bitnami/opensearch
Bitnami container image for OpenSearch
100K+
OpenSearch is a scalable open-source solution for search, analytics, and observability. Features full-text queries, natural language processing, custom dictionaries, amongst others.
Overview of OpenSearch Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
docker run --name opensearch bitnami/opensearch:latest
You can find the available configuration options in the Environment Variables section.
Looking to use OpenSearch in production? Try VMware Tanzu Application Catalog, the commercial edition of the Bitnami catalog.
Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the Bitnami OpenSearch Chart GitHub repository.
Bitnami containers can be used with Kubeapps for deployment and management of Helm Charts in clusters.
Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers in our docs.
Starting December 10th 2024, only the latest stable branch of any container will receive updates in the free Bitnami catalog. To access up-to-date releases for all upstream-supported branches, consider upgrading to Bitnami Premium. Previous versions already released will not be deleted. They are still available to pull from DockerHub.
Please check the Bitnami Premium page in our partner Arrow Electronics for more information.
Dockerfile
linksLearn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags in our documentation page.
You can see the equivalence between the different tags by taking a look at the tags-info.yaml
file present in the branch folder, i.e bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml
.
Subscribe to project updates by watching the bitnami/containers GitHub repo.
The recommended way to get the Bitnami OpenSearch Docker Image is to pull the prebuilt image from the Docker Hub Registry.
docker pull bitnami/opensearch:latest
To use a specific version, you can pull a versioned tag. You can view the list of available versions in the Docker Hub Registry.
docker pull bitnami/opensearch:[TAG]
If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the docker build
command. Remember to replace the APP
, VERSION
and OPERATING-SYSTEM
path placeholders in the example command below with the correct values.
git clone https://github.com/bitnami/containers.git
cd bitnami/APP/VERSION/OPERATING-SYSTEM
docker build -t bitnami/APP:latest .
If you remove the container all your data will be lost, and the next time you run the image the application will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed.
For persistence you should mount a directory at the /bitnami
path. If the mounted directory is empty, it will be initialized on the first run.
docker run \
-v /path/to/opensearch-data-persistence:/bitnami/opensearch/data \
bitnami/opensearch:latest
or by making a minor change to the docker-compose.yml
file present in this repository:
opensearch:
...
volumes:
- /path/to/opensearch-data-persistence:/bitnami/opensearch/data
...
NOTE: As this is a non-root container, the mounted files and directories must have the proper permissions for the UID
1001
.
It is also possible to use multiple volumes for data persistence by using the OPENSEARCH_DATA_DIR_LIST
environment variable:
opensearch:
...
volumes:
- /path/to/opensearch-data-persistence-1:/opensearch/data-1
- /path/to/opensearch-data-persistence-2:/opensearch/data-2
environment:
- OPENSEARCH_DATA_DIR_LIST=/opensearch/data-1,/opensearch/data-2
...
Using Docker container networking, an OpenSearch server running inside a container can easily be accessed by your application containers.
Containers attached to the same network can communicate with each other using the container name as the hostname.
Step 1: Create a network
docker network create app-tier --driver bridge
Step 2: Launch the OpenSearch server instance
Use the --network app-tier
argument to the docker run
command to attach the OpenSearch container to the app-tier
network.
docker run -d --name opensearch-server \
--network app-tier \
bitnami/opensearch:latest
Step 3: Launch your application container
docker run -d --name myapp \
--network app-tier \
YOUR_APPLICATION_IMAGE
IMPORTANT:
- Please update the YOUR_APPLICATION_IMAGE_ placeholder in the above snippet with your application image
- In your application container, use the hostname
opensearch-server
to connect to the OpenSearch server
When not specified, Docker Compose automatically sets up a new network and attaches all deployed services to that network. However, we will explicitly define a new bridge
network named app-tier
. In this example we assume that you want to connect to the OpenSearch server from your own custom application image which is identified in the following snippet by the service name myapp
.
