OpenSearch is a community-driven project by Amazon and a fork of Elasticsearch and Kibana. It's a fully open-source search engine and analytics suite with rich features and innovative functionality. The OpenSearch project's main component is OpenSearch (a fork of Elasticsearch) and the OpenSearch Dashboards (a fork of Kibana). Both components provide features such as enterprise security, alerting, machine learning, SQL, index state management, and more.
OpenSearch is 100% open-source and licensed under Apache 2.0-licensed. It enables you to easily ingest, secure, search, aggregate, view, and analyze data for a number of use cases such as log analytics, application search, enterprise search, and more.
This article shows you how to install OpenSearch - an open-source search, analytics, and visualization suite - on the Rocky Linux 9 server. This article includes securing OpenSearch deployment with TLS/SSL certificates and setting up authentication and authorization on OpenSearch.
This article also shows you how to install OpenSearch Dashboards - an open-source visualization tool like Kibana, then configure it to connect to OpenSearch. After finished with this article, you'll have a data analytics and visualization suite installed on your Rocky Linux server.
Prerequisites
To get started with this guide, you must have the following requirements:
- A server with Rocky Linux 9 and minimum RAM 4GB - This example uses a Rocky Linux server with the hostname 'node-rock1', IP address '192.168.5.25', and RAM 8GB.
- A non-root user with sudo/root administrator privileges.
- An SELinux is running in permissive mode.
That's it; Let's start installing OpenSearch.
Setup System
The first thing you must do is prepare your Rocky Linux host. This includes setting up the proper hostname and fqdn, disabling SWAP, and increasing the max maps memory on your system.
To do this, you must log in to your Rocky Linux server.
Now issue the following command to set up the proper hostname and fqdn for your Rocky Linux server.
In this example, you'll set up the system hostname with 'node-rock1' and the fqdn 'node-rock1.hwdomain.lan'. Also, be sure to change the IP address in the following command with your server IP address.
sudo hostnamectl set-hostname node-rock1
echo '192.168.5.25 node-rock1.hwdomain.lan node-rock1' >> /etc/hosts
Log out of your current session and log in again. Then, verify fqdn via the below command.
sudo hostname -f
You should get an output like this. The fqdn on the host is configured to 'node-rock1.hwdomain.lan'.
Next, you'll need to disable memory paging and SWAP on your Rocky Linux host. Disabling memory paging and SWAP will increase the performance of your OpenSearch server.
Issue the below command to disable SWAP on your system. The first command will disable SWAP permanently by commenting on the SWAP configuration at the '/etc/fstab' file. And the second command is used to disable SWAP on your current session.
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
sudo swapoff -a
Verify the status of SWAP on your system via the following command.
free -m
You'll receive an output similar to this - The 'Swap' section with a value of 0 in total confirms that the SWAP is disabled.
Lastly, you must increase the max maps memory on your system for OpenSearch. And this can be done via the '/etc/sysctl.conf' file.
Issue the following command to increase max maps memory to '262144' and apply the changes. With this, you'll add a new configuration 'vm.max_map_count=262144' to the /etc/sysctl.conf' file and apply the changes on your system via the 'sysctl -p' command.
sudo echo "vm.max_map_count=262144" >> /etc/sysctl.conf
sudo sysctl -p
You can now disable the status of max maps memory on your system with the below command. And you should 'max_map_count' should be increased to '262144'.
cat /proc/sys/vm/max_map_count
Output:
With the system configured, you're ready to install OpenSearch.
Installing OpenSearch
OpenSearch can be installed in multiple ways. You can install OpenSearch via tarball, Docker, RPM, and Kubernetes. For RHEL-based distributions, you can easily be installing OpenSearch via the official OpenSearch repository.
Issue the curl command below to download the OpenSearch repository to your system. Then, verify the list of available repositories via the command below.
sudo curl -SL https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/opensearch-2.x.repo -o /etc/yum.repos.d/opensearch-2.x.repo
sudo dnf repolist
If successful, you should get the repository 'OpenSearch 2.x' available in your terminal output.
You can also check available packages of 'opensearch' by issuing the following command.
sudo dnf info opensearch
At the time of this writing, the OpenSearch repository provides two versions of OpenSearch for different system architectures - OpenSearch 2.5 for x86_64 and aarch64.
