iSharkFly-Docs
/
opensearch-docs-cn
mirror of https://github.com/iSharkFly-Docs/opensearch-docs-cn
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Generalizes versions in example responses and adds copy buttons (#3946) 

Signed-off-by: Fanit Kolchina <kolchfa@amazon.com>
Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com>
This commit is contained in:
kolchfa-aws 2023-05-04 15:20:38 -04:00 committed by GitHub
parent 22cfcf119b
commit 9b0b20228c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 368 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
_install-and-configure/install-opensearch/ansible.md
View File

@ -25,12 +25,14 @@ Make sure you have [Ansible](https://www.ansible.com/) and [Java 8](https://www.
```bash
git clone https://github.com/opensearch-project/ansible-playbook
```
{% include copy.html %}
2. Configure the node properties in the `inventories/opensearch/hosts` file:
```bash
ansible_host=<Public IP address> ansible_user=root ip=<Private IP address / 0.0.0.0>
```
{% include copy.html %}
where:
@ -43,6 +45,7 @@ Make sure you have [Ansible](https://www.ansible.com/) and [Java 8](https://www.
xms_value: 8
xmx_value: 8
```
{% include copy.html %}
Make sure you have direct SSH access into the root user of the target node.
{: .note }
@ -54,6 +57,7 @@ Make sure you have direct SSH access into the root user of the target node.
```bash
ansible-playbook -i inventories/opensearch/hosts opensearch.yml --extra-vars "admin_password=Test@123 kibanaserver_password=Test@6789"
```
{% include copy.html %}
You can set the passwords for reserved users (`admin` and `kibanaserver`) using the `admin_password` and `kibanaserver_password` variables.
@ -64,5 +68,6 @@ Make sure you have direct SSH access into the root user of the target node.
```bash
curl https://localhost:9200 -u 'admin:Test@123' --insecure
```
{% include copy.html %}
If you bind `ip` to 0.0.0.0, then replace `localhost` with the public IP or the private IP (if it's in the same network).

132
_install-and-configure/install-opensearch/debian.md
View File

@ -39,21 +39,28 @@ This guide assumes that you are comfortable working from the Linux command line
```bash
# x64
sudo dpkg -i opensearch-{{site.opensearch_version}}-linux-x64.deb
# arm64
sudo dpkg -i opensearch-{{site.opensearch_version}}-linux-arm64.deb
```
1. After the installation succeeds, enable OpenSearch as a service.
```bash
sudo systemctl enable opensearch
```
{% include copy.html %}
1. Start the OpenSearch service.
```bash
sudo systemctl start opensearch
```
{% include copy.html %}
1. Verify that OpenSearch launched correctly.
```bash
sudo systemctl status opensearch
```
{% include copy.html %}
### Fingerprint verification
@ -63,18 +70,25 @@ The Debian package is not signed. If you would like to verify the fingerprint, t
```bash
curl -SLO https://artifacts.opensearch.org/releases/bundle/opensearch/{{site.opensearch_version}}/opensearch-{{site.opensearch_version}}-linux-x64.deb
```
{% include copy.html %}
1. Download the corresponding signature file.
```bash
curl -SLO https://artifacts.opensearch.org/releases/bundle/opensearch/{{site.opensearch_version}}/opensearch-{{site.opensearch_version}}-linux-x64.deb.sig
```
{% include copy.html %}
1. Download and import the GPG key.
```bash
curl -o- https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import -
```
{% include copy.html %}
1. Verify the signature.
```bash
gpg --verify opensearch-{{site.opensearch_version}}-linux-x64.deb.sig opensearch-{{site.opensearch_version}}-linux-x64.deb
```
{% include copy.html %}
### Install OpenSearch from an APT repository
@ -84,44 +98,62 @@ APT, the primary package management tool for Debianbased operating systems, a
```bash
curl -o- https://artifacts.opensearch.org/publickeys/opensearch.pgp | sudo apt-key add -
```
{% include copy.html %}
1. Create an APT repository for OpenSearch:
```bash
echo "deb https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/opensearch-2.x.list
```
{% include copy.html %}
1. Verify that the repository was created successfully.
```bash
sudo apt-get update
```
{% include copy.html %}
1. With the repository information added, list all available versions of OpenSearch:
```bash
sudo apt list -a opensearch
```
{% include copy.html %}
1. Choose the version of OpenSearch you want to install:
- Unless otherwise indicated, the latest available version of OpenSearch is installed.
```bash
sudo apt-get install opensearch
```
{% include copy.html %}
- To install a specific version of OpenSearch:
```bash
# Specify the version manually using opensearch=<version>
sudo apt-get install opensearch={{site.opensearch_version}}
```
1. During installation, the installer will present you with the GPG key fingerprint. Verify that the information matches the following:
```bash
Fingerprint: c5b7 4989 65ef d1c2 924b a9d5 39d3 1987 9310 d3fc
```
{% include copy.html %}
1. Once complete, enable OpenSearch.
```bash
sudo systemctl enable opensearch
```
{% include copy.html %}
1. Start OpenSearch.
```bash
sudo systemctl start opensearch
```
{% include copy.html %}
1. Verify that OpenSearch launched correctly.
```bash
sudo systemctl status opensearch
```
{% include copy.html %}
## Step 2: (Optional) Test OpenSearch
@ -137,6 +169,8 @@ An OpenSearch node in its default configuration (with demo certificates and user
```bash
curl -X GET https://localhost:9200 -u 'admin:admin' --insecure
```
{% include copy.html %}
You should get a response that looks like this:
```bash
{
@ -145,12 +179,12 @@ An OpenSearch node in its default configuration (with demo certificates and user
"cluster_uuid":"QqgpHCbnSRKcPAizqjvoOw",
"version":{
"distribution":"opensearch",
"number":"2.5.0",
"build_type":"deb",
"build_hash":"b8a8b6c4d7fc7a7e32eb2cb68ecad8057a4636ad",
"build_date":"2023-01-18T23:48:43.426713304Z",
"number":<version>,
"build_type":<build-type>,
"build_hash":<build-hash>,
"build_date":<build-date>,
"build_snapshot":false,
"lucene_version":"9.4.2",
"lucene_version":<lucene-version>,
"minimum_wire_compatibility_version":"7.10.0",
"minimum_index_compatibility_version":"7.0.0"
},
@ -161,28 +195,29 @@ An OpenSearch node in its default configuration (with demo certificates and user
```bash
curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:admin' --insecure
```
{% include copy.html %}
The response should look like this:
```bash
name component version
hostname opensearch-alerting 2.5.0.0
hostname opensearch-anomaly-detection 2.5.0.0
hostname opensearch-asynchronous-search 2.5.0.0
hostname opensearch-cross-cluster-replication 2.5.0.0
hostname opensearch-geospatial 2.5.0.0
hostname opensearch-index-management 2.5.0.0
hostname opensearch-job-scheduler 2.5.0.0
hostname opensearch-knn 2.5.0.0
hostname opensearch-ml 2.5.0.0
hostname opensearch-neural-search 2.5.0.0
hostname opensearch-notifications 2.5.0.0
hostname opensearch-notifications-core 2.5.0.0
hostname opensearch-observability 2.5.0.0
hostname opensearch-performance-analyzer 2.5.0.0
hostname opensearch-reports-scheduler 2.5.0.0
hostname opensearch-security 2.5.0.0
hostname opensearch-security-analytics 2.5.0.0
hostname opensearch-sql 2.5.0.0
hostname opensearch-alerting {{site.opensearch_version}}
hostname opensearch-anomaly-detection {{site.opensearch_version}}
hostname opensearch-asynchronous-search {{site.opensearch_version}}
hostname opensearch-cross-cluster-replication {{site.opensearch_version}}
hostname opensearch-geospatial {{site.opensearch_version}}
hostname opensearch-index-management {{site.opensearch_version}}
hostname opensearch-job-scheduler {{site.opensearch_version}}
hostname opensearch-knn {{site.opensearch_version}}
hostname opensearch-ml {{site.opensearch_version}}
hostname opensearch-neural-search {{site.opensearch_version}}
hostname opensearch-notifications {{site.opensearch_version}}
hostname opensearch-notifications-core {{site.opensearch_version}}
hostname opensearch-observability {{site.opensearch_version}}
hostname opensearch-performance-analyzer {{site.opensearch_version}}
hostname opensearch-reports-scheduler {{site.opensearch_version}}
hostname opensearch-security {{site.opensearch_version}}
hostname opensearch-security-analytics {{site.opensearch_version}}
hostname opensearch-sql {{site.opensearch_version}}
```
## Step 3: Set up OpenSearch in your environment
@ -207,6 +242,8 @@ Before modifying any configuration files, it's always a good idea to save a back
```bash
sudo vi /etc/opensearch/opensearch.yml
```
{% include copy.html %}
1. Add the following lines:
```bash
# Bind OpenSearch to the correct network interface. Use 0.0.0.0
@ -223,18 +260,24 @@ Before modifying any configuration files, it's always a good idea to save a back
# be sure to re-enable it. Otherwise you can skip this setting.
plugins.security.disabled: false
```
{% include copy.html %}
1. Save your changes and close the file.
1. Specify initial and maximum JVM heap sizes.
1. Open `jvm.options`.
```bash
vi /etc/opensearch/jvm.options
```
{% include copy.html %}
1. Modify the values for initial and maximum heap sizes. As a starting point, you should set these values to half of the available system memory. For dedicated hosts this value can be increased based on your workflow requirements.
- As an example, if the host machine has 8 GB of memory, then you might want to set the initial and maximum heap sizes to 4 GB:
```bash
-Xms4g
-Xmx4g
```
{% include copy.html %}
1. Save your changes and close the file.
### Configure TLS
@ -245,10 +288,14 @@ TLS certificates provide additional security for your cluster by allowing client
```bash
cd /etc/opensearch
```
{% include copy.html %}
1. Delete the demo certificates.
```bash
sudo rm -f *pem
```
{% include copy.html %}
1. Generate a root certificate. This is what you will use to sign your other certificates.
```bash
# Create a private key for the root certificate
@ -280,7 +327,7 @@ TLS certificates provide additional security for your cluster by allowing client
# Convert the private key to PKCS#8.
sudo openssl pkcs8 -inform PEM -outform PEM -in node1-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node1-key.pem
# Create the CSR and replace the arguments passed to -subj so they reflect your specific host.
# The CN should match a DNS A record for the host-do not use the hostname.
sudo openssl req -new -key node1-key.pem -subj "/C=CA/ST=ONTARIO/L=TORONTO/O=ORG/OU=UNIT/CN=node1.dns.a-record" -out node1.csr
@ -288,7 +335,7 @@ TLS certificates provide additional security for your cluster by allowing client
# Create an extension file that defines a SAN DNS name for the host. This
# should match the DNS A record of the host.
sudo sh -c 'echo subjectAltName=DNS:node1.dns.a-record > node1.ext'
# Sign the node certificate with the root certificate and private key that you created earlier.
sudo openssl x509 -req -in node1.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node1.pem -days 730 -extfile node1.ext
```
@ -296,10 +343,14 @@ TLS certificates provide additional security for your cluster by allowing client
```bash
sudo rm -f *temp.pem *csr *ext
```
{% include copy.html %}
1. Make sure the remaining certificates are owned by the opensearch user.
```bash
sudo chown opensearch:opensearch admin-key.pem admin.pem node1-key.pem node1.pem root-ca-key.pem root-ca.pem root-ca.srl
```
{% include copy.html %}
1. Add these certificates to `opensearch.yml` as described in [Generate Certificates]({{site.url}}{{site.baseurl}}/security-plugin/configuration/generate-certificates/#add-distinguished-names-to-opensearchyml). Advanced users might also choose to append the settings using a script:
```bash
#! /bin/bash
@ -324,11 +375,13 @@ TLS certificates provide additional security for your cluster by allowing client
echo "plugins.security.check_snapshot_restore_write_privileges: true" | sudo tee -a /etc/opensearch/opensearch.yml
echo "plugins.security.restapi.roles_enabled: [\"all_access\", \"security_rest_api_access\"]" | sudo tee -a /etc/opensearch/opensearch.yml
```
{% include copy.html %}
1. (Optional) Add trust for the self-signed root certificate.
```bash
# Copy the root certificate to the correct directory
sudo cp /etc/opensearch/root-ca.pem /etc/pki/ca-trust/source/anchors/
# Add trust
sudo update-ca-trust
```
@ -341,6 +394,8 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth
```bash
cd /usr/share/opensearch/plugins/opensearch-security/tools
```
{% include copy.html %}
1. Run `hash.sh` to generate a new password.
- This script will fail if a path to the JDK has not been defined.
```bash
@ -354,15 +409,21 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth
WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use
./hash.sh: line 35: java: command not found
```
{% include copy.html %}
- Declare an environment variable when you invoke the script in order to avoid issues:
```bash
OPENSEARCH_JAVA_HOME=/usr/share/opensearch/jdk ./hash.sh
```
{% include copy.html %}
- Enter the desired password at the prompt and make a note of the output hash.
