diff options
| author | ewolinetz <ewolinet@redhat.com> | 2017-01-13 16:37:27 -0600 |
|---|---|---|
| committer | ewolinetz <ewolinet@redhat.com> | 2017-01-13 16:37:27 -0600 |
| commit | 9cf70bb6991df874350ea0f5c97da26bb6757edb (patch) | |
| tree | ce174fcb9e497d67168047fb43cd7b3fe738f92f /roles/openshift_logging/templates | |
| parent | 054c2a9f169c5547458a4e168855aeb4812b5797 (diff) | |
| download | openshift-9cf70bb6991df874350ea0f5c97da26bb6757edb.tar.gz openshift-9cf70bb6991df874350ea0f5c97da26bb6757edb.tar.bz2 openshift-9cf70bb6991df874350ea0f5c97da26bb6757edb.tar.xz openshift-9cf70bb6991df874350ea0f5c97da26bb6757edb.zip | |
additional comments addressed
Diffstat (limited to 'roles/openshift_logging/templates')
| -rw-r--r-- | roles/openshift_logging/templates/elasticsearch.yml.j2 | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/roles/openshift_logging/templates/elasticsearch.yml.j2 b/roles/openshift_logging/templates/elasticsearch.yml.j2 new file mode 100644 index 000000000..dad78b844 --- /dev/null +++ b/roles/openshift_logging/templates/elasticsearch.yml.j2 @@ -0,0 +1,75 @@ +cluster: + name: ${CLUSTER_NAME} + +script: + inline: on + indexed: on + +index: + number_of_shards: 1 + number_of_replicas: 0 + auto_expand_replicas: 0-3 + unassigned.node_left.delayed_timeout: 2m + translog: + flush_threshold_size: 256mb + flush_threshold_period: 5m + +node: + master: true + data: true + +network: + host: 0.0.0.0 + +cloud: + kubernetes: + service: ${SERVICE_DNS} + namespace: ${NAMESPACE} + +discovery: + type: kubernetes + zen.ping.multicast.enabled: false + +gateway: + expected_master_nodes: ${NODE_QUORUM} + recover_after_nodes: ${RECOVER_AFTER_NODES} + expected_nodes: ${RECOVER_EXPECTED_NODES} + recover_after_time: ${RECOVER_AFTER_TIME} + +io.fabric8.elasticsearch.authentication.users: ["system.logging.kibana", "system.logging.fluentd", "system.logging.curator", "system.admin"] + +openshift.searchguard: + keystore.path: /etc/elasticsearch/secret/admin.jks + truststore.path: /etc/elasticsearch/secret/searchguard.truststore + +openshift.operations.allow_cluster_reader: {{allow_cluster_reader | default ('false')}} + +path: + data: /elasticsearch/persistent/${CLUSTER_NAME}/data + logs: /elasticsearch/${CLUSTER_NAME}/logs + work: /elasticsearch/${CLUSTER_NAME}/work + scripts: /elasticsearch/${CLUSTER_NAME}/scripts + +searchguard: + authcz.admin_dn: + - CN=system.admin,OU=OpenShift,O=Logging + config_index_name: ".searchguard.${HOSTNAME}" + ssl: + transport: + enabled: true + enforce_hostname_verification: false + keystore_type: JKS + keystore_filepath: /etc/elasticsearch/secret/searchguard.key + keystore_password: kspass + truststore_type: JKS + truststore_filepath: /etc/elasticsearch/secret/searchguard.truststore + truststore_password: tspass + http: + enabled: true + keystore_type: JKS + keystore_filepath: /etc/elasticsearch/secret/key + keystore_password: kspass + clientauth_mode: OPTIONAL + truststore_type: JKS + truststore_filepath: /etc/elasticsearch/secret/truststore + truststore_password: tspass |