toshrajbhardwaj | f4fc1c6 | 2018-08-06 07:35:14 +0000 | [diff] [blame] | 1 | # Copyright © 2018 Amdocs, Bell Canada, AT&T |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | # you may not use this file except in compliance with the License. |
| 5 | # You may obtain a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | # See the License for the specific language governing permissions and |
| 13 | # limitations under the License. |
| 14 | |
| 15 | |
Mandeep Khinda | 2599c1d | 2017-08-30 14:39:20 +0000 | [diff] [blame] | 16 | ##################### Elasticsearch Configuration Example ##################### |
| 17 | |
| 18 | # This file contains an overview of various configuration settings, |
| 19 | # targeted at operations staff. Application developers should |
| 20 | # consult the guide at <http://elasticsearch.org/guide>. |
| 21 | # |
| 22 | # The installation procedure is covered at |
| 23 | # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup.html>. |
| 24 | # |
| 25 | # Elasticsearch comes with reasonable defaults for most settings, |
| 26 | # so you can try it out without bothering with configuration. |
| 27 | # |
| 28 | # Most of the time, these defaults are just fine for running a production |
| 29 | # cluster. If you're fine-tuning your cluster, or wondering about the |
| 30 | # effect of certain configuration option, please _do ask_ on the |
| 31 | # mailing list or IRC channel [http://elasticsearch.org/community]. |
| 32 | |
| 33 | # Any element in the configuration can be replaced with environment variables |
| 34 | # by placing them in ${...} notation. For example: |
| 35 | # |
| 36 | # node.rack: ${RACK_ENV_VAR} |
| 37 | |
| 38 | # For information on supported formats and syntax for the config file, see |
| 39 | # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup-configuration.html> |
| 40 | ################################### Cluster ################################### |
| 41 | |
| 42 | # Cluster name identifies your cluster for auto-discovery. If you're running |
| 43 | # multiple clusters on the same network, make sure you're using unique names. |
| 44 | # |
| 45 | # cluster.name: elasticsearch |
| 46 | |
| 47 | cluster.name: ES_AAI |
| 48 | |
| 49 | #################################### Node ##################################### |
| 50 | |
| 51 | node.name: ES_ONAP |
| 52 | node.master: true |
| 53 | node.data: true |
| 54 | |
| 55 | |
| 56 | # Use the Cluster Health API [http://localhost:9200/_cluster/health], the |
| 57 | # Node Info API [http://localhost:9200/_nodes] or GUI tools |
| 58 | # such as <http://www.elasticsearch.org/overview/marvel/>, |
| 59 | # <http://github.com/karmi/elasticsearch-paramedic>, |
| 60 | # <http://github.com/lukas-vlcek/bigdesk> and |
| 61 | # <http://mobz.github.com/elasticsearch-head> to inspect the cluster state. |
| 62 | |
| 63 | # By default, multiple nodes are allowed to start from the same installation location |
| 64 | # to disable it, set the following: |
| 65 | |
| 66 | node.max_local_storage_nodes: 1 |
| 67 | |
| 68 | |
| 69 | #################################### Index #################################### |
| 70 | # You can set a number of options (such as shard/replica options, mapping |
| 71 | # or analyzer definitions, translog settings, ...) for indices globally, |
| 72 | # in this file. |
| 73 | # |
| 74 | # Note, that it makes more sense to configure index settings specifically for |
| 75 | # a certain index, either when creating it or by using the index templates API. |
| 76 | # |
| 77 | # See <http://elasticsearch.org/guide/en/elasticsearch/reference/current/index-modules.html> and |
| 78 | # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/indices-create-index.html> |
| 79 | # for more information. |
| 80 | |
| 81 | # Set the number of shards (splits) of an index (5 by default): |
| 82 | |
Edwin Lawrance | 0d4b4b5 | 2018-08-02 15:57:13 +0100 | [diff] [blame] | 83 | #index.number_of_shards: 5 |
Mandeep Khinda | 2599c1d | 2017-08-30 14:39:20 +0000 | [diff] [blame] | 84 | |
| 85 | # Set the number of replicas (additional copies) of an index (1 by default): |
| 86 | |
