FAQ about Managed Service for OpenSearch
-
Which OpenSearch version does Managed Service for OpenSearch use?
-
Why is the cluster slow even though the computing resources are not used fully?
-
Can I connect to cluster hosts via SSH or get superuser permissions on hosts?
-
What do I do if I get the revocation check error when using PowerShell to obtain an SSL certificate?
-
How can I fix the no permission error when connecting a service account to the cluster?
General questions
How are OpenSearch clusters maintained?
In Managed Service for OpenSearch, maintenance implies:
- Automatic installation of OpenSearch updates and fixes for your database hosts.
- Changes to the host class and storage size.
- Other Managed Service for OpenSearch maintenance activities.
For more information, see Maintenance.
Is cluster backup enabled by default?
Yes, automatic backup is enabled by default and takes place every hour. All backups are incremental and store only the data that has changed since the previous backup to save storage space.
Automatic backups are stored for two weeks.
Which OpenSearch version does Managed Service for OpenSearch use?
The OpenSearch versions maintained by the vendor are available in Managed Service for OpenSearch. For more information, see OpenSearch versioning policy.
What happens when a new OpenSearch version is released?
When a new minor version is released, the cluster software is automatically updated after testing. Clusters with an unsupported OpenSearch version will also be updated automatically.
The owner of the affected clusters will receive a notice of expected work times and database availability.
Can I get logs of my operations with services?
Yes, you can request log records about your resources from Yandex Cloud services. For more information, see Data requests.
What is the retention period for logs?
Cluster logs are stored for 30 days.
How do I set up an alert that triggers as soon as a certain percentage of disk space has been used up?
Create an alert with the disk.used_bytes
metric in Yandex Monitoring. This metric shows the disk space usage in the Managed Service for OpenSearch cluster.
For disk.used_bytes
, use notification thresholds. The recommended values are as follows:
Alarm
: 90% of the disk spaceWarning
: 80% of the disk space
Thresholds are set in bytes only. For example, the recommended values for a 100 GB disk are as follows:
Alarm
:96636764160
bytes (90%).Warning
:85899345920
bytes (80%).
Why is the cluster slow even though the computing resources are not used fully?
Perhaps, the maximum storage IOPS and bandwidth values are insufficient for processing the current number of requests. In this case, throttling is triggered and the performance of the entire cluster degrades.
The maximum IOPS and bandwidth values increase by a fixed value when the storage size increases by a certain step. The step and increment values depend on the disk type:
Disk type | Step, GB | Max IOPS increase (read/write) | Max bandwidth increase (read/write), MB/s |
---|---|---|---|
network-hdd |
256 | 300/300 | 30/30 |
network-ssd |
32 | 1,000/1,000 | 15/15 |
network-ssd-nonreplicated |
93 | 28,000/5,600 | 110/82 |
To increase the maximum IOPS and bandwidth values and make throttling less likely, increase the storage size or switch to a faster disk type by restoring the cluster from a backup.
Can I connect to cluster hosts via SSH or get superuser permissions on hosts?
You cannot connect to hosts via SSH, nor can you get superuser permissions. This is done for the sake of security and user cluster fault tolerance because direct changes inside a host can render it completely inoperable.
What do I do if I get the revocation check error when using PowerShell to obtain an SSL certificate?
Here is the full text of the error:
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012)
The revocation function was unable to check revocation for the certificate
This means, when connecting to the website, the service failed to check whether or not the website’s certificate is on the list of revoked certificates.
To fix this error:
-
Make sure the corporate network settings do not block the check.
-
Run the command with the
--ssl-no-revoke
parameter.mkdir $HOME\.opensearch; curl --ssl-no-revoke --output $HOME\.opensearch\root.crt https://storage.yandexcloud.net/cloud-certs/CA.pem
How can I fix the no permission error when connecting a service account to the cluster?
Error message:
ERROR: rpc error: code = PermissionDenied desc = you do not have permission to access the requested service account or service account does not exist
The error occurs in the following cases:
- You are creating or modifying a cluster and linking it to a service account.
- You are restoring a cluster linked to a service account from its backup.
To fix this error, assign your Yandex Cloud account the iam.serviceAccounts.user role or higher.