OpenSearch Dashboards Build Configuration
This guide provides comprehensive documentation for OpenSearch Dashboards build configuration using manifest files, focusing on XDR (Extended Detection and Response) platform integration and enterprise security plugin management.
Table of Contents
Understanding Build Manifests
Build manifests are essential configuration files that define how OpenSearch Dashboards should be compiled, which plugins to include, and how components should be integrated. They serve as the blueprint for creating customized OpenSearch Dashboards distributions.
Manifest Schema Overview
schema-version: "1.2"build: name: OpenSearch Dashboards version: 2.18.0 platform: linux architecture: x64 distribution: [deb|rpm|tar] id: unique-build-identifiercomponents: - name: component-name repository: git-repository-url ref: version-or-branch commit_id: specific-commit-hash artifacts: plugins: - plugins/plugin-name-version.zip version: semantic-version
Core Build Configuration
Debian Package Configuration
---schema-version: "1.2"build: name: OpenSearch Dashboards version: 2.18.0 platform: linux architecture: x64 distribution: deb id: 71d717038f66462ca1c5e49883162343components: - name: OpenSearch-Dashboards repository: https://github.com/Infopercept/xdr-dashboard-osd.git ref: 2.18.0 commit_id: 1706584d94159e38a77dc50340786d00d582f4d8 artifacts: dist: - dist/opensearch-dashboards-min-2.18.0-amd64.deb version: 2.18.0.0
RPM Package Configuration
---schema-version: "1.2"build: name: OpenSearch Dashboards version: 2.18.0 platform: linux architecture: x64 distribution: rpm id: 71d717038f66462ca1c5e49883162343components: - name: OpenSearch-Dashboards repository: https://github.com/Infopercept/xdr-dashboard-osd.git ref: 2.18.0 commit_id: 1706584d94159e38a77dc50340786d00d582f4d8 artifacts: dist: - dist/opensearch-dashboards-min-2.18.0-x64.rpm version: 2.18.0.0
TAR Archive Configuration
---schema-version: "1.2"build: name: OpenSearch Dashboards version: 2.18.0 platform: linux architecture: x64 distribution: tar id: 5c1e09cb1e714642ae7ffa9aedb26f40components: - name: OpenSearch-Dashboards repository: https://github.com/Infopercept/xdr-dashboard-osd.git ref: 2.18.0 commit_id: a0968a73d9ef7386dcd436f163bf6f5132a2c2f6 artifacts: dist: - dist/opensearch-dashboards-min-2.18.0-linux-x64.tar.gz version: 2.18.0.0
Plugin Configuration
Security Plugins
Core Security Dashboard
- name: securityDashboards repository: https://github.com/Infopercept/xdr-security-dashboard.git ref: v4.9.2-abacus commit_id: e2426e6158d4a790e37b174ac4b8e4462e86ad2d artifacts: plugins: - plugins/securityDashboards-2.18.0.zip version: 2.18.0.0
XDR Core Platform
- name: wazuhCore repository: https://github.com/Infopercept/xdr-core.git ref: 4.9.2-abacus commit_id: 5cf4fd992a0790b5b43a30080bb8bcf538c59667 artifacts: plugins: - plugins/wazuhCore-2.18.0.zip version: 2.18.0.0
XDR Plugin Integration
- name: invinsense repository: https://github.com/Infopercept/xdr-plugin.git ref: 4.9.2-abacus commit_id: 5293d96e57b5b4e0cf35f7f30bdea50cacf07d64 artifacts: plugins: - plugins/invinsense-2.18.0.zip version: 2.18.0.0
Monitoring and Alerting Plugins
Alerting Dashboard
- name: alertingDashboards repository: https://github.com/opensearch-project/alerting-dashboards-plugin.git ref: tags/2.18.0.0 commit_id: a545ffc0b8449d36af277a52893908dee86df155 artifacts: plugins: - plugins/alertingDashboards-2.18.0.zip version: 2.18.0.0
Observability Dashboard
- name: observabilityDashboards repository: https://github.com/opensearch-project/dashboards-observability.git ref: tags/2.18.0.0 commit_id: aa36965b33b682007cb5fe25ad73d3196ca0d69e artifacts: plugins: - plugins/observabilityDashboards-2.18.0.zip version: 2.18.0.0
