SPI Configuration

This document contains specifics for the a9s Search SPI.

General information about the a9s SPIs are described in the a9s SPI documentation.

Custom Parameter Configuration

The a9s Search SPI configures, handles, and validates custom parameters for all Service Instances.

The a9s Search SPI defines default values for certain custom parameters. Also, it defines whether a custom parameter can be set by the Application Developer.

The Platform Operator can overwrite those choices by changing the a9s Search SPI configuration. The Platform Operator has to configure the property opensearch-spi.service_instance.custom_param_config. The property value must be a hash. Every key in that hash stands for a custom parameter and the value for every key contains the configuration for that particular parameter. The configuration for a particular parameter is a hash consisting of the following optional keys: default_value and modifiable.

The key default_value specifies the default value for that parameter and modifiable specifies whether the Application Developer is allowed to set that custom parameter. For example:

opensearch-spi:
  service_instance:
    custom_param_config:
      tls-protocols:
        default_value: ['TLSv1.2', 'TLSv1.3']
        modifiable: true

Default Custom Parameter Configuration

The following table contains custom parameters that are configurable by the Platform Operator. The meaning of those custom parameters can be found below.

Name	Default value	Is modifiable
plugins	null	true
tls-ciphers	null	true
tls-protocols	null	true

plugins

The plugins parameter is an array in which the Platform Operator can list which plugins the Application Developer is able to install on their own. This list can include any and all plugins included in the bundled plugins of the vendored OpenSearch version used by a9s Search.

This parameter can also be used to enable the analysis-phonetic additional plugin.

By default, all but opensearch-security, repository-azure, and repository-s3 plugins are disabled by the underlying automation. As mentioned above, the list of enabled plugins can be extended by the Platform Operator as follows:

opensearch-spi:
  service_instance:
    custom_param_config:
      plugins:
        default_value: ['opensearch-alerting', 'query-insights']
        modifiable: true

The OpenSearch Bundled Plugins the can be included in the array are:

• opensearch-alerting
• opensearch-anomaly-detection
• opensearch-asynchronous-search
• opensearch-cross-cluster-replication
• opensearch-custom-codecs
• opensearch-flow-framework
• opensearch-geospatial
• opensearch-index-management
• opensearch-job-scheduler
• opensearch-knn
• opensearch-ltr
• opensearch-ml
• opensearch-neural-search
• opensearch-notifications
• opensearch-notifications-core
• opensearch-observability
• opensearch-performance-analyzer
• opensearch-reports-scheduler
• opensearch-security
• opensearch-security-analytics
• opensearch-skills
• opensearch-sql
• opensearch-system-templates
• query-insights

Caveats and Limitations of the plugins Parameter

• OpenSearch distinguishes between Bundled plugins and Additional plugins, with the former being included by default with the vendored OpenSearch, and the latter being plugins that can be installed separately.
• No other additional plugins aside from analysis-phonetic, repository-azure and repository-s3 can be enabled.
• By enabling any of the Bundled Plugins, the Platform Operator acknowledges it is under their discretion and responsibility, since only the ones enabled by default, and the listed additional plugins, have been tested against the underlying automation.

tls-protocols

The parameter tls-protocols maps to OpenSearch's configuration parameter plugins.security.ssl.http.enabled_protocols. For more information, see Limiting TLS Protocols Used by the Server.

Because it is insecure, the OpenSearch security plugin disables TLSv1 by default.

The value for tls-protocols must be an array with the values TLSv1.3 and/or TLSv1.2. Only Java format is supported.

tls-ciphers

The parameter tls-ciphers maps to OpenSearch's configuration parameter plugins.security.ssl.http.enabled_ciphers. For more information, see Configuring Cipher Suites.

The value for tls-ciphers must be an array of strings that list the cipher names. Only Java format is supported.

a9s Search SPI does no validation for the tls-ciphers value except that it must be an array of strings or null.

Example Configuration

The following is an example for the default custom parameter configuration.

The default value for the custom parameter tls-protocols is TLSv1.3. Additionally, the Application Developer should not be allowed to change it.

Then the configuration must look the following way:

opensearch-spi:
  service_instance:
    custom_param_config:
      tls-protocols:
        default_value: ['TLSv1.3']
        modifiable: false

Per Plan Configuration

Take a look at Service Plans documentation if you want to configure the custom parameters per plan.

Notes

Additional custom parameters will be made available over time. We do not make all available custom parameters the SPIs knows available to the Platform Operator from the beginning.

During the SPI startup, the configuration the Platform Operator made will be checked. When it's invalid, the SPI will not start up.