我的书签
添加书签
移除书签Docker image
You can pull the OpenSearch Docker image from either Docker Hub or the public gallery hosted on AWS Elastic Container Registry (ECR).
From Docker Hub:
docker pull opensearchproject/opensearch:latestdocker pull opensearchproject/opensearch-dashboards:latest
From AWS ECR:
docker pull public.ecr.aws/opensearchproject/opensearch:latestdocker pull public.ecr.aws/opensearchproject/opensearch-dashboards:latest
To download a specific version of OpenSearch or OpenSearch Dashboards, modify the image tag (latest) to point to a valid version number. For example, docker pull opensearchproject/opensearch:1.3.0 will download the image corresponding to OpenSearch 1.3.0.
To check available versions, see Docker Hub.
When you download a new version of OpenSearch and OpenSearch Dashboards, you need to modify your docker-compose.yml file with the image version number that you downloaded. For example, to update your images to version 2.2.0, replace the following two lines in the YAML file: image: opensearchproject/opensearch:2.2.0 and image: opensearchproject/opensearch-dashboards:2.2.0
OpenSearch images use amazonlinux:2 as the base image. If you run Docker locally, set Docker to use at least 4 GB of RAM in Preferences > Resources.
Run the image
To run the image for local development:
docker run -p 9200:9200 -p 9600:9600 -e "discovery.type=single-node" opensearchproject/opensearch:2.3.0
Then send requests to the server to verify that OpenSearch is up and running:
curl -XGET https://localhost:9200 -u 'admin:admin' --insecurecurl -XGET https://localhost:9200/_cat/nodes?v -u 'admin:admin' --insecurecurl -XGET https://localhost:9200/_cat/plugins?v -u 'admin:admin' --insecure
To find the container ID:
docker ps
Then you can stop the container using:
docker stop <container-id>
Start a cluster
To deploy multiple nodes and simulate a more realistic deployment, create a docker-compose.yml file appropriate for your environment and run:
docker-compose up
To stop the cluster, run:
docker-compose down
To stop the cluster and delete all data volumes, run:
docker-compose down -v
If you’re running your cluster in a production environment, be sure to refer to Important settings when configuring your machine and cluster.
Sample Docker Compose file
This sample file starts two data nodes and a container for OpenSearch Dashboards.
version: '3'services:opensearch-node1:image: opensearchproject/opensearch:2.3.0container_name: opensearch-node1environment:- cluster.name=opensearch-cluster- node.name=opensearch-node1- discovery.seed_hosts=opensearch-node1,opensearch-node2- cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2- bootstrap.memory_lock=true # along with the memlock settings below, disables swapping- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAMulimits:memlock:soft: -1hard: -1nofile:soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systemshard: 65536volumes:- opensearch-data1:/usr/share/opensearch/dataports:- 9200:9200- 9600:9600 # required for Performance Analyzernetworks:- opensearch-netopensearch-node2:image: opensearchproject/opensearch:2.3.0container_name: opensearch-node2environment:- cluster.name=opensearch-cluster- node.name=opensearch-node2- discovery.seed_hosts=opensearch-node1,opensearch-node2- cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2- bootstrap.memory_lock=true- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"ulimits:memlock:soft: -1hard: -1nofile:soft: 65536hard: 65536volumes:- opensearch-data2:/usr/share/opensearch/datanetworks:- opensearch-netopensearch-dashboards:image: opensearchproject/opensearch-dashboards:2.3.0container_name: opensearch-dashboardsports:- 5601:5601expose:- "5601"environment:OPENSEARCH_HOSTS: '["https://opensearch-node1:9200","https://opensearch-node2:9200"]' # must be a string with no spaces when specified as an environment variablenetworks:- opensearch-netvolumes:opensearch-data1:opensearch-data2:networks:opensearch-net:
If you override opensearch_dashboards.yml settings using environment variables, as seen above, use all uppercase letters and underscores in place of periods (e.g. for opensearch.hosts, use OPENSEARCH_HOSTS).
Configure OpenSearch
You can pass a custom opensearch.yml file to the Docker container using the -v flag for docker run:
docker run \-p 9200:9200 -p 9600:9600 \-e "discovery.type=single-node" \-v /<full-path-to>/custom-opensearch.yml:/usr/share/opensearch/config/opensearch.yml \opensearchproject/opensearch:2.3.0
You can perform the same operation in docker-compose.yml using a relative path:
services:opensearch-node1:volumes:- opensearch-data1:/usr/share/opensearch/data- ./custom-opensearch.yml:/usr/share/opensearch/config/opensearch.ymlopensearch-node2:volumes:- opensearch-data2:/usr/share/opensearch/data- ./custom-opensearch.yml:/usr/share/opensearch/config/opensearch.ymlopensearch-dashboards:volumes:- ./custom-opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
You can also configure docker-compose.yml and opensearch.yml to take your own certificates for use with the Security plugin.
(Optional) Set up Performance Analyzer
Enable the Performance Analyzer plugin:
curl -XPOST localhost:9200/_plugins/_performanceanalyzer/cluster/config -H 'Content-Type: application/json' -d '{"enabled": true}'
If you receive the
curl: (52) Empty reply from servererror, you are likely protecting your cluster with the security plugin and you need to provide credentials. Modify the following command to use your username and password:curl -XPOST https://localhost:9200/_plugins/_performanceanalyzer/cluster/config -H 'Content-Type: application/json' -d '{"enabled": true}' -u 'admin:admin' -k
Enable the Root Cause Analyzer (RCA) framework
curl -XPOST localhost:9200/_plugins/_performanceanalyzer/rca/cluster/config -H 'Content-Type: application/json' -d '{"enabled": true}'
Similar to step 1, if you run into
curl: (52) Empty reply from server, run the command below to enable RCAcurl -XPOST https://localhost:9200/_plugins/_performanceanalyzer/rca/cluster/config -H 'Content-Type: application/json' -d '{"enabled": true}' -u 'admin:admin' -k
By default, Performance Analyzer’s endpoints are not accessible from outside the Docker container.
