The squirro.yaml
file, located at /etc/squirro.yaml
is a configuration file for a Squirro server. See the section Configuration for how this file is used by Puppet and how to apply its changes.
This page lists all the configuration options in this file.
Table of Contents
Options
Option | Category | Description |
---|---|---|
squirro::storage::heap_size | Elasticsearch | Elasticsearch memory usage |
squirro::storage::allow_es_api_access | Elasticsearch | Allow direct access to Elasticsearch |
squirro::cluster::public_uri | General | Public hostname |
squirro::cluster::log_level | Monitoring | Log verbosity |
squirro::services::configuration::signup | Security | Disable user signup |
os::ssh_trusted_ips | Security | IP restriction for SSH access |
squirro::nginx::ssl_certificate | Security | Custom SSL certificate |
squirro::nginx::ssl_key | Security | Custom SSL certificate |
General
Public hostname
squirro::cluster::public_uri
For a few functions, such as sending out alert emails, Squirro needs to know the address where it is reachable by users. For that we recommend that the Squirro server is registered in the DNS system. Once you know the URL on which Squirro can be reached, it can be set with the following configuration:
squirro::cluster::public_uri: https://demo.squirro.net
Security
Disable user signup
squirro::services::configuration::signup
By default users can create their own account on a Squirro installation. That is only recommended initially, for setting up of the administration account. Afterwards, this should be disabled:
squirro::services::configuration::signup: false
IP restriction for SSH access
os::ssh_trusted_ips
SSH access to the server is not restricted initially. But especially when your Squirro installation is accessible from the Internet, SSH access should be limited to known IP addresses. This configuration option takes a list of IP addresses and IP network ranges, that are allowed SSH access.
os::ssh_trusted_ips: - 192.168.0.10 # Single IP - 192.168.0.0/24 # IP range
Custom SSL certificate
squirro::nginx::ssl_certificate
, squirro::nginx::ssl_key
Squirro comes with a self-signed SSL certificate that will cause your browser to display a security warning.
Provide your own SSL certificate using these parameters. The SSL certificate should match the server's public host name.
Elasticsearch
Elasticsearch memory usage
squirro::storage::heap_size
The memory usage of Elasticsearch is one of the deciding factors for Squirro cluster performance. If set too low, the performance and amount of documents that can be indexed is limited. If set too high, it will starve the server of RAM which affects stability and performance of all the other services.
The following table shows the recommended sizing:
System RAM | Storage size setting |
---|---|
4 GB | squirro::storage::heap_size: 1g |
8 GB | squirro::storage::heap_size: 2g |
16 GB | squirro::storage::heap_size: 6g |
32 GB | squirro::storage::heap_size: 16g |
64 GB+ | squirro::storage::heap_size: 31g |
Its important to never give Elasticsearch more than 31 GB of RAM, as otherwise it will slow down.
Allow direct access to Elasticsearch
squirro::storage::allow_es_api_access
Elasticsearch can be exposed for direct access on port 9200. Use this setting to enable that access:
squirro::storage::allow_es_api_access: true
Elasticsearch is then accessible on http://yourip:9200. The head plugin is a helpful debugging tool, which is accessible at http://yourip:9200/_plugin/head.
Enabling direct access to Elasticsearch is insecure and will bypass all ACL rules. This should only be done for debugging and within a trusted environment.
Monitoring
Log verbosity
squirro::cluster::log_level
By default Squirro only write messages at the WARN level to its log files. So warnings and errors are reported, while generic debugging output is omitted.
The log level can be changed to increase the verbosity or decrease it even more.
Possible log levels are:
- DEBUG
- INFO
- WARN
- ERROR
- CRITICAL
Example:
squirro::cluster::log_level: DEBUG