156 lines
6.4 KiB
YAML
156 lines
6.4 KiB
YAML
# ======================== OpenSearch Configuration =========================
|
|
#
|
|
# NOTE: OpenSearch comes with reasonable defaults for most settings.
|
|
# Before you set out to tweak and tune the configuration, make sure you
|
|
# understand what are you trying to accomplish and the consequences.
|
|
#
|
|
# The primary way of configuring a node is via this file. This template lists
|
|
# the most important settings you may want to configure for a production cluster.
|
|
#
|
|
# Please consult the documentation for further information on configuration options:
|
|
# https://www.opensearch.org
|
|
#
|
|
# ---------------------------------- Cluster -----------------------------------
|
|
#
|
|
# Use a descriptive name for your cluster:
|
|
#
|
|
#cluster.name: my-application
|
|
#
|
|
# ------------------------------------ Node ------------------------------------
|
|
#
|
|
# Use a descriptive name for the node:
|
|
#
|
|
#node.name: node-1
|
|
#
|
|
# Add custom attributes to the node:
|
|
#
|
|
#node.attr.rack: r1
|
|
#
|
|
# ----------------------------------- Paths ------------------------------------
|
|
#
|
|
# Path to directory where to store the data (separate multiple locations by comma):
|
|
#
|
|
path.data: /var/lib/opensearch
|
|
#
|
|
# Path to log files:
|
|
#
|
|
path.logs: /var/log/opensearch
|
|
#
|
|
# ----------------------------------- Memory -----------------------------------
|
|
#
|
|
# Lock the memory on startup:
|
|
#
|
|
#bootstrap.memory_lock: true
|
|
#
|
|
# Make sure that the heap size is set to about half the memory available
|
|
# on the system and that the owner of the process is allowed to use this
|
|
# limit.
|
|
#
|
|
# OpenSearch performs poorly when the system is swapping the memory.
|
|
#
|
|
# ---------------------------------- Network -----------------------------------
|
|
#
|
|
# Set the bind address to a specific IP (IPv4 or IPv6):
|
|
#
|
|
#network.host: 192.168.0.1
|
|
#
|
|
# Set a custom port for HTTP:
|
|
#
|
|
#http.port: 9200
|
|
#
|
|
# For more information, consult the network module documentation.
|
|
#
|
|
# --------------------------------- Discovery ----------------------------------
|
|
#
|
|
# Pass an initial list of hosts to perform discovery when this node is started:
|
|
# The default list of hosts is ["127.0.0.1", "[::1]"]
|
|
#
|
|
#discovery.seed_hosts: ["host1", "host2"]
|
|
#
|
|
# Bootstrap the cluster using an initial set of cluster-manager-eligible nodes:
|
|
#
|
|
#cluster.initial_cluster_manager_nodes: ["node-1", "node-2"]
|
|
#
|
|
# For more information, consult the discovery and cluster formation module documentation.
|
|
#
|
|
# ---------------------------------- Gateway -----------------------------------
|
|
#
|
|
# Block initial recovery after a full cluster restart until N nodes are started:
|
|
#
|
|
#gateway.recover_after_data_nodes: 3
|
|
#
|
|
# For more information, consult the gateway module documentation.
|
|
#
|
|
# ---------------------------------- Various -----------------------------------
|
|
#
|
|
# Require explicit names when deleting indices:
|
|
#
|
|
#action.destructive_requires_name: true
|
|
#
|
|
# ---------------------------------- Remote Store -----------------------------------
|
|
# Controls whether cluster imposes index creation only with remote store enabled
|
|
# cluster.remote_store.enabled: true
|
|
#
|
|
# Repository to use for segment upload while enforcing remote store for an index
|
|
# node.attr.remote_store.segment.repository: my-repo-1
|
|
#
|
|
# Repository to use for translog upload while enforcing remote store for an index
|
|
# node.attr.remote_store.translog.repository: my-repo-1
|
|
#
|
|
# ---------------------------------- Experimental Features -----------------------------------
|
|
# Gates the visibility of the experimental segment replication features until they are production ready.
|
|
#
|
|
#opensearch.experimental.feature.segment_replication_experimental.enabled: false
|
|
#
|
|
# Gates the functionality of a new parameter to the snapshot restore API
|
|
# that allows for creation of a new index type that searches a snapshot
|
|
# directly in a remote repository without restoring all index data to disk
|
|
# ahead of time.
|
|
#
|
|
#opensearch.experimental.feature.searchable_snapshot.enabled: false
|
|
#
|
|
#
|
|
# Gates the functionality of enabling extensions to work with OpenSearch.
|
|
# This feature enables applications to extend features of OpenSearch outside of
|
|
# the core.
|
|
#
|
|
#opensearch.experimental.feature.extensions.enabled: false
|
|
#
|
|
#
|
|
# Gates the optimization of datetime formatters caching along with change in default datetime formatter
|
|
# Once there is no observed impact on performance, this feature flag can be removed.
|
|
#
|
|
#opensearch.experimental.optimization.datetime_formatter_caching.enabled: false
|
|
|
|
|
|
######## Start OpenSearch Security Demo Configuration ########
|
|
# WARNING: revise all the lines below before you go into production
|
|
plugins.security.ssl.transport.pemcert_filepath: esnode.pem
|
|
plugins.security.ssl.transport.pemkey_filepath: esnode-key.pem
|
|
plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
|
|
plugins.security.ssl.transport.enforce_hostname_verification: false
|
|
plugins.security.ssl.http.enabled: true
|
|
plugins.security.ssl.http.pemcert_filepath: esnode.pem
|
|
plugins.security.ssl.http.pemkey_filepath: esnode-key.pem
|
|
plugins.security.ssl.http.pemtrustedcas_filepath: root-ca.pem
|
|
plugins.security.allow_unsafe_democertificates: true
|
|
plugins.security.allow_default_init_securityindex: true
|
|
plugins.security.authcz.admin_dn: ['CN=kirk,OU=client,O=client,L=test,C=de']
|
|
plugins.security.audit.type: internal_opensearch
|
|
plugins.security.enable_snapshot_restore_privilege: true
|
|
plugins.security.check_snapshot_restore_write_privileges: true
|
|
plugins.security.restapi.roles_enabled: [all_access, security_rest_api_access]
|
|
plugins.security.system_indices.enabled: true
|
|
plugins.security.system_indices.indices: [.plugins-ml-agent, .plugins-ml-config, .plugins-ml-connector,
|
|
.plugins-ml-controller, .plugins-ml-model-group, .plugins-ml-model, .plugins-ml-task,
|
|
.plugins-ml-conversation-meta, .plugins-ml-conversation-interactions, .plugins-ml-memory-meta,
|
|
.plugins-ml-memory-message, .plugins-ml-stop-words, .opendistro-alerting-config,
|
|
.opendistro-alerting-alert*, .opendistro-anomaly-results*, .opendistro-anomaly-detector*,
|
|
.opendistro-anomaly-checkpoints, .opendistro-anomaly-detection-state, .opendistro-reports-*,
|
|
.opensearch-notifications-*, .opensearch-notebooks, .opensearch-observability, .ql-datasources,
|
|
.opendistro-asynchronous-search-response*, .replication-metadata-store, .opensearch-knn-models,
|
|
.geospatial-ip2geo-data*, .plugins-flow-framework-config, .plugins-flow-framework-templates,
|
|
.plugins-flow-framework-state, .plugins-search-relevance-experiment, .plugins-search-relevance-judgment-cache]
|
|
node.max_local_storage_nodes: 3
|
|
######## End OpenSearch Security Demo Configuration ########
|