Installing on CentOS, RHEL
Prerequisites
If upgrading from older versions, follow the steps:
- Check the java version by running the command:
java -version
- If the version is older than java-17 ,uninstall/remove it.
- To search the pre-installed java run the command :
rpm -qa | grep java
, a list will be displayed.- To remove those which are shown from previous step, run the following command:
rpm -e \<java-result-displayed-from-above-step>
-
Install OpenJDK 17 by running the following command:
sudo yum install java-17-openjdk-devel -y
-
Verify the java installation by running the following command:
java -version
-
Install wget by running the following command:
yum install wget -y
-
Increase the map count by running the following command:
sysctl -w vm.max_map_count=262144
Add the line to the file to set this permanently in /etc/sysctl.conf :
vm.max_map_count=262144
To check the map count you can use the following command:
sysctl -q vm.max_map_count
-
Increase ulimit value and validate system settings
To change the file descriptor setting, add the line to the file /etc/sysctl.conf.
fs.file-max=100000
to it.Apply the changes by running the following command:
sysctl -p
To change the ulimit setting, edit the file /etc/security/limits.conf and set the hard and soft limits:
* soft nofile 100000
* hard nofile 100000
After these changes, please reboot the server by running the following command:
reboot
Check the ulimit settings by running the following command:
ulimit -a
Installation
-
Please login as root using sudo su if you are not the root user.
-
Create a SearchBlox user by running the following commands:
sudo adduser searchblox
sudo passwd searchblox
-
SearchBlox has to be installed in /opt folder, so change the directory to /opt by running the following command:
cd /opt
-
Download SearchBlox rpm package by running the following command:
sudo wget https://d2fco3ozzrfhhd.cloudfront.net/v10.7.0.8/searchblox-10.7.0.8-0.noarch.rpm
-
Install the rpm package by running the following command:
sudo rpm -ivh searchblox-10.7.0.8-0.noarch.rpm
-
Change permission for few folders by running the following commands:
sudo chown -R searchblox:searchblox /opt/searchblox
sudo chmod -R 755 /opt/searchblox/bin
sudo chmod -R 755 /opt/searchblox/opensearch/
sudo chmod -R 755 /opt/searchblox/logs
sudo chmod -R 755 /opt/searchblox/connectors
-
Start SearchBlox services by running the following command:
systemctl start searchblox
Note:
SearchBlox service will start opensearch services internally unlike previous versions. If service start up gives any issues, enable searchblox.service using the command below:
systemctl daemon-reload
- Stop SearchBlox services by running the following command:
systemctl stop searchblox
- To verify the status of the SearchBlox service please use the following command:
systemctl status searchblox
Verify Installation
-
After you start the services, wait for 30 seconds then go to
HTTPS://<Hostname or Host IP>:8443/console/
to access the SearchBlox Management Console. -
You can also verify if SearchBlox has started successfully by viewing the status.log file in the
/opt/searchblox/webapps/ROOT/logs
folder. -
Please confirm the message "Started Successfully" is shown in the log.
-
In case of any errors, this log will provide additional information for troubleshooting.
Note
To learn more on Troubleshooting visit: Logging and Troubleshooting
To learn about accessing SearchBlox visit: Overview of SearchBlox
To learn about tuning after installation visit: Installation Tuning
SearchBlox Admin Console Access using IP Address or Domain Name
- You can use your IP instead of localhost in the URL to access the SearchBlox Admin Console.
- If a domain name is mapped to the IP address, you can use the domain name:
https://exampledomain:port/console
https://exampledomain:port/search/index.html
Change SearchBlox Server Port
- SearchBlox Server runs on port 8443 by default.
You can change the port by following the steps as shown in the following:
-
Stop SearchBlox service
-
Edit the file /opt/searchblox/start.d/https.ini and add the below line to set the required port number:
jetty.ssl.port=443
-
Save the file https.ini
-
Start SearchBlox service
Port Update
Fix the permission denied error while using searchblox service on less than ports 1024, run the below commands:
Check the Java Path
readlink -f $(which java)
Set the capability to bind low ports for non-root searchblox user.
setcap cap_net_bind_service+ep <javapath>
Uninstall
Uninstall or remove SearchBlox by running the following command:
yum remove searchblox
Note
For clean SearchBlox uninstallation, it is required to remove SearchBlox directory,
/opt/searchblox
manually by running the following command:
rm -rf /opt/searchblox
Disk Encryption
Additional Disk is required for disk encryption
-
Installation of cryptsetup
for RHEL / CentOS
yum install cryptsetup-luks
-
LUKS Format disk
Note: while formatting the disk we have to give some password
cryptsetup luksFormat /dev/sdb
WARNING!
========
This will overwrite data on /dev/sdb irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
- Luks open
Note: We have to use the password created earlier while formatting the disk.
cryptsetup luksOpen /dev/sda data
Enter passphrase for /dev/sdb:
- Create a filesystem
mkfs -t ext4 /dev/mapper/data
mke2fs 1.42.13 (17-May-2015)
Creating filesystem with 52428288 4k blocks and 13107200 inodes
Filesystem UUID: 1c71b0f4-f95d-46d6-93e0-cbd19cb95edb
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
- Mounting the new file system at
/opt
mount /dev/mapper/data /opt
- To get UUID
blkid /dev/mapper/data
/dev/mapper/data: UUID="0a228c13-06d8-4739-99c3-f596c2dcce8e" TYPE="ext4"
- We need to add the UUID into
/etc/fstab
like this and save it
Note: We need to add the UUID intoetc/fstab
file
LABEL=cloudimg-rootfs / ext4 defaults,discard 0 0
UID="4539b70d-66ab-4c07-b2a2-d4583f461a2f" /secret ext4 defaults 0 0
UID="4539b70d-66ab-4c07-b2a2-d4583f461a2f" /opt ext4 defaults 0 0
UUID="0a228c13-06d8-4739-99c3-f596c2dcce8e" /opt ext4 defaults 0 0
===================================================
-
To close encryption
cryptsetup luksClose /dev/mapper/data
-
To open encryption
cryptsetup luksOpen /dev/mapper/data
CentOS Full Disk Encryption
Important Note
Before installation of OS, the entire root volume can be encrypted using the following steps for GUI based CentOS systems
- To enable the disk encryption please go to installation destination
- While installing Centos7 Installation Enable the Encryption.
- Next create Disk Encryption Passphrase.
- On reboot you would get the following prompt to enter the passphrase so that you can successfully unlock the drive:
- Please use the command as in the following screenshot to verify the disk Encryption
NOTE:
If you face any trouble in starting opensearch and in logs if you find the error as
Opensearch status RED
follow the steps given here:
- Set the
OPENSEARCH_JAVA_HOME
by running the following command:- If you have installed java from
Prerequisites
section, use the below command:export OPENSEARCH_JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
- If java is installed in different path, change the value.
export OPENSEARCH_JAVA_HOME=<java installation path>
Updated about 2 months ago