Installing SA Web
Conventions:
SAF_INSTALLER- the directory where theSA Webinstallation package is unpacked.
For SA Web to function correctly, you need to specify the entire list of nodes in the SA Data Storage cluster and the installed SA Engine. If you have a separation into hot and cold storage types, it is sufficient to specify the hot nodes.
General Information
Unpack the installation package into a directory, for example, /app/distr and specify the unpacked directory as a variable:
tar xzf saf-installer-4.2-full.tar.gz -C /app/distr/
SAF_INSTALLER=/app/distr/saf_4.2/
SA Web is based on OpenSearch-Dashboards, so the article will sometimes use this as an alternative name.
Run the SA Web installer as the root user, specifying the path to it:
${SAF_INSTALLER}/opensearch-dashboards/install.sh
We recommend using a separate server for installing SA Web. The default owner for SA Web directories is opensearch and the group is opensearch.
The installer supports the following parameters:
-c, --config <path_to_config_file_yaml>- use a configuration file for installation-h, --help- display help
The installer supports the use of a configuration file; all parameters in the file correspond to the questions and parameters during manual installation.
Example configuration file ${SAF_INSTALLER}/opensearch-dashboards/example_config_dashboards.yaml
OpensearchDashboards:
openSearchDashboardsLocation:
# Use already existing directories if found (if not will use default dirs)
USE_PREVIOUS_OSD_PATHS: n
# User for install
KBN_USER: opensearch
# Group for install
KBN_GROUP: opensearch
# Home path to install directory
KBN_PATH_HOME: "/app/opensearch-dashboards"
# Directory OpenSearch Dashboards configuration
KBN_PATH_CONFIG: "/app/opensearch-dashboards/config"
# Directory OpenSearch Dashboards data storage
KBN_PATH_DATA: "/app/data/opensearch-dashboards"
# Directory OpenSearch Dashboards logs storage
KBN_PATH_LOGS: "/app/logs/opensearch-dashboards"
baseOpenSearchDashboardsParameters:
# Name of the current node
NODE_NAME: saf-osd
# Servers with roles master
ES_HOST_LIST: https://127.0.0.1:9200
# Using existing certificates and keys
USE_EXISTING_CERTS: y
# Using existing CA certificate and private key to generate node certificate and private key
EXISTING_CA_CERT: y
# Path to CA cert
CA_CERT_PATH: "/app/opensearch/config/ca-cert.pem"
# Path to CA key
CA_KEY_PATH: "/app/opensearch/config/ca-key.pem"
# Path to existing node certificate
EXISTING_NODE_CERT: "./certs/node-cert.pem"
# Path to existing node private key
EXISTING_NODE_PRKEY: "./certs/node-key.pem"
# CN for node certificate
CERT_NODE_NAME: saf-osd
# Country code
CERT_COUNTRY: AE
# Region
CERT_STATE: Dubai
# City
CERT_CITY: Dubai
# Name organization
CERT_ORG: SAF Test Org
# IP to connect current node
CERT_NODE_IP: 127.0.0.1
installationProceed:
# Kill processes of kibana and opensearch dashboards if they started
kill_current_instance: "y"
# Clear existed folders
clear_existed_folders: "y"
# Making changes to the operating system
continue_installation: "y"
In the configuration file, all parameters are configured to install SA Web on the same server alongside a single SA Data Storage node and SA Master Node.
Installing the Main Directories
The installer checks for running OpenSearch-Dashboards or Kibana services and, if found, asks whether to continue the installation.
================================================================================
SEARCH ANYWHERE FRAMEWORK INSTALL SCRIPT - OPENSEARCH DASHBOARDS
================================================================================
Current working directory: /app/distr/saf_4.2/opensearch-dashboards
Current name of install's archive: opensearch-dashboards-2.13.0-linux-x64.tar.gz
Current version OpenSearch-Dashboards: 2.13.0
================================================================================
-- STEP 1. INSTALLATION DIRECTORIES
!!! You have running instance of OpenSearch-Dashboards. Installer support only one running instance per node.
Do you want to continue? [y/N]:
This image also shows the detected installation archive and the version of OpenSearch-Dashboards to be installed. By default, the installation will be canceled. To continue, you must enter y. If the installation continues, the running service will be stopped.
In the first step, the main installation directories are specified. We recommend storing all files related to SAF in a single directory /app; this will simplify maintenance later.
If you are performing a test installation and plan to install all SAF components on one server, you must specify separate directories for each component. You need to enter the following directories:
Home directory— the installation directory forSA WebConf directory— the location of the configuration filesData directory— the directory for storing various files used during the operation ofSA WebLogs directory— the directory for storing logs
-- STEP 1. INSTALLATION DIRECTORIES
Opensearch Dashboards home directory [/app/opensearch-dashboards]:
Opensearch Dashboards conf directory [/app/opensearch-dashboards/config]:
Opensearch Dashboards data directory [/app/data]: /app/data/opensearch-dashboards/
Opensearch Dashboards logs directory [/app/logs]: /app/logs/opensearch-dashboards/
Final Opensearch Dashboards home directory: /app/opensearch-dashboards
Final Opensearch Dashboards conf directory: /app/opensearch-dashboards/config
Final Opensearch Dashboards data directory: /app/data/opensearch-dashboards/
Final Opensearch Dashboards logs directory: /app/logs/opensearch-dashboards/
Is this correct? [y/n]:
After entering, confirm the correctness of the data. The installer will analyze the existing directories, and if they are not empty, it will issue a warning again:
!!! You've chosen non-empty directories. All files will be deleted.
Do you want to continue? [y/N]:
If you continue, all contents of the specified directories will be deleted without the possibility of recovery!
