REL-1123365: Added TLS security configuration for multi-node

Rahiman-Nadaf · Rahiman-Nadaf · commit da2c076fb448 · 2026-01-08T07:35:32.000-06:00
diff --git a/docs/elastic-stack-setup-01-installation.md b/docs/elastic-stack-setup-01-installation.md
@@ -223,7 +223,55 @@ If you download a .zip or other file from the internet, Windows may block the fi
 > [!NOTE]
 > This configuration is NOT recommended for production environments
 
-**Step 7: Configure Transport Layer Security for Multi-Node Clusters (Production)**
+**Step 7: Configure Storage Paths**
+
+> [!IMPORTANT]
+> **Storage location is critical for Elasticsearch performance**
+>
+> Elasticsearch requires fast storage with high read/write performance.
+>
+> **Development:**
+> - May use OS disk (C:) temporarily
+> - Still not recommended
+>
+> **Production:**
+> - NEVER use the OS drive (C:)
+> - Data MUST reside on a dedicated, high-performance disk
+> - Fast storage (SSD/NVMe) is required
+> - Never share disk with the operating system
+>
+> **Configuration is simple:** Only two settings are needed to redirect data paths.
+
+**Understanding Elasticsearch directories:**
+- **`path.data`**: Stores indices (the actual indexed documents, inverted indices, and metadata)
+- **`path.logs`**: Stores Elasticsearch application logs (startup, errors, warnings, query logs)
+
+These are separate directories because data directories require high-performance storage and regular backups, while log directories primarily need adequate space for troubleshooting and monitoring.
+
+1. Configure `path.data` and `path.logs` in `elasticsearch.yml` to point to dedicated high-performance volumes:
+
+    ```yaml
+    # Production - use dedicated fast disk (D:, E:, or SAN)
+    path.data: X:/esdata
+    path.logs: X:/eslogs
+    ```
+
+2. Save the changes and restart the Elasticsearch service:
+
+
+    ```powershell
+    Restart-Service -Name "elasticsearch-service-x64"
+    ```
+
+> [!NOTE]
+> **Development Environment:**
+> If you are running a single-node development environment and have changed the data path, you may need to reset the `elastic` user password after restarting the service. Use the following command in the Elasticsearch bin directory:
+> ```
+> .\elasticsearch-reset-password -u elastic
+> ```
+> This ensures you can log in to Kibana and perform admin tasks after moving the data directory.
+
+**Step 8: Configure Transport Layer Security for Multi-Node Clusters (Production)**
 
 > [!IMPORTANT]
 > **This step is only required for multi-node production clusters.** If you are running a single-node development environment, you can skip this section and proceed to Step 7. Transport layer security ensures secure communication between nodes in a cluster using certificates signed by a Certificate Authority (CA).
@@ -303,54 +351,6 @@ Follow these steps on **all DataGrid servers** and use the **same password** on
 > [!IMPORTANT]
 > The passwords must be identical on all nodes in the cluster for proper inter-node communication.
 
-**Step 8: Configure Storage Paths**
-
-> [!IMPORTANT]
-> **Storage location is critical for Elasticsearch performance**
->
-> Elasticsearch requires fast storage with high read/write performance.
->
-> **Development:**
-> - May use OS disk (C:) temporarily
-> - Still not recommended
->
-> **Production:**
-> - NEVER use the OS drive (C:)
-> - Data MUST reside on a dedicated, high-performance disk
-> - Fast storage (SSD/NVMe) is required
-> - Never share disk with the operating system
->
-> **Configuration is simple:** Only two settings are needed to redirect data paths.
-
-**Understanding Elasticsearch directories:**
-- **`path.data`**: Stores indices (the actual indexed documents, inverted indices, and metadata)
-- **`path.logs`**: Stores Elasticsearch application logs (startup, errors, warnings, query logs)
-
-These are separate directories because data directories require high-performance storage and regular backups, while log directories primarily need adequate space for troubleshooting and monitoring.
-
-1. Configure `path.data` and `path.logs` in `elasticsearch.yml` to point to dedicated high-performance volumes:
-
-    ```yaml
-    # Production - use dedicated fast disk (D:, E:, or SAN)
-    path.data: X:/esdata
-    path.logs: X:/eslogs
-    ```
-
-2. Save the changes and restart the Elasticsearch service:
-
-
-    ```powershell
-    Restart-Service -Name "elasticsearch-service-x64"
-    ```
-
-> [!NOTE]
-> **Development Environment:**
-> If you are running a single-node development environment and have changed the data path, you may need to reset the `elastic` user password after restarting the service. Use the following command in the Elasticsearch bin directory:
-> ```
-> .\elasticsearch-reset-password -u elastic
-> ```
-> This ensures you can log in to Kibana and perform admin tasks after moving the data directory.
-
 **Step 9: Install the 'mapper-size' plugin**
 
 1. Open an elevated PowerShell, navigate to ElasticSearch's bin folder(C:\elastic\elasticsearch-x.x.x\bin) and run the following command to install the 'mapper-size' plugin:
