yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
03e77f3e5b0080047fdcb72efdfd3333dd3bcf92
doc-exports/docs/css/umn/css_01_0076.html
zhengxiu 93d856d5c5 css umn 25.6.0 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: zhengxiu <zhengxiu@huawei.com>
Co-committed-by: zhengxiu <zhengxiu@huawei.com>
2025-11-25 11:34:43 +00:00

61 lines
14 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001965416697"></a><a name="EN-US_TOPIC_0000001965416697"></a>
<h1 class="topictitle1">Configuring Public Network Access for an Elasticsearch Cluster</h1>
<div id="body1568692028995"><p id="EN-US_TOPIC_0000001965416697__p56972318426">When public network access is enabled for an Elasticsearch cluster, the cluster is automatically assigned a public IP address with dedicated dynamic BGP bandwidth, making it accessible from the Internet via HTTPS. You can configure public network access control by IP addresses or IP address ranges.</p>
<p id="EN-US_TOPIC_0000001965416697__en-us_topic_0000001223434404_p8060118">To enable public network access for Elasticsearch clusters, a shared load balancer is typically used for load balancing. If your workloads require quicker access, you are advised to use a dedicated load balancer to connect to your clusters. For details about its configuration, see <a href="css_01_0181.html">Configuring a Dedicated Load Balancer for an Elasticsearch Cluster</a>.</p>
<div class="section" id="EN-US_TOPIC_0000001965416697__section0594164011518"><h4 class="sectiontitle">Constraints</h4><ul id="EN-US_TOPIC_0000001965416697__ul16345551125110"><li id="EN-US_TOPIC_0000001965416697__li2034510517515">Enabling public network access for a CSS cluster may incur some fees, as it will need to use EIP and bandwidth resources.</li><li id="EN-US_TOPIC_0000001965416697__li11702172312528">To enable public network access for an Elasticsearch cluster, two conditions must be met: the cluster version is 6.5.4 or later; the security mode and HTTPS access are both enabled.</li><li id="EN-US_TOPIC_0000001965416697__li11530152413476">Public network access and the VPC Endpoint service share a load balancer. If you configure a whitelist for public network access, and because this whitelist is deployed to the shared load balancer, it will control not only access from the public network, but also access using private IP addresses through VPCEP. In this case, you need to add IP address <strong id="EN-US_TOPIC_0000001965416697__b2474121113146">198.19.128.0/17</strong> to the public network access whitelist to allow traffic through VPCEP.</li></ul>
</div>
<div class="section" id="EN-US_TOPIC_0000001965416697__section1123543011273"><h4 class="sectiontitle">Enabling Public Network Access</h4><p id="EN-US_TOPIC_0000001965416697__p198113732718">To enable public network access for an existing cluster, perform the following steps:</p>
<ol id="EN-US_TOPIC_0000001965416697__ol787502953312"><li id="EN-US_TOPIC_0000001965416697__li15867733418"><span id="EN-US_TOPIC_0000001965416697__ph35861723411">Log in to the CSS management console.</span></li><li id="EN-US_TOPIC_0000001965416697__li2194161984010">In the navigation pane on the left, choose <span class="uicontrol" id="EN-US_TOPIC_0000001965416697__uicontrol45087328585125"><b>Clusters &gt; Elasticsearch</b></span>.</li><li id="EN-US_TOPIC_0000001965416697__li1219431918401">In the cluster list, click the name of the target cluster. The cluster information page is displayed.</li><li id="EN-US_TOPIC_0000001965416697__li719441912401">On the <strong id="EN-US_TOPIC_0000001965416697__b149147376531236">Overview</strong> tab, check whether <strong id="EN-US_TOPIC_0000001965416697__b149234990631236">Security Mode</strong> and <strong id="EN-US_TOPIC_0000001965416697__b158081769231236">HTTPS Access</strong> are enabled in the <strong id="EN-US_TOPIC_0000001965416697__b115361661231236">Configuration</strong> area.<ul id="EN-US_TOPIC_0000001965416697__ul82711738173520"><li id="EN-US_TOPIC_0000001965416697__li8271138133515">If they are enabled, go to the next step to enable public network access.</li><li id="EN-US_TOPIC_0000001965416697__li18806124619351">If either one is disabled, public network access cannot be enabled for the cluster.</li></ul>
</li><li id="EN-US_TOPIC_0000001965416697__li1352113213317">Click <strong id="EN-US_TOPIC_0000001965416697__b60607133831236">Enable</strong> next to <strong id="EN-US_TOPIC_0000001965416697__b80003594731236">Public Network Access</strong>. In the displayed dialog box, configure the necessary settings.
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001965416697__table1914017124313" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Enabling public network access</caption><thead align="left"><tr id="EN-US_TOPIC_0000001965416697__row2014171273119"><th align="left" class="cellrowborder" valign="top" width="30%" id="mcps1.3.4.3.5.3.2.3.1.1"><p id="EN-US_TOPIC_0000001965416697__p51413129311">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="70%" id="mcps1.3.4.3.5.3.2.3.1.2"><p id="EN-US_TOPIC_0000001965416697__p114151273115">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001965416697__row314101223115"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.4.3.5.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001965416697__p201414128314">Bandwidth</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.4.3.5.3.2.3.1.2 "><p id="EN-US_TOPIC_0000001965416697__p9444131914488">Cluster bandwidth for public network access.</p>
<p id="EN-US_TOPIC_0000001965416697__p7161153419484">Value range: 1 Mbit/s to 200 Mbit/s</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001965416697__row191431121319"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.4.3.5.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001965416697__p01438125319">Configure Whitelist</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.4.3.5.3.2.3.1.2 "><div class="p" id="EN-US_TOPIC_0000001965416697__p140965118482">Control public network access to the cluster using a whitelist.<ul id="EN-US_TOPIC_0000001965416697__en-us_topic_0000002271391389_ul101451012193110"><li id="EN-US_TOPIC_0000001965416697__en-us_topic_0000002271391389_li414512121317">If a whitelist is configured, only IP addresses that are on this whitelist can access the cluster over the public network.<p id="EN-US_TOPIC_0000001965416697__en-us_topic_0000002271391389_p8145181243119"><a name="EN-US_TOPIC_0000001965416697__en-us_topic_0000002271391389_li414512121317"></a><a name="en-us_topic_0000002271391389_li414512121317"></a>Click <span class="uicontrol" id="EN-US_TOPIC_0000001965416697__en-us_topic_0000002271391389_uicontrol11230165593113"><b>+Add</b></span>. In the displayed text box, enter IP addresses or CIDR blocks that are allowed to access the cluster from the public network. Separate them using commas (,). Each value must be unique. An example of valid values: <span class="parmvalue" id="EN-US_TOPIC_0000001965416697__en-us_topic_0000002271391389_parmvalue11870143143014"><b>192.168.1.1,10.0.0.0/24</b></span>. Examples of invalid values: <span class="parmvalue" id="EN-US_TOPIC_0000001965416697__en-us_topic_0000002271391389_parmvalue188708432306"><b>0.0.0.0</b></span>, <span class="parmvalue" id="EN-US_TOPIC_0000001965416697__en-us_topic_0000002271391389_parmvalue81461128311"><b>xx.xx.xx.xx/0</b></span>, <span class="parmvalue" id="EN-US_TOPIC_0000001965416697__en-us_topic_0000002271391389_parmvalue3871144383011"><b>172.16.0.0-172.16.255.255</b></span>, non-standard formats (e.g., <span class="parmvalue" id="EN-US_TOPIC_0000001965416697__en-us_topic_0000002271391389_parmvalue78711743173019"><b>192.168.1</b></span>), and duplicate values.</p>
</li><li id="EN-US_TOPIC_0000001965416697__en-us_topic_0000002271391389_li91461127310">If no whitelist is configured, all public IP addresses can access the cluster. However, this can be a security risk and should be avoided.</li></ul>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="EN-US_TOPIC_0000001965416697__li1064632824115">Click <strong id="EN-US_TOPIC_0000001965416697__b133836916831236">OK</strong> to enable public network access.<p id="EN-US_TOPIC_0000001965416697__p145151711285">After public network access is enabled, the public IP address, public network access control, and bandwidth information is displayed.</p>