Data Management Plugins
Index Management
- name: indexManagementDashboards repository: https://github.com/opensearch-project/index-management-dashboards-plugin.git ref: tags/2.18.0.0 commit_id: b4ece9fadb90067fa426a7a107797e20c55a6de3 artifacts: plugins: - plugins/indexManagementDashboards-2.18.0.zip version: 2.18.0.0
Reporting Dashboard
- name: reportsDashboards repository: https://github.com/opensearch-project/dashboards-reporting.git ref: tags/2.18.0.0 commit_id: aa788230d8b563a4d5d267eb3112cf61bc015cd4 artifacts: plugins: - plugins/reportsDashboards-2.18.0.zip version: 2.18.0.0
Visualization Plugins
Maps Dashboard
- name: customImportMapDashboards repository: https://github.com/opensearch-project/dashboards-maps.git ref: tags/2.18.0.0 commit_id: 511840ae5ca900610d521aad311677445269055f artifacts: plugins: - plugins/customImportMapDashboards-2.18.0.zip version: 2.18.0.0
Gantt Chart Visualizations
- name: ganttChartDashboards repository: https://github.com/opensearch-project/dashboards-visualizations.git ref: tags/2.18.0.0 commit_id: f106a7920607003522124b905493b305bfc08d3f artifacts: plugins: - plugins/ganttChartDashboards-2.18.0.zip version: 2.18.0.0
Communication Plugins
Notifications Dashboard
- name: notificationsDashboards repository: https://github.com/opensearch-project/dashboards-notifications.git ref: tags/2.18.0.0 commit_id: 84cef988b8b1c7285882bf4473630230aecf8f3b artifacts: plugins: - plugins/notificationsDashboards-2.18.0.zip version: 2.18.0.0
Update Management Plugins
Update Checker
- name: wazuhCheckUpdates repository: https://github.com/Infopercept/xdr-check-updates.git ref: 4.9.2-abacus commit_id: 5728f62260fbb75d717d8cb8e5a48a5b750034a6 artifacts: plugins: - plugins/wazuhCheckUpdates-2.18.0.zip version: 2.18.0.0
XDR Platform Integration
Architecture Overview
The XDR (Extended Detection and Response) platform integration involves several key components:
- XDR Core: Central platform functionality
- Security Dashboard: Security-focused visualizations
- Invinsense Plugin: XDR-specific capabilities
- Update Management: Automated update checking
Component Dependencies
graph TD A[OpenSearch Dashboards Core] --> B[Security Dashboards] A --> C[XDR Core] C --> D[Invinsense Plugin] C --> E[Update Checker] B --> F[Alerting Dashboard] A --> G[Index Management] A --> H[Observability]
Configuration Synchronization
Ensure all XDR components use compatible versions:
# Version alignment for XDR componentsxdr_components: ref_version: "4.9.2-abacus" opensearch_version: "2.18.0" plugin_compatibility: "2.18.0.0"
Build Process Automation
Build Script Example
#!/bin/bash
# OpenSearch Dashboards Build Script# Builds custom XDR-enabled OpenSearch Dashboards
set -e
MANIFEST_FILE="$1"BUILD_OUTPUT="$2"DISTRIBUTION_TYPE="${3:-deb}"
# Validate inputsif [[ -z "$MANIFEST_FILE" || -z "$BUILD_OUTPUT" ]]; then echo "Usage: $0 <manifest_file> <build_output> [distribution_type]" exit 1fi
# Parse manifestecho "📋 Parsing manifest file: $MANIFEST_FILE"BUILD_VERSION=$(grep -E "^\s+version:" "$MANIFEST_FILE" | head -1 | awk '{print $2}')BUILD_PLATFORM=$(grep -E "^\s+platform:" "$MANIFEST_FILE" | awk '{print $2}')BUILD_ARCH=$(grep -E "^\s+architecture:" "$MANIFEST_FILE" | awk '{print $2}')
echo "🔧 Building OpenSearch Dashboards $BUILD_VERSION for $BUILD_PLATFORM/$BUILD_ARCH"