Edwin Lawrance | 0d4b4b5 | 2018-08-02 15:57:13 +0100 | [diff] [blame] | 87 | #index.number_of_replicas: 1 |
Mandeep Khinda | 2599c1d | 2017-08-30 14:39:20 +0000 | [diff] [blame] | 88 | |
| 89 | # These settings directly affect the performance of index and search operations |
| 90 | # in your cluster. Assuming you have enough machines to hold shards and |
| 91 | # replicas, the rule of thumb is: |
| 92 | # |
| 93 | # 1. Having more *shards* enhances the _indexing_ performance and allows to |
| 94 | # _distribute_ a big index across machines. |
| 95 | # 2. Having more *replicas* enhances the _search_ performance and improves the |
| 96 | # cluster _availability_. |
| 97 | # |
| 98 | # The "number_of_shards" is a one-time setting for an index. |
| 99 | # |
| 100 | # The "number_of_replicas" can be increased or decreased anytime, |
| 101 | # by using the Index Update Settings API. |
| 102 | # |
| 103 | # Elasticsearch takes care about load balancing, relocating, gathering the |
| 104 | # results from nodes, etc. Experiment with different settings to fine-tune |
| 105 | # your setup. |
| 106 | |
| 107 | # Use the Index Status API (<http://localhost:9200/A/_status>) to inspect |
| 108 | # the index status. |
| 109 | |
| 110 | |
| 111 | #################################### Paths #################################### |
| 112 | |
| 113 | # Path to directory containing configuration (this file and logging.yml): |
| 114 | #path.conf: /opt/app/elasticsearch/config |
| 115 | |
| 116 | # Path to directory where to store index data allocated for this node. |
| 117 | # Use swm auto link to redirect the data directory if necessary. |
| 118 | |
Edwin Lawrance | 0d4b4b5 | 2018-08-02 15:57:13 +0100 | [diff] [blame] | 119 | path.data: /usr/share/elasticsearch/data |
Mandeep Khinda | 2599c1d | 2017-08-30 14:39:20 +0000 | [diff] [blame] | 120 | |
| 121 | # path.data: /path/to/data1,/path/to/data2 |
| 122 | |
| 123 | # path.work: /path/to/work |
| 124 | |
Edwin Lawrance | 0d4b4b5 | 2018-08-02 15:57:13 +0100 | [diff] [blame] | 125 | path.logs: /usr/share/elasticsearch/logs |
Mandeep Khinda | 2599c1d | 2017-08-30 14:39:20 +0000 | [diff] [blame] | 126 | |
| 127 | #path.plugins: /opt/app/elasticsearch/plugins |
| 128 | |
| 129 | |
| 130 | #################################### Plugin ################################### |
| 131 | |
| 132 | # If a plugin listed here is not installed for current node, the node will not start. |
| 133 | # |
| 134 | # plugin.mandatory: mapper-attachments,lang-groovy |
| 135 | |
| 136 | |
| 137 | ################################### Memory #################################### |
| 138 | |
| 139 | # Elasticsearch performs poorly when JVM starts swapping: you should ensure that |
| 140 | # it _never_ swaps. |
| 141 | # |
| 142 | # Set this property to true to lock the memory: default is true |
| 143 | |
Edwin Lawrance | 0d4b4b5 | 2018-08-02 15:57:13 +0100 | [diff] [blame] | 144 | #bootstrap.memory_lock: true |
Mandeep Khinda | 2599c1d | 2017-08-30 14:39:20 +0000 | [diff] [blame] | 145 | |
| 146 | # Make sure that the ES_MIN_MEM and ES_MAX_MEM environment variables are set |
| 147 | # to the same value, and that the machine has enough memory to allocate |
| 148 | # for Elasticsearch, leaving enough memory for the operating system itself. |
| 149 | # |
| 150 | # You should also make sure that the Elasticsearch process is allowed to lock |
| 151 | # the memory, eg. by using `ulimit -l unlimited`. |
| 152 | |
Edwin Lawrance | 0d4b4b5 | 2018-08-02 15:57:13 +0100 | [diff] [blame] | 153 | ### Kernel Settings |
| 154 | |
| 155 | # Elasticsearch installs system call filters of various flavors depending on the |
| 156 | # operating system (e.g., seccomp on Linux). These system call filters are |
| 157 | # installed to prevent the ability to execute system calls related to forking |
| 158 | # as a defense mechanism against arbitrary code execution attacks on |
| 159 | # Elasticsearch The system call filter check ensures that if system call |
| 160 | # filters are enabled, then they were successfully installed. To pass the system |
| 161 | # call filter check you must either fix any configuration errors on your system |
