Skip to content

Commit

Permalink
add opensearch_dashboards.yml config for enable vega remote links
Browse files Browse the repository at this point in the history
Signed-off-by: YANGDB <[email protected]>
  • Loading branch information
YANG-DB committed Jun 7, 2024
1 parent 1826c89 commit e1a0e0b
Show file tree
Hide file tree
Showing 3 changed files with 373 additions and 3 deletions.
3 changes: 2 additions & 1 deletion docker-compose-single-os_node.yml
Original file line number Diff line number Diff line change
Expand Up @@ -800,11 +800,12 @@ services:
- "5601"
environment:
OPENSEARCH_HOSTS: '["https://opensearch-node1:9200"]'
vis_type_vega.enableExternalUrls: true
depends_on:
- opensearch-node1
networks:
- opensearch-otel-demo
volumes:
- ./src/dashboards/config/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml

# OpenSearch store - dashboard
data-prepper:
Expand Down
5 changes: 3 additions & 2 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -832,13 +832,14 @@ services:
expose:
- "5601"
environment:
OPENSEARCH_HOSTS: '["https://opensearch-node1:9200","https://opensearch-node2:9200"]'
vis_type_vega.enableExternalUrls: true
- 'OPENSEARCH_HOSTS=["https://opensearch-node1:9200","https://opensearch-node2:9200"]'
depends_on:
- opensearch-node1
- opensearch-node2
networks:
- opensearch-otel-demo
volumes:
- ./src/dashboards/config/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml

# OpenSearch store - dashboard
data-prepper:
Expand Down
368 changes: 368 additions & 0 deletions src/dashboards/config/opensearch_dashboards.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,368 @@
# OpenSearch Dashboards is served by a back end server. This setting specifies the port to use.
#server.port: 5601

# Specifies the address to which the OpenSearch Dashboards server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
#server.host: "localhost"

# Enables you to specify a path to mount OpenSearch Dashboards at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell OpenSearch Dashboards if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether OpenSearch Dashboards should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
#server.rewriteBasePath: false

# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576

# The OpenSearch Dashboards server's name. This is used for display purposes.
#server.name: "your-hostname"

# The URLs of the OpenSearch instances to use for all your queries.
#opensearch.hosts: ["http://localhost:9200"]

# OpenSearch Dashboards uses an index in OpenSearch to store saved searches, visualizations and
# dashboards. OpenSearch Dashboards creates a new index if the index doesn't already exist.
#opensearchDashboards.index: ".opensearch_dashboards"

# OpenSearch Dashboards uses an index in OpenSearch to store dynamic configurations.
# This shall be a different index from opensearchDashboards.index.
# opensearchDashboards.configIndex: ".opensearch_dashboards_config"

# Set the value of this setting to true to enable plugin application config. By default it is disabled.
# application_config.enabled: false

# Set the value of this setting to true to enable plugin CSP handler. By default it is disabled.
# It requires the application config plugin as its dependency.
# csp_handler.enabled: false

# The default application to load.
#opensearchDashboards.defaultAppId: "home"

# Set the value to true to disable the welcome screen
#home.disableWelcomeScreen: false

# Set the value to true to disable the new theme introduction modal
#home.disableNewThemeModal: false

# Setting for an optimized healthcheck that only uses the local OpenSearch node to do Dashboards healthcheck.
# This settings should be used for large clusters or for clusters with ingest heavy nodes.
# It allows Dashboards to only healthcheck using the local OpenSearch node rather than fan out requests across all nodes.
#
# It requires the user to create an OpenSearch node attribute with the same name as the value used in the setting
# This node attribute should assign all nodes of the same cluster an integer value that increments with each new cluster that is spun up
# e.g. in opensearch.yml file you would set the value to a setting using node.attr.cluster_id:
# Should only be enabled if there is a corresponding node attribute created in your OpenSearch config that matches the value here
#opensearch.optimizedHealthcheck.id: "cluster_id"
#opensearch.optimizedHealthcheck.filters: {
# attribute_key: "attribute_value",
#}

