ipv6 support for remote addresses added (elastic#3361)

eedugon · florent-leborgne · shainaraskas · naemono · commit c7633d59a5d7 · 2025-10-28T08:44:08.000-05:00
This PR describes that the Stack 9.2 supports IPv6 addresses when configuring a remote cluster within Kibana. Extra improvements: - The ECE -> self-managed and ECH -> self-managed docs have been improved and converted to snippets. - Also the Kibana specific steps have been improved to match the reality. Closes elastic#3093 --------- Co-authored-by: florent-leborgne <florent.leborgne@elastic.co> Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com>
diff --git a/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md b/deploy-manage/remote-clusters/_snippets/rcs-elasticsearch-api-snippet-self.md
@@ -0,0 +1,42 @@
+<!--
+This snippet is in use in the following locations:
+- ece-remote-cluster-self-managed.md
+- ec-remote-cluster-self-managed.md
+-->
+To configure a self-managed cluster as a remote cluster, use the [cluster update settings API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings). Configure the following fields:
+
+* `mode`: `proxy`
+* `proxy_address`: Enter the endpoint of the remote self-managed cluster, including the hostname, FQDN, or IP address, and the port. Both IPv4 and IPv6 addresses are supported.
+
+  Make sure you use the correct port for your authentication method:
+  * **API keys**: Use the port configured in the remote cluster interface of the remote cluster (defaults to `9443`).  
+  * **TLS Certificates**: Use the {{es}} transport port (defaults to `9300`).
+
+  When using an IPv6 address, enclose it in square brackets followed by the port number. For example: `[2001:db8::1]:9443`.
+
+* `server_name`: Specify a value if the certificate presented by the remote cluster is signed for a different name than the proxy_address.
+
+This is an example of the API call to `_cluster/settings`:
+
+```json
+PUT /_cluster/settings
+{
+  "persistent": {
+    "cluster": {
+      "remote": {
+        "alias-for-my-remote-cluster": {
+          "mode":"proxy",
+          "proxy_address": "a542184a7a7d45b88b83f95392f450ab.192.168.44.10.ip.es.io:9300",
+          "server_name": "a542184a7a7d45b88b83f95392f450ab.192.168.44.10.ip.es.io"
+        }
+      }
+    }
+  }
+}
+```
+
+::::{note}
+When using API key authentication, the cluster alias must match the one you configured when adding the API key in the Cloud UI.
+::::
+
+For a full list of available client connection settings in proxy mode, refer to [remote cluster settings reference](elasticsearch://reference/elasticsearch/configuration-reference/remote-clusters.md#remote-cluster-proxy-settings).
diff --git a/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet-self.md b/deploy-manage/remote-clusters/_snippets/rcs-kibana-api-snippet-self.md
@@ -0,0 +1,28 @@
+<!--
+This snippet is in use in the following locations:
+- ece-remote-cluster-self-managed.md
+- ec-remote-cluster-self-managed.md
+-->
+1. Go to the **Remote Clusters** management page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
+2. Select **Add a remote cluster**.
+2. In **Select connection type**, choose the authentication mechanism you prepared earlier (**API keys** or **Certificates**), and click **Next**.
+
+3. In **Add connection information**, fill in the following fields:
+
+    * **Remote cluster name**: This *cluster alias* is a unique identifier that represents the connection to the remote cluster and is used to distinguish local and remote indices.
+
+      When using API key authentication, this alias must match the **Remote cluster name** you configured when adding the API key in the Cloud UI.
+    * **Remote address**: Enter the endpoint of the remote self-managed cluster, including the hostname, FQDN, or IP address, and the port.
+
+      Make sure you use the correct port for your authentication method:
+      * **API keys**: Use the port configured in the remote cluster interface of the remote cluster (defaults to `9443`).  
+      * **TLS Certificates**: Use the {{es}} transport port (defaults to `9300`).
+
+      Starting with {{kib}} 9.2, this field also supports IPv6 addresses. When using an IPv6 address, enclose it in square brackets followed by the port number. For example: `[2001:db8::1]:9443`.
+
+    * **Configure advanced options** (optional): Expand this section if you need to customize additional settings.
+      * **TLS server name**: Specify a value if the certificate presented by the remote cluster is signed for a different name than the remote address.
+      * **Socket connections**: Define the number of connections to open with the remote cluster.
+
+4. Click **Next**.
+5. In **Confirm setup**, click **Add remote cluster** (you have already established trust in a previous step).
diff --git a/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ec-remote-cluster-self-managed.md
@@ -221,109 +221,13 @@ On the local cluster, add the remote cluster using {{kib}} or the {{es}} API.
 
