---------------------------------- Cluster -----------------------------------
Use a descriptive name for your cluster:
cluster.name: esdl-cluster
------------------------------------ Node ------------------------------------
Use a descriptive name for the node:
node.name: esdl-cluster_manager
node.roles: [ cluster_manager ]
#node.master: true
#node.data: false
#node.ingest: false
Add custom attributes to the node:
#node.attr.rack: r1
----------------------------------- Paths ------------------------------------
Path to directory where to store the data (separate multiple locations by comma):
path.data: /var/lib/opensearch
Path to log files:
path.logs: /var/log/opensearch
----------------------------------- Memory -----------------------------------
Lock the memory on startup:
#bootstrap.memory_lock: true
Make sure that the heap size is set to about half the memory available
on the system and that the owner of the process is allowed to use this
limit.
OpenSearch performs poorly when the system is swapping the memory.
---------------------------------- Network -----------------------------------
Set the bind address to a specific IP (IPv4 or IPv6):
#network.host: 0.0.0.0
network.bind_host: 0.0.0.0
#transport.host: 0.0.0.0
Set a custom port for HTTP:
http.port: 9200
For more information, consult the network module documentation.
--------------------------------- Discovery ----------------------------------
Pass an initial list of hosts to perform discovery when this node is started:
The default list of hosts is [“127.0.0.1”, “[::1]”]
discovery.seed_hosts: [“10.2.6.80”, “10.2.5.198”, “10.2.4.140”]
Bootstrap the cluster using an initial set of cluster-manager-eligible nodes:
cluster.initial_cluster_manager_nodes: [“esdl-cluster_manager”, “esdl-worker1”, “esdl-worker2”]
For more information, consult the discovery and cluster formation module documentation.
---------------------------------- Gateway -----------------------------------
Block initial recovery after a full cluster restart until N nodes are started:
#gateway.recover_after_nodes: 3
For more information, consult the gateway module documentation.
---------------------------------- Various -----------------------------------
Require explicit names when deleting indices:
#action.destructive_requires_name: true
---------------------------------- Remote Store -----------------------------------
Controls whether cluster imposes index creation only with remote store enabled
cluster.remote_store.enabled: true
Repository to use for segment upload while enforcing remote store for an index
node.attr.remote_store.segment.repository: my-repo-1
Repository to use for translog upload while enforcing remote store for an index
node.attr.remote_store.translog.repository: my-repo-1
---------------------------------- Experimental Features -----------------------------------
Gates the visibility of the experimental segment replication features until they are production ready.
OpenSearch.experimental.feature.segment_replication_experimental.enabled: false
Gates the functionality of a new parameter to the snapshot restore API
that allows for creation of a new index type that searches a snapshot
directly in a remote repository without restoring all index data to disk
ahead of time.
OpenSearch.experimental.feature.searchable_snapshot.enabled: false
Gates the functionality of enabling extensions to work with OpenSearch.
This feature enables applications to extend features of OpenSearch outside of
the core.
OpenSearch.experimental.feature.extensions.enabled: false
Gates the concurrent segment search feature. This feature enables concurrent segment search in a separate
index searcher threadpool.
OpenSearch.experimental.feature.concurrent_segment_search.enabled: false
######## Start OpenSearch Security Demo Configuration ########
WARNING: revise all the lines below before you go into production
plugins.security.ssl.transport.pemcert_filepath: node1.pem
plugins.security.ssl.transport.pemkey_filepath: node1-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: node1.pem
plugins.security.ssl.http.pemkey_filepath: node1-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: root-ca.pem
plugins.security.allow_unsafe_democertificates: true
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn:
- CN=A,OU=IT,O=ORG,L=SINGAPORE,ST=SINGAPORE,C=SG
# - CN=esdl-cluster,OU=IT,O=ORG,L=SINGAPORE, C=SG
plugins.security.nodes_dn:
- CN=sin-os-1,OU=IT,O=ORG,L=SINGAPORE, C=SG
- CN=sin-os-2,OU=IT,O=ORG,L=SINGAPORE, C=SG
- CN=sin-os-3,OU=IT,O=ORG,L=SINGAPORE, C=SG
plugins.security.disabled: false
plugins.security.audit.type: internal_opensearch
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.restapi.roles_enabled: [“all_access”, “security_rest_api_access”]
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [“.plugins-ml-config”, “.plugins-ml-connector”, “.plugins-ml-model-group”, “.plugins-ml-model”, “.plugins-ml-task”, “.plugins-ml-conversation-meta”, “.plugins-ml-conversation-interactions”, “.opendistro-alerting-config”, “.opendistro-alerting-alert*”, “.opendistro-anomaly-results*”, “.opendistro-anomaly-detector*”, “.opendistro-anomaly-checkpoints”, “.opendistro-anomaly-detection-state”, “.opendistro-reports-", ".opensearch-notifications-”, “.opensearch-notebooks”, “.opensearch-observability”, “.ql-datasources”, “.opendistro-asynchronous-search-response*”, “.replication-metadata-store”, “.opensearch-knn-models”, “.geospatial-ip2geo-data*”]
#node.max_local_storage_nodes: 3
