diff --git a/_install-and-configure/install-opensearch/ansible.md b/_install-and-configure/install-opensearch/ansible.md index 97b68b60..2f74cec0 100644 --- a/_install-and-configure/install-opensearch/ansible.md +++ b/_install-and-configure/install-opensearch/ansible.md @@ -25,12 +25,14 @@ Make sure you have [Ansible](https://www.ansible.com/) and [Java 8](https://www. ```bash git clone https://github.com/opensearch-project/ansible-playbook ``` + {% include copy.html %} 2. Configure the node properties in the `inventories/opensearch/hosts` file: ```bash ansible_host= ansible_user=root ip= ``` + {% include copy.html %} where: @@ -43,6 +45,7 @@ Make sure you have [Ansible](https://www.ansible.com/) and [Java 8](https://www. xms_value: 8 xmx_value: 8 ``` + {% include copy.html %} Make sure you have direct SSH access into the root user of the target node. {: .note } @@ -54,6 +57,7 @@ Make sure you have direct SSH access into the root user of the target node. ```bash ansible-playbook -i inventories/opensearch/hosts opensearch.yml --extra-vars "admin_password=Test@123 kibanaserver_password=Test@6789" ``` + {% include copy.html %} You can set the passwords for reserved users (`admin` and `kibanaserver`) using the `admin_password` and `kibanaserver_password` variables. @@ -64,5 +68,6 @@ Make sure you have direct SSH access into the root user of the target node. ```bash curl https://localhost:9200 -u 'admin:Test@123' --insecure ``` + {% include copy.html %} If you bind `ip` to 0.0.0.0, then replace `localhost` with the public IP or the private IP (if it's in the same network). diff --git a/_install-and-configure/install-opensearch/debian.md b/_install-and-configure/install-opensearch/debian.md index 7e74d039..479eb07a 100644 --- a/_install-and-configure/install-opensearch/debian.md +++ b/_install-and-configure/install-opensearch/debian.md @@ -39,21 +39,28 @@ This guide assumes that you are comfortable working from the Linux command line ```bash # x64 sudo dpkg -i opensearch-{{site.opensearch_version}}-linux-x64.deb + # arm64 sudo dpkg -i opensearch-{{site.opensearch_version}}-linux-arm64.deb ``` + 1. After the installation succeeds, enable OpenSearch as a service. ```bash sudo systemctl enable opensearch ``` + {% include copy.html %} + 1. Start the OpenSearch service. ```bash sudo systemctl start opensearch ``` + {% include copy.html %} + 1. Verify that OpenSearch launched correctly. ```bash sudo systemctl status opensearch ``` + {% include copy.html %} ### Fingerprint verification @@ -63,18 +70,25 @@ The Debian package is not signed. If you would like to verify the fingerprint, t ```bash curl -SLO https://artifacts.opensearch.org/releases/bundle/opensearch/{{site.opensearch_version}}/opensearch-{{site.opensearch_version}}-linux-x64.deb ``` + {% include copy.html %} + 1. Download the corresponding signature file. ```bash curl -SLO https://artifacts.opensearch.org/releases/bundle/opensearch/{{site.opensearch_version}}/opensearch-{{site.opensearch_version}}-linux-x64.deb.sig ``` + {% include copy.html %} + 1. Download and import the GPG key. ```bash curl -o- https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --import - ``` + {% include copy.html %} + 1. Verify the signature. ```bash gpg --verify opensearch-{{site.opensearch_version}}-linux-x64.deb.sig opensearch-{{site.opensearch_version}}-linux-x64.deb ``` + {% include copy.html %} ### Install OpenSearch from an APT repository @@ -84,44 +98,62 @@ APT, the primary package management tool for Debian–based operating systems, a ```bash curl -o- https://artifacts.opensearch.org/publickeys/opensearch.pgp | sudo apt-key add - ``` + {% include copy.html %} + 1. Create an APT repository for OpenSearch: ```bash echo "deb https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/opensearch-2.x.list ``` + {% include copy.html %} + 1. Verify that the repository was created successfully. ```bash sudo apt-get update ``` + {% include copy.html %} + 1. With the repository information added, list all available versions of OpenSearch: ```bash sudo apt list -a opensearch ``` + {% include copy.html %} + 1. Choose the version of OpenSearch you want to install: - Unless otherwise indicated, the latest available version of OpenSearch is installed. ```bash sudo apt-get install opensearch ``` + {% include copy.html %} + - To install a specific version of OpenSearch: ```bash # Specify the version manually using opensearch= sudo apt-get install opensearch={{site.opensearch_version}} ``` + 1. During installation, the installer will present you with the GPG key fingerprint. Verify that the information matches the following: ```bash Fingerprint: c5b7 4989 65ef d1c2 924b a9d5 39d3 1987 9310 d3fc ``` + {% include copy.html %} + 1. Once complete, enable OpenSearch. ```bash sudo systemctl enable opensearch ``` + {% include copy.html %} + 1. Start OpenSearch. ```bash sudo systemctl start opensearch ``` + {% include copy.html %} + 1. Verify that OpenSearch launched correctly. ```bash sudo systemctl status opensearch ``` + {% include copy.html %} ## Step 2: (Optional) Test OpenSearch @@ -137,6 +169,8 @@ An OpenSearch node in its default configuration (with demo certificates and user ```bash curl -X GET https://localhost:9200 -u 'admin:admin' --insecure ``` + {% include copy.html %} + You should get a response that looks like this: ```bash { @@ -145,12 +179,12 @@ An OpenSearch node in its default configuration (with demo certificates and user "cluster_uuid":"QqgpHCbnSRKcPAizqjvoOw", "version":{ "distribution":"opensearch", - "number":"2.5.0", - "build_type":"deb", - "build_hash":"b8a8b6c4d7fc7a7e32eb2cb68ecad8057a4636ad", - "build_date":"2023-01-18T23:48:43.426713304Z", + "number":, + "build_type":, + "build_hash":, + "build_date":, "build_snapshot":false, - "lucene_version":"9.4.2", + "lucene_version":, "minimum_wire_compatibility_version":"7.10.0", "minimum_index_compatibility_version":"7.0.0" }, @@ -161,28 +195,29 @@ An OpenSearch node in its default configuration (with demo certificates and user ```bash curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:admin' --insecure ``` + {% include copy.html %} The response should look like this: ```bash name component version - hostname opensearch-alerting 2.5.0.0 - hostname opensearch-anomaly-detection 2.5.0.0 - hostname opensearch-asynchronous-search 2.5.0.0 - hostname opensearch-cross-cluster-replication 2.5.0.0 - hostname opensearch-geospatial 2.5.0.0 - hostname opensearch-index-management 2.5.0.0 - hostname opensearch-job-scheduler 2.5.0.0 - hostname opensearch-knn 2.5.0.0 - hostname opensearch-ml 2.5.0.0 - hostname opensearch-neural-search 2.5.0.0 - hostname opensearch-notifications 2.5.0.0 - hostname opensearch-notifications-core 2.5.0.0 - hostname opensearch-observability 2.5.0.0 - hostname opensearch-performance-analyzer 2.5.0.0 - hostname opensearch-reports-scheduler 2.5.0.0 - hostname