 ### Using {{kib}} [ec_using_kibana_4]
 
-1. Go to the **Remote Clusters** management page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
-2. Select **Add a remote cluster**.
-2. Enable **Manually enter proxy address and server name**.
-3. Fill in the following fields:
-
-    * **Name**: This *cluster alias* is a unique identifier that represents the connection to the remote cluster and is used to distinguish local and remote indices.
-
-      When using API key authentication, this alias must match the **Remote cluster name** you configured when adding the API key in the Cloud UI.
-    * **Proxy address**: This value can be found on the **Security** page of the {{ech}} deployment you want to use as a remote.<br>
-
-      ::::{tip}
-      If you’re using API keys as security model, change the port to `9443`.
-      ::::
-
-    * **Server name**: This value can be found on the **Security** page of the {{ech}} deployment you want to use as a remote.
-
-      ::::{note}
-      If you’re having issues establishing the connection and the remote cluster is part of an {{ece}} environment with a private certificate, make sure that the proxy address and server name match with the the certificate information. For more information, refer to [Administering endpoints in {{ece}}](/deploy-manage/deploy/cloud-enterprise/change-endpoint-urls.md).
-      ::::
-
-4. Click **Next**.
-5. Click **Add remote cluster** (you have already established trust in a previous step).
-
+:::{include} _snippets/rcs-kibana-api-snippet-self.md
+:::
 
 ### Using the {{es}} API [ec_using_the_elasticsearch_api_4]
 
-To configure a deployment as a remote cluster, use the [cluster update settings API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings). Configure the following fields:
-
-* `mode`: `proxy`
-* `proxy_address`: This value can be found on the **Security** page of the {{ech}} deployment you want to use as a remote. Also, using the API, this value can be obtained from the {{es}} resource info, concatenating the field `metadata.endpoint` and port `9400` using a semicolon.
-
-  ::::{tip}
-  If you’re using API keys as security model, change the port into `9443`.
-  ::::
-
-
-* `server_name`: This value can be found on the **Security** page of the {{ech}} deployment you want to use as a remote. Also, using the API, this can be obtained from the {{es}} resource info field `metadata.endpoint`.
-
-This is an example of the API call to `_cluster/settings`:
-
-```json
-PUT /_cluster/settings
-{
-  "persistent": {
-    "cluster": {
-      "remote": {
-        "alias-for-my-remote-cluster": {
-          "mode":"proxy",
-          "proxy_address": "a542184a7a7d45b88b83f95392f450ab.192.168.44.10.ip.es.io:9400",
-          "server_name": "a542184a7a7d45b88b83f95392f450ab.192.168.44.10.ip.es.io"
-        }
-      }
-    }
-  }
-}
-```
-
-::::{note}
-When using API key authentication, the cluster alias must match the one you configured when adding the API key in the Cloud UI.
-::::
-
-### Using the {{ecloud}} RESTful API [ec_using_the_elasticsearch_service_restful_api_4]
-
-::::{note}
-This section only applies if you’re using TLS certificates as cross-cluster security model and when both clusters belong to the same organization. For other scenarios, the [{{es}} API](#ec_using_the_elasticsearch_api_4) should be used instead.
-::::
-
-
-```sh
-curl -H 'Content-Type: application/json' -X PUT -H "Authorization: ApiKey $EC_API_KEY" https://api.elastic-cloud.com/api/v1/deployments/$DEPLOYMENT_ID/elasticsearch/$REF_ID/remote-clusters -d '
-{
-  "resources" : [
-    {
-      "deployment_id": "$DEPLOYMENT_ID_REMOTE",
-      "elasticsearch_ref_id": "$REF_ID_REMOTE",
-      "alias": "alias-your-remote",
-      "skip_unavailable" : true
-    }
-  ]
-}'
-```
-
-`DEPLOYMENT_ID_REMOTE`
-:   The ID of your remote deployment, as shown in the Cloud UI or obtained through the API.
-
-`REF_ID_REMOTE`
-:   The unique ID of the {{es}} resources inside your remote deployment (you can obtain these values through the API).
-
-Note the following when using the {{ecloud}} RESTful API:
-
-1. A cluster alias must contain only letters, numbers, dashes (-), or underscores (_).
-2. To learn about skipping disconnected clusters, refer to the [{{es}} documentation](/solutions/search/cross-cluster-search.md#skip-unavailable-clusters).
-3. When remote clusters are already configured for a deployment, the `PUT` request replaces the existing configuration with the new configuration passed. Passing an empty array of resources will remove all remote clusters.
-
-The following API request retrieves the remote clusters configuration:
-
-```sh
-curl -X GET -H "Authorization: ApiKey $EC_API_KEY" https://api.elastic-cloud.com/api/v1/deployments/$DEPLOYMENT_ID/elasticsearch/$REF_ID/remote-clusters
-```
-
-::::{note}
-The response will include just the remote clusters from the same {{ecloud}} organization. In order to obtain the whole list of remote clusters, use {{kib}} or the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-remote-info) directly.
-::::
+:::{include} _snippets/rcs-elasticsearch-api-snippet-self.md
+:::
 
 ## Configure roles and users [ec_configure_roles_and_users_4]
 
diff --git a/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md b/deploy-manage/remote-clusters/ece-remote-cluster-self-managed.md
@@ -217,122 +217,20 @@ You can now connect remotely to the trusted clusters.
 
 On the local cluster, add the remote cluster using {{kib}} or the {{es}} API.
 
-
-### Using {{kib}} [ece_using_kibana_4]
-
-1. Go to the **Remote Clusters** management page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
-2. Select **Add a remote cluster**.
-2. Enable **Manually enter proxy address and server name**.
-3. Fill in the following fields:
-
-    * **Name**: This *cluster alias* is a unique identifier that represents the connection to the remote cluster and is used to distinguish local and remote indices.
-
-      When using API key authentication, this alias must match the **Remote cluster name** you configured when adding the API key in the Cloud UI.
-    * **Proxy address**: This value can be found on the **Security** page of the {{ece}} deployment you want to use as a remote.<br>
-
-      ::::{tip}
-      If you’re using API keys as security model, change the port into `9443`.
-      ::::
-
-    * **Server name**: This value can be found on the **Security** page of the {{ece}} deployment you want to use as a remote.
-
-      :::{image} /deploy-manage/images/cloud-enterprise-ce-copy-remote-cluster-parameters.png
-      :alt: Remote Cluster Parameters in Deployment
-      :screenshot:
-      :::
-
-      ::::{note}
-      If you’re having issues establishing the connection and the remote cluster is part of an {{ece}} environment with a private certificate, make sure that the proxy address and server name match with the the certificate information. For more information, refer to [Administering endpoints in {{ece}}](/deploy-manage/deploy/cloud-enterprise/change-endpoint-urls.md).
-      ::::
-
-4. Click **Next**.
-5. Click **Add remote cluster** (you have already established trust in a previous step).
-
+% ECE locals only
 ::::{note}
-This configuration of remote clusters uses the [Proxy mode](/deploy-manage/remote-clusters/remote-clusters-self-managed.md#proxy-mode) and it requires that the allocators can communicate via http with the proxies.
+This configuration of remote clusters uses the [Proxy mode](/deploy-manage/remote-clusters/remote-clusters-self-managed.md#proxy-mode) and requires the ECE allocators to be able to connect to the remote address endpoint.
 ::::
 
+### Using {{kib}} [ece_using_kibana_4]
 
+:::{include} _snippets/rcs-kibana-api-snippet-self.md
+:::
 
 ### Using the {{es}} API [ece_using_the_elasticsearch_api_4]
 
-To configure a deployment as a remote cluster, use the [cluster update settings API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings). Configure the following fields:
-
-* `mode`: `proxy`
-* `proxy_address`: This value can be found on the **Security** page of the {{ece}} deployment you want to use as a remote. Also, using the API, this value can be obtained from the {{es}} resource info, concatenating the field `metadata.endpoint` and port `9300` using a semicolon.
-
-  ::::{tip}
-  If you’re using API keys as security model, change the port into `9443`.
-  ::::
-
-
-* `server_name`: This value can be found on the **Security** page of the {{ece}} deployment you want to use as a remote. Also, using the API, this can be obtained from the {{es}} resource info field `metadata.endpoint`.
-
-This is an example of the API call to `_cluster/settings`:
-
-```json
-PUT /_cluster/settings
-{
-  "persistent": {
-    "cluster": {
-      "remote": {
-        "alias-for-my-remote-cluster": {
-          "mode":"proxy",
-          "proxy_address": "a542184a7a7d45b88b83f95392f450ab.192.168.44.10.ip.es.io:9300",
-          "server_name": "a542184a7a7d45b88b83f95392f450ab.192.168.44.10.ip.es.io"
-        }
-      }
-    }
-  }
-}
-```
-
-::::{note}
-When using API key authentication, the cluster alias must match the one you configured when adding the API key in the Cloud UI.
-::::
-
-### Using the {{ece}} RESTful API [ece_using_the_elastic_cloud_enterprise_restful_api_4]
-
-::::{note}
-This section only applies if you’re using TLS certificates as cross-cluster security model and when both clusters belong to the same ECE environment. For other scenarios, the [{{es}} API](#ece_using_the_elasticsearch_api_4) should be used instead.
-::::
-
-
-```sh
-curl -k -H 'Content-Type: application/json' -X PUT -H "Authorization: ApiKey $ECE_API_KEY" https://$COORDINATOR_HOST:12443/api/v1/deployments/$DEPLOYMENT_ID/elasticsearch/$REF_ID/remote-clusters -d '
-{
-  "resources" : [
-    {
-      "deployment_id": "$DEPLOYMENT_ID_REMOTE",
-      "elasticsearch_ref_id": "$REF_ID_REMOTE",
-      "alias": "alias-your-remote",
-      "skip_unavailable" : true
-    }
-  ]
-}'
-```
-
-`DEPLOYMENT_ID_REMOTE`
-:   The ID of your remote deployment, as shown in the Cloud UI or obtained through the API.
-
-`REF_ID_REMOTE`
-:   The unique ID of the {{es}} resources inside your remote deployment (you can obtain these values through the API).
-
-Note the following when using the {{ece}} RESTful API:
-
-1. A cluster alias must contain only letters, numbers, dashes (-), or underscores (_).
-2. To learn about skipping disconnected clusters, refer to the [{{es}} documentation](/solutions/search/cross-cluster-search.md#skip-unavailable-clusters).
-3. When remote clusters are already configured for a deployment, the `PUT` request replaces the existing configuration with the new configuration passed. Passing an empty array of resources will remove all remote clusters.
-
-The following API request retrieves the remote clusters configuration:
-
-```sh
-curl -k -X GET -H "Authorization: ApiKey $ECE_API_KEY" https://$COORDINATOR_HOST:12443/api/v1/deployments/$DEPLOYMENT_ID/elasticsearch/$REF_ID/remote-clusters
-```
-
-::::{note}
-The response includes just the remote clusters from the same ECE environment. In order to obtain the whole list of remote clusters, use {{kib}} or the [{{es}} API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-remote-info) directly.
-::::
+:::{include} _snippets/rcs-elasticsearch-api-snippet-self.md
+:::
 
 ## Configure roles and users [ece_configure_roles_and_users_4]
 
diff --git a/deploy-manage/remote-clusters/remote-clusters-api-key.md b/deploy-manage/remote-clusters/remote-clusters-api-key.md
@@ -148,23 +148,28 @@ If a remote cluster is part of an {{ech}} (ECH) deployment, the remote cluster s
 You must have the `manage` cluster privilege to connect remote clusters.
 ::::
 
-
 The local cluster uses the [remote cluster interface](elasticsearch://reference/elasticsearch/configuration-reference/networking-settings.md) to establish communication with remote clusters. The coordinating nodes in the local cluster establish [long-lived](elasticsearch://reference/elasticsearch/configuration-reference/networking-settings.md#long-lived-connections) TCP connections with specific nodes in the remote cluster. {{es}} requires these connections to remain open, even if the connections are idle for an extended period.
 
-To add a remote cluster in {{kib}}:
+### Using {{kib}}
+
+To add a remote cluster from Stack Management in {{kib}}:
 
 1. Go to the **Remote Clusters** management page in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md).
 2. Select **Add a remote cluster**.
 3. Select **API keys** as the connection type.
 4. Enter a name (*cluster alias*) for the remote cluster.
 5. Specify the {{es}} endpoint URL, or the IP address or host name of the remote cluster followed by the remote cluster port (defaults to `9443`). For example, `cluster.es.eastus2.staging.azure.foundit.no:9443` or `192.168.1.1:9443`.
 
+    Starting with {{kib}} 9.2, you can also specify IPv6 addresses.
+
+### Using the {{es}} API
+
+Alternatively, use the [cluster update settings API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings) to add a remote cluster. You can also use this API to dynamically configure remote clusters for *every* node in the local cluster. To configure remote clusters on individual nodes in the local cluster, define static settings in [`elasticsearch.yml`](/deploy-manage/stack-settings.md) for each node.
+
 ::::{note}
 If the remote cluster is part of an {{ech}}, {{ece}}, or {{eck}} deployment, configure the connection to use `proxy`. The default `sniff` mode doesn't work in these environments. Refer to the [connection modes](/deploy-manage/remote-clusters/remote-clusters-self-managed.md#sniff-proxy-modes) description for more information.
 ::::
 
-Alternatively, use the [cluster update settings API](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings) to add a remote cluster. You can also use this API to dynamically configure remote clusters for *every* node in the local cluster. To configure remote clusters on individual nodes in the local cluster, define static settings in [`elasticsearch.yml`](/deploy-manage/stack-settings.md) for each node.
-
 The following request adds a remote cluster with an alias of `cluster_one`. This *cluster alias* is a unique identifier that represents the connection to the remote cluster and is used to distinguish between local and remote indices.
 
 ```console
diff --git a/deploy-manage/remote-clusters/remote-clusters-cert.md b/deploy-manage/remote-clusters/remote-clusters-cert.md
