Add monitoring for OpenSearch

euiyounghwang · euiyounghwang · commit d7d56646420f · 2023-12-11T16:31:26.000-06:00
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -6,7 +6,9 @@ services:
   cerebro:
     image: lmenezes/cerebro:0.9.4
     ports:
-      - "9100:9000"
+      - "9009:9000"
+    volumes:
+      - ./monitoring/cerebro/application.conf://opt/cerebro/conf/application.conf
   
   # Single Cluster
   single_node:
diff --git a/monitoring/cerebro/application.conf b/monitoring/cerebro/application.conf
@@ -0,0 +1,87 @@
+# Secret will be used to sign session cookies, CSRF tokens and for other encryption utilities.
+# It is highly recommended to change this value before running cerebro in production.
+secret = "ki:s:[[@=Ag?QI`W2jMwkY:eqvrJ]JqoJyi2axj3ZvOv^/KavOT4ViJSv?6YY4[N"
+
+# Application base path
+basePath = "/"
+
+# Defaults to RUNNING_PID at the root directory of the app.
+# To avoid creating a PID file set this value to /dev/null
+#pidfile.path = "/var/run/cerebro.pid"
+pidfile.path=/dev/null
+
+# Rest request history max size per user
+rest.history.size = 50 // defaults to 50 if not specified
+
+# Path of local database file
+#data.path: "/var/lib/cerebro/cerebro.db"
+data.path = "./cerebro.db"
+
+play {
+  # Cerebro port, by default it's 9000 (play's default)
+  server.http.port = ${?CEREBRO_PORT}
+}
+
+es = {
+  gzip = true
+}
+
+# Authentication
+auth = {
+  # either basic or ldap
+  type: ${?AUTH_TYPE}
+  settings {
+    # LDAP
+    url = ${?LDAP_URL}
+    # OpenLDAP might be something like "ou=People,dc=domain,dc=com"
+    base-dn = ${?LDAP_BASE_DN}
+    # Usually method should  be "simple" otherwise, set it to the SASL mechanisms to try
+    method = ${?LDAP_METHOD}
+    # user-template executes a string.format() operation where
+    # username is passed in first, followed by base-dn. Some examples
+    #  - %s => leave user untouched
+    #  - %s@domain.com => append "@domain.com" to username
+    #  - uid=%s,%s => usual case of OpenLDAP
+    user-template = ${?LDAP_USER_TEMPLATE}
+    // User identifier that can perform searches
+    bind-dn = ${?LDAP_BIND_DN}
+    bind-pw = ${?LDAP_BIND_PWD}
+    group-search {
+      // If left unset parent's base-dn will be used
+      base-dn = ${?LDAP_GROUP_BASE_DN}
+      // Attribute that represent the user, for example uid or mail
+      user-attr = ${?LDAP_USER_ATTR}
+      // Define a separate template for user-attr
+      // If left unset parent's user-template will be used
+      user-attr-template = ${?LDAP_USER_ATTR_TEMPLATE}
+      // Filter that tests membership of the group. If this property is empty then there is no group membership check
+      // AD example => memberOf=CN=mygroup,ou=ouofthegroup,DC=domain,DC=com
+      // OpenLDAP example => CN=mygroup
+      group = ${?LDAP_GROUP}
+    }
+
+    # Basic auth
+    username = ${?BASIC_AUTH_USER}
+    password = ${?BASIC_AUTH_PWD}
+  }
+}
+
+# A list of known hosts
+hosts = [
+#   {
+#    host = "http://host.docker.internal:9250"
+#    name = "Opensearch cluster"
+#    headers-whitelist = [ "x-proxy-user", "x-proxy-roles", "X-Forwarded-For" ]
+#   }
+#   Example of host with authentication
+  {
+   host = "https://host.docker.internal:9250"
+   name = "Opensearch Cluster"
+   auth = {
+     username = "admin"
+     password = "admin"
+   }
+  }
+]
+# insecure option for OpenSearch
+play.ws.ssl.loose.acceptAnyCertificate = true
