Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update number of replicas of system indices to 1-20 and number of primary shards for system indices to 1 #1358

Merged
merged 2 commits into from
Oct 17, 2024
Merged

update number of replicas of system indices to 1-20 and number of primary shards for system indices to 1 #1358

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
43b15da
update number of replicas of system indices to 0-20
sbcd90 Oct 16, 2024
9a8059c
fix imports
sbcd90 Oct 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 11 additions & 2 deletions .../java/org/opensearch/securityanalytics/indexmanagment/DetectorIndexManagementService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -558,8 +558,17 @@ private void rolloverIndex(
request.getCreateIndexRequest().index(pattern)
.mapping(map)
.settings(isCorrelation?
Settings.builder().put("index.hidden", true).put("index.correlation", true).build():
Settings.builder().put("index.hidden", true).build()
Settings.builder()
.put("index.hidden", true)
.put("index.correlation", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build():
Settings.builder()
.put("index.hidden", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build()
);
request.addMaxIndexDocsCondition(docsCondition);
request.addMaxIndexAgeCondition(ageCondition);
Expand Down
7 changes: 4 additions & 3 deletions src/main/java/org/opensearch/securityanalytics/logtype/LogTypeService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,10 +60,10 @@
import org.opensearch.securityanalytics.model.LogType;
import org.opensearch.securityanalytics.util.SecurityAnalyticsException;

import static org.opensearch.action.support.ActiveShardCount.ALL;
import static org.opensearch.securityanalytics.model.FieldMappingDoc.LOG_TYPES;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.DEFAULT_MAPPING_SCHEMA;

import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;

/**
*
Expand Down Expand Up @@ -456,7 +456,8 @@ public void ensureConfigIndexIsInitialized(ActionListener<Void> listener) {
isConfigIndexInitialized = false;
Settings indexSettings = Settings.builder()
.put("index.hidden", true)
.put("index.auto_expand_replicas", "0-all")
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();

CreateIndexRequest createIndexRequest = new CreateIndexRequest();
Expand Down
11 changes: 10 additions & 1 deletion src/main/java/org/opensearch/securityanalytics/services/STIX2IOCFeedStore.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import org.opensearch.action.support.GroupedActionListener;
import org.opensearch.action.support.WriteRequest;
import org.opensearch.client.Client;
import org.opensearch.cluster.metadata.IndexMetadata;
import org.opensearch.cluster.service.ClusterService;
import org.opensearch.common.settings.Settings;
import org.opensearch.common.util.io.Streams;
Expand Down Expand Up @@ -49,6 +50,9 @@
import java.util.Map;
import java.util.UUID;

import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;

public class STIX2IOCFeedStore implements FeedStore {
public static final String IOC_INDEX_NAME_BASE = ".opensearch-sap-iocs";
public static final String IOC_ALL_INDEX_PATTERN = IOC_INDEX_NAME_BASE + "-*";
Expand Down Expand Up @@ -234,7 +238,12 @@ private void initFeedIndex(String feedIndexName, ActionListener<CreateIndexRespo
if (!clusterService.state().routingTable().hasIndex(newActiveIndex)) {
var indexRequest = new CreateIndexRequest(feedIndexName)
.mapping(iocIndexMapping())
.settings(Settings.builder().put("index.hidden", true).build());
.settings(Settings.builder()
.put("index.hidden", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build()
);
client.admin().indices().create(indexRequest, ActionListener.wrap(
r -> {
log.info("Created system index {}", feedIndexName);
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/org/opensearch/securityanalytics/settings/SecurityAnalyticsSettings.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@
import java.util.List;
import java.util.concurrent.TimeUnit;

import static org.opensearch.index.IndexSettings.MAX_TERMS_COUNT_SETTING;

public class SecurityAnalyticsSettings {
public static final String CORRELATION_INDEX = "index.correlation";
public static final int minSystemIndexReplicas = 1;
public static final int maxSystemIndexReplicas = 20;

