Ottomata has submitted this change and it was merged. Change subject: Change Elasticsearch defaults that cause pain/fear ......................................................................
Change Elasticsearch defaults that cause pain/fear Turn off automatic index creation - when elasticsearch automatically creates indexes it never does it the way we need it to and then we have to fight with it to delete the indexes that it made while it tries keeps automatically recreating them. This isn't nice for us so we turn it off. Turn off the delete/close method for *all* indexes. You can still delete or close a single index, but just not all at the same time. That isn't something we want to do accidentally. We haven't had a problem with this but folk wisdom says this just isn't worth the risk and I don't disagree. Finally, turn off requesting a shutdown over the rest interface. We do it locally via init scripts any way and it just doesn't seem worth the risk of it being accidentally or maliciously triggered. Bug: 56165 Change-Id: Idf2c33028979df0e8731dbf27337b4af99185ef3 --- M modules/elasticsearch/templates/elasticsearch.yml.erb 1 file changed, 21 insertions(+), 0 deletions(-) Approvals: Ottomata: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/elasticsearch/templates/elasticsearch.yml.erb b/modules/elasticsearch/templates/elasticsearch.yml.erb index 9fb2124..5190cea 100644 --- a/modules/elasticsearch/templates/elasticsearch.yml.erb +++ b/modules/elasticsearch/templates/elasticsearch.yml.erb @@ -359,3 +359,24 @@ monitor.jvm.gc.ConcurrentMarkSweep.warn: 10s monitor.jvm.gc.ConcurrentMarkSweep.info: 5s monitor.jvm.gc.ConcurrentMarkSweep.debug: 2s + +################################### Actions ################################# +## Modulo some small changes to comments this section comes directly from the +## wonderful Elasticsearch mailing list, specifically Dan Everton. +## +# Require explicit index creation. ES never autocreates the indexes the way we +# like them. +## +action.auto_create_index: false + +## +# Protect against accidental close/delete operations on all indices. You can +# still close/delete individual indices. +## +action.disable_close_all_indices: true +action.disable_delete_all_indices: true + +## +# Disable ability to shutdown nodes via REST API. +## +action.disable_shutdown: true -- To view, visit https://gerrit.wikimedia.org/r/91903 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Idf2c33028979df0e8731dbf27337b4af99185ef3 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Manybubbles <[email protected]> Gerrit-Reviewer: Andrew Bogott <[email protected]> Gerrit-Reviewer: Chad <[email protected]> Gerrit-Reviewer: Manybubbles <[email protected]> Gerrit-Reviewer: Ottomata <[email protected]> Gerrit-Reviewer: jenkins-bot _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
