Creating an OpenSearch cluster

Written by

Updated at May 5, 2025

Roles for creating a cluster
Creating a cluster
Creating a cluster copy
Examples
Managing database connection parameters using Connection Manager

A Managed Service for OpenSearch cluster is a group of multiple interlinked OpenSearch and Dashboards hosts. A cluster provides high search performance by distributing search and indexing tasks across all cluster hosts with the DATA role. To learn more about roles in the cluster, see Host roles.

Available disk types depend on the selected host class.

For more information, see Resource relationships in the service.

Roles for creating a cluster

To create a Managed Service for OpenSearch cluster, you will need the vpc.user and managed-opensearch.editor roles or higher.

To link your service account to a cluster, e.g., to use Yandex Object Storage, make sure your Yandex Cloud account has the iam.serviceAccounts.user role or higher.

For more information about assigning roles, see the Yandex Identity and Access Management documentation.

Creating a cluster

When creating a cluster, you need to specify individual parameters for each host group.

Management console

CLI

Terraform

REST API

gRPC API

To create a Managed Service for OpenSearch cluster:

In the management console, select the folder where you want to create a cluster.
Select Managed Service for OpenSearch.
Click Create cluster.
Under Basic parameters:
1. Enter a name for the cluster. It must be unique within the folder.
2. (Optional) Enter a cluster description.
3. Select the environment where you want to create the cluster (you cannot change the environment once the cluster is created):
  - PRODUCTION: For stable versions of your apps.
  - PRESTABLE: For testing purposes. The prestable environment is similar to the production environment and likewise covered by the SLA, but it is the first to get new functionalities, improvements, and bug fixes. In the prestable environment, you can test compatibility of new versions with your application.
4. Select the OpenSearch version.
5. Select the plugins you want to install in the cluster.
Under Network settings, select a cloud network to host the cluster and security groups for cluster network traffic. You may need to additionally set up security groups to be able to connect to the cluster.
Under Virtual node group 1, configure the OpenSearch host group:
1. Select the host group type: OpenSearch
2. Enter a name for the host group. It must be unique within the cluster.
3. Select the DATA and MANAGER host roles.
4. Select the platform, host type, and host class.
  
  The host class defines the technical characteristics of virtual machines that OpenSearch nodes are deployed on. All available options are listed under Host classes.
5. Select the disk type and data storage size.
  
  The selected type determines the increments in which you can change your disk size:
  - Network HDD and SSD storage: In increments of 1 GB.
  - Local SSD storage:
    - For Intel Cascade Lake: In increments of 100 GB.
    - For Intel Ice Lake: In increments of 368 GB.
  - Non-replicated SSD storage: In increments of 93 GB.
6. (Optional) Under Automatic increase of storage size, configure the automatic increase of disk size:
  - In the Increase size field, set the conditions to:
    - Increase the storage size during the next maintenance window if the storage is more than the specified percent (%) full.
    - Increase the storage size right away if the storage is more than the specified percent (%) full.
    You can set both conditions, but the threshold for immediate increase must be higher than that for increase during the maintenance window.
  - In the Maximum storage size field, specify the maximum storage size that can be set when increasing the storage size automatically.
    
    If the specified threshold is reached, the storage size increases differently depending on disk type:
    - For network HDDs and SSDs, by the higher of the two values: 20 GB or 20% of the current disk size.
    - For non-replicated SSDs, by 93 GB.
    - For local SSDs:
      - Intel Cascade Lake cluster, by 100 GB.
      - Intel Ice Lake cluster, by 368 GB.
    If the threshold is reached again, the storage size will be automatically increased until it reaches the specified maximum. After that, you can specify a new maximum storage size manually.
    Warning
    You cannot decrease the storage size.
    
    While resizing the storage, cluster hosts will be unavailable.
  If you have set up the storage size to increase within the maintenance window, set up a schedule for the maintenance window.
7. Specify how hosts should be distributed across availability zones and subnets.
8. Select the number of hosts to create.
9. Enable Public access if you want to allow connecting to hosts over the internet.
  
  Tip
  
  For security reasons, we do not recommend enabling public access for hosts with the MANAGER role.
Warning

After creating your cluster, you can only change the host configuration using the API. However, you can also create a new host group with a different configuration if needed.
Configure the Dashboards host group under Virtual node group 2, if required:
1. Select the platform, host type, and host class.
2. Set up storage in the same way as for OpenSearch hosts.
3. Specify how hosts should be distributed across availability zones and subnets.
4. Select the number of hosts to create.
5. Enable Public access if you want to allow connecting to hosts over the internet.
  
  Tip
  
  You can use OpenSearch Dashboards even if you can't request public access to the hosts (for example, for security reasons). To do this, proxy the connections via the virtual machine in Yandex Compute Cloud that is hosted in the same network as the cluster. For more information, see Connecting to OpenSearch Dashboards.
If required, click Add virtual node group to add another host group or more.
Under Service settings:
1. Enter the password for the admin user.
  
  This is a special user that is required for managing clusters and cannot be deleted. It is assigned the superuser role and can perform any operations on clusters.
  
  Tip
  
  This user is not intended for routine jobs; for those, we recommend creating regular users. For more information, see Managing OpenSearch users.
2. If required, change additional cluster settings:
  - Maintenance window: Maintenance window settings:
    - To enable maintenance at any time, select arbitrary (default).
    - To specify the preferred maintenance start time, select by schedule and specify the desired day of the week and UTC hour. For example, you can choose a time when the cluster is least loaded.
    Maintenance operations are carried out both on enabled and disabled clusters. They may include updating the DBMS, applying patches, and so on.
  - Service account is an account to access Yandex Object Storage as a repository of OpenSearch snapshots. For more detail on service accounts, see the Yandex Identity and Access Management documentation.
  - Deletion protection: Manages cluster protection against accidental deletion.
    
    Even with cluster deletion protection enabled, one can still delete a user or connect to the cluster manually and delete the data.
Click Create cluster.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

To create a Managed Service for OpenSearch cluster:

View the description of the CLI command to create a cluster:
```
yc managed-opensearch cluster create --help
```
Specify cluster parameters in the create command (the list of supported parameters in the example is not exhaustive):
```
yc managed-opensearch cluster create \
   --name <cluster_name> \
   --description <cluster_description> \
   --labels <labels> \
   --environment <environment:_production_or_prestable> \
   --network-name <network_name> \
   --security-group-ids <security_group_IDs> \
   --service-account-name <service_account_name> \
   --delete-protection \
   --maintenance schedule=<maintenance_type>,`
                `weekday=<day_of_week>,`
                `hour=<hour> \
   --version <OpenSearch_version> \
   --read-admin-password \
   --data-transfer-access=<true_or_false> \
   --serverless-access=<true_or_false> \
   --plugins <OpenSearch_plugins> \
   --advanced-params <additional_parameters> \
   --opensearch-node-group name=<OpenSearch_host_group_name>,`
                          `resource-preset-id=<host_class>,`
                          `disk-size=<disk_size_in_bytes>,`
                          `disk-type-id=<network-hdd|network-ssd|network-ssd-io-m3|network-ssd-nonreplicated|local-ssd>,`
                          `hosts-count=<number_of_hosts_in_group>,`
                          `zone-ids=<availability_zones>,`
                          `subnet-names=<subnet_names>,`
                          `assign-public-ip=<assign_public_address:_true_or_false>,`
                          `roles=<host_roles> \
   --dashboards-node-group name=<Dashboards_host_group_name>,`
                          `resource-preset-id=<host_class>,`
                          `disk-size=<disk_size_in_bytes>,`
                          `disk-type-id=<network-ssd>,`
                          `hosts-count=<number_of_hosts_in_group>,`
                          `zone-ids=<availability_zones>,`
                          `subnet-names=<subnet_names>,`
                          `assign-public-ip=<assign_public_address:_true_or_false>
```
Where:
- --labels: Yandex Cloud labels labels in <key>=<value> format. You can use them to logically separate resources.
- --environment: Environment:
  - production: For stable versions of your apps.
  - prestable: For testing purposes. The prestable environment is similar to the production environment and likewise covered by the SLA, but it is the first to get new functionalities, improvements, and bug fixes. In the prestable environment, you can test compatibility of new versions with your application.
- --service-account-name: Name of the service account for access to Yandex Object Storage as a repository of OpenSearch snapshots. For more information on service accounts, see the Yandex Identity and Access Management documentation.
- --deletion-protection: Cluster protection from accidental deletion, true or false.
  
