debops.opensearch default variables

General

opensearch__version

The OpenSearch version to install.

opensearch__version: '2.2.0'
opensearch__tarball

The name of the OpenSearch release tarball.

opensearch__tarball: 'opensearch-{{ opensearch__version }}-linux-x64.tar.gz'
opensearch__installation_directory

The directory where the OpenSearch release tarball should be extracted.

opensearch__installation_directory: '/usr/local/share/opensearch'
opensearch__user

Name of the UNIX user account used by OpenSearch.

opensearch__user: 'opensearch'
opensearch__group

Name of the UNIX primary group used by OpenSearch.

opensearch__group: 'opensearch'

Firewall configuration

opensearch__allow_http

List of IP addresses or CIDR subnets that can connect to the OpenSearch HTTP service. This does not need to be set to allow the nodes to communicate. If this list is empty, nobody can connect to the HTTP server directly.

opensearch__allow_http: []
opensearch__allow_tcp

List of IP addresses or CIDR subnets that can connect to the OpenSearch TCP transport port. This variable needs to be set to allow nodes to communicate. If this list is empty, nobody can connect to the transport port and the OpenSearch service is configured in a standalone mode.

opensearch__allow_tcp: []

OpenSearch network options

opensearch__http_port

The port on which OpenSearch will listen for HTTP connections.

opensearch__http_port: '9200'
opensearch__transport_tcp_port

The port on which OpenSearch will listen for TCP transport connections.

opensearch__transport_tcp_port: '9300'

Memory options

The variables below configure JVM memory allocation options. See https://opensearch.org/docs/latest/opensearch/install/important-settings/ for more details.

opensearch__memory_lock

Enable or disable memory lock depending on availability of required POSIX capabilities. If this variable is enabled, systemd memlock limit is configured.

opensearch__memory_lock: '{{ True
                                if (not (ansible_system_capabilities_enforced | d()) | bool or
                                    ((ansible_system_capabilities_enforced | d()) | bool and
                                     "cap_ipc_lock" in (ansible_system_capabilities | d([]))))
                                else False }}'
opensearch__jvm_memory_heap_size_multiplier

This variable defines a float value which will be used to select the JVM heap size depending on the size of the available system RAM.

opensearch__jvm_memory_heap_size_multiplier: '{{ "0.2"
                                                    if (ansible_memtotal_mb | int / 2 <= 2048)
                                                    else "0.45" }}'
opensearch__jvm_memory_min_heap_size

Specify the minimum JVM heap size, depending on the available system RAM.

opensearch__jvm_memory_min_heap_size: '{{ (((ansible_memtotal_mb | int
                                               * opensearch__jvm_memory_heap_size_multiplier | float)
                                               | round | int) | string + "m")
                                             if (ansible_memtotal_mb | int / 2 <= 32768)
                                             else "32600m" }}'
opensearch__jvm_memory_max_heap_size

Specify the maximum JVM heap size, depending on the available system RAM. This usually should be the same as the minimum heap size, for performance reasons.

opensearch__jvm_memory_max_heap_size: '{{ opensearch__jvm_memory_min_heap_size }}'

OpenSearch configuration

opensearch__default_configuration

Default configuration provided by this role.

opensearch__default_configuration:

  - name: 'cluster.name'
    comment: 'Use a descriptive name for your cluster'
    value: '{{ ansible_domain | replace(".", "-") }}'

  - name: 'node.name'
    comment: 'Use a descriptive name for the node'
    value: '{{ ansible_hostname }}'

  - name: 'path.data'
    comment: |
      Path to directory where to store the data (separate multiple locations by
      comma)
    value: '/var/local/opensearch'

  - name: 'path.logs'
    comment: 'Path to log files'
    value: '/var/log/opensearch'

  - name: 'plugins.security.disabled'
    comment: 'Disable TLS support'
    value: True

  - name: 'bootstrap.memory_lock'
    comment: 'Lock the memory on startup'
    value: '{{ True if opensearch__memory_lock | bool else False }}'

  - name: 'cluster.initial_master_nodes'
    comment: |
      Bootstrap the cluster using an initial set of master-eligible nodes
    value: [ '{{ ansible_hostname }}' ]
opensearch__configuration

Configuration to apply to all OpenSearch hosts.

opensearch__configuration: []
opensearch__group_configuration

Configuration to apply to all OpenSearch hosts in the inventory group.

opensearch__group_configuration: []
opensearch__host_configuration

Configuration to apply to individual OpenSearch hosts.

opensearch__host_configuration: []
opensearch__combined_configuration

Combined OpenSearch configuration.

opensearch__combined_configuration: '{{ opensearch__default_configuration
                                        + opensearch__configuration
                                        + opensearch__group_configuration
                                        + opensearch__host_configuration }}'

Configuration for other Ansible roles

opensearch__etc_services__dependent_list

Configuration for the debops.etc_services Ansible role.

opensearch__etc_services__dependent_list:

  - name: 'opensearch-http'
    port: '{{ opensearch__http_port }}'

  - name: 'opensearch-tcp'
    port: '{{ opensearch__transport_tcp_port }}'
opensearch__keyring__dependent_gpg_keys

Configuration for the debops.keyring Ansible role.

opensearch__keyring__dependent_gpg_keys:

  - id: 'C5B7 4989 65EF D1C2 924B  A9D5 39D3 1987 9310 D3FC'
    url: 'https://artifacts.opensearch.org/publickeys/opensearch.pgp'
    user: '{{ opensearch__user }}'
    group: '{{ opensearch__group }}'
    home: '/var/local/opensearch'
opensearch__sysctl__dependent_parameters

Configuration for the debops.sysctl Ansible role.

opensearch__sysctl__dependent_parameters:

  - name: 'opensearch'
    weight: 80
    options:

      - name: 'vm.max_map_count'
        comment: |
          The OpenSearch documentation recommends setting this as the minimum
          for production workloads, see
          https://opensearch.org/docs/latest/opensearch/install/important-settings/
        value: 262144
opensearch__ferm__dependent_rules

Configuration for the debops.ferm Ansible role.

opensearch__ferm__dependent_rules:

  - name: 'opensearch_http'
    type: 'accept'
    dport: '{{ opensearch__http_port }}'
    saddr: '{{ opensearch__allow_http }}'
    accept_any: False

  - name: 'opensearch_tcp'
    type: 'accept'
    dport: '{{ opensearch__transport_tcp_port }}'
    saddr: '{{ opensearch__allow_tcp }}'
    accept_any: False