Skip to main content
Version: 5.1

Configuring Additional Components

Firewall

All of our installers display a message with an example firewall configuration at the end. This example is not recommended for production environments, only for testing.

For a test environment, it's sufficient to allow access on the port from anywhere. For example, to allow access to OpenSearch-Dashboards, enter the following command as the root user:

firewall-cmd --add-port=5601/tcp

This rule will be active until the firewalld service or the OS is restarted. To make the rule permanent, modify the command:

firewall-cmd --permanent --zone=public --add-port=5601/tcp
firewall-cmd --reload

You can create a service in firewalld terminology, but in practice, it's not very convenient to use it for SAF.

For production environments, we recommend creating a separate zone in firewalld terminology and creating a rule within it to allow the necessary ports. The access filter to the zone can be a collection of IP addresses (ipset) or an interface if it is located entirely within a trusted zone.

If you use iptables instead of firewalld in your environment (assuming you have firewalld disabled), the following command will suffice for a test environment:

iptables -A INPUT -s 0.0.0.0/0 -p TCP --dport 5601 -j ACCEPT

This command will open port 5601/tcp for everyone, but the rule will be added to the end of the list. If a deny rule is used at the end, it's better to add the rule to the beginning (in the example, we add it instead of the first line):

iptables -I INPUT 1 -s 0.0.0.0/0 -p TCP --dport 5601 -j ACCEPT

Cluster Settings for Smart Monitor Single Instance

Single Instance refers to a cluster deployed on a single server that has been assigned at least the master and data roles. After installation, this cluster will have a yellow status. This occurs because replicas cannot be placed on the same node as primary shards. To change the cluster status to green, you need to set the number_of_replicas parameter to 0, thereby disabling replica creation both at the cluster configuration level and for individual indexes.

To check cluster settings, use the following command in the Developer Console (Main Menu - System Settings - Developer Console):

GET _cluster/settings?flat_settings&include_defaults

Example command output:

Output of the cluster configuration verification command

The following parameters should be set to 0:

  • cluster.default_number_of_replicas - sets the default number of replicas created for all new cluster indexes
  • opendistro.index_state_management.history.number_of_replicas - previously used to configure ISM log replicas in Open Distro (now a deprecated parameter)
  • plugins.index_state_management.history.number_of_replicas - sets the number of replicas for ISM log indexes in modern OpenSearch versions

Configure the cluster using this command:

PUT _cluster/settings
{
  "persistent": {
    "cluster.default_number_of_replicas": "0",
    "opendistro.index_state_management.history.number_of_replicas": "0",
    "plugins.index_state_management.history.number_of_replicas": "0"
  }
}

To identify indexes with incorrect replica configurations, execute this command in the Developer Console (Main Menu - System Settings - Developer Console):

GET _cluster/allocation/explain

Example command output:

Output of the index command with an incorrect replica configuration

View detailed index parameter information with this command in the Developer Console (Main Menu - System Settings - Developer Console):

GET <index>/_settings

Output of the detailed information command on the index parameters

For indexes with incorrect replica counts, set the number_of_replicas parameter to 0:

PUT <index>/_settings
{
  "settings": {
    "index": {
      "number_of_replicas": "0"
    }
  }
}