rhefner/gist:3d949f7b4074920636a69f6688c121bf Secret

## gistfile1.txt
apiVersion: v1
data:
  elasticsearch.yml: |
    cluster:
      name: ${CLUSTER_NAME}

    script:
      inline: on
      indexed: on

    index:
      number_of_shards: 1
      number_of_replicas: 0
      unassigned.node_left.delayed_timeout: 2m
      translog:
        flush_threshold_size: 256mb
        flush_threshold_period: 5m

    node:
      name: ${DC_NAME}
      master: ${IS_MASTER}
      data: ${HAS_DATA}
      max_local_storage_nodes: 1

    network:
      host: 0.0.0.0

    cloud:
      kubernetes:
        pod_label: ${POD_LABEL}
        pod_port: 9300
        namespace: ${NAMESPACE}

    discovery:
      type: kubernetes
      zen.ping.multicast.enabled: false
      zen.minimum_master_nodes: ${NODE_QUORUM}

    gateway:
      recover_after_nodes: ${NODE_QUORUM}
      expected_nodes: ${RECOVER_EXPECTED_NODES}
      recover_after_time: ${RECOVER_AFTER_TIME}

    io.fabric8.elasticsearch.authentication.users: ["system.logging.kibana", "system.logging.fluentd", "system.logging.curator", "system.admin"]
    io.fabric8.elasticsearch.kibana.mapping.app: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json
    io.fabric8.elasticsearch.kibana.mapping.ops: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json
    io.fabric8.elasticsearch.kibana.mapping.empty: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json

    openshift.config:
      use_common_data_model: true
      project_index_prefix: "project"
      time_field_name: "@timestamp"

    openshift.searchguard:
      keystore.path: /etc/elasticsearch/secret/admin.jks
      truststore.path: /etc/elasticsearch/secret/searchguard.truststore

    openshift.operations.allow_cluster_reader: false

    path:
      data: /elasticsearch/persistent/${CLUSTER_NAME}/data
      logs: /elasticsearch/${CLUSTER_NAME}/logs
      work: /elasticsearch/${CLUSTER_NAME}/work
      scripts: /elasticsearch/${CLUSTER_NAME}/scripts

    searchguard:
      authcz.admin_dn:
      - CN=system.admin,OU=OpenShift,O=Logging
      config_index_name: ".searchguard.${DC_NAME}"
      ssl:
        transport:
          enabled: true
          enforce_hostname_verification: false
          keystore_type: JKS
          keystore_filepath: /etc/elasticsearch/secret/searchguard.key
          keystore_password: kspass
          truststore_type: JKS
          truststore_filepath: /etc/elasticsearch/secret/searchguard.truststore
          truststore_password: tspass
        http:
          enabled: true
          keystore_type: JKS
          keystore_filepath: /etc/elasticsearch/secret/key
          keystore_password: kspass
          clientauth_mode: OPTIONAL
          truststore_type: JKS
          truststore_filepath: /etc/elasticsearch/secret/truststore
          truststore_password: tspass
  logging.yml: |
    # you can override this using by setting a system property, for example -Des.logger.level=DEBUG
    es.logger.level: INFO
    rootLogger: ${es.logger.level}, file
    logger:
      # log action execution errors for easier debugging
      action: WARN
      #
      # deprecation logging, turn to DEBUG to see them
      deprecation: WARN, deprecation_log_file

      # reduce the logging for aws, too much is logged under the default INFO
      com.amazonaws: WARN

      io.fabric8.elasticsearch: ${PLUGIN_LOGLEVEL}
      io.fabric8.kubernetes: ${PLUGIN_LOGLEVEL}

      # aws will try to do some sketchy JMX stuff, but its not needed.
      com.amazonaws.jmx.SdkMBeanRegistrySupport: ERROR
      com.amazonaws.metrics.AwsSdkMetrics: ERROR

      org.apache.http: INFO

      # gateway
      #gateway: DEBUG
      #index.gateway: DEBUG

      # peer shard recovery
      #indices.recovery: DEBUG

      # discovery
      #discovery: TRACE

      index.search.slowlog: TRACE, index_search_slow_log_file
      index.indexing.slowlog: TRACE, index_indexing_slow_log_file