Invoke the following dnf command to install OpenSearch on your Rocky Linux server. When prompted for confirmation, input y to confirm and press ENTER to proceed.
sudo dnf install opensearch
Output:
During the installation, you'll also be prompted to add the GPG key for the OpenSearch repository. Input y to confirm and press ENTER.
Once OpenSearch is successfully installed, reload the systemd manager and apply new changes using the below systemctl command utility.
sudo systemctl daemon-reload
Now start and enable OpenSearch using the below command. With this, the OpenSearch should be running with the default configurations and it's also enabled, which means the OpenSearch will start automatically upon the system startup.
sudo systemctl start opensearch
sudo systemctl enable opensearch
To make sure that the OpenSearch is working and running, you can verify using the below systemctl command.
sudo systemctl status opensearch
You should receive an output like this - The output 'active (running)' confirms that the OpenSearch service is running, while '... enabled;...' confirms that the OpenSearch service is enabled.
You have now installed OpenSearch and it's now running and enabled. You can now proceed to the next step for setting up your OpenSearch installation.
Configuring OpenSearch
By default, OpenSearch configurations are stored in the '/etc/opensearch' directory. In this step, you'll do the basic configuration of OpenSearch in a single-node mode. You'll also increase the max heap memory on your system to get better performance of the OpenSearch server.
Open the OpenSearch config file '/etc/opensearch/opensearch.yml' using the below nano editor command.
sudo nano /etc/opensearch/opensearch.yml
Change some default OpenSearch parameters with the following lines. With this, you'll run OpenSearch in a specific network IP address '192.168.5.25', the deployment type is 'single-node', and re-enable the OpenSearch security plugins.
# Bind OpenSearch to the correct network interface. Use 0.0.0.0
# to include all available interfaces or specify an IP address
# assigned to a specific interface.
network.host: 192.168.5.25
# Unless you have already configured a cluster, you should set
# discovery.type to single-node, or the bootstrap checks will
# fail when you try to start the service.
discovery.type: single-node
# If you previously disabled the security plugin in opensearch.yml,
# be sure to re-enable it. Otherwise you can skip this setting.
plugins.security.disabled: false
Save and exit the file '/etc/opensearch/opensearch.yml' when finished.
Next, open the default JVM options file for OpenSearch '/etc/opensearch/jvm.options' using the following nano editor command.
sudo nano /etc/opensearch/jvm.options
Change the default max heap memory with the following lines. This depends on your server memory, you can allocate more like 2GB for OpenSearch if you have bigger RAM memory.
-Xms2g
-Xmx2g
Save the file and exit the editor when finished.
Lastly, run the below systemctl command utility to restart the OpenSearch service and apply the changes.
sudo systemctl restart opensearch
Now the OpenSearch should be running on IP address '192.168.5.25' with the default port '9200'. Verify the list of open ports on your system by issuing the ss command below.
ss -tulpn
Securing OpenSearch with TLS Certificates
In this step, you'll be generating multiple certificates that will be used to secure OpenSearch deployment. You'll secure node-to-node communications with TLS certificates and secure REST-layer traffics between client-server communications via TLS.
Below is the list of certificates that will be generated:
- Root CA certificates: These certificates will be used to sign other certificates.
- Admin certificates: These certificates will be used to get administrative rights to perform all tasks related security plugin.
- Node and Client Certificates: These certificates will be used by nodes and clients within the OpenSearch cluster.
Before generating new TLS certificates, let's remove some default certificates and default OpenSearch configurations.
Issue the following command to remove default OpenSearch TLS certificates. Then, open the OpenSearch configuration '/etc/opensearch/opensearch.yml' using the following nano editor command.
rm -f /opt/opensearch/{esnode-key.pem,esnode.pem,kirk-key.pem,kirk.pem,root-ca.pem}
sudo nano /etc/opensearch/opensearch.yml
At the bottom of the line, comment on the default OpenSearch Security Demo Configuration as below.
Save and exit the file when finished.