| 162 | # that prevented system call filters from installing (check your logs), or at |
| 163 | # your own risk disable system call filters by setting |
| 164 | # bootstrap.system_call_filter to false. |
| 165 | # See: https://www.elastic.co/guide/en/elasticsearch/reference/current/system-call-filter-check.html |
| 166 | # |
| 167 | # seccomp is found in Linux kernels: 2.6.372.6.39, 3.03.19, 4.04.9, |
| 168 | # 4.10-rc+HEAD |
| 169 | # |
| 170 | # The default setting is to disable the filters assuming an older kernel |
| 171 | # version where seccomp is not available. |
| 172 | # See: https://discuss.elastic.co/t/elasticsearch-warn-unable-to-install-syscall-filter/42819 |
| 173 | |
| 174 | bootstrap.system_call_filter: false |
Mandeep Khinda | 2599c1d | 2017-08-30 14:39:20 +0000 | [diff] [blame] | 175 | |
| 176 | ############################## Network And HTTP ############################### |
| 177 | # Elasticsearch, by default, binds itself to the 0.0.0.0 address, and listens |
| 178 | # on port [9200-9300] for HTTP traffic and on port [9300-9400] for node-to-node |
| 179 | # communication. (the range means that if the port is busy, it will automatically |
| 180 | # try the next port). |
| 181 | |
| 182 | # Set the bind address specifically (IPv4 or IPv6): |
| 183 | network.bind_host: 0.0.0.0 |
| 184 | |
| 185 | # Set the address other nodes will use to communicate with this node. If not |
| 186 | # set, it is automatically derived. It must point to an actual IP address. |
| 187 | |
| 188 | # network.publish_host: 0.0.0.0 |
| 189 | |
| 190 | # Set both 'bind_host' and 'publish_host': |
| 191 | # network.host: 192.168.0.1 |
| 192 | |
| 193 | |
| 194 | # Set a custom port for the node to node communication (9300 by default): |
Edwin Lawrance | a1dd587 | 2019-03-05 10:30:33 +0000 | [diff] [blame^] | 195 | transport.tcp.port: {{ .Values.service.internalPort2 }} |
Mandeep Khinda | 2599c1d | 2017-08-30 14:39:20 +0000 | [diff] [blame] | 196 | |
| 197 | # Enable compression for all communication between nodes (disabled by default): |
| 198 | transport.tcp.compress: false |
| 199 | |
| 200 | # Set a custom port to listen for HTTP traffic: |
| 201 | # http.port: 9200 |
kj | 9bf2731 | 2018-03-19 15:07:44 +0200 | [diff] [blame] | 202 | http.port: {{ .Values.service.internalPort }} |
Mandeep Khinda | 2599c1d | 2017-08-30 14:39:20 +0000 | [diff] [blame] | 203 | |
| 204 | # Set a custom allowed content length: |
| 205 | # http.max_content_length: 100mb |
| 206 | http.max_content_length: 100mb |
| 207 | |
| 208 | # Disable HTTP completely: |
| 209 | # http.enabled: false |
| 210 | http.enabled: true |
| 211 | |
| 212 | # This is specifically useful for permitting which front end Kibana Url's are permitted to access elastic search. |
| 213 | http.cors.enabled: false |
| 214 | http.cors.allow-origin: "/.*/" |
| 215 | http.cors.allow-headers: X-Requested-With, Content-Type, Content-Length |
| 216 | http.cors.allow-credentials: false |
| 217 | ################################### Gateway ################################### |
| 218 | |
| 219 | # The gateway allows for persisting the cluster state between full cluster |
| 220 | # restarts. Every change to the state (such as adding an index) will be stored |
| 221 | # in the gateway, and when the cluster starts up for the first time, |
| 222 | # it will read its state from the gateway. |
| 223 | # There are several types of gateway implementations. For more information, see |
| 224 | # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-gateway.html>. |
| 225 | |
| 226 | # The default gateway type is the "local" gateway (recommended): |
| 227 | # |
| 228 | #gateway.type: local |
| 229 | #gateway.type: local |
| 230 | |
| 231 | # Settings below control how and when to start the initial recovery process on |
| 232 | # a full cluster restart (to reuse as much local data as possible when using shared |
| 233 | # gateway). |
| 234 | |
| 235 | # Allow recovery process after N nodes in a cluster are up: |
| 236 | # |
| 237 | # gateway.recover_after_nodes: 1 |
| 238 | gateway.recover_after_nodes: 1 |