public static Setting<TimeValue> INDEX_TIMEOUT = Setting.positiveTimeSetting("plugins.security_analytics.index_timeout",
TimeValue.timeValueSeconds(60),
Expand Down
7 changes: 6 additions & 1 deletion .../java/org/opensearch/securityanalytics/threatIntel/iocscan/dao/BaseEntityCrudService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
import org.opensearch.action.support.GroupedActionListener;
import org.opensearch.action.support.WriteRequest;
import org.opensearch.client.Client;
import org.opensearch.cluster.metadata.IndexMetadata;
import org.opensearch.cluster.service.ClusterService;
import org.opensearch.common.settings.Settings;
import org.opensearch.common.xcontent.XContentFactory;
Expand All @@ -31,6 +32,8 @@
import java.util.ArrayList;
import java.util.List;

import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;
import static org.opensearch.securityanalytics.util.DetectorUtils.getEmptySearchResponse;

/**
Expand Down Expand Up @@ -247,7 +250,9 @@ public void createIndexIfNotExists(final ActionListener<Void> listener) {
public abstract String getEntityName();

protected Settings.Builder getIndexSettings() {
return Settings.builder().put("index.hidden", true);
return Settings.builder().put("index.hidden", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas);
}

public abstract String getEntityAliasName();
Expand Down
22 changes: 20 additions & 2 deletions src/main/java/org/opensearch/securityanalytics/util/CorrelationIndices.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.action.admin.indices.alias.Alias;
import org.opensearch.cluster.metadata.IndexMetadata;
import org.opensearch.core.action.ActionListener;
import org.opensearch.action.admin.indices.create.CreateIndexRequest;
import org.opensearch.action.admin.indices.create.CreateIndexResponse;
Expand All @@ -26,6 +27,9 @@
import java.nio.charset.Charset;
import java.util.Objects;

import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;

public class CorrelationIndices {

private static final Logger log = LogManager.getLogger(CorrelationIndices.class);
Expand Down Expand Up @@ -55,9 +59,15 @@ public static String correlationMappings() throws IOException {

public void initCorrelationIndex(ActionListener<CreateIndexResponse> actionListener) throws IOException {
if (!correlationIndexExists()) {
Settings indexSettings = Settings.builder()
.put("index.hidden", true)
.put("index.correlation", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();
CreateIndexRequest indexRequest = new CreateIndexRequest(CORRELATION_HISTORY_INDEX_PATTERN)
.mapping(correlationMappings())
.settings(Settings.builder().put("index.hidden", true).put("index.correlation", true).build());
.settings(indexSettings);
indexRequest.alias(new Alias(CORRELATION_HISTORY_WRITE_INDEX));
client.admin().indices().create(indexRequest, actionListener);
} else {
Expand All @@ -67,9 +77,15 @@ public void initCorrelationIndex(ActionListener<CreateIndexResponse> actionListe

public void initCorrelationMetadataIndex(ActionListener<CreateIndexResponse> actionListener) throws IOException {
if (!correlationMetadataIndexExists()) {
Settings indexSettings = Settings.builder()
.put("index.hidden", true)
.put("index.correlation", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();
CreateIndexRequest indexRequest = new CreateIndexRequest(CORRELATION_METADATA_INDEX)
.mapping(correlationMappings())
.settings(Settings.builder().put("index.hidden", true).put("index.correlation", true).build());
.settings(indexSettings);
client.admin().indices().create(indexRequest, actionListener);
} else {
actionListener.onResponse(new CreateIndexResponse(true, true, CORRELATION_METADATA_INDEX));
Expand Down Expand Up @@ -136,6 +152,8 @@ public static String correlationAlertIndexMappings() throws IOException {
public void initCorrelationAlertIndex(ActionListener<CreateIndexResponse> actionListener) throws IOException {
Settings correlationAlertSettings = Settings.builder()
.put("index.hidden", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();
CreateIndexRequest indexRequest = new CreateIndexRequest(CORRELATION_ALERT_INDEX)
.mapping(correlationAlertIndexMappings())
Expand Down
11 changes: 10 additions & 1 deletion src/main/java/org/opensearch/securityanalytics/util/CorrelationRuleIndices.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.cluster.metadata.IndexMetadata;
import org.opensearch.core.action.ActionListener;
import org.opensearch.action.admin.indices.create.CreateIndexRequest;
import org.opensearch.action.admin.indices.create.CreateIndexResponse;
Expand All @@ -23,6 +24,9 @@
import java.util.Objects;
import org.opensearch.securityanalytics.model.CorrelationRule;

