Skip to content

Commit

Permalink
update number of replicas of system indices to 1-20 and number of pri…
Browse files Browse the repository at this point in the history 
…mary shards for system indices to 1 (#1358) (#1360)

Signed-off-by: Subhobrata Dey <[email protected]>
  • Loading branch information
@opensearch-trigger-bot
opensearch-trigger-bot[bot] authored Oct 17, 2024
1 parent 43c70f3 commit 39519ad
Show file tree
Hide file tree
Showing 10 changed files with 81 additions and 14 deletions.
13 changes: 11 additions & 2 deletions .../java/org/opensearch/securityanalytics/indexmanagment/DetectorIndexManagementService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -558,8 +558,17 @@ private void rolloverIndex(
request.getCreateIndexRequest().index(pattern)
.mapping(map)
.settings(isCorrelation?
Settings.builder().put("index.hidden", true).put("index.correlation", true).build():
Settings.builder().put("index.hidden", true).build()
Settings.builder()
.put("index.hidden", true)
.put("index.correlation", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build():
Settings.builder()
.put("index.hidden", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build()
);
request.addMaxIndexDocsCondition(docsCondition);
request.addMaxIndexAgeCondition(ageCondition);
Expand Down
7 changes: 4 additions & 3 deletions src/main/java/org/opensearch/securityanalytics/logtype/LogTypeService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,10 +63,10 @@
import org.opensearch.securityanalytics.model.LogType;
import org.opensearch.securityanalytics.util.SecurityAnalyticsException;

import static org.opensearch.action.support.ActiveShardCount.ALL;
import static org.opensearch.securityanalytics.model.FieldMappingDoc.LOG_TYPES;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.DEFAULT_MAPPING_SCHEMA;

import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;

/**
*
Expand Down Expand Up @@ -459,7 +459,8 @@ public void ensureConfigIndexIsInitialized(ActionListener<Void> listener) {
isConfigIndexInitialized = false;
Settings indexSettings = Settings.builder()
.put("index.hidden", true)
.put("index.auto_expand_replicas", "0-all")
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();

CreateIndexRequest createIndexRequest = new CreateIndexRequest();
Expand Down
11 changes: 10 additions & 1 deletion src/main/java/org/opensearch/securityanalytics/services/STIX2IOCFeedStore.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import org.opensearch.action.support.GroupedActionListener;
import org.opensearch.action.support.WriteRequest;
import org.opensearch.client.Client;
import org.opensearch.cluster.metadata.IndexMetadata;
import org.opensearch.cluster.service.ClusterService;
import org.opensearch.common.settings.Settings;
import org.opensearch.common.util.io.Streams;
Expand Down Expand Up @@ -49,6 +50,9 @@
import java.util.Map;
import java.util.UUID;

import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;

public class STIX2IOCFeedStore implements FeedStore {
public static final String IOC_INDEX_NAME_BASE = ".opensearch-sap-iocs";
public static final String IOC_ALL_INDEX_PATTERN = IOC_INDEX_NAME_BASE + "-*";
Expand Down Expand Up @@ -234,7 +238,12 @@ private void initFeedIndex(String feedIndexName, ActionListener<CreateIndexRespo
if (!clusterService.state().routingTable().hasIndex(newActiveIndex)) {
var indexRequest = new CreateIndexRequest(feedIndexName)
.mapping(iocIndexMapping())
.settings(Settings.builder().put("index.hidden", true).build());
.settings(Settings.builder()
.put("index.hidden", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build()
);
client.admin().indices().create(indexRequest, ActionListener.wrap(
r -> {
log.info("Created system index {}", feedIndexName);
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/org/opensearch/securityanalytics/settings/SecurityAnalyticsSettings.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@
import java.util.List;
import java.util.concurrent.TimeUnit;

import static org.opensearch.index.IndexSettings.MAX_TERMS_COUNT_SETTING;

public class SecurityAnalyticsSettings {
public static final String CORRELATION_INDEX = "index.correlation";
public static final int minSystemIndexReplicas = 1;
public static final int maxSystemIndexReplicas = 20;

