add opensearch_dashboards.yml config for enable vega remote links

Signed-off-by: YANGDB <[email protected]>
YANG-DB · Jun 7, 2024 · e1a0e0b · e1a0e0b
1 parent 1826c89
commit e1a0e0b
Show file tree

Hide file tree

Showing 3 changed files with 373 additions and 3 deletions.
diff --git a/docker-compose-single-os_node.yml b/docker-compose-single-os_node.yml
@@ -800,11 +800,12 @@ services:
  - "5601"
  environment:
  OPENSEARCH_HOSTS: '["https://opensearch-node1:9200"]'
- vis_type_vega.enableExternalUrls: true
  depends_on:
  - opensearch-node1
  networks:
  - opensearch-otel-demo
+ volumes:
+ - ./src/dashboards/config/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
 
  # OpenSearch store - dashboard
  data-prepper:

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -832,13 +832,14 @@ services:
  expose:
  - "5601"
  environment:
- OPENSEARCH_HOSTS: '["https://opensearch-node1:9200","https://opensearch-node2:9200"]'
- vis_type_vega.enableExternalUrls: true
+ - 'OPENSEARCH_HOSTS=["https://opensearch-node1:9200","https://opensearch-node2:9200"]'
  depends_on:
  - opensearch-node1
  - opensearch-node2
  networks:
  - opensearch-otel-demo
+ volumes:
+ - ./src/dashboards/config/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
 