Next, issue the following command to create a new directory '/etc/opensearch/certs'. This directory will be used to store new TLS certificates that will be generated. Then, move your working directory into it.
mkdir -p /etc/opensearch/certs; cd /etc/opensearch/certs
Generating Root CA Certificates
Generate a private key for the root CA certificates using the below.
openssl genrsa -out root-ca-key.pem 2048
Now generate a self-signed root CA certificate via the below command. You can also change values within the '-subj' parameter with your information.
openssl req -new -x509 -sha256 -key root-ca-key.pem -subj "/C=CA/ST=ONTARIO/L=TORONTO/O=ORG/OU=UNIT/CN=ROOT" -out root-ca.pem -days 730
With this, you should get the root CA private key 'root-ca-key.pem' and the root CA certificate 'root-ca.pem'.
Output:
Generating Admin Certificates
Generate the new admin certificate private key 'admin-key-temp.pem' using the below command.
openssl genrsa -out admin-key-temp.pem 2048
Convert the default admin private key to PKCS#8 format. For the Java application, you need to convert the default private key to PKCS#12-compatible algorithm (3DES). With this, your admin private key should be 'admin-key.pem'.
openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem
Next, run the below command to generate the admin CSR (Certificate Signing Request) from the 'admin-key.pem' private key. Your generated CSR should now be 'admin.csr' file.
Because this certificate is used for authenticating elevated access and is not tied to any hosts, you can use anything in the 'CN' configuration.
openssl req -new -key admin-key.pem -subj "/C=CA/ST=ONTARIO/L=TORONTO/O=ORG/OU=UNIT/CN=A" -out admin.csr
Lastly, run the below command to sign the admin CSR with the root CA certificate and private key. The output of the admin certificate is the 'admin.pem' file.
openssl x509 -req -in admin.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out admin.pem -days 730
Your admin certificate should now be 'admin.pem' file which is signed with root CA certificates. And the admin private key is 'admin-key.pem', which is converted to PKCS#8 format.
Output:
Generating Node Certificates
The process of generating node certificates is similar to admin certificates. But, you can specify the CN value with the hostname or IP address of your node.
Generate the node private key using the below command.
openssl genrsa -out node-rock1-key-temp.pem 2048
Convert the node private key to PKCS#8 format. Your node private key should now be 'node-rock1-key.pem'.
openssl pkcs8 -inform PEM -outform PEM -in node-rock1-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node-rock1-key.pem
Next, create a new CSR for the node certificate. Be sure to change the 'CN' value with the hostname of your node. This certificate is tied to hosts, and you must specify the CN value with the hostname or IP address of your OpenSearch node.
openssl req -new -key node-rock1-key.pem -subj "/C=CA/ST=ONTARIO/L=TORONTO/O=ORG/OU=UNIT/CN=node-rock1.hwdomain.lan" -out node-rock1.csr
Before signing the node certificate, run the below command to create a SAN extension file 'node-rock1.ext'. This will contain the node hostname or FQDN or IP address.
echo 'subjectAltName=DNS:node-rock1.hwdomain.lan' > node-rock1.ext
Lastly, sign the node certificate CSR file with root CA certificate and private using the below command.
openssl x509 -req -in node-rock1.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node-rock1.pem -days 730 -extfile node-rock1.ext
With this, your node certificate is a 'node-rock1.pem' file and the private key is 'node-rock1-key.pem'.
Output:
Setting up Certificates
Run the below command to remove the temporary certificate, CSR, and SAN extension file.
rm *temp.pem *csr *ext
ls
Convert the root CA certificate to .crt format.
openssl x509 -outform der -in root-ca.pem -out root-ca.crt
Add the root CA certificate to your Rocky Linux system using the below command. Copy the root-ca.crt file to the '/etc/pki/ca-trust/source/anchors/' directory and load the new root CA certificate to your system.
sudo cp root-ca.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust
Output:
Lastly, run the below command to set up your certificates' proper permission and ownership. The directory '/etc/opensearch/certs' ownership should be the user 'opensearch' with permission 0700. And for all certificate files, the permission should be 0600.
sudo chown -R opensearch:opensearch /etc/opensearch/certs
sudo chmod 0700 /etc/opensearch/certs
sudo chmod 0600 /etc/opensearch/certs/*.pem
sudo chmod 0600 /etc/opensearch/certs/*.crt
Adding TLS Certificates to OpenSearch
With TLS certificates generated, the root CA, admin certificates, and node certificates are. You'll next add certificates to the OpenSearch config file '/etc/opensearch/opensearch.yml'. In this example, you'll create a new bash script that will add certificates and TLS security plugin settings to OpenSearch.
