The following installation guide has been written as an example of an in-place full-cluster restart upgrade from Elasticsearch 7.10.2 to OpenSearch 2.0.1 on RHEL OS. It is meant to be used as a supplemental guide to the official OpenSearch installation guides. For a full set of installation instructions for OpenSearch software, see the OpenSearch documentation.

Installation Prerequisites

  1. Confirm the minimum software requirements are met.
  2. Determine average daily and hourly volume ingest by Graylog node(s).
  3. Confirm Graylog journal(s) are configured appropriately, e.g. review capacity, configurations, and test high-utilization of journal(s).
  4. Register a snapshot repository within the Elasticsearch cluster, unless one already exists.
  5. Create a full-cluster snapshot of the Elasticsearch cluster.
  6. Pause Message Processing on Graylog node(s). (Go to the web interface of each node, then navigate to System > Nodes. Click on the More Actions dropdown next to each node, and then select Pause Message Processing.)
  7. Disable shard replication in your Elasticsearch cluster:
Copy 
curl -X PUT "http://hostame-of-an-OpenSearch-node:9200/_cluster/settings" -H 'Content-Type: application/json' -d'{

  "transient" : {

     "cluster.routing.allocation.enable" : "primaries"

  }

}

'
  1. Shut down the Elasticsearch cluster (and confirm it is down before proceeding to installation).

OpenSearch Installation Method

For RHEL, you will be able to choose from a manual method of installation (RPM) or installing via YUM.

RPM

  1. Download the RPM package directly from the OpenSearch site for v2.0. The RPM package is available for both x64 and arm64.
  2. Import the public GPG key. This key verifies that your OpenSearch instance is signed:
Copy 
sudo rpm --import https://artifacts.opensearch.org/publickeys/opensearch.pgp
  1. On your host, use sudo yum install or sudo rpm -ivh to install the package:
Copy 
sudo yum install opensearch-2.0.1-linux-x64.rpm
sudo rpm -ivh opensearch-2.0.1-linux-x64.rpm

YUM

  1. Create a repository file for OpenSearch:
Copy 
sudo curl -SL https://artifacts.opensearch.org/releases/bundle/opensearch/1.x/opensearch-1.x.repo -o /etc/yum.repos.d/opensearch-1.x.repo

Then verify the repos: sudo yum repolist.

  1. Clean your YUM cache:
Copy 
sudo yum clean all
  1. OpenSearch is available for download and installation:
Copy 
sudo yum install opensearch-2.0.1
  1. Verify that the fingerprint matches the following:
Copy 
Fingerprint: c5b7 4989 65ef d1c2 924b a9d5 39d3 1987 9310 d3fc

If correct, enter yes or y. The OpenSearch installation continues.

Complete Installation

  1. Take note of the PATH assigned to parameter path.data in the elasticsearch.yml file of your Elasticsearch nodes.
  2. Copy the contents of the elasticsearch.yml path.data PATH to the opensearch.yml path.data:
Copy 
sudo rsync -avP /var/lib/elasticsearch/* /var/lib/opensearch/
  1. Update the ownership of the /var/lib/opensearch directory to opensearch:opensearch so OpenSearch can read the Elasticsearch data:
Copy 
 sudo chown -R opensearch:opensearch /var/lib/opensearch
  1. Edit opensearch.yml file on all Elasticsearch nodes. If you have Elasticsearch nodes with defined roles such as data, leader, etc., then these roles should be defined differently in OpenSearch. For example:

Data node

Copy 
a. elasticsearch.yml: 

    node.data: true 

    node.master: false

b. opensearch.yml:

    node.roles: ['data']

Dedicated leader node

Copy 
a. elasticsearch.yml: 

    node.data: false 

    node.master: true

b. opensearch.yml: 

    node.roles: ['master']

The opensearch.yml configuration file(s) will then look something like this at a minimum:

Copy 
action.auto_create_index: false

cluster.name: test-cluster1

discovery.seed_hosts: node2,node3

cluster.initial_master_nodes: node1,node2,node3

node.name: node1

path.data: /var/lib/opensearch

path.logs: /var/log/opensearch

plugins.security.disabled: true
  1. Start OpenSearch on all OpenSearch (formerly Elasticsearch) nodes.
  2. Wait for the OpenSearch cluster to start. Check the _nodes summary to verify that all nodes are available and running the expected version:
Copy 
curl -XGET 'http://hostame-of-an-OpenSearch-node:9200/_nodes/_all?pretty=true'
  1. Next, check to confirm all indices are shown. Then, continue to refresh and monitor this output until all indices are green:
Copy 
curl -XGET 'http://hostame-of-an-OpenSearch-node:9200/_cat/indices?v'
  1. After the cluster is green and all nodes are using the new version, re-enable shard allocation:
Copy 
curl -X PUT "http://hostame-of-an-OpenSearch-node:9200/_cluster/settings" -H 'Content-Type: application/json' -d'

{

  "transient" : {

     "cluster.routing.allocation.enable" : "all"

  }

}

'
  1. Restart all Graylog node(s).
HintThere is no need to resume message processing on Graylog node(s) after restarting them as they will automatically resume on restart.