default network.host to _gce_ when using discovery.type:gce

[dadoonet]

We should come with good defaults when using discovery.type: gce and bind network.host to _gce_ (which is the private IP address).

Related to #13612

[dadoonet]

Here are some tests when running elasticsearch 2.0.0-rc1 on Google Compute Engine without any plugin.

• wget rc1 and unzip
• launch it with all defaults - no plugin bin/elasticsearch
• bounds by default to publish_address {127.0.0.1:9200}, bound_addresses {127.0.0.1:9200}
• curl from external to 104.155.10.21:9200 curl: (7) Failed to connect to 104.155.10.21 port 9200: Connection refused
• open the firewall 9200 port and curl again. Same error. Which is expected.
• starting with bin/elasticsearch -Des.network.host=_local_ gave the same result. Bound to 127.0.0.1. Expected in 2.0.
• starting with bin/elasticsearch -Des.network.host=_eth0_ (private IP): Bound to 10.240.0.3. Accessible from outside because of the firewall route we did open previously.

Note that using _gce_ with the plugin is equivalent of using _eth0_ here.

What does it mean? It means that it will be unsecured to automatically bound to _gce_ or _eth0_ by default.

If users want to create a cluster of private nodes they will have to:

• define network.host: _gce_ for example
• install discovery-gce plugin so they will get automatic node detection within the project

If they want to open one or all of their instances to the public, they will need to be extremely careful with that and probably add restrictions on which machines are really accessible on port 9200. By default, GCE firewall open the port for all machines which have a public IP, and by default all machines have a public IP.

Conclusion: let's close this ticket and the same tickets for azure and ec2 plugins as they should not have another behavior than the default elasticsearch behavior.