public static Setting<TimeValue> INDEX_TIMEOUT = Setting.positiveTimeSetting("plugins.security_analytics.index_timeout",
TimeValue.timeValueSeconds(60),
Expand Down
7 changes: 6 additions & 1 deletion .../java/org/opensearch/securityanalytics/threatIntel/iocscan/dao/BaseEntityCrudService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
import org.opensearch.action.support.GroupedActionListener;
import org.opensearch.action.support.WriteRequest;
import org.opensearch.client.Client;
import org.opensearch.cluster.metadata.IndexMetadata;
import org.opensearch.cluster.service.ClusterService;
import org.opensearch.common.settings.Settings;
import org.opensearch.common.xcontent.XContentFactory;
Expand All @@ -31,6 +32,8 @@
import java.util.ArrayList;
import java.util.List;

import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;
import static org.opensearch.securityanalytics.util.DetectorUtils.getEmptySearchResponse;

/**
Expand Down Expand Up @@ -247,7 +250,9 @@ public void createIndexIfNotExists(final ActionListener<Void> listener) {
public abstract String getEntityName();

protected Settings.Builder getIndexSettings() {
return Settings.builder().put("index.hidden", true);
return Settings.builder().put("index.hidden", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas);
}

public abstract String getEntityAliasName();
Expand Down
22 changes: 20 additions & 2 deletions src/main/java/org/opensearch/securityanalytics/util/CorrelationIndices.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.action.admin.indices.alias.Alias;
import org.opensearch.cluster.metadata.IndexMetadata;
import org.opensearch.core.action.ActionListener;
import org.opensearch.action.admin.indices.create.CreateIndexRequest;
import org.opensearch.action.admin.indices.create.CreateIndexResponse;
Expand All @@ -26,6 +27,9 @@
import java.nio.charset.Charset;
import java.util.Objects;

import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;

public class CorrelationIndices {

private static final Logger log = LogManager.getLogger(CorrelationIndices.class);
Expand Down Expand Up @@ -55,9 +59,15 @@ public static String correlationMappings() throws IOException {

public void initCorrelationIndex(ActionListener<CreateIndexResponse> actionListener) throws IOException {
if (!correlationIndexExists()) {
Settings indexSettings = Settings.builder()
.put("index.hidden", true)
.put("index.correlation", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();
CreateIndexRequest indexRequest = new CreateIndexRequest(CORRELATION_HISTORY_INDEX_PATTERN)
.mapping(correlationMappings())
.settings(Settings.builder().put("index.hidden", true).put("index.correlation", true).build());
.settings(indexSettings);
indexRequest.alias(new Alias(CORRELATION_HISTORY_WRITE_INDEX));
client.admin().indices().create(indexRequest, actionListener);
} else {
Expand All @@ -67,9 +77,15 @@ public void initCorrelationIndex(ActionListener<CreateIndexResponse> actionListe

public void initCorrelationMetadataIndex(ActionListener<CreateIndexResponse> actionListener) throws IOException {
if (!correlationMetadataIndexExists()) {
Settings indexSettings = Settings.builder()
.put("index.hidden", true)
.put("index.correlation", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();
CreateIndexRequest indexRequest = new CreateIndexRequest(CORRELATION_METADATA_INDEX)
.mapping(correlationMappings())
.settings(Settings.builder().put("index.hidden", true).put("index.correlation", true).build());
.settings(indexSettings);
client.admin().indices().create(indexRequest, actionListener);
} else {
actionListener.onResponse(new CreateIndexResponse(true, true, CORRELATION_METADATA_INDEX));
Expand Down Expand Up @@ -136,6 +152,8 @@ public static String correlationAlertIndexMappings() throws IOException {
public void initCorrelationAlertIndex(ActionListener<CreateIndexResponse> actionListener) throws IOException {
Settings correlationAlertSettings = Settings.builder()
.put("index.hidden", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();
CreateIndexRequest indexRequest = new CreateIndexRequest(CORRELATION_ALERT_INDEX)
.mapping(correlationAlertIndexMappings())
Expand Down
11 changes: 10 additions & 1 deletion src/main/java/org/opensearch/securityanalytics/util/CorrelationRuleIndices.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.cluster.metadata.IndexMetadata;
import org.opensearch.core.action.ActionListener;
import org.opensearch.action.admin.indices.create.CreateIndexRequest;
import org.opensearch.action.admin.indices.create.CreateIndexResponse;
Expand All @@ -23,6 +24,9 @@
import java.util.Objects;
import org.opensearch.securityanalytics.model.CorrelationRule;

