diff --git a/.gitignore b/.gitignore index 6391479..51fe425 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,8 @@ config-*.tar.gz postgres/data elasticsearch/data elasticsearch/snapshots +opensearch/data +opensearch/snapshots /.project chromedriver/auth.txt configurator diff --git a/docker-compose.yml b/docker-compose.yml index 570e78a..c739077 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,13 +11,14 @@ networks: dev: services: elasticsearch: - build: alegre/elasticsearch + build: alegre/opensearch environment: discovery.type: single-node transport.host: 127.0.0.1 - xpack.security.enabled: "false" + plugins.security.disabled: "true" + #xpack.security.enabled: "false" bootstrap.memory_lock: "true" - ES_JAVA_OPTS: "-Xms512m -Xmx512m -Dlog4j2.disable.jmx=true" + OPENSEARCH_JAVA_OPTS: "-Xms512m -Xmx512m -Dlog4j2.disable.jmx=true" ulimits: memlock: soft: -1 @@ -25,8 +26,8 @@ services: ports: - "9200:9200" volumes: - - "./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml" - - "elasticsearch:/usr/share/elasticsearch/data" + - "./opensearch.yml:/usr/share/opensearch/config/opensearch.yml" + - "elasticsearch:/usr/share/opensearch/data" networks: - dev postgres: @@ -169,16 +170,16 @@ services: MODE: development networks: - dev - kibana: - image: docker.elastic.co/kibana/kibana:7.9.2 - ports: - - "5601:5601" - depends_on: - - elasticsearch - environment: - ELASTICSEARCH_URL: http://elasticsearch:9200 - networks: - - dev +# kibana: +# image: docker.elastic.co/kibana/kibana:7.9.2 +# ports: +# - "5601:5601" +# depends_on: +# - elasticsearch +# environment: +# ELASTICSEARCH_URL: http://opensearch:9200 +# networks: +# - dev presto: build: presto platform: linux/amd64 diff --git a/opensearch.yml b/opensearch.yml new file mode 100644 index 0000000..17f5fbc --- /dev/null +++ b/opensearch.yml @@ -0,0 +1,39 @@ +network.host: 0.0.0.0 +plugins.security.disabled: true + +path: + logs: /usr/share/opensearch/logs + data: /usr/share/opensearch/data + repo: /usr/share/opensearch/snapshots +cluster: + name: ${HOSTNAME}-cluster +node: + name: ${HOSTNAME} +http: + cors: + enabled: true + allow-origin: '*' + +######## Start OpenSearch Security Demo Configuration ######## +# WARNING: revise all the lines below before you go into production +plugins.security.ssl.transport.pemcert_filepath: esnode.pem +plugins.security.ssl.transport.pemkey_filepath: esnode-key.pem +plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem +plugins.security.ssl.transport.enforce_hostname_verification: false +plugins.security.ssl.http.enabled: true +plugins.security.ssl.http.pemcert_filepath: esnode.pem +plugins.security.ssl.http.pemkey_filepath: esnode-key.pem +plugins.security.ssl.http.pemtrustedcas_filepath: root-ca.pem +plugins.security.allow_unsafe_democertificates: true +plugins.security.allow_default_init_securityindex: true +plugins.security.authcz.admin_dn: + - CN=kirk,OU=client,O=client,L=test, C=de + +plugins.security.audit.type: internal_opensearch +plugins.security.enable_snapshot_restore_privilege: true +plugins.security.check_snapshot_restore_write_privileges: true +plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] +plugins.security.system_indices.enabled: true +plugins.security.system_indices.indices: [".plugins-ml-config", ".plugins-ml-connector", ".plugins-ml-model-group", ".plugins-ml-model", ".plugins-ml-task", ".plugins-ml-conversation-meta", ".plugins-ml-conversation-interactions", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".ql-datasources", ".opendistro-asynchronous-search-response*", ".replication-metadata-store", ".opensearch-knn-models", ".geospatial-ip2geo-data*"] +node.max_local_storage_nodes: 3 +######## End OpenSearch Security Demo Configuration ########