Create a new file 'add.sh' using the below nano editor command.
nano add.sh
Add the following lines to the file. Be sure to change and use the correct path of your certificate files and the target OpenSearch configuration file.
#! /bin/bash
# Before running this script, make sure to replace the CN in the
# node's distinguished name with a real DNS A record.
echo "plugins.security.ssl.transport.pemcert_filepath: /etc/opensearch/certs/node-rock1.pem" | sudo tee -a /etc/opensearch/opensearch.yml
echo "plugins.security.ssl.transport.pemkey_filepath: /etc/opensearch/certs/node-rock1-key.pem" | sudo tee -a /etc/opensearch/opensearch.yml
echo "plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/opensearch/certs/root-ca.pem" | sudo tee -a /etc/opensearch/opensearch.yml
echo "plugins.security.ssl.http.enabled: true" | sudo tee -a /etc/opensearch/opensearch.yml
echo "plugins.security.ssl.http.pemcert_filepath: /etc/opensearch/certs/node-rock1.pem" | sudo tee -a /etc/opensearch/opensearch.yml
echo "plugins.security.ssl.http.pemkey_filepath: /etc/opensearch/certs/node-rock1-key.pem" | sudo tee -a /etc/opensearch/opensearch.yml
echo "plugins.security.ssl.http.pemtrustedcas_filepath: /etc/opensearch/certs/root-ca.pem" | sudo tee -a /etc/opensearch/opensearch.yml
echo "plugins.security.allow_default_init_securityindex: true" | sudo tee -a /etc/opensearch/opensearch.yml
echo "plugins.security.authcz.admin_dn:" | sudo tee -a /etc/opensearch/opensearch.yml
echo " - 'CN=A,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA'" | sudo tee -a /etc/opensearch/opensearch.yml
echo "plugins.security.nodes_dn:" | sudo tee -a /etc/opensearch/opensearch.yml
echo " - 'CN=node-rock1.hwdomain.lan,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA'" | sudo tee -a /etc/opensearch/opensearch.yml
echo "plugins.security.audit.type: internal_opensearch" | sudo tee -a /etc/opensearch/opensearch.yml
echo "plugins.security.enable_snapshot_restore_privilege: true" | sudo tee -a /etc/opensearch/opensearch.yml
echo "plugins.security.check_snapshot_restore_write_privileges: true" | sudo tee -a /etc/opensearch/opensearch.yml
echo "plugins.security.restapi.roles_enabled: [\"all_access\", \"security_rest_api_access\"]" | sudo tee -a /etc/opensearch/opensearch.yml
Save and exit the file when finished.
Next, make the file 'add.sh' executable and execute it. The new TLS security plugin for OpenSearch should be added to the OpenSearch config file '/etc/opensearch/opensearch.yml'.
chmod +x add.sh
./add.sh
Output:
If you check the OpenSearch config file '/etc/opensearch/opensearch.yml', you should see the new settings generated by the script 'add.sh' script.
Now, you have added TLS certificates to OpenSearch and enabled the security plugins. In the next step, you'll secure OpenSearch with authentication and authorization by creating a new user on OpenSearch.
Setting Admin User OpenSearch
First, move your working directory to '/usr/share/opensearch/plugins/opensearch-security/tools' by issuing the cd command below.
cd /usr/share/opensearch/plugins/opensearch-security/tools
Execute the 'hash.sh' script to generate a new password hash for OpenSearch. Input the password that you'll be creating and press ENTER.
OPENSEARCH_JAVA_HOME=/usr/share/opensearch/jdk ./hash.sh
You should get the generated hash of your password. Copy that hash because you will need to add that hashed password to the OpenSearch configuration.
Rerun the 'hash.sh' script to generate another password hash that will be used for the OpenSearch Dashboards.
OPENSEARCH_JAVA_HOME=/usr/share/opensearch/jdk ./hash.sh
With this, you have now generated two hashed passwords for OpenSearch.
