summaryrefslogtreecommitdiff
path: root/environment_config.yaml
blob: 686eafee0f5ed80ceb03144264587d036337d93a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
attributes:

  retention_period:
    value: '30'
    label: 'Retention period'
    description: 'The number of days after which data is automatically deleted within the Elasticsearch system (0 to never delete data).'
    weight: 5
    type: "text"
    regex: &number_validation
        source: '^\d+$'
        error: "You must provide a number"

  # Parameter hidden in the UI on purpose
  # this directory must match the mount point set in volumes.yaml
  data_dir:
    value: '/opt/es-data'
    label: 'Elasticsearch directory'
    description: 'Directory used by elasticsearch to store data.'
    weight: 15
    type: "text"
    restrictions:
      - condition: "true"
        action: hide

  jvm_heap_size:
    value: '1'
    label: 'JVM heap size'
    description: 'in GB (between 1 and 32). The amount of memory reserved for the JVM.'
    weight: 16
    type: "text"
    regex:
      source: '^([1-9]|[12][0-9]|3[0-2])$'
      error: 'Enter a value between 1 and 32'

  kibana_username:
    value: 'lma'
    label: 'User name'
    description: 'The username to access Kibana.'
    weight: 17
    type: "text"
    regex:
      source: '\S'
      error: "You must provide a username."

  kibana_password:
    value:
      generator: 'password'
    label: 'User password'
    description: 'The password to access Kibana.'
    weight: 18
    type: "password"
    regex:
      source: '^[\S]{4,}$'
      error: "You must provide a password with at least 4 characters"

  advanced_settings:
    label: "Advanced settings"
    value: false
    description: "The plugin determines the best settings if not set"
    weight: 19
    type: checkbox

  number_of_replicas:
    value: ''
    label: 'Number of replicas'
    description: "The number of replicas must be less than the total number of Elasticsearch nodes (total number of Elasticsearch nodes - 1 by default)."
    weight: 20
    type: "text"
    regex:
      source: '^\d?$'
      error: "You must provide either a number or leave it empty"
    restrictions:
      - condition: "settings:elasticsearch_kibana.advanced_settings.value == false"
        action: hide

  minimum_master_nodes:
    value: ''
    label: 'Minimum number of master eligible nodes'
    description: 'This must be less than or equal to the total number of Elasticsearch nodes (total number of Elasticsearch nodes / 2 + 1 by default).'
    weight: 21
    type: "text"
    regex:
      source: '^\d?$'
      error: "You must provide either a number or leave it empty"
    restrictions:
      - condition: "settings:elasticsearch_kibana.advanced_settings.value == false"
        action: hide

  recover_after_nodes:
    value: ''
    label: 'Recover after nodes'
    description: "The number of nodes to wait before starting a recovery action following a cluster restart. This must be less than or equal to the total number of nodes in the cluster (2/3 of the total number of nodes by default)."
    weight: 22
    type: "text"
    regex:
      source: '^\d?$'
      error: "You must provide either a number or leave it empty"
    restrictions:
      - condition: "settings:elasticsearch_kibana.advanced_settings.value == false"
        action: hide

  recover_after_time:
    value: '5'
    label: 'Recover after time'
    description: 'The number of minutes the cluster should wait before starting a recovery action following a cluster restart.'
    weight: 23
    type: "text"
    regex:
      source: '^\d+$'
      error: "You must provide a number"
    restrictions:
      - condition: "settings:elasticsearch_kibana.advanced_settings.value == false"
        action: hide

