======================== Elasticsearch Configuration =========================
NOTE: Elasticsearch comes with reasonable defaults for most settings.
Before you set out to tweak and tune the configuration, make sure you
understand what are you trying to accomplish and the consequences.
The primary way of configuring a node is via this file. This template lists
the most important settings you may want to configure for a production cluster.
Please consult the documentation for further information on configuration options:
---------------------------------- Cluster -----------------------------------
Use a descriptive name for your cluster:
cluster.name: test-poc
------------------------------------ Node ------------------------------------
Use a descriptive name for the node:
#node.name: node-1
Add custom attributes to the node:
#node.attr.rack: r1
----------------------------------- Paths ------------------------------------
Path to directory where to store the data (separate multiple locations by comma):
path.data: /elastic/data/open_distro
Path to log files:
path.logs: /elastic/log
----------------------------------- Memory -----------------------------------
Lock the memory on startup:
#bootstrap.memory_lock: true
Make sure that the heap size is set to about half the memory available
on the system and that the owner of the process is allowed to use this
limit.
Elasticsearch performs poorly when the system is swapping the memory.
---------------------------------- Network -----------------------------------
Set the bind address to a specific IP (IPv4 or IPv6):
#network.host: 192.168.0.1
Set a custom port for HTTP:
http.port: 9200
network.bind_host: “0.0.0.0”
transport.tcp.port: 9300
network.host: “0.0.0.0”
transport.host: “es-poc-md1.xxxxxxx.com”
For more information, consult the network module documentation.
--------------------------------- Discovery ----------------------------------
Pass an initial list of hosts to perform discovery when this node is started:
The default list of hosts is [“127.0.0.1”, “[::1]”]
discovery.seed_hosts: [“es-poc-md3.xxxxxxx.com”, “es-poc-md1.xxxxxxx.com”, “es-poc-md2.xxxxxxx.com”]
Bootstrap the cluster using an initial set of master-eligible nodes:
cluster.initial_master_nodes: [“es-poc-md3.xxxxxxx.com”, “es-poc-md1.xxxxxxx.com”, “es-poc-md2.xxxxxxx.com”]
For more information, consult the discovery and cluster formation module documentation.
---------------------------------- Gateway -----------------------------------
Block initial recovery after a full cluster restart until N nodes are started:
#gateway.recover_after_nodes: 3
For more information, consult the gateway module documentation.
---------------------------------- Various -----------------------------------
Require explicit names when deleting indices:
#action.destructive_requires_name: true
######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
WARNING: revise all the lines below before you go into production
opendistro_security.ssl.transport.pemcert_filepath: node.pem
opendistro_security.ssl.transport.pemkey_filepath: node-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.transport.resolve_hostname: false
opendistro_security.ssl.http.enabled: false
#opendistro_security.ssl.http.pemcert_filepath: servercer.pem
#opendistro_security.ssl.http.pemkey_filepath: wildcard.key.pem
#opendistro_security.ssl.http.pemtrustedcas_filepath: ca.pem
opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:
- cn=svc.elastic,ou=Generic,ou=serviceaccounts,ou=Corp,ou=Common,DC=xxxxxxx,DC=com
- 'CN=ADMIN,OU=IT,O=xxxxxxx\, Inc.,L=Palo Alto,ST=California,C=US'
opendistro_security.nodes_dn:
- ‘CN=*.xxxxxxx.com,OU=IT,O=xxxxxxx, Inc.,L=Palo Alto,ST=California,C=US’
- ‘CN=es-poc-md2.xxxxxxx.com,OU=IT,O=xxxxxxx, Inc.,L=Palo Alto,ST=California,C=US’
- ‘CN=es-poc-md3.xxxxxxx.com,OU=IT,O=xxxxxxx, Inc.,L=Palo Alto,ST=California,C=US’
#opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: [“all_access”, “security_rest_api_access”]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
opendistro_security.audit.type: debug
opendistro_security.audit.config.log4j.logger_name: audit
opendistro_security.audit.config.log4j.level: DEBUG