Configuring access to Object Storage from an OpenSearch cluster
Managed Service for OpenSearch supports using Yandex Object Storage as an OpenSearch snapshot repository. This allows you to use Object Storage to store backups. To learn more about snapshot repository, see the OpenSearch documentation.
To access Object Storage bucket data from a cluster:
Connecting a service account to a cluster
-
When creating or updating a cluster, either select an existing service account or create a new one.
-
Make sure that this account has the role
storage.editor.
Setting up access rights
-
In the management console, select the folder containing the bucket you need. If there is no such bucket, create one.
-
Select Object Storage.
-
Select the Buckets tab.
-
Set up the bucket ACL:
- In the Select a user drop-down list, specify the service account connected to the cluster.
- Select the
READ and WRITEpermissions for the selected service account. - Click Add.
- Click Save.
Connecting a snapshot repository
Alert
If a bucket is registered in an OpenSearch cluster as a snapshot repository, do not edit the bucket contents manually as this will disrupt the OpenSearch snapshot mechanism.
-
Connect to the cluster.
-
Register the bucket as a snapshot repository using the public OpenSearch API:
PUT --cacert ~/.opensearch/root.crt https://admin:<password>@<OpenSearch_DATA_host_ID>.mdb.yandexcloud.net:9200/_snapshot/<repository_name>In the request parameters, specify the bucket associated with the cluster service account:
curl --request PUT \ "https://admin:<password>@<OpenSearch_DATA_host_ID>.mdb.yandexcloud.net:9200/_snapshot/<repository_name>" \ --cacert ~/.opensearch/root.crt \ --header "Content-Type: application/json" \ --data '{ "type": "s3", "settings": { "endpoint": "storage.yandexcloud.net", "bucket": "<bucket_name>" } }'