opensearch-project · saravanan30erd · Aug 31, 2021 · Sep 2, 2021 · Sep 2, 2021 · Sep 2, 2021
@@ -0,0 +1,45 @@
+Deploy OpenSearch with OpenSearch Dashboards using Ansible
+==========================================================
+
+## Single node OpenSearch Installation with Dashboards
+
+This ansible playbook supports the following,
+
+- Can be deployed on baremetal and VMs(AWS EC2)
+- Supports most popular **Linux distributions**(Centos7, RHEL7)
+- Install and configure the Apache2.0 opensource OpenSearch
+- Configure TLS/SSL for OpenSearch transport layer(Nodes to Nodes communication) and REST API layer
+- Generate self-signed certificates to configure TLS/SSL for opensearch
+- Configure the Internal Users Database with limited users and user-defined passwords
+
+Prerequisite
+------------
+- **Ansible**
+- **Java 8**
+
+Configure
+---------
+
+Refer the file `inventories/opensearch/group_vars/all/all.yml` to change the default values.
+
+For example we need to increase the java memory heap size for opensearch,
+
+    xms_value: 8
+    xmx_value: 8
+
+
+Install
+-------
+
+### Ansible
+
+    # Deploy with ansible playbook - run the playbook as root
+    ansible-playbook -i inventories/opensearch/hosts opensearch.yml --extra-vars "admin_password=Test@123 kibanaserver_password=Test@6789"
+
+You should set the reserved users(`admin` and `kibanaserver`) password using `admin_password` and `kibanaserver_password` variables.
+
+It will install and configure the opensearch. Once the deployment completed, you can access the opensearch Dashboards with user `admin` and password which you provided for variable `admin_password`.
+
+## TBD
+- opensearch multi-node cluster setup
+- Performance analyzer plugin configuration
@@ -0,0 +1,21 @@
+## Common opensearch configuration parameters ##
+
+os_cluster_name: development-cluster
+
+# opensearch download
+os_download_url: https://artifacts.opensearch.org/releases/bundle/opensearch
+
+# opensearch version
+os_version: "1.0.1"
+
+# Configure hostnames for opensearch nodes
+# It is required to configure SSL
+# Example es1.example.com, es2.example.com
+domain_name: example.com
+
+os_user: opensearch
+
+# Java memory heap values(GB) for opensearch
+# You can change it based on server specs
+xms_value: 2
+xmx_value: 2
@@ -0,0 +1,10 @@
+os1 ansible_host=10.0.1.1  ansible_user=root ip=10.0.1.1 roles=data,master
+
+dashboards1 ansible_host=10.0.1.2  ansible_user=root ip=10.0.1.2
+
+# List all the nodes in the os cluster
+[os-cluster]
+os1
+
+[dashboards]
+dashboards1
@@ -0,0 +1,13 @@
+---
+
+- name: opensearch installation & configuration
+  hosts: os-cluster
+  gather_facts: false
+  roles:
+    - { role: centos7/opensearch }
+
+- name: opensearch dashboards installation & configuration
+  hosts: dashboards
+  gather_facts: false
+  roles:
+    - { role: centos7/dashboards }
@@ -0,0 +1,19 @@
+---
+os_nodes: |-
+        {% for item in groups['os-cluster'] -%}
+          {{ hostvars[item]['ip'] }}{% if not loop.last %}","{% endif %}
+        {%- endfor %}
+
+populate_inventory_to_hosts_file: true
+
+os_dashboards_home: /usr/share/opensearch-dashboards
+os_conf_dir: /usr/share/opensearch-dashboards/config
+os_plugin_bin_path: /usr/share/opensearch-dashboards/bin/opensearch-dashboards-plugin
+
+os_api_port: 9200
+os_nodes_dashboards: |-
+        {% for item in groups['os-cluster'] -%}
