Configure the OpenSearch Component

2.8.5.1 Configure the OpenSearch Component

This section describes how to configure the OpenSearch component.

OpenSearch is a distributed search and analytics engine. Compliance Studio leverages the search feature offered by OpenSearch.

Note:

Ensure that a minimum of 4GB free RAM space is available for OpenSearch. If RAM is low, the shards of the OpenSearch fail, and the correct result is not fetched.
You must manually clean the cache if facing a performance issue.
Prerequisites
- Download the analysis-icu and analysis-phonetic plugins. You can download the plugins from the <COMPLIANCE_STUDIO_INSTALLATION_PATH>/opensearch directory.
- The Java version must be 11 and above.

To configure the OpenSearch component:

Navigate to the <COMPLIANCE_STUDIO_INSTALLATION_PATH>/opensearch directory.
Untar the OpenSearch by executing the command: tar -xvzf opensearch-${<version>}.tar.gz.
Install the following plugins:
```
<OPEN_SEARCH_EXTRACTED_PATH>/opensearch/opensearch-<version>/bin/
opensearch-plugin install file:////<PATH>/analysis-icu-<version>.zip
<OPEN_SEARCH_EXTRACTED_PATH>/opensearch/opensearch-<version>/bin/
opensearch-plugin install file:////<PATH>/analysis-phonetic-
<version>.zip
```
Where PATH specifies location of the plugins.
Note:
- You can also install OpenSearch and the plugins on a different machine other than where the Compliance Studio is installed.
- The OpenSearch can be extracted in any directory outside the Compliance Studio path as well.
Navigate to the <OPEN_SEARCH_EXTRACTED_PATH>/opensearch/opensearch- <version>/config directory.

Configure the opensearch.yml file with the following variables.

Table 2-14 opensearch.yml File

Interaction Variable Name	Significance
cluster.name	Indicates the name of the cluster.
node.name	Indicates the name given for the node.
path.data	Indicates the directory where you want to store the data.
path.logs	Indicates the directory where you want to store the logs.
network.host	Indicates the hostname of the machine where you want to install the OpenSearch service.
http.port	Indicates the port number where the OpenSearch service is installed.
discovery.seed_hosts	(Optional) Indicates the hostnames of the nodes of the cluster.
cluster.initial_cluster_manager_nodes	(Optional) Indicates the number given to the nodes of the cluster.

Configure the jvm.options file as follows.

Table 2-15 Configure jvm.options File

Interaction Variable Name	Significance
-Xms4g -Xmx4g	Set the value for these parameters. The maximum value set can be up to 50% of the RAM size of the machine. Recommended value: Less than 32GB. Note: -Xms4g represents 4GB. The value for -Xms and -Xmx should be same.

Interaction Variable Name

Significance

-Xms4g
-Xmx4g

Set the value for these parameters.
The maximum value set can be up to 50% of the RAM size of the machine.
Recommended value: Less than 32GB.

Note:

-Xms4g represents 4GB.
The value for -Xms and -Xmx should be same.

After configuration changes, navigate to the <COMPLIANCE_STUDIO_INSTALLATION_PATH>/ opensearch/opensearch-<version>/bin directory.
To start OpenSearch, execute the following command.
nohup ./opensearch &
To check the OpenSearch logs, execute the following command.
tail -f nohup.out

Enable SSL Configuration and Authentication

To enable SSL and Authentication for OpenSearch, configuration is required at both OpenSearch and Compliance Studio.

OpenSearch Configuration

To configure OpenSearch, Download the opensearch-security plugin zip file. For information about how to configure OpenSearch, see the OpenSearch documentation.

Compliance Studio Configuration

To configure Compliance Studio:

Navigate to the <COMPLIANCE_STUDIO_INSTALLATION_PATH>/bin directory.
Change the following property in the config.sh file.
OPEN_SEARCH_USERNAME=admin
Navigate to the <COMPLIANCE_STUDIO_INSTALLATION_PATH>/ficdb/bin directory and encrypt the password (./FCCM_Studio_Base64Encoder.sh --admin) using FCCMBASEENCODER64.
Navigate to the <COMPLIANCE_STUDIO_INSTALLATION_PATH>/opensearch/opensearch- <version>/config directory.

To generate the admin.p12 file, execute the following command.

openssl pkcs12 -export -out admin.p12 -inkey <path to/admin-key.pem> -in
<path to/admin.pem>

To generate the ca.crt file, execute the following command.
```
openssl x509 -outform der -in <path to/admin.pem> -out ca.crt
```
Copy the admin.p12 file and place in the following directories.
<COMPLIANCE_STUDIO_INSTALLATION_PATH>/load-to-open-search/conf

<COMPLIANCE_STUDIO_INSTALLATION_PATH>/matching-service/conf
Copy the ca.crt file and place in the <COMPLIANCE_STUDIO_INSTALLATION_PATH>/logstash/config directory.
Configure the following parameters under OpenSearch Cluster details in the config.sh file.
OPEN_SEARCH_ENCRYPTED_PASSWORD='##ENCRYPTED_PASSWORD##'

OPEN_SEARCH_HTTPS_ENABLED=true

OPEN_SEARCH_TRUSTSTORE_FILE_NAME=admin.p12

OPEN_SEARCH_TRUSTSTORE_PASSWORD=password

Note:
To generate an encrypted password, see Generate an Encrypted Password for OpenSearch.
Install the Compliance Studio.

Cleanup for OpenSearch Indexes

To clean up the OpenSearch indexes, run the following command.

curl -XDELETE http://<FULLY QUALIFIED HOSTNAME OF STUDIO SERVER>:<PORT of Load To Open Search Service>/load-to-open-search/idx/deleteIndex/<INDEX NAME>

For example,

curl -XDELETE http://testserver.in.oracle.com:7053/load-to-open-search/idx/
deleteIndex/test_index

Note:

This command will work only if Compliance Studio is installed and all services are running.