Contact UsGet started

Getting started with Managed Service for OpenSearch

Written by
Improved by
Updated at November 6, 2024

To get started with the service:

  1. Create a cluster
  2. Configure security groups
  3. Connect to the cluster
  4. Connect to OpenSearch Dashboards

Getting started

  1. Log in to the management console or sign up if you do not have an account yet.

  2. If you do not have a folder yet, create one:

    1. In the management console, select the appropriate cloud in the list on the left.

    2. At the top right, click Create folder.

    3. Enter the folder name. The naming requirements are as follows:

      • The name must be from 3 to 63 characters long.
      • It may contain lowercase Latin letters, numbers, and hyphens.
      • The first character must be a letter and the last character cannot be a hyphen.

    4. (Optional) Enter a description of the folder.

    5. Select Create a default network. This will create a network with subnets in each availability zone. Within this network, a default security group will be created, inside which all network traffic is allowed.

    6. Click Create.

  3. Make sure your account has the vpc.user role and managed-opensearch.editor role or higher for creating a cluster.

  4. You can connect to an OpenSearch cluster both from inside Yandex Cloud and from the internet:

    • To connect from inside Yandex Cloud, create a Linux VM in the same network as the cluster.

    • To connect to a cluster from the internet, request public access to hosts with the DATA role when creating the cluster.

Note

These instructions assume that you are connecting to the cluster from the internet.

Create a cluster

  1. In the management console, select the folder where you want to create a cluster.

  2. Select Managed Service for OpenSearch.

  3. Click Create cluster. For more information, see Creating clusters.

  4. Set the cluster parameters.

    To gain access to the OpenSearch Dashboards web interface, request public access. To do this, navigate to Virtual node group with the Dashboards group type and select Public access.

    Tip

    You can use OpenSearch Dashboards even if you can't request public access to the hosts (for example, for security reasons). To do this, proxy the connections via the virtual machine in Yandex Compute Cloud that is hosted in the same network as the cluster. For more information, see Connecting to OpenSearch Dashboards.

  5. Click Create cluster.

  6. Wait until the cluster is ready: its status on the Managed Service for OpenSearch dashboard changes to Creating and then to Alive. This may take some time.

Configure security groups

To connect to a cluster, security groups must include rules allowing traffic from certain ports, IP addresses, or from other security groups.

Settings of access policies depend on the connection method you select:

Configure all the cluster security groups to allow incoming traffic on ports 443 (Dashboards) and 9200 (OpenSearch) from any IP address. To do this, create the following rules for incoming traffic:

  • Port range: 443, 9200
  • Protocol: TCP
  • Source: CIDR
  • CIDR blocks: 0.0.0.0/0

A separate rule is created for each port.

  1. Configure all the cluster security groups to allow incoming traffic on ports 443 (Dashboards) and 9200 (OpenSearch) from the security group where the VM is located. To do this, create the following rules for incoming traffic in these security groups:

    • Port range: 443, 9200
    • Protocol: TCP
    • Source: Security group
    • Security group: If your cluster and VM are in the same security group, select Current (Self). Otherwise, specify the VM security group.

    A separate rule is created for each port.

  2. Configure all the security groups where your VM is located to allow connections to the VM and traffic between the VM and cluster hosts.

    For example, you can set the following rules for a VM:

    • For incoming traffic:

      • Port range: 22, 443, 9200
      • Protocol: TCP
      • Source: CIDR
      • CIDR blocks: 0.0.0.0/0

      A separate rule is created for each port.

    • For outgoing traffic:

      • Port range: 0-65535
      • Protocol: Any (Any)
      • Destination name: CIDR
      • CIDR blocks: 0.0.0.0/0

      This rule allows all outgoing traffic, thus enabling you not only to connect to the cluster but also to install the certificates and utilities your VM needs for the connection.

Note

You can specify more detailed rules for your security groups, e.g., to allow traffic only in specific subnets.

You must configure security groups correctly for all subnets in which the cluster hosts will reside. If security group settings are incomplete or incorrect, you may lose access to the cluster.

For more information about security groups, see Security groups.

Connect to the cluster

It is assumed that all the steps below are performed on Linux.

To connect to a cluster:

  1. Install an SSL certificate:

    mkdir -p ~/.opensearch && \
wget "https://storage.yandexcloud.net/cloud-certs/CA.pem" \
     --