opensearch-security 2.5.0.0 - hostname opensearch-security-analytics 2.5.0.0 - hostname opensearch-sql 2.5.0.0 + hostname opensearch-alerting {{site.opensearch_version}} + hostname opensearch-anomaly-detection {{site.opensearch_version}} + hostname opensearch-asynchronous-search {{site.opensearch_version}} + hostname opensearch-cross-cluster-replication {{site.opensearch_version}} + hostname opensearch-geospatial {{site.opensearch_version}} + hostname opensearch-index-management {{site.opensearch_version}} + hostname opensearch-job-scheduler {{site.opensearch_version}} + hostname opensearch-knn {{site.opensearch_version}} + hostname opensearch-ml {{site.opensearch_version}} + hostname opensearch-neural-search {{site.opensearch_version}} + hostname opensearch-notifications {{site.opensearch_version}} + hostname opensearch-notifications-core {{site.opensearch_version}} + hostname opensearch-observability {{site.opensearch_version}} + hostname opensearch-performance-analyzer {{site.opensearch_version}} + hostname opensearch-reports-scheduler {{site.opensearch_version}} + hostname opensearch-security {{site.opensearch_version}} + hostname opensearch-security-analytics {{site.opensearch_version}} + hostname opensearch-sql {{site.opensearch_version}} ``` ## Step 3: Set up OpenSearch in your environment @@ -207,6 +242,8 @@ Before modifying any configuration files, it's always a good idea to save a back ```bash sudo vi /etc/opensearch/opensearch.yml ``` + {% include copy.html %} + 1. Add the following lines: ```bash # Bind OpenSearch to the correct network interface. Use 0.0.0.0 @@ -223,18 +260,24 @@ Before modifying any configuration files, it's always a good idea to save a back # be sure to re-enable it. Otherwise you can skip this setting. plugins.security.disabled: false ``` + {% include copy.html %} + 1. Save your changes and close the file. 1. Specify initial and maximum JVM heap sizes. 1. Open `jvm.options`. ```bash vi /etc/opensearch/jvm.options ``` + {% include copy.html %} + 1. Modify the values for initial and maximum heap sizes. As a starting point, you should set these values to half of the available system memory. For dedicated hosts this value can be increased based on your workflow requirements. - As an example, if the host machine has 8 GB of memory, then you might want to set the initial and maximum heap sizes to 4 GB: ```bash -Xms4g -Xmx4g ``` + {% include copy.html %} + 1. Save your changes and close the file. ### Configure TLS @@ -245,10 +288,14 @@ TLS certificates provide additional security for your cluster by allowing client ```bash cd /etc/opensearch ``` + {% include copy.html %} + 1. Delete the demo certificates. ```bash sudo rm -f *pem ``` + {% include copy.html %} + 1. Generate a root certificate. This is what you will use to sign your other certificates. ```bash # Create a private key for the root certificate @@ -280,7 +327,7 @@ TLS certificates provide additional security for your cluster by allowing client # Convert the private key to PKCS#8. sudo openssl pkcs8 -inform PEM -outform PEM -in node1-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node1-key.pem - + # Create the CSR and replace the arguments passed to -subj so they reflect your specific host. # The CN should match a DNS A record for the host-do not use the hostname. sudo openssl req -new -key node1-key.pem -subj "/C=CA/ST=ONTARIO/L=TORONTO/O=ORG/OU=UNIT/CN=node1.dns.a-record" -out node1.csr @@ -288,7 +335,7 @@ TLS certificates provide additional security for your cluster by allowing client # Create an extension file that defines a SAN DNS name for the host. This # should match the DNS A record of the host. sudo sh -c 'echo subjectAltName=DNS:node1.dns.a-record > node1.ext' - + # Sign the node certificate with the root certificate and private key that you created earlier. sudo openssl x509 -req -in node1.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node1.pem -days 730 -extfile node1.ext ``` @@ -296,10 +343,14 @@ TLS certificates provide additional security for your cluster by allowing client ```bash sudo rm -f *temp.pem *csr *ext ``` + {% include copy.html %} + 1. Make sure the remaining certificates are owned by the opensearch user. ```bash sudo chown opensearch:opensearch admin-key.pem admin.pem node1-key.pem node1.pem root-ca-key.pem root-ca.pem root-ca.srl ``` + {% include copy.html %} + 1. Add these certificates to `opensearch.yml` as described in [Generate Certificates]({{site.url}}{{site.baseurl}}/security-plugin/configuration/generate-certificates/#add-distinguished-names-to-opensearchyml). Advanced users might also choose to append the settings using a script: ```bash #! /bin/bash @@ -324,11 +375,13 @@ TLS certificates provide additional security for your cluster by allowing client echo "plugins.security.check_snapshot_restore_write_privileges: true" | sudo tee -a /etc/opensearch/opensearch.yml echo "plugins.security.restapi.roles_enabled: [\"all_access\", \"security_rest_api_access\"]" | sudo tee -a /etc/opensearch/opensearch.yml ``` + {% include copy.html %} + 1. (Optional) Add trust for the self-signed root certificate. ```bash # Copy the root certificate to the correct directory sudo cp /etc/opensearch/root-ca.pem /etc/pki/ca-trust/source/anchors/ - + # Add trust sudo update-ca-trust ``` @@ -341,6 +394,8 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth ```bash cd /usr/share/opensearch/plugins/opensearch-security/tools ``` + {% include copy.html %} + 1. Run `hash.sh` to generate a new password. - This script will fail if a path to the JDK has not been defined. ```bash @@ -354,15 +409,21 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use ./hash.sh: line 35: java: command not found ``` + {% include copy.html %} + - Declare an environment variable when you invoke the script in order to avoid issues: ```bash OPENSEARCH_JAVA_HOME=/usr/share/opensearch/jdk ./hash.sh ``` + {% include copy.html %} + - Enter the desired password at the prompt and make a note of the output hash. 1. Open `internal_users.yml`. ```bash sudo vi /etc/opensearch/opensearch-security/internal_users.yml ``` + {% include copy.html %} + 1. Remove all demo users except for `admin` and replace the hash with the output provided by `hash.sh` in a previous step. The file should look similar to the following example: ```bash --- @@ -382,6 +443,7 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth - "admin" description: "Admin user" ``` + {% include copy.html %} ### Apply changes @@ -391,6 +453,8 @@ Now that TLS certificates are installed and demo users were removed or assigned ```bash sudo systemctl restart opensearch ``` + {% include copy.html %} + 1. Open a separate terminal session with the host and navigate to the directory containing `securityadmin.sh`. ```bash # Change to the correct directory @@ -401,6 +465,7 @@ Now that TLS certificates are installed and demo users