Manybubbles has uploaded a new change for review. https://gerrit.wikimedia.org/r/91903
Change subject: Change Elasticsearch defaults that cause pain/fear ...................................................................... Change Elasticsearch defaults that cause pain/fear Turn off automatic index creation - when elasticsearch automatically creates indexes it never does it the way we need it to and then we have to fight with it to delete the indexes that it made while it tries keeps automatically recreating them. This isn't nice for us so we turn it off. Turn off the delete/close method for *all* indexes. You can still delete or close a single index, but just not all at the same time. That isn't something we want to do accidentally. We haven't had a problem with this but folk wisdom says this just isn't worth the risk and I don't disagree. Finally, turn off requesting a shutdown over the rest interface. We do it locally via init scripts any way and it just doesn't seem worth the risk of it being accidentally or maliciously triggered. Bug: 56165 Change-Id: Idf2c33028979df0e8731dbf27337b4af99185ef3 --- M modules/elasticsearch/templates/elasticsearch.yml.erb 1 file changed, 19 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/03/91903/1 diff --git a/modules/elasticsearch/templates/elasticsearch.yml.erb b/modules/elasticsearch/templates/elasticsearch.yml.erb index 9fb2124..62271b0 100644 --- a/modules/elasticsearch/templates/elasticsearch.yml.erb +++ b/modules/elasticsearch/templates/elasticsearch.yml.erb @@ -359,3 +359,22 @@ monitor.jvm.gc.ConcurrentMarkSweep.warn: 10s monitor.jvm.gc.ConcurrentMarkSweep.info: 5s monitor.jvm.gc.ConcurrentMarkSweep.debug: 2s + +################################### Actions ################################# +## +# Require explicit index creation +## +action.auto_create_index: false + +## +# Protect against accidental close/delete operations +# on all indices. You can still close/delete individual +# indices. +## +action.disable_close_all_indices: true +action.disable_delete_all_indices: true + +## +# Disable ability to shutdown nodes via REST API +## +action.disable_shutdown: true -- To view, visit https://gerrit.wikimedia.org/r/91903 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Idf2c33028979df0e8731dbf27337b4af99185ef3 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Manybubbles <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
