required to route those
    86. 

  86. connections to the remote cluster. Proxy mode does not require remote cluster
    87. 

  87. nodes to have accessible publish addresses.
    88. 

  88. +
    89. 

  89. The proxy mode is not the default connection mode and must be configured.
    90. 

  90. Proxy mode has the same <<gateway-nodes-selection, version compatibility
    91. 

  91. requirements>> as sniff mode.
    92. 

  92. 

  93. include::cluster/remote-clusters-api-key.asciidoc[]
    94. 

  94. 

  95. include::cluster/remote-clusters-cert.asciidoc[]
    96. 

  96. 

  97. include::cluster/remote-clusters-migration.asciidoc[]
    98. 

  98. 

  99. include::cluster/remote-clusters-settings.asciidoc[]
    100. 

  100. 

  101. include::cluster/remote-clusters-troubleshooting.asciidoc[]
    102.