To edit this behavior, open a shell session in the container and modify the configuration:
docker ps # Look up the container iddocker exec -it <container-id> /bin/bash# Inside containercd config/opensearch-performance-analyzer/vi performance-analyzer.properties
Uncomment the line
#webservice-bind-hostand set it to0.0.0.0:# ======================== OpenSearch performance analyzer plugin config =========================# NOTE: this is an example for Linux. Please modify the config accordingly if you are using it under other OS.# WebService bind host; default to all interfaceswebservice-bind-host = 0.0.0.0# Metrics data locationmetrics-location = /dev/shm/performanceanalyzer/# Metrics deletion interval (minutes) for metrics data.# Interval should be between 1 to 60.metrics-deletion-interval = 1# If set to true, the system cleans up the files behind it. So at any point, we should expect only 2# metrics-db-file-prefix-path files. If set to false, no files are cleaned up. This can be useful, if you are archiving# the files and wouldn't like for them to be cleaned up.cleanup-metrics-db-files = true# WebService exposed by App's portwebservice-listener-port = 9600# Metric DB File Prefix Path locationmetrics-db-file-prefix-path = /tmp/metricsdb_https-enabled = false#Setup the correct path for certificatescertificate-file-path = specify_pathprivate-key-file-path = specify_path# Plugin Stats Metadata file name, expected to be in the same locationplugin-stats-metadata = plugin-stats-metadata# Agent Stats Metadata file name, expected to be in the same locationagent-stats-metadata = agent-stats-metadata
Then restart the Performance Analyzer agent:
kill $(ps aux | grep -i 'PerformanceAnalyzerApp' | grep -v grep | awk '{print $2}')
Bash access to containers
To create an interactive Bash session in a container, run docker ps to find the container ID. Then run:
docker exec -it <container-id> /bin/bash
Install, configure or remove plugins
To run the image with a custom plugin, first create a Dockerfile:
FROM opensearchproject/opensearch:2.3.0RUN /usr/share/opensearch/bin/opensearch-plugin install --batch <plugin-name-or-url>
Then run the following commands:
docker build --tag=opensearch-custom-plugin .docker run -p 9200:9200 -p 9600:9600 -v /usr/share/opensearch/data opensearch-custom-plugin
You can also use a Dockerfile to pass your own certificates for use with the security plugin, similar to the -v argument in Configure OpenSearch:
FROM opensearchproject/opensearch:2.3.0COPY --chown=opensearch:opensearch opensearch.yml /usr/share/opensearch/config/COPY --chown=opensearch:opensearch my-key-file.pem /usr/share/opensearch/config/COPY --chown=opensearch:opensearch my-certificate-chain.pem /usr/share/opensearch/config/COPY --chown=opensearch:opensearch my-root-cas.pem /usr/share/opensearch/config/
Alternately, you might want to remove a plugin. This Dockerfile removes the security plugin:
FROM opensearchproject/opensearch:2.3.0RUN /usr/share/opensearch/bin/opensearch-plugin remove opensearch-securityCOPY --chown=opensearch:opensearch opensearch.yml /usr/share/opensearch/config/
In this case, opensearch.yml is a “vanilla” version of the file with no plugin entries. It might look like this:
cluster.name: "docker-cluster"network.host: 0.0.0.0
Sample Docker Compose file for development
You can use this sample file as a development environment.
This sample file starts one OpenSearch node and a container for OpenSearch Dashboards with the security plugin disabled.
version: '3'services:opensearch-node1:image: opensearchproject/opensearch:2.3.0container_name: opensearch-node1environment:- cluster.name=opensearch-cluster- node.name=opensearch-node1- bootstrap.memory_lock=true # along with the memlock settings below, disables swapping- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM- "DISABLE_INSTALL_DEMO_CONFIG=true" # disables execution of install_demo_configuration.sh bundled with security plugin, which installs demo certificates and security configurations to OpenSearch- "DISABLE_SECURITY_PLUGIN=true" # disables security plugin entirely in OpenSearch by setting plugins.security.disabled: true in opensearch.yml- "discovery.type=single-node" # disables bootstrap checks that are enabled when network.host is set to a non-loopback addressulimits:memlock:soft: -1hard: -1nofile:soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systemshard: 65536volumes:- opensearch-data1:/usr/share/opensearch/dataports:- 9200:9200- 9600:9600 # required for Performance Analyzernetworks:- opensearch-netopensearch-dashboards:image: opensearchproject/opensearch-dashboards:2.3.0container_name: opensearch-dashboardsports:- 5601:5601expose:- "5601"environment:- 'OPENSEARCH_HOSTS=["http://opensearch-node1:9200"]'- "DISABLE_SECURITY_DASHBOARDS_PLUGIN=true" # disables security dashboards plugin in OpenSearch Dashboardsnetworks:- opensearch-netvolumes:opensearch-data1:networks:opensearch-net:
The environment variable "DISABLE_SECURITY_DASHBOARDS_PLUGIN=true" disables the security dashboards plugin in OpenSearch Dashboards by removing the security dashboards plugin folder, removing all related settings in the opensearch_dashboards.yml file, and setting the opensearch.hosts entry protocol from HTTPS to HTTP. You can’t reverse this step as the security dashboards plugin is removed in the process. To re-enable security for OpenSearch Dashboards, start a new container and set DISABLE_SECURITY_DASHBOARDS_PLUGIN to false or leave it unset.