# TLS Settings: BEGIN
  tls_enabled:
    value: false
    label: 'Enable TLS for Kibana'
    description: ''
    weight: 30
    type: "checkbox"

  kibana_hostname:
    value: 'kibana.fuel.local'
    label: 'DNS hostname for Kibana'
    description: 'Your DNS entries should point to this name.'
    weight: 40
    type: "text"
    restrictions:
      - condition: "settings:elasticsearch_kibana.tls_enabled.value == false"
        action: "hide"

  kibana_ssl_cert:
    value: ''
    label: 'Certificate for Kibana'
    description: 'Certificate and private key data, concatenated into a single file.'
    weight: 50
    type: "file"
    restrictions:
      - condition: "settings:elasticsearch_kibana.tls_enabled.value == false"
        action: "hide"
  # TLS Settings: END
  # LDAP Settings: BEGIN
  ldap_enabled:
    value: false
    label: 'Use LDAP for Kibana authentication'
    description: ''
    weight: 100
    type: "checkbox"

  ldap_protocol_for_kibana:
    type: "radio"
    value: 'ldap'
    weight: 110
    label: 'LDAP protocol'
    values:
      - data: "ldap"
        label: "LDAP"
      - data: "ldaps"
        label: "LDAPS"
    restrictions:
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: hide

  ldap_servers:
    value: ''
    label: 'LDAP servers'
    description: 'Specify one or several LDAP servers separated by space.'
    weight: 120
    type: "text"
    regex:
      source: '^\w[\w\-\s.]+$'
      error: "You must provide a hostname or IP"
    restrictions:
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: hide
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: disable

  ldap_server_port:
    value: ''
    label: 'Port'
    description: 'If empty, the default value is 389 for LDAP and 636 for LDAPS.'
    weight: 130
    type: "text"
    regex:
        source: '^\d{0,5}$'
        error: "You must provide a valid port number"
    restrictions:
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: hide
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: disable

  ldap_bind_dn:
    value: ''
    label: 'Bind DN'
    description: 'DN used to bind to the server when searching for entries.'
    weight: 140
    type: "text"
    regex: &not_empty_parameter
      source: '\S'
      error: "Invalid value"
    restrictions:
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: hide
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: disable

  ldap_bind_password:
    value: ''
    label: 'Bind password'
    description: 'Password to use in conjunction with the bind DN.'
    weight: 150
    type: "password"
    regex: *not_empty_parameter
    restrictions:
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: hide
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: disable

  ldap_user_search_base_dns:
    value: ''
    label: 'User search base DN'
    description: 'The base DN to search for users.'
    weight: 160
    type: "text"
    regex: *not_empty_parameter
    restrictions:
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: hide
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: disable

  ldap_user_attribute:
    value: 'uid'
    label: 'User search attribute'
    description: 'The attribute to search for.'
    weight: 165
    type: "text"
    regex: *not_empty_parameter
    restrictions:
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: hide
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: disable

  ldap_user_search_filter:
    value: '(objectClass=*)'
    label: 'User search filter'
    description: 'A valid LDAP search filter.'
    weight: 170
    type: "text"
    regex: *not_empty_parameter
    restrictions:
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: hide
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: disable

  ldap_authorization_enabled:
    value: false
    label: 'Enable group-based authorization'
    description: 'It allows to associate users with the Admin or Viewer role. Otherwise all users are assigned to Admin role by default.'
    weight: 200
    type: "checkbox"
    restrictions:
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: hide

  ldap_group_attribute:
    value: 'memberUid'
    label: 'LDAP group attribute'
    description: 'LDAP attribute used to identify the user members of groups.'
    weight: 205
    type: "text"
    regex: *not_empty_parameter
    restrictions:
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: hide
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: disable
      - condition: "settings:elasticsearch_kibana.ldap_authorization_enabled.value == false"
        action: disable

  ldap_admin_group_dn:
    value: ''
    label: 'Group DN mapping to the Admin role'
    description: ''
    weight: 210
    type: "text"
    regex: *not_empty_parameter
    restrictions:
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: hide
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: disable
      - condition: "settings:elasticsearch_kibana.ldap_authorization_enabled.value == false"
        action: disable

  ldap_viewer_group_dn:
    value: ''
    label: 'Group DN mapping to the Viewer role'
    description: ''
    weight: 220
    type: "text"
    regex: *not_empty_parameter
    restrictions:
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: hide
      - condition: "settings:elasticsearch_kibana.ldap_enabled.value == false"
        action: disable
      - condition: "settings:elasticsearch_kibana.ldap_authorization_enabled.value == false"
        action: disable
  # LDAP Settings: END