  Even with cluster deletion protection enabled, one can still delete a user or connect to the cluster manually and delete the data.
- --maintenance: Maintenance window settings:
  - To allow maintenance at any time, do not specify the --maintenance parameter in the command (default configuration) or specify --maintenance schedule=anytime.
  - To specify the preferred start time for maintenance, specify this parameter in the command: --maintenance schedule=weekly,weekday=<day_of_week>,hour=<hour_in_UTC>. In this case, maintenance will take place every week on a specified day at a specified time.
  Both enabled and disabled clusters undergo maintenance. Maintenance may involve such operations as applying patches or updating DBMS's.
- --read-admin-password: admin user password. If you specify this parameter in the command, it will prompt you to enter a password.
- --serverless-access: Access from Yandex Serverless Containers, true or false.
- --plugins: OpenSearch plugins to install in the cluster.
- --advanced-params: Additional cluster parameters. The possible values are:
  - max-clause-count: Maximum allowed number of boolean clauses per query. For more information, see the OpenSearch documentation.
  - fielddata-cache-size: JVM heap size allocated for the fielddata data structure. You can specify either an absolute value or percentage, e.g., 512mb or 50%. For more information, see the OpenSearch documentation.
  - reindex-remote-whitelist: List of remote hosts whose indexes contain documents to copy for reindexing. Specify the parameter value as <host_address>:<port>. If you need to specify more than one host, list values separated by commas. For more information, see the OpenSearch documentation.
- --opensearch-node-group: OpenSearch host group configuration, where:
  - resource-preset-id: Host class that defines the configuration of virtual machines the OpenSearch nodes will be deployed on. All available options are listed under Host classes.
  - disk-size: Disk size in bytes. The minimum and maximum values depend on the selected host class.
  - disk-type-id: Disk type.
  - zone-ids: Availability zones Separate zones with commas and enclose them in square brackets. Here is an example:
```
zone-ids=[ru-central1-a,ru-central1-b,ru-central1-d]
```
  - subnet-names: Name of the subnets in the specified availability zones. Separate subnets with commas and enclose them in square brackets. Here is an example:
```
subnet-names=[default-ru-central1-a,default-ru-central1-b,default-ru-central1-d]
```
    You can specify the subnet-ids parameter with network IDs instead of subnet-names. Separate IDs with commas and enclosed them in square brackets. Here is an example:
```
subnet-ids=[e9bp8qmchqh2********,e2l963gkhobo********,fl8klaabecc3********]
```
  - roles: Host roles. The possible values are as follows:
    - data: Assigns the DATA role only.
    - manager: Assigns the MANAGER role only.
    - data+manager or manager+data: Assigns both roles.
    Tip
    
    For security reasons, we do not recommend enabling public access to hosts with the MANAGER role.
- --dashboards-node-group: Dashboards host group configuration. It is configured in the same way as the OpenSearch host group, except for the host roles. You do not need to configure any roles for the Dashboards group.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the documentation on the Terraform website or mirror website.

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

To create a Managed Service for OpenSearch cluster:

In the configuration file, describe the resources you want to create:

DB cluster: Description of the Managed Service for OpenSearch cluster and its hosts
Network: Description of the cloud network where a cluster will be located. If you already have a suitable network, you don't have to describe it again.
Subnets: Description of the subnets to connect the cluster hosts to. If you already have suitable subnets, you don't have to describe them again.

Here is an example of the configuration file structure:

resource "yandex_mdb_opensearch_cluster" "<cluster_name>" {
  name                = "<cluster_name>"
  environment         = "<environment>"
  network_id          = "<network_ID>"
  security_group_ids  = ["<list_of_security_group_IDs>"]
  deletion_protection = "<cluster_deletion_protection>"

  config {

    version        = "<OpenSearch_version>"
    admin_password = "<admin_user_password>"

    opensearch {
      node_groups {
        name             = "<virtual_host_group_name>"
        assign_public_ip = <public_access>
        hosts_count      = <number_of_hosts>
        zone_ids         = ["<list_of_availability_zones>"]
        subnet_ids       = ["<list_of_subnet_IDs>"]
        roles            = ["<role_list>"]
        resources {
          resource_preset_id = "<host_class>"
          disk_size          = <storage_size_in_bytes>
          disk_type_id       = "<disk_type>"
        }
      }

      plugins = ["<list_of_plugin_names>"]

    }

    dashboards {
      node_groups {
        name             = "<virtual_host_group_name>"
        assign_public_ip = <public_access>
        hosts_count      = <number_of_hosts>
        zone_ids         = ["<list_of_availability_zones>"]
        subnet_ids       = ["<list_of_subnet_IDs>"]
        resources {
          resource_preset_id = "<host_class>"
          disk_size          = <storage_size_in_bytes>
          disk_type_id       = "<disk_type>"
        }
      }
    }
  }
  maintenance_window {
    type = <maintenance_type>
    day  = <day_of_week>
    hour = <hour>
  }
}

resource "yandex_vpc_network" "<network_name>" { 
  name = "<network_name>"
}

resource "yandex_vpc_subnet" "<subnet_name>" {
  name           = "<subnet_name>"
  zone           = "<availability_zone>"
  network_id     = "<network_ID>"
  v4_cidr_blocks = ["<range>"]
}

Where:

environment: Environment, PRESTABLE or PRODUCTION.
deletion_protection: Cluster protection from accidental deletion, true or false.