  # OpenSearch store - dashboard
  data-prepper:

diff --git a/src/dashboards/config/opensearch_dashboards.yml b/src/dashboards/config/opensearch_dashboards.yml
@@ -0,0 +1,368 @@
+# OpenSearch Dashboards is served by a back end server. This setting specifies the port to use.
+#server.port: 5601
+
+# Specifies the address to which the OpenSearch Dashboards server will bind. IP addresses and host names are both valid values.
+# The default is 'localhost', which usually means remote machines will not be able to connect.
+# To allow connections from remote users, set this parameter to a non-loopback address.
+#server.host: "localhost"
+
+# Enables you to specify a path to mount OpenSearch Dashboards at if you are running behind a proxy.
+# Use the `server.rewriteBasePath` setting to tell OpenSearch Dashboards if it should remove the basePath
+# from requests it receives, and to prevent a deprecation warning at startup.
+# This setting cannot end in a slash.
+#server.basePath: ""
+
+# Specifies whether OpenSearch Dashboards should rewrite requests that are prefixed with
+# `server.basePath` or require that they are rewritten by your reverse proxy.
+#server.rewriteBasePath: false
+
+# The maximum payload size in bytes for incoming server requests.
+#server.maxPayloadBytes: 1048576
+
+# The OpenSearch Dashboards server's name. This is used for display purposes.
+#server.name: "your-hostname"
+
+# The URLs of the OpenSearch instances to use for all your queries.
+#opensearch.hosts: ["http://localhost:9200"]
+
+# OpenSearch Dashboards uses an index in OpenSearch to store saved searches, visualizations and
+# dashboards. OpenSearch Dashboards creates a new index if the index doesn't already exist.
+#opensearchDashboards.index: ".opensearch_dashboards"
+
+# OpenSearch Dashboards uses an index in OpenSearch to store dynamic configurations.
+# This shall be a different index from opensearchDashboards.index.
+# opensearchDashboards.configIndex: ".opensearch_dashboards_config"
+
+# Set the value of this setting to true to enable plugin application config. By default it is disabled.
+# application_config.enabled: false
+
+# Set the value of this setting to true to enable plugin CSP handler. By default it is disabled.
+# It requires the application config plugin as its dependency.
+# csp_handler.enabled: false
+
+# The default application to load.
+#opensearchDashboards.defaultAppId: "home"
+
+# Set the value to true to disable the welcome screen
+#home.disableWelcomeScreen: false
+
+# Set the value to true to disable the new theme introduction modal
+#home.disableNewThemeModal: false
+
+# Setting for an optimized healthcheck that only uses the local OpenSearch node to do Dashboards healthcheck.
+# This settings should be used for large clusters or for clusters with ingest heavy nodes.
+# It allows Dashboards to only healthcheck using the local OpenSearch node rather than fan out requests across all nodes.
+#
+# It requires the user to create an OpenSearch node attribute with the same name as the value used in the setting
+# This node attribute should assign all nodes of the same cluster an integer value that increments with each new cluster that is spun up
+# e.g. in opensearch.yml file you would set the value to a setting using node.attr.cluster_id:
+# Should only be enabled if there is a corresponding node attribute created in your OpenSearch config that matches the value here
+#opensearch.optimizedHealthcheck.id: "cluster_id"
+#opensearch.optimizedHealthcheck.filters: {
+# attribute_key: "attribute_value",
+#}
+
+# If your OpenSearch is protected with basic authentication, these settings provide
+# the username and password that the OpenSearch Dashboards server uses to perform maintenance on the OpenSearch Dashboards
+# index at startup. Your OpenSearch Dashboards users still need to authenticate with OpenSearch, which
+# is proxied through the OpenSearch Dashboards server.
+#opensearch.username: "opensearch_dashboards_system"
+#opensearch.password: "pass"
+
+# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
+# These settings enable SSL for outgoing requests from the OpenSearch Dashboards server to the browser.
+#server.ssl.enabled: false
+#server.ssl.certificate: /path/to/your/server.crt
+#server.ssl.key: /path/to/your/server.key
+
+# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
+# These files are used to verify the identity of OpenSearch Dashboards to OpenSearch and are required when
+# xpack.security.http.ssl.client_authentication in OpenSearch is set to required.
+#opensearch.ssl.certificate: /path/to/your/client.crt
+#opensearch.ssl.key: /path/to/your/client.key
+
+# Optional setting that enables you to specify a path to the PEM file for the certificate
+# authority for your OpenSearch instance.
+#opensearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
+
+# To disregard the validity of SSL certificates, change this setting's value to 'none'.
+#opensearch.ssl.verificationMode: full
+
+# Allowed cipher suites list can be configured below, in preference order.
+# Cipher suite names should be in OpenSSL format (http://www.openssl.org/docs/man1.1.1/man1/ciphers.html#CIPHER-SUITE-NAMES)
+# Default set of cipher suites for your system can be checked by running the following command in your terminal:
+# echo 'console.log(require("crypto").constants.defaultCoreCipherList.split(":"))' | node -
+# Below you can find an example of cipher suites considered to be secure
+# Keep in mind that older clients might not support them
+# Refer to http://ciphersuite.info/ and http://ssl-config.mozilla.org/ for more details and recommendations about cipher suites
+# Keep in mind that restricting cipher suites might disable older versions of TLS, as not all cipher suites are supported by them
+#server.ssl.cipherSuites:
+# - TLS_AES_256_GCM_SHA384
+# - TLS_CHACHA20_POLY1305_SHA256
+# - TLS_AES_128_GCM_SHA256
+# - ECDHE-ECDSA-AES256-GCM-SHA384
+# - ECDHE-ECDSA-CHACHA20-POLY1305
+# - ECDHE-ECDSA-AES128-GCM-SHA256
+
+# Time in milliseconds to wait for OpenSearch to respond to pings. Defaults to the value of
+# the opensearch.requestTimeout setting.
+#opensearch.pingTimeout: 1500
+
+# Time in milliseconds to wait for responses from the back end or OpenSearch. This value
+# must be a positive integer.
+#opensearch.requestTimeout: 30000
+
+# Enables the memory circuit breaker that prevents heap out of memory errors for large query responses.
+# If enabled, we will provide additional check to prevent potential out of memory error in @openserach-project/opensearch.
+# The default threshold is based on the `max-old-space-size` of NodeJS. It is configurable by tuning `opensearch.memoryCircuitBreaker.maxPercentage`.
+#opensearch.memoryCircuitBreaker.enabled: false
+
+# The pecentage of maximum heap allowed for processing response. The default value of the pecentage is `1.0`. The valid input range should be [0, 1] inclusively.
+# For reference, the `threshold of memoryCircuitBreaker` = `max-old-space-size of NodeJS` * `opensearch.memoryCircuitBreaker.maxPercentage`
+#opensearch.memoryCircuitBreaker.maxPercentage: 1.0
+
+# DEPRECATED: Use opensearch.requestHeadersAllowlist
+# List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side
+# headers, set this value to [] (an empty list).
+#opensearch.requestHeadersWhitelist: [ authorization ]
+
+# List of OpenSearch Dashboards client-side headers to send to OpenSearch. To send *no* client-side
+# headers, set this value to [] (an empty list).
+#opensearch.requestHeadersAllowlist: [ authorization ]
+
+# Header names and values that are sent to OpenSearch. Any custom headers cannot be overwritten
+# by client-side headers, regardless of the opensearch.requestHeadersAllowlist configuration.
+#opensearch.customHeaders: {}
+
+# Time in milliseconds for OpenSearch to wait for responses from shards. Set to 0 to disable.
+#opensearch.shardTimeout: 30000
+
+# Logs queries sent to OpenSearch. Requires logging.verbose set to true.
+#opensearch.logQueries: false
+
+# Disables errors from the OpenSearch JS client and enables you to utilize protected words such as: 'boolean', 'proto', 'constructor'.
+# within cluster. By default, OpenSearch Dashboards and the client will protect you against prototype poisoning attacks.
+# WARNING: Index patterns are user-supplied data. Disabling this will place the expectation that you are handling the data safely.
+#opensearch.disablePrototypePoisoningProtection: false
+
+# Specifies the path where OpenSearch Dashboards creates the process ID file.
+#pid.file: /var/run/opensearchDashboards.pid
+
+# Enables you to specify a file where OpenSearch Dashboards stores log output.
+#logging.dest: stdout
+
+# This configuration option controls the handling of error messages in the logging stream. It is disabled by default.
+# When set to true, the 'ENOSPC' error message will not cause the OpenSearch Dashboards process to crash. Otherwise,
+# the original behavior will be maintained.
+#logging.ignoreEnospcError: false
+
+# Set the value of this setting to true to suppress all logging output.
+#logging.silent: false
+
+# Set the value of this setting to true to suppress all logging output other than error messages.
+#logging.quiet: false
+
+# Set the value of this setting to true to log all events, including system usage information
+# and all requests.
+#logging.verbose: false
+
+# Set the interval in milliseconds to sample system and process performance
+# metrics. Minimum is 100ms. Defaults to 5000.
+#ops.interval: 5000
+
+# Specifies locale to be used for all localizable strings, dates and number formats.
+# Supported languages are the following: English - en , by default , Chinese - zh-CN .
+#i18n.locale: "en"
+
+# Set the allowlist to check input graphite Url. Allowlist is the default check list.
+#vis_type_timeline.graphiteAllowedUrls: ['http://www.hostedgraphite.com/UID/ACCESS_KEY/graphite']
+
+# Set the denylist to check input graphite Url. Denylist is an IP list.
+# Below is an example for reference
+
+# vis_type_timeline.graphiteBlockedIPs: [
+# //Loopback
+# '127.0.0.0/8',
+# '::1/128',
+# //Link-local Address for IPv6
+# 'fe80::/10',
+# //Private IP address for IPv4
+# '10.0.0.0/8',
+# '172.16.0.0/12',
+# '192.168.0.0/16',
+# //Unique local address (ULA)
+# 'fc00::/7',
+# //Reserved IP address
+# '0.0.0.0/8',
+# '100.64.0.0/10',
+# '192.0.0.0/24',
+# '192.0.2.0/24',
+# '198.18.0.0/15',
+# '192.88.99.0/24',
+# '198.51.100.0/24',
+# '203.0.113.0/24',
+# '224.0.0.0/4',
+# '240.0.0.0/4',
+# '255.255.255.255/32',
+# '::/128',
+# '2001:db8::/32',
+# 'ff00::/8',
+# ]
+
+# vis_type_timeline.graphiteDeniedIPs: []
+
+# vis_type_timeline.graphiteDeniedIPs: [
+# //Loopback
+# '127.0.0.0/8',
+# '::1/128',
+# //Link-local Address for IPv6
+# 'fe80::/10',
+# //Private IP address for IPv4
+# '10.0.0.0/8',
+# '172.16.0.0/12',
+# '192.168.0.0/16',
+# //Unique local address (ULA)
+# 'fc00::/7',
+# //Reserved IP address
+# '0.0.0.0/8',
+# '100.64.0.0/10',
+# '192.0.0.0/24',
+# '192.0.2.0/24',
+# '198.18.0.0/15',
+# '192.88.99.0/24',
+# '198.51.100.0/24',
+# '203.0.113.0/24',
+# '224.0.0.0/4',
+# '240.0.0.0/4',
+# '255.255.255.255/32',
+# '::/128',
+# '2001:db8::/32',
+# 'ff00::/8',
+# ]
+
+# opensearchDashboards.branding:
+# logo:
+# defaultUrl: ""
+# darkModeUrl: ""
+# mark:
+# defaultUrl: ""
+# darkModeUrl: ""
+# loadingLogo:
+# defaultUrl: ""
+# darkModeUrl: ""
+# faviconUrl: ""
+# applicationTitle: ""
+# useExpandedHeader: false
+
+# Set the value of this setting to true to capture region denied warnings and errors
+# for your map rendering services.
+
+# map.showRegionDeniedWarning: false
+
+# Set the value of this setting to false to suppress search usage telemetry
+# for reducing the load of OpenSearch cluster.
+# data.search.usageTelemetry.enabled: false
+
+# Set the value of this setting to false to disable VisBuilder
+# functionality in Visualization.
+# vis_builder.enabled: false
+
+# Set the value of this setting to true to enable multiple data source feature.
+#data_source.enabled: false
+# Set the value of this setting to true to hide local cluster in data source feature.
+#data_source.hideLocalCluster: false
+# Set the value of these settings to customize crypto materials to encryption saved credentials
+# in data sources.
+#data_source.encryption.wrappingKeyName: 'changeme'
+#data_source.encryption.wrappingKeyNamespace: 'changeme'
+#data_source.encryption.wrappingKey: [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+
+#data_source.endpointDeniedIPs: [
+# '127.0.0.0/8',
+# '::1/128',
+# '169.254.0.0/16',
+# 'fe80::/10',
+# '10.0.0.0/8',
+# '172.16.0.0/12',
+# '192.168.0.0/16',
+# 'fc00::/7',
+# '0.0.0.0/8',
+# '100.64.0.0/10',
+# '192.0.0.0/24',
+# '192.0.2.0/24',
+# '198.18.0.0/15',
+# '192.88.99.0/24',
+# '198.51.100.0/24',
+# '203.0.113.0/24',
+# '224.0.0.0/4',
+# '240.0.0.0/4',
+# '255.255.255.255/32',
+# '::/128',
+# '2001:db8::/32',
+# 'ff00::/8',
+# ]
+
+# Optional setting that enables you to specify a path to PEM files for the certificate
+# authority for your connected datasources.
+#data_source.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
+
+# To disregard the validity of SSL certificates for connected data sources, change this setting's value to 'none'.
+# Possible values include full, certificate and none
+#data_source.ssl.verificationMode: full
+
+# Set enabled false to hide authentication method in OpenSearch Dashboards.
+# If this setting is commented then all 3 options will be available in OpenSearch Dashboards.
+# Default value will be considered to True.
+#data_source.authTypes:
+# NoAuthentication:
+# enabled: true
+# UsernamePassword:
+# enabled: true
+# AWSSigV4:
+# enabled: true
+
+# Set the value of this setting to false to hide the help menu link to the OpenSearch Dashboards user survey
+# opensearchDashboards.survey.url: "http://survey.opensearch.org"
+
+# @experimental Set the value of this setting to display navigation updates, including dev tool top right navigation
+# opensearchDashboards.futureNavigation: false
+
+# Set the value of this setting to true to enable plugin augmentation on Dashboard
+# vis_augmenter.pluginAugmentationEnabled: true
+
+# Set the value to true to enable permission control for saved objects
+# Permission control depends on OpenSearch Dashboards has authentication enabled, set it to false when the security plugin is not installed,
+# if the security plugin is not installed and this config is true, permission control takes no effect.
+# savedObjects.permission.enabled: true
+
+# Set the value to true to enable workspace feature
+# Please note, workspace will not work with multi-tenancy. To enable workspace feature, you need to disable multi-tenancy first with `opensearch_security.multitenancy.enabled: false`
+# workspace.enabled: false
+
+# Optional settings to specify saved object types to be deleted during migration.
+# This feature can help address compatibility issues that may arise during the migration of saved objects, such as types defined by legacy applications.
+# Please note, using this feature carries a risk. Deleting saved objects during migration could potentially lead to unintended data loss. Use with caution.
+# migrations.delete.enabled: false
+# migrations.delete.types: []
+
+# Set the value to true to enable Ui Metric Collectors in Usage Collector
+# This publishes the Application Usage and UI Metrics into the saved object, which can be accessed by /api/stats?extended=true&legacy=true&exclude_usage=false
+# usageCollection.uiMetric.enabled: false
+
+# Set the value to true to enable enhancements for the data plugin
+# data.enhancements.enabled: false
+
+# Set the backend roles in groups or users, whoever has the backend roles or exactly match the user ids defined in this config will be regard as dashboard admin.
+# Dashboard admin will have the access to all the workspaces(workspace.enabled: true) and objects inside OpenSearch Dashboards.
+# opensearchDashboards.dashboardAdmin.groups: ["dashboard_admin"]
+# opensearchDashboards.dashboardAdmin.users: ["dashboard_admin"]
+opensearch.hosts: ["https://opensearch-node1:9200","https://opensearch-node2:9200"]
+server.host: 0.0.0.0
+opensearch.ssl.verificationMode: none
+opensearch.username: "admin"
+opensearch.password: "my_%New%_passW0rd!@#"
+opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+vis_type_vega.enableExternalUrls: true