were removed or assigned # You can omit the environment variable if you declared this in your $PATH. OPENSEARCH_JAVA_HOME=/usr/share/opensearch/jdk ./securityadmin.sh -cd /etc/opensearch/opensearch-security/ -cacert /etc/opensearch/root-ca.pem -cert /etc/opensearch/admin.pem -key /etc/opensearch/admin-key.pem -icl -nhnv ``` + {% include copy.html %} ### Verify that the service is running @@ -419,12 +484,12 @@ $ curl https://your.host.address:9200 -u admin:yournewpassword -k "cluster_uuid":"QqgpHCbnSRKcPAizqjvoOw", "version":{ "distribution":"opensearch", - "number":"2.5.0", - "build_type":"deb", - "build_hash":"b8a8b6c4d7fc7a7e32eb2cb68ecad8057a4636ad", - "build_date":"2023-01-18T23:48:43.426713304Z", + "number":, + "build_type":, + "build_hash":, + "build_date":, "build_snapshot":false, - "lucene_version":"9.4.2", + "lucene_version":, "minimum_wire_compatibility_version":"7.10.0", "minimum_index_compatibility_version":"7.0.0" }, @@ -442,8 +507,9 @@ Download the Debian package for the desired upgrade version directly from the [O Navigate to the directory containing the distribution and run the following command: ```bash -sudo dpkg -i opensearch-2.5.0-linux-x64.deb +sudo dpkg -i opensearch-{{site.opensearch_version}}-linux-x64.deb ``` +{% include copy.html %} ### APT-GET @@ -451,11 +517,13 @@ To upgrade to the latest version of OpenSearch using `apt-get`: ```bash sudo apt-get upgrade opensearch ``` +{% include copy.html %} You can also upgrade to a specific OpenSearch version: ```bash sudo apt-get upgrade opensearch= ``` +{% include copy.html %} ## Related links diff --git a/_install-and-configure/install-opensearch/docker.md b/_install-and-configure/install-opensearch/docker.md index 16a27c61..fd651a9d 100644 --- a/_install-and-configure/install-opensearch/docker.md +++ b/_install-and-configure/install-opensearch/docker.md @@ -83,6 +83,8 @@ Before continuing, you should verify that Docker is working correctly by deployi ```bash curl https://localhost:9200 -ku 'admin:admin' ``` + {% include copy.html %} + - You should get a response that looks like this: ```bash { @@ -91,12 +93,12 @@ Before continuing, you should verify that Docker is working correctly by deployi "cluster_uuid" : "GLAjAG6bTeWErFUy_d-CLw", "version" : { "distribution" : "opensearch", - "number" : "2.3.0", - "build_type" : "tar", - "build_hash" : "6f6e84ebc54af31a976f53af36a5c69d474a5140", - "build_date" : "2022-09-09T00:07:24.896263462Z", + "number" : , + "build_type" : , + "build_hash" : , + "build_date" : , "build_snapshot" : false, - "lucene_version" : "9.3.0", + "lucene_version" : , "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, @@ -113,6 +115,7 @@ Before continuing, you should verify that Docker is working correctly by deployi ```bash docker stop ``` + {% include copy.html %} Remember that `docker container ls` does not list stopped containers. If you would like to review stopped containers, use `docker container ls -a`. You can remove unneeded containers manually with `docker container rm [...]` (pass all container IDs you wish to stop, separated by spaces), or if you want to remove all stopped containers, you can use the shorter command `docker prune`. {: .tip} @@ -214,17 +217,20 @@ From the home directory of your host (containing `docker-compose.yml`), create a ```bash docker-compose up -d ``` +{% include copy.html %} Verify that the service containers started correctly: ```bash docker-compose ps ``` +{% include copy.html %} If a container failed to start, you can review the service logs: ```bash # If you don't pass a service name, docker-compose will show you logs from all of the nodes docker-compose logs ``` +{% include copy.html %} Verify access to OpenSearch Dashboards by connecting to http://localhost:5601 from a browser. The default username and password are `admin`. We do not recommend using this configuration on hosts that are accessible from the public internet until you have customized the security configuration of your deployment. @@ -235,6 +241,7 @@ Stop the running containers in your cluster: ```bash docker-compose down ``` +{% include copy.html %} `docker-compose down` will stop the running containers, but it will not remove the Docker volumes that exist on the host. If you don't care about the contents of these volumes, use the `-v` option to delete all volumes, for example, `docker-compose down -v`. {: .tip} @@ -251,6 +258,7 @@ docker run \ -v /path/to/custom-opensearch.yml:/usr/share/opensearch/config/opensearch.yml \ opensearchproject/opensearch:latest ``` +{% include copy.html %} By reviewing each part of the command, you can see that it: - Maps ports `9200` and `9600` (`HOST_PORT`:`CONTAINER_PORT`). @@ -277,6 +285,7 @@ services: volumes: - ./custom-opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml ``` +{% include copy.html %} ### Sample Docker Compose file for development @@ -353,6 +362,7 @@ volumes: networks: opensearch-net: ``` +{% include copy.html %} ### Configuring basic security settings @@ -367,6 +377,7 @@ volumes: - ./node1.pem:/usr/share/opensearch/config/node1.pem - ./node1-key.pem:/usr/share/opensearch/config/node1-key.pem ``` +{% include copy.html %} When you add TLS certificates to your OpenSearch nodes with Docker Compose volumes, you should also include a custom `opensearch.yml` file that defines those certificates. For example: ```yml @@ -378,6 +389,7 @@ volumes: - ./node1-key.pem:/usr/share/opensearch/config/node1-key.pem - ./custom-opensearch.yml:/usr/share/opensearch/config/opensearch.yml ``` +{% include copy.html %} Remember that the certificates you specify in your compose file must be the same as the certificates defined in your custom `opensearch.yml` file. You should replace the root, admin, and node certificates with your own. For more information see [Configure TLS certificates]({{site.url}}{{site.baseurl}}/security/configuration/tls). ```yml @@ -390,6 +402,7 @@ plugins.security.ssl.http.pemtrustedcas_filepath: root-ca.pem plugins.security.authcz.admin_dn: - CN=admin,OU=SSL,O=Test,L=Test,C=DE ``` +{% include copy.html %} After configuring security settings, your custom `opensearch.yml` file might look something like the following example, which adds TLS certificates and the distinguished name (DN) of the admin certificate, defines a few permissions, and enables verbose audit logging: ```yml @@ -414,6 +427,7 @@ cluster.routing.allocation.disk.threshold_enabled: false opendistro_security.audit.config.disabled_rest_categories: NONE opendistro_security.audit.config.disabled_transport_categories: NONE ``` +{% include copy.html %} For a full list of settings, see [Security]({{site.url}}{{site.baseurl}}/security/configuration/index/). @@ -423,6 +437,7 @@ After replacing the certificates and creating your own internal users, roles, ma ```bash docker-compose up -d ``` +{% include copy.html %} ### Working with plugins @@ -445,6 +460,7 @@ Alternatively, you might want to remove a plugin from an image before deploying FROM opensearchproject/opensearch:latest RUN /usr/share/opensearch/bin/opensearch-plugin remove opensearch-security ``` +{% include copy.html %} You can also use a Dockerfile to pass your own certificates for use with the [Security plugin]({{site.url}}{{site.baseurl}}/security/): ``` @@ -454,6 +470,7 @@ COPY --chown=opensearch:opensearch my-key-file.pem /usr/share/opensearch/config/ COPY --chown=opensearch:opensearch my-certificate-chain.pem /usr/share/opensearch/config/ COPY --chown=opensearch:opensearch my-root-cas.pem /usr/share/opensearch/config/ ``` +{% include copy.html %} ## Related links diff --git a/_install-and-configure/install-opensearch/helm.md b/_install-and-configure/install-opensearch/helm.md index 0a8980d5..b1df2da0 100644 --- a/_install-and-configure/install-opensearch/helm.md +++ b/_install-and-configure/install-opensearch/helm.md @@ -38,18 +38,21 @@ The default Helm chart deploys a three-node cluster. We recommend that you have ```bash helm repo add opensearch https://opensearch-project.github.io/helm-charts/ ``` + {% include copy.html %} 1. Update the available charts locally from charts repositories: ```bash helm repo update ``` + {% include copy.html %} 1. To search for the OpenSearch-related Helm charts: ```bash helm search repo opensearch ``` + {% include copy.html %} ```bash NAME CHART VERSION APP VERSION DESCRIPTION @@ -62,6 +65,7 @@ The default Helm chart deploys a three-node cluster. We recommend that you have ```bash helm install my-deployment opensearch/opensearch ``` + {% include copy.html %} You can also build the `opensearch-1.0.0.tgz` file manually: @@ -70,24 +74,29 @@ You can also build the `opensearch-1.0.0.tgz` file manually: ```bash cd charts/opensearch ``` + {% include copy.html %} 1. Package the Helm chart: ```bash helm package . ``` + {% include copy.html %} 1. Deploy OpenSearch: ```bash helm install --generate-name opensearch-1.0.0.tgz ``` + {% include copy.html %} + The output shows you the specifications instantiated from the install. To customize the deployment, pass in the values that you want to override with a custom YAML file: ```bash helm install --values=customvalues.yaml opensearch-1.0.0.tgz ``` + {% include copy.html %} #### Sample output @@ -118,6 +127,7 @@ To access the OpenSearch shell: ```bash $ kubectl exec -it opensearch-cluster-master-0 -- /bin/bash ``` +{% include copy.html %} You can send requests to the pod to verify that OpenSearch is up and running: @@ -129,12 +139,12 @@ $ curl -XGET https://localhost:9200 -u 'admin:admin' --insecure "cluster_uuid" : "hP2gq5bPS3SLp8Z7wXm8YQ", "version" : { "distribution" : "opensearch", - "number" : "1.0.0", - "build_type" : "tar", - "build_hash" : "34550c5b17124ddc59458ef774f6b43a086522e3", - "build_date" : "2021-07-02T23:22:21.383695Z", + "number" : , + "build_type" : , + "build_hash" : , + "build_date" : , "build_snapshot" : false, - "lucene_version" : "8.8.2", + "lucene_version" : , "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, @@ -157,5 +167,6 @@ To delete or uninstall a deployment, run the following command: ```bash helm delete opensearch-1-1629223146 ``` +{% include copy.html %} For steps to install OpenSearch Dashboards, see [Helm to install OpenSearch Dashboards]({{site.url}}{{site.baseurl}}/dashboards/install/helm/). \ No newline at end of file diff --git a/_install-and-configure/install-opensearch/rpm.md b/_install-and-configure/install-opensearch/rpm.md index fa8a44a0..f77de7ac 100644 --- a/_install-and-configure/install-opensearch/rpm.md +++ b/_install-and-configure/install-opensearch/rpm.md @@ -39,6 +39,8 @@ This guide assumes that you are comfortable working from the Linux command line ```bash sudo rpm --import https://artifacts.opensearch.org/publickeys/opensearch.pgp ``` + {% include copy.html %} + 1. From the CLI, you can install the package with `rpm` or `yum`. ```bash # Install the x64 package using yum. @@ -57,14 +59,19 @@ This guide assumes that you are comfortable working from the Linux command line ```bash sudo systemctl enable opensearch ``` + {% include copy.html %} + 1. Start OpenSearch. ```bash sudo systemctl start opensearch ``` + {% include copy.html %} + 1. Verify that OpenSearch launched correctly. ```bash sudo systemctl status opensearch ``` + {% include copy.html %} ### Install OpenSearch from a YUM repository @@ -74,40 +81,57 @@ YUM, the primary package management tool for Red Hat–based operating systems, ```bash sudo curl -SL https://artifacts.opensearch.org/releases/bundle/opensearch/{{major_version_mask}}/opensearch-{{major_version_mask}}.repo -o /etc/yum.repos.d/opensearch-{{major_version_mask}}.repo ``` + {% include copy.html %} + 1. Clean your YUM cache to ensure a smooth installation: ```bash sudo yum clean all ``` + {% include copy.html %} + 1. Verify that the repository was created successfully. ```bash sudo yum repolist ``` + {% include copy.html %} + 1. With the repository file downloaded, list all available versions of OpenSearch: ```bash sudo yum list opensearch --showduplicates ``` + {% include copy.html %} + 1. Choose the version of OpenSearch you want to install: - Unless otherwise indicated, the latest available version of OpenSearch is installed. ```bash sudo yum install opensearch ``` + {% include copy.html %} + - To install a specific version of OpenSearch: ```bash sudo yum install 'opensearch-{{site.opensearch_version}}' ``` + {% include copy.html %} + 1. During installation, the installer will present you with the GPG key fingerprint. Verify that the information matches the following: ```bash Fingerprint: c5b7 4989 65ef d1c2 924b a9d5 39d3 1987 9310 d3fc ``` + {% include copy.html %} + - If correct, enter `yes` or `y`. The OpenSearch installation continues. 1. Once complete, you can run OpenSearch. ```bash sudo systemctl start opensearch ``` + {% include copy.html %} + 1. Verify that OpenSearch launched correctly. ```bash sudo systemctl status opensearch ``` + {% include copy.html %} ## Step 2: (Optional) Test OpenSearch @@ -123,6 +147,8 @@ An OpenSearch node in its default configuration (with demo certificates and user ```bash curl -X GET https://localhost:9200 -u 'admin:admin' --insecure ``` + {% include copy.html %} + You should get a response that looks like this: ```bash { @@ -131,12 +157,12 @@ An OpenSearch node in its default configuration (with demo certificates and user "cluster_uuid" : "6XNc9m2gTUSIoKDqJit0PA", "version" : { "distribution" : "opensearch", - "number" : "2.3.0", - "build_type" : "rpm", - "build_hash" : "6f6e84ebc54af31a976f53af36a5c69d474a5140", - "build_date" : "2022-09-09T00:07:32.109283578Z", + "number" : , + "build_type" : , + "build_hash" : , + "build_date" : , "build_snapshot" : false, - "lucene_version" : "9.3.0", + "lucene_version" : , "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, @@ -147,25 +173,26 @@ An OpenSearch node in its default configuration (with demo certificates and user ```bash curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:admin' --insecure ``` + {% include copy.html %} The response should look like this: ```bash name component version - hostname opensearch-alerting 2.1.0.0 - hostname opensearch-anomaly-detection 2.1.0.0 - hostname opensearch-asynchronous-search 2.1.0.0 - hostname opensearch-cross-cluster-replication 2.1.0.0 - hostname opensearch-index-management 2.1.0.0 - hostname opensearch-job-scheduler 2.1.0.0 - hostname opensearch-knn 2.1.0.0 - hostname opensearch-ml 2.1.0.0 - hostname opensearch-notifications 2.1.0.0 - hostname opensearch-notifications-core 2.1.0.0 - hostname opensearch-observability 2.1.0.0 - hostname opensearch-performance-analyzer 2.1.0.0 - hostname opensearch-reports-scheduler 2.1.0.0 - hostname opensearch-security 2.1.0.0 - hostname opensearch-sql 2.1.0.0 + hostname opensearch-alerting {{site.opensearch_version}} + hostname opensearch-anomaly-detection {{site.opensearch_version}} + hostname opensearch-asynchronous-search {{site.opensearch_version}} + hostname opensearch-cross-cluster-replication {{site.opensearch_version}} + hostname opensearch-index-management {{site.opensearch_version}} + hostname opensearch-job-scheduler {{site.opensearch_version}} + hostname opensearch-knn {{site.opensearch_version}} + hostname opensearch-ml {{site.opensearch_version}} + hostname opensearch-notifications {{site.opensearch_version}} + hostname opensearch-notifications-core {{site.opensearch_version}} + hostname opensearch-observability {{site.opensearch_version}} + hostname opensearch-performance-analyzer {{site.opensearch_version}} + hostname opensearch-reports-scheduler {{site.opensearch_version}} + hostname opensearch-security {{site.opensearch_version}} + hostname opensearch-sql {{site.opensearch_version}} ``` ## Step 3: Set up OpenSearch in your environment @@ -190,6 +217,8 @@ Before modifying any configuration files, it's always a good idea to save a back ```bash sudo vi /etc/opensearch/opensearch.yml ``` + {% include copy.html %} + 1. Add the following lines: ```bash # Bind OpenSearch to the correct network interface. Use 0.0.0.0 @@ -206,18 +235,24 @@ Before modifying any configuration files, it's always a good idea to save a back # be sure to re-enable it. Otherwise you can skip this setting. plugins.security.disabled: false ``` + {% include copy.html %} + 1. Save your changes and close the file. 1. Specify initial and maximum JVM heap sizes. 1. Open `jvm.options`. ```bash vi /etc/opensearch/jvm.options ``` + {% include copy.html %} + 1. Modify the values for initial and maximum heap sizes. As a starting point, you should set these values to half of the available system memory. For dedicated hosts this value can be increased based on your workflow requirements. - As an example, if the host machine has 8 GB of memory, then you might want to set the initial and maximum heap sizes to 4 GB: ```bash -Xms4g -Xmx4g ``` + {% include copy.html %} + 1. Save your changes and close the file. ### Configure TLS @@ -228,10 +263,14 @@ TLS certificates provide additional security for your cluster by allowing client ```bash cd /etc/opensearch ``` + {% include copy.html %} + 1. Delete the demo certificates. ```bash sudo rm -f *pem ``` + {% include copy.html %} + 1. Generate a root certificate. This is what you will use to sign your other certificates. ```bash # Create a private key for the root certificate @@ -279,10 +318,14 @@ TLS certificates provide additional security for your cluster by allowing client ```bash sudo rm -f *temp.pem *csr *ext ``` + {% include copy.html %} + 1. Make sure the remaining certificates are owned by the opensearch user. ```bash sudo chown opensearch:opensearch admin-key.pem admin.pem node1-key.pem node1.pem root-ca-key.pem root-ca.pem root-ca.srl ``` + {% include copy.html %} + 1. Add these certificates to `opensearch.yml` as described in [Generate Certificates]({{site.url}}{{site.baseurl}}/security/configuration/generate-certificates/#add-distinguished-names-to-opensearchyml). Advanced users might also choose to append the settings using a script: ```bash #! /bin/bash @@ -307,6 +350,8 @@ TLS certificates provide additional security for your cluster by allowing client echo "plugins.security.check_snapshot_restore_write_privileges: true" | sudo tee -a /etc/opensearch/opensearch.yml echo "plugins.security.restapi.roles_enabled: [\"all_access\", \"security_rest_api_access\"]" | sudo tee -a /etc/opensearch/opensearch.yml ``` + {% include copy.html %} + 1. (Optional) Add trust for the self-signed root certificate. ```bash # Copy the root certificate to the correct directory @@ -324,6 +369,8 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth ```bash cd /usr/share/opensearch/plugins/opensearch-security/tools ``` + {% include copy.html %} + 1. Run `hash.sh` to generate a new password. - This script will fail if a path to the JDK has not been defined. ```bash @@ -341,11 +388,15 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth ```bash OPENSEARCH_JAVA_HOME=/usr/share/opensearch/jdk ./hash.sh ``` + {% include copy.html %} + - Enter the desired password at the prompt and make a note of the output hash. 1. Open `internal_users.yml`. ```bash sudo vi /etc/opensearch/opensearch-security/internal_users.yml ``` + {% include copy.html %} + 1. Remove all demo users except for `admin` and replace the hash with the output provided by `hash.sh` in a previous step. The file should look similar to the following example: ```bash --- @@ -365,6 +416,7 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth - "admin" description: "Admin user" ``` + {% include copy.html %} ### Apply changes @@ -374,11 +426,13 @@ Now that TLS certificates are installed and demo users were removed or assigned ```bash sudo systemctl restart opensearch ``` + 1. Open a separate terminal session with the host and navigate to the directory containing `securityadmin.sh`. ```bash # Change to the correct directory cd /usr/share/opensearch/plugins/opensearch-security/tools ``` + 1. Invoke the script. See [Apply changes using securityadmin.sh]({{site.url}}{{site.baseurl}}/security/configuration/security-admin/) for definitions of the arguments you must pass. ```bash # You can omit the environment variable if you declared this in your $PATH. @@ -402,12 +456,12 @@ $ curl https://your.host.address:9200 -u admin:yournewpassword -k "cluster_uuid" : "efC0ANNMQlGQ5TbhNflVPg", "version" : { "distribution" : "opensearch", - "number" : "2.1.0", - "build_type" : "tar", - "build_hash" : "388c80ad94529b1d9aad0a735c4740dce2932a32", - "build_date" : "2022-06-30T21:31:04.823801692Z", + "number" : , + "build_type" : , + "build_hash" : , + "build_date" : , "build_snapshot" : false, - "lucene_version" : "9.2.0", + "lucene_version" : , "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, @@ -428,6 +482,7 @@ Navigate to the directory containing the distribution and run the following comm ```bash rpm -Uvh opensearch-{{site.opensearch_version}}-linux-x64.rpm ``` +{% include copy.html %} ### YUM @@ -435,11 +490,13 @@ To upgrade to the latest version of OpenSearch using YUM: ```bash sudo yum update ``` +{% include copy.html %} You can also upgrade to a specific OpenSearch version: ```bash sudo yum update opensearch- ``` + {% include copy.html %} ## Related links diff --git a/_install-and-configure/install-opensearch/tar.md b/_install-and-configure/install-opensearch/tar.md index 44913e6e..b317f131 100644 --- a/_install-and-configure/install-opensearch/tar.md +++ b/_install-and-configure/install-opensearch/tar.md @@ -53,6 +53,8 @@ Before launching OpenSearch you should review some [important system settings]({ ```bash sudo swapoff -a ``` + {% include copy.html %} + 1. Increase the number of memory maps available to OpenSearch. ```bash # Edit the sysctl config file @@ -90,15 +92,21 @@ An OpenSearch node configured by the demo security script is not suitable for a ```bash cd /path/to/opensearch-{{site.opensearch_version}} ``` + {% include copy.html %} + 1. Run the demo security script. ```bash ./opensearch-tar-install.sh ``` + {% include copy.html %} + 1. Open another terminal session and send requests to the server to verify that OpenSearch is running. Note the use of the `--insecure` flag, which is required because the TLS certificates are self-signed. - Send a request to port 9200: ```bash curl -X GET https://localhost:9200 -u 'admin:admin' --insecure ``` + {% include copy.html %} + You should get a response that looks like this: ```bash { @@ -107,12 +115,12 @@ An OpenSearch node configured by the demo security script is not suitable for a "cluster_uuid" : "6XNc9m2gTUSIoKDqJit0PA", "version" : { "distribution" : "opensearch", - "number" : "2.1.0", - "build_type" : "tar", - "build_hash" : "388c80ad94529b1d9aad0a735c4740dce2932a32", - "build_date" : "2022-06-30T21:31:04.823801692Z", + "number" : , + "build_type" : , + "build_hash" : , + "build_date" : , "build_snapshot" : false, - "lucene_version" : "9.2.0", + "lucene_version" : , "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, @@ -123,25 +131,26 @@ An OpenSearch node configured by the demo security script is not suitable for a ```bash curl -X GET https://localhost:9200/_cat/plugins?v -u 'admin:admin' --insecure ``` + {% include copy.html %} The response should look like this: ```bash name component version - hostname opensearch-alerting 2.1.0.0 - hostname opensearch-anomaly-detection 2.1.0.0 - hostname opensearch-asynchronous-search 2.1.0.0 - hostname opensearch-cross-cluster-replication 2.1.0.0 - hostname opensearch-index-management 2.1.0.0 - hostname opensearch-job-scheduler 2.1.0.0 - hostname opensearch-knn 2.1.0.0 - hostname opensearch-ml 2.1.0.0 - hostname opensearch-notifications 2.1.0.0 - hostname opensearch-notifications-core 2.1.0.0 - hostname opensearch-observability 2.1.0.0 - hostname opensearch-performance-analyzer 2.1.0.0 - hostname opensearch-reports-scheduler 2.1.0.0 - hostname opensearch-security 2.1.0.0 - hostname opensearch-sql 2.1.0.0 + hostname opensearch-alerting {{site.opensearch_version}} + hostname opensearch-anomaly-detection {{site.opensearch_version}} + hostname opensearch-asynchronous-search {{site.opensearch_version}} + hostname opensearch-cross-cluster-replication {{site.opensearch_version}} + hostname opensearch-index-management {{site.opensearch_version}} + hostname opensearch-job-scheduler {{site.opensearch_version}} + hostname opensearch-knn {{site.opensearch_version}} + hostname opensearch-ml {{site.opensearch_version}} + hostname opensearch-notifications {{site.opensearch_version}} + hostname opensearch-notifications-core {{site.opensearch_version}} + hostname opensearch-observability {{site.opensearch_version}} + hostname opensearch-performance-analyzer {{site.opensearch_version}} + hostname opensearch-reports-scheduler {{site.opensearch_version}} + hostname opensearch-security {{site.opensearch_version}} + hostname opensearch-sql {{site.opensearch_version}} ``` 1. Return to the original terminal session and stop the process by pressing `CTRL + C`. @@ -151,16 +160,22 @@ An OpenSearch node configured by the demo security script is not suitable for a ```bash vi /path/to/opensearch-{{site.opensearch_version}}/config/opensearch.yml ``` + {% include copy.html %} + 1. Add the following line to disable the Security plugin: ```bash plugins.security.disabled: true ``` + {% include copy.html %} + 1. Save the change and close the file. 1. Open another terminal session and send requests to the server to verify that OpenSearch is running. Because the Security plugin has been disabled, you will be sending commands using `HTTP` rather than `HTTPS`. - Send a request to port 9200. ```bash curl -X GET http://localhost:9200 ``` + {% include copy.html %} + You should get a response that looks like this: ```bash { @@ -169,12 +184,12 @@ An OpenSearch node configured by the demo security script is not suitable for a "cluster_uuid" : "6XNc9m2gTUSIoKDqJit0PA", "version" : { "distribution" : "opensearch", - "number" : "2.1.0", - "build_type" : "tar", - "build_hash" : "388c80ad94529b1d9aad0a735c4740dce2932a32", - "build_date" : "2022-06-30T21:31:04.823801692Z", + "number" : , + "build_type" : , + "build_hash" : , + "build_date" : , "build_snapshot" : false, - "lucene_version" : "9.2.0", + "lucene_version" : , "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, @@ -185,25 +200,26 @@ An OpenSearch node configured by the demo security script is not suitable for a ```bash curl -X GET http://localhost:9200/_cat/plugins?v ``` + {% include copy.html %} The response should look like this: ```bash name component version - hostname opensearch-alerting 2.1.0.0 - hostname opensearch-anomaly-detection 2.1.0.0 - hostname opensearch-asynchronous-search 2.1.0.0 - hostname opensearch-cross-cluster-replication 2.1.0.0 - hostname opensearch-index-management 2.1.0.0 - hostname opensearch-job-scheduler 2.1.0.0 - hostname opensearch-knn 2.1.0.0 - hostname opensearch-ml 2.1.0.0 - hostname opensearch-notifications 2.1.0.0 - hostname opensearch-notifications-core 2.1.0.0 - hostname opensearch-observability 2.1.0.0 - hostname opensearch-performance-analyzer 2.1.0.0 - hostname opensearch-reports-scheduler 2.1.0.0 - hostname opensearch-security 2.1.0.0 - hostname opensearch-sql 2.1.0.0 + hostname opensearch-alerting {{site.opensearch_version}} + hostname opensearch-anomaly-detection {{site.opensearch_version}} + hostname opensearch-asynchronous-search {{site.opensearch_version}} + hostname opensearch-cross-cluster-replication {{site.opensearch_version}} + hostname opensearch-index-management {{site.opensearch_version}} + hostname