Link Search Menu Expand Document Documentation Menu

Ansible playbook

You can use an Ansible playbook to install and configure a production-ready OpenSearch cluster along with OpenSearch Dashboards.

The Ansible playbook only supports deployment of OpenSearch and OpenSearch Dashboards to the most popular Linux distributions (CentOS 7, RHEL7, Amazon Linux 2, Ubuntu 20.04) hosts.


Make sure you have Ansible and Java 8 installed.


  1. Clone the OpenSearch ansible-playbook repository:

    git clone

  2. Configure the node properties in the inventories/opensearch/hosts file:

    ansible_host=<Public IP address> ansible_user=root ip=<Private IP address />


    • ansible_host is the IP address of the target node that you want the Ansible playbook to install OpenSearch and OpenSearch DashBoards on.
    • ip is the IP address that you want OpenSearch and OpenSearch DashBoards to bind to. You can specify the private IP of the target node, or localhost, or
  3. You can modify the default configuration values in the inventories/opensearch/group_vars/all/all.yml file. For example, you can increase the Java memory heap size:

    xms_value: 8
    xmx_value: 8

Make sure you have direct SSH access into the root user of the target node.

Run OpenSearch and OpenSearch Dashboards using Ansible playbook

  1. Run the Ansible playbook with root privileges:

    ansible-playbook -i inventories/opensearch/hosts opensearch.yml --extra-vars "admin_password=Test@123 kibanaserver_password=Test@6789 logstash_password=Test@456"

    You can set the passwords for reserved users (admin, kibanaserver, and logstash) using the admin_password, kibanaserver_password, and logstash_password variables.

  2. After the deployment process is complete, you can access OpenSearch and OpenSearch Dashboards with the username admin and the password that you set for the admin_password variable.

    If you bind ip to a private IP or localhost, make sure you’re logged into the server that deployed the playbook to access OpenSearch and OpenSearch Dashboards:

    curl https://localhost:9200 -u 'admin:Test@123' --insecure

    If you bind ip to, then replace localhost with the public IP or the private IP (if it’s in the same network).

350 characters left

Have a question? .

Want to contribute? or .