1. Open `internal_users.yml`.
```bash
sudo vi /etc/opensearch/opensearch-security/internal_users.yml
```
{% include copy.html %}
1. Remove all demo users except for `admin` and replace the hash with the output provided by `hash.sh` in a previous step. The file should look similar to the following example:
```bash
---
@ -382,6 +443,7 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth
- "admin"
description: "Admin user"
```
{% include copy.html %}
### Apply changes
@ -391,6 +453,8 @@ Now that TLS certificates are installed and demo users were removed or assigned
```bash
sudo systemctl restart opensearch
```
{% include copy.html %}
1. Open a separate terminal session with the host and navigate to the directory containing `securityadmin.sh`.
```bash
# Change to the correct directory
@ -401,6 +465,7 @@ Now that TLS certificates are installed and demo users were removed or assigned
# You can omit the environment variable if you declared this in your $PATH.
OPENSEARCH_JAVA_HOME=/usr/share/opensearch/jdk ./securityadmin.sh -cd /etc/opensearch/opensearch-security/ -cacert /etc/opensearch/root-ca.pem -cert /etc/opensearch/admin.pem -key /etc/opensearch/admin-key.pem -icl -nhnv
```
{% include copy.html %}
### Verify that the service is running
@ -419,12 +484,12 @@ $ curl https://your.host.address:9200 -u admin:yournewpassword -k
"cluster_uuid":"QqgpHCbnSRKcPAizqjvoOw",
"version":{
"distribution":"opensearch",
"number":"2.5.0",
"build_type":"deb",
"build_hash":"b8a8b6c4d7fc7a7e32eb2cb68ecad8057a4636ad",
"build_date":"2023-01-18T23:48:43.426713304Z",
"number":<version>,
"build_type":<build-type>,
"build_hash":<build-hash>,
"build_date":<build-date>,
"build_snapshot":false,
"lucene_version":"9.4.2",
"lucene_version":<lucene-version>,
"minimum_wire_compatibility_version":"7.10.0",
"minimum_index_compatibility_version":"7.0.0"
},
@ -442,8 +507,9 @@ Download the Debian package for the desired upgrade version directly from the [O
Navigate to the directory containing the distribution and run the following command:
```bash
sudo dpkg -i opensearch-2.5.0-linux-x64.deb
sudo dpkg -i opensearch-{{site.opensearch_version}}-linux-x64.deb
```
{% include copy.html %}
### APT-GET
@ -451,11 +517,13 @@ To upgrade to the latest version of OpenSearch using `apt-get`:
```bash
sudo apt-get upgrade opensearch
```
{% include copy.html %}
You can also upgrade to a specific OpenSearch version:
```bash
sudo apt-get upgrade opensearch=<version>
```
{% include copy.html %}
## Related links

27
_install-and-configure/install-opensearch/docker.md
View File

@ -83,6 +83,8 @@ Before continuing, you should verify that Docker is working correctly by deployi
```bash
curl https://localhost:9200 -ku 'admin:admin'
```
{% include copy.html %}
- You should get a response that looks like this:
```bash
{
@ -91,12 +93,12 @@ Before continuing, you should verify that Docker is working correctly by deployi
"cluster_uuid" : "GLAjAG6bTeWErFUy_d-CLw",
"version" : {
"distribution" : "opensearch",
"number" : "2.3.0",
"build_type" : "tar",
"build_hash" : "6f6e84ebc54af31a976f53af36a5c69d474a5140",
"build_date" : "2022-09-09T00:07:24.896263462Z",
"number" : <version>,
"build_type" : <build-type>,
"build_hash" : <build-hash>,
"build_date" : <build-date>,
"build_snapshot" : false,
"lucene_version" : "9.3.0",
"lucene_version" : <lucene-version>,
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
@ -113,6 +115,7 @@ Before continuing, you should verify that Docker is working correctly by deployi
```bash
docker stop <containerId>
```
{% include copy.html %}
Remember that `docker container ls` does not list stopped containers. If you would like to review stopped containers, use `docker container ls -a`. You can remove unneeded containers manually with `docker container rm <containerId_1> <containerId_2> <containerId_3> [...]` (pass all container IDs you wish to stop, separated by spaces), or if you want to remove all stopped containers, you can use the shorter command `docker prune`.
{: .tip}
@ -214,17 +217,20 @@ From the home directory of your host (containing `docker-compose.yml`), create a
```bash
docker-compose up -d
```
{% include copy.html %}
Verify that the service containers started correctly:
```bash
docker-compose ps
```
{% include copy.html %}
If a container failed to start, you can review the service logs:
```bash
# If you don't pass a service name, docker-compose will show you logs from all of the nodes
docker-compose logs <serviceName>
```
{% include copy.html %}
Verify access to OpenSearch Dashboards by connecting to http://localhost:5601 from a browser. The default username and password are `admin`. We do not recommend using this configuration on hosts that are accessible from the public internet until you have customized the security configuration of your deployment.
@ -235,6 +241,7 @@ Stop the running containers in your cluster:
```bash
docker-compose down
```
{% include copy.html %}
`docker-compose down` will stop the running containers, but it will not remove the Docker volumes that exist on the host. If you don't care about the contents of these volumes, use the `-v` option to delete all volumes, for example, `docker-compose down -v`.
{: .tip}
@ -251,6 +258,7 @@ docker run \
-v /path/to/custom-opensearch.yml:/usr/share/opensearch/config/opensearch.yml \
opensearchproject/opensearch:latest
```
{% include copy.html %}
By reviewing each part of the command, you can see that it:
- Maps ports `9200` and `9600` (`HOST_PORT`:`CONTAINER_PORT`).
@ -277,6 +285,7 @@ services:
volumes:
- ./custom-opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
```
{% include copy.html %}
### Sample Docker Compose file for development
@ -353,6 +362,7 @@ volumes:
networks:
opensearch-net:
```
{% include copy.html %}
### Configuring basic security settings
@ -367,6 +377,7 @@ volumes:
- ./node1.pem:/usr/share/opensearch/config/node1.pem
- ./node1-key.pem:/usr/share/opensearch/config/node1-key.pem
```
{% include copy.html %}
When you add TLS certificates to your OpenSearch nodes with Docker Compose volumes, you should also include a custom `opensearch.yml` file that defines those certificates. For example:
```yml
@ -378,6 +389,7 @@ volumes:
- ./node1-key.pem:/usr/share/opensearch/config/node1-key.pem
- ./custom-opensearch.yml:/usr/share/opensearch/config/opensearch.yml
```
{% include copy.html %}
Remember that the certificates you specify in your compose file must be the same as the certificates defined in your custom `opensearch.yml` file. You should replace the root, admin, and node certificates with your own. For more information see [Configure TLS certificates]({{site.url}}{{site.baseurl}}/security/configuration/tls).
```yml
@ -390,6 +402,7 @@ plugins.security.ssl.http.pemtrustedcas_filepath: root-ca.pem
plugins.security.authcz.admin_dn:
- CN=admin,OU=SSL,O=Test,L=Test,C=DE
```
{% include copy.html %}
After configuring security settings, your custom `opensearch.yml` file might look something like the following example, which adds TLS certificates and the distinguished name (DN) of the admin certificate, defines a few permissions, and enables verbose audit logging:
```yml
@ -414,6 +427,7 @@ cluster.routing.allocation.disk.threshold_enabled: false
opendistro_security.audit.config.disabled_rest_categories: NONE
opendistro_security.audit.config.disabled_transport_categories: NONE
```
{% include copy.html %}
For a full list of settings, see [Security]({{site.url}}{{site.baseurl}}/security/configuration/index/).
@ -423,6 +437,7 @@ After replacing the certificates and creating your own internal users, roles, ma
```bash
docker-compose up -d
```
{% include copy.html %}
### Working with plugins
@ -445,6 +460,7 @@ Alternatively, you might want to remove a plugin from an image before deploying
FROM opensearchproject/opensearch:latest
RUN /usr/share/opensearch/bin/opensearch-plugin remove opensearch-security
```
{% include copy.html %}
You can also use a Dockerfile to pass your own certificates for use with the [Security plugin]({{site.url}}{{site.baseurl}}/security/):
```
@ -454,6 +470,7 @@ COPY --chown=opensearch:opensearch my-key-file.pem /usr/share/opensearch/config/
COPY --chown=opensearch:opensearch my-certificate-chain.pem /usr/share/opensearch/config/
COPY --chown=opensearch:opensearch my-root-cas.pem /usr/share/opensearch/config/
```
{% include copy.html %}
## Related links

21
_install-and-configure/install-opensearch/helm.md
View File

@ -38,18 +38,21 @@ The default Helm chart deploys a three-node cluster. We recommend that you have
```bash
helm repo add opensearch https://opensearch-project.github.io/helm-charts/
```
{% include copy.html %}
1. Update the available charts locally from charts repositories:
```bash
helm repo update
```
{% include copy.html %}
1. To search for the OpenSearch-related Helm charts:
```bash
helm search repo opensearch
```
{% include copy.html %}
```bash
NAME CHART VERSION APP VERSION DESCRIPTION
@ -62,6 +65,7 @@ The default Helm chart deploys a three-node cluster. We recommend that you have
```bash
helm install my-deployment opensearch/opensearch
```
{% include copy.html %}
You can also build the `opensearch-1.0.0.tgz` file manually:
@ -70,24 +74,29 @@ You can also build the `opensearch-1.0.0.tgz` file manually:
```bash
cd charts/opensearch
```
{% include copy.html %}
1. Package the Helm chart:
```bash
helm package .
```
{% include copy.html %}
1. Deploy OpenSearch:
```bash
helm install --generate-name opensearch-1.0.0.tgz
```
{% include copy.html %}
The output shows you the specifications instantiated from the install.
To customize the deployment, pass in the values that you want to override with a custom YAML file:
```bash
helm install --values=customvalues.yaml opensearch-1.0.0.tgz
```
{% include copy.html %}
#### Sample output
@ -118,6 +127,7 @@ To access the OpenSearch shell:
```bash
$ kubectl exec -it opensearch-cluster-master-0 -- /bin/bash
```
{% include copy.html %}
You can send requests to the pod to verify that OpenSearch is up and running:
@ -129,12 +139,12 @@ $ curl -XGET https://localhost:9200 -u 'admin:admin' --insecure
"cluster_uuid" : "hP2gq5bPS3SLp8Z7wXm8YQ",
"version" : {
"distribution" : "opensearch",
"number" : "1.0.0",
"build_type" : "tar",
"build_hash" : "34550c5b17124ddc59458ef774f6b43a086522e3",
"build_date" : "2021-07-02T23:22:21.383695Z",
"number" : <version>,
"build_type" : <build-type>,
"build_hash" : <build-hash>,
"build_date" : <build-date>,
"build_snapshot" : false,
"lucene_version" : "8.8.2",
"lucene_version" : <lucene-version>,
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
@ -157,5 +167,6 @@ To delete or uninstall a deployment, run the following command:
```bash
helm delete opensearch-1-1629223146
```
{% include copy.html %}
For steps to install OpenSearch Dashboards, see [Helm to install OpenSearch Dashboards]({{site.url}}{{site.baseurl}}/dashboards/install/helm/).

107
_install-and-configure/install-opensearch/rpm.md
View File

@ -39,6 +39,8 @@ This guide assumes that you are comfortable working from the Linux command line
```bash
sudo rpm --import https://artifacts.opensearch.org/publickeys/opensearch.pgp
```
{% include copy.html %}
1. From the CLI, you can install the package with `rpm` or `yum`.
```bash
# Install the x64 package using yum.
@ -57,14 +59,19 @@ This guide assumes that you are comfortable working from the Linux command line
```bash
sudo systemctl enable opensearch
```
{% include copy.html %}
1. Start OpenSearch.
```bash
sudo systemctl start opensearch
```
{% include copy.html %}
1. Verify that OpenSearch launched correctly.
```bash
sudo systemctl status opensearch
```
{% include copy.html %}
### Install OpenSearch from a YUM repository
@ -74,40 +81,57 @@ YUM, the primary package management tool for Red Hatbased operating systems,
```bash
sudo curl -SL https://artifacts.opensearch.org/releases/bundle/opensearch/{{major_version_mask}}/opensearch-{{major_version_mask}}.repo -o /etc/yum.repos.d/opensearch-{{major_version_mask}}.repo
```
{% include copy.html %}
1. Clean your YUM cache to ensure a smooth installation:
```bash
sudo yum clean all
```
{% include copy.html %}
1. Verify that the repository was created successfully.
```bash
sudo yum repolist
```
{% include copy.html %}
1. With the repository file downloaded, list all available versions of OpenSearch:
```bash
sudo yum list opensearch --showduplicates
```
{% include copy.html %}
1. Choose the version of OpenSearch you want to install:
- Unless otherwise indicated, the latest available version of OpenSearch is installed.
```bash
sudo yum install opensearch
```
{% include copy.html %}
- To install a specific version of OpenSearch:
```bash
sudo yum install 'opensearch-{{site.opensearch_version}}'
```
{% include copy.html %}
1. During installation, the installer will present you with the GPG key fingerprint. Verify that the information matches the following:
```bash
Fingerprint: c5b7 4989 65ef d1c2 924b a9d5 39d3 1987 9310 d3fc
```
{% include copy.html %}
- If correct, enter `yes` or `y`. The OpenSearch installation continues.
1. Once complete, you can run OpenSearch.
```bash
sudo systemctl start opensearch
```
{% include copy.html %}
1. Verify that OpenSearch launched correctly.
```bash
sudo systemctl status opensearch
```
{% include copy.html %}
## Step 2: (Optional) Test OpenSearch
@ -123,6 +147,8 @@ An OpenSearch node in its default configuration (with demo certificates and user
```bash
curl -X GET https://localhost:9200 -u 'admin:admin' --insecure
```
{% include copy.html %}
You should get a response that looks like this:
```bash
{
@ -131,12 +157,12 @@ An OpenSearch node in its default configuration (with demo certificates and user
"cluster_uuid" : "6XNc9m2gTUSIoKDqJit0PA",
"version" : {
"distribution" : "opensearch",
"number" : "2.3.0",
"build_type" : "rpm",
"build_hash" : "6f6e84ebc54af31a976f53af36a5c69d474a5140",
"build_date" : "2022-09-09T00:07:32.109283578Z",
"number" : <version>,
"build_type" : <build-type>,
"build_hash" : <build-hash>,
"build_date" : <build-date>,
"build_snapshot" : false,
"lucene_version" : "9.3.0",
"lucene_version" : <lucene-version>,
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
@ -147,25 +173,26 @@ An OpenSearch node in its default configuration (with demo certificates and user
```bash
curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:admin' --insecure
```
{% include copy.html %}
The response should look like this:
```bash
name component version
hostname opensearch-alerting 2.1.0.0
hostname opensearch-anomaly-detection 2.1.0.0
hostname opensearch-asynchronous-search 2.1.0.0
hostname opensearch-cross-cluster-replication 2.1.0.0
hostname opensearch-index-management 2.1.0.0
hostname opensearch-job-scheduler 2.1.0.0
hostname opensearch-knn 2.1.0.0
hostname opensearch-ml 2.1.0.0
hostname opensearch-notifications 2.1.0.0
hostname opensearch-notifications-core 2.1.0.0
hostname opensearch-observability 2.1.0.0
hostname opensearch-performance-analyzer 2.1.0.0
hostname opensearch-reports-scheduler 2.1.0.0
hostname opensearch-security 2.1.0.0
hostname opensearch-sql 2.1.0.0
hostname opensearch-alerting {{site.opensearch_version}}
hostname opensearch-anomaly-detection {{site.opensearch_version}}
hostname opensearch-asynchronous-search {{site.opensearch_version}}
hostname opensearch-cross-cluster-replication {{site.opensearch_version}}
hostname opensearch-index-management {{site.opensearch_version}}
hostname opensearch-job-scheduler {{site.opensearch_version}}
hostname opensearch-knn {{site.opensearch_version}}
hostname opensearch-ml {{site.opensearch_version}}
hostname opensearch-notifications {{site.opensearch_version}}
hostname opensearch-notifications-core {{site.opensearch_version}}
hostname opensearch-observability {{site.opensearch_version}}
hostname opensearch-performance-analyzer {{site.opensearch_version}}
hostname opensearch-reports-scheduler {{site.opensearch_version}}
hostname opensearch-security {{site.opensearch_version}}
hostname opensearch-sql {{site.opensearch_version}}
```
## Step 3: Set up OpenSearch in your environment
@ -190,6 +217,8 @@ Before modifying any configuration files, it's always a good idea to save a back
```bash
sudo vi /etc/opensearch/opensearch.yml
```
{% include copy.html %}
1. Add the following lines:
```bash
# Bind OpenSearch to the correct network interface. Use 0.0.0.0
@ -206,18 +235,24 @@ Before modifying any configuration files, it's always a good idea to save a back
# be sure to re-enable it. Otherwise you can skip this setting.
plugins.security.disabled: false
```
{% include copy.html %}
1. Save your changes and close the file.
1. Specify initial and maximum JVM heap sizes.
1. Open `jvm.options`.
```bash
vi /etc/opensearch/jvm.options
```
{% include copy.html %}
1. Modify the values for initial and maximum heap sizes. As a starting point, you should set these values to half of the available system memory. For dedicated hosts this value can be increased based on your workflow requirements.
- As an example, if the host machine has 8 GB of memory, then you might want to set the initial and maximum heap sizes to 4 GB:
```bash
-Xms4g
-Xmx4g
```
{% include copy.html %}
1. Save your changes and close the file.
### Configure TLS
@ -228,10 +263,14 @@ TLS certificates provide additional security for your cluster by allowing client
```bash
cd /etc/opensearch
```
{% include copy.html %}
1. Delete the demo certificates.
```bash
sudo rm -f *pem
```
{% include copy.html %}
1. Generate a root certificate. This is what you will use to sign your other certificates.
```bash
# Create a private key for the root certificate
@ -279,10 +318,14 @@ TLS certificates provide additional security for your cluster by allowing client
```bash
sudo rm -f *temp.pem *csr *ext
```
{% include copy.html %}
1. Make sure the remaining certificates are owned by the opensearch user.
```bash
sudo chown opensearch:opensearch admin-key.pem admin.pem node1-key.pem node1.pem root-ca-key.pem root-ca.pem root-ca.srl
```
{% include copy.html %}
1. Add these certificates to `opensearch.yml` as described in [Generate Certificates]({{site.url}}{{site.baseurl}}/security/configuration/generate-certificates/#add-distinguished-names-to-opensearchyml). Advanced users might also choose to append the settings using a script:
```bash
#! /bin/bash
@ -307,6 +350,8 @@ TLS certificates provide additional security for your cluster by allowing client
echo "plugins.security.check_snapshot_restore_write_privileges: true" | sudo tee -a /etc/opensearch/opensearch.yml
echo "plugins.security.restapi.roles_enabled: [\"all_access\", \"security_rest_api_access\"]" | sudo tee -a /etc/opensearch/opensearch.yml
```
{% include copy.html %}
1. (Optional) Add trust for the self-signed root certificate.
```bash
# Copy the root certificate to the correct directory
@ -324,6 +369,8 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth
```bash
cd /usr/share/opensearch/plugins/opensearch-security/tools
```
{% include copy.html %}
1. Run `hash.sh` to generate a new password.
- This script will fail if a path to the JDK has not been defined.
```bash
@ -341,11 +388,15 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth
```bash
OPENSEARCH_JAVA_HOME=/usr/share/opensearch/jdk ./hash.sh
```
{% include copy.html %}
- Enter the desired password at the prompt and make a note of the output hash.
1. Open `internal_users.yml`.
```bash
sudo vi /etc/opensearch/opensearch-security/internal_users.yml
```
{% include copy.html %}
1. Remove all demo users except for `admin` and replace the hash with the output provided by `hash.sh` in a previous step. The file should look similar to the following example:
```bash
---
@ -365,6 +416,7 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth
- "admin"
description: "Admin user"
```
{% include copy.html %}
### Apply changes
@ -374,11 +426,13 @@ Now that TLS certificates are installed and demo users were removed or assigned
```bash
sudo systemctl restart opensearch
```
1. Open a separate terminal session with the host and navigate to the directory containing `securityadmin.sh`.
```bash
# Change to the correct directory
cd /usr/share/opensearch/plugins/opensearch-security/tools
```
1. Invoke the script. See [Apply changes using securityadmin.sh]({{site.url}}{{site.baseurl}}/security/configuration/security-admin/) for definitions of the arguments you must pass.
```bash
# You can omit the environment variable if you declared this in your $PATH.
@ -402,12 +456,12 @@ $ curl https://your.host.address:9200 -u admin:yournewpassword -k
"cluster_uuid" : "efC0ANNMQlGQ5TbhNflVPg",
"version" : {
"distribution" : "opensearch",
"number" : "2.1.0",
"build_type" : "tar",
"build_hash" : "388c80ad94529b1d9aad0a735c4740dce2932a32",
"build_date" : "2022-06-30T21:31:04.823801692Z",
"number" : <version>,
"build_type" : <build-type>,
"build_hash" : <build-hash>,
"build_date" : <build-date>,
"build_snapshot" : false,
"lucene_version" : "9.2.0",
"lucene_version" : <lucene-version>,
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
@ -428,6 +482,7 @@ Navigate to the directory containing the distribution and run the following comm
```bash
rpm -Uvh opensearch-{{site.opensearch_version}}-linux-x64.rpm
```
{% include copy.html %}
### YUM
@ -435,11 +490,13 @@ To upgrade to the latest version of OpenSearch using YUM:
```bash
sudo yum update
```
{% include copy.html %}
You can also upgrade to a specific OpenSearch version:
```bash
sudo yum update opensearch-<version-number>
```
{% include copy.html %}
## Related links

129
_install-and-configure/install-opensearch/tar.md
View File

@ -53,6 +53,8 @@ Before launching OpenSearch you should review some [important system settings]({
```bash
sudo swapoff -a
```
{% include copy.html %}
1. Increase the number of memory maps available to OpenSearch.
```bash
# Edit the sysctl config file
@ -90,15 +92,21 @@ An OpenSearch node configured by the demo security script is not suitable for a
```bash
cd /path/to/opensearch-{{site.opensearch_version}}
```
{% include copy.html %}
1. Run the demo security script.
```bash
./opensearch-tar-install.sh
```
{% include copy.html %}
1. Open another terminal session and send requests to the server to verify that OpenSearch is running. Note the use of the `--insecure` flag, which is required because the TLS certificates are self-signed.
- Send a request to port 9200:
```bash
curl -X GET https://localhost:9200 -u 'admin:admin' --insecure
```
{% include copy.html %}
You should get a response that looks like this:
```bash
{
@ -107,12 +115,12 @@ An OpenSearch node configured by the demo security script is not suitable for a
"cluster_uuid" : "6XNc9m2gTUSIoKDqJit0PA",
"version" : {
"distribution" : "opensearch",
"number" : "2.1.0",
"build_type" : "tar",
"build_hash" : "388c80ad94529b1d9aad0a735c4740dce2932a32",
"build_date" : "2022-06-30T21:31:04.823801692Z",
"number" : <version>,
"build_type" : <build-type>,
"build_hash" : <build-hash>,
"build_date" : <build-date>,
"build_snapshot" : false,
"lucene_version" : "9.2.0",
"lucene_version" : <lucene-version>,
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
@ -123,25 +131,26 @@ An OpenSearch node configured by the demo security script is not suitable for a
```bash
curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:admin' --insecure
```
{% include copy.html %}
The response should look like this:
```bash
name component version
hostname opensearch-alerting 2.1.0.0
hostname opensearch-anomaly-detection 2.1.0.0
hostname opensearch-asynchronous-search 2.1.0.0
hostname opensearch-cross-cluster-replication 2.1.0.0
hostname opensearch-index-management 2.1.0.0
hostname opensearch-job-scheduler 2.1.0.0
hostname opensearch-knn 2.1.0.0
hostname opensearch-ml 2.1.0.0
hostname opensearch-notifications 2.1.0.0
hostname opensearch-notifications-core 2.1.0.0
hostname opensearch-observability 2.1.0.0
hostname opensearch-performance-analyzer 2.1.0.0
hostname opensearch-reports-scheduler 2.1.0.0
hostname opensearch-security 2.1.0.0
hostname opensearch-sql 2.1.0.0
hostname opensearch-alerting {{site.opensearch_version}}
hostname opensearch-anomaly-detection {{site.opensearch_version}}
hostname opensearch-asynchronous-search {{site.opensearch_version}}
hostname opensearch-cross-cluster-replication {{site.opensearch_version}}
hostname opensearch-index-management {{site.opensearch_version}}
hostname opensearch-job-scheduler {{site.opensearch_version}}
hostname opensearch-knn {{site.opensearch_version}}
hostname opensearch-ml {{site.opensearch_version}}
hostname opensearch-notifications {{site.opensearch_version}}
hostname opensearch-notifications-core {{site.opensearch_version}}
hostname opensearch-observability {{site.opensearch_version}}
hostname opensearch-performance-analyzer {{site.opensearch_version}}
hostname opensearch-reports-scheduler {{site.opensearch_version}}
hostname opensearch-security {{site.opensearch_version}}
hostname opensearch-sql {{site.opensearch_version}}
```
1. Return to the original terminal session and stop the process by pressing `CTRL + C`.
@ -151,16 +160,22 @@ An OpenSearch node configured by the demo security script is not suitable for a
```bash
vi /path/to/opensearch-{{site.opensearch_version}}/config/opensearch.yml
```
{% include copy.html %}
1. Add the following line to disable the Security plugin:
```bash
plugins.security.disabled: true
```
{% include copy.html %}
1. Save the change and close the file.
1. Open another terminal session and send requests to the server to verify that OpenSearch is running. Because the Security plugin has been disabled, you will be sending commands using `HTTP` rather than `HTTPS`.
- Send a request to port 9200.
```bash
curl -X GET http://localhost:9200
```
{% include copy.html %}
You should get a response that looks like this:
```bash
{
@ -169,12 +184,12 @@ An OpenSearch node configured by the demo security script is not suitable for a
"cluster_uuid" : "6XNc9m2gTUSIoKDqJit0PA",
"version" : {
"distribution" : "opensearch",
"number" : "2.1.0",
"build_type" : "tar",
"build_hash" : "388c80ad94529b1d9aad0a735c4740dce2932a32",
"build_date" : "2022-06-30T21:31:04.823801692Z",
"number" : <version>,
"build_type" : <build-type>,
"build_hash" : <build-hash>,
"build_date" : <build-date>,
"build_snapshot" : false,
"lucene_version" : "9.2.0",
"lucene_version" : <lucene-version>,
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
@ -185,25 +200,26 @@ An OpenSearch node configured by the demo security script is not suitable for a
```bash
curl -X GET http://localhost:9200/_cat/plugins?v
```
{% include copy.html %}
The response should look like this:
```bash
name component version
hostname opensearch-alerting 2.1.0.0
hostname opensearch-anomaly-detection 2.1.0.0
hostname opensearch-asynchronous-search 2.1.0.0
hostname opensearch-cross-cluster-replication 2.1.0.0
hostname opensearch-index-management 2.1.0.0
hostname opensearch-job-scheduler 2.1.0.0
hostname opensearch-knn 2.1.0.0
hostname opensearch-ml 2.1.0.0
hostname opensearch-notifications 2.1.0.0
hostname opensearch-notifications-core 2.1.0.0
hostname opensearch-observability 2.1.0.0
hostname opensearch-performance-analyzer 2.1.0.0
hostname opensearch-reports-scheduler 2.1.0.0
hostname opensearch-security 2.1.0.0
hostname opensearch-sql 2.1.0.0
hostname opensearch-alerting {{site.opensearch_version}}
hostname opensearch-anomaly-detection {{site.opensearch_version}}
hostname opensearch-asynchronous-search {{site.opensearch_version}}
hostname opensearch-cross-cluster-replication {{site.opensearch_version}}
hostname opensearch-index-management {{site.opensearch_version}}
hostname opensearch-job-scheduler {{site.opensearch_version}}
hostname opensearch-knn {{site.opensearch_version}}
hostname opensearch-ml {{site.opensearch_version}}
hostname opensearch-notifications {{site.opensearch_version}}
hostname opensearch-notifications-core {{site.opensearch_version}}
hostname opensearch-observability {{site.opensearch_version}}
hostname opensearch-performance-analyzer {{site.opensearch_version}}
hostname opensearch-reports-scheduler {{site.opensearch_version}}
hostname opensearch-security {{site.opensearch_version}}
hostname opensearch-sql {{site.opensearch_version}}
```
## Step 4: Set up OpenSearch in your environment
@ -228,6 +244,8 @@ Before modifying any configuration files, it's always a good idea to save a back