</li></ol>
</div>
<div class="section" id="EN-US_TOPIC_0000001965416697__section17810256165615"><h4 class="sectiontitle">Managing Public Network Access</h4><p id="EN-US_TOPIC_0000001965416697__p1629661118578">When public network access is enabled, you can check the public IP address, and modify the bandwidth and access control settings.</p>
<ol id="EN-US_TOPIC_0000001965416697__ol15715624402"><li id="EN-US_TOPIC_0000001965416697__li175710261904"><span id="EN-US_TOPIC_0000001965416697__ph275872614017">Log in to the CSS management console.</span></li><li id="EN-US_TOPIC_0000001965416697__li6758226701">In the navigation pane on the left, choose <span class="uicontrol" id="EN-US_TOPIC_0000001965416697__uicontrol194704334885125"><b>Clusters &gt; Elasticsearch</b></span>.</li><li id="EN-US_TOPIC_0000001965416697__li575813261004">In the cluster list, click the name of the target cluster. The cluster information page is displayed.</li><li id="EN-US_TOPIC_0000001965416697__li9758182613014">On the <strong id="EN-US_TOPIC_0000001965416697__b127314595731236">Overview</strong> tab, manage public network access settings in the <strong id="EN-US_TOPIC_0000001965416697__b139915782731236">Configuration</strong> area.<ul id="EN-US_TOPIC_0000001965416697__ul141803431533"><li id="EN-US_TOPIC_0000001965416697__li61801743936"><strong id="EN-US_TOPIC_0000001965416697__b19764141716110">Checking the public IP address</strong><p id="EN-US_TOPIC_0000001965416697__p191479451236">Record the IP address and port number displayed next to <strong id="EN-US_TOPIC_0000001965416697__b125883031731236">Public Network Access</strong>.</p>
</li><li id="EN-US_TOPIC_0000001965416697__li118017431932"><strong id="EN-US_TOPIC_0000001965416697__b545513204118">Modifying public network access control settings</strong><p id="EN-US_TOPIC_0000001965416697__p1732916461731">Click <strong id="EN-US_TOPIC_0000001965416697__b204397584031236">Modify</strong> next to <strong id="EN-US_TOPIC_0000001965416697__b148796205831236">Public Network Access Control</strong>. In the displayed dialog box, add or remove IP addresses or CIDR blocks to or from the whitelist. Click <strong id="EN-US_TOPIC_0000001965416697__b199435270431236">OK</strong> to save the change.</p>
</li><li id="EN-US_TOPIC_0000001965416697__li618116431033"><strong id="EN-US_TOPIC_0000001965416697__b1121512231911">Modifying public network bandwidth</strong><p id="EN-US_TOPIC_0000001965416697__p142361363514">Click <strong id="EN-US_TOPIC_0000001965416697__b19986717731236">Modify</strong> next to <strong id="EN-US_TOPIC_0000001965416697__b43439228231236">Bandwidth</strong>. In the displayed dialog box, change the bandwidth. Click <strong id="EN-US_TOPIC_0000001965416697__b210569147031236">OK</strong> to save the change.</p>
</li></ul>
</li></ol>
</div>
<div class="section" id="EN-US_TOPIC_0000001965416697__section52701848387"><h4 class="sectiontitle">Disabling Public Network Access</h4><p id="EN-US_TOPIC_0000001965416697__p2036473691">If public network access is no longer required for a cluster, disable it to release resources.</p>
