Skip to main content

Installing Search Anywhere Framework (SAF)

In a production environment, it is recommended to use a separate server for each component. This documentation covers installation using the Search Anywhere Framework installer, and all recommendations will be provided for this type of installation.

We recommend using RHEL versions 7 and 8. The installer has been tested on the following operating systems:

  1. Red Hat Enterprise Linux (RHEL) 8
  2. Astra Linux CE 2.12.45, Astra Linux CE 2.12.46, Astra Linux SE 1.7
  3. Ubuntu Server 20.04 and 22.04
  4. RedOS MUROM 7.3
warning

It is recommended to use SSD drives whenever possible, as this significantly improves the performance of I/O operations related to indexing and searching data.

With a large incoming data stream, it is recommended to allocate a larger number of processor cores per node to ensure a high degree of parallelism for event indexing. For intensive data searches, it is recommended to increase the clock speed of the cores.

Configuration of all important parameters for the tested operating systems happens automatically and does not require any additional actions from the administrator. Certain pre-installed packages are required, as described below. Typically, the Search Anywhere Framework installer is an archive containing component directories, an installer for each component, all their packages and modules.

You should also have a license. The location of the license does not affect the operation of the installers. During the OpenSearch installation, the license is copied and must be located in the $HOME_OPENSEARCH/config/sme directory.

Along with OpenSearch, the search engine SA Engine is installed. It is used in almost all modules and also has a component called SA Engine Remote Execution, used for running various scripts written in python. It can use the memcached software package to store intermediate results of scripts or to save variables.

All installers are located in their respective directories, are named install.sh, and work with the bash command-line interpreter. The installer is an interactive script. After launching the installer, you will need to enter installation parameters. When specifying paths, you can use the Tab key for autocompletion if the directory or file already exists. The following directories can be found at the root of the installer:

  • branding – images and logos for OpenSearch Dashboards
  • certs – parameters for creating private keys and certificates; it is recommended to place the private key and CA certificate in this directory
  • config – system configuration templates, Java, etc.
  • plugins – a set of plugins for installation; installed automatically when using the installer
  • services – service configuration templates
  • sme-re – the sme-re executable file
  • source – contains a tar.gz archive with the source files for OpenSearch, OpenSearch Dashboards, and Logstash
  • staging – this directory appears after launching the installer and contains preliminary settings depending on the selected parameters
  • utils – sets of additional scripts, utilities, configuration examples

The installer must be run as a superuser, preferably root.

Do you want to use memcached in your Search Anywhere Framework? [y/N]:

Square brackets will indicate either default values or choices where you need to specify "yes" (y) or "no" (n).

The image above shows an example of such a question. If you simply press the Enter key, the value N, i.e., no, will be selected.

At the end of each stage, before continuing, a list of parameters for the current stage is displayed. You can confirm the correctness of the input by typing y and pressing Enter, and the installation will continue, or you can refuse, and you will be prompted to enter the parameters for the stage again. Therefore, if you made a mistake while filling in the parameters, it is not necessary to completely interrupt the installation.

Before making the final changes to the operating system, you will be asked to confirm the actions.

================================================================================
-- SEARCH ANYWHERE FRAMEWORK SUCCESSFULLY INSTALLED!
================================================================================

If you do not see a message confirming successful installation after the installation is complete, an error has occurred. The example above shows a successful installation. During installation, a default user is created for accessing resources:

  • username: admin;
  • password: P@ssWoRdElastic.

Preliminary Actions

For the Search Anywhere Framework installer to function correctly, the following packages must be installed:

  • zip version 3.0 and above
  • openssl version 1.0.2k and above

For RHEL 8, you need to additionally install libnsl2 version 1.2.0 or higher, or libnsl version 2.28 and higher. Also, for the SA Engine Remote Execution component, you can optionally install memcached version 1.5.22 and higher.

Download the Search Anywhere Framework installer archive to the server and then unpack it in the command line as the root user:

$ tar -xzf saf-installer.tar.gz -C /opt/

During the installation process, some settings are made in the operating system. No action is required from the administrator; most settings are made automatically. To familiarize yourself with the list of changes, please read the article OS Settings.

Installation

The further installation procedure is described in the following articles.

Important

After installing the components, it is strongly recommended to configure the basic module settings as described in Post-Installation Configuration of Search Anywhere Framework.