| 239 | |
| 240 | # Set the timeout to initiate the recovery process, once the N nodes |
| 241 | # from previous setting are up (accepts time value): |
| 242 | # |
| 243 | #gateway.recover_after_time: 5m |
| 244 | gateway.recover_after_time: 5m |
| 245 | |
| 246 | # Set how many nodes are expected in this cluster. Once these N nodes |
| 247 | # are up (and recover_after_nodes is met), begin recovery process immediately |
| 248 | # (without waiting for recover_after_time to expire): |
| 249 | # |
| 250 | # gateway.expected_nodes: 2 |
| 251 | gateway.expected_nodes: 2 |
| 252 | |
| 253 | ############################# Recovery Throttling ############################# |
| 254 | |
| 255 | # These settings allow to control the process of shards allocation between |
| 256 | # nodes during initial recovery, replica allocation, rebalancing, |
| 257 | # or when adding and removing nodes. |
| 258 | |
| 259 | # Set the number of concurrent recoveries happening on a node: |
| 260 | # |
| 261 | # 1. During the initial recovery |
| 262 | # |
| 263 | # cluster.routing.allocation.node_initial_primaries_recoveries: 4 |
| 264 | # |
| 265 | # 2. During adding/removing nodes, rebalancing, etc |
| 266 | # |
| 267 | # cluster.routing.allocation.node_concurrent_recoveries: 2 |
| 268 | |
| 269 | # Set to throttle throughput when recovering (eg. 100mb, by default 20mb): |
| 270 | # indices.recovery.max_bytes_per_sec: 20mb |
| 271 | indices.recovery.max_bytes_per_sec: 20mb |
| 272 | |
| 273 | # Set to limit the number of open concurrent streams when |
| 274 | # recovering a shard from a peer: |
| 275 | # |
| 276 | # indices.recovery.concurrent_streams: 5 |
Edwin Lawrance | 0d4b4b5 | 2018-08-02 15:57:13 +0100 | [diff] [blame] | 277 | #indices.recovery.concurrent_streams: 5 |
Mandeep Khinda | 2599c1d | 2017-08-30 14:39:20 +0000 | [diff] [blame] | 278 | |
| 279 | ################################## Discovery ################################## |
| 280 | |
| 281 | # Discovery infrastructure ensures nodes can be found within a cluster |
| 282 | # and master node is elected. Multicast discovery is the default. |
| 283 | |
| 284 | # Set to ensure a node sees N other master eligible nodes to be considered |
| 285 | # operational within the cluster. Its recommended to set it to a higher value |
| 286 | # than 1 when running more than 2 nodes in the cluster. |
| 287 | # |
| 288 | discovery.zen.minimum_master_nodes: 1 |
| 289 | |
| 290 | # Set the time to wait for ping responses from other nodes when discovering. |
| 291 | # Set this option to a higher value on a slow or congested network |
| 292 | # to minimize discovery failures: |
| 293 | # |
Edwin Lawrance | 0d4b4b5 | 2018-08-02 15:57:13 +0100 | [diff] [blame] | 294 | # discovery.zen.ping_timeout: 3s |
| 295 | discovery.zen.ping_timeout: 3s |
Mandeep Khinda | 2599c1d | 2017-08-30 14:39:20 +0000 | [diff] [blame] | 296 | |
| 297 | # For more information, see |
| 298 | # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-zen.html> |
| 299 | |
| 300 | # Unicast discovery allows to explicitly control which nodes will be used |
| 301 | # to discover the cluster. It can be used when multicast is not present, |
| 302 | # or to restrict the cluster communication-wise. |
| 303 | # |
| 304 | # 1. Disable multicast discovery (enabled by default): |
| 305 | # discovery.zen.ping.multicast.enabled: false |
Edwin Lawrance | 0d4b4b5 | 2018-08-02 15:57:13 +0100 | [diff] [blame] | 306 | #discovery.zen.ping.multicast.enabled: false |
Mandeep Khinda | 2599c1d | 2017-08-30 14:39:20 +0000 | [diff] [blame] | 307 | |
| 308 | |
| 309 | # 2. Configure an initial list of master nodes in the cluster |
| 310 | # to perform discovery when new nodes (master or data) are started: |
| 311 | # |
| 312 | # discovery.zen.ping.unicast.hosts: ["host1", "host2:port"] |
| 313 | discovery.zen.ping.unicast.hosts: ["0.0.0.0"] |
| 314 | |
| 315 | # EC2 discovery allows to use AWS EC2 API in order to perform discovery. |
| 316 | # |
| 317 | # You have to install the cloud-aws plugin for enabling the EC2 discovery. |
| 318 | # |
| 319 | # For more information, see |
