Skip to content
This repository has been archived by the owner on Feb 8, 2024. It is now read-only.

Install and Setup Third party Software

Jump to bottom
Udayan Yaragattikar edited this page Jun 23, 2021 · 3 revisions

Install Third party software

curl -s http://cortx-storage.colo.seagate.com/releases/cortx/third-party-deps/rpm/install-cortx-prereq.sh | bash

Setup Elasticsearch service

1-node configuration

  1. Delete the opendistro_security plugin

rm -rf /usr/share/elasticsearch/plugins/opendistro_security

  1. Delete the opendistro_security configuration entries from elasticsearch.yml.(path: /etc/elasticsearch/elasticsearch.yml )
######## End OpenDistro for Elasticsearch Security Demo Configuration ########
opendistro_security.ssl.transport.pemcert_filepath: esnode.pem 
opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem 
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem 
opendistro_security.ssl.transport.enforce_hostname_verification: false 
opendistro_security.ssl.http.enabled: true 
opendistro_security.ssl.http.pemcert_filepath: esnode.pem 
opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem 
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem 
opendistro_security.allow_unsafe_democertificates: true 
opendistro_security.allow_default_init_securityindex: true 
opendistro_security.authcz.admin_dn: 
   CN=kirk,OU=client,O=client,L=test, C=de 
opendistro_security.audit.type: internal_elasticsearch 
opendistro_security.enable_snapshot_restore_privilege: true 
opendistro_security.check_snapshot_restore_write_privileges: true 
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] 
opendistro_security.system_indices.enabled: true 
opendistro_security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*"] 
cluster.routing.allocation.disk.threshold_enabled: false 
node.max_local_storage_nodes: 3 
######## End OpenDistro for Elasticsearch Security Demo Configuration ########
  1. Add following set of configurations to elasticsearch.yml.(path: /etc/elasticsearch/elasticsearch.yml )
cluster.name: odfe-cluster
node.name: srvnode-1
network.bind_host: ['localhost', '<Private Ip of node>']
network.publish_host: ['<Private Ip of node>']
discovery.seed_hosts: ['<Private Ip of node>']
cluster.initial_master_nodes: ['srvnode-1']

1-Node Setup and 3-node Setup (Execute each of the 3-nodes)

  1. Demon-reload
systemctl daemon-reload
  1. Enable elasticsearch.service 
systemctl enable elasticsearch.service
  1. Start elasticsearch.service 
systemctl start elasticsearch.service
  1. Check status elasticsearch.service 
systemctl status elasticsearch.service
  1. Test weather ES cluster is running
$ curl -XGET 'http://localhost:9200/_cat/nodes?v'

ip             heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
10.230.240.121           25           7   0    0.90    0.97     0.79 dimr      *      srvnode-1

Setup Consul service

1-node Setup

  1. Update consul.service file
$ vim /usr/lib/systemd/system/consul.service
ExecStart=/usr/bin/consul agent -dev
  1. Reload Systemd and then Enable and Start service
systemctl daemon-reload
systemctl status consul
systemctl enable consul
systemctl restart consul

3-node Setup

  • Get IP of each of 3nodes
<IP-1>
<IP-2>
<IP-3>
  • Get Encrypt Key from any one node
    • It will produce key and copy this key as used in configuration.
$ consul keygen
zfijcQOtQgpwyP74+cPK4LQ+vwyDTCnIfdZibrnulok=
  • Update configuration file
    • Update /etc/consul.d/consul.hcl file on each node. Add
data_dir = "/opt/consul"

client_addr = "0.0.0.0"
bind_addr = "{{ GetInterfaceIP \"eth2\" }}"

ui = true

server = true
bootstrap_expect=3
# Copy encrypt key output from point 2 to below
encrypt = "zfijcQOtQgpwyP74+cPK4LQ+vwyDTCnIfdZibrnulok="
retry_join = ["<IP-1>", "<IP-2>", "<IP-3>"]
  • Start consul service on all node
systemctl status consul
systemctl enable consul
systemctl restart consul
  • Check consul service
consul members

Node      Address    Status   Type   Build  Protocol      DC   Segment
node-1  <IP-1>:8301  alive   server  1.7.8      2         dc1   <all>
node-2  <IP-2>:8301  alive   server  1.7.8      2         dc1   <all>
node-3  <IP-3>:8301  alive   server  1.9.4      2         dc1   <all>
Clone this wiki locally