blob: 822ae32f1030c6b3516fed2734125c86a182bd56 [file] [log] [blame]
Mandeep Khinda2599c1d2017-08-30 14:39:20 +00001##################### Elasticsearch Configuration Example #####################
2
3# This file contains an overview of various configuration settings,
4# targeted at operations staff. Application developers should
5# consult the guide at <http://elasticsearch.org/guide>.
6#
7# The installation procedure is covered at
8# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup.html>.
9#
10# Elasticsearch comes with reasonable defaults for most settings,
11# so you can try it out without bothering with configuration.
12#
13# Most of the time, these defaults are just fine for running a production
14# cluster. If you're fine-tuning your cluster, or wondering about the
15# effect of certain configuration option, please _do ask_ on the
16# mailing list or IRC channel [http://elasticsearch.org/community].
17
18# Any element in the configuration can be replaced with environment variables
19# by placing them in ${...} notation. For example:
20#
21# node.rack: ${RACK_ENV_VAR}
22
23# For information on supported formats and syntax for the config file, see
24# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup-configuration.html>
25################################### Cluster ###################################
26
27# Cluster name identifies your cluster for auto-discovery. If you're running
28# multiple clusters on the same network, make sure you're using unique names.
29#
30# cluster.name: elasticsearch
31
32cluster.name: ES_AAI
33
34#################################### Node #####################################
35
36node.name: ES_ONAP
37node.master: true
38node.data: true
39
40
41# Use the Cluster Health API [http://localhost:9200/_cluster/health], the
42# Node Info API [http://localhost:9200/_nodes] or GUI tools
43# such as <http://www.elasticsearch.org/overview/marvel/>,
44# <http://github.com/karmi/elasticsearch-paramedic>,
45# <http://github.com/lukas-vlcek/bigdesk> and
46# <http://mobz.github.com/elasticsearch-head> to inspect the cluster state.
47
48# By default, multiple nodes are allowed to start from the same installation location
49# to disable it, set the following:
50
51node.max_local_storage_nodes: 1
52
53
54#################################### Index ####################################
55# You can set a number of options (such as shard/replica options, mapping
56# or analyzer definitions, translog settings, ...) for indices globally,
57# in this file.
58#
59# Note, that it makes more sense to configure index settings specifically for
60# a certain index, either when creating it or by using the index templates API.
61#
62# See <http://elasticsearch.org/guide/en/elasticsearch/reference/current/index-modules.html> and
63# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/indices-create-index.html>
64# for more information.
65
66# Set the number of shards (splits) of an index (5 by default):
67
68index.number_of_shards: 5
69
70# Set the number of replicas (additional copies) of an index (1 by default):
71
72index.number_of_replicas: 1
73
74# These settings directly affect the performance of index and search operations
75# in your cluster. Assuming you have enough machines to hold shards and
76# replicas, the rule of thumb is:
77#
78# 1. Having more *shards* enhances the _indexing_ performance and allows to
79# _distribute_ a big index across machines.
80# 2. Having more *replicas* enhances the _search_ performance and improves the
81# cluster _availability_.
82#
83# The "number_of_shards" is a one-time setting for an index.
84#
85# The "number_of_replicas" can be increased or decreased anytime,
86# by using the Index Update Settings API.
87#
88# Elasticsearch takes care about load balancing, relocating, gathering the
89# results from nodes, etc. Experiment with different settings to fine-tune
90# your setup.
91
92# Use the Index Status API (<http://localhost:9200/A/_status>) to inspect
93# the index status.
94
95
96#################################### Paths ####################################
97
98# Path to directory containing configuration (this file and logging.yml):
99#path.conf: /opt/app/elasticsearch/config
100
101# Path to directory where to store index data allocated for this node.
102# Use swm auto link to redirect the data directory if necessary.