```bash
vi /path/to/opensearch-{{site.opensearch_version}}/config/opensearch.yml
```
{% include copy.html %}
1. Add the following lines.
```bash
# Bind OpenSearch to the correct network interface. Use 0.0.0.0
@ -244,23 +262,30 @@ Before modifying any configuration files, it's always a good idea to save a back
# be sure to re-enable it. Otherwise you can skip this setting.
plugins.security.disabled: false
```
{% include copy.html %}
1. Save your changes and close the file.
1. Specify initial and maximum JVM heap sizes.
1. Open `jvm.options`.
```bash
vi /path/to/opensearch-{{site.opensearch_version}}/config/jvm.options
```
{% include copy.html %}
1. Modify the values for initial and maximum heap sizes. As a starting point, you should set these values to half of the available system memory. For dedicated hosts this value can be increased based on your workflow requirements.
- As an example, if the host machine has 8 GB of memory then you might want to set the initial and maximum heap sizes to 4 GB:
```bash
-Xms4g
-Xmx4g
```
{% include copy.html %}
1. Save your changes and close the file.
1. Specify the location of the included JDK.
```bash
export OPENSEARCH_JAVA_HOME=/path/to/opensearch-{{site.opensearch_version}}/jdk
```
{% include copy.html %}
### Configure TLS
@ -270,6 +295,8 @@ TLS certificates provide additional security for your cluster by allowing client
```bash
cd /path/to/opensearch-{{site.opensearch_version}}/config/
```
{% include copy.html %}
1. Generate a root certificate. This is what you will use to sign your other certificates.
```bash
# Create a private key for the root certificate
@ -317,6 +344,8 @@ TLS certificates provide additional security for your cluster by allowing client
```bash
rm *temp.pem *csr *ext
```
{% include copy.html %}
1. Add these certificates to `opensearch.yml` as described in [Generate Certificates]({{site.url}}{{site.baseurl}}/security/configuration/generate-certificates/#add-distinguished-names-to-opensearchyml). Advanced users might also choose to append the settings using a script:
```bash
#! /bin/bash
@ -342,6 +371,8 @@ TLS certificates provide additional security for your cluster by allowing client
echo "plugins.security.check_snapshot_restore_write_privileges: true" | sudo tee -a /path/to/opensearch-{{site.opensearch_version}}/config/opensearch.yml
echo "plugins.security.restapi.roles_enabled: [\"all_access\", \"security_rest_api_access\"]" | sudo tee -a /path/to/opensearch-{{site.opensearch_version}}/config/opensearch.yml
```
{% include copy.html %}
1. (Optional) Add trust for the self-signed root certificate.
```bash
# Copy the root certificate to the correct directory
@ -359,6 +390,8 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth
```bash
chmod 755 /path/to/opensearch-{{site.opensearch_version}}/plugins/opensearch-security/tools/*.sh
```
{% include copy.html %}
1. Run `hash.sh` to generate a new password.
- This script will fail if a path to the JDK has not been defined.
```bash
@ -372,15 +405,21 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth
WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use
./hash.sh: line 35: java: command not found
```
{% include copy.html %}
- Declare an environment variable when you invoke the script in order to avoid issues:
```bash
OPENSEARCH_JAVA_HOME=/path/to/opensearch-{{site.opensearch_version}}/jdk ./hash.sh
```
{% include copy.html %}
- Enter the desired password at the prompt and make a note of the output hash.
1. Open `internal_users.yml`.
```bash
vi /path/to/opensearch-{{site.opensearch_version}}/config/opensearch-security/internal_users.yml
```
{% include copy.html %}
1. Remove all demo users except for `admin` and replace the hash with the output provided by `hash.sh` in a previous step. The file should look similar to the following example:
```bash
---
@ -400,6 +439,7 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth
- "admin"
description: "Admin user"
```
{% include copy.html %}
### Apply changes
@ -466,21 +506,25 @@ The following configuration is only suitable for testing in a non-production env
```bash
sudo adduser --system --shell /bin/bash -U --no-create-home opensearch
```
{% include copy.html %}
1. Add your user to the `opensearch` user group.
```bash
sudo usermod -aG opensearch $USER
```
{% include copy.html %}
1. Change the file owner to `opensearch`. Make sure to change the path if your OpenSearch files are in a different directory.
```bash
sudo chown -R opensearch /opt/opensearch/
```
{% include copy.html %}
1. Create the service file and open it for editing.
```bash
sudo vi /etc/systemd/system/opensearch.service
```
{% include copy.html %}
1. Enter the following example service configuration. Make sure to change references to the path if your OpenSearch files are in a different directory.
```bash
@ -514,26 +558,31 @@ The following configuration is only suitable for testing in a non-production env
[Install]
WantedBy=multi-user.target
```
{% include copy.html %}
1. Reload `systemd` manager configuration.
```bash
sudo systemctl daemon-reload
```
{% include copy.html %}
1. Enable the OpenSearch service.
```bash
sudo systemctl enable opensearch.service
```
{% include copy.html %}
1. Start the OpenSearch service.
```bash
sudo systemctl start opensearch
```
{% include copy.html %}
1. Verify that the service is running.
```bash
sudo systemctl status opensearch
```
{% include copy.html %}
## Related links

93
_install-and-configure/install-opensearch/windows.md
View File

@ -63,16 +63,21 @@ An OpenSearch node in its default configuration (with demo certificates and user
```bat
cd \path\to\opensearch-{{site.opensearch_version}}
```
{% include copy.html %}
1. Run the batch script.
```bat
.\opensearch-windows-install.bat
```
{% include copy.html %}
1. Open a new command prompt and send requests to the server to verify that OpenSearch is running. Note the use of the `--insecure` flag, which is required because the TLS certificates are self-signed.