Even with cluster deletion protection enabled, one can still delete a user or connect to the cluster manually and delete the data.
assign_public_ip: Public access to the host, true or false.
roles: DATA and MANAGER host roles.
maintenance_window: Maintenance window settings (including those for disabled clusters):
- type: Maintenance type. The possible values include:
  - ANYTIME: Anytime.
  - WEEKLY: On a schedule.
- day: Day of the week in DDD format for the WEEKLY type, e.g., MON.
- hour: Hour UTC in HH format for the WEEKLY type, e.g., 21.

For a complete list of available Managed Service for OpenSearch cluster configuration fields, see the Terraform provider documentation.

Make sure the settings are correct.
1. In the command line, navigate to the directory that contains the current Terraform configuration files defining the infrastructure.
2. Run this command:
```
terraform validate
```
  Terraform will show any errors found in your configuration files.
Create a cluster.
1. Run this command to view the planned changes:
```
terraform plan
```
  If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.
2. If everything looks correct, apply the changes:
  1. Run this command:
```
terraform apply
```
  2. Confirm updating the resources.
  3. Wait for the operation to complete.
Timeouts
The Terraform provider sets the following timeouts for Managed Service for OpenSearch cluster operations:
- Creating a cluster, including restoring from a backup: 30 minutes.
- Editing a cluster: 60 minutes.
- Deleting a cluster: 15 minutes.
Operations exceeding the set timeout are interrupted.
How do I change these limits?
Add the timeouts block to the cluster description, for example:

resource "yandex_mdb_opensearch_cluster" "<cluster_name>" { ... timeouts { create = "1h30m" # 1 hour 30 minutes update = "2h" # 2 hours delete = "30m" # 30 minutes } }

Get an IAM token for API authentication and put it into the environment variable:
```
export IAM_TOKEN="<IAM_token>"
```

Create a file named body.json and add the following contents to it:

{
    "folderId": "<folder_ID>",
    "name": "<cluster_name>",
    "environment": "<environment>",
    "networkId": "<network_ID>",
    "securityGroupIds": [
        "<security_group_1_ID>",
        "<security_group_2_ID>",
        ...
        "<security_group_N_ID>"
    ],
    "serviceAccountId": "<service_account_ID>",
    "deletionProtection": <cluster_deletion_protection:_true_or_false>,
    "configSpec": {
        "version": "<OpenSearch_version>",
        "adminPassword": "<admin_user_password>",
        "opensearchSpec": {
            "plugins": [
                "<OpenSearch_pugin_1>",
                "<OpenSearch_pugin_2>",
                ...
                "<OpenSearch_pugin_N>"
            ],
            "nodeGroups": [
                {
                    "name": "<host_group_name>",
                    "resources": {
                        "resourcePresetId": "<host_class>",
                        "diskSize": "<storage_size_in_bytes>",
                        "diskTypeId": "<disk_type>"
                    },
                    "roles": ["<role_1>","<role_2>"],
                    "hostsCount": "<number_of_hosts>",
                    "zoneIds": [
                        "<availability_zone_1>",
                        "<availability_zone_2>",
                        "<availability_zone_3>"
                    ],
                    "subnetIds": [
                        "<subnet_1_ID>",
                        "<subnet_2_ID>",
                        "<subnet_3_ID>"
                    ],
                    "assignPublicIp": <public_host_address:_true_or_false>,
                    "diskSizeAutoscaling": {
                        "plannedUsageThreshold": "<scheduled_increase_percentage>",
                        "emergencyUsageThreshold": "<immediate_increase_percentage>",
                        "diskSizeLimit": "<maximum_storage_size_in_bytes>"
                    }
                },
                ...
            ]
        },
        "dashboardsSpec": {
            "nodeGroups": [
                {
                    "name": "<host_group_name>",
                    "resources": {
                        "resourcePresetId": "<host_class>",
                        "diskSize": "<storage_size_in_bytes>",
                        "diskTypeId": "<disk_type>"
                    },
                    "hostsCount": "<number_of_hosts>",
                    "zoneIds": ["<availability_zone>"],
                    "subnetIds": ["<subnet_ID>"],
                    "assignPublicIp": <public_host_address:_true_or_false>,
                    "diskSizeAutoscaling": {
                        "plannedUsageThreshold": "<scheduled_increase_percentage>",
                        "emergencyUsageThreshold": "<immediate_increase_percentage>",
                        "diskSizeLimit": "<maximum_storage_size_in_bytes>"
                    }
                }
            ]
        },
        "access": {
            "dataTransfer": <access_from_Data_Transfer:_true_or_false>,
            "serverless": <access_from_Serverless_Containers:_true_or_false>
        }
    },
    "maintenanceWindow": {
        "weeklyMaintenanceWindow": {
            "day": "<day_of_week>",
            "hour": "<hour>"
        }
    }
}

Where:

folderId: Folder ID. You can request it with the list of folders in the cloud.
name: Cluster name.
environment: Cluster environment, PRODUCTION or PRESTABLE.
networkId: ID of the network the cluster will be in.
securityGroupIds: Security group IDs.
serviceAccountId: ID of the service account used for cluster operations.
deletionProtection: Cluster protection from accidental deletion.

