debops.opensearch default variables
Sections
General
- opensearch__version
The OpenSearch version to install.
opensearch__version: '2.2.0'
- opensearch__tarball
The name of the OpenSearch release tarball.
opensearch__tarball: 'opensearch-{{ opensearch__version }}-linux-x64.tar.gz'
- opensearch__installation_directory
The directory where the OpenSearch release tarball should be extracted.
opensearch__installation_directory: '/usr/local/share/opensearch'
- opensearch__user
Name of the UNIX user account used by OpenSearch.
opensearch__user: 'opensearch'
- opensearch__group
Name of the UNIX primary group used by OpenSearch.
opensearch__group: 'opensearch'
Firewall configuration
- opensearch__allow_http
List of IP addresses or CIDR subnets that can connect to the OpenSearch HTTP service. This does not need to be set to allow the nodes to communicate. If this list is empty, nobody can connect to the HTTP server directly.
opensearch__allow_http: []
- opensearch__allow_tcp
List of IP addresses or CIDR subnets that can connect to the OpenSearch TCP transport port. This variable needs to be set to allow nodes to communicate. If this list is empty, nobody can connect to the transport port and the OpenSearch service is configured in a standalone mode.
opensearch__allow_tcp: []
OpenSearch network options
- opensearch__http_port
The port on which OpenSearch will listen for HTTP connections.
opensearch__http_port: '9200'
- opensearch__transport_tcp_port
The port on which OpenSearch will listen for TCP transport connections.
opensearch__transport_tcp_port: '9300'
Memory options
The variables below configure JVM memory allocation options. See https://opensearch.org/docs/latest/opensearch/install/important-settings/ for more details.
- opensearch__memory_lock
Enable or disable memory lock depending on availability of required POSIX capabilities. If this variable is enabled, systemd memlock limit is configured.
opensearch__memory_lock: '{{ True
if (not (ansible_system_capabilities_enforced | d()) | bool or
((ansible_system_capabilities_enforced | d()) | bool and
"cap_ipc_lock" in (ansible_system_capabilities | d([]))))
else False }}'
- opensearch__jvm_memory_heap_size_multiplier
This variable defines a float value which will be used to select the JVM heap size depending on the size of the available system RAM.
opensearch__jvm_memory_heap_size_multiplier: '{{ "0.2"
if (ansible_memtotal_mb | int / 2 <= 2048)
else "0.45" }}'
- opensearch__jvm_memory_min_heap_size
Specify the minimum JVM heap size, depending on the available system RAM.
opensearch__jvm_memory_min_heap_size: '{{ (((ansible_memtotal_mb | int
* opensearch__jvm_memory_heap_size_multiplier | float)
| round | int) | string + "m")
if (ansible_memtotal_mb | int / 2 <= 32768)
else "32600m" }}'
- opensearch__jvm_memory_max_heap_size
Specify the maximum JVM heap size, depending on the available system RAM. This usually should be the same as the minimum heap size, for performance reasons.
opensearch__jvm_memory_max_heap_size: '{{ opensearch__jvm_memory_min_heap_size }}'
OpenSearch configuration
- opensearch__default_configuration
Default configuration provided by this role.
opensearch__default_configuration:
- name: 'cluster.name'
comment: 'Use a descriptive name for your cluster'
value: '{{ ansible_domain | replace(".", "-") }}'
- name: 'node.name'
comment: 'Use a descriptive name for the node'
value: '{{ ansible_hostname }}'
- name: 'path.data'
comment: |
Path to directory where to store the data (separate multiple locations by
comma)
value: '/var/local/opensearch'
- name: 'path.logs'
comment: 'Path to log files'
value: '/var/log/opensearch'
- name: 'plugins.security.disabled'
comment: 'Disable TLS support'
value: True
- name: 'bootstrap.memory_lock'
comment: 'Lock the memory on startup'
value: '{{ True if opensearch__memory_lock | bool else False }}'
- name: 'cluster.initial_master_nodes'
comment: |
Bootstrap the cluster using an initial set of master-eligible nodes
value: [ '{{ ansible_hostname }}' ]
- opensearch__configuration
Configuration to apply to all OpenSearch hosts.
opensearch__configuration: []
- opensearch__group_configuration
Configuration to apply to all OpenSearch hosts in the inventory group.
opensearch__group_configuration: []
- opensearch__host_configuration
Configuration to apply to individual OpenSearch hosts.
opensearch__host_configuration: []
- opensearch__combined_configuration
Combined OpenSearch configuration.
opensearch__combined_configuration: '{{ opensearch__default_configuration
+ opensearch__configuration
+ opensearch__group_configuration
+ opensearch__host_configuration }}'
Configuration for other Ansible roles
- opensearch__etc_services__dependent_list
Configuration for the debops.etc_services Ansible role.
opensearch__etc_services__dependent_list:
- name: 'opensearch-http'
port: '{{ opensearch__http_port }}'
- name: 'opensearch-tcp'
port: '{{ opensearch__transport_tcp_port }}'
- opensearch__keyring__dependent_gpg_keys
Configuration for the debops.keyring Ansible role.
opensearch__keyring__dependent_gpg_keys:
- id: 'C5B7 4989 65EF D1C2 924B A9D5 39D3 1987 9310 D3FC'
url: 'https://artifacts.opensearch.org/publickeys/opensearch.pgp'
user: '{{ opensearch__user }}'
group: '{{ opensearch__group }}'
home: '/var/local/opensearch'
- opensearch__sysctl__dependent_parameters
Configuration for the debops.sysctl Ansible role.
opensearch__sysctl__dependent_parameters:
- name: 'opensearch'
weight: 80
options:
- name: 'vm.max_map_count'
comment: |
The OpenSearch documentation recommends setting this as the minimum
for production workloads, see
https://opensearch.org/docs/latest/opensearch/install/important-settings/
value: 262144
- opensearch__ferm__dependent_rules
Configuration for the debops.ferm Ansible role.
opensearch__ferm__dependent_rules:
- name: 'opensearch_http'
type: 'accept'
dport: '{{ opensearch__http_port }}'
saddr: '{{ opensearch__allow_http }}'
accept_any: False
- name: 'opensearch_tcp'
type: 'accept'
dport: '{{ opensearch__transport_tcp_port }}'
saddr: '{{ opensearch__allow_tcp }}'
accept_any: False