+          https://{{ hostvars[item]['ip'] }}:{{ os_api_port }}{% if not loop.last %}","{% endif %}
+        {%- endfor %}
+
+systemctl_path: /etc/systemd/system
@@ -0,0 +1,3 @@
+---
+- name: restart dashboards
+  systemd: name=dashboards state=restarted enabled=yes
@@ -0,0 +1,40 @@
+---
+
+- name: Dashboards Install | Download opensearch dashbaord {{ os_version }}
+  get_url:
+    url: "{{ os_download_url }}-dashboards/{{ os_version }}/opensearch-dashboards-{{ os_version }}-linux-x64.tar.gz"
+    dest: "/tmp/opensearch-dashboards.tar.gz"
+  register: download
+
+- name: Dashboards Install | Create opensearch user
+  user:
+    name: "{{ os_user }}"
+    state: present
+    shell: /bin/bash
+  when: download.changed
+
+- name: Dashboards Install | Create home directory
+  file:
+    path: "{{ os_dashboards_home }}"
+    state: directory
+    owner: "{{ os_user }}"
+    group: "{{ os_user }}"
+  when: download.changed
+
+- name: Dashboards Install | Extract the tar file
+  command: chdir=/tmp/ tar -xvzf opensearch-dashboards.tar.gz -C "{{ os_dashboards_home }}" --strip-components=1
+  when: download.changed
+
+- name: Dashboards Install | Copy Configuration File
+  template:
+    src: opensearch_dashboards.yml
+    dest: "{{os_conf_dir}}/opensearch_dashboards.yml"
+    owner: "{{ os_user }}"
+    group: "{{ os_user }}"
+    mode: 0644
+    backup: yes
+
+- name: Dashboards Install | create systemd service
+  template:
+    src: dashboards.service
+    dest: "{{ systemctl_path }}/dashboards.service"
@@ -0,0 +1,13 @@
+---
+- name: Hosts | populate inventory into hosts file
+  blockinfile:
+    dest: /etc/hosts
+    block: |-
+      {% for item in groups['os-cluster'] %}
+      {{ hostvars[item]['ip'] }} {{ item }}.{{ domain_name }} {{ item }}
+      {% endfor %}
+    state: present
+    create: yes
+    backup: yes
+    marker: "# Ansible inventory hosts {mark}"
+  when: populate_inventory_to_hosts_file
@@ -0,0 +1,28 @@
+---
+
+- hostname:
+    name: "{{ inventory_hostname }}"
+
+- name: Disable the selinux
+  selinux:
+    state: disabled
+
+- name: Populate the nodes to /etc/hosts
+  import_tasks: etchosts.yml
+
+- name: include dashboards installation
+  include: dashboards.yml
+
+- name: Make sure opensearch dashboards is started
+  service:
+    name: dashboards
+    state: started
+    enabled: yes
+
+- name: Get all the installed dashboards plugins
+  command: "sudo -u {{ os_user }} {{ os_plugin_bin_path }} list"
+  register: list_plugins
+
+- name: Show all the installed dashboards plugins
+  debug:
+    msg: "{{ list_plugins.stdout }}"
@@ -0,0 +1,48 @@
+[Unit]
+Description=opensearch-dashboards
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+RuntimeDirectory=opensearch-dashboards
+PrivateTmp=true
+
+WorkingDirectory={{ os_dashboards_home }}
+
+User=opensearch
+Group=opensearch
+
+ExecStart={{ os_dashboards_home }}/bin/opensearch-dashboards -q
+
+StandardOutput=journal
+StandardError=inherit
+
+# Specifies the maximum file descriptor number that can be opened by this process
+LimitNOFILE=65535
+
+# Specifies the maximum number of processes
+LimitNPROC=4096
+
+# Specifies the maximum size of virtual memory
+LimitAS=infinity
+
+# Specifies the maximum file size
+LimitFSIZE=infinity
+
+# Disable timeout logic and wait until process is stopped
+TimeoutStopSec=0
+
+# SIGTERM signal is used to stop the Java process
+KillSignal=SIGTERM
+