Even with cluster deletion protection enabled, one can still delete a user or connect to the cluster manually and delete the data.
configSpec: Cluster settings:
- version: OpenSearch version.
- adminPassword: admin user password.
- opensearchSpec: OpenSearch host group settings:
  - plugins: List of OpenSearch plugins you should additionally install in the cluster.
  - nodeGroups: Host settings as an array of elements, one for each host group. Each element has the following structure:
    - name: Host group name.
    - resources: Cluster resources:
      - resourcePresetId: Host class.
      - diskSize: Disk size in bytes.
      - diskTypeId: Disk type.
    - roles: List of host roles. A cluster must include at least one group of DATA hosts and one group of MANAGER hosts. This can be a single group with two roles or several groups with different roles.
    - hostsCount: Number of hosts in the group. Minimum number of DATA hosts: one; minimum number of MANAGER hosts: three.
    - zoneIds: List of availability zones the cluster hosts are located in.
    - subnetIds: Subnet IDs list.
    - assignPublicIp: Permission to connect to the host from the internet.
    - diskSizeAutoscaling: Automatic storage size increase settings:
      - plannedUsageThreshold: Storage utilization percentage to trigger a storage increase during the next maintenance window.
        
        Use a percentage value between 0 and 100. The default value is 0 (automatic increase is disabled).
        
        If you have set this parameter, configure the maintenance window schedule in the maintenanceWindow parameter.
      - emergencyUsageThreshold: Storage utilization percentage to trigger an immediate storage increase.
        
        Use a percentage value between 0 and 100. The default value is 0 (automatic increase is disabled). This parameter value must be greater than or equal to plannedUsageThreshold.
      - diskSizeLimit: Maximum storage size, in bytes, that can be set when utilization reaches one of the specified percentages.
- dashboardsSpec: Settings for Dashboards host groups. Contains the nodeGroups parameter of the same structure as opensearchSpec.nodeGroups. The roles parameter is the exception: the Dashboards hosts can only have one role, DASHBOARDS, so there is no need to specify it.
- access: Cluster settings for access to the following Yandex Cloud services:
  - dataTransfer: Yandex Data Transfer
  - serverless: Yandex Serverless Containers
maintenance_window.weeklyMaintenanceWindow: Maintenance window schedule:
- day: Day of week, in DDD format, for scheduled maintenance.
- hour: Hour, in HH format, for scheduled maintenance. The values range from 1 to 24. Use the UTC time zone.

Use the Cluster.Create method and send the following request, e.g., via cURL:

curl \
    --request POST \
    --header "Authorization: Bearer $IAM_TOKEN" \
    --header "Content-Type: application/json" \
    --url 'https://mdb.api.cloud.yandex.net/managed-opensearch/v1/clusters' \
    --data "@body.json"

View the server response to make sure the request was successful.

Get an IAM token for API authentication and put it into the environment variable:
```
export IAM_TOKEN="<IAM_token>"
```
Clone the cloudapi repository:
```
cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
```
Below, we assume the repository contents are stored in the ~/cloudapi/ directory.

Create a file named body.json and add the following contents to it:

{
    "folder_id": "<folder_ID>",
    "name": "<cluster_name>",
    "environment": "<environment>",
    "network_id": "<network_ID>",
    "security_group_ids": [
        "<security_group_1_ID>",
        "<security_group_2_ID>",
        ...
        "<security_group_N_ID>"
    ],
    "service_account_id": "<service_account_ID>",
    "deletion_protection": <cluster_deletion_protection:_true_or_false>,
    "config_spec": {
        "version": "<OpenSearch_version>",
        "admin_password": "<admin_user_password>",
        "opensearch_spec": {
            "plugins": [
                "<OpenSearch_pugin_1>",
                "<OpenSearch_pugin_2>",
                ...
                "<OpenSearch_pugin_N>"
            ],
            "node_groups": [
                {
                    "name": "<host_group_name>",
                    "resources": {
                        "resource_preset_id": "<host_class>",
                        "disk_size": "<storage_size_in_bytes>",
                        "disk_type_id": "<disk_type>"
                    },
                    "roles": ["<role_1>","<role_2>"],
                    "hosts_count": "<number_of_hosts>",
                    "zone_ids": [
                        "<availability_zone_1>",
                        "<availability_zone_2>",
                        "<availability_zone_3>"
                    ],
                    "subnet_ids": [
                        "<subnet_1_ID>",
                        "<subnet_2_ID>",
                        "<subnet_3_ID>"
                    ],
                    "assign_public_ip": <public_host_address:_true_or_false>,
                    "disk_size_autoscaling": {
                        "planned_usage_threshold": "<scheduled_increase_percentage>",
                        "emergency_usage_threshold": "<immediate_increase_percentage>",
                        "disk_size_limit": "<maximum_storage_size_in_bytes>"
                    }
                },
                ...
            ]
        },
        "dashboards_spec": {
            "node_groups": [
                {
                    "name": "<host_group_name>",
                    "resources": {
                        "resource_preset_id": "<host_class>",
                        "disk_size": "<storage_size_in_bytes>",
                        "disk_type_id": "<disk_type>"
                    },
                    "hosts_count": "<number_of_hosts>",
                    "zone_ids": ["<availability_zone>"],
                    "subnet_ids": ["<subnet_ID>"],
                    "assign_public_ip": <public_host_address:_true_or_false>,
                    "disk_size_autoscaling": {
                        "planned_usage_threshold": "<scheduled_increase_percentage>",
                        "emergency_usage_threshold": "<immediate_increase_percentage>",
                        "disk_size_limit": "<maximum_storage_size_in_bytes>"
                    }
                }
            ]
        },
        "access": {
            "data_transfer": <access_from_Data_Transfer:_true_or_false>,
            "serverless": <access_from_Serverless_Containers:_true_or_false>
        }
    },
    "maintenance_window": {
        "weekly_maintenance_window": {
            "day": "<day_of_week>",
            "hour": "<hour>"
        }
    }
}

Where:

folder_id: Folder ID. You can request it with the list of folders in the cloud.
name: Cluster name.
environment: Cluster environment, PRODUCTION or PRESTABLE.
network_id: ID of the network the cluster will be in.
security_group_ids: Security group IDs.
service_account_id: ID of the service account used for cluster operations.
deletion_protection: Cluster protection from accidental deletion.

Even with cluster deletion protection enabled, one can still delete a user or connect to the cluster manually and delete the data.
config_spec: Cluster settings:
- version: OpenSearch version.
- admin_password: admin user password.
- opensearch_spec: OpenSearch host group settings:
  - plugins: List of OpenSearch plugins you should additionally install in the cluster.
  - node_groups: Host settings as an array of elements, one for each host group. Each element has the following structure:
    - name: Host group name.
    - resources: Cluster resources:
      - resource_preset_id: Host class.
      - disk_size: Disk size in bytes.
      - disk_type_id: Disk type.
    - roles: List of host roles. A cluster must include at least one group of DATA hosts and one group of MANAGER hosts. This can be a single group with two roles or several groups with different roles.
    - hosts_count: Number of hosts in the group. Minimum number of DATA hosts: one; minimum number of MANAGER hosts: three.
    - zone_ids: List of availability zones the cluster hosts are located in.
    - subnet_ids: Subnet IDs list.
    - assign_public_ip: Permission to connect to the host from the internet.
    - disk_size_autoscaling: Automatic storage size increase settings:
      - planned_usage_threshold: Storage utilization percentage to trigger a storage increase during the next maintenance window.
        
        Use a percentage value between 0 and 100. The default value is 0 (automatic increase is disabled).
        
        If you have set this parameter, configure the maintenance window schedule in the maintenance_window parameter.
      - emergency_usage_threshold: Storage utilization percentage to trigger an immediate storage increase.
        
        Use a percentage value between 0 and 100. The default value is 0 (automatic increase is disabled). This parameter value must be greater than or equal to planned_usage_threshold.
      - disk_size_limit: Maximum storage size, in bytes, that can be set when utilization reaches one of the specified percentages.
- dashboards_spec: Settings for Dashboards host groups. Contains the node_groups parameter of the same structure as opensearch_spec.node_groups. The roles parameter is the exception: the Dashboards hosts can only have one role, DASHBOARDS, so there is no need to specify it.
- access: Cluster settings for access to the following Yandex Cloud services:
  - data_transfer: Yandex Data Transfer
  - serverless: Yandex Serverless Containers
maintenance_window.weekly_maintenance_window: Maintenance window schedule:
- day: Day of week, in DDD format, for scheduled maintenance.
- hour: Hour, in HH format, for scheduled maintenance. The values range from 1 to 24. Use the UTC time zone.

