Opensearch 配置¶
关于¶
此文件夹包含用于 AWS OpenSearch 集群和负载均衡器后面的 Logstash 服务器的 CloudFormation 配置。
弃用通知¶
此文件包含与在 AWS 上部署 OpenSearch 服务相关的历史配置。logstash 服务(由 logstashstack 部署)不再被 OpenDev 社区使用,并且已被 logsender 工具取代。
当前的 AWS CloudFormation 配置包括
opensearchstack- 用于 OpenSearchecr-stack- 将 OpenSearch 的管理员凭据存储在 Secret Manager 中。
注意:ecr-stack 可能会在未来被移除,但执行此操作需要更改管理员凭据!
用法¶
您需要适当的 AWS 权限(用于创建和监控资源)。将 AWS 凭据放在 ~/.aws/credentials 中,并运行 deploy_opensearch.sh。
创建后 Opensearch¶
Opensearch 服务需要额外的配置,例如创建只读用户、创建 logstash 用户等。
创建用户¶
用户将在 Opensearch dashboards 服务中创建。我们仅创建几个内部用户
logstash - 将由 logstash 或 logsender 服务使用(已弃用;由 logsender 替代)
readonly - 只读用户,能够发现数据、检查可视化和仪表板
openstack - 具有易于记忆密码的只读用户
注意:要跳过对应该具有易于记忆密码(例如 openstack 用户)的用户的 password_validation_regex 验证,它已通过 REST API 创建。例如
bcrypt=$(htpasswd -bnBC 10 "" password | tr -d ':\n')
curl -X PUT "https://<opensearch API url>/_plugins/_security/api/internalusers/openstack" \
-H 'Content-Type: application/json' \
-d' { "hash" : "$2a$12$ABDOLV5fJDfXlkyNVAqD0O4AcUyvCV.Pq8jqLaPdHbsj0yRZYniNa" } ' \
--user 'admin:myuserpassword'
创建角色¶
将在 Opensearch dashboards 服务中添加角色。创建的角色
Readonly 角色基于 说明 创建 详情
name: readonly
cluster permissions: cluster_composite_ops_ro, cluster:monitor/main
index permissions:
index: *
index permissions: read
tenant permissions:
tenant: global_tenant
Logstash 角色(修改)- 已弃用 详情
name: logstash
cluster permissions: cluster_monitor, cluster_composite_ops, indices:admin/template/get, indices:admin/template/put, cluster:admin/ingest/pipeline/put, cluster:admin:ingest/pipeline/get
index permissions:
index: logstash-*, performance-*, subunit-*, *beat*
index permissions: crud, create_index
tenant permissions:
tenant: global_tenant
注意:使用 Python Opensearch 客户端需要 cluster:monitor/main 角色。
注意:索引 *beat* 是可选的。
创建角色映射¶
创建角色后,您可以在角色内部附加应使用它的用户。
创建 ILM - 索引生命周期管理¶
在 OpenSearch Dashboard 中选择 Index Management、State management policies,然后 Create Policy。创建一个具有以下策略语句的策略
对于 logstash-logs-*
14 天后删除 logstash-logs 索引的数据
{
"policy": {
"description": "Delete all data after 14 days",
"default_state": "hot",
"states": [
{
"name": "hot",
"actions": [],
"transitions": [
{
"state_name": "delete",
"conditions": {
"min_index_age": "14d"
}
}
]
},
{
"name": "delete",
"actions": [
{
"delete": {}
}
],
"transitions": []
}
],
"ism_template": [
{
"index_patterns": [
"logstash-logs-*"
]
}
]
}
}
这将删除至少 14 天旧的所有索引(例如,logstash-logs-2021.12.15 索引将在 2021-12-22 删除)。
对于 performance-*
策略 ID:14 天后删除 performance 索引的数据
{
"policy": {
"description": "Delete performance data after 14 days",
"default_state": "hot",
"states": [
{
"name": "hot",
"actions": [],
"transitions": [
{
"state_name": "delete",
"conditions": {
"min_index_age": "14d"
}
}
]
},
{
"name": "delete",
"actions": [
{
"delete": {}
}
],
"transitions": []
}
],
"ism_template": [
{
"index_patterns": [
"performance-*"
]
}
]
}
}
对于 subunit-*
策略 ID:14 天后删除 subunit 索引的数据
{
"policy": {
"description": "Delete subunit data after 14 days",
"default_state": "hot",
"states": [
{
"name": "hot",
"actions": [],
"transitions": [
{
"state_name": "delete",
"conditions": {
"min_index_age": "14d"
}
}
]
},
{
"name": "delete",
"actions": [
{
"delete": {}
}
],
"transitions": []
}
],
"ism_template": [
{
"index_patterns": [
"subunit-*"
]
}
]
}
}
Opensearch Dashboards 中的高级设置¶
与默认设置相比,只有少数更改。部分差异
常规
日期格式化的时区
UTC
默认路由
/app/discover?security_tenant=global
时间过滤器快速范围
[
{
"from": "now/d",
"to": "now/d",
"display": "Today"
},
{
"from": "now/w",
"to": "now/w",
"display": "This week"
},
{
"from": "now-15m",
"to": "now",
"display": "Last 15 minutes"
},
{
"from": "now-30m",
"to": "now",
"display": "Last 30 minutes"
},
{
"from": "now-1h",
"to": "now",
"display": "Last 1 hour"
},
{
"from": "now-6h",
"to": "now",
"display": "Last 6 hour"
},
{
"from": "now-12h",
"to": "now",
"display": "Last 12 hour"
},
{
"from": "now-24h",
"to": "now",
"display": "Last 24 hours"
},
{
"from": "now-7d",
"to": "now",
"display": "Last 7 days"
}
]
