Skip to main content

Cloud server with OpenSearch

Last update:

Opensearch is an open source search and analytics engine.The cloud server with Opensearch is a collector and visualizer of Selectel cloud platform logs.

For a cloud server, you can configure automatic scheduled backups.From the backup, you can restore the server disk.

You can create a cloud server with an out-of-the-box Opensearch application.

Create a cloud server with OpenSearch

In order for OpenSearch to work, the cloud server must be accessible from the Internet. To do this, when creating the server, you must create a private subnet and connect a public IP address.

To configure OpenSearch when creating a server, you must specify user data — user configuration parameters of the operating system. You can specify two sets of variables:

  • to access OpenSearch Dashboard by domain;
  • to access OpenSearch Dashboard by IP address.

After creating a server with OpenSearch, a free TLS certificate from Let's Encrypt® is automatically issued for the domain you specify.To issue the certificate, you must add an A-record for the domain and specify the public IP address of the server in the record value.The domain can be added to Selectel's DNS hosting (actual).

  1. Optional: create a public IP address.

  2. Optional: add an A-record for the domain.

  3. Create a service user.

  4. Issue the S3 key to the service user.

  5. Create a cloud server with OpenSearch.

1. Optional: create a public IP address

Create a public IP address if you need to access the OpenSearch Dashboard web interface by domain.Skip this step if the dashboard will be accessed by IP address only.

Use the Create Public IP Address subsection of the Public IP Address instructions.

2. Optional: add an A-record for the domain

Add an A record if you need to access the OpenSearch Dashboard web interface by domain.Skip this step if the dashboard will be accessed by IP address only.

Use the Add a resource record instruction.

Select the type of resource records in the group — A.In the record value, specify the public IP address that you created earlier.

3. Create a service user

Create a service user In the permission, select the role member or reader and access area Projects.Create users can Account Owner or users with the role iam_admin.

4. Issue S3 key to the service user

Users with access to the control panel can issue themselves S3 keys but we recommend to create service users and issue S3 keys to them.

S3 keys can only be issued to other users by the Account Owner or a user with the role iam_admin. Service user can't get S3-key by himself, because he doesn't have access to the control panel — he must be issued a key by Account Owner or iam_admin.

A separate key must be created for each project.Multiple keys can be issued for one project.

  1. In the control panel, on the top menu, click Account.

  2. Go to the section with the desired user type:

    • Users — for users with access to the control panel;
    • Service users — for service users.

  3. Open the user page → Access tab.

  4. In the S3 keys block, click Add Key.

  5. Enter the name of the key.

  6. Select the project for which the key will work.

  7. Click Generate. Two values will be generated:

    • Access key — Access Key ID, key identifier;
    • Secret key — Secret Access Key, secret key.

  8. Click Copy and save the key — it cannot be viewed after the window is closed.

5. Create a cloud server with OpenSearch

  1. In the Dashboard, on the top menu, click Products and select Cloud Servers.

  2. Click Create Server.

  3. Fill in the blocks:

  4. Check the price of the cloud server.

  5. Click Create.

Name and location

  1. Enter the server name. This will be set as the host name in the operating system.

  2. Select the region and pool segment in which the server will be created.The list of available server configurations and resource costs depends on the pool segment.Once the server is created, you cannot change the pool segment.

Source

  1. Open the Applications tab.

  2. Select Cloud Opensearch.

  3. Optional: if you need another current or archived version of the application, select the desired version in the Version field.

Configuration

Select a configuration from 2 vCPU, RAM от 2 ГБ and размером загрузочного диска от 20 ГБ.Two types of configurations are available for the server:

The configurations use different processors depending on the line and pool segment.After the server is created, you can change the configuration.

  1. Click Fixed.

  2. Open the tab with the desired ruler.

  3. Select a configuration.

  4. If both local and network disks are available in the selected configuration, select the disk to be used as the boot disk:

    • local disk — check the box Local SSD NVMe disk. A server with a local disk can only be created from images and applications;
    • network drive — do not check the checkbox.

    The amount of RAM allocated to the server may be less than the amount specified in the configuration — the operating system kernel reserves some RAM depending on the kernel version and distribution. You can check the allocated amount on the server with sudo dmesg | grep Memory.