- Send a request to port 9200:
```bat
curl.exe -X GET https://localhost:9200 -u "admin:admin" --insecure
```
{% include copy.html %}
You should get a response that looks like this:
```bat
{
@ -81,12 +86,12 @@ An OpenSearch node in its default configuration (with demo certificates and user
"cluster_uuid" : "7Nqtr0LrQTOveFcBb7Kufw",
"version" : {
"distribution" : "opensearch",
"number" : "2.4.0",
"build_type" : "zip",
"build_hash" : "77ef9e304dd6ee95a600720a387a9735bbcf7bc9",
"build_date" : "2022-11-05T05:50:15.404072800Z",
"number" : <version>,
"build_type" : <build-type>,
"build_hash" : <build-hash>,
"build_date" : <build-date>,
"build_snapshot" : false,
"lucene_version" : "9.4.1",
"lucene_version" : <lucene-version>,
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
@ -97,26 +102,27 @@ An OpenSearch node in its default configuration (with demo certificates and user
```bat
curl.exe -X GET https://localhost:9200/_cat/plugins?v -u "admin:admin" --insecure
```
{% include copy.html %}
The response should look like this:
```bat
hostname opensearch-alerting 2.4.0.0
hostname opensearch-anomaly-detection 2.4.0.0
hostname opensearch-asynchronous-search 2.4.0.0
hostname opensearch-cross-cluster-replication 2.4.0.0
hostname opensearch-geospatial 2.4.0.0
hostname opensearch-index-management 2.4.0.0
hostname opensearch-job-scheduler 2.4.0.0
hostname opensearch-knn 2.4.0.0
hostname opensearch-ml 2.4.0.0
hostname opensearch-neural-search 2.4.0.0
hostname opensearch-notifications 2.4.0.0
hostname opensearch-notifications-core 2.4.0.0
hostname opensearch-observability 2.4.0.0
hostname opensearch-reports-scheduler 2.4.0.0
hostname opensearch-security 2.4.0.0
hostname opensearch-security-analytics 2.4.0.0
hostname opensearch-sql 2.4.0.0
hostname opensearch-alerting {{site.opensearch_version}}
hostname opensearch-anomaly-detection {{site.opensearch_version}}
hostname opensearch-asynchronous-search {{site.opensearch_version}}
hostname opensearch-cross-cluster-replication {{site.opensearch_version}}
hostname opensearch-geospatial {{site.opensearch_version}}
hostname opensearch-index-management {{site.opensearch_version}}
hostname opensearch-job-scheduler {{site.opensearch_version}}
hostname opensearch-knn {{site.opensearch_version}}
hostname opensearch-ml {{site.opensearch_version}}
hostname opensearch-neural-search {{site.opensearch_version}}
hostname opensearch-notifications {{site.opensearch_version}}
hostname opensearch-notifications-core {{site.opensearch_version}}
hostname opensearch-observability {{site.opensearch_version}}
hostname opensearch-reports-scheduler {{site.opensearch_version}}
hostname opensearch-security {{site.opensearch_version}}
hostname opensearch-security-analytics {{site.opensearch_version}}
hostname opensearch-sql {{site.opensearch_version}}
```
### Option 2: Test your OpenSearch settings with security disabled
@ -127,6 +133,8 @@ An OpenSearch node in its default configuration (with demo certificates and user
```yaml
plugins.security.disabled: true
```
{% include copy.html %}
1. Save the change and close the file.
1. Navigate to the top directory of your OpenSearch installation and open the `opensearch-{{site.opensearch_version}}` folder.
1. Run the default by double-clicking the `opensearch-windows-install.bat` file. This opens a command prompt with an OpenSearch instance running.
@ -135,6 +143,8 @@ An OpenSearch node in its default configuration (with demo certificates and user
```bat
curl.exe -X GET http://localhost:9200
```
{% include copy.html %}
You should get a response that looks like this:
```bat
{
@ -159,26 +169,27 @@ An OpenSearch node in its default configuration (with demo certificates and user
```bat
curl.exe -X GET http://localhost:9200/_cat/plugins?v
```
{% include copy.html %}
The response should look like this:
```bat
hostname opensearch-alerting 2.4.0.0
hostname opensearch-anomaly-detection 2.4.0.0
hostname opensearch-asynchronous-search 2.4.0.0
hostname opensearch-cross-cluster-replication 2.4.0.0
hostname opensearch-geospatial 2.4.0.0
hostname opensearch-index-management 2.4.0.0
hostname opensearch-job-scheduler 2.4.0.0
hostname opensearch-knn 2.4.0.0
hostname opensearch-ml 2.4.0.0
hostname opensearch-neural-search 2.4.0.0
hostname opensearch-notifications 2.4.0.0
hostname opensearch-notifications-core 2.4.0.0
hostname opensearch-observability 2.4.0.0
hostname opensearch-reports-scheduler 2.4.0.0
hostname opensearch-security 2.4.0.0
hostname opensearch-security-analytics 2.4.0.0
hostname opensearch-sql 2.4.0.0
hostname opensearch-alerting {{site.opensearch_version}}
hostname opensearch-anomaly-detection {{site.opensearch_version}}
hostname opensearch-asynchronous-search {{site.opensearch_version}}
hostname opensearch-cross-cluster-replication {{site.opensearch_version}}
hostname opensearch-geospatial {{site.opensearch_version}}
hostname opensearch-index-management {{site.opensearch_version}}
hostname opensearch-job-scheduler {{site.opensearch_version}}
hostname opensearch-knn {{site.opensearch_version}}
hostname opensearch-ml {{site.opensearch_version}}
hostname opensearch-neural-search {{site.opensearch_version}}
hostname opensearch-notifications {{site.opensearch_version}}
hostname opensearch-notifications-core {{site.opensearch_version}}
hostname opensearch-observability {{site.opensearch_version}}
hostname opensearch-reports-scheduler {{site.opensearch_version}}
hostname opensearch-security {{site.opensearch_version}}
hostname opensearch-security-analytics {{site.opensearch_version}}
hostname opensearch-sql {{site.opensearch_version}}
```
To stop OpenSearch, press `Ctrl+C` in Command Prompt or Powershell, or simply close the Command Prompt or Powershell window.
@ -218,6 +229,8 @@ Before modifying any configuration files, it's always a good idea to save a back
# be sure to re-enable it. Otherwise you can skip this setting.
plugins.security.disabled: false
```
{% include copy.html %}
1. Save your changes and close the file.
1. Specify initial and maximum JVM heap sizes.
1. Open the `opensearch-{{site.opensearch_version}}\config` folder.
@ -228,6 +241,8 @@ Before modifying any configuration files, it's always a good idea to save a back
-Xms4g
-Xmx4g
```
{% include copy.html %}
1. Save your changes and close the file.
1. Specify the location of the included JDK.
1. In the search box next to **Start** on the taskbar, enter `edit environment variables for your account` or `edit the system environment variables`. To edit the system environment variables, you need admin rights. User environment variables take precedence over system environment variables.