Use the ClusterService.Create call and send the following request, e.g., via gRPCurl:

grpcurl \
    -format json \
    -import-path ~/cloudapi/ \
    -import-path ~/cloudapi/third_party/googleapis/ \
    -proto ~/cloudapi/yandex/cloud/mdb/opensearch/v1/cluster_service.proto \
    -rpc-header "Authorization: Bearer $IAM_TOKEN" \
    -d @ \
    mdb.api.cloud.yandex.net:443 \
    yandex.cloud.mdb.opensearch.v1.ClusterService.Create \
    < body.json

View the server response to make sure the request was successful.

Creating a cluster copy

You can create an OpenSearch cluster with the settings of another one you previously created. To do so, you need to import the configuration of the source OpenSearch cluster to Terraform. This way you can either create an identical copy or use the imported configuration as the baseline and modify it as needed. Importing a configuration is a good idea when the source OpenSearch cluster has a lot of settings and you need to create a similar one.

To create an OpenSearch cluster copy:

Terraform

If you do not have Terraform yet, install it.
Get the authentication credentials. You can add them to environment variables or specify them later in the provider configuration file.
Configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it.
Place the configuration file in a separate working directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.
In the same working directory, place a .tf file with the following contents:
```
resource "yandex_mdb_opensearch_cluster" "old" { }
```
Write the ID of the initial OpenSearch cluster to the environment variable:
```
export OPENSEARCH_CLUSTER_ID=<cluster_ID>
```
You can request the ID with the list of clusters in the folder.
Import the settings of the initial OpenSearch cluster into the Terraform configuration:
```
terraform import yandex_mdb_opensearch_cluster.old ${OPENSEARCH_CLUSTER_ID}
```
Get the imported configuration:
```
terraform show
```
Copy it from the terminal and paste it into the .tf file.
Place the file in the new imported-cluster directory.
Modify the copied configuration so that you can create a new cluster from it:
- Specify the new cluster name in the resource string and the name parameter.
- Delete the created_at, health, id, and status parameters.
- Add the admin_password parameter to the config section.
- If the maintenance_window section has type = "ANYTIME", delete the hour parameter.
- Optionally, make further changes if you need to customize the configuration.
Get the authentication credentials in the imported-cluster directory.
In the same directory, configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it.
Place the configuration file in the imported-cluster directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.
Check that the Terraform configuration files are correct:
```
terraform validate
```
If there are any errors in the configuration files, Terraform will point them out.
Create the required infrastructure:
1. Run this command to view the planned changes:
```
terraform plan
```
  If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.
2. If everything looks correct, apply the changes:
  1. Run this command:
```
terraform apply
```
  2. Confirm updating the resources.
  3. Wait for the operation to complete.
All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console.

Timeouts

The Terraform provider sets the following timeouts for Managed Service for OpenSearch cluster operations:

Creating a cluster, including restoring from a backup: 30 minutes.
Editing a cluster: 60 minutes.
Deleting a cluster: 15 minutes.

Operations exceeding the set timeout are interrupted.

How do I change these limits?

Add the timeouts block to the cluster description, for example:

resource "yandex_mdb_opensearch_cluster" "<cluster_name>" {
  ...
  timeouts {
    create = "1h30m" # 1 hour 30 minutes
    update = "2h"    # 2 hours
    delete = "30m"   # 30 minutes
  }
}

Examples

CLI

Terraform

Create a Managed Service for OpenSearch cluster with the following test specifications:

Name: my-os-clstr.
Description: My OS cluster.
Label: label-key with label-value.
Environment: production.
Network name: default.
Security group ID: enp6saqnq4ie244g67sb.
Service account name: os-account.
Deletion protection: Disabled.
Maintenance time: Every Monday from 13:00 till 14:00.
OpenSearch version: 2.8.
admin user password: Specified after entering the cluster create command.
Access to Data Transfer: Enabled.
Access to Serverless Containers: Enabled.
OpenSearch added plugin: analysis-icu.
OpenSearch additional parameter: fielddata-cache-size=50%.
OpenSearch node group configuration:
- Group name: os-group.
- Host class: s2.micro.
- Disk size: 10737418240 (in bytes).
- Disk type: network-ssd.
- Number of hosts: Three.
- Availability zone: ru-central1-a.
- Subnet: default-ru-central1-a.
- Public address: Assigned.
- Host group roles: DATA and MANAGER.
Dashboards host group configuration:
- Group name: dashboard-group.
- Host class: s2.micro.
- Disk size: 10737418240 (in bytes).
- Disk type: network-ssd.
- Number of hosts: One.
- Availability zone: ru-central1-a.
- Subnet: default-ru-central1-a.
- Public address: Assigned.