# If your OpenSearch is protected with basic authentication, these settings provide
# the username and password that the OpenSearch Dashboards server uses to perform maintenance on the OpenSearch Dashboards
# index at startup. Your OpenSearch Dashboards users still need to authenticate with OpenSearch, which
# is proxied through the OpenSearch Dashboards server.
#opensearch.username: "opensearch_dashboards_system"
#opensearch.password: "pass"

# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the OpenSearch Dashboards server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files are used to verify the identity of OpenSearch Dashboards to OpenSearch and are required when
# xpack.security.http.ssl.client_authentication in OpenSearch is set to required.
#opensearch.ssl.certificate: /path/to/your/client.crt
#opensearch.ssl.key: /path/to/your/client.key

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your OpenSearch instance.
#opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#opensearch.ssl.verificationMode: full

# Allowed cipher suites list can be configured below, in preference order.
# Cipher suite names should be in OpenSSL format (http://www.openssl.org/docs/man1.1.1/man1/ciphers.html#CIPHER-SUITE-NAMES)
# Default set of cipher suites for your system can be checked by running the following command in your terminal:
# echo 'console.log(require("crypto").constants.defaultCoreCipherList.split(":"))' | node -
# Below you can find an example of cipher suites considered to be secure
# Keep in mind that older clients might not support them
# Refer to http://ciphersuite.info/ and http://ssl-config.mozilla.org/ for more details and recommendations about cipher suites
# Keep in mind that restricting cipher suites might disable older versions of TLS, as not all cipher suites are supported by them
#server.ssl.cipherSuites:
# - TLS_AES_256_GCM_SHA384
# - TLS_CHACHA20_POLY1305_SHA256
# - TLS_AES_128_GCM_SHA256
# - ECDHE-ECDSA-AES256-GCM-SHA384
# - ECDHE-ECDSA-CHACHA20-POLY1305
# - ECDHE-ECDSA-AES128-GCM-SHA256

# Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of
# the opensearch.requestTimeout setting.
#opensearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or OpenSearch. This value
# must be a positive integer.
#opensearch.requestTimeout: 30000

# Enables the memory circuit breaker that prevents heap out of memory errors for large query responses.
# If enabled, we will provide additional check to prevent potential out of memory error in @openserach-project/opensearch.
# The default threshold is based on the `max-old-space-size` of NodeJS. It is configurable by tuning `opensearch.memoryCircuitBreaker.maxPercentage`.
#opensearch.memoryCircuitBreaker.enabled: false

# The pecentage of maximum heap allowed for processing response. The default value of the pecentage is `1.0`. The valid input range should be [0, 1] inclusively.
# For reference, the `threshold of memoryCircuitBreaker` = `max-old-space-size of NodeJS` * `opensearch.memoryCircuitBreaker.maxPercentage`
#opensearch.memoryCircuitBreaker.maxPercentage: 1.0

# DEPRECATED: Use opensearch.requestHeadersAllowlist
# List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#opensearch.requestHeadersWhitelist: [ authorization ]

# List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#opensearch.requestHeadersAllowlist: [ authorization ]

# Header names and values that are sent to OpenSearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the opensearch.requestHeadersAllowlist configuration.
#opensearch.customHeaders: {}

# Time in milliseconds for OpenSearch to wait for responses from shards. Set to 0 to disable.
#opensearch.shardTimeout: 30000

# Logs queries sent to OpenSearch. Requires logging.verbose set to true.
#opensearch.logQueries: false

# Disables errors from the OpenSearch JS client and enables you to utilize protected words such as: 'boolean', 'proto', 'constructor'.
# within cluster. By default, OpenSearch Dashboards and the client will protect you against prototype poisoning attacks.
# WARNING: Index patterns are user-supplied data. Disabling this will place the expectation that you are handling the data safely.
#opensearch.disablePrototypePoisoningProtection: false

# Specifies the path where OpenSearch Dashboards creates the process ID file.
#pid.file: /var/run/opensearchDashboards.pid