<div class="warning" id="EN-US_TOPIC_0000001965416697__note1540819143101"><span class="warningtitle"><img src="public_sys-resources/warning_3.0-en-us.png"> </span><div class="warningbody"><p id="EN-US_TOPIC_0000001965416697__p1852772311103">After the public IP address is disassociated, the cluster can no longer be accessed from the Internet through this IP address. If you disable public network access for a cluster and then re-enable it, the public IP address for accessing the cluster may change. Exercise caution.</p>
</div></div>
<ol id="EN-US_TOPIC_0000001965416697__ol46494372104"><li id="EN-US_TOPIC_0000001965416697__li1764963713104"><span id="EN-US_TOPIC_0000001965416697__ph864953731011">Log in to the CSS management console.</span></li><li id="EN-US_TOPIC_0000001965416697__li1365043721015">In the navigation pane on the left, choose <span class="uicontrol" id="EN-US_TOPIC_0000001965416697__uicontrol20989864385125"><b>Clusters &gt; Elasticsearch</b></span>.</li><li id="EN-US_TOPIC_0000001965416697__li1765023731019">In the cluster list, click the name of the target cluster. The cluster information page is displayed.</li><li id="EN-US_TOPIC_0000001965416697__li111591157111515">On the <strong id="EN-US_TOPIC_0000001965416697__b56443827331236">Overview</strong> tab, find <strong id="EN-US_TOPIC_0000001965416697__b77805614731236">Public Network Access</strong> in the <strong id="EN-US_TOPIC_0000001965416697__b36036367831236">Configuration</strong> area, and click <strong id="EN-US_TOPIC_0000001965416697__b73848582531236">Disable</strong> next to it. In the displayed dialog box, enter <strong id="EN-US_TOPIC_0000001965416697__b67189207731236">CONFIRM</strong> and click <strong id="EN-US_TOPIC_0000001965416697__b13087951031236">OK</strong>.<p id="EN-US_TOPIC_0000001965416697__p635382691811">After public network access is disabled, the public IP address and the <strong id="EN-US_TOPIC_0000001965416697__b202756182631236">Public Network Access Control</strong> and <strong id="EN-US_TOPIC_0000001965416697__b96881057331236">Bandwidth</strong> parameters disappear.</p>
</li></ol>
</div>
<div class="section" id="EN-US_TOPIC_0000001965416697__en-us_topic_0000001223434408_section2022235142517"><h4 class="sectiontitle">Accessing a Cluster Through the Public IP Address</h4><p id="EN-US_TOPIC_0000001965416697__en-us_topic_0000001223434408_p5950195234910">After public network access is enabled, the cluster is assigned a public IP address. You can use this IP address plus a port number to access this cluster.</p>
<div class="p" id="EN-US_TOPIC_0000001965416697__en-us_topic_0000001223434408_p1243345415167">For example, if the public IP address is <span class="parmname" id="EN-US_TOPIC_0000001965416697__parmname1919174710219"><b>10.62.xxx.xxx</b></span> and the port number is <span class="parmname" id="EN-US_TOPIC_0000001965416697__parmname1320154732111"><b>9200</b></span>, run the following cURL command to view indexes in the cluster.<pre class="screen" id="EN-US_TOPIC_0000001965416697__en-us_topic_0000001223434408_screen85820524178">curl -u username:password -k 'https://10.62.xxx.xxx:9200/_cat/indices'</pre>
</div>
<p id="EN-US_TOPIC_0000001965416697__p7424193312575">where, <strong id="EN-US_TOPIC_0000001965416697__b223485632013">username</strong> and <strong id="EN-US_TOPIC_0000001965416697__b916781213">password</strong> indicate the username and password of the HTTPS-enabled security-mode cluster.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="css_01_0010.html">Configuring Networking for an Elasticsearch Cluster</a></div>
</div>
</div>
View Git Blame Copy Permalink