+# Send the signal only to the JVM rather than its control group
+KillMode=process
+
+# Java process is never killed
+SendSIGKILL=no
+
+# When a JVM receives a SIGTERM signal it exits with code 143
+SuccessExitStatus=143
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,13 @@
+server.port: 5601
+server.host: "{{ hostvars[inventory_hostname]['ip'] }}"
+opensearch.hosts: ["{{ os_nodes_dashboards }}"]
+opensearch.ssl.verificationMode: none
+opensearch.username: "kibanaserver"
+opensearch.password: "{{ kibanaserver_password }}"
+opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
+
+opensearch_security.multitenancy.enabled: true
+opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+# Use this setting if you are running dashboards without https
+opensearch_security.cookie.secure: false
@@ -0,0 +1,3 @@
+---
+# vars file for opensearch
+java: "{{ es_java | default('java-1.8.0-openjdk.x86_64') }}"
@@ -0,0 +1,22 @@
+---
+
+os_nodes: |-
+        {% for item in groups['os-cluster'] -%}
+          {{ item }}{% if not loop.last %}","{% endif %}
+        {%- endfor %}
+
+os_master_nodes: |-
+        {% for item in groups['master'] -%}
+          {{ item }}{% if not loop.last %}","{% endif %}
+        {%- endfor %}
+
+populate_inventory_to_hosts_file: true
+
+os_home: /usr/share/opensearch
+os_conf_dir: /usr/share/opensearch/config
+os_plugin_bin_path: /usr/share/opensearch/bin/opensearch-plugin
+os_sec_plugin_conf_path: /usr/share/opensearch/plugins/opensearch-security/securityconfig
+os_sec_plugin_tools_path: /usr/share/opensearch/plugins/opensearch-security/tools
+os_api_port: 9200
+
+systemctl_path: /etc/systemd/system
@@ -0,0 +1,10 @@
+---
+# handlers file for opensearch
+- name: reload systemd configuration
+  become: yes
+  command: systemctl daemon-reload
+
+# Restart service and ensure it is enabled
+
+- name: restart opensearch
+  systemd: name=opensearch state=restarted enabled=yes
@@ -0,0 +1,13 @@
+---
+- name: Hosts | populate inventory into hosts file
+  blockinfile:
+    dest: /etc/hosts
+    block: |-
+      {% for item in groups['os-cluster'] %}
+      {{ hostvars[item]['ip'] }} {{ item }}.{{ domain_name }} {{ item }}
+      {% endfor %}
+    state: present
+    create: yes
+    backup: yes
+    marker: "# Ansible inventory hosts {mark}"
+  when: populate_inventory_to_hosts_file
@@ -0,0 +1,42 @@
+---
+
+- hostname:
+    name: "{{ inventory_hostname }}"
+
+- name: Disable the selinux
+  selinux:
+    state: disabled
+
+- name: Populate the nodes to /etc/hosts
+  import_tasks: etchosts.yml
+
+- name: include opensearch installation
+  include: opensearch.yml
+
+- name: include security plugin for opensearch
+  include: security.yml
+
+- name: Make sure opensearch is started
+  service:
+    name: opensearch
+    state: started
+    enabled: yes
+
+- name: Get all the installed ES plugins
+  command: "{{ os_plugin_bin_path }} list"
+  register: list_plugins
+
+- name: Show all the installed ES plugins
+  debug:
+    msg: "{{ list_plugins.stdout }}"
+
+- name: Wait for opensearch to startup
+  wait_for: host={{ hostvars[inventory_hostname]['ip'] }} port={{os_api_port}} delay=5 connect_timeout=1
+
+- name: Check the opensearch status
+  command: curl https://{{ inventory_hostname }}:9200/_cluster/health?pretty -u 'admin:{{ admin_password }}' -k
+  register: os_status
+
+- name: Show the opensearch status
+  debug:
+    msg: "{{ os_status.stdout }}"