# Enables you to specify a file where OpenSearch Dashboards stores log output.
#logging.dest: stdout

# This configuration option controls the handling of error messages in the logging stream. It is disabled by default.
# When set to true, the 'ENOSPC' error message will not cause the OpenSearch Dashboards process to crash. Otherwise,
# the original behavior will be maintained.
#logging.ignoreEnospcError: false

# Set the value of this setting to true to suppress all logging output.
#logging.silent: false

# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
#i18n.locale: "en"

# Set the allowlist to check input graphite Url. Allowlist is the default check list.
#vis_type_timeline.graphiteAllowedUrls: ['http://www.hostedgraphite.com/UID/ACCESS_KEY/graphite']

# Set the denylist to check input graphite Url. Denylist is an IP list.
# Below is an example for reference

# vis_type_timeline.graphiteBlockedIPs: [
# //Loopback
# '127.0.0.0/8',
# '::1/128',
# //Link-local Address for IPv6
# 'fe80::/10',
# //Private IP address for IPv4
# '10.0.0.0/8',
# '172.16.0.0/12',
# '192.168.0.0/16',
# //Unique local address (ULA)
# 'fc00::/7',
# //Reserved IP address
# '0.0.0.0/8',
# '100.64.0.0/10',
# '192.0.0.0/24',
# '192.0.2.0/24',
# '198.18.0.0/15',
# '192.88.99.0/24',
# '198.51.100.0/24',
# '203.0.113.0/24',
# '224.0.0.0/4',
# '240.0.0.0/4',
# '255.255.255.255/32',
# '::/128',
# '2001:db8::/32',
# 'ff00::/8',
# ]

# vis_type_timeline.graphiteDeniedIPs: []

# vis_type_timeline.graphiteDeniedIPs: [
# //Loopback
# '127.0.0.0/8',
# '::1/128',
# //Link-local Address for IPv6
# 'fe80::/10',
# //Private IP address for IPv4
# '10.0.0.0/8',
# '172.16.0.0/12',
# '192.168.0.0/16',
# //Unique local address (ULA)
# 'fc00::/7',
# //Reserved IP address
# '0.0.0.0/8',
# '100.64.0.0/10',
# '192.0.0.0/24',
# '192.0.2.0/24',
# '198.18.0.0/15',
# '192.88.99.0/24',
# '198.51.100.0/24',
# '203.0.113.0/24',
# '224.0.0.0/4',
# '240.0.0.0/4',
# '255.255.255.255/32',
# '::/128',
# '2001:db8::/32',
# 'ff00::/8',
# ]

# opensearchDashboards.branding:
# logo:
# defaultUrl: ""
# darkModeUrl: ""
# mark:
# defaultUrl: ""
# darkModeUrl: ""
# loadingLogo:
# defaultUrl: ""
# darkModeUrl: ""
# faviconUrl: ""
# applicationTitle: ""
# useExpandedHeader: false

# Set the value of this setting to true to capture region denied warnings and errors
# for your map rendering services.

# map.showRegionDeniedWarning: false

# Set the value of this setting to false to suppress search usage telemetry
# for reducing the load of OpenSearch cluster.
# data.search.usageTelemetry.enabled: false

# Set the value of this setting to false to disable VisBuilder
# functionality in Visualization.
# vis_builder.enabled: false

# Set the value of this setting to true to enable multiple data source feature.
#data_source.enabled: false
# Set the value of this setting to true to hide local cluster in data source feature.
#data_source.hideLocalCluster: false
# Set the value of these settings to customize crypto materials to encryption saved credentials
# in data sources.
#data_source.encryption.wrappingKeyName: 'changeme'
#data_source.encryption.wrappingKeyNamespace: 'changeme'
#data_source.encryption.wrappingKey: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

#data_source.endpointDeniedIPs: [
# '127.0.0.0/8',
# '::1/128',
# '169.254.0.0/16',
# 'fe80::/10',
# '10.0.0.0/8',
# '172.16.0.0/12',
# '192.168.0.0/16',
# 'fc00::/7',
# '0.0.0.0/8',
# '100.64.0.0/10',
# '192.0.0.0/24',
# '192.0.2.0/24',
# '198.18.0.0/15',
# '192.88.99.0/24',
# '198.51.100.0/24',
# '203.0.113.0/24',
# '224.0.0.0/4',
# '240.0.0.0/4',
# '255.255.255.255/32',
# '::/128',
# '2001:db8::/32',
# 'ff00::/8',
# ]

# Optional setting that enables you to specify a path to PEM files for the certificate
# authority for your connected datasources.
#data_source.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates for connected data sources, change this setting's value to 'none'.
# Possible values include full, certificate and none
#data_source.ssl.verificationMode: full

# Set enabled false to hide authentication method in OpenSearch Dashboards.
# If this setting is commented then all 3 options will be available in OpenSearch Dashboards.
# Default value will be considered to True.
#data_source.authTypes:
# NoAuthentication:
# enabled: true
# UsernamePassword:
# enabled: true
# AWSSigV4:
# enabled: true

# Set the value of this setting to false to hide the help menu link to the OpenSearch Dashboards user survey
# opensearchDashboards.survey.url: "http://survey.opensearch.org"

# @experimental Set the value of this setting to display navigation updates, including dev tool top right navigation
# opensearchDashboards.futureNavigation: false

# Set the value of this setting to true to enable plugin augmentation on Dashboard
# vis_augmenter.pluginAugmentationEnabled: true

# Set the value to true to enable permission control for saved objects
# Permission control depends on OpenSearch Dashboards has authentication enabled, set it to false when the security plugin is not installed,
# if the security plugin is not installed and this config is true, permission control takes no effect.
# savedObjects.permission.enabled: true

# Set the value to true to enable workspace feature
# Please note, workspace will not work with multi-tenancy. To enable workspace feature, you need to disable multi-tenancy first with `opensearch_security.multitenancy.enabled: false`
# workspace.enabled: false

# Optional settings to specify saved object types to be deleted during migration.
# This feature can help address compatibility issues that may arise during the migration of saved objects, such as types defined by legacy applications.
# Please note, using this feature carries a risk. Deleting saved objects during migration could potentially lead to unintended data loss. Use with caution.
# migrations.delete.enabled: false
# migrations.delete.types: []

# Set the value to true to enable Ui Metric Collectors in Usage Collector
# This publishes the Application Usage and UI Metrics into the saved object, which can be accessed by /api/stats?extended=true&legacy=true&exclude_usage=false
# usageCollection.uiMetric.enabled: false

# Set the value to true to enable enhancements for the data plugin
# data.enhancements.enabled: false

# Set the backend roles in groups or users, whoever has the backend roles or exactly match the user ids defined in this config will be regard as dashboard admin.
# Dashboard admin will have the access to all the workspaces(workspace.enabled: true) and objects inside OpenSearch Dashboards.
# opensearchDashboards.dashboardAdmin.groups: ["dashboard_admin"]
# opensearchDashboards.dashboardAdmin.users: ["dashboard_admin"]
opensearch.hosts: ["https://opensearch-node1:9200","https://opensearch-node2:9200"]

Check failure on line 359 in src/dashboards/config/opensearch_dashboards.yml

View workflow job for this annotation

GitHub Actions / yamllint

359:52 [commas] too few spaces after comma
server.host: 0.0.0.0
opensearch.ssl.verificationMode: none
opensearch.username: "admin"
opensearch.password: "my_%New%_passW0rd!@#"
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]

Check failure on line 364 in src/dashboards/config/opensearch_dashboards.yml

View workflow job for this annotation

GitHub Actions / yamllint

364:53 [commas] too few spaces after comma
opensearch_security.multitenancy.enabled: false
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
vis_type_vega.enableExternalUrls: true

0 comments on commit e1a0e0b

Please sign in to comment.