103
104#path.data: /opt/app/elasticsearch/data
105
106# path.data: /path/to/data1,/path/to/data2
107
108# path.work: /path/to/work
109
110#path.logs: /opt/app/elasticsearch/logs
111
112#path.plugins: /opt/app/elasticsearch/plugins
113
114
115#################################### Plugin ###################################
116
117# If a plugin listed here is not installed for current node, the node will not start.
118#
119# plugin.mandatory: mapper-attachments,lang-groovy
120
121
122################################### Memory ####################################
123
124# Elasticsearch performs poorly when JVM starts swapping: you should ensure that
125# it _never_ swaps.
126#
127# Set this property to true to lock the memory: default is true
128
129bootstrap.mlockall: true
130
131# Make sure that the ES_MIN_MEM and ES_MAX_MEM environment variables are set
132# to the same value, and that the machine has enough memory to allocate
133# for Elasticsearch, leaving enough memory for the operating system itself.
134#
135# You should also make sure that the Elasticsearch process is allowed to lock
136# the memory, eg. by using `ulimit -l unlimited`.
137
138
139############################## Network And HTTP ###############################
140# Elasticsearch, by default, binds itself to the 0.0.0.0 address, and listens
141# on port [9200-9300] for HTTP traffic and on port [9300-9400] for node-to-node
142# communication. (the range means that if the port is busy, it will automatically
143# try the next port).
144
145# Set the bind address specifically (IPv4 or IPv6):
146network.bind_host: 0.0.0.0
147
148# Set the address other nodes will use to communicate with this node. If not
149# set, it is automatically derived. It must point to an actual IP address.
150
151# network.publish_host: 0.0.0.0
152
153# Set both 'bind_host' and 'publish_host':
154# network.host: 192.168.0.1
155
156
157# Set a custom port for the node to node communication (9300 by default):
kj9bf27312018-03-19 15:07:44 +0200158transport.tcp.port: {{ .Values.config.tcpPort }}
Mandeep Khinda2599c1d2017-08-30 14:39:20 +0000159
160# Enable compression for all communication between nodes (disabled by default):
161transport.tcp.compress: false
162
163# Set a custom port to listen for HTTP traffic:
164# http.port: 9200
kj9bf27312018-03-19 15:07:44 +0200165http.port: {{ .Values.service.internalPort }}
Mandeep Khinda2599c1d2017-08-30 14:39:20 +0000166
167# Set a custom allowed content length:
168# http.max_content_length: 100mb
169http.max_content_length: 100mb
170
171# Disable HTTP completely:
172# http.enabled: false
173http.enabled: true
174
175# This is specifically useful for permitting which front end Kibana Url's are permitted to access elastic search.
176http.cors.enabled: false
177http.cors.allow-origin: "/.*/"
178http.cors.allow-headers: X-Requested-With, Content-Type, Content-Length
179http.cors.allow-credentials: false
180################################### Gateway ###################################
181
182# The gateway allows for persisting the cluster state between full cluster
183# restarts. Every change to the state (such as adding an index) will be stored
184# in the gateway, and when the cluster starts up for the first time,
185# it will read its state from the gateway.
186# There are several types of gateway implementations. For more information, see
187# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-gateway.html>.
188
189# The default gateway type is the "local" gateway (recommended):
190#
191#gateway.type: local
192#gateway.type: local
193
194# Settings below control how and when to start the initial recovery process on
195# a full cluster restart (to reuse as much local data as possible when using shared
196# gateway).
197
198# Allow recovery process after N nodes in a cluster are up:
199#
200# gateway.recover_after_nodes: 1
201gateway.recover_after_nodes: 1
202
203# Set the timeout to initiate the recovery process, once the N nodes
204# from previous setting are up (accepts time value):
205#
206#gateway.recover_after_time: 5m
207gateway.recover_after_time: 5m
208
209# Set how many nodes are expected in this cluster. Once these N nodes
210# are up (and recover_after_nodes is met), begin recovery process immediately
211# (without waiting for recover_after_time to expire):
212#
213# gateway.expected_nodes: 2
214gateway.expected_nodes: 2
215
216############################# Recovery Throttling #############################
217
218# These settings allow to control the process of shards allocation between
219# nodes during initial recovery, replica allocation, rebalancing,
220# or when adding and removing nodes.