# Create build environmentBUILD_DIR="/tmp/opensearch-build-$(date +%s)"mkdir -p "$BUILD_DIR"cd "$BUILD_DIR"
# Clone repositories and checkout specified commitsecho "📥 Cloning repositories..."while read -r line; do if [[ $line =~ repository:.*github\.com ]]; then repo_url=$(echo "$line" | sed 's/.*repository: *//g') echo "Cloning: $repo_url" # Add actual cloning logic here fidone < "$MANIFEST_FILE"
# Build processecho "🔨 Starting build process..."./build.sh --distribution="$DISTRIBUTION_TYPE" --platform="$BUILD_PLATFORM" --arch="$BUILD_ARCH"
# Package artifactsecho "📦 Packaging artifacts..."mv dist/* "$BUILD_OUTPUT/"
echo "✅ Build completed successfully"echo "📍 Artifacts available at: $BUILD_OUTPUT"
CI/CD Integration
GitHub Actions Workflow
name: Build OpenSearch Dashboards XDR
on: push: paths: - "manifests/*.yml" workflow_dispatch: inputs: distribution: description: "Distribution type" required: true default: "deb" type: choice options: - deb - rpm - tar
jobs: build: runs-on: ubuntu-latest
strategy: matrix: distribution: [deb, rpm, tar]
steps: - uses: actions/checkout@v3
- name: Setup Node.js uses: actions/setup-node@v3 with: node-version: "18"
- name: Setup Build Environment run: | sudo apt-get update sudo apt-get install -y build-essential
- name: Build OpenSearch Dashboards run: | ./scripts/build.sh manifests/opensearch-dashboards-${{ matrix.distribution }}.yml \ ./artifacts \ ${{ matrix.distribution }}
- name: Upload Artifacts uses: actions/upload-artifact@v3 with: name: opensearch-dashboards-${{ matrix.distribution }} path: ./artifacts/*
Security Considerations
Repository Security
Access Control
# Secure repository configurationrepositories: private_repos: - name: "xdr-security-dashboard" access_token: "${GITHUB_TOKEN}" verification: "signature_required" - name: "xdr-core" access_token: "${GITHUB_TOKEN}" verification: "signature_required"
public_repos: - name: "opensearch-project/*" verification: "checksum_validation"
Commit Verification
# Verify commit signaturesverify_commit() { local repo=$1 local commit=$2
cd "$repo" if git verify-commit "$commit" 2>/dev/null; then echo "✅ Commit $commit verified" return 0 else echo "❌ Commit $commit verification failed" return 1 fi}
Build Security
Checksum Validation
# Artifact validationvalidation: checksums: enabled: true algorithm: "sha256" signatures: enabled: true gpg_key: "build-signing-key" vulnerability_scanning: enabled: true scanner: "trivy"
Secure Build Environment
# Secure build containerFROM ubuntu:20.04
RUN apt-get update && apt-get install -y \ build-essential \ git \ nodejs \ npm \ && rm -rf /var/lib/apt/lists/*
# Create non-root build userRUN useradd -m -u 1000 builderUSER builderWORKDIR /home/builder
# Copy build scriptsCOPY --chown=builder:builder scripts/ ./scripts/COPY --chown=builder:builder manifests/ ./manifests/
# Set security flagsENV NODE_OPTIONS="--max-old-space-size=4096"ENV BUILD_SECURITY_MODE="strict"
Testing and Validation
Manifest Validation
#!/bin/bash
# Manifest validation scriptvalidate_manifest() { local manifest_file="$1"
echo "🔍 Validating manifest: $manifest_file"
# Check schema version if ! grep -q "schema-version: '1.2'" "$manifest_file"; then echo "❌ Invalid schema version" return 1 fi
# Validate component structure if ! yq eval '.components | length > 0' "$manifest_file" > /dev/null; then echo "❌ No components defined" return 1 fi
# Check for required fields required_fields=("name" "version" "platform" "architecture") for field in "${required_fields[@]}"; do if ! yq eval ".build.${field}" "$manifest_file" > /dev/null; then echo "❌ Missing required field: build.${field}" return 1 fi done
echo "✅ Manifest validation passed" return 0}
Plugin Compatibility Testing
# Plugin compatibility testtest_plugin_compatibility() { local plugin_path="$1" local opensearch_version="$2"
echo "🧪 Testing plugin compatibility: $plugin_path"
# Extract plugin.json unzip -q "$plugin_path" -d /tmp/plugin_test
# Check opensearch version compatibility required_version=$(jq -r '.opensearch.version' /tmp/plugin_test/plugin.json)
if [[ "$required_version" != "$opensearch_version" ]]; then echo "❌ Version mismatch: plugin requires $required_version, build uses $opensearch_version" return 1 fi
echo "✅ Plugin compatibility verified" rm -rf /tmp/plugin_test return 0}
Deployment Strategies
Production Deployment
Package Installation
# Debian/Ubuntu installationwget https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.18.0/opensearch-dashboards-2.18.0-amd64.debsudo dpkg -i opensearch-dashboards-2.18.0-amd64.deb
# RHEL/CentOS installationwget https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.18.0/opensearch-dashboards-2.18.0-x86_64.rpmsudo rpm -ivh opensearch-dashboards-2.18.0-x86_64.rpm
Configuration Management
# Ansible playbook for deployment- name: Deploy OpenSearch Dashboards XDR hosts: dashboard_servers become: yes
vars: opensearch_version: "2.18.0" xdr_plugins: - securityDashboards - wazuhCore - invinsense - wazuhCheckUpdates
tasks: - name: Install OpenSearch Dashboards package: name: "opensearch-dashboards={{ opensearch_version }}" state: present
- name: Install XDR plugins command: > /usr/share/opensearch-dashboards/bin/opensearch-dashboards-plugin install file:///opt/plugins/{{ item }}-{{ opensearch_version }}.zip loop: "{{ xdr_plugins }}"
- name: Configure dashboards template: src: opensearch_dashboards.yml.j2 dest: /etc/opensearch-dashboards/opensearch_dashboards.yml backup: yes notify: restart opensearch-dashboards
- name: Start and enable service systemd: name: opensearch-dashboards state: started enabled: yes
Docker Deployment
# Multi-stage build for productionFROM node:18-alpine AS builder
WORKDIR /usr/share/opensearch-dashboardsCOPY manifests/opensearch-dashboards-tar.yml ./manifest.ymlCOPY scripts/ ./scripts/
RUN ./scripts/build.sh manifest.yml ./dist tar
FROM opensearchproject/opensearch-dashboards:2.18.0
# Copy custom buildCOPY --from=builder /usr/share/opensearch-dashboards/dist/* /usr/share/opensearch-dashboards/
# Install additional dependenciesUSER rootRUN apt-get update && apt-get install -y \ curl \ && rm -rf /var/lib/apt/lists/*
USER opensearch-dashboards
# Health checkHEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \ CMD curl -f http://localhost:5601/api/status || exit 1
EXPOSE 5601
Monitoring and Maintenance
Health Monitoring
#!/bin/bash
# OpenSearch Dashboards health checkcheck_dashboard_health() { local host="${1:-localhost}" local port="${2:-5601}"
echo "🔍 Checking OpenSearch Dashboards health at $host:$port"
# Check service status response=$(curl -s -o /dev/null -w "%{http_code}" "http://$host:$port/api/status")
if [[ "$response" == "200" ]]; then echo "✅ OpenSearch Dashboards is healthy" return 0 else echo "❌ OpenSearch Dashboards health check failed (HTTP $response)" return 1 fi}
# Plugin status checkcheck_plugin_status() { local host="${1:-localhost}" local port="${2:-5601}"
echo "🔌 Checking plugin status"
# Get plugin list plugins=$(curl -s "http://$host:$port/api/status" | jq -r '.status.statuses[] | select(.id | startswith("plugin:")) | .id')
for plugin in $plugins; do status=$(curl -s "http://$host:$port/api/status" | jq -r ".status.statuses[] | select(.id == \"$plugin\") | .state") if [[ "$status" == "green" ]]; then echo "✅ $plugin: $status" else echo "⚠️ $plugin: $status" fi done}
Update Management
# Update process automationupdate_opensearch_dashboards() { local new_version="$1" local backup_dir="/opt/opensearch-dashboards/backups/$(date +%Y%m%d_%H%M%S)"
echo "🔄 Updating OpenSearch Dashboards to version $new_version"
