summaryrefslogtreecommitdiffstats
path: root/kubernetes/aai/charts/aai-elasticsearch/resources/config/elasticsearch.yml
diff options
context:
space:
mode:
authorEdwin Lawrance <Edwin.Lawrance@amdocs.com>2019-03-05 10:30:33 +0000
committerEdwin Lawrance <Edwin.Lawrance@amdocs.com>2019-03-05 14:55:20 +0000
commita1dd587d6a5204030bc266d371e6ec9fa7c95d7b (patch)
tree8840b7b88601ef13ea879235ec7afac51d8b2e16 /kubernetes/aai/charts/aai-elasticsearch/resources/config/elasticsearch.yml
parent827c5c38d3065e469e2a9605df5b3d114ef87ba8 (diff)
Add Searchguard OOM config to ElasticSearch
Change-Id: I3c4d0c82882b2f064a6ad3610c0f699d8af50632 Issue-ID: AAI-2203 Signed-off-by: Edwin Lawrance <Edwin.Lawrance@amdocs.com>
Diffstat (limited to 'kubernetes/aai/charts/aai-elasticsearch/resources/config/elasticsearch.yml')
-rw-r--r--kubernetes/aai/charts/aai-elasticsearch/resources/config/elasticsearch.yml96
1 files changed, 24 insertions, 72 deletions
diff --git a/kubernetes/aai/charts/aai-elasticsearch/resources/config/elasticsearch.yml b/kubernetes/aai/charts/aai-elasticsearch/resources/config/elasticsearch.yml
index 24b3c5aefc..87536e3faa 100644
--- a/kubernetes/aai/charts/aai-elasticsearch/resources/config/elasticsearch.yml
+++ b/kubernetes/aai/charts/aai-elasticsearch/resources/config/elasticsearch.yml
@@ -192,7 +192,7 @@ network.bind_host: 0.0.0.0
# Set a custom port for the node to node communication (9300 by default):
-transport.tcp.port: {{ .Values.config.tcpPort }}
+transport.tcp.port: {{ .Values.service.internalPort2 }}
# Enable compression for all communication between nodes (disabled by default):
transport.tcp.compress: false
@@ -368,77 +368,29 @@ discovery.zen.ping.unicast.hosts: ["0.0.0.0"]
### SEARCH GUARD SSL #
### Configuration #
###############################################################################################
-## Uncomment all lines below prefixed with #X# (globally remove #X#) for searchguard
-##
-###############################################################################################
-### Transport layer SSL #
-### #
-###############################################################################################
-### Enable or disable node-to-node ssl encryption (default: true)
-#X#searchguard.ssl.transport.enable_openssl_if_available: true
-#X#searchguard.ssl.transport.enabled: true
-### JKS or PKCS12 (default: JKS)
-#X#searchguard.ssl.transport.keystore_type: JKS
-### Relative path to the keystore file (mandatory, this stores the server certificates), must be placed under the config/ dir
-#X#searchguard.ssl.transport.keystore_filepath: /some/path
-### Alias name (default: first alias which could be found)
-###searchguard.ssl.transport.keystore_alias: localhost
-### Keystore password (default: changeit)
-#X#searchguard.ssl.transport.keystore_password: changeit
-##
-### JKS or PKCS12 (default: JKS)
-#X#searchguard.ssl.transport.truststore_type: JKS
-### Relative path to the truststore file (mandatory, this stores the client/root certificates), must be placed under the config/ dir
-#X#searchguard.ssl.transport.truststore_filepath: truststore.jks
-### Alias name (default: first alias which could be found)
-###searchguard.ssl.transport.truststore_alias: my_alias
-### Truststore password (default: changeit)
-#X#searchguard.ssl.transport.truststore_password: changeit
-### Enforce hostname verification (default: true)
-###searchguard.ssl.transport.enforce_hostname_verification: true
-### If hostname verification specify if hostname should be resolved (default: true)
-###searchguard.ssl.transport.resolve_hostname: true
-### Use native Open SSL instead of JDK SSL if available (default: true)
-###searchguard.ssl.transport.enable_openssl_if_available: false
-##
-###############################################################################################
-### HTTP/REST layer SSL #
-### #
-###############################################################################################
-### Enable or disable rest layer security - https, (default: false)
-#X#searchguard.ssl.http.enable_openssl_if_available: true
-#X#searchguard.ssl.http.enabled: true
-### JKS or PKCS12 (default: JKS)
-#X#searchguard.ssl.http.keystore_type: JKS
-### Relative path to the keystore file (this stores the server certificates), must be placed under the config/ dir
-#X#searchguard.ssl.http.keystore_filepath: /keystore/path
-### Alias name (default: first alias which could be found)
-###searchguard.ssl.http.keystore_alias: my_alias
-### Keystore password (default: changeit)
-#X#searchguard.ssl.http.keystore_password: changeit
-### Do the clients (typically the browser or the proxy) have to authenticate themself to the http server, default is OPTIONAL
-### To enforce authentication use REQUIRE, to completely disable client certificates use NONE
-###searchguard.ssl.http.clientauth_mode: REQUIRE
-### JKS or PKCS12 (default: JKS)
-#X#searchguard.ssl.http.truststore_type: JKS
-### Relative path to the truststore file (this stores the client certificates), must be placed under the config/ dir
-#X#searchguard.ssl.http.truststore_filepath: truststore.jks
-### Alias name (default: first alias which could be found)
-###searchguard.ssl.http.truststore_alias: my_alias
-### Truststore password (default: changeit)
-#X#searchguard.ssl.http.truststore_password: changeit
-### Use native Open SSL instead of JDK SSL if available (default: true)
-###searchguard.ssl.http.enable_openssl_if_available: false
-
-#####################################################
-##### Security manager - Searchguard Configuration
-#####################################################
-#X#security.manager.enabled: false
-#X#searchguard.authcz.admin_dn:
-
-#####################################################
-##### X-Pack Configuration
-#####################################################
+######## Start Search Guard Demo Configuration ########
+
+searchguard.enterprise_modules_enabled: false
+
+searchguard.ssl.transport.keystore_filepath: sg/auth/{{ .Values.config.nodeKeyStore }}
+searchguard.ssl.transport.keystore_password: {{ .Values.config.nodeKeyStorePassword }}
+searchguard.ssl.transport.truststore_filepath: sg/auth/{{ .Values.config.trustStore }}
+searchguard.ssl.transport.truststore_password: {{ .Values.config.trustStorePassword }}
+searchguard.ssl.transport.enforce_hostname_verification: false
+
+searchguard.ssl.http.enabled: true
+searchguard.ssl.http.keystore_filepath: sg/auth/{{ .Values.config.nodeKeyStore }}
+searchguard.ssl.http.keystore_password: {{ .Values.config.nodeKeyStorePassword }}
+searchguard.ssl.http.truststore_filepath: sg/auth/{{ .Values.config.trustStore }}
+searchguard.ssl.http.truststore_password: {{ .Values.config.trustStorePassword }}
+
+searchguard.nodes_dn:
+ - CN=esaai
+
+searchguard.authcz.admin_dn:
+ - CN=sgadmin
+
+# x-pack security conflicts with searchguard
xpack.security.enabled: false
xpack.ml.enabled: false
xpack.monitoring.enabled: false