blob: 87536e3faa6d33ca630810c396f2bfea601e47bd [file] [log] [blame]
toshrajbhardwajf4fc1c62018-08-06 07:35:14 +00001# Copyright © 2018 Amdocs, Bell Canada, AT&T
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15
Mandeep Khinda2599c1d2017-08-30 14:39:20 +000016##################### Elasticsearch Configuration Example #####################
17
18# This file contains an overview of various configuration settings,
19# targeted at operations staff. Application developers should
20# consult the guide at <http://elasticsearch.org/guide>.
21#
22# The installation procedure is covered at
23# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup.html>.
24#
25# Elasticsearch comes with reasonable defaults for most settings,
26# so you can try it out without bothering with configuration.
27#
28# Most of the time, these defaults are just fine for running a production
29# cluster. If you're fine-tuning your cluster, or wondering about the
30# effect of certain configuration option, please _do ask_ on the
31# mailing list or IRC channel [http://elasticsearch.org/community].
32
33# Any element in the configuration can be replaced with environment variables
34# by placing them in ${...} notation. For example:
35#
36# node.rack: ${RACK_ENV_VAR}
37
38# For information on supported formats and syntax for the config file, see
39# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup-configuration.html>
40################################### Cluster ###################################
41
42# Cluster name identifies your cluster for auto-discovery. If you're running
43# multiple clusters on the same network, make sure you're using unique names.
44#
45# cluster.name: elasticsearch
46
47cluster.name: ES_AAI
48
49#################################### Node #####################################
50
51node.name: ES_ONAP
52node.master: true
53node.data: true
54
55
56# Use the Cluster Health API [http://localhost:9200/_cluster/health], the
57# Node Info API [http://localhost:9200/_nodes] or GUI tools
58# such as <http://www.elasticsearch.org/overview/marvel/>,
59# <http://github.com/karmi/elasticsearch-paramedic>,
60# <http://github.com/lukas-vlcek/bigdesk> and
61# <http://mobz.github.com/elasticsearch-head> to inspect the cluster state.
62
63# By default, multiple nodes are allowed to start from the same installation location
64# to disable it, set the following:
65
66node.max_local_storage_nodes: 1
67
68
69#################################### Index ####################################
70# You can set a number of options (such as shard/replica options, mapping
71# or analyzer definitions, translog settings, ...) for indices globally,
72# in this file.
73#
74# Note, that it makes more sense to configure index settings specifically for
75# a certain index, either when creating it or by using the index templates API.
76#
77# See <http://elasticsearch.org/guide/en/elasticsearch/reference/current/index-modules.html> and
78# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/indices-create-index.html>
79# for more information.
80
81# Set the number of shards (splits) of an index (5 by default):
82
Edwin Lawrance0d4b4b52018-08-02 15:57:13 +010083#index.number_of_shards: 5
Mandeep Khinda2599c1d2017-08-30 14:39:20 +000084
85# Set the number of replicas (additional copies) of an index (1 by default):
86
Edwin Lawrance0d4b4b52018-08-02 15:57:13 +010087#index.number_of_replicas: 1
Mandeep Khinda2599c1d2017-08-30 14:39:20 +000088
89# These settings directly affect the performance of index and search operations
90# in your cluster. Assuming you have enough machines to hold shards and
91# replicas, the rule of thumb is:
92#
93# 1. Having more *shards* enhances the _indexing_ performance and allows to
94# _distribute_ a big index across machines.
95# 2. Having more *replicas* enhances the _search_ performance and improves the
96# cluster _availability_.
97#
98# The "number_of_shards" is a one-time setting for an index.
99#
100# The "number_of_replicas" can be increased or decreased anytime,
101# by using the Index Update Settings API.
102#
103# Elasticsearch takes care about load balancing, relocating, gathering the
104# results from nodes, etc. Experiment with different settings to fine-tune
105# your setup.
106
107# Use the Index Status API (<http://localhost:9200/A/_status>) to inspect
108# the index status.
109
110
111#################################### Paths ####################################
112
113# Path to directory containing configuration (this file and logging.yml):
114#path.conf: /opt/app/elasticsearch/config
115
116# Path to directory where to store index data allocated for this node.
