Thank you for the response. My configuration is as follows:
1 x Graylog Server (grayserver-0) in a Debian 11 LXC guest, on a PVE host
1 x mongodb instance running in the above-referenced container alongside Graylog-Server
3 x Opensearch Nodes, each in a Debian 12 LXC guest, on the same PVE host
All services are in the same subnet on the same PVE host.
The PVE Host:
13th Gen Intel Core i9-13900K
128GB DDR4 RAM
proxmox pve 6.5.11-8-pve
Each Opensearch Node:
16x vCPU (all p cores)
32GB RAM
Java Heap = 16GB
Swap off
Graylog Server
16x vCPU (all p cores)
16GB RAM
Java Heap = 8GB
Here are my Opensearch configs
Graynode-0
cluster.name: graynode-cluster
node.name: graynode-0
node.roles: [ cluster_manager, data ]
node.attr.temp: hot
path.data: /var/lib/opensearch
path.logs: /var/log/opensearch
network.host: 192.168.128.111
http.port: 9200
discovery.seed_hosts: ["192.168.128.111", "192.168.128.112", "192.168.128.113"]
cluster.initial_cluster_manager_nodes: ["graynode-0", "graynode-1", "graynode-2"]
plugins.security.ssl.transport.pemcert_filepath: graynode-0.pem
plugins.security.ssl.transport.pemkey_filepath: graynode-0-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: foo_ca.pem
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: graynode-0.pem
plugins.security.ssl.http.pemkey_filepath: graynode-0-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: foo_ca.pem
plugins.security.allow_unsafe_democertificates: false
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn:
- CN=admin,OU=IT,O=Foo Bar LLC,L=Anytown,ST=Serenity Now,C=US
plugins.security.nodes_dn:
- CN=graynode-0.foo.local,OU=IT,O=Foo Bar LLC,L=Anytown,ST=Serenity Now,C=US
- CN=graynode-1.foo.local,OU=IT,O=Foo Bar LLC,L=Anytown,ST=Serenity Now,C=US
- CN=graynode-2.foo.local,OU=IT,O=Foo Bar LLC,L=Anytown,ST=Serenity Now,C=US
plugins.security.audit.type: internal_opensearch
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".plugins-ml-config", ".plugins-ml-connector", ".plugins-ml-model-group", ".plugins-ml-model", ".plugins-ml-task", ".plugins-ml-conversation-meta", ".plugins-ml-conversation-interactions", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".ql-datasources", ".opendistro-asynchronous-search-response*", ".replication-metadata-store", ".opensearch-knn-models", ".geospatial-ip2geo-data*"]
node.max_local_storage_nodes: 3
action.auto_create_index: false
plugins.security.ssl.http.clientauth_mode: OPTIONAL
Graynode-1
cluster.name: graynode-cluster
node.name: graynode-1
node.roles: [ cluster_manager, data ]
node.attr.temp: hot
path.data: /var/lib/opensearch
path.logs: /var/log/opensearch
network.host: 192.168.128.112
http.port: 9200
discovery.seed_hosts: ["192.168.128.111", "192.168.128.112", "192.168.128.113"]
cluster.initial_cluster_manager_nodes: ["graynode-0", "graynode-1", "graynode-2"]
plugins.security.ssl.transport.pemcert_filepath: graynode-1.pem
plugins.security.ssl.transport.pemkey_filepath: graynode-1-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: foo_ca.pem
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: graynode-1.pem
plugins.security.ssl.http.pemkey_filepath: graynode-1-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: foo_ca.pem
plugins.security.allow_unsafe_democertificates: false
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn:
- CN=admin,OU=IT,O=Foo Bar LLC,L=Anytown,ST=Serenity Now,C=US
plugins.security.nodes_dn:
- CN=graynode-0.foo.local,OU=IT,O=Foo Bar LLC,L=Anytown,ST=Serenity Now,C=US
- CN=graynode-1.foo.local,OU=IT,O=Foo Bar LLC,L=Anytown,ST=Serenity Now,C=US
- CN=graynode-2.foo.local,OU=IT,O=Foo Bar LLC,L=Anytown,ST=Serenity Now,C=US
plugins.security.audit.type: internal_opensearch
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".plugins-ml-config", ".plugins-ml-connector", ".plugins-ml-model-group", ".plugins-ml-model", ".plugins-ml-task", ".plugins-ml-conversation-meta", ".plugins-ml-conversation-interactions", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".ql-datasources", ".opendistro-asynchronous-search-response*", ".replication-metadata-store", ".opensearch-knn-models", ".geospatial-ip2geo-data*"]
node.max_local_storage_nodes: 3
action.auto_create_index: false
plugins.security.ssl.http.clientauth_mode: OPTIONAL
Graynode-2
cluster.name: graynode-cluster
node.name: graynode-2
node.roles: [ cluster_manager, data ]
node.attr.temp: cold
path.data: /var/lib/opensearch
path.logs: /var/log/opensearch
network.host: 192.168.128.113
http.port: 9200
discovery.seed_hosts: ["192.168.128.111", "192.168.128.112", "192.168.128.113"]
cluster.initial_cluster_manager_nodes: ["graynode-0", "graynode-1", "graynode-2"]
plugins.security.ssl.transport.pemcert_filepath: graynode-2.pem
plugins.security.ssl.transport.pemkey_filepath: graynode-2-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: foo_ca.pem
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: graynode-2.pem
plugins.security.ssl.http.pemkey_filepath: graynode-2-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: foo_ca.pem
plugins.security.allow_unsafe_democertificates: false
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn:
- CN=admin,OU=IT,O=Foo Bar LLC,L=Anytown,ST=Serenity Now,C=US
plugins.security.nodes_dn:
- CN=graynode-0.foo.local,OU=IT,O=Foo Bar LLC,L=Anytown,ST=Serenity Now,C=US
- CN=graynode-1.foo.local,OU=IT,O=Foo Bar LLC,L=Anytown,ST=Serenity Now,C=US
- CN=graynode-2.foo.local,OU=IT,O=Foo Bar LLC,L=Anytown,ST=Serenity Now,C=US
plugins.security.audit.type: internal_opensearch
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".plugins-ml-config", ".plugins-ml-connector", ".plugins-ml-model-group", ".plugins-ml-model", ".plugins-ml-task", ".plugins-ml-conversation-meta", ".plugins-ml-conversation-interactions", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".ql-datasources", ".opendistro-asynchronous-search-response*", ".replication-metadata-store", ".opensearch-knn-models", ".geospatial-ip2geo-data*"]
node.max_local_storage_nodes: 3
action.auto_create_index: false
plugins.security.ssl.http.clientauth_mode: OPTIONAL