import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;

public class CorrelationRuleIndices {
private static final Logger log = LogManager.getLogger(CorrelationRuleIndices.class);

Expand All @@ -45,9 +49,14 @@ public static String correlationRuleIndexMappings() throws IOException {

public void initCorrelationRuleIndex(ActionListener<CreateIndexResponse> actionListener) throws IOException {
if (!correlationRuleIndexExists()) {
Settings indexSettings = Settings.builder()
.put("index.hidden", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();
CreateIndexRequest indexRequest = new CreateIndexRequest(CorrelationRule.CORRELATION_RULE_INDEX).mapping(
correlationRuleIndexMappings()
).settings(Settings.builder().put("index.hidden", true).build());
).settings(indexSettings);
client.admin().indices().create(indexRequest, actionListener);
}
}
Expand Down
6 changes: 5 additions & 1 deletion src/main/java/org/opensearch/securityanalytics/util/CustomLogTypeIndices.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.Objects;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;

public class CustomLogTypeIndices {

Expand All @@ -42,9 +44,11 @@ public static String customLogTypeMappings() throws IOException {

public void initCustomLogTypeIndex(ActionListener<CreateIndexResponse> actionListener) throws IOException {
if (!customLogTypeIndexExists()) {
// Security Analytics log types index is small. 1 primary shard is enough
Settings indexSettings = Settings.builder()
.put("index.hidden", true)
.put("index.auto_expand_replicas", "0-all")
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();
CreateIndexRequest indexRequest = new CreateIndexRequest(LogTypeService.LOG_TYPE_INDEX)
.mapping(customLogTypeMappings())
Expand Down
10 changes: 9 additions & 1 deletion src/main/java/org/opensearch/securityanalytics/util/DetectorIndices.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@
import java.nio.charset.Charset;
import java.util.Objects;

import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;

public class DetectorIndices {

private static final Logger log = LogManager.getLogger(DetectorIndices.class);
Expand All @@ -45,9 +48,14 @@ public static String detectorMappings() throws IOException {

public void initDetectorIndex(ActionListener<CreateIndexResponse> actionListener) throws IOException {
if (!detectorIndexExists()) {
Settings indexSettings = Settings.builder()
.put("index.hidden", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();
CreateIndexRequest indexRequest = new CreateIndexRequest(Detector.DETECTORS_INDEX)
.mapping(detectorMappings())
.settings(Settings.builder().put("index.hidden", true).build());
.settings(indexSettings);
client.indices().create(indexRequest, actionListener);
}
}
Expand Down
4 changes: 4 additions & 0 deletions src/main/java/org/opensearch/securityanalytics/util/RuleIndices.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,8 @@
import java.util.stream.Stream;

import static org.opensearch.securityanalytics.model.Detector.NO_VERSION;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;

public class RuleIndices {

Expand Down Expand Up @@ -86,6 +88,8 @@ public void initRuleIndex(ActionListener<CreateIndexResponse> actionListener, bo
if (!ruleIndexExists(isPrepackaged)) {
Settings indexSettings = Settings.builder()
.put("index.hidden", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();
CreateIndexRequest indexRequest = new CreateIndexRequest(getRuleIndex(isPrepackaged))
.mapping(ruleMappings())
Expand Down
Loading