Add OpenSearch storage configuration support to the interactive setup wizard

scripts/setup/lib/file_ops.sh

@@ -243,7 +243,7 @@ generate_env_file() {
 # keys no longer needed are not left behind in the compose file.
 _WIZARD_COMPOSE_LIGHTRAG_KEYS=(
   "EMBEDDING_BINDING_HOST" "RERANK_BINDING_HOST" "LLM_BINDING_HOST"
-  "REDIS_URI" "MONGO_URI" "NEO4J_URI" "MILVUS_URI" "QDRANT_URL" "MEMGRAPH_URI"
+  "REDIS_URI" "MONGO_URI" "NEO4J_URI" "MILVUS_URI" "QDRANT_URL" "MEMGRAPH_URI" "OPENSEARCH_HOSTS"
   "POSTGRES_HOST" "POSTGRES_PORT" "PORT" "HOST" "SSL_CERTFILE" "SSL_KEYFILE"
   "WORKING_DIR" "INPUT_DIR"
 )
@@ -252,7 +252,7 @@ _managed_service_root_name() {
   local service_name="$1"
 
   case "$service_name" in
-    postgres|neo4j|mongodb|redis|qdrant|memgraph|vllm-embed|vllm-rerank)
+    postgres|neo4j|mongodb|redis|qdrant|memgraph|opensearch|vllm-embed|vllm-rerank)
       printf '%s' "$service_name"
       ;;
     milvus|milvus-etcd|milvus-minio)
@@ -289,6 +289,9 @@ _managed_volume_root_name() {
     memgraph_data)
       printf 'memgraph'
       ;;
+    opensearch_data)
+      printf 'opensearch'
+      ;;
     vllm_rerank_cache)
       printf 'vllm-rerank'
       ;;
@@ -1086,6 +1089,8 @@ generate_docker_compose() {
         ;;
       memgraph)
         ;;
+      opensearch)
+        ;;
       vllm-rerank)
         ;;
       vllm-embed)

scripts/setup/lib/storage_requirements.sh

@@ -6,6 +6,7 @@ declare -ag KV_STORAGE_OPTIONS=(
   "RedisKVStorage"
   "PGKVStorage"
   "MongoKVStorage"
+  "OpenSearchKVStorage"
 )
 
 declare -ag GRAPH_STORAGE_OPTIONS=(
@@ -14,6 +15,7 @@ declare -ag GRAPH_STORAGE_OPTIONS=(
   "PGGraphStorage"
   "MongoGraphStorage"
   "MemgraphStorage"
+  "OpenSearchGraphStorage"
 )
 
 declare -ag VECTOR_STORAGE_OPTIONS=(
@@ -23,35 +25,41 @@ declare -ag VECTOR_STORAGE_OPTIONS=(
   "FaissVectorDBStorage"
   "QdrantVectorDBStorage"
   "MongoVectorDBStorage"
+  "OpenSearchVectorDBStorage"
 )
 
 declare -ag DOC_STATUS_STORAGE_OPTIONS=(
   "JsonDocStatusStorage"
   "RedisDocStatusStorage"
   "PGDocStatusStorage"
   "MongoDocStatusStorage"
+  "OpenSearchDocStatusStorage"
 )
 
 declare -Ag STORAGE_ENV_REQUIREMENTS=(
   ["JsonKVStorage"]=""
   ["MongoKVStorage"]="MONGO_URI MONGO_DATABASE"
   ["RedisKVStorage"]="REDIS_URI"
   ["PGKVStorage"]="POSTGRES_USER POSTGRES_PASSWORD POSTGRES_DATABASE"
+  ["OpenSearchKVStorage"]="OPENSEARCH_HOSTS OPENSEARCH_USER OPENSEARCH_PASSWORD"
   ["NetworkXStorage"]=""
   ["Neo4JStorage"]="NEO4J_URI NEO4J_USERNAME NEO4J_PASSWORD"
   ["MongoGraphStorage"]="MONGO_URI MONGO_DATABASE"
   ["MemgraphStorage"]="MEMGRAPH_URI"
   ["PGGraphStorage"]="POSTGRES_USER POSTGRES_PASSWORD POSTGRES_DATABASE"
+  ["OpenSearchGraphStorage"]="OPENSEARCH_HOSTS OPENSEARCH_USER OPENSEARCH_PASSWORD"
   ["NanoVectorDBStorage"]=""
   ["MilvusVectorDBStorage"]="MILVUS_URI MILVUS_DB_NAME"
   ["PGVectorStorage"]="POSTGRES_USER POSTGRES_PASSWORD POSTGRES_DATABASE"
   ["FaissVectorDBStorage"]=""
   ["QdrantVectorDBStorage"]="QDRANT_URL"
   ["MongoVectorDBStorage"]="MONGO_URI MONGO_DATABASE"
+  ["OpenSearchVectorDBStorage"]="OPENSEARCH_HOSTS OPENSEARCH_USER OPENSEARCH_PASSWORD"
   ["JsonDocStatusStorage"]=""
   ["RedisDocStatusStorage"]="REDIS_URI"
   ["PGDocStatusStorage"]="POSTGRES_USER POSTGRES_PASSWORD POSTGRES_DATABASE"
   ["MongoDocStatusStorage"]="MONGO_URI MONGO_DATABASE"
+  ["OpenSearchDocStatusStorage"]="OPENSEARCH_HOSTS OPENSEARCH_USER OPENSEARCH_PASSWORD"
 )
 
 declare -Ag STORAGE_DB_TYPES=(
@@ -69,4 +77,8 @@ declare -Ag STORAGE_DB_TYPES=(
   ["MemgraphStorage"]="memgraph"
   ["MilvusVectorDBStorage"]="milvus"
   ["QdrantVectorDBStorage"]="qdrant"
+  ["OpenSearchKVStorage"]="opensearch"
+  ["OpenSearchGraphStorage"]="opensearch"
+  ["OpenSearchVectorDBStorage"]="opensearch"
+  ["OpenSearchDocStatusStorage"]="opensearch"
 )

scripts/setup/setup.sh

@@ -60,6 +60,7 @@ STORAGE_SERVICES=(
   "milvus"
   "qdrant"
   "memgraph"
+  "opensearch"
 )
 DEFAULT_RUNTIME_TARGET="host"
 COMPOSE_LIGHTRAG_WORKING_DIR="/app/data/rag_storage"
@@ -434,6 +435,11 @@ set_managed_service_compose_overrides() {
         set_compose_override "MEMGRAPH_URI" "bolt://memgraph:7687"
       fi
       ;;
+    opensearch)
+      if [[ -z "${COMPOSE_ENV_OVERRIDES[OPENSEARCH_HOSTS]+set}" ]]; then
+        set_compose_override "OPENSEARCH_HOSTS" "opensearch:9200"
+      fi
+      ;;
   esac
 }
 
@@ -472,7 +478,7 @@ prepare_compose_runtime_overrides() {
     fi
   fi
 
-  for root_service in postgres neo4j mongodb redis milvus qdrant memgraph; do
+  for root_service in postgres neo4j mongodb redis milvus qdrant memgraph opensearch; do
     if [[ -n "${DOCKER_SERVICE_SET[$root_service]+set}" ]]; then
       set_managed_service_compose_overrides "$root_service"
     fi
@@ -485,7 +491,8 @@ prepare_compose_runtime_overrides() {
     "NEO4J_URI" \
     "MILVUS_URI" \
     "QDRANT_URL" \
-    "MEMGRAPH_URI"; do
+    "MEMGRAPH_URI" \
+    "OPENSEARCH_HOSTS"; do
     if [[ -n "${COMPOSE_ENV_OVERRIDES[$key]+set}" ]]; then
       continue
     fi
@@ -557,7 +564,7 @@ restore_storage_docker_services_from_env() {
   local db_type
   local marker_key=""
   local service_name=""
-  local db_types=("postgresql" "neo4j" "mongodb" "redis" "milvus" "qdrant" "memgraph")
+  local db_types=("postgresql" "neo4j" "mongodb" "redis" "milvus" "qdrant" "memgraph" "opensearch")
 
   for db_type in "${db_types[@]}"; do
     marker_key="$(storage_deployment_marker_key "$db_type")"
@@ -917,7 +924,7 @@ storage_service_name_for_db_type() {
     postgresql)
       printf 'postgres'
       ;;
-    neo4j|mongodb|redis|milvus|qdrant|memgraph)
+    neo4j|mongodb|redis|milvus|qdrant|memgraph|opensearch)
       printf '%s' "$db_type"
       ;;
     *)
@@ -951,6 +958,9 @@ storage_deployment_marker_key() {
     memgraph)
       printf 'LIGHTRAG_SETUP_MEMGRAPH_DEPLOYMENT'
       ;;
+    opensearch)
+      printf 'LIGHTRAG_SETUP_OPENSEARCH_DEPLOYMENT'
+      ;;
     *)
       printf ''
       ;;
@@ -995,7 +1005,7 @@ persist_storage_deployment_choice() {
 clear_unused_storage_deployment_markers() {
   local db_type
 
-  for db_type in postgresql neo4j mongodb redis milvus qdrant memgraph; do
+  for db_type in postgresql neo4j mongodb redis milvus qdrant memgraph opensearch; do
     if [[ -z "${REQUIRED_DB_TYPES[$db_type]+set}" ]]; then
       persist_storage_deployment_choice "$db_type" "no"
     fi
@@ -1030,6 +1040,9 @@ collect_database_config() {
     memgraph)
       collect_memgraph_config "$default_docker"
       ;;
+    opensearch)
+      collect_opensearch_config "$default_docker"
+      ;;
     *)
       echo "Unknown database type: $db_type" >&2
       return 1
@@ -1370,6 +1383,46 @@ collect_memgraph_config() {
   fi
 }
 
+collect_opensearch_config() {
+  local default_docker="${1:-no}"
+  local use_docker="no"
+  local hosts user password
+
+  if [[ "$default_docker" == "yes" ]]; then
+    if confirm_default_yes "Run OpenSearch locally via Docker?"; then
+      use_docker="yes"
+    fi
+  else
+    if confirm_default_no "Run OpenSearch locally via Docker?"; then
+      use_docker="yes"
+    fi
+  fi
+
+  if [[ "$use_docker" == "yes" ]]; then
+    add_docker_service "opensearch"
+    hosts="$(prefer_local_service_uri "${ENV_VALUES[OPENSEARCH_HOSTS]:-}" "localhost:9200" "opensearch" "localhost" "127.0.0.1" "0.0.0.0")"
+  else
+    hosts="${ENV_VALUES[OPENSEARCH_HOSTS]:-localhost:9200}"
+  fi
+
+  hosts="$(prompt_with_default "OpenSearch hosts" "$hosts")"
+  user="$(prompt_with_default "OpenSearch user" "${ENV_VALUES[OPENSEARCH_USER]:-admin}")"
+  password="$(prompt_secret_with_default "OpenSearch password: " "${ENV_VALUES[OPENSEARCH_PASSWORD]:-LightRAG2026_!@}")"
+
+  ENV_VALUES["OPENSEARCH_HOSTS"]="$hosts"
+  ENV_VALUES["OPENSEARCH_USER"]="$user"
+  ENV_VALUES["OPENSEARCH_PASSWORD"]="$password"
+  ENV_VALUES["OPENSEARCH_USE_SSL"]="${ENV_VALUES[OPENSEARCH_USE_SSL]:-true}"
+  ENV_VALUES["OPENSEARCH_VERIFY_CERTS"]="${ENV_VALUES[OPENSEARCH_VERIFY_CERTS]:-false}"
+  ENV_VALUES["OPENSEARCH_USE_PPL_GRAPHLOOKUP"]="${ENV_VALUES[OPENSEARCH_USE_PPL_GRAPHLOOKUP]:-false}"
+
+  if [[ "$use_docker" == "yes" ]]; then
+    set_compose_override "OPENSEARCH_HOSTS" "opensearch:9200"
+  else
+    set_compose_override "OPENSEARCH_HOSTS" ""
+  fi
+}
+
 clear_bedrock_credentials() {
   unset 'ENV_VALUES[AWS_ACCESS_KEY_ID]'
   unset 'ENV_VALUES[AWS_SECRET_ACCESS_KEY]'
@@ -2244,7 +2297,7 @@ finalize_base_setup() {
 env_storage_flow() {
   local env_file="${REPO_ROOT}/.env"
   local db_type
-  local db_order=("postgresql" "neo4j" "mongodb" "redis" "milvus" "qdrant" "memgraph")
+  local db_order=("postgresql" "neo4j" "mongodb" "redis" "milvus" "qdrant" "memgraph" "opensearch")
 
   if [[ ! -f "$env_file" ]]; then
     format_error "No .env file found." "Run 'make env-base' first to configure LLM and embedding."
@@ -2640,6 +2693,10 @@ validate_env_file() {
     format_error "Invalid POSTGRES_PORT" "Use a port between 1 and 65535."
     errors=1
   fi
+  if [[ -n "${ENV_VALUES[OPENSEARCH_HOSTS]:-}" ]] && [[ -z "${ENV_VALUES[OPENSEARCH_HOSTS]}" ]]; then
+    format_error "Empty OPENSEARCH_HOSTS" "Set it to host:port (e.g. localhost:9200)."
+    errors=1
+  fi
   if ((errors != 0)); then
     return 1
   fi
@@ -2752,6 +2809,16 @@ security_check_env_file() {
     fi
   fi
 
+  if [[ -n "${ENV_VALUES[OPENSEARCH_PASSWORD]:-}" ]]; then
+    local os_pass="${ENV_VALUES[OPENSEARCH_PASSWORD]}"
+    if [[ "$os_pass" == "admin" || "$os_pass" == "LightRAG2026_!@" ]]; then
+      report_security_issue \
+        "OPENSEARCH_PASSWORD uses a well-known default value." \
+        "Set a unique, strong password for the OpenSearch admin account."
+      findings=$((findings + 1))
+    fi
+  fi
+
   if ((findings == 0)); then
     log_success "No obvious security issues found in ${env_file}."
     return 0

scripts/setup/templates/opensearch.yml

@@ -0,0 +1,27 @@
+  opensearch:
+    image: opensearchproject/opensearch:3
+    environment:
+      - discovery.type=single-node
+      - OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_PASSWORD:?missing}
+      - OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m
+    ports:
+      - "9200:9200"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - opensearch_data:/usr/share/opensearch/data
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - 'PORT_HEX="$(printf ''%04X'' 9200)"; cat /proc/net/tcp /proc/net/tcp6 2>/dev/null | grep -q ":$${PORT_HEX} "'
+      interval: 10s
+      timeout: 5s
+      retries: 30
+      start_period: 30s
+    stop_grace_period: 30s
+    restart: unless-stopped