--- # ======================== Elasticsearch Configuration ========================= # # NOTE: Elasticsearch comes with reasonable defaults for most settings. # Before you set out to tweak and tune the configuration, make sure you # understand what are you trying to accomplish and the consequences. # # The primary way of configuring a node is via this file. This template lists # the most important settings you may want to configure for a production cluster. # # Please consult the documentation for further information on configuration options: # https://www.elastic.co/guide/en/elasticsearch/reference/index.html # # ---------------------------------- Cluster ----------------------------------- # # Use a descriptive name for your cluster: # cluster: name: {{ cloud_name | default('elasticsearch') }}.{{ cloud_stage }} # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # node: name: {{ ansible_hostname }} # # Add custom attributes to the node: # #node.attr.rack: r1 # # ----------------------------------- Paths ------------------------------------ # # Path to directory where to store the data (separate multiple locations by comma): # path: data: {{ elastic_data_location }} logs: {{ elastic_logs_location }} # # ----------------------------------- Memory ----------------------------------- # # Lock the memory on startup: # #bootstrap.memory_lock: true # # Make sure that the heap size is set to about half the memory available # on the system and that the owner of the process is allowed to use this # limit. # # Elasticsearch performs poorly when the system is swapping the memory. # # ---------------------------------- Network ----------------------------------- # # By default Elasticsearch is only accessible on localhost. Set a different # address here to expose this node on the network: # network: host: {{ ansible_default_ipv4.address }} # # By default Elasticsearch listens for HTTP traffic on the first free port it # finds starting at 9200. Set a specific HTTP port here: # http: port: 9200 # Allow HTTP API connections from anywhere # Connections are encrypted and require user authentication host: 0.0.0.0 # # For more information, consult the network module documentation. # # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when this node is started: # The default list of hosts is ["127.0.0.1", "[::1]"] # discovery: seed_hosts: {%- for node in ansible_hostname.split('-')[:-1] | join('-') | split('\n') | product(range(size)) | map('join', '-') %} - {{ node }}.hnw {% endfor -%} # # Bootstrap the cluster using an initial set of master-eligible nodes: # cluster: initial_master_nodes: {%- for node in ansible_hostname.split('-')[:-1] | join('-') | split('\n') | product(range(size)) | map('join', '-') %} - {{ node }} {% endfor %} # # For more information, consult the discovery and cluster formation module documentation. # # ---------------------------------- Various ----------------------------------- # # Allow wildcard deletion of indices: # #action.destructive_requires_name: false #----------------------- BEGIN SECURITY AUTO CONFIGURATION ----------------------- # # The following settings, TLS certificates, and keys have been automatically # generated to configure Elasticsearch security features on 03-02-2025 20:51:51 # # -------------------------------------------------------------------------------- # Enable security features xpack: security: enabled: true enrollment: enabled: true # Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents http: ssl: enabled: true keystore: path: certs/http.p12 # Enable encryption and mutual authentication between cluster nodes transport: ssl: enabled: true verification_mode: certificate keystore: path: certs/transport.p12 truststore: path: certs/transport.p12 # Create a new cluster with the current node only # Additional nodes can still join the cluster later cluster: name: {{ cloud_name | default('elasticsearch') }}.{{ cloud_stage }} initial_master_nodes: {%- for node in ansible_hostname.split('-')[:-1] | join('-') | split('\n') | product(range(size)) | map('join', '-') %} - {{ node }} {% endfor %} # Allow other nodes to join the cluster from anywhere # Connections are encrypted and mutually authenticated #transport.host: 0.0.0.0 #----------------------- END SECURITY AUTO CONFIGURATION -------------------------