Next, open the OpenSearch user configuration '/etc/opensearch/opensearch-security/internal_users.yml' using the below nano editor command. You'll now set up OpenSearch users via OpenSearch Security.
sudo nano /etc/opensearch/opensearch-security/internal_users.yml
Delete all default OpenSearch users and replace them with the following lines. Be sure to change the hashed password with your generated password. In this example, you'll create two users for OpenSearch, the 'admin' user for OpenSearch and the 'kibanaserver' user that will be used by OpenSearch Dashboards.
...
...
admin:
hash: "$2y$12$BnfqwqWRi7DkyuPgLa8.3.kLzdpIY11jFpSXTAOKOMCVj/i20k9oW"
reserved: true
backend_roles:
- "admin"
description: "Admin user"
kibanaserver:
hash: "$2y$12$kYjgPjPzIp9oTghNdWIHcuUalE99RqSYtTCh6AiNuS5wmeEaWnbzK"
reserved: true
description: "Demo OpenSearch Dashboards user"
Save and exit the file when finished.
Now issue the following systemctl command utility to restart the OpenSearch service and apply the changes.
sudo systemctl restart opensearch
Now move to the directory '/usr/share/opensearch/plugins/opensearch-security/tools' and invoke the script 'securityadmin.sh' to apply the new changes on OpenSearch Security.
cd /usr/share/opensearch/plugins/opensearch-security/tools
OPENSEARCH_JAVA_HOME=/usr/share/opensearch/jdk ./securityadmin.sh -h 192.168.5.25 -p 9200 -cd /etc/opensearch/opensearch-security/ -cacert /etc/opensearch/certs/root-ca.pem -cert /etc/opensearch/certs/admin.pem -key /etc/opensearch/certs/admin-key.pem -icl -nhnv
The 'securityadmin.sh' script will connect to the OpenSearch server that runs on IP address '192.168.5.25' and default port '9200'. Then, apply the new users that you've configured in the file '/etc/opensearch/opensearch-security/internal_users.yml' to the OpenSearch deployment.
lastly, with the new users added and applied via 'securityadmin.sh' script, you'll now verify OpenSearch users via the curl command below. Be sure to change the hostname or IP address and the user and password for OpenSearch.
curl https://node-rock1:9200 -u admin:password -k
curl https://node-rock1:9200 -u kibanaserver:kibanapass -k
If the user's configuration is successful, you should receive an output like this:
Verify OpenSearch user 'admin'.
Verify OpenSearch user 'kibanaserver'.
At this point, you've now finished the OpenSearch installation via RPM packages on the Rocky Linux 9 server. And also secured OpenSearch deployment via TLS certificates and enabled user authentication and authorization via OpenSearch Security plugins.
In the Next step, you'll install OpenSearch Dashboards and add your OpenSearch server into it using the new user that you've created 'kibanaserver'.
Installing OpenSearch Dashboard
Because the OpenSearch repository still uses legacy SHA1 hash to verify the OpenSearch Dashboard package, then you must change the default crypto policies on your Rocky Linux to LEGACY.
Run the below command to update the default crypto policy to LEGACY.
sudo update-crypto-policies --set LEGACY
Next, add the OpenSearch Dashboards repository to your system via the curl command below.
sudo curl -SL https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.x/opensearch-dashboards-2.x.repo -o /etc/yum.repos.d/opensearch-dashboards-2.x.repo
Then verify the list of available repositories on your system. You should see the repository 'OpenSearch Dashboard 2.x' available in the repository list.
sudo dnf repolist
Output:
Now invoke the following dnf command to install the OpenSearch Dashboards package. When prompted, input y to confirm and press ENTER to proceed.
sudo dnf install opensearch-dashboards
During the installation, you'll also be prompted to accept the GPG key of the OpenSearch Dashboards repository. Input y and press ENTER to confirm.
Once OpenSearch Dashboards is installed, run the below systemctl command utility to start and enabled the 'opensearch-dashboard' service. The OpenSearch Dashboard should now be running with the default configuration and it's should be enabled, which means the service will start automatically upon the system startup.
sudo systemctl start opensearch-dashboards
sudo systemctl enable opensearch-dashboards
Verify the OpenSearch Dashboard service to ensure that the service is running.
sudo systemctl status opensearch-dashboards
You should receive an output like this - the status of the OpenSearch Dashboard service is running and it's now also enabled and will be run automatically at system bootup.
