Page tree
Skip to end of metadata
Go to start of metadata

This page describes configuration using Puppet. For installations that do not use Puppet, such as installation on a clean CentOS or RHEL installation using YUM, this page is not applicable.


The squirro.yaml file, located at /etc/squirro.yaml is a configuration file for a Squirro server. See the section Puppet for how this file is used by Puppet and how to apply its changes. This page lists all the configuration options in this file.

Table of Contents

Options

OptionCategoryDescription
squirro::storage::heap_sizeElasticsearchElasticsearch memory usage
squirro::storage::allow_es_api_accessElasticsearchAllow direct access to Elasticsearch
squirro::cluster::public_uriGeneralPublic hostname
squirro::cluster::log_levelMonitoringLog verbosity
squirro::services::configuration::signupSecurityDisable user signup
os::ssh_trusted_ipsSecurityIP restriction for SSH access
squirro::nginx::ssl_certificateSecurityCustom SSL certificate
squirro::nginx::ssl_keySecurityCustom SSL certificate

General

Public hostname

squirro::cluster::public_uri

For a few functions, such as sending out alert emails, Squirro needs to know the address where it is reachable by users. For that we recommend that the Squirro server is registered in the DNS system. Once you know the URL on which Squirro can be reached, it can be set with the following configuration:

squirro::cluster::public_uri: https://demo.squirro.net 

Security

Disable user signup

squirro::services::configuration::signup

By default users can create their own account on a Squirro installation. That is only recommended initially, for setting up of the administration account. Afterwards, this should be disabled:

squirro::services::configuration::signup: false

IP restriction for SSH access

os::ssh_trusted_ips

SSH access to the server is not restricted initially. But especially when your Squirro installation is accessible from the Internet, SSH access should be limited to known IP addresses. This configuration option takes a list of IP addresses and IP network ranges, that are allowed SSH access.

os::ssh_trusted_ips:
    - 192.168.0.10   # Single IP
    - 192.168.0.0/24 # IP range

Custom SSL certificate

squirro::nginx::ssl_certificate, squirro::nginx::ssl_key

Squirro comes with a self-signed SSL certificate that will cause your browser to display a security warning.

Provide your own SSL certificate using these parameters. The SSL certificate should match the server's public host name.

Elasticsearch

Elasticsearch memory usage

squirro::storage::heap_size

The memory usage of Elasticsearch is one of the deciding factors for Squirro cluster performance. If set too low, the performance and amount of documents that can be indexed is limited. If set too high, it will starve the server of RAM which affects stability and performance of all the other services.

The following table shows the recommended sizing:

System RAMStorage size setting
4 GB
squirro::storage::heap_size: 1g
8 GB
squirro::storage::heap_size: 2g
16 GB
squirro::storage::heap_size: 6g
32 GB
squirro::storage::heap_size: 16g
64 GB+
squirro::storage::heap_size: 31g

Its important to never give Elasticsearch more than 31 GB of RAM, as otherwise it will slow down.

Allow direct access to Elasticsearch

squirro::storage::allow_es_api_access

Elasticsearch can be exposed for direct access on port 9200. Use this setting to enable that access:

squirro::storage::allow_es_api_access: true

Elasticsearch is then accessible on http://yourip:9200. The head plugin is a helpful debugging tool, which is accessible at http://yourip:9200/_plugin/head.

Enabling direct access to Elasticsearch is insecure and will bypass all ACL rules. This should only be done for debugging and within a trusted environment.

Monitoring

Log verbosity

squirro::cluster::log_level

By default Squirro only write messages at the WARN level to its log files. So warnings and errors are reported, while generic debugging output is omitted.

The log level can be changed to increase the verbosity or decrease it even more.

Possible log levels are:

  • DEBUG
  • INFO
  • WARN
  • ERROR
  • CRITICAL

Example:

squirro::cluster::log_level: DEBUG