infra-nimbus/ansible/group_vars/logs.nimbus.yml

67 lines
2.4 KiB
YAML
Raw Normal View History

---
# CloudFlare Origin certificates
origin_certs:
- domain: 'status.im'
2024-11-04 07:45:14 +00:00
crt: '{{lookup("vault", "certs/cloudflare/nimbus.team", field="origin.crt", stage="all", env="all")}}'
key: '{{lookup("vault", "certs/cloudflare/nimbus.team", field="origin.key", stage="all", env="all")}}'
default: true
# Syncing can use a lot of memory
swap_file_path: '/main.swap'
swap_file_size_mb: 2048
# ElasticSearch Cluster
es_service_name: 'elasticsearch'
es_service_path: '/docker/{{ es_service_name }}'
es_cluster_name: 'nimbus-logs-search'
es_docker_network_name: '{{ es_service_name }}'
es_api_port: 9200
es_node_port: 9300
es_node_cont_tag: '7.17.8'
es_exp_cont_port: 9114
es_master_nodes: |
{{ ansible_play_hosts
| map('extract', hostvars)
| list
| json_query(
'[].{
name: inventory_hostname,
addr: ansible_local.wireguard.vpn_ip,
port: to_string(es_node_port)
}') }}
# Since Logstash stores 1 index per day this is fine.
# See: https://www.elastic.co/blog/how-many-shards-should-i-have-in-my-elasticsearch-cluster
es_number_of_shards: 3
# Since Nimbus logs are low-value we don't need replicas.
es_number_of_replicas: 0
# Bump due to large number of fields in JSON logs.
es_mapping_total_fields_limit: 1500
# Query optimization to not search throguh all fields. Can be a list.
es_default_query_default_field: ['json.msg']
# JVM Memory settings
es_jvm_g1gc_enabled: true
es_jvm_heap_auto: false
es_jvm_min_heap: 40g
es_jvm_max_heap: 40g
# Migrated to NFTables from IPTables.
# https://github.com/status-im/infra-misc/issues/301
bootstrap__firewall_nftables: true
# Open Ports
open_ports_default_comment: 'ElasticSearch'
open_ports_list:
elasticsearch:
- { port: '{{ es_api_port }}', ipset: 'hq.metrics', iifname: 'wg0' }
- { port: '{{ es_api_port }}', ipset: 'hq.logs', iifname: 'wg0' }
- { port: '{{ es_api_port }}', ipset: 'logs.nimbus', iifname: 'wg0' }
- { port: '{{ es_api_port }}', ipset: 'dash.nimbus', iifname: 'wg0' }
- { port: '{{ es_node_port }}', ipset: 'logs.nimbus', iifname: 'wg0' }
- { port: '{{ es_node_port }}', ipset: 'dash.nimbus', iifname: 'wg0' }
elasticsearch_metrics:
- { port: '{{ es_exp_cont_port }}', ipset: 'hq.metrics', iifname: 'wg0' }
- { port: '{{ smart_metrics_listen_port }}', ipset: 'hq.metrics', iifname: 'wg0', comment: 'SMART Metrics' }