To continue the installation, you need to enter y again and press Enter.
Setting Server Parameters
In this step, the basic parameters of SA Web are entered:
Node name— the name of the currentSA WebserverBind address— the interface thatSA Webwill listen on. By default, all available network interfaces are listened to. You can specify multiple IP addresses.OpenSearch host list— one or more addresses for connecting toOpenSearchnodes with thedatarole, listed in quotes and separated by commas. The address must include thehttpsprotocol and the port number for connection.
-- STEP 2. BASE OPENSEARCH DASHBOARDS PARAMETERS
Node name [saf-node-00]:
Bind address [0.0.0.0]:
Opensearch host list ["https://localhost:9200"]:
Final node name: smos-node-00
Final bind address: "0.0.0.0"
Final Opensearch host list: [ "https://localhost:9200" ]
Is this correct? [y/n]:
After entering, you need to confirm the correctness of the data.
Setting Certificate Parameters
When creating the private key, the RSA cryptographic algorithm with a length of 2048 bits is used, and the SHA-256 algorithm is used to create the digital fingerprint. The administrator and current server certificates are created for 1095 days.
This step configures the key and certificate parameters for the current server. If a self-signed CA certificate was used when installing the first OpenSearch node, it must be copied to the current server to sign the node certificate with the same CA. There is an option to use your own certificates.
Do you want to use your existing certificates and keys?— Do you want to use existing certificate and key files? You can specify your own files or use the built-in algorithm.Do you want to use an existing CA certificate and private key to generate certificates and keys for this node?— If you choose N, you will need to manually provide all the necessary certificates for the node to work. Otherwise, by choosing Y, the remaining certificates will be automatically generated based on the CA certificate and key.Path to CA certificate— Path to the root certificate. The certificate must be the same on all SAF components.Path to CA key— Path to the private key. The key must be the same on all SAF components.CN for node certificate— Common name for the current server.Country for node certificate— Country name for the current server.State for node certificate— State/region name for the current server.Locality for node certificate— City name for the current server.Organization for node certificate— Organization name for the current server.External IP— The external IP address of the current server, which will be used to interact with other components. The script will automatically collect external addresses on the current server and offer them as the default value.
Below is an example specifying an existing CA private key and certificate:
-- STEP 3. OPENSEARCH SECURITY SSL/TLS SETTINGS
Do you want to use your existing certificates and keys? [Y/n]: y
Do you want to use an existing CA certificate and private key to generate certificates and keys for this node? [Y/n] y
Path to CA certificate [./certs/ca-cert.pem]: /app/opensearch/config/ca-cert.pem
Path to CA key [./certs/ca-key.pem]: /app/opensearch/config/ca-key.pem
CN for node certificate [saf-node-00]:
Country for node certificate [RU]:
State for node certificate [Moscow]:
Locality (city) for node certificate [Moscow]:
Organization for node certificate [SAF Test Org]:
External IP for alt_names extension [172.16.0.27]:
Final path to CA certificate: /app/opensearch/config/ca-cert.pem
Final path to CA key: /app/opensearch/config/ca-key.pem
Final CN for node certificate: smos-node-00
Final country for node certificate: RU
Final state for node certificate: Moscow
Final locality (city) for node certificate: Moscow
Final organization for node certificate: SMOS Test Org
External IP for alt_names extension: 172.16.0.27
Is this correct? [y/n]:
Generating Configuration Files
No action is required from the administrator at this stage. This stage is conditionally divided into two parts:
- Preparing temporary directories, performing checks, preparing templates
- Generating configuration files from the specified parameters
Creating Certificates
No action is required from the administrator at this stage. The private key and certificate of the current server are created from the specified parameters.
Unpacking the Archive and Modifying Configuration Files
No action is required from the administrator at this stage. The archive containing OpenSearch Dashboards is unpacked, the configuration files extracted from the archive are modified, and preparatory processes are carried out before system changes.
Starting Changes to the OS
All operations up to this point are performed strictly within the installer directory and do not affect the OS. You can view the set of files ready for installation in the staging directory. For this, the administrator will be asked for permission to continue the installation:
!!! AT THIS POINT WE START TO MAKE CHANGES IN OPERATING SYSTEM !!!
Do you want to continue? [y/N]:
Confirm the changes to continue the installation by pressing y and then Enter.
Installation
No action is required from the administrator at this stage. Several actions take place here:
- Creating groups and users
- Creating directories
- Installing OpenSearch Dashboards
- Making changes to the visual design
- Installing plugins
- Changing file and directory ownership and setting SELinux rules
Starting the Service and Enabling the New Interface
No action is required from the administrator at this stage.
Completing the Installation
Upon completion of the installation, a firewall configuration message should appear using firewalld and ufw as examples, as well as a successful installation message, as shown in the image below. Any other type of installation completion indicates an error, and additional corrective actions are required.
================================================================================
-- Additional firewall configuration example (if needed)
-- For RHEL/CentOS with firewalld
firewall-cmd --permanent --zone=public --add-port=5601/tcp
firewall-cmd --reload
-- For AstraLinux/Debian with ufw
ufw allow 5601/tcp
================================================================================
================================================================================
-- SEARCH ANYWHERE FRAMEWORK SUCCESSFULLY INSTALLED!
================================================================================
Upon successful completion of the installer, the node is deployed and ready for use. The systemd service opensearch-dashboards.service should be running on it. The service will start automatically after the OS restarts.
Note that you need to configure the firewall for port 5601/tcp – the port for accessing SA Web. To check functionality, open the page https://<your-server-ip-address>:5601 in your browser and use the credentials you specified during OpenSearch installation.
Example of the page output:
