CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
cf5c29d01c00089c099ea224a4500a1d9e338809
securityonion/salt/elasticsearch/files/elasticsearch.yml
Mike Reeves cf5c29d01c Change certs path on elstic
2020-08-10 21:30:53 -04:00

40 lines
2.0 KiB
YAML
Raw Blame History

{%- set NODE_ROUTE_TYPE = salt['pillar.get']('elasticsearch:node_route_type', 'hot') %}
{%- if salt['pillar.get']('elasticsearch:hot_warm_enabled') or salt['pillar.get']('elasticsearch:true_cluster') %}
{%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:true_cluster_name', '') %}
{%- else %}
{%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername', '') %}
{%- endif %}
{%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
{% set FEATURES = salt['pillar.get']('elastic:features', False) %}
cluster.name: "{{ ESCLUSTERNAME }}"
network.host: 0.0.0.0
# minimum_master_nodes need to be explicitly set when bound on a public IP
# set to 1 to allow single node clusters
# Details: https://github.com/elastic/elasticsearch/pull/17288
discovery.zen.minimum_master_nodes: 1
# This is a test -- if this is here, then the volume is mounted correctly.
path.logs: /var/log/elasticsearch
action.destructive_requires_name: true
transport.bind_host: 0.0.0.0
transport.publish_host: {{ NODEIP }}
transport.publish_port: 9300
cluster.routing.allocation.disk.threshold_enabled: true
cluster.routing.allocation.disk.watermark.low: 95%
cluster.routing.allocation.disk.watermark.high: 98%
cluster.routing.allocation.disk.watermark.flood_stage: 98%
{%- if FEATURES is sameas true %}
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.key: /usr/share/elasticsearch/ca/elasticsearch.key
xpack.security.http.ssl.certificate: /usr/share/elasticsearch/ca/elasticsearch.crt
xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/ca/ca.crt
xpack.security.transport.ssl.key: /usr/share/elasticsearch/ca/elasticsearch.key
xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/ca/elasticsearch.crt
xpack.security.transport.ssl.certificate_authorities: /usr/share/elasticsearch/ca/ca.crt
{%- endif %}
node.attr.box_type: {{ NODE_ROUTE_TYPE }}
node.name: {{ ESCLUSTERNAME }}
script.max_compilations_rate: 1000/1m
Reference in New Issue View Git Blame Copy Permalink