App-ElasticSearch-Utilities
view release on metacpan or search on metacpan
README.mkdn view on Meta::CPAN
--local Use localhost as the elasticsearch host
--host ElasticSearch host to connect to
--port HTTP port for your cluster
--proto Defaults to 'http', can also be 'https'
--http-username HTTP Basic Auth username
--password-exec Script to run to get the users password
--insecure Don't verify TLS certificates
--cacert Specify the TLS CA file
--capath Specify the directory with TLS CAs
--cert Specify the path to the client certificate
--key Specify the path to the client private key file
--noop Any operations other than GET are disabled, can be negated with --no-noop
--timeout Timeout to ElasticSearch, default 10
--keep-proxy Do not remove any proxy settings from %ENV
--index Index to run commands against
--base For daily indexes, reference only those starting with "logstash"
(same as --pattern logstash-* or logstash-DATE)
--pattern Use a pattern to operate on the indexes
--days If using a pattern or base, how many days back to go, default: 1
See also the "CONNECTION ARGUMENTS" and "INDEX SELECTION ARGUMENTS" sections from App::ElasticSearch::Utilities.
# CONNECTION ARGUMENTS
Arguments for establishing a connection with the cluster. Unless specified otherwise, these options
can all be set in the globals file.
- **local**
Assume ElasticSearch is running locally, connect to localhost.
- **host**
Use a different hostname or IP address to connect.
- **port**
Defaults to 9200.
- **proto**
Defaults to 'http', can also be 'https'.
- **http-username**
If HTTP Basic Authentication is required, use this username.
See also the ["HTTP Basic Authentication"](#http-basic-authentication) section for more details
- **password-exec**
If HTTP Basic Authentication is required, run this command, passing the arguments:
<command_to_run> <es_host> <es_username>
The script expects the last line to contain the password in plaintext.
- **noop**
Prevents any communication to the cluster from making changes to the settings or data contained therein.
In short, it prevents anything but HEAD and GET requests, **except** POST requests to the \_search endpoint.
- **timeout**
Timeout for connections and requests, defaults to 10.
- **keep-proxy**
By default, HTTP proxy environment variables are stripped. Use this option to keep your proxy environment variables
in tact.
- **insecure**
Don't verify TLS certificates
- **cacert**
Specify a file with the TLS CA certificates.
- **capath**
Specify a directory containing the TLS CA certificates.
- **cert**
Specify the path to the TLS client certificate file..
- **key**
Specify the path to the TLS client private key file.
# AUTHENTICATION
HTTP Basic Authorization is only supported when the `proto` is set to **https**
as not to leak credentials all over.
The username is selected by going through these mechanisms until one is found:
--http-username
'http-username' in /etc/es-utils.yml or ~/.es-utils.yml
Netrc element matching the hostname of the request
CLI::Helpers prompt()
Once the username has been resolved, the following mechanisms are tried in order:
Netrc element matching the hostname of the request
Password executable defined by --password-exec
'password-exec' in /etc/es-utils.yml, ~/.es-utils.yml
CLI::Helpers prompt()
## Password Exec
It is **BAD** practice to specify passwords as a command line argument, or store it in a plaintext
file. There are cases where this may be necessary, but it is not recommended. The best method for securing your
password is to use the **password-exec** option.
This option must point to an executable script. That script will be passed two arguments, the hostname and the username
for the request. It expects the password printed to STDOUT as the last line of output. Here's an example password-exec setup
using Apple Keychain:
#!/bin/sh
( run in 1.346 second using v1.01-cache-2.11-cpan-d8267643d1d )