      # search-guard
      com.floragunn.searchguard: WARN

    additivity:
      index.search.slowlog: false
      index.indexing.slowlog: false
      deprecation: false

    appender:
      console:
        type: console
        layout:
          type: consolePattern
          conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %.1000m%n"
        # need this filter until https://github.com/openshift/origin/issues/14515 is fixed
        filter:
          1:
            type: org.apache.log4j.varia.StringMatchFilter
            StringToMatch: "SSL Problem illegal change cipher spec msg, conn state = 6, handshake state = 1"
            AcceptOnMatch: false

      file:
        type: dailyRollingFile
        file: ${path.logs}/${cluster.name}.log
        datePattern: "'.'yyyy-MM-dd"
        layout:
          type: pattern
          conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
        # need this filter until https://github.com/openshift/origin/issues/14515 is fixed
        filter:
          1:
            type: org.apache.log4j.varia.StringMatchFilter
            StringToMatch: "SSL Problem illegal change cipher spec msg, conn state = 6, handshake state = 1"
            AcceptOnMatch: false

      # Use the following log4j-extras RollingFileAppender to enable gzip compression of log files.
      # For more information see https://logging.apache.org/log4j/extras/apidocs/org/apache/log4j/rolling/RollingFileAppender.html
      #file:
        #type: extrasRollingFile
        #file: ${path.logs}/${cluster.name}.log
        #rollingPolicy: timeBased
        #rollingPolicy.FileNamePattern: ${path.logs}/${cluster.name}.log.%d{yyyy-MM-dd}.gz
        #layout:
          #type: pattern
          #conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

      deprecation_log_file:
        type: dailyRollingFile
        file: ${path.logs}/${cluster.name}_deprecation.log
        datePattern: "'.'yyyy-MM-dd"
        layout:
          type: pattern
          conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

      index_search_slow_log_file:
        type: dailyRollingFile
        file: ${path.logs}/${cluster.name}_index_search_slowlog.log
        datePattern: "'.'yyyy-MM-dd"
        layout:
          type: pattern
          conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

      index_indexing_slow_log_file:
        type: dailyRollingFile
        file: ${path.logs}/${cluster.name}_index_indexing_slowlog.log
        datePattern: "'.'yyyy-MM-dd"
        layout:
          type: pattern
          conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
kind: ConfigMap
metadata:
  creationTimestamp: 2017-09-21T19:04:11Z
  name: logging-elasticsearch
  namespace: logging
  resourceVersion: "18753527"
  selfLink: /api/v1/namespaces/logging/configmaps/logging-elasticsearch
  uid: a6cf2123-9eff-11e7-b26a-005056a5b371
	apiVersion: v1
	data:
	elasticsearch.yml: \|
	cluster:
	name: ${CLUSTER_NAME}

	script:
	inline: on
	indexed: on

	index:
	number_of_shards: 1
	number_of_replicas: 0
	unassigned.node_left.delayed_timeout: 2m
	translog:
	flush_threshold_size: 256mb
	flush_threshold_period: 5m

	node:
	name: ${DC_NAME}
	master: ${IS_MASTER}
	data: ${HAS_DATA}
	max_local_storage_nodes: 1

	network:
	host: 0.0.0.0

	cloud:
	kubernetes:
	pod_label: ${POD_LABEL}
	pod_port: 9300
	namespace: ${NAMESPACE}

	discovery:
	type: kubernetes
	zen.ping.multicast.enabled: false
	zen.minimum_master_nodes: ${NODE_QUORUM}

	gateway:
	recover_after_nodes: ${NODE_QUORUM}
	expected_nodes: ${RECOVER_EXPECTED_NODES}
	recover_after_time: ${RECOVER_AFTER_TIME}

	io.fabric8.elasticsearch.authentication.users: ["system.logging.kibana", "system.logging.fluentd", "system.logging.curator", "system.admin"]
	io.fabric8.elasticsearch.kibana.mapping.app: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json
	io.fabric8.elasticsearch.kibana.mapping.ops: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json
	io.fabric8.elasticsearch.kibana.mapping.empty: /usr/share/elasticsearch/index_patterns/com.redhat.viaq-openshift.index-pattern.json

	openshift.config:
	use_common_data_model: true
	project_index_prefix: "project"
	time_field_name: "@timestamp"

	openshift.searchguard:
	keystore.path: /etc/elasticsearch/secret/admin.jks
	truststore.path: /etc/elasticsearch/secret/searchguard.truststore

	openshift.operations.allow_cluster_reader: false

	path:
	data: /elasticsearch/persistent/${CLUSTER_NAME}/data
	logs: /elasticsearch/${CLUSTER_NAME}/logs
	work: /elasticsearch/${CLUSTER_NAME}/work
	scripts: /elasticsearch/${CLUSTER_NAME}/scripts