Now move to the next step to set up your OpenSearch Dashboard installation.
Configuring OpenSearch Dashboards
In this step, you'll set up the OpenSearch Dashboards on which IP address amd port the Open Search Dashboard should be running, and also you'll set up a connection to the OpenSearch server.
Open the OpenSearch Dashboard config file '/etc/opensearch-dashboards/opensearch-dashboard.yml' using the below nano editor.
sudo nano /etc/opensearch-dashboards/opensearch-dashboard.yml
Uncomment and change the default parameter 'server.port' and 'server.host' with the following lines. The default OpenSearch Dashboards will be running on port '5601', ensure to adjust the 'server.host' parameter with your server IP address.
# OpenSearch Dashboards is served by a back end server. This setting specifies the port to use.
server.port: 5601
# Specifies the address to which the OpenSearch Dashboards server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "192.168.5.25"
Move to the bottom line of the configuration and change the details of OpenSearch parameters that are used to connect to the OpenSearch server. Be sure to change the parameter of 'opensearch.hosts', 'opensearch.username', and 'opensearch.password' with your OpenSearch server details.
opensearch.hosts: [https://192.168.5.25:9200]
opensearch.ssl.verificationMode: none
opensearch.username: kibanaserver
opensearch.password: kibanapass
Save the file and exit the editor when finished.
Next, run the below systemctl command to restart the OpenSearch Dashboards service and apply the changes.
sudo systemctl restart opensearch-dashboards
With this, the OpenSearch Dashboards should be running on IP address '192.168.5.25' with port '5601'. Also, the OpenSearch Dashboard will be connected to the OpenSearch server with the details user 'kibanaserver'.
Accessing OpenSearch Dashboards
At this point, you've finished installation and configuration of OpenSearch Dashboard. You'll now verify the OpenSearch Dashboards installation by access it via web browser and verify the connection to OpenSearch server via 'Dev Tools'.
Before accessing the OpenSearch Dashboards, you must open port 5601 on your firewalld.
Invoke the following firewall-cmd commands to open TCP port 5601. Then, reload the firewalld to apply the changes.
sudo firewall-cmd --add-port=5601/tcp --permanent
sudo firewall-cmd --reload
Next, verify the list of rules on firewalld using the below command. You should see port 5601 is available on firewalld.
sudo firewall-cmd --list-all
Now open up your web browser and visit the OpenSearch Dashboards IP address with port 5601 (i.e: http:192.168.5.25:5601). You'll now see the OpenSearch Dashboards login page.
Input your username and password that you've created. In this example, the user is 'kibanaserver'. Then click the 'Log in' button to confirm and log in to OpenSearch Dashboards.
When successful, you should get the following page with the message 'Welcome to OpenSearch Dashboards'. You can now click 'Add data' to add new data to your OpenSearch server or click 'Explore my own' for a later setup.
Next, to ensure that the OpenSearch Dashboards is connected to the OpenSearch server, you'll do the following steps:
Click on the left menu move to the Management section and click 'Dev Tools'.
Now input the 'GET /' query on the console and click the play button. When successful, you should see the output on the right side with detailed information about your OpenSearch server. Also, you can see on the top right the HTTP code '200 - OK' which confirms that the query is executed without error.
With this in mind, you've now installed OpenSearch Dashboards on the Rocky Linux server via the RPM package. Also, you've configured OpenSearch Dashboards to connect to the OpenSearch server.
Conclusion
In this article, you've installed OpenSearch via RPM on the Rocky Linux 9 server. You've also secured OpenSearch with TLS certificates, enabled authentication and authorization, and configured users in OpenSearch. In addition to that, you've also configured and optimized the Rocky Linux server for deploying OpenSearch.
You've also installed the OpenSearch Dashboards via RPM on the Rocky Linux 9 server. You've successfully configured and connected the OpenSearch Dashboards to OpenSearch Server with authentication enabled and also successfully verified the OpenSearch and OpenSearch Dashboards installation.
With this setup, you can explore more about OpenSearch by deploying OpenSearch Cluster, setting up additional authentication, and many more. You learn more all of those about OpenSearch from OpenSearch's official documentation.