version: '2'
networks:
app-tier:
driver: bridge
services:
opensearch:
image: 'bitnami/opensearch:latest'
networks:
- app-tier
myapp:
image: 'YOUR_APPLICATION_IMAGE'
networks:
- app-tier
IMPORTANT:
- Please update the YOUR_APPLICATION_IMAGE_ placeholder in the above snippet with your application image
- In your application container, use the hostname
opensearch
to connect to the OpenSearch server
Launch the containers using:
docker-compose up -d
Customizable environment variables
Name | Description | Default Value |
---|---|---|
OPENSEARCH_CERTS_DIR | Path to certificates folder. | ${DB_CONF_DIR}/certs |
OPENSEARCH_DATA_DIR_LIST | Comma, semi-colon or space separated list of directories to use for data storage | nil |
OPENSEARCH_BIND_ADDRESS | Opensearch bind address | nil |
OPENSEARCH_ADVERTISED_HOSTNAME | Opensearch advertised hostname, used for publish | nil |
OPENSEARCH_CLUSTER_HOSTS | Opensearch cluster hosts | nil |
OPENSEARCH_CLUSTER_MASTER_HOSTS | Opensearch cluster master hosts | nil |
OPENSEARCH_CLUSTER_NAME | Opensearch cluster name | nil |
OPENSEARCH_HEAP_SIZE | Opensearch heap size | 1024m |
OPENSEARCH_MAX_ALLOWED_MEMORY_PERCENTAGE | Opensearch maximum allowed memory percentage | 100 |
OPENSEARCH_MAX_ALLOWED_MEMORY | Opensearch maximum allowed memory amount (in megabytes) | nil |
OPENSEARCH_MAX_TIMEOUT | Opensearch maximum init timeout | 60 |
OPENSEARCH_LOCK_ALL_MEMORY | Sets bootstrap.memory_lock parameter | no |
OPENSEARCH_DISABLE_JVM_HEAP_DUMP | Disable JVM Heap dump | no |
OPENSEARCH_DISABLE_GC_LOGS | Disable GC logs | no |
OPENSEARCH_IS_DEDICATED_NODE | If false, Opensearch will be configured with all the roles, deploy as dedicated node using DB_NODE_ROLES. | no |
OPENSEARCH_MINIMUM_MASTER_NODES | Minimum number of master nodes | nil |
OPENSEARCH_NODE_NAME | Opensearch node name | nil |
OPENSEARCH_FS_SNAPSHOT_REPO_PATH | Opensearch repo path to restore snapshots from system repository | nil |
OPENSEARCH_NODE_ROLES | Comma-separated list of Opensearch roles. If empty, will be deployed as a coordinating-only node. | nil |
OPENSEARCH_PLUGINS | List of Opensearch plugins to activate | nil |
OPENSEARCH_TRANSPORT_PORT_NUMBER | Opensearch node port number | 9300 |
OPENSEARCH_HTTP_PORT_NUMBER | Opensearch port | 9200 |
OPENSEARCH_ENABLE_SECURITY | Enable Opensearch security settings. | false |
OPENSEARCH_PASSWORD | Password for "admin" user. | bitnami |
OPENSEARCH_TLS_VERIFICATION_MODE | Opensearch TLS verification mode in transport layer. | full |
OPENSEARCH_TLS_USE_PEM | Configure Security settings using PEM certificates. | false |
OPENSEARCH_KEYSTORE_PASSWORD | Password for the Opensearch keystore containing the certificates or password-protected PEM key. | nil |
OPENSEARCH_TRUSTSTORE_PASSWORD | Password for the Opensearch truststore. | nil |
OPENSEARCH_KEY_PASSWORD | Password for the Opensearch node PEM key. | nil |
OPENSEARCH_KEYSTORE_LOCATION | Path to Keystore | ${DB_CERTS_DIR}/opensearch.keystore.jks |
OPENSEARCH_TRUSTSTORE_LOCATION | Path to Truststore. | ${DB_CERTS_DIR}/opensearch.truststore.jks |
OPENSEARCH_NODE_CERT_LOCATION | Path to PEM node certificate. | ${DB_CERTS_DIR}/tls.crt |
OPENSEARCH_NODE_KEY_LOCATION | Path to PEM node key. | ${DB_CERTS_DIR}/tls.key |
OPENSEARCH_CA_CERT_LOCATION | Path to CA certificate. | ${DB_CERTS_DIR}/ca.crt |
OPENSEARCH_SKIP_TRANSPORT_TLS | Skips transport layer TLS configuration. Useful when deploying single-node clusters. | false |
OPENSEARCH_TRANSPORT_TLS_USE_PEM | Configure transport layer TLS settings using PEM certificates. | $DB_TLS_USE_PEM |
OPENSEARCH_TRANSPORT_TLS_KEYSTORE_PASSWORD | Password for the Opensearch transport layer TLS keystore containing the certificates or password-protected PEM key. | $DB_KEYSTORE_PASSWORD |
OPENSEARCH_TRANSPORT_TLS_TRUSTSTORE_PASSWORD | Password for the Opensearch transport layer TLS truststore. | $DB_TRUSTSTORE_PASSWORD |
OPENSEARCH_TRANSPORT_TLS_KEY_PASSWORD | Password for the Opensearch transport layer TLS node PEM key. | $DB_KEY_PASSWORD |
OPENSEARCH_TRANSPORT_TLS_KEYSTORE_LOCATION | Path to Keystore for transport layer TLS. | $DB_KEYSTORE_LOCATION |
OPENSEARCH_TRANSPORT_TLS_TRUSTSTORE_LOCATION | Path to Truststore for transport layer TLS. | $DB_TRUSTSTORE_LOCATION |
OPENSEARCH_TRANSPORT_TLS_NODE_CERT_LOCATION | Path to PEM node certificate for transport layer TLS. | $DB_NODE_CERT_LOCATION |
OPENSEARCH_TRANSPORT_TLS_NODE_KEY_LOCATION | Path to PEM node key for transport layer TLS. | $DB_NODE_KEY_LOCATION |
OPENSEARCH_TRANSPORT_TLS_CA_CERT_LOCATION | Path to CA certificate for transport layer TLS. | $DB_CA_CERT_LOCATION |
OPENSEARCH_ENABLE_REST_TLS | Enable TLS encryption for REST API communications. | true |
OPENSEARCH_HTTP_TLS_USE_PEM | Configure HTTP TLS settings using PEM certificates. | $DB_TLS_USE_PEM |
OPENSEARCH_HTTP_TLS_KEYSTORE_PASSWORD | Password for the Opensearch HTTP TLS keystore containing the certificates or password-protected PEM key. | $DB_KEYSTORE_PASSWORD |
OPENSEARCH_HTTP_TLS_TRUSTSTORE_PASSWORD | Password for the Opensearch HTTP TLS truststore. | $DB_TRUSTSTORE_PASSWORD |
OPENSEARCH_HTTP_TLS_KEY_PASSWORD | Password for the Opensearch HTTP TLS node PEM key. | $DB_KEY_PASSWORD |
OPENSEARCH_HTTP_TLS_KEYSTORE_LOCATION | Path to Keystore for HTTP TLS. | $DB_KEYSTORE_LOCATION |
OPENSEARCH_HTTP_TLS_TRUSTSTORE_LOCATION | Path to Truststore for HTTP TLS. | $DB_TRUSTSTORE_LOCATION |
OPENSEARCH_HTTP_TLS_NODE_CERT_LOCATION | Path to PEM node certificate for HTTP TLS. | $DB_NODE_CERT_LOCATION |
OPENSEARCH_HTTP_TLS_NODE_KEY_LOCATION | Path to PEM node key for HTTP TLS. | $DB_NODE_KEY_LOCATION |
OPENSEARCH_HTTP_TLS_CA_CERT_LOCATION | Path to CA certificate for HTTP TLS. | $DB_CA_CERT_LOCATION |
OPENSEARCH_SECURITY_DIR | Root directory of the Opensearch Security plugin. | ${DB_PLUGINS_DIR}/opensearch-security |
OPENSEARCH_SECURITY_CONF_DIR | Configuration directory of the Opensearch Security plugin. | ${DB_CONF_DIR}/opensearch-security |
OPENSEARCH_DASHBOARDS_PASSWORD | Password for the Opensearch-dashboards user. | bitnami |
LOGSTASH_PASSWORD | Password for the Logstash user. | bitnami |
OPENSEARCH_SET_CGROUP | Configure Opensearch java opts with cgroup hierarchy override, so cgroup statistics are available in the container. | true |
OPENSEARCH_SECURITY_BOOTSTRAP | If set to true, this node will be configured with instructions to bootstrap the Opensearch security config. | false |
OPENSEARCH_SECURITY_NODES_DN | Comma-separated list including the Opensearch nodes allowed TLS DNs. | nil |
OPENSEARCH_SECURITY_ADMIN_DN | Comma-separated list including the Opensearch Admin user allowed TLS DNs. | nil |
OPENSEARCH_SECURITY_ADMIN_CERT_LOCATION | Path to the Opensearch Admin PEM certificate. | ${DB_CERTS_DIR}/admin.crt |
OPENSEARCH_SECURITY_ADMIN_KEY_LOCATION | Path to the Opensearch Admin PEM key. | ${DB_CERTS_DIR}/admin.key |
Read-only environment variables
Name | Description | Value |
---|---|---|
DB_FLAVOR | Database flavor. Valid values: elasticsearch or opensearch . | opensearch |
OPENSEARCH_VOLUME_DIR | Persistence base directory | /bitnami/opensearch |
OPENSEARCH_BASE_DIR | Opensearch installation directory | /opt/bitnami/opensearch |
OPENSEARCH_CONF_DIR | Opensearch configuration directory | ${DB_BASE_DIR}/config |
OPENSEARCH_DEFAULT_CONF_DIR | Opensearch default configuration directory | ${DB_BASE_DIR}/config.default |
OPENSEARCH_LOGS_DIR | Opensearch logs directory | ${DB_BASE_DIR}/logs |
OPENSEARCH_PLUGINS_DIR | Opensearch plugins directory | ${DB_BASE_DIR}/plugins |
OPENSEARCH_DEFAULT_PLUGINS_DIR | Opensearch default plugins directory | ${DB_BASE_DIR}/plugins.default |
OPENSEARCH_DATA_DIR | Opensearch data directory | ${DB_VOLUME_DIR}/data |
OPENSEARCH_TMP_DIR | Opensearch temporary directory | ${DB_BASE_DIR}/tmp |
OPENSEARCH_BIN_DIR | Opensearch executables directory | ${DB_BASE_DIR}/bin |
OPENSEARCH_MOUNTED_PLUGINS_DIR | Directory where plugins are mounted | ${DB_VOLUME_DIR}/plugins |
OPENSEARCH_CONF_FILE | Path to Opensearch c |
Note: the README for this container is longer than the DockerHub length limit of 25000, so it has been trimmed. The full README can be found at https://github.com/bitnami/containers/blob/main/bitnami/opensearch/README.md