Disks

  1. If you did not check the Local SSD NVMe disk checkbox when setting up the configuration. the first specified network drive will be used as the server boot disk.To configure it:

    1.1 Select the type of network boot disk.

    1.2 Specify the size of the network boot disk in GB or TB. Observe the maximum size limits of network disks.

    1.3 If you selected the Universal v2 disk type, specify the total number of read and write operations in IOPS. After creating a disk, you can change the number of IOPS — decrease or increase.The number of IOPS changes is unlimited.

  2. Опционально: добавьте дополнительный network disk server :

    2.1 Click Add.

    2.2 Select the type of network drive.

    2.3. Укажите размер сетевого диска в ГБ или ТБ. consider the maximum size limits of network drives.

    2.4 If you selected the Universal v2 disk type, specify the total number of read and write operations in IOPS. After creating a disk, you can change the number of IOPS — decrease or increase. There is no limit to the number of IOPS changes.

    After the server is created, you can connect new additional disks.

Network

The server can be added to a new private subnet or to an existing one.

Private — A subnet without access from the Internet or with a single static public IP address.The public IP address connects to a server that will be accessible from the Internet.

  1. Click Private Subnet.

  2. In the Public IP address for Internet access field, select the public IP address you created earlier or create a new one.

  3. Expand the block with private subnet settings.

  4. In the Subnet field, select an existing subnet.

  5. In the Private IP field, specify the private IP address of the server. The public IP address will be automatically connected to the private address.

Safety

Select security groups to filter traffic on server ports. Without security groups, traffic will not be allowed. If there is no block, port security is disabled on the server network . With traffic filtering disabled, all traffic will be allowed.

Access

  1. Place an SSH key for the project on the server for secure connection:

    1.1 If the SSH key for the project is not added to the cloud platform, click Add SSH Key, enter the key name, insert the public key in OpenSSH format, and click Add.

    1.2. If an SSH key for the project is added to the cloud platform. select the existing key in the SSH key field.SSH key is available only in the pool in which it is hosted.

  2. Optional: in the Password field for "root":

    2.1 Copy the password of the root user — a user with unlimited rights to all actions on the system.

    2.2 Save the password in a safe place and do not transmit it in public.

Additional settings

  1. If you plan to create multiple servers and want to improve the fault tolerance of your infrastructure, add the server to a placement group:

    1.1 To create a new group, in the Placement Group field, click New.

    1.2. Select New Group and enter a group name.

    1.3 Select a policy for hosting on different hosts:

    • preferably soft-anti-affinity. The system will try to place servers on different hosts. If there is no suitable host when creating a server, it will be created on the same host;
    • anti-affinity is mandatory. Servers in a group must be located on different hosts. If there is no suitable host when creating a server, the server will not be created.

    1.4 If a group has been created, select the placement group in the Placement Group field.

  2. To add additional information or filter servers in the list, add server tags. Operating system and configuration tags are automatically added. To add a new tag, enter a tag in the Tags field.

  3. To add a script that will be executed by the cloud-init agent when the operating system first starts up, in the Automation block in the User data field:

    • open the Text tab and paste the script with text;
    • or open the File tab and upload the file with the script.

The OpenSearch Dashbord web interface will be accessible through the domain. Make sure you have created a public IP address and added an A-record for the domain.

#cloud-config

write_files:
- path: "/opt/gomplate/values/user-values.yml"
  permissions: "0644"
  content: |
    opensearchDomain: '<opensearch_domain>'
    AdminEmail: '<user_email>'
    opensearchAdminUser: '<username>'
    opensearchAdminPassword: '<user_password>'
    AWS_ACCESS_KEY_ID: '<access_key>'
    AWS_SECRET_ACCESS_KEY: '<secret_key>'
    retentionDays: <days_number>

Specify:

  • <opensearch_domain> — domain to access the Opensearch Dashboards that you added earlier;
  • <user_email> — email of the Opensearch Dashboards administrator. The email will be used to issue SSL certificates;
  • optional: <username> — username to log in to Opensearch Dashboards. If the parameter is not specified, the default value is admin;
  • <user_password> — user password to log in to Opensearch Dashboards;
  • <access_key> — the log access key that you you saved earlier;
  • <secret_key> — the logging key that you you saved earlier;
  • optional: <days_number> — number of days to store logs. If the parameter is not specified, the default value is 7.