Run this command:

yc managed-opensearch cluster create \
   --name my-os-clstr \
   --description "My OS cluster" \
   --labels label-key=label-value \
   --environment production \
   --network-name default \
   --security-group-ids enp6saqnq4ie244g67sb \
   --service-account-name os-account \
   --delete-protection \
   --maintenance schedule=weekly,`
                `weekday=mon,`
                `hour=14 \
   --version 2.8 \
   --read-admin-password \
   --data-transfer-access=true \
   --serverless-access=true \
   --plugins analysis-icu \
   --advanced-params fielddata-cache-size=50% \
   --opensearch-node-group name=os-group,`
                          `resource-preset-id=s2.micro,`
                          `disk-size=10737418240,`
                          `disk-type-id=network-ssd,`
                          `hosts-count=3,`
                          `zone-ids=ru-central1-a,`
                          `subnet-names=default-ru-central1-a,`
                          `assign-public-ip=true,`
                          `roles=data+manager \
   --dashboards-node-group name=dashboard-group,`
                          `resource-preset-id=s2.micro,`
                          `disk-size=10737418240,`
                          `disk-type-id=network-ssd,`
                          `hosts-count=1,`
                          `zone-ids=ru-central1-a,`
                          `subnet-names=default-ru-central1-a,`
                          `assign-public-ip=true

Create a Managed Service for OpenSearch cluster with the following test specifications:

Name: my-os-clstr.
Environment: PRODUCTION.
OpenSearch version: 2.8.
admin user password: osadminpwd.
OpenSearch node group name: os-group.
Host class: s2.micro.
Disk size: 10737418240 (in bytes).
Disk type: network-ssd.
Number of hosts: 1.
Public address: Assigned.
Host group roles: DATA and MANAGER.
Maintenance time: Every Monday from 13:00 till 14:00.
Network name: mynet.
Subnet name: mysubnet.
Availability zone: ru-central1-a.
Address range: 10.1.0.0/16.
Security group name: os-sg. The security group enables connecting to the cluster host from any network (including the internet) on port 9200.

The configuration file for this cluster is as follows:

resource "yandex_mdb_opensearch_cluster" "my-os-clstr" {
  name               = "my-os-clstr"
  environment        = "PRODUCTION"
  network_id         = yandex_vpc_network.mynet.id
  security_group_ids = [yandex_vpc_security_group.os-sg.id]

  config {

    version        = "2.8"
    admin_password = "osadminpwd"

    opensearch {
      node_groups {
        name             = "os-group"
        assign_public_ip = true
        hosts_count      = 1
        zone_ids         = ["ru-central1-a"]
        subnet_ids       = [yandex_vpc_subnet.mysubnet.id]
        roles            = ["DATA", "MANAGER"]
        resources {
          resource_preset_id = "s2.micro"
          disk_size          = 10737418240
          disk_type_id       = "network-ssd"
        }
      }
    }
  }
  maintenance_window {
    type = "WEEKLY"
    day  = "MON"
    hour = 14
  }
}

resource "yandex_vpc_network" "mynet" {
  name = "mynet"
}

resource "yandex_vpc_subnet" "mysubnet" {
  name           = "mysubnet"
  zone           = "ru-central1-a"
  network_id     = yandex_vpc_network.mynet.id
  v4_cidr_blocks = ["10.1.0.0/16"]
}

resource "yandex_vpc_security_group" "os-sg" {
  name       = "os-sg"
  network_id = yandex_vpc_network.mynet.id

  ingress {
    description    = "Allow connections to the Managed Service for OpenSearch cluster from the Internet"
    protocol       = "TCP"
    port           = 9200
    v4_cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    description    = "The rule allows all outgoing traffic"
    protocol       = "ANY"
    v4_cidr_blocks = ["0.0.0.0/0"]
    from_port      = 0
    to_port        = 65535
  }
}

Managing database connection parameters using Connection Manager

If your cloud or folder has access to Connection Manager public preview, a new connection entity will appear in your folder after you create a cluster. You can use it to manage database connection parameters.

Passwords and other sensitive data will be stored in a Yandex Lockbox secret. To see which secrets store connection information for your cluster, select Lockbox in the list of services in your folder. You will find you cluster's ID on the Secrets page in the secret dependencies column.

You can also use Connection Manager to configure access to connections.

Creating an OpenSearch cluster

Roles for creating a clusterRoles for creating a cluster

Creating a clusterCreating a cluster

Creating a cluster copyCreating a cluster copy

ExamplesExamples

Managing database connection parameters using Connection ManagerManaging database connection parameters using Connection Manager

Was the article helpful?

Roles for creating a cluster

Creating a cluster

Creating a cluster copy

Examples

Managing database connection parameters using Connection Manager