Installing on CentOS, RHEL

Prerequisites

🚧

If upgrading from older versions, follow the steps:

  • Check the java version by running the command: java -version
  • If the version is older than java-17 ,uninstall/remove it.
  • To search the pre-installed java run the command : rpm -qa | grep java, a list will be displayed.
  • To remove those which are shown from previous step, run the following command:
    rpm -e \<java-result-displayed-from-above-step>
  1. Install OpenJDK 17 by running the following command:
    sudo yum install java-17-openjdk-devel -y

  2. Verify the java installation by running the following command:
    java -version

  3. Install wget by running the following command:
    yum install wget -y

  4. Increase the map count by running the following command:
    sysctl -w vm.max_map_count=262144
    Add the line to the file to set this permanently in /etc/sysctl.conf :
    vm.max_map_count=262144

    To check the map count you can use the following command:
    sysctl -q vm.max_map_count

  5. Increase ulimit value and validate system settings

    To change the file descriptor setting, add the line to the file /etc/sysctl.conf.
    fs.file-max=100000 to it.

    Apply the changes by running the following command:
    sysctl -p

    To change the ulimit setting, edit the file /etc/security/limits.conf and set the hard and soft limits:
    * soft nofile 100000
    * hard nofile 100000

    After these changes, please reboot the server by running the following command:
    reboot

    Check the ulimit settings by running the following command:
    ulimit -a

Installation

  1. Please login as root using sudo su if you are not the root user.

  2. Create a SearchBlox user by running the following commands:
    sudo adduser searchblox
    sudo passwd searchblox

  3. SearchBlox has to be installed in /opt folder, so change the directory to /opt by running the following command:
    cd /opt

  4. Download SearchBlox rpm package by running the following command:
    sudo wget https://d2fco3ozzrfhhd.cloudfront.net/v10.7.0.8/searchblox-10.7.0.8-0.noarch.rpm

  5. Install the rpm package by running the following command:
    sudo rpm -ivh searchblox-10.7.0.8-0.noarch.rpm

  6. Change permission for few folders by running the following commands:
    sudo chown -R searchblox:searchblox /opt/searchblox
    sudo chmod -R 755 /opt/searchblox/bin
    sudo chmod -R 755 /opt/searchblox/opensearch/
    sudo chmod -R 755 /opt/searchblox/logs
    sudo chmod -R 755 /opt/searchblox/connectors

  7. Start SearchBlox services by running the following command:
    systemctl start searchblox

👍

Note:

SearchBlox service will start opensearch services internally unlike previous versions. If service start up gives any issues, enable searchblox.service using the command below:
systemctl daemon-reload

  1. Stop SearchBlox services by running the following command:
    systemctl stop searchblox
  2. To verify the status of the SearchBlox service please use the following command:
    systemctl status searchblox

Verify Installation

  • After you start the services, wait for 30 seconds then go to HTTPS://<Hostname or Host IP>:8443/console/ to access the SearchBlox Management Console.

  • You can also verify if SearchBlox has started successfully by viewing the status.log file in the /opt/searchblox/webapps/ROOT/logs folder.

  • Please confirm the message "Started Successfully" is shown in the log.

  • In case of any errors, this log will provide additional information for troubleshooting.

📘

Note

🚧

SearchBlox Admin Console Access using IP Address or Domain Name

Change SearchBlox Server Port

  • SearchBlox Server runs on port 8443 by default.

You can change the port by following the steps as shown in the following:

  1. Stop SearchBlox service

  2. Edit the file /opt/searchblox/start.d/https.ini and add the below line to set the required port number:
    jetty.ssl.port=443

  3. Save the file https.ini

  4. Start SearchBlox service

🚧

Port Update

Fix the permission denied error while using searchblox service on less than ports 1024, run the below commands:
Check the Java Path

readlink -f $(which java)

Set the capability to bind low ports for non-root searchblox user.

setcap cap_net_bind_service+ep <javapath>

Uninstall

Uninstall or remove SearchBlox by running the following command:
yum remove searchblox

📘

Note

For clean SearchBlox uninstallation, it is required to remove SearchBlox directory, /opt/searchblox manually by running the following command:
rm -rf /opt/searchblox

Disk Encryption

🚧

Additional Disk is required for disk encryption

  • Installation of cryptsetup
    for RHEL / CentOS
    yum install cryptsetup-luks

  • LUKS Format disk
    Note: while formatting the disk we have to give some password
    cryptsetup luksFormat /dev/sdb

WARNING!
========
This will overwrite data on /dev/sdb irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
  • Luks open
    Note: We have to use the password created earlier while formatting the disk.
    cryptsetup luksOpen /dev/sda data
Enter passphrase for /dev/sdb:
  • Create a filesystem
    mkfs -t ext4 /dev/mapper/data
mke2fs 1.42.13 (17-May-2015)
Creating filesystem with 52428288 4k blocks and 13107200 inodes
Filesystem UUID: 1c71b0f4-f95d-46d6-93e0-cbd19cb95edb
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
	4096000, 7962624, 11239424, 20480000, 23887872
Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
  • Mounting the new file system at /opt
    mount /dev/mapper/data /opt
  • To get UUID
    blkid /dev/mapper/data
/dev/mapper/data: UUID="0a228c13-06d8-4739-99c3-f596c2dcce8e" TYPE="ext4"
  • We need to add the UUID into /etc/fstab like this and save it
    Note: We need to add the UUID into etc/fstab file
LABEL=cloudimg-rootfs   /        ext4   defaults,discard        0 0
UID="4539b70d-66ab-4c07-b2a2-d4583f461a2f"   /secret   ext4 defaults 0 0
UID="4539b70d-66ab-4c07-b2a2-d4583f461a2f"   /opt      ext4 defaults 0 0
UUID="0a228c13-06d8-4739-99c3-f596c2dcce8e"   /opt  ext4  defaults 0  0
===================================================
  • To close encryption
    cryptsetup luksClose /dev/mapper/data

  • To open encryption
    cryptsetup luksOpen /dev/mapper/data

CentOS Full Disk Encryption

❗️

Important Note

Before installation of OS, the entire root volume can be encrypted using the following steps for GUI based CentOS systems

  1. To enable the disk encryption please go to installation destination

  1. While installing Centos7 Installation Enable the Encryption.

  1. Next create Disk Encryption Passphrase.

  1. On reboot you would get the following prompt to enter the passphrase so that you can successfully unlock the drive:

  1. Please use the command as in the following screenshot to verify the disk Encryption

📘

NOTE:

If you face any trouble in starting opensearch and in logs if you find the error as Opensearch status RED follow the steps given here:

  • Set the OPENSEARCH_JAVA_HOME by running the following command:
  • If you have installed java from Prerequisites section, use the below command:
  • export OPENSEARCH_JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
  • If java is installed in different path, change the value.
  • export OPENSEARCH_JAVA_HOME=<java installation path>