221
222# Set the number of concurrent recoveries happening on a node:
223#
224# 1. During the initial recovery
225#
226# cluster.routing.allocation.node_initial_primaries_recoveries: 4
227#
228# 2. During adding/removing nodes, rebalancing, etc
229#
230# cluster.routing.allocation.node_concurrent_recoveries: 2
231
232# Set to throttle throughput when recovering (eg. 100mb, by default 20mb):
233# indices.recovery.max_bytes_per_sec: 20mb
234indices.recovery.max_bytes_per_sec: 20mb
235
236# Set to limit the number of open concurrent streams when
237# recovering a shard from a peer:
238#
239# indices.recovery.concurrent_streams: 5
240indices.recovery.concurrent_streams: 5
241
242################################## Discovery ##################################
243
244# Discovery infrastructure ensures nodes can be found within a cluster
245# and master node is elected. Multicast discovery is the default.
246
247# Set to ensure a node sees N other master eligible nodes to be considered
248# operational within the cluster. Its recommended to set it to a higher value
249# than 1 when running more than 2 nodes in the cluster.
250#
251discovery.zen.minimum_master_nodes: 1
252
253# Set the time to wait for ping responses from other nodes when discovering.
254# Set this option to a higher value on a slow or congested network
255# to minimize discovery failures:
256#
257# discovery.zen.ping.timeout: 3s
258discovery.zen.ping.timeout:
259
260# For more information, see
261# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-zen.html>
262
263# Unicast discovery allows to explicitly control which nodes will be used
264# to discover the cluster. It can be used when multicast is not present,
265# or to restrict the cluster communication-wise.
266#
267# 1. Disable multicast discovery (enabled by default):
268# discovery.zen.ping.multicast.enabled: false
269discovery.zen.ping.multicast.enabled: false
270
271
272# 2. Configure an initial list of master nodes in the cluster
273# to perform discovery when new nodes (master or data) are started:
274#
275# discovery.zen.ping.unicast.hosts: ["host1", "host2:port"]
276discovery.zen.ping.unicast.hosts: ["0.0.0.0"]
277
278# EC2 discovery allows to use AWS EC2 API in order to perform discovery.
279#
280# You have to install the cloud-aws plugin for enabling the EC2 discovery.
281#
282# For more information, see
283# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-ec2.html>
284#
285#
286# See <http://elasticsearch.org/tutorials/elasticsearch-on-ec2/>
287# for a step-by-step tutorial.
288
289# GCE discovery allows to use Google Compute Engine API in order to perform discovery.
290#
291# You have to install the cloud-gce plugin for enabling the GCE discovery.
292#
293# For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-gce>.
294
295# Azure discovery allows to use Azure API in order to perform discovery.
296#
297# You have to install the cloud-azure plugin for enabling the Azure discovery.
298#
299# For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-azure>.
300
301################################## Slow Log ##################################
302
303# Shard level query and fetch threshold logging.
304
305#index.search.slowlog.threshold.query.warn: 10s
306#index.search.slowlog.threshold.query.info: 5s
307#index.search.slowlog.threshold.query.debug: 2s
308#index.search.slowlog.threshold.query.trace: 500ms
309
310#index.search.slowlog.threshold.fetch.warn: 1s
311#index.search.slowlog.threshold.fetch.info: 800ms
312#index.search.slowlog.threshold.fetch.debug: 500ms
313#index.search.slowlog.threshold.fetch.trace: 200ms
314
315#index.indexing.slowlog.threshold.index.warn: 10s
316#index.indexing.slowlog.threshold.index.info: 5s
317#index.indexing.slowlog.threshold.index.debug: 2s
318#index.indexing.slowlog.threshold.index.trace: 500ms
319
320################################## GC Logging ################################
321
322#monitor.jvm.gc.young.warn: 1000ms
323#monitor.jvm.gc.young.info: 700ms
324#monitor.jvm.gc.young.debug: 400ms
325
326#monitor.jvm.gc.old.warn: 10s
327#monitor.jvm.gc.old.info: 5s
328#monitor.jvm.gc.old.debug: 2s
329
330#############################################################################################
331### SEARCH GUARD SSL #
332### Configuration #
333###############################################################################################
334## Uncomment all lines below prefixed with #X# (globally remove #X#) for searchguard
335##
336###############################################################################################
337### Transport layer SSL #
338### #
339###############################################################################################
340### Enable or disable node-to-node ssl encryption (default: true)
341#X#searchguard.ssl.transport.enable_openssl_if_available: true
342#X#searchguard.ssl.transport.enabled: true
343### JKS or PKCS12 (default: JKS)
344#X#searchguard.ssl.transport.keystore_type: JKS
345### Relative path to the keystore file (mandatory, this stores the server certificates), must be placed under the config/ dir
346#X#searchguard.ssl.transport.keystore_filepath: /some/path
347### Alias name (default: first alias which could be found)
348###searchguard.ssl.transport.keystore_alias: localhost
349### Keystore password (default: changeit)
350#X#searchguard.ssl.transport.keystore_password: changeit
351##
352### JKS or PKCS12 (default: JKS)
353#X#searchguard.ssl.transport.truststore_type: JKS
354### Relative path to the truststore file (mandatory, this stores the client/root certificates), must be placed under the config/ dir
355#X#searchguard.ssl.transport.truststore_filepath: truststore.jks
356### Alias name (default: first alias which could be found)
357###searchguard.ssl.transport.truststore_alias: my_alias
358### Truststore password (default: changeit)
359#X#searchguard.ssl.transport.truststore_password: changeit
360### Enforce hostname verification (default: true)
361###searchguard.ssl.transport.enforce_hostname_verification: true
362### If hostname verification specify if hostname should be resolved (default: true)
363###searchguard.ssl.transport.resolve_hostname: true
364### Use native Open SSL instead of JDK SSL if available (default: true)
365###searchguard.ssl.transport.enable_openssl_if_available: false
366##
367###############################################################################################
368### HTTP/REST layer SSL #
369### #
370###############################################################################################
371### Enable or disable rest layer security - https, (default: false)
372#X#searchguard.ssl.http.enable_openssl_if_available: true
373#X#searchguard.ssl.http.enabled: true
374### JKS or PKCS12 (default: JKS)
375#X#searchguard.ssl.http.keystore_type: JKS
376### Relative path to the keystore file (this stores the server certificates), must be placed under the config/ dir
377#X#searchguard.ssl.http.keystore_filepath: /keystore/path
378### Alias name (default: first alias which could be found)
379###searchguard.ssl.http.keystore_alias: my_alias
380### Keystore password (default: changeit)
381#X#searchguard.ssl.http.keystore_password: changeit
382### Do the clients (typically the browser or the proxy) have to authenticate themself to the http server, default is OPTIONAL
383### To enforce authentication use REQUIRE, to completely disable client certificates use NONE
384###searchguard.ssl.http.clientauth_mode: REQUIRE
385### JKS or PKCS12 (default: JKS)
386#X#searchguard.ssl.http.truststore_type: JKS
387### Relative path to the truststore file (this stores the client certificates), must be placed under the config/ dir
388#X#searchguard.ssl.http.truststore_filepath: truststore.jks
389### Alias name (default: first alias which could be found)
390###searchguard.ssl.http.truststore_alias: my_alias
391### Truststore password (default: changeit)
392#X#searchguard.ssl.http.truststore_password: changeit
393### Use native Open SSL instead of JDK SSL if available (default: true)
394###searchguard.ssl.http.enable_openssl_if_available: false
395
396#####################################################
397##### Security manager - Searchguard Configuration
398#####################################################
399#X#security.manager.enabled: false
400#X#searchguard.authcz.admin_dn: