Redhat (RPM/YUM Installation)
  • 14 Sep 2022
  • 2 Minutes to read
  • Dark

Redhat (RPM/YUM Installation)

  • Dark

The following installation guide has been written as an example of an in-place full-cluster restart upgrade from Elasticsearch 7.10.2 to OpenSearch 1.3.4 on RHEL OS. It is meant to be used as a supplemental guide to the official OpenSearch installation guides. For a full set of installation instructions for OpenSearch software, see the OpenSearch documentation.

Installation Prerequisites

  1. Confirm the minimum software requirements are met.
  2. Determine average daily and hourly volume ingest by Graylog node(s).
  3. Confirm Graylog journal(s) are configured appropriately, e.g. review capacity, configurations, and test high-utilization of journal(s).
  4. Register a snapshot repository within the Elasticsearch cluster, unless one already exists.
  5. Create a full-cluster snapshot of the Elasticsearch cluster.
  6. Pause Message Processing on Graylog node(s). (Go to the web interface of each node, then navigate to System > Nodes. Click on the More Actions dropdown next to each node, and then select Pause Message Processing.)
  7. Disable shard replication in your Elasticsearch cluster:
curl -X PUT "http://hostame-of-an-OpenSearch-node:9200/_cluster/settings" -H 'Content-Type: application/json' -d'{

  "transient" : {

     "cluster.routing.allocation.enable" : "primaries"



  1. Shut down the Elasticsearch cluster (and confirm it is down before proceeding to installation).

OpenSearch Installation Method

For RHEL, you will be able to choose from a manual method of installation (RPM) or installing via YUM.


  1. Download the RPM package directly from the OpenSearch site for v1.3.4. The RPM package is available for both x64 and arm64.
  2. Import the public GPG key. This key verifies that your OpenSearch instance is signed:
sudo rpm --import
  1. On your host, use sudo yum install or sudo rpm -ivh to install the package:
sudo yum install opensearch-1.3.4-linux-x64.rpm
sudo rpm -ivh opensearch-1.3.4-linux-x64.rpm


  1. Create a repository file for OpenSearch:
sudo curl -SL -o /etc/yum.repos.d/opensearch-1.x.repo

Then verify the repos: sudo yum repolist.

  1. Clean your YUM cache:
sudo yum clean all
  1. OpenSearch is available for download and installation:
sudo yum install opensearch-1.3.4
  1. Verify that the fingerprint matches the following:
Fingerprint: c5b7 4989 65ef d1c2 924b a9d5 39d3 1987 9310 d3fc

If correct, enter yes or y. The OpenSearch installation continues.

Complete Installation

  1. Take note of the PATH assigned to parameter in the elasticsearch.yml file of your Elasticsearch nodes.
  2. Copy the contents of the elasticsearch.yml PATH to the opensearch.yml
sudo rsync -avP /var/lib/elasticsearch/* /var/lib/opensearch/
  1. Update the ownership of the /var/lib/opensearch directory to opensearch:opensearch so OpenSearch can read the Elasticsearch data:
 sudo chown -R opensearch:opensearch /var/lib/opensearch
  1. Edit opensearch.yml file on all Elasticsearch nodes. If you have Elasticsearch nodes with defined roles such as data, leader, etc., then these roles should be defined differently in OpenSearch. For example:

Data node

a. elasticsearch.yml: true 

    node.master: false

b. opensearch.yml:

    node.roles: ['data']

Dedicated leader node

a. elasticsearch.yml: false 

    node.master: true

b. opensearch.yml: 

    node.roles: ['master']

The opensearch.yml configuration file(s) will then look something like this at a minimum:

action.auto_create_index: false test-cluster1

discovery.seed_hosts: node2,node3

cluster.initial_master_nodes: node1,node2,node3 node1 /var/lib/opensearch

path.logs: /var/log/opensearch true
  1. Start OpenSearch on all OpenSearch (formerly Elasticsearch) nodes.
  2. Wait for the OpenSearch cluster to start. Check the _nodes summary to verify that all nodes are available and running the expected version:
curl -XGET 'http://hostame-of-an-OpenSearch-node:9200/_nodes/_all?pretty=true'
  1. Next, check to confirm all indices are shown. Then, continue to refresh and monitor this output until all indices are green:
curl -XGET 'http://hostame-of-an-OpenSearch-node:9200/_cat/indices?v'
  1. After the cluster is green and all nodes are using the new version, re-enable shard allocation:
curl -X PUT "http://hostame-of-an-OpenSearch-node:9200/_cluster/settings" -H 'Content-Type: application/json' -d'


  "transient" : {

     "cluster.routing.allocation.enable" : "all"



  1. Restart all Graylog node(s).

There is no need to resume message processing on Graylog node(s) after restarting them as they will automatically resume on restart.

Was this article helpful?