import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;

public class CorrelationRuleIndices {
private static final Logger log = LogManager.getLogger(CorrelationRuleIndices.class);

Expand All @@ -45,9 +49,14 @@ public static String correlationRuleIndexMappings() throws IOException {

public void initCorrelationRuleIndex(ActionListener<CreateIndexResponse> actionListener) throws IOException {
if (!correlationRuleIndexExists()) {
Settings indexSettings = Settings.builder()
.put("index.hidden", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();
CreateIndexRequest indexRequest = new CreateIndexRequest(CorrelationRule.CORRELATION_RULE_INDEX).mapping(
correlationRuleIndexMappings()
).settings(Settings.builder().put("index.hidden", true).build());
).settings(indexSettings);
client.admin().indices().create(indexRequest, actionListener);
}
}
Expand Down
6 changes: 5 additions & 1 deletion src/main/java/org/opensearch/securityanalytics/util/CustomLogTypeIndices.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.Objects;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;

public class CustomLogTypeIndices {

Expand All @@ -42,9 +44,11 @@ public static String customLogTypeMappings() throws IOException {

public void initCustomLogTypeIndex(ActionListener<CreateIndexResponse> actionListener) throws IOException {
if (!customLogTypeIndexExists()) {
// Security Analytics log types index is small. 1 primary shard is enough
Settings indexSettings = Settings.builder()
.put("index.hidden", true)
.put("index.auto_expand_replicas", "0-all")
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();
CreateIndexRequest indexRequest = new CreateIndexRequest(LogTypeService.LOG_TYPE_INDEX)
.mapping(customLogTypeMappings())
Expand Down
10 changes: 9 additions & 1 deletion src/main/java/org/opensearch/securityanalytics/util/DetectorIndices.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@
import java.nio.charset.Charset;
import java.util.Objects;

import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;

public class DetectorIndices {

private static final Logger log = LogManager.getLogger(DetectorIndices.class);
Expand All @@ -45,9 +48,14 @@ public static String detectorMappings() throws IOException {

public void initDetectorIndex(ActionListener<CreateIndexResponse> actionListener) throws IOException {
if (!detectorIndexExists()) {
Settings indexSettings = Settings.builder()
.put("index.hidden", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();
CreateIndexRequest indexRequest = new CreateIndexRequest(Detector.DETECTORS_INDEX)
.mapping(detectorMappings())
.settings(Settings.builder().put("index.hidden", true).build());
.settings(indexSettings);
client.indices().create(indexRequest, actionListener);
}
}
Expand Down
4 changes: 4 additions & 0 deletions src/main/java/org/opensearch/securityanalytics/util/RuleIndices.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,8 @@
import java.util.stream.Stream;

import static org.opensearch.securityanalytics.model.Detector.NO_VERSION;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.maxSystemIndexReplicas;
import static org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings.minSystemIndexReplicas;

public class RuleIndices {

Expand Down Expand Up @@ -93,6 +95,8 @@ public void initRuleIndex(ActionListener<CreateIndexResponse> actionListener, bo
if (!ruleIndexExists(isPrepackaged)) {
Settings indexSettings = Settings.builder()
.put("index.hidden", true)
.put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1)
.put("index.auto_expand_replicas", minSystemIndexReplicas + "-" + maxSystemIndexReplicas)
.build();
CreateIndexRequest indexRequest = new CreateIndexRequest(getRuleIndex(isPrepackaged))
.mapping(ruleMappings())
Expand Down

0 comments on commit 39519ad

Please sign in to comment.