# Create backup sudo mkdir -p "$backup_dir" sudo cp -r /etc/opensearch-dashboards "$backup_dir/" sudo cp -r /usr/share/opensearch-dashboards/plugins "$backup_dir/"
# Stop service sudo systemctl stop opensearch-dashboards
# Update package if command -v apt &> /dev/null; then sudo apt update sudo apt install -y "opensearch-dashboards=$new_version" elif command -v yum &> /dev/null; then sudo yum update -y "opensearch-dashboards-$new_version" fi
# Restore custom configurations sudo cp "$backup_dir/opensearch_dashboards.yml" /etc/opensearch-dashboards/
# Start service sudo systemctl start opensearch-dashboards
# Verify update if check_dashboard_health; then echo "✅ Update completed successfully" else echo "❌ Update failed, consider rollback" return 1 fi}
Troubleshooting
Common Issues
Plugin Installation Failures
# Plugin troubleshootingdebug_plugin_installation() { local plugin_name="$1"
echo "🔧 Debugging plugin installation: $plugin_name"
# Check plugin directory permissions ls -la /usr/share/opensearch-dashboards/plugins/
# Check opensearch-dashboards logs sudo journalctl -u opensearch-dashboards -n 50
# Verify plugin compatibility /usr/share/opensearch-dashboards/bin/opensearch-dashboards-plugin list
# Check for conflicting plugins grep -r "$plugin_name" /usr/share/opensearch-dashboards/plugins/}
Build Process Debugging
# Build debuggingdebug_build_process() { local manifest_file="$1"
echo "🐛 Debugging build process"
# Validate manifest syntax if ! yq eval '.' "$manifest_file" > /dev/null; then echo "❌ Invalid YAML syntax in manifest" return 1 fi
# Check repository access while read -r repo; do if git ls-remote "$repo" > /dev/null 2>&1; then echo "✅ Repository accessible: $repo" else echo "❌ Repository not accessible: $repo" fi done < <(yq eval '.components[].repository' "$manifest_file")
# Check disk space available_space=$(df /tmp | awk 'NR==2 {print $4}') if [[ $available_space -lt 5000000 ]]; then # 5GB in KB echo "❌ Insufficient disk space for build" return 1 fi}
Best Practices
Version Management
- Semantic Versioning: Use semantic versioning for all components
- Compatibility Matrix: Maintain compatibility matrix between OpenSearch and plugins
- Release Coordination: Coordinate releases across all XDR components
Security Practices
- Access Control: Implement strict access controls for private repositories
- Signature Verification: Verify all commits and artifacts
- Vulnerability Scanning: Regular vulnerability scans of all components
- Secrets Management: Use secure secrets management for tokens and keys
Build Optimization
- Caching: Implement build caching for faster builds
- Parallel Builds: Use parallel processing where possible
- Resource Allocation: Optimize resource allocation for build processes
- Artifact Management: Implement proper artifact versioning and storage
Conclusion
This comprehensive guide provides the foundation for managing OpenSearch Dashboards build configurations with XDR platform integration. The manifest-driven approach ensures consistent, reproducible builds while maintaining security and operational excellence.
Key benefits of this approach:
- Reproducible Builds: Consistent results across environments
- Version Control: Complete traceability of components and versions
- Security Integration: Built-in security controls and verification
- Automation Ready: Designed for CI/CD integration
- Scalable: Supports enterprise deployment scenarios
By following these practices and configurations, organizations can successfully deploy and maintain OpenSearch Dashboards with custom XDR capabilities while ensuring security, reliability, and maintainability.