tested on debian12
create four nodes, here with DNC
dnc-new-resource.bash debian12 30 opensearch0 # coordonating node dnc-new-resource.bash debian12 31 opensearch1 # data1 dnc-new-resource.bash debian12 32 opensearch2 # data2 dnc-new-resource.bash debian12 33 opensearch3 # manager & dashboard dnc-new-resource.bash debian12 34 opensearch-client # fluent-bit dnc-newguest-debian.bash 30 opensearch0 dnc-newguest-debian.bash 31 opensearch1 dnc-newguest-debian.bash 32 opensearch2 dnc-newguest-debian.bash 33 opensearch3 dnc-newguest-debian.bash 34 opensearch-client
all nodes
this is not necessarilly required however may become handy for testing purposes
ssh-keygen -t ed25519 cd .ssh/ cat id_ed25519.pub vi authorized_keys vi /etc/hosts 10.1.0.30 opensearch0 10.1.0.31 opensearch1 10.1.0.32 opensearch2 10.1.0.33 opensearch3 10.1.0.34 opensearch-client ssh opensearch0 ssh opensearch1 ssh opensearch2 ssh opensearch3
node4
grab the latest release
wget https://artifacts.opensearch.org/releases/bundle/opensearch/2.11.0/opensearch-2.11.0-linux-x64.deb scp opensearch-2.11.0-linux-x64.deb opensearch1:~/ scp opensearch-2.11.0-linux-x64.deb opensearch2:~/ scp opensearch-2.11.0-linux-x64.deb opensearch3:~/
all nodes
dpkg -i opensearch-2.11.0-linux-x64.deb rm -f opensearch-2.11.0-linux-x64.deb systemctl daemon-reload
all nodes
mv -i /etc/opensearch/opensearch.yml /etc/opensearch/opensearch.yml.dist grep -vE '^#|^$' /etc/opensearch/opensearch.yml.dist > /etc/opensearch/opensearch.yml.clean grep -vE '^#|^$' /etc/opensearch/opensearch.yml.dist > /etc/opensearch/opensearch.yml chown opensearch:opensearch /etc/opensearch/opensearch.yml.clean chown opensearch:opensearch /etc/opensearch/opensearch.yml chmod 600 /etc/opensearch/opensearch.yml.clean chmod 600 /etc/opensearch/opensearch.yml vi /etc/opensearch/opensearch.yml
node0 (coordinator)
network.host: 0.0.0.0 cluster.name: opensearch-cluster node.name: opensearch-c1 node.roles: [] network.bind_host: [_local_, _site_] discovery.seed_hosts: ["opensearch1", "opensearch2", "opensearch3"] cluster.initial_cluster_manager_nodes: ["10.1.0.33"]
node1 (data1)
network.host: 0.0.0.0 cluster.name: opensearch-cluster node.name: opensearch-d1 node.roles: [ data, ingest ] network.bind_host: [_local_, _site_] discovery.seed_hosts: ["opensearch2", "opensearch3", "opensearch0"] cluster.initial_cluster_manager_nodes: ["10.1.0.33"]
node2 (data2)
network.host: 0.0.0.0 cluster.name: opensearch-cluster node.name: opensearch-d2 node.roles: [ data, ingest ] network.bind_host: [_local_, _site_] discovery.seed_hosts: ["opensearch1", "opensearch3", "opensearch0"] cluster.initial_cluster_manager_nodes: ["10.1.0.33"]
node3 (manager)
network.host: 0.0.0.0
cluster.name: opensearch-cluster
node.name: opensearch-cluster_manager
node.roles: [ cluster_manager ]
network.bind_host: [_local_, _site_]
discovery.seed_hosts: ["opensearch1", "opensearch2", "opensearch0"]
cluster.initial_cluster_manager_nodes: ["10.1.0.33"]
## additional tuning
_all nodes_
echo vm.max_map_count=262144 >> /etc/sysctl.conf
sysctl -p
echo OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m >> /etc/default/opensearch
#mv -i /etc/opensearch/jvm.options /etc/opensearch/jvm.options.dist
#vi /etc/opensearch/jvm.options
## ready to go
enable
systemctl status opensearch.service # not yet
systemctl enable opensearch.service
systemctl restart opensearch.service
systemctl status opensearch
netstat -lntup
nmap -p 9200,9300 opensearch1
nmap -p 9200,9300 opensearch2
nmap -p 9200,9300 opensearch3
nmap -p 9200,9300 opensearch0
## operations
tail -F /var/log/opensearch/opensearch-cluster.log
curl https://opensearch0:9200/_cat/nodes?v -k -u admin:PASSWORD
curl https://opensearch0:9200/_cat/plugins?v -k -u admin:PASSWORD
curl https://opensearch0:9200/ -k -u admin:PASSWORD
## user account
clean-up demo accounts and create initial admin user
cd /usr/share/opensearch/plugins/opensearch-security/tools/
# provide password you want to hash
OPENSEARCH_JAVA_HOME=/usr/share/opensearch/jdk ./hash.sh
PASSWORD gives e.g.
$2y$12$86oAYtY1eFIygI2oYv3n.eaqG57IdunD4L.o92LVya6eeTFO.GIHO
$2y$12$FXb.0ZogdcijTNurYZSNB.BCgUo3ri1ufQOju3cRpBlHdAlNC5/KC
cp -pi /etc/opensearch/opensearch-security/internal_users.yml /etc/opensearch/opensearch-security/internal_users.yml.dist
vi /etc/opensearch/opensearch-security/internal_users.yml
admin: hash: “$2y$12$86oAYtY1eFIygI2oYv3n.eaqG57IdunD4L.o92LVya6eeTFO.GIHO” reserved: true backend_roles: - “admin” description: “admin user” ```
apply
/usr/share/opensearch/plugins/opensearch-security/tools/securityadmin.sh \
-f /etc/opensearch/opensearch-security/internal_users.yml \
-cacert /etc/opensearch/root-ca.pem \
-cert /etc/opensearch/kirk.pem \
-key /etc/opensearch/kirk-key.pem
OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00000000c0000000, 1073741824, 0) fa>
==> ok disable TMEM…
vi /etc/modules #tmem reboot
[opensearch-cluster_manager] cluster-manager not discovered yet, this node has not previously joined a bootstrapped cluster, and [cluster.initial_cluster_manager_nodes] is empty on this node: have discovered [{opensearch-cluster_manager}{2mB8wMEnQaqJBc52MH2b1w}{HBTJ4ruqRkmXlYYbSMx4eA}{10.1.0.33}{10.1.0.33:9300}{m}{shard_indexing_pressure_enabled=true}]; discovery will continue using [10.1.0.31:9300, 10.1.0.32:9300, 10.1.0.30:9300] from hosts providers and [{opensearch-cluster_manager}{2mB8wMEnQaqJBc52MH2b1w}{HBTJ4ruqRkmXlYYbSMx4eA}{10.1.0.33}{10.1.0.33:9300}{m}{shard_indexing_pressure_enabled=true}] from last-known cluster state; node term 0, last-accepted version 0 in
term 0
==> fuck it, start from scratch (fortunately this is a PoC)
systemctl stop opensearch rm -rf /var/lib/opensearch/* systemctl start opensearch
systemctl stop opensearch apt purge opensearch rm -rf /var/log/opensearch rm -rf /var/lib/opensearch rm -rf /etc/opensearch/
https://opensearch.org/docs/latest/install-and-configure/install-opensearch/debian/
https://opensearch.org/docs/latest/tuning-your-cluster/index/
https://logz.io/learn/opensearch-guide/