opensearch-job-scheduler {{site.opensearch_version}} + hostname opensearch-knn {{site.opensearch_version}} + hostname opensearch-ml {{site.opensearch_version}} + hostname opensearch-notifications {{site.opensearch_version}} + hostname opensearch-notifications-core {{site.opensearch_version}} + hostname opensearch-observability {{site.opensearch_version}} + hostname opensearch-performance-analyzer {{site.opensearch_version}} + hostname opensearch-reports-scheduler {{site.opensearch_version}} + hostname opensearch-security {{site.opensearch_version}} + hostname opensearch-sql {{site.opensearch_version}} ``` ## Step 4: Set up OpenSearch in your environment @@ -228,6 +244,8 @@ Before modifying any configuration files, it's always a good idea to save a back ```bash vi /path/to/opensearch-{{site.opensearch_version}}/config/opensearch.yml ``` + {% include copy.html %} + 1. Add the following lines. ```bash # Bind OpenSearch to the correct network interface. Use 0.0.0.0 @@ -244,23 +262,30 @@ Before modifying any configuration files, it's always a good idea to save a back # be sure to re-enable it. Otherwise you can skip this setting. plugins.security.disabled: false ``` + {% include copy.html %} + 1. Save your changes and close the file. 1. Specify initial and maximum JVM heap sizes. 1. Open `jvm.options`. ```bash vi /path/to/opensearch-{{site.opensearch_version}}/config/jvm.options ``` + {% include copy.html %} + 1. Modify the values for initial and maximum heap sizes. As a starting point, you should set these values to half of the available system memory. For dedicated hosts this value can be increased based on your workflow requirements. - As an example, if the host machine has 8 GB of memory then you might want to set the initial and maximum heap sizes to 4 GB: ```bash -Xms4g -Xmx4g ``` + {% include copy.html %} + 1. Save your changes and close the file. 1. Specify the location of the included JDK. ```bash export OPENSEARCH_JAVA_HOME=/path/to/opensearch-{{site.opensearch_version}}/jdk ``` + {% include copy.html %} ### Configure TLS @@ -270,6 +295,8 @@ TLS certificates provide additional security for your cluster by allowing client ```bash cd /path/to/opensearch-{{site.opensearch_version}}/config/ ``` + {% include copy.html %} + 1. Generate a root certificate. This is what you will use to sign your other certificates. ```bash # Create a private key for the root certificate @@ -317,6 +344,8 @@ TLS certificates provide additional security for your cluster by allowing client ```bash rm *temp.pem *csr *ext ``` + {% include copy.html %} + 1. Add these certificates to `opensearch.yml` as described in [Generate Certificates]({{site.url}}{{site.baseurl}}/security/configuration/generate-certificates/#add-distinguished-names-to-opensearchyml). Advanced users might also choose to append the settings using a script: ```bash #! /bin/bash @@ -342,6 +371,8 @@ TLS certificates provide additional security for your cluster by allowing client echo "plugins.security.check_snapshot_restore_write_privileges: true" | sudo tee -a /path/to/opensearch-{{site.opensearch_version}}/config/opensearch.yml echo "plugins.security.restapi.roles_enabled: [\"all_access\", \"security_rest_api_access\"]" | sudo tee -a /path/to/opensearch-{{site.opensearch_version}}/config/opensearch.yml ``` + {% include copy.html %} + 1. (Optional) Add trust for the self-signed root certificate. ```bash # Copy the root certificate to the correct directory @@ -359,6 +390,8 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth ```bash chmod 755 /path/to/opensearch-{{site.opensearch_version}}/plugins/opensearch-security/tools/*.sh ``` + {% include copy.html %} + 1. Run `hash.sh` to generate a new password. - This script will fail if a path to the JDK has not been defined. ```bash @@ -372,15 +405,21 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use ./hash.sh: line 35: java: command not found ``` + {% include copy.html %} + - Declare an environment variable when you invoke the script in order to avoid issues: ```bash OPENSEARCH_JAVA_HOME=/path/to/opensearch-{{site.opensearch_version}}/jdk ./hash.sh ``` + {% include copy.html %} + - Enter the desired password at the prompt and make a note of the output hash. 1. Open `internal_users.yml`. ```bash vi /path/to/opensearch-{{site.opensearch_version}}/config/opensearch-security/internal_users.yml ``` + {% include copy.html %} + 1. Remove all demo users except for `admin` and replace the hash with the output provided by `hash.sh` in a previous step. The file should look similar to the following example: ```bash --- @@ -400,6 +439,7 @@ Users are defined and authenticated by OpenSearch in a variety of ways. One meth - "admin" description: "Admin user" ``` + {% include copy.html %} ### Apply changes @@ -466,21 +506,25 @@ The following configuration is only suitable for testing in a non-production env ```bash sudo adduser --system --shell /bin/bash -U --no-create-home opensearch ``` + {% include copy.html %} 1. Add your user to the `opensearch` user group. ```bash sudo usermod -aG opensearch $USER ``` + {% include copy.html %} 1. Change the file owner to `opensearch`. Make sure to change the path if your OpenSearch files are in a different directory. ```bash sudo chown -R opensearch /opt/opensearch/ ``` + {% include copy.html %} 1. Create the service file and open it for editing. ```bash sudo vi /etc/systemd/system/opensearch.service ``` + {% include copy.html %} 1. Enter the following example service configuration. Make sure to change references to the path if your OpenSearch files are in a different directory. ```bash @@ -514,26 +558,31 @@ The following configuration is only suitable for testing in a non-production env [Install] WantedBy=multi-user.target ``` + {% include copy.html %} 1. Reload `systemd` manager configuration. ```bash sudo systemctl daemon-reload ``` + {% include copy.html %} 1. Enable the OpenSearch service. ```bash sudo systemctl enable opensearch.service ``` + {% include copy.html %} 1. Start the OpenSearch service. ```bash sudo systemctl start opensearch ``` + {% include copy.html %} 1. Verify that the service is running. ```bash sudo systemctl status opensearch ``` + {% include copy.html %} ## Related links diff --git a/_install-and-configure/install-opensearch/windows.md b/_install-and-configure/install-opensearch/windows.md index 74e80cd8..ac3bd83e 100644 --- a/_install-and-configure/install-opensearch/windows.md +++ b/_install-and-configure/install-opensearch/windows.md @@ -63,16 +63,21 @@ An OpenSearch node in its default configuration (with demo certificates and user ```bat cd \path\to\opensearch-{{site.opensearch_version}} ``` + {% include copy.html %} + 1. Run the batch script. ```bat .\opensearch-windows-install.bat ``` + {% include copy.html %} 1. Open a new command prompt and send requests to the server to verify that OpenSearch is running. Note the use of the `--insecure` flag, which is required because the TLS certificates are self-signed. - Send a request to port 9200: ```bat curl.exe -X GET https://localhost:9200 -u "admin:admin" --insecure ``` + {% include copy.html %} + You should get a response that looks like this: ```bat { @@ -81,12 +86,12 @@ An OpenSearch node in its default configuration (with demo certificates and user "cluster_uuid" : "7Nqtr0LrQTOveFcBb7Kufw", "version" : { "distribution" : "opensearch", - "number" : "2.4.0", - "build_type" : "zip", - "build_hash" : "77ef9e304dd6ee95a600720a387a9735bbcf7bc9", - "build_date" : "2022-11-05T05:50:15.404072800Z", + "number" : , + "build_type" : , + "build_hash" : , + "build_date" : , "build_snapshot" : false, - "lucene_version" : "9.4.1", + "lucene_version" : , "minimum_wire_compatibility_version" : "7.10.0", "minimum_index_compatibility_version" : "7.0.0" }, @@ -97,26 +102,27 @@ An OpenSearch node in its default configuration (with demo certificates and user ```bat curl.exe -X GET https://localhost:9200/_cat/plugins?v -u "admin:admin" --insecure ``` + {% include copy.html %} The response should look like this: ```bat - hostname opensearch-alerting 2.4.0.0 - hostname opensearch-anomaly-detection 2.4.0.0 - hostname opensearch-asynchronous-search 2.4.0.0 - hostname opensearch-cross-cluster-replication 2.4.0.0 - hostname opensearch-geospatial 2.4.0.0 - hostname opensearch-index-management 2.4.0.0 - hostname opensearch-job-scheduler 2.4.0.0 - hostname opensearch-knn 2.4.0.0 - hostname opensearch-ml 2.4.0.0 - hostname opensearch-neural-search 2.4.0.0 - hostname opensearch-notifications 2.4.0.0 - hostname opensearch-notifications-core 2.4.0.0 - hostname opensearch-observability 2.4.0.0 - hostname opensearch-reports-scheduler 2.4.0.0 - hostname opensearch-security 2.4.0.0 - hostname opensearch-security-analytics 2.4.0.0 - hostname opensearch-sql 2.4.0.0 + hostname opensearch-alerting {{site.opensearch_version}} + hostname opensearch-anomaly-detection {{site.opensearch_version}} + hostname opensearch-asynchronous-search {{site.opensearch_version}} + hostname opensearch-cross-cluster-replication {{site.opensearch_version}} + hostname opensearch-geospatial {{site.opensearch_version}} + hostname opensearch-index-management {{site.opensearch_version}} + hostname opensearch-job-scheduler {{site.opensearch_version}} + hostname opensearch-knn {{site.opensearch_version}} + hostname opensearch-ml {{site.opensearch_version}} + hostname opensearch-neural-search {{site.opensearch_version}} + hostname opensearch-notifications {{site.opensearch_version}} + hostname opensearch-notifications-core {{site.opensearch_version}} + hostname opensearch-observability {{site.opensearch_version}} + hostname opensearch-reports-scheduler {{site.opensearch_version}} + hostname opensearch-security {{site.opensearch_version}} + hostname opensearch-security-analytics {{site.opensearch_version}} + hostname opensearch-sql {{site.opensearch_version}} ``` ### Option 2: Test your OpenSearch settings with security disabled @@ -127,6 +133,8 @@ An OpenSearch node in its default configuration (with demo certificates and user ```yaml plugins.security.disabled: true ``` + {% include copy.html %} + 1. Save the change and close the file. 1. Navigate to the top directory of your OpenSearch installation and open the `opensearch-{{site.opensearch_version}}` folder. 1. Run the default by double-clicking the `opensearch-windows-install.bat` file. This opens a command prompt with an OpenSearch instance running. @@ -135,6 +143,8 @@ An OpenSearch node in its default configuration (with demo certificates and user ```bat curl.exe -X GET http://localhost:9200 ``` + {% include copy.html %} + You should get a response that looks like this: ```bat { @@ -159,26 +169,27 @@ An OpenSearch node in its default configuration (with demo certificates and user ```bat curl.exe -X GET http://localhost:9200/_cat/plugins?v ``` + {% include copy.html %} The response should look like this: ```bat - hostname opensearch-alerting 2.4.0.0 - hostname opensearch-anomaly-detection 2.4.0.0 - hostname opensearch-asynchronous-search 2.4.0.0 - hostname opensearch-cross-cluster-replication 2.4.0.0 - hostname opensearch-geospatial 2.4.0.0 - hostname opensearch-index-management 2.4.0.0 - hostname opensearch-job-scheduler 2.4.0.0 - hostname opensearch-knn 2.4.0.0 - hostname opensearch-ml 2.4.0.0 - hostname opensearch-neural-search 2.4.0.0 - hostname opensearch-notifications 2.4.0.0 - hostname opensearch-notifications-core 2.4.0.0 - hostname opensearch-observability 2.4.0.0 - hostname opensearch-reports-scheduler 2.4.0.0 - hostname opensearch-security 2.4.0.0 - hostname opensearch-security-analytics 2.4.0.0 - hostname opensearch-sql 2.4.0.0 + hostname opensearch-alerting {{site.opensearch_version}} + hostname opensearch-anomaly-detection {{site.opensearch_version}} + hostname opensearch-asynchronous-search {{site.opensearch_version}} + hostname opensearch-cross-cluster-replication {{site.opensearch_version}} + hostname opensearch-geospatial {{site.opensearch_version}} + hostname opensearch-index-management {{site.opensearch_version}} + hostname opensearch-job-scheduler {{site.opensearch_version}} + hostname opensearch-knn {{site.opensearch_version}} + hostname opensearch-ml {{site.opensearch_version}} + hostname opensearch-neural-search {{site.opensearch_version}} + hostname opensearch-notifications {{site.opensearch_version}} + hostname opensearch-notifications-core {{site.opensearch_version}} + hostname opensearch-observability {{site.opensearch_version}} + hostname opensearch-reports-scheduler {{site.opensearch_version}} + hostname opensearch-security {{site.opensearch_version}} + hostname opensearch-security-analytics {{site.opensearch_version}} + hostname opensearch-sql {{site.opensearch_version}} ``` To stop OpenSearch, press `Ctrl+C` in Command Prompt or Powershell, or simply close the Command Prompt or Powershell window. @@ -218,6 +229,8 @@ Before modifying any configuration files, it's always a good idea to save a back # be sure to re-enable it. Otherwise you can skip this setting. plugins.security.disabled: false ``` + {% include copy.html %} + 1. Save your changes and close the file. 1. Specify initial and maximum JVM heap sizes. 1. Open the `opensearch-{{site.opensearch_version}}\config` folder. @@ -228,6 +241,8 @@ Before modifying any configuration files, it's always a good idea to save a back -Xms4g -Xmx4g ``` + {% include copy.html %} + 1. Save your changes and close the file. 1. Specify the location of the included JDK. 1. In the search box next to **Start** on the taskbar, enter `edit environment variables for your account` or `edit the system environment variables`. To edit the system environment variables, you need admin rights. User environment variables take precedence over system environment variables.