140 lines
4.7 KiB
Django/Jinja
140 lines
4.7 KiB
Django/Jinja
---
|
|
# ======================== Elasticsearch Configuration =========================
|
|
#
|
|
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
|
|
# Before you set out to tweak and tune the configuration, make sure you
|
|
# understand what are you trying to accomplish and the consequences.
|
|
#
|
|
# The primary way of configuring a node is via this file. This template lists
|
|
# the most important settings you may want to configure for a production cluster.
|
|
#
|
|
# Please consult the documentation for further information on configuration options:
|
|
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
|
|
#
|
|
# ---------------------------------- Cluster -----------------------------------
|
|
#
|
|
# Use a descriptive name for your cluster:
|
|
#
|
|
cluster:
|
|
name: {{ cloud_name | default('elasticsearch') }}.{{ cloud_stage }}
|
|
#
|
|
# ------------------------------------ Node ------------------------------------
|
|
#
|
|
# Use a descriptive name for the node:
|
|
#
|
|
node:
|
|
name: {{ ansible_hostname }}
|
|
#
|
|
# Add custom attributes to the node:
|
|
#
|
|
#node.attr.rack: r1
|
|
#
|
|
# ----------------------------------- Paths ------------------------------------
|
|
#
|
|
# Path to directory where to store the data (separate multiple locations by comma):
|
|
#
|
|
path:
|
|
data: {{ elastic_data_location }}
|
|
logs: {{ elastic_logs_location }}
|
|
#
|
|
# ----------------------------------- Memory -----------------------------------
|
|
#
|
|
# Lock the memory on startup:
|
|
#
|
|
#bootstrap.memory_lock: true
|
|
#
|
|
# Make sure that the heap size is set to about half the memory available
|
|
# on the system and that the owner of the process is allowed to use this
|
|
# limit.
|
|
#
|
|
# Elasticsearch performs poorly when the system is swapping the memory.
|
|
#
|
|
# ---------------------------------- Network -----------------------------------
|
|
#
|
|
# By default Elasticsearch is only accessible on localhost. Set a different
|
|
# address here to expose this node on the network:
|
|
#
|
|
network:
|
|
host: {{ ansible_default_ipv4.address }}
|
|
#
|
|
# By default Elasticsearch listens for HTTP traffic on the first free port it
|
|
# finds starting at 9200. Set a specific HTTP port here:
|
|
#
|
|
http:
|
|
port: 9200
|
|
# Allow HTTP API connections from anywhere
|
|
# Connections are encrypted and require user authentication
|
|
host: 0.0.0.0
|
|
#
|
|
# For more information, consult the network module documentation.
|
|
#
|
|
# --------------------------------- Discovery ----------------------------------
|
|
#
|
|
# Pass an initial list of hosts to perform discovery when this node is started:
|
|
# The default list of hosts is ["127.0.0.1", "[::1]"]
|
|
#
|
|
discovery:
|
|
seed_hosts:
|
|
{%- for node in ansible_hostname.split('-')[:-1] | join('-') | split('\n') | product(range(size)) | map('join', '-') %}
|
|
- {{ node }}.hnw
|
|
{% endfor -%}
|
|
#
|
|
# Bootstrap the cluster using an initial set of master-eligible nodes:
|
|
#
|
|
cluster:
|
|
initial_master_nodes:
|
|
{%- for node in ansible_hostname.split('-')[:-1] | join('-') | split('\n') | product(range(size)) | map('join', '-') %}
|
|
- {{ node }}
|
|
{% endfor %}
|
|
#
|
|
# For more information, consult the discovery and cluster formation module documentation.
|
|
#
|
|
# ---------------------------------- Various -----------------------------------
|
|
#
|
|
# Allow wildcard deletion of indices:
|
|
#
|
|
#action.destructive_requires_name: false
|
|
|
|
#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
|
|
#
|
|
# The following settings, TLS certificates, and keys have been automatically
|
|
# generated to configure Elasticsearch security features on 03-02-2025 20:51:51
|
|
#
|
|
# --------------------------------------------------------------------------------
|
|
|
|
# Enable security features
|
|
xpack:
|
|
security:
|
|
enabled: true
|
|
enrollment:
|
|
enabled: true
|
|
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
|
|
http:
|
|
ssl:
|
|
enabled: true
|
|
keystore:
|
|
path: certs/http.p12
|
|
|
|
# Enable encryption and mutual authentication between cluster nodes
|
|
transport:
|
|
ssl:
|
|
enabled: true
|
|
verification_mode: certificate
|
|
keystore:
|
|
path: certs/transport.p12
|
|
truststore:
|
|
path: certs/transport.p12
|
|
# Create a new cluster with the current node only
|
|
# Additional nodes can still join the cluster later
|
|
cluster:
|
|
name: {{ cloud_name | default('elasticsearch') }}.{{ cloud_stage }}
|
|
initial_master_nodes:
|
|
{%- for node in ansible_hostname.split('-')[:-1] | join('-') | split('\n') | product(range(size)) | map('join', '-') %}
|
|
- {{ node }}
|
|
{% endfor %}
|
|
|
|
# Allow other nodes to join the cluster from anywhere
|
|
# Connections are encrypted and mutually authenticated
|
|
#transport.host: 0.0.0.0
|
|
|
|
#----------------------- END SECURITY AUTO CONFIGURATION ------------------------- |