	searchguard:
	authcz.admin_dn:
	- CN=system.admin,OU=OpenShift,O=Logging
	config_index_name: ".searchguard.${DC_NAME}"
	ssl:
	transport:
	enabled: true
	enforce_hostname_verification: false
	keystore_type: JKS
	keystore_filepath: /etc/elasticsearch/secret/searchguard.key
	keystore_password: kspass
	truststore_type: JKS
	truststore_filepath: /etc/elasticsearch/secret/searchguard.truststore
	truststore_password: tspass
	http:
	enabled: true
	keystore_type: JKS
	keystore_filepath: /etc/elasticsearch/secret/key
	keystore_password: kspass
	clientauth_mode: OPTIONAL
	truststore_type: JKS
	truststore_filepath: /etc/elasticsearch/secret/truststore
	truststore_password: tspass
	logging.yml: \|
	# you can override this using by setting a system property, for example -Des.logger.level=DEBUG
	es.logger.level: INFO
	rootLogger: ${es.logger.level}, file
	logger:
	# log action execution errors for easier debugging
	action: WARN
	#
	# deprecation logging, turn to DEBUG to see them
	deprecation: WARN, deprecation_log_file

	# reduce the logging for aws, too much is logged under the default INFO
	com.amazonaws: WARN

	io.fabric8.elasticsearch: ${PLUGIN_LOGLEVEL}
	io.fabric8.kubernetes: ${PLUGIN_LOGLEVEL}

	# aws will try to do some sketchy JMX stuff, but its not needed.
	com.amazonaws.jmx.SdkMBeanRegistrySupport: ERROR
	com.amazonaws.metrics.AwsSdkMetrics: ERROR

	org.apache.http: INFO

	# gateway
	#gateway: DEBUG
	#index.gateway: DEBUG

	# peer shard recovery
	#indices.recovery: DEBUG

	# discovery
	#discovery: TRACE

	index.search.slowlog: TRACE, index_search_slow_log_file
	index.indexing.slowlog: TRACE, index_indexing_slow_log_file

	# search-guard
	com.floragunn.searchguard: WARN

	additivity:
	index.search.slowlog: false
	index.indexing.slowlog: false
	deprecation: false

	appender:
	console:
	type: console
	layout:
	type: consolePattern
	conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %.1000m%n"
	# need this filter until https://github.com/openshift/origin/issues/14515 is fixed
	filter:
	1:
	type: org.apache.log4j.varia.StringMatchFilter
	StringToMatch: "SSL Problem illegal change cipher spec msg, conn state = 6, handshake state = 1"
	AcceptOnMatch: false

	file:
	type: dailyRollingFile
	file: ${path.logs}/${cluster.name}.log
	datePattern: "'.'yyyy-MM-dd"
	layout:
	type: pattern
	conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
	# need this filter until https://github.com/openshift/origin/issues/14515 is fixed
	filter:
	1:
	type: org.apache.log4j.varia.StringMatchFilter
	StringToMatch: "SSL Problem illegal change cipher spec msg, conn state = 6, handshake state = 1"
	AcceptOnMatch: false

	# Use the following log4j-extras RollingFileAppender to enable gzip compression of log files.
	# For more information see https://logging.apache.org/log4j/extras/apidocs/org/apache/log4j/rolling/RollingFileAppender.html
	#file:
	#type: extrasRollingFile
	#file: ${path.logs}/${cluster.name}.log
	#rollingPolicy: timeBased
	#rollingPolicy.FileNamePattern: ${path.logs}/${cluster.name}.log.%d{yyyy-MM-dd}.gz
	#layout:
	#type: pattern
	#conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

	deprecation_log_file:
	type: dailyRollingFile
	file: ${path.logs}/${cluster.name}_deprecation.log
	datePattern: "'.'yyyy-MM-dd"
	layout:
	type: pattern
	conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

	index_search_slow_log_file:
	type: dailyRollingFile
	file: ${path.logs}/${cluster.name}_index_search_slowlog.log
	datePattern: "'.'yyyy-MM-dd"
	layout:
	type: pattern
	conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

	index_indexing_slow_log_file:
	type: dailyRollingFile
	file: ${path.logs}/${cluster.name}_index_indexing_slowlog.log
	datePattern: "'.'yyyy-MM-dd"
	layout:
	type: pattern
	conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
	kind: ConfigMap
	metadata:
	creationTimestamp: 2017-09-21T19:04:11Z
	name: logging-elasticsearch
	namespace: logging
	resourceVersion: "18753527"
	selfLink: /api/v1/namespaces/logging/configmaps/logging-elasticsearch
	uid: a6cf2123-9eff-11e7-b26a-005056a5b371