FAQ about Managed Service for OpenSearch

• How are OpenSearch clusters maintained?

• Is cluster backup enabled by default?

• Which OpenSearch version does Managed Service for OpenSearch use?

• What happens when a new OpenSearch version is released?

• How do I get the logs of my actions in the services?

• How do I set up an alert that triggers as soon as a certain percentage of disk space has been used up?

• Why is the cluster slow even though the computing resources are not used fully?

• Can I connect to cluster hosts via SSH or get superuser permissions on hosts?

• What do I do if I get the revocation check error when using PowerShell to obtain an SSL certificate?

• How can I fix the no permission error when connecting a service account to the cluster?

General questionsGeneral questions

How are OpenSearch clusters maintained?How are OpenSearch clusters maintained?

In Managed Service for OpenSearch, maintenance implies:

• Automatic installation of OpenSearch updates and fixes for your database hosts.
• Changes to the host class and storage size.
• Other Managed Service for OpenSearch maintenance activities.

For more information, see Maintenance.

Is cluster backup enabled by default?Is cluster backup enabled by default?

Yes, automatic backup is enabled by default and takes place every hour. All backups are incremental and store only the data that has changed since the previous backup to save storage space.

Automatic backups are stored for two weeks.

Which OpenSearch version does Managed Service for OpenSearch use?Which OpenSearch version does Managed Service for OpenSearch use?

The OpenSearch versions maintained by the vendor are available in Managed Service for OpenSearch. For more information, see OpenSearch versioning policy.

What happens when a new OpenSearch version is released?What happens when a new OpenSearch version is released?

When a new minor version is released, the cluster software is automatically updated after testing. Clusters with an unsupported OpenSearch version will also be updated automatically.

The owner of the affected clusters will receive a notice of expected work times and database availability.

Can I get the logs of what I do when I work with Yandex Cloud?Can I get the logs of what I do when I work with Yandex Cloud?

Yes, you can request information about operations with your resources from Yandex Cloud. For more information, see Data requests.

What is the retention period for logs?What is the retention period for logs?

Cluster logs are stored for 30 days.

How do I set up an alert that triggers as soon as a certain percentage of disk space has been used up?How do I set up an alert that triggers as soon as a certain percentage of disk space has been used up?

Create an alert with the disk.used_bytes metric in Yandex Monitoring. This metric shows the disk space usage in the Managed Service for OpenSearch cluster.

For disk.used_bytes, use notification thresholds. The recommended values are as follows:

• Alarm: 90% of the disk space
• Warning: 80% of the disk space

Thresholds are set in bytes only. For example, the recommended values for a 100 GB disk are as follows:

• Alarm: 96636764160 bytes (90%).
• Warning: 85899345920 bytes (80%).

Why is the cluster slow even though the computing resources are not used fully?Why is the cluster slow even though the computing resources are not used fully?

Your storage may have insufficient maximum IOPS and bandwidth to process the current number of requests. In this case, throttling occurs, which degrades the entire cluster performance.

The maximum IOPS and bandwidth values increase by a fixed value when the storage size increases by a certain step. The step and increment values depend on the disk type:

To increase the maximum IOPS and bandwidth values and make throttling less likely, increase the storage size or switch to a faster disk type by restoring the cluster from a backup.

Can I connect to cluster hosts via SSH or get superuser permissions on hosts?Can I connect to cluster hosts via SSH or get superuser permissions on hosts?

You cannot connect to hosts via SSH. This is done for the sake of security and user cluster fault tolerance because direct changes inside a host can render it completely inoperable.

What do I do if I get the revocation check error when using PowerShell to obtain an SSL certificate?What do I do if I get the revocation check error when using PowerShell to obtain an SSL certificate?

Here is the full text of the error:

curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012)
The revocation function was unable to check revocation for the certificate

This means, when connecting to the website, the service failed to check whether or not the website’s certificate is on the list of revoked certificates.

To fix this error:

• Make sure the corporate network settings do not block the check.

• Run the command with the --ssl-no-revoke parameter.

  mkdir $HOME\.opensearch; curl --ssl-no-revoke --output $HOME\.opensearch\root.crt https://storage.yandexcloud.net/cloud-certs/CA.pem
  

How can I fix the no permission error when connecting a service account to the cluster?How can I fix the no permission error when connecting a service account to the cluster?

Error message:

ERROR: rpc error: code = PermissionDenied desc = you do not have permission to access the requested service account or service account does not exist

The error occurs in the following cases:

• You are creating or modifying a cluster and linking it to a service account.
• You are restoring a cluster linked to a service account from its backup.

To fix this error, assign your Yandex Cloud account the iam.serviceAccounts.user role or higher.