System administration
sgadmin offers some handy and powerful switches for administering a Search Guard secured Elasticsearch custer.
Index and replica settings
The following switched control the Search Guard index settings.
Name | Description |
---|---|
-er | Set explicit number of replicas or autoexpand expression for searchguard index |
-era | Enable replica auto-expand. |
-dra | Disable replica auto-expand. |
-us | Update the replica settings. |
The first time you run sgadmin.sh, the -us
, -era
, dra
, and -rl
(reload configuration), flags can cause the initial setup to fail, as the searchguard index does not yet exist.
See chapter index management for more details on how the Search Guard index is structured and how to manage it.
Cache invalidation
Search Guard by default caches authenticated users and their roles and permissions for one hour. You can invalidate the cache by reloading the Search Guard configuration:
./sgadmin.sh -rl -ts ... -tspass ... -ks ... -kspass ...
| Name | Description | |—|—| | -rl | reload the current Search Guard configuration stored in your cluster, invalidating any cached users, roles and permissions.|
Rescue tools
Name | Description |
---|---|
-dci | Delete the Search Guard configuration index and exit. May be useful if the cluster state is red due to a corrupt Search Guard index. |
-esa | Enable shard allocation and exit. May be useful if you disabled shard allocation while performing a full cluster restart, and you need to recreate the Search Guard index. |
License information
Name | Description |
---|---|
-si | Displays the currently active Search Guard license |
Whoami
Name | Description |
---|---|
-w | Displays information about the used admin certificate |