Startup with all indices closed?

Hi all,

is there a configuration option to start a cluster with all indices closed ?

And if not, is there a way to write a Plugin that closes "_all" on shutdown AND to be sure alos on startup ?


do you mind to explain your use-case here? If you have a cluster and only one node shuts down and closes all the indices, how should this work? There is no such thing like a listener for a 'cluster wide' shutdown.

Hm, good point :slight_smile: We didn't think of that .

The use-case is the following:

we have a cloud storage solution with end-to-end privacy of all the documents a user has.
We want to offer the user to search all his documents and are using ES for this.
But privacy also has to be ensured for the users index. Therefore we are encrypting the index with a key that only that user has.
It is working fine, only if a node is restarted, it automatically tries to recover the shards on that node, and of course cannot do this without the users key.
Therefore we did tests with all the indexes closed, and this worked fine.

But you of course are right, when shutting down one node, not all indices must be closed.

Is it alternativly possible to prevent recovery of shards at startup? And only do it later, if a first request for that shard is received ?

you would need to patch Elasticsearch to do that, you cannot control the lifecycle of this. You can only listen on certain events using an IndexEventListener but not change the execution flow - intentionally.

How to handle shards being sent from around your cluster when a new node joins a cluster or when a node has a full disk or when a node is busy doing a GC? Shards can be moved anytime, starting or stopping is only one of the reasons. Each time you would need to unencrypt again (which means you gotta send the key with every request).

I am not sure how decrypting an index on first usage is more secure than an encrypted filesystem, as in both cases your data is going to be unencrypted in memory.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.