117# Use swm auto link to redirect the data directory if necessary.
118
Edwin Lawrance0d4b4b52018-08-02 15:57:13 +0100119path.data: /usr/share/elasticsearch/data
Mandeep Khinda2599c1d2017-08-30 14:39:20 +0000120
121# path.data: /path/to/data1,/path/to/data2
122
123# path.work: /path/to/work
124
Edwin Lawrance0d4b4b52018-08-02 15:57:13 +0100125path.logs: /usr/share/elasticsearch/logs
Mandeep Khinda2599c1d2017-08-30 14:39:20 +0000126
127#path.plugins: /opt/app/elasticsearch/plugins
128
129
130#################################### Plugin ###################################
131
132# If a plugin listed here is not installed for current node, the node will not start.
133#
134# plugin.mandatory: mapper-attachments,lang-groovy
135
136
137################################### Memory ####################################
138
139# Elasticsearch performs poorly when JVM starts swapping: you should ensure that
140# it _never_ swaps.
141#
142# Set this property to true to lock the memory: default is true
143
Edwin Lawrance0d4b4b52018-08-02 15:57:13 +0100144#bootstrap.memory_lock: true
Mandeep Khinda2599c1d2017-08-30 14:39:20 +0000145
146# Make sure that the ES_MIN_MEM and ES_MAX_MEM environment variables are set
147# to the same value, and that the machine has enough memory to allocate
148# for Elasticsearch, leaving enough memory for the operating system itself.
149#
150# You should also make sure that the Elasticsearch process is allowed to lock
151# the memory, eg. by using `ulimit -l unlimited`.
152
Edwin Lawrance0d4b4b52018-08-02 15:57:13 +0100153### Kernel Settings
154
155# Elasticsearch installs system call filters of various flavors depending on the
156# operating system (e.g., seccomp on Linux). These system call filters are
157# installed to prevent the ability to execute system calls related to forking
158# as a defense mechanism against arbitrary code execution attacks on
159# Elasticsearch The system call filter check ensures that if system call
160# filters are enabled, then they were successfully installed. To pass the system
161# call filter check you must either fix any configuration errors on your system
162# that prevented system call filters from installing (check your logs), or at
163# your own risk disable system call filters by setting
164# bootstrap.system_call_filter to false.
165# See: https://www.elastic.co/guide/en/elasticsearch/reference/current/system-call-filter-check.html
166#
167# seccomp is found in Linux kernels: 2.6.37–2.6.39, 3.0–3.19, 4.0–4.9,
168# 4.10-rc+HEAD
169#
170# The default setting is to disable the filters assuming an older kernel
171# version where seccomp is not available.
172# See: https://discuss.elastic.co/t/elasticsearch-warn-unable-to-install-syscall-filter/42819
173
174bootstrap.system_call_filter: false
Mandeep Khinda2599c1d2017-08-30 14:39:20 +0000175
176############################## Network And HTTP ###############################
177# Elasticsearch, by default, binds itself to the 0.0.0.0 address, and listens
178# on port [9200-9300] for HTTP traffic and on port [9300-9400] for node-to-node
179# communication. (the range means that if the port is busy, it will automatically
180# try the next port).
181
182# Set the bind address specifically (IPv4 or IPv6):
183network.bind_host: 0.0.0.0
184
185# Set the address other nodes will use to communicate with this node. If not
186# set, it is automatically derived. It must point to an actual IP address.
187
188# network.publish_host: 0.0.0.0
189
190# Set both 'bind_host' and 'publish_host':
191# network.host: 192.168.0.1
192
193
194# Set a custom port for the node to node communication (9300 by default):
Edwin Lawrancea1dd5872019-03-05 10:30:33 +0000195transport.tcp.port: {{ .Values.service.internalPort2 }}
Mandeep Khinda2599c1d2017-08-30 14:39:20 +0000196
197# Enable compression for all communication between nodes (disabled by default):
198transport.tcp.compress: false
199
200# Set a custom port to listen for HTTP traffic:
201# http.port: 9200
kj9bf27312018-03-19 15:07:44 +0200202http.port: {{ .Values.service.internalPort }}
Mandeep Khinda2599c1d2017-08-30 14:39:20 +0000203
204# Set a custom allowed content length:
205# http.max_content_length: 100mb
206http.max_content_length: 100mb
207
208# Disable HTTP completely:
209# http.enabled: false
210http.enabled: true
211
212# This is specifically useful for permitting which front end Kibana Url's are permitted to access elastic search.
