Skip to content

WIP: Avoid localhost as Elasticsearch default

Caleb Cooper requested to merge calebcooper-remove-localhost-reference into master

What does this MR do?

The current recommendation within our Elasticsearch integration document is to install Elasticsearch on a separate host from the host on which GitLab is installed. There are several places within the code, including the Elasticsearch URL Setting Helper that currently include examples which points to localhost or which default to http://localhost:9200. This suggests to administrators that localhost (the GitLab server) is the default place to put Elasticsearch and can lead to poorly provisioned search infrastructure.

This change adjusts those examples to use host1 and host2 instead of localhost to match what is described in the GitLab Elasticsearch configuration documentation or to remove the default so that http://localhost:9200 is not assumed.

Screenshots

The Elasticsearch intergrations settings screen with examples using http://localhost:9200.

elastic-search-settings

The documentation of installing Elasticsearch with warning about localhost.

installing-elasticsearch-warning

The documentation of the URL field in the Elasticsearch settings.

elasticsearch-config-url-description

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Caleb Cooper

Merge request reports

Loading