Location path on HDD based on index

andreas_at_work · January 26, 2017, 1:24pm

Hey,

is it somehow possible to define the location on the hard drive based on the used index?

I am working as an incident responder and security analyst. Frequently we have incidents with a low amount of data which must be securely deleted after the incident is solved.

My idea was/is to mount one encrypted file as a file system for each incident and use this mountpoint as the storage location in es. The encryption key is going to be stored on a usb stick for example.

As soon as the incident ends we would securely delete the encryption key by destroying it. Without the key it is not possible to access the indices...

Thank you
Andreas

warkolm · January 26, 2017, 10:00pm

You need to run multiple instances to put indices on different data paths like this. One per path. Otherwise ES just assume it can put whatever, where ever you define path.data.

andreas_at_work · January 27, 2017, 8:08am

Thanks!
So the only solution is one instance per incident
then we will need an orchestrator/management component to initiate the instances within the cluster/on the hosts.

Does anyone have a suggestion for this? Might docker be one? I have read some postings about it (e.g. https://forums.docker.com/t/easy-elasticsearch-cluster-with-docker-1-12-swarm/19648/2) and it seems to be not "perfect".

Topic		Replies	Views
Can we store two Elastic search indices in different data directory Elasticsearch	5	1476	December 21, 2020
Different Path for each Index Elasticsearch	15	2046	April 26, 2018
Control over writing data to a specific drive Elasticsearch	7	788	May 31, 2021
Elasticsearch supports multiple not RAID 0 Data Paths? Elasticsearch	2	518	July 6, 2017
ES multiple path.data on SSD and HDD Elasticsearch	2	1015	June 6, 2017

Location path on HDD based on index

Related topics