1 # Copyright © 2018 Amdocs, Bell Canada, AT&T
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
7 # http://www.apache.org/licenses/LICENSE-2.0
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
16 ##################### Elasticsearch Configuration Example #####################
18 # This file contains an overview of various configuration settings,
19 # targeted at operations staff. Application developers should
20 # consult the guide at <http://elasticsearch.org/guide>.
22 # The installation procedure is covered at
23 # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup.html>.
25 # Elasticsearch comes with reasonable defaults for most settings,
26 # so you can try it out without bothering with configuration.
28 # Most of the time, these defaults are just fine for running a production
29 # cluster. If you're fine-tuning your cluster, or wondering about the
30 # effect of certain configuration option, please _do ask_ on the
31 # mailing list or IRC channel [http://elasticsearch.org/community].
33 # Any element in the configuration can be replaced with environment variables
34 # by placing them in ${...} notation. For example:
36 # node.rack: ${RACK_ENV_VAR}
38 # For information on supported formats and syntax for the config file, see
39 # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup-configuration.html>
40 ################################### Cluster ###################################
42 # Cluster name identifies your cluster for auto-discovery. If you're running
43 # multiple clusters on the same network, make sure you're using unique names.
45 # cluster.name: elasticsearch
49 #################################### Node #####################################
56 # Use the Cluster Health API [http://localhost:9200/_cluster/health], the
57 # Node Info API [http://localhost:9200/_nodes] or GUI tools
58 # such as <http://www.elasticsearch.org/overview/marvel/>,
59 # <http://github.com/karmi/elasticsearch-paramedic>,
60 # <http://github.com/lukas-vlcek/bigdesk> and
61 # <http://mobz.github.com/elasticsearch-head> to inspect the cluster state.
63 # By default, multiple nodes are allowed to start from the same installation location
64 # to disable it, set the following:
66 node.max_local_storage_nodes: 1
69 #################################### Index ####################################
70 # You can set a number of options (such as shard/replica options, mapping
71 # or analyzer definitions, translog settings, ...) for indices globally,
74 # Note, that it makes more sense to configure index settings specifically for
75 # a certain index, either when creating it or by using the index templates API.
77 # See <http://elasticsearch.org/guide/en/elasticsearch/reference/current/index-modules.html> and
78 # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/indices-create-index.html>
79 # for more information.
81 # Set the number of shards (splits) of an index (5 by default):
83 index.number_of_shards: 5
85 # Set the number of replicas (additional copies) of an index (1 by default):
87 index.number_of_replicas: 1
89 # These settings directly affect the performance of index and search operations
90 # in your cluster. Assuming you have enough machines to hold shards and
91 # replicas, the rule of thumb is:
93 # 1. Having more *shards* enhances the _indexing_ performance and allows to
94 # _distribute_ a big index across machines.
95 # 2. Having more *replicas* enhances the _search_ performance and improves the
96 # cluster _availability_.
98 # The "number_of_shards" is a one-time setting for an index.
100 # The "number_of_replicas" can be increased or decreased anytime,
101 # by using the Index Update Settings API.
103 # Elasticsearch takes care about load balancing, relocating, gathering the
104 # results from nodes, etc. Experiment with different settings to fine-tune
107 # Use the Index Status API (<http://localhost:9200/A/_status>) to inspect
111 #################################### Paths ####################################
113 # Path to directory containing configuration (this file and logging.yml):
114 #path.conf: /opt/app/elasticsearch/config
116 # Path to directory where to store index data allocated for this node.
117 # Use swm auto link to redirect the data directory if necessary.
119 #path.data: /opt/app/elasticsearch/data
121 # path.data: /path/to/data1,/path/to/data2
123 # path.work: /path/to/work
125 #path.logs: /opt/app/elasticsearch/logs
127 #path.plugins: /opt/app/elasticsearch/plugins
130 #################################### Plugin ###################################
132 # If a plugin listed here is not installed for current node, the node will not start.
134 # plugin.mandatory: mapper-attachments,lang-groovy
137 ################################### Memory ####################################
139 # Elasticsearch performs poorly when JVM starts swapping: you should ensure that
142 # Set this property to true to lock the memory: default is true
144 bootstrap.mlockall: true
146 # Make sure that the ES_MIN_MEM and ES_MAX_MEM environment variables are set
147 # to the same value, and that the machine has enough memory to allocate
148 # for Elasticsearch, leaving enough memory for the operating system itself.
150 # You should also make sure that the Elasticsearch process is allowed to lock
151 # the memory, eg. by using `ulimit -l unlimited`.
154 ############################## Network And HTTP ###############################
155 # Elasticsearch, by default, binds itself to the 0.0.0.0 address, and listens
156 # on port [9200-9300] for HTTP traffic and on port [9300-9400] for node-to-node
157 # communication. (the range means that if the port is busy, it will automatically
158 # try the next port).
160 # Set the bind address specifically (IPv4 or IPv6):
161 network.bind_host: 0.0.0.0
163 # Set the address other nodes will use to communicate with this node. If not
164 # set, it is automatically derived. It must point to an actual IP address.
