--- # CloudFlare Origin certificates origin_certs: - domain: 'status.im' crt: '{{lookup("vault", "certs/cloudflare/nimbus.team", field="origin.crt", stage="all", env="all")}}' key: '{{lookup("vault", "certs/cloudflare/nimbus.team", field="origin.key", stage="all", env="all")}}' default: true # Syncing can use a lot of memory swap_file_path: '/main.swap' swap_file_size_mb: 2048 # ElasticSearch Cluster es_service_name: 'elasticsearch' es_service_path: '/docker/{{ es_service_name }}' es_cluster_name: 'nimbus-logs-search' es_docker_network_name: '{{ es_service_name }}' es_api_port: 9200 es_node_port: 9300 es_node_cont_tag: '7.17.8' es_exp_cont_port: 9114 es_master_nodes: | {{ ansible_play_hosts | map('extract', hostvars) | list | json_query( '[].{ name: inventory_hostname, addr: ansible_local.wireguard.vpn_ip, port: to_string(es_node_port) }') }} # Since Logstash stores 1 index per day this is fine. # See: https://www.elastic.co/blog/how-many-shards-should-i-have-in-my-elasticsearch-cluster es_number_of_shards: 3 # Since Nimbus logs are low-value we don't need replicas. es_number_of_replicas: 0 # Bump due to large number of fields in JSON logs. es_mapping_total_fields_limit: 1500 # Query optimization to not search throguh all fields. Can be a list. es_default_query_default_field: ['json.msg'] # JVM Memory settings es_jvm_g1gc_enabled: true es_jvm_heap_auto: false es_jvm_min_heap: 40g es_jvm_max_heap: 40g # Migrated to NFTables from IPTables. # https://github.com/status-im/infra-misc/issues/301 bootstrap__firewall_nftables: true # Open Ports open_ports_default_comment: 'ElasticSearch' open_ports_list: elasticsearch: - { port: '{{ es_api_port }}', ipset: 'hq.metrics', iifname: 'wg0' } - { port: '{{ es_api_port }}', ipset: 'hq.logs', iifname: 'wg0' } - { port: '{{ es_api_port }}', ipset: 'logs.nimbus', iifname: 'wg0' } - { port: '{{ es_api_port }}', ipset: 'dash.nimbus', iifname: 'wg0' } - { port: '{{ es_node_port }}', ipset: 'logs.nimbus', iifname: 'wg0' } - { port: '{{ es_node_port }}', ipset: 'dash.nimbus', iifname: 'wg0' } elasticsearch_metrics: - { port: '{{ es_exp_cont_port }}', ipset: 'hq.metrics', iifname: 'wg0' } - { port: '{{ smart_metrics_listen_port }}', ipset: 'hq.metrics', iifname: 'wg0', comment: 'SMART Metrics' }