| 320 | # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-ec2.html> |
| 321 | # |
| 322 | # |
| 323 | # See <http://elasticsearch.org/tutorials/elasticsearch-on-ec2/> |
| 324 | # for a step-by-step tutorial. |
| 325 | |
| 326 | # GCE discovery allows to use Google Compute Engine API in order to perform discovery. |
| 327 | # |
| 328 | # You have to install the cloud-gce plugin for enabling the GCE discovery. |
| 329 | # |
| 330 | # For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-gce>. |
| 331 | |
| 332 | # Azure discovery allows to use Azure API in order to perform discovery. |
| 333 | # |
| 334 | # You have to install the cloud-azure plugin for enabling the Azure discovery. |
| 335 | # |
| 336 | # For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-azure>. |
| 337 | |
| 338 | ################################## Slow Log ################################## |
| 339 | |
| 340 | # Shard level query and fetch threshold logging. |
| 341 | |
| 342 | #index.search.slowlog.threshold.query.warn: 10s |
| 343 | #index.search.slowlog.threshold.query.info: 5s |
| 344 | #index.search.slowlog.threshold.query.debug: 2s |
| 345 | #index.search.slowlog.threshold.query.trace: 500ms |
| 346 | |
| 347 | #index.search.slowlog.threshold.fetch.warn: 1s |
| 348 | #index.search.slowlog.threshold.fetch.info: 800ms |
| 349 | #index.search.slowlog.threshold.fetch.debug: 500ms |
| 350 | #index.search.slowlog.threshold.fetch.trace: 200ms |
| 351 | |
| 352 | #index.indexing.slowlog.threshold.index.warn: 10s |
| 353 | #index.indexing.slowlog.threshold.index.info: 5s |
| 354 | #index.indexing.slowlog.threshold.index.debug: 2s |
| 355 | #index.indexing.slowlog.threshold.index.trace: 500ms |
| 356 | |
| 357 | ################################## GC Logging ################################ |
| 358 | |
| 359 | #monitor.jvm.gc.young.warn: 1000ms |
| 360 | #monitor.jvm.gc.young.info: 700ms |
| 361 | #monitor.jvm.gc.young.debug: 400ms |
| 362 | |
| 363 | #monitor.jvm.gc.old.warn: 10s |
| 364 | #monitor.jvm.gc.old.info: 5s |
| 365 | #monitor.jvm.gc.old.debug: 2s |
| 366 | |
| 367 | ############################################################################################# |
| 368 | ### SEARCH GUARD SSL # |
| 369 | ### Configuration # |
| 370 | ############################################################################################### |
Edwin Lawrance | a1dd587 | 2019-03-05 10:30:33 +0000 | [diff] [blame^] | 371 | ######## Start Search Guard Demo Configuration ######## |
Mandeep Khinda | 2599c1d | 2017-08-30 14:39:20 +0000 | [diff] [blame] | 372 | |
Edwin Lawrance | a1dd587 | 2019-03-05 10:30:33 +0000 | [diff] [blame^] | 373 | searchguard.enterprise_modules_enabled: false |
Edwin Lawrance | 0d4b4b5 | 2018-08-02 15:57:13 +0100 | [diff] [blame] | 374 | |
Edwin Lawrance | a1dd587 | 2019-03-05 10:30:33 +0000 | [diff] [blame^] | 375 | searchguard.ssl.transport.keystore_filepath: sg/auth/{{ .Values.config.nodeKeyStore }} |
| 376 | searchguard.ssl.transport.keystore_password: {{ .Values.config.nodeKeyStorePassword }} |
| 377 | searchguard.ssl.transport.truststore_filepath: sg/auth/{{ .Values.config.trustStore }} |
| 378 | searchguard.ssl.transport.truststore_password: {{ .Values.config.trustStorePassword }} |
| 379 | searchguard.ssl.transport.enforce_hostname_verification: false |
| 380 | |
| 381 | searchguard.ssl.http.enabled: true |
| 382 | searchguard.ssl.http.keystore_filepath: sg/auth/{{ .Values.config.nodeKeyStore }} |
| 383 | searchguard.ssl.http.keystore_password: {{ .Values.config.nodeKeyStorePassword }} |
| 384 | searchguard.ssl.http.truststore_filepath: sg/auth/{{ .Values.config.trustStore }} |
| 385 | searchguard.ssl.http.truststore_password: {{ .Values.config.trustStorePassword }} |
| 386 | |
| 387 | searchguard.nodes_dn: |
| 388 | - CN=esaai |
| 389 | |
| 390 | searchguard.authcz.admin_dn: |
| 391 | - CN=sgadmin |
| 392 | |
| 393 | # x-pack security conflicts with searchguard |
Edwin Lawrance | 0d4b4b5 | 2018-08-02 15:57:13 +0100 | [diff] [blame] | 394 | xpack.security.enabled: false |
| 395 | xpack.ml.enabled: false |
| 396 | xpack.monitoring.enabled: false |
| 397 | xpack.watcher.enabled: false |