166 # network.publish_host: 0.0.0.0
168 # Set both 'bind_host' and 'publish_host':
169 # network.host: 192.168.0.1
172 # Set a custom port for the node to node communication (9300 by default):
173 transport.tcp.port: {{ .Values.config.tcpPort }}
175 # Enable compression for all communication between nodes (disabled by default):
176 transport.tcp.compress: false
178 # Set a custom port to listen for HTTP traffic:
180 http.port: {{ .Values.service.internalPort }}
182 # Set a custom allowed content length:
183 # http.max_content_length: 100mb
184 http.max_content_length: 100mb
186 # Disable HTTP completely:
187 # http.enabled: false
190 # This is specifically useful for permitting which front end Kibana Url's are permitted to access elastic search.
191 http.cors.enabled: false
192 http.cors.allow-origin: "/.*/"
193 http.cors.allow-headers: X-Requested-With, Content-Type, Content-Length
194 http.cors.allow-credentials: false
195 ################################### Gateway ###################################
197 # The gateway allows for persisting the cluster state between full cluster
198 # restarts. Every change to the state (such as adding an index) will be stored
199 # in the gateway, and when the cluster starts up for the first time,
200 # it will read its state from the gateway.
201 # There are several types of gateway implementations. For more information, see
202 # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-gateway.html>.
204 # The default gateway type is the "local" gateway (recommended):
209 # Settings below control how and when to start the initial recovery process on
210 # a full cluster restart (to reuse as much local data as possible when using shared
213 # Allow recovery process after N nodes in a cluster are up:
215 # gateway.recover_after_nodes: 1
216 gateway.recover_after_nodes: 1
218 # Set the timeout to initiate the recovery process, once the N nodes
219 # from previous setting are up (accepts time value):
221 #gateway.recover_after_time: 5m
222 gateway.recover_after_time: 5m
224 # Set how many nodes are expected in this cluster. Once these N nodes
225 # are up (and recover_after_nodes is met), begin recovery process immediately
226 # (without waiting for recover_after_time to expire):
228 # gateway.expected_nodes: 2
229 gateway.expected_nodes: 2
231 ############################# Recovery Throttling #############################
233 # These settings allow to control the process of shards allocation between
234 # nodes during initial recovery, replica allocation, rebalancing,
235 # or when adding and removing nodes.
237 # Set the number of concurrent recoveries happening on a node:
239 # 1. During the initial recovery
241 # cluster.routing.allocation.node_initial_primaries_recoveries: 4
243 # 2. During adding/removing nodes, rebalancing, etc
245 # cluster.routing.allocation.node_concurrent_recoveries: 2
247 # Set to throttle throughput when recovering (eg. 100mb, by default 20mb):
248 # indices.recovery.max_bytes_per_sec: 20mb
249 indices.recovery.max_bytes_per_sec: 20mb
251 # Set to limit the number of open concurrent streams when
252 # recovering a shard from a peer:
254 # indices.recovery.concurrent_streams: 5
255 indices.recovery.concurrent_streams: 5
257 ################################## Discovery ##################################
259 # Discovery infrastructure ensures nodes can be found within a cluster
260 # and master node is elected. Multicast discovery is the default.
262 # Set to ensure a node sees N other master eligible nodes to be considered
263 # operational within the cluster. Its recommended to set it to a higher value
264 # than 1 when running more than 2 nodes in the cluster.
266 discovery.zen.minimum_master_nodes: 1
268 # Set the time to wait for ping responses from other nodes when discovering.
269 # Set this option to a higher value on a slow or congested network
270 # to minimize discovery failures:
272 # discovery.zen.ping.timeout: 3s
273 discovery.zen.ping.timeout:
275 # For more information, see
276 # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-zen.html>
278 # Unicast discovery allows to explicitly control which nodes will be used
279 # to discover the cluster. It can be used when multicast is not present,
280 # or to restrict the cluster communication-wise.
282 # 1. Disable multicast discovery (enabled by default):
283 # discovery.zen.ping.multicast.enabled: false
284 discovery.zen.ping.multicast.enabled: false
287 # 2. Configure an initial list of master nodes in the cluster
288 # to perform discovery when new nodes (master or data) are started:
290 # discovery.zen.ping.unicast.hosts: ["host1", "host2:port"]
291 discovery.zen.ping.unicast.hosts: ["0.0.0.0"]
293 # EC2 discovery allows to use AWS EC2 API in order to perform discovery.
295 # You have to install the cloud-aws plugin for enabling the EC2 discovery.
297 # For more information, see
298 # <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-ec2.html>
301 # See <http://elasticsearch.org/tutorials/elasticsearch-on-ec2/>
302 # for a step-by-step tutorial.
304 # GCE discovery allows to use Google Compute Engine API in order to perform discovery.
306 # You have to install the cloud-gce plugin for enabling the GCE discovery.
308 # For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-gce>.
310 # Azure discovery allows to use Azure API in order to perform discovery.
312 # You have to install the cloud-azure plugin for enabling the Azure discovery.
314 # For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-azure>.
316 ################################## Slow Log ##################################
318 # Shard level query and fetch threshold logging.
