This page describes configuration using Puppet. For installations that do not use Puppet, such as installation on a clean CentOS or RHEL installation using YUM, this page is not applicable.
squirro.yaml file, located at
/etc/squirro.yaml is a configuration file for a Squirro server. See the section Puppet for how this file is used by Puppet and how to apply its changes. This page lists all the configuration options in this file.
Table of Contents
|squirro::storage::heap_size||Elasticsearch||Elasticsearch memory usage|
|squirro::storage::allow_es_api_access||Elasticsearch||Allow direct access to Elasticsearch|
|squirro::services::configuration::signup||Security||Disable user signup|
|os::ssh_trusted_ips||Security||IP restriction for SSH access|
|squirro::nginx::ssl_certificate||Security||Custom SSL certificate|
|squirro::nginx::ssl_key||Security||Custom SSL certificate|
For a few functions, such as sending out alert emails, Squirro needs to know the address where it is reachable by users. For that we recommend that the Squirro server is registered in the DNS system. Once you know the URL on which Squirro can be reached, it can be set with the following configuration:
Disable user signup
By default users can create their own account on a Squirro installation. That is only recommended initially, for setting up of the administration account. Afterwards, this should be disabled:
IP restriction for SSH access
SSH access to the server is not restricted initially. But especially when your Squirro installation is accessible from the Internet, SSH access should be limited to known IP addresses. This configuration option takes a list of IP addresses and IP network ranges, that are allowed SSH access.
Custom SSL certificate
Squirro comes with a self-signed SSL certificate that will cause your browser to display a security warning.
Provide your own SSL certificate using these parameters. The SSL certificate should match the server's public host name.
Elasticsearch memory usage
The memory usage of Elasticsearch is one of the deciding factors for Squirro cluster performance. If set too low, the performance and amount of documents that can be indexed is limited. If set too high, it will starve the server of RAM which affects stability and performance of all the other services.
The following table shows the recommended sizing:
|System RAM||Storage size setting|
Its important to never give Elasticsearch more than 31 GB of RAM, as otherwise it will slow down.
Allow direct access to Elasticsearch
Elasticsearch can be exposed for direct access on port 9200. Use this setting to enable that access:
Elasticsearch is then accessible on http://yourip:9200. The head plugin is a helpful debugging tool, which is accessible at http://yourip:9200/_plugin/head.
Enabling direct access to Elasticsearch is insecure and will bypass all ACL rules. This should only be done for debugging and within a trusted environment.
By default Squirro only write messages at the WARN level to its log files. So warnings and errors are reported, while generic debugging output is omitted.
The log level can be changed to increase the verbosity or decrease it even more.
Possible log levels are: