[M/W] RockyLinux 9 환경에서 OpenSearch 구성 및 테스트 - II - OpenSearch
페이지 정보
작성자 꿈꾸는여행자 작성일 25-12-18 13:28 조회 302 댓글 0본문
꿈꾸는여행자입니다.
계속해서
이번 항목에서는
OpenSearch 구성 관련 사항입니다.
상세 내역은 아래와 같습니다.
감사합니다.
> 아래
________________
목차
III. OpenSearch
2. OpenSearch
2.1. Configure important host settings
2.1.1. Linux settings
2.2. Deploy an OpenSearch cluster using Docker Compose
2.2.1. 디렉터리 구성
2.2.2. Setting a custom admin password
2.2.3. Setting docker-compose.yml
2.2.4. 기동
2.2.5. 점검
________________
상세
III. OpenSearch
2. OpenSearch
https://docs.opensearch.org/latest/install-and-configure/install-opensearch/docker/
2.1. Configure important host settings
Before installing OpenSearch using Docker, configure the following settings. These are the most important settings that can affect the performance of your services, but for additional information, see important system settings.
2.1.1. Linux settings
For a Linux environment, run the following commands:
* Disable memory paging and swapping performance on the host to improve performance.
* sudo swapoff -a
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab && sudo swapoff -a
grep swap /etc/fstab && sudo swapon --show
[root@opensearch ~]# sudo swapoff -a
[root@opensearch ~]# sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab && sudo swapoff -a
[root@opensearch ~]# grep swap /etc/fstab && sudo swapon --show
#/dev/mapper/rl-swap none swap defaults 0 0
[root@opensearch ~]#
* * Increase the number of memory maps available to OpenSearch.
* # Edit the sysctl config file
sudo vi /etc/sysctl.conf
# Add a line to define the desired value
# or change the value if the key exists,
# and then save your changes.
vm.max_map_count=262144
# Reload the kernel parameters using sysctl
sudo sysctl -p
# Verify that the change was applied by checking the value
cat /proc/sys/vm/max_map_count
grep vm.max_map_count /etc/sysctl.conf
root@opensearch ~]# sudo vi /etc/sysctl.conf
[root@opensearch ~]# sudo sysctl -p
vm.max_map_count = 262144
[root@opensearch ~]# cat /proc/sys/vm/max_map_count
262144
[root@opensearch ~]# grep vm.max_map_count /etc/sysctl.conf
vm.max_map_count=262144
[root@opensearch ~]#
*
2.2. Deploy an OpenSearch cluster using Docker Compose
Although it is technically possible to build an OpenSearch cluster by creating containers one command at a time, it is far easier to define your environment in a YAML file and let Docker Compose manage the cluster. The following section contains example YAML files that you can use to launch a predefined cluster with OpenSearch and OpenSearch Dashboards. These examples are useful for testing and development, but are not suitable for a production environment. If you don’t have prior experience using Docker Compose, you may wish to review the Docker Compose specification for guidance on syntax and formatting before making any changes to the dictionary structures in the examples.
The YAML file that defines the environment is referred to as a Docker Compose file. By default, docker-compose commands will first check your current directory for a file that matches any of the following names:
* docker-compose.yml
* docker-compose.yaml
* compose.yml
* compose.yaml
If none of those files exist in your current directory, the docker-compose command fails.
You can specify a custom file location and name when invoking docker-compose with the -f flag:
# Use a relative or absolute path to the file.
docker compose -f /path/to/your-file.yml up
If this is your first time launching an OpenSearch cluster using Docker Compose, use the following example docker-compose.yml file. Save it in the home directory of your host and name it docker-compose.yml. This file creates a cluster that contains three containers: two containers running the OpenSearch service and a single container running OpenSearch Dashboards. These containers communicate over a bridge network called opensearch-net and use two volumes, one for each OpenSearch node. Because this file does not explicitly disable the demo security configuration, self-signed TLS certificates are installed and internal users with default names and passwords are created.
2.2.1. 디렉터리 구성
config/opensearch.yml, config/opensearch_dashboards.yml 커스텀 시 이 디렉터리를 사용합니다.
# 디렉토리 구성
sudo mkdir -p /opt/opensearch/{data-node1,data-node2,dashboards,config}
cd /opt/opensearch
# 소유자/그룹을 UID 1000 으로 맞춤
sudo chown -R 1000:1000 data-node1 data-node2 dashboards
# (선택) 설정 파일도 동일 소유자 권장
sudo chown -R 1000:1000 config
# 권한 최소화 (읽기/쓰기만 허용)
sudo chmod -R 750 data-node1 data-node2 dashboards config
[root@opensearch ~]# sudo mkdir -p /opt/opensearch/{data-node1,data-node2,dashboards,config}
[root@opensearch ~]# cd /opt/opensearch
[root@opensearch opensearch]# sudo chown -R 1000:1000 data-node1 data-node2 dashboards
[root@opensearch opensearch]# sudo chown -R 1000:1000 config
[root@opensearch opensearch]# sudo chmod -R 750 data-node1 data-node2 dashboards config
[root@opensearch opensearch]#
2.2.2. Setting a custom admin password
OpenSearch 2.12+에서 데모 보안 구성 사용 시 관리자 비밀번호 지정이 필수입니다. 같은 폴더에 .env 파일을 만들어 둡니다.
Starting with OpenSearch 2.12, a custom admin password is required to set up a demo security configuration. Do one of the following:
* Create an .env file in the same folder as your docker-compose.yml file with the OPENSEARCH_INITIAL_ADMIN_PASSWORD and a strong password value.
* sudo cat > .env <<'EOF'
# 강력한 비밀번호로 변경하세요 (zxcvbn 기준 strong 권장)
OPENSEARCH_INITIAL_ADMIN_PASSWORD='ChangeMe_Strong_P@ss_123456'
# JVM 힙(예시). 서버 RAM의 50% 이내에서 조절.
OPENSEARCH_JAVA_OPTS='-Xms2g -Xmx2g'
EOF
[root@opensearch opensearch]# pwd
/opt/opensearch
[root@opensearch opensearch]# sudo cat > .env <<'EOF'
# 강력한 비밀번호로 변경하세요 (zxcvbn 기준 strong 권장)
OPENSEARCH_INITIAL_ADMIN_PASSWORD='ChangeMe_Strong_P@ss_123456'
# JVM 힙(예시). 서버 RAM의 50% 이내에서 조절.
OPENSEARCH_JAVA_OPTS='-Xms2g -Xmx2g'
EOF
[root@opensearch opensearch]# cat .env
# 강력한 비밀번호로 변경하세요 (zxcvbn 기준 strong 권장)
OPENSEARCH_INITIAL_ADMIN_PASSWORD='ChangeMe_Strong_P@ss_123456'
# JVM 힙(예시). 서버 RAM의 50% 이내에서 조절.
OPENSEARCH_JAVA_OPTS='-Xms2g -Xmx2g'
[root@opensearch opensearch]#
*
2.2.3. Setting docker-compose.yml
* Image
* opensearch
* https://hub.docker.com/r/opensearchproject/opensearch/tags
* opensearchproject/opensearch:3.2.0
* opensearch-dashboards
* https://hub.docker.com/r/opensearchproject/opensearch-dashboards/tags
* opensearchproject/opensearch-dashboards:3.2.0
vi docker-compose.yml
services:
opensearch-node1:
image: opensearchproject/opensearch:3.2.0
container_name: opensearch-node1
restart: unless-stopped
environment:
- cluster.name=opensearch-cluster
- node.name=opensearch-node1
- discovery.seed_hosts=opensearch-node1,opensearch-node2
- cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2
- bootstrap.memory_lock=true
- "OPENSEARCH_JAVA_OPTS=${OPENSEARCH_JAVA_OPTS}"
# 데모 보안 구성 비번 지정(2.12+ 필수)
- "OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD}"
# (필요 시) 데모 보안 구성 비활성화: - "DISABLE_SECURITY_PLUGIN=true"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- /opt/opensearch/data-node1:/usr/share/opensearch/data:Z
# (선택) 커스텀 설정 주입
# - ./config/opensearch.yml:/usr/share/opensearch/config/opensearch.yml:Z
ports:
- "9200:9200"
- "9600:9600"
networks:
- opensearch-net
opensearch-node2:
image: opensearchproject/opensearch:3.2.0
container_name: opensearch-node2
restart: unless-stopped
environment:
- cluster.name=opensearch-cluster
- node.name=opensearch-node2
- discovery.seed_hosts=opensearch-node1,opensearch-node2
- cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2
- bootstrap.memory_lock=true
- "OPENSEARCH_JAVA_OPTS=${OPENSEARCH_JAVA_OPTS}"
- "OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD}"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- /opt/opensearch/data-node2:/usr/share/opensearch/data:Z
# - ./config/opensearch.yml:/usr/share/opensearch/config/opensearch.yml:Z
networks:
- opensearch-net
dashboards:
image: opensearchproject/opensearch-dashboards:3.2.0
container_name: opensearch-dashboards
restart: unless-stopped
environment:
# Dashboards의 환경변수는 대문자+점(.) 대신 언더스코어 사용
# 예: opensearch.hosts -> OPENSEARCH_HOSTS
OPENSEARCH_HOSTS: '["https://opensearch-node1:9200","https://opensearch-node2:9200"]'
ports:
- "5601:5601"
depends_on:
- opensearch-node1
- opensearch-node2
volumes:
- /opt/opensearch/dashboards:/usr/share/opensearch-dashboards/data:Z
# - ./config/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml:Z
networks:
- opensearch-net
networks:
opensearch-net:
driver: bridge
[root@opensearch opensearch]# cat docker-compose.yml
services:
opensearch-node1:
image: opensearchproject/opensearch:3.2.0
container_name: opensearch-node1
restart: unless-stopped # 컨테이너가 중지되지 않는 한 자동 재시작
environment:
- cluster.name=opensearch-cluster
- node.name=opensearch-node1
- discovery.seed_hosts=opensearch-node1,opensearch-node2
- cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2
- bootstrap.memory_lock=true
- "OPENSEARCH_JAVA_OPTS=${OPENSEARCH_JAVA_OPTS}"
# 데모 보안 구성 비번 지정(2.12+ 필수)
- "OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD}"
# (필요 시) 데모 보안 구성 비활성화: - "DISABLE_SECURITY_PLUGIN=true"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- /opt/opensearch/data-node1:/usr/share/opensearch/data:Z
# (선택) 커스텀 설정 주입
# - ./config/opensearch.yml:/usr/share/opensearch/config/opensearch.yml:Z
ports:
- "9200:9200"
- "9600:9600"
networks:
- opensearch-net
opensearch-node2:
image: opensearchproject/opensearch:3.2.0
container_name: opensearch-node2
restart: unless-stopped # 컨테이너가 중지되지 않는 한 자동 재시작
environment:
- cluster.name=opensearch-cluster
- node.name=opensearch-node2
- discovery.seed_hosts=opensearch-node1,opensearch-node2
- cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2
- bootstrap.memory_lock=true
- "OPENSEARCH_JAVA_OPTS=${OPENSEARCH_JAVA_OPTS}"
- "OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD}"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- /opt/opensearch/data-node2:/usr/share/opensearch/data:Z
# - ./config/opensearch.yml:/usr/share/opensearch/config/opensearch.yml:Z
networks:
- opensearch-net
dashboards:
image: opensearchproject/opensearch-dashboards:3.2.0
container_name: opensearch-dashboards
restart: unless-stopped # 컨테이너가 중지되지 않는 한 자동 재시작
environment:
# Dashboards의 환경변수는 대문자+점(.) 대신 언더스코어 사용
# 예: opensearch.hosts -> OPENSEARCH_HOSTS
OPENSEARCH_HOSTS: '["https://opensearch-node1:9200","https://opensearch-node2:9200"]'
ports:
- "5601:5601"
depends_on:
- opensearch-node1
- opensearch-node2
volumes:
- /opt/opensearch/dashboards:/usr/share/opensearch-dashboards/data:Z
# - ./config/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml:Z
networks:
- opensearch-net
networks:
opensearch-net:
driver: bridge
[root@opensearch opensearch]#
[root@opensearch opensearch]# pwd
/opt/opensearch
[root@opensearch opensearch]#
2.2.4. 기동
From the home directory of your host (containing docker-compose.yml), create and start the containers in detached mode:
# 최초 기동
docker compose up -d
[root@opensearch opensearch]# pwd
/opt/opensearch
[root@opensearch opensearch]# docker compose up -d
[+] Running 14/14
✔ opensearch-node1 Pulled 76.8s
✔ dashboards Pulled 81.3s
✔ 67dce92b639c Pull complete 6.8s
✔ fc2eb3f8a0b9 Pull complete 8.5s
✔ a3c4c3a13e8c Pull complete 8.6s
✔ 5ef270eff702 Pull complete 71.7s
✔ opensearch-node2 Pulled 76.5s
✔ b9bd06b1e98f Pull complete 4.4s
✔ fa8aa3279ea9 Pull complete 4.7s
✔ 02e053413b83 Pull complete 4.8s
✔ fcdb60fbb206 Pull complete 55.1s
✔ 4f4fb700ef54 Pull complete 72.5s
✔ e53b047a1863 Pull complete 60.7s
✔ f2a93b8e507c Pull complete 63.3s
[+] Running 4/4
✔ Network opensearch_opensearch-net Created 0.3s
✔ Container opensearch-node2 Started 8.6s
✔ Container opensearch-node1 Started 8.6s
✔ Container opensearch-dashboards Started 1.4s
[root@opensearch opensearch]#
2.2.4.1. 중지
* 기동중인 OpenSearch 중지
cd /opt/opensearch
docker-compose stop
[root@opensearch opensearch]# cat .env
# 강력한 비밀번호로 변경하세요 (zxcvbn 기준 strong 권장)
OPENSEARCH_INITIAL_ADMIN_PASSWORD='ChangeMe_Strong_P@ss_123456'
# JVM 힙(예시). 서버 RAM의 50% 이내에서 조절.
OPENSEARCH_JAVA_OPTS='-Xms2g -Xmx2g'
[root@opensearch opensearch]# vi .env
[root@opensearch opensearch]# docker-compose stop
[+] Stopping 3/3
✔ Container opensearch-dashboards Stopped 0.5s
✔ Container opensearch-node1 Stopped 0.3s
✔ Container opensearch-node2 Stopped 0.3s
[root@opensearch opensearch]#
2.2.4.2. 기동
OPENSEARCH_JAVA_OPTS 수정후 기동
docker compose up -d
[root@opensearch opensearch]# vi .env
[root@opensearch opensearch]# cat .env
# 강력한 비밀번호로 변경하세요 (zxcvbn 기준 strong 권장)
OPENSEARCH_INITIAL_ADMIN_PASSWORD='ChangeMe_Strong_P@ss_123456'
# JVM 힙(예시). 서버 RAM의 50% 이내에서 조절.
#OPENSEARCH_JAVA_OPTS='-Xms1g -Xmx1g'
OPENSEARCH_JAVA_OPTS='-Xms2g -Xmx2g'
[root@opensearch opensearch]# docker compose up -d
[+] Running 4/4
✔ Network opensearch_opensearch-net Created 0.1s
✔ Container opensearch-node1 Started 0.2s
✔ Container opensearch-node2 Started 0.2s
✔ Container opensearch-dashboards Started 0.4s
[root@opensearch opensearch]#
2.2.5. 점검
* 서비스 상태 확인
* # 상태 확인
docker compose ps
docker compose logs opensearch-node1 --tail=100
docker compose logs opensearch-node1 --tail=5
docker compose logs opensearch-dashboards --tail=100
docker compose logs dashboards --tail=5
댓글목록 0
등록된 댓글이 없습니다.