320 #index.search.slowlog.threshold.query.warn: 10s
321 #index.search.slowlog.threshold.query.info: 5s
322 #index.search.slowlog.threshold.query.debug: 2s
323 #index.search.slowlog.threshold.query.trace: 500ms
325 #index.search.slowlog.threshold.fetch.warn: 1s
326 #index.search.slowlog.threshold.fetch.info: 800ms
327 #index.search.slowlog.threshold.fetch.debug: 500ms
328 #index.search.slowlog.threshold.fetch.trace: 200ms
330 #index.indexing.slowlog.threshold.index.warn: 10s
331 #index.indexing.slowlog.threshold.index.info: 5s
332 #index.indexing.slowlog.threshold.index.debug: 2s
333 #index.indexing.slowlog.threshold.index.trace: 500ms
335 ################################## GC Logging ################################
337 #monitor.jvm.gc.young.warn: 1000ms
338 #monitor.jvm.gc.young.info: 700ms
339 #monitor.jvm.gc.young.debug: 400ms
341 #monitor.jvm.gc.old.warn: 10s
342 #monitor.jvm.gc.old.info: 5s
343 #monitor.jvm.gc.old.debug: 2s
345 #############################################################################################
346 ### SEARCH GUARD SSL #
348 ###############################################################################################
349 ## Uncomment all lines below prefixed with #X# (globally remove #X#) for searchguard
351 ###############################################################################################
352 ### Transport layer SSL #
354 ###############################################################################################
355 ### Enable or disable node-to-node ssl encryption (default: true)
356 #X#searchguard.ssl.transport.enable_openssl_if_available: true
357 #X#searchguard.ssl.transport.enabled: true
358 ### JKS or PKCS12 (default: JKS)
359 #X#searchguard.ssl.transport.keystore_type: JKS
360 ### Relative path to the keystore file (mandatory, this stores the server certificates), must be placed under the config/ dir
361 #X#searchguard.ssl.transport.keystore_filepath: /some/path
362 ### Alias name (default: first alias which could be found)
363 ###searchguard.ssl.transport.keystore_alias: localhost
364 ### Keystore password (default: changeit)
365 #X#searchguard.ssl.transport.keystore_password: changeit
367 ### JKS or PKCS12 (default: JKS)
368 #X#searchguard.ssl.transport.truststore_type: JKS
369 ### Relative path to the truststore file (mandatory, this stores the client/root certificates), must be placed under the config/ dir
370 #X#searchguard.ssl.transport.truststore_filepath: truststore.jks
371 ### Alias name (default: first alias which could be found)
372 ###searchguard.ssl.transport.truststore_alias: my_alias
373 ### Truststore password (default: changeit)
374 #X#searchguard.ssl.transport.truststore_password: changeit
375 ### Enforce hostname verification (default: true)
376 ###searchguard.ssl.transport.enforce_hostname_verification: true
377 ### If hostname verification specify if hostname should be resolved (default: true)
378 ###searchguard.ssl.transport.resolve_hostname: true
379 ### Use native Open SSL instead of JDK SSL if available (default: true)
380 ###searchguard.ssl.transport.enable_openssl_if_available: false
382 ###############################################################################################
383 ### HTTP/REST layer SSL #
385 ###############################################################################################
386 ### Enable or disable rest layer security - https, (default: false)
387 #X#searchguard.ssl.http.enable_openssl_if_available: true
388 #X#searchguard.ssl.http.enabled: true
389 ### JKS or PKCS12 (default: JKS)
390 #X#searchguard.ssl.http.keystore_type: JKS
391 ### Relative path to the keystore file (this stores the server certificates), must be placed under the config/ dir
392 #X#searchguard.ssl.http.keystore_filepath: /keystore/path
393 ### Alias name (default: first alias which could be found)
394 ###searchguard.ssl.http.keystore_alias: my_alias
395 ### Keystore password (default: changeit)
396 #X#searchguard.ssl.http.keystore_password: changeit
397 ### Do the clients (typically the browser or the proxy) have to authenticate themself to the http server, default is OPTIONAL
398 ### To enforce authentication use REQUIRE, to completely disable client certificates use NONE
399 ###searchguard.ssl.http.clientauth_mode: REQUIRE
400 ### JKS or PKCS12 (default: JKS)
401 #X#searchguard.ssl.http.truststore_type: JKS
402 ### Relative path to the truststore file (this stores the client certificates), must be placed under the config/ dir
403 #X#searchguard.ssl.http.truststore_filepath: truststore.jks
404 ### Alias name (default: first alias which could be found)
405 ###searchguard.ssl.http.truststore_alias: my_alias
406 ### Truststore password (default: changeit)
407 #X#searchguard.ssl.http.truststore_password: changeit
408 ### Use native Open SSL instead of JDK SSL if available (default: true)
409 ###searchguard.ssl.http.enable_openssl_if_available: false
411 #####################################################
412 ##### Security manager - Searchguard Configuration
413 #####################################################
414 #X#security.manager.enabled: false
415 #X#searchguard.authcz.admin_dn: