In this post I'll show how to use the opensearch without providing much theoretical details which can be taken from its documentation.
- Log analytics
- Real-time application monitoring
- Clickstream analytics
- Search backend
You can download opensearch from below location
https://opensearch.org/downloads.html
You will find different components to be installed from above link like Opensearch - a search/analytical engine, opensearch-dashbaords - a default visualization tool for data in opensearch, logstash & prepper - ingestion tools to process the events received and sent to opensearch engine, opensearch-cli - a command line tool to mange opensearch cluster, JDBC/ODBC drivers.
Opensearch
Let's install and use opensearch first and will do the same with other components.[hdpsysuser@hdpmaster sw]$ tar -zxf opensearch-2.1.0-linux-x64.tar.gz
[hdpsysuser@hdpmaster apps]$ mv opensearch-2.1.0 /data/apps
-- Config Location
vim /data/apps/opensearch-2.1.0/config/opensearch.yml
discovery.type: single-node
[hdpsysuser@hdpmaster apps]$ sudo useradd opensearch
[hdpsysuser@hdpmaster apps]$ sudo passwd opensearch
[hdpsysuser@hdpmaster apps]$ sudo chown opensearch:opensearch -R /data/apps/opensearch-2.1.0/
[hdpsysuser@hdpmaster apps]$ su - opensearch
[opensearch@hdpmaster ~]$ export OPENSEARCH_HOME=/data/apps/opensearch-2.1.0
[opensearch@hdpmaster ~]$ export PATH=$PATH:$OPENSEARCH_HOME/bin
OpenSearch comes with built-in security but you need to configure it before running the opensearch. Lets' install demo configuration.
-- tools for administering the security setup[opensearch@hdpmaster ~]$ cd /data/apps/opensearch-2.1.0/plugins/opensearch-security/tools/
[opensearch@hdpmaster tools]$ chmod +x install_demo_configuration.sh
Script actually changed and installed below in config folder
root-ca.pem: This is the certificate of the root CA that signed all other TLS certificatesesnode.pem: This is the certificate that this node uses when communicating with other nodes on the transport layer (inter-node traffic)
esnode-key.pem: The private key for the esnode.pem node certificate
kirk.pem: This is the admin TLS certificate used when making changes to the security configuration. This certificate gives you full access to the cluster
kirk-key.pem: The private key for the admin TLS certificate
[opensearch@hdpmaster tools]$ opensearch
[hdpsysuser@hdpmaster sw]$ curl -XGET https://hdpmaster:9200 -u admin:admin -k
"name" : "hdpmaster",
"cluster_name" : "opensearch",
"cluster_uuid" : "c0TKAaa2SFa9YAQTwwTpuQ",
"version" : {
"distribution" : "opensearch",
"number" : "2.1.0",
"build_type" : "tar",
"build_hash" : "388c80ad94529b1d9aad0a735c4740dce2932a32",
"build_date" : "2022-06-30T21:31:04.823801692Z",
"build_snapshot" : false,
"lucene_version" : "9.2.0",
"minimum_wire_compatibility_version" : "7.10.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "The OpenSearch Project: https://opensearch.org/"
}
Access the opensearch URL from browser http://hdpmaster:9200/
The Browser willcomplains that this self-signed root CA is not on the list of trusted CAs. Proceed in the browser and provide username/password ie; admin/admin
Disable security
You might want to temporarily disable the security plugin to make testing or internal usage more straightforward. To disable the plugin, add the following line in opensearch.yml:
plugins.security.disabled: true
If you want to disable permenently then you need to remove the security plugins.
[hdpsysuser@hdpmaster ~]$ sudo /data/apps/opensearch-2.1.0/bin/opensearch-plugin list
[hdpsysuser@hdpmaster ~]$ sudo /data/apps/opensearch-2.1.0/bin/opensearch-plugin remove opensearch-security
-> removing [opensearch-security]...-> preserving plugin config files [/data/apps/opensearch-2.1.0/config/opensearch-security] in case of upgrade; use --purge if not needed
[hdpsysuser@hdpmaster ~]$ sudo /data/apps/opensearch-dashboards-2.1.0/bin/opensearch-dashboards-plugin list
OpenSearch Dashboards should not be run as root. Use --allow-root to continue.
[opensearch@hdpmaster ~]$ /data/apps/opensearch-dashboards-2.1.0/bin/opensearch-dashboards-plugin list
alertingDashboards@2.1.0.0
anomalyDetectionDashboards@2.1.0.0
ganttChartDashboards@2.1.0.0
indexManagementDashboards@2.1.0.0
notificationsDashboards@2.1.0.0
observabilityDashboards@2.1.0.0
queryWorkbenchDashboards@2.1.0.0
reportsDashboards@2.1.0.0
securityDashboards@2.1.0.0
[opensearch@hdpmaster ~]$ /data/apps/opensearch-dashboards-2.1.0/bin/opensearch-dashboards-plugin remove securityDashboards
Removing securityDashboards...
Plugin removal completeRestart opensearch and opensearch dashboards
[opensearch@hdpmaster ~]$ opensearch
[opensearch@hdpmaster ~]$ opensearch-dashboards
[opensearch@hdpmaster ~]$ /data/apps/opensearch-dashboards-2.1.0/bin/opensearch-dashboards-plugin remove securityDashboards
Removing securityDashboards...
Plugin removal complete
alertingDashboards@2.1.0.0
anomalyDetectionDashboards@2.1.0.0
ganttChartDashboards@2.1.0.0
indexManagementDashboards@2.1.0.0
notificationsDashboards@2.1.0.0
observabilityDashboards@2.1.0.0
queryWorkbenchDashboards@2.1.0.0
reportsDashboards@2.1.0.0
securityDashboards@2.1.0.0
[opensearch@hdpmaster ~]$ /data/apps/opensearch-dashboards-2.1.0/bin/opensearch-dashboards-plugin remove securityDashboards
Removing securityDashboards...
Plugin removal complete
Opensearch-Dashboards
-- Config Location
Logstash
Use the -e argument to pass a pipeline configuration directly to the Logstash binary. In this case, stdin is the input plugin and stdout is the output plugin:
Beats
Opensearch CLI
Data Prepper
-- Define a pipeline
log-pipeline:
source:
http:
ssl: false
port: 5040
processor:
- grok:
match:
log: [ "%{IPORHOST:ip_address} %{USER:identity} %{USER:auth} %{TIMESTAMP_ISO8601:log_timestamp} %{WORD:http_method} %{URIPATH:uri_path} %{NUMBER:http_status} %{NUMBER:num_bytes}" ]
sink:
- opensearch:
hosts: [ "https://hdpmaster:9200" ]
insecure: true
username: admin
password: admin
index: idx-prepper
Troubleshooting
ERROR:Virtual memory
ERROR: [2] bootstrap checks failed
[1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
[2]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_cluster_manager_nodes / cluster.initial_master_nodes] must be configured
On Linux, you can increase the limits by running the following command as root:
sysctl -w vm.max_map_count=262144
To set this value permanently, update the vm.max_map_count setting in /etc/sysctl.conf. To verify after rebooting, run sysctl vm.max_map_count.
[hdpsysuser@hdpmaster ~]$ sudo sysctl -w vm.max_map_count=262144
vm.max_map_count = 262144
ERROR
[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_cluster_manager_nodes / cluster.initial_master_nodes] must be configured
if you are running Opensearch locally(single node) or just with a single node on the cloud then just use below config in your opensearch.yml to avoid the production check, and to make it work,discovery.type: single-node
No comments:
Post a Comment