213http.cors.enabled: false
214http.cors.allow-origin: "/.*/"
215http.cors.allow-headers: X-Requested-With, Content-Type, Content-Length
216http.cors.allow-credentials: false
217################################### Gateway ###################################
218
219# The gateway allows for persisting the cluster state between full cluster
220# restarts. Every change to the state (such as adding an index) will be stored
221# in the gateway, and when the cluster starts up for the first time,
222# it will read its state from the gateway.
223# There are several types of gateway implementations. For more information, see
224# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-gateway.html>.
225
226# The default gateway type is the "local" gateway (recommended):
227#
228#gateway.type: local
229#gateway.type: local
230
231# Settings below control how and when to start the initial recovery process on
232# a full cluster restart (to reuse as much local data as possible when using shared
233# gateway).
234
235# Allow recovery process after N nodes in a cluster are up:
236#
237# gateway.recover_after_nodes: 1
238gateway.recover_after_nodes: 1
239
240# Set the timeout to initiate the recovery process, once the N nodes
241# from previous setting are up (accepts time value):
242#
243#gateway.recover_after_time: 5m
244gateway.recover_after_time: 5m
245
246# Set how many nodes are expected in this cluster. Once these N nodes
247# are up (and recover_after_nodes is met), begin recovery process immediately
248# (without waiting for recover_after_time to expire):
249#
250# gateway.expected_nodes: 2
251gateway.expected_nodes: 2
252
253############################# Recovery Throttling #############################
254
255# These settings allow to control the process of shards allocation between
256# nodes during initial recovery, replica allocation, rebalancing,
257# or when adding and removing nodes.
258
259# Set the number of concurrent recoveries happening on a node:
260#
261# 1. During the initial recovery
262#
263# cluster.routing.allocation.node_initial_primaries_recoveries: 4
264#
265# 2. During adding/removing nodes, rebalancing, etc
266#
267# cluster.routing.allocation.node_concurrent_recoveries: 2
268
269# Set to throttle throughput when recovering (eg. 100mb, by default 20mb):
270# indices.recovery.max_bytes_per_sec: 20mb
271indices.recovery.max_bytes_per_sec: 20mb
272
273# Set to limit the number of open concurrent streams when
274# recovering a shard from a peer:
275#
276# indices.recovery.concurrent_streams: 5
Edwin Lawrance0d4b4b52018-08-02 15:57:13 +0100277#indices.recovery.concurrent_streams: 5
Mandeep Khinda2599c1d2017-08-30 14:39:20 +0000278
279################################## Discovery ##################################
280
281# Discovery infrastructure ensures nodes can be found within a cluster
282# and master node is elected. Multicast discovery is the default.
283
284# Set to ensure a node sees N other master eligible nodes to be considered
285# operational within the cluster. Its recommended to set it to a higher value
286# than 1 when running more than 2 nodes in the cluster.
287#
288discovery.zen.minimum_master_nodes: 1
289
290# Set the time to wait for ping responses from other nodes when discovering.
291# Set this option to a higher value on a slow or congested network
292# to minimize discovery failures:
293#
Edwin Lawrance0d4b4b52018-08-02 15:57:13 +0100294# discovery.zen.ping_timeout: 3s
295discovery.zen.ping_timeout: 3s
Mandeep Khinda2599c1d2017-08-30 14:39:20 +0000296
297# For more information, see
298# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-zen.html>
299
300# Unicast discovery allows to explicitly control which nodes will be used
301# to discover the cluster. It can be used when multicast is not present,
302# or to restrict the cluster communication-wise.
303#
304# 1. Disable multicast discovery (enabled by default):
305# discovery.zen.ping.multicast.enabled: false
Edwin Lawrance0d4b4b52018-08-02 15:57:13 +0100306#discovery.zen.ping.multicast.enabled: false
Mandeep Khinda2599c1d2017-08-30 14:39:20 +0000307
308
309# 2. Configure an initial list of master nodes in the cluster
310# to perform discovery when new nodes (master or data) are started:
311#
312# discovery.zen.ping.unicast.hosts: ["host1", "host2:port"]
313discovery.zen.ping.unicast.hosts: ["0.0.0.0"]
314
315# EC2 discovery allows to use AWS EC2 API in order to perform discovery.
316#
317# You have to install the cloud-aws plugin for enabling the EC2 discovery.
318#
319# For more information, see
320# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-ec2.html>
321#
322#
323# See <http://elasticsearch.org/tutorials/elasticsearch-on-ec2/>
324# for a step-by-step tutorial.
325
326# GCE discovery allows to use Google Compute Engine API in order to perform discovery.
327#
328# You have to install the cloud-gce plugin for enabling the GCE discovery.
329#
330# For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-gce>.
331
332# Azure discovery allows to use Azure API in order to perform discovery.
333#
334# You have to install the cloud-azure plugin for enabling the Azure discovery.
335#
336# For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-azure>.
337
338################################## Slow Log ##################################
339
340# Shard level query and fetch threshold logging.
341
342#index.search.slowlog.threshold.query.warn: 10s
343#index.search.slowlog.threshold.query.info: 5s
344#index.search.slowlog.threshold.query.debug: 2s
345#index.search.slowlog.threshold.query.trace: 500ms
346
347#index.search.slowlog.threshold.fetch.warn: 1s
348#index.search.slowlog.threshold.fetch.info: 800ms
349#index.search.slowlog.threshold.fetch.debug: 500ms
350#index.search.slowlog.threshold.fetch.trace: 200ms
351
352#index.indexing.slowlog.threshold.index.warn: 10s
353#index.indexing.slowlog.threshold.index.info: 5s
354#index.indexing.slowlog.threshold.index.debug: 2s
355#index.indexing.slowlog.threshold.index.trace: 500ms
356
357################################## GC Logging ################################
358
359#monitor.jvm.gc.young.warn: 1000ms
360#monitor.jvm.gc.young.info: 700ms
361#monitor.jvm.gc.young.debug: 400ms
362
363#monitor.jvm.gc.old.warn: 10s
364#monitor.jvm.gc.old.info: 5s
365#monitor.jvm.gc.old.debug: 2s
366
367#############################################################################################
368### SEARCH GUARD SSL #
369### Configuration #
370###############################################################################################
Edwin Lawrancea1dd5872019-03-05 10:30:33 +0000371######## Start Search Guard Demo Configuration ########
Mandeep Khinda2599c1d2017-08-30 14:39:20 +0000372
Edwin Lawrancea1dd5872019-03-05 10:30:33 +0000373searchguard.enterprise_modules_enabled: false
Edwin Lawrance0d4b4b52018-08-02 15:57:13 +0100374
Edwin Lawrancea1dd5872019-03-05 10:30:33 +0000375searchguard.ssl.transport.keystore_filepath: sg/auth/{{ .Values.config.nodeKeyStore }}
376searchguard.ssl.transport.keystore_password: {{ .Values.config.nodeKeyStorePassword }}
377searchguard.ssl.transport.truststore_filepath: sg/auth/{{ .Values.config.trustStore }}
378searchguard.ssl.transport.truststore_password: {{ .Values.config.trustStorePassword }}
379searchguard.ssl.transport.enforce_hostname_verification: false
380
381searchguard.ssl.http.enabled: true
382searchguard.ssl.http.keystore_filepath: sg/auth/{{ .Values.config.nodeKeyStore }}
383searchguard.ssl.http.keystore_password: {{ .Values.config.nodeKeyStorePassword }}
384searchguard.ssl.http.truststore_filepath: sg/auth/{{ .Values.config.trustStore }}
385searchguard.ssl.http.truststore_password: {{ .Values.config.trustStorePassword }}
386
387searchguard.nodes_dn:
388 - CN=esaai
389
390searchguard.authcz.admin_dn:
391 - CN=sgadmin
392
393# x-pack security conflicts with searchguard
Edwin Lawrance0d4b4b52018-08-02 15:57:13 +0100394xpack.security.enabled: false
395xpack.ml.enabled: false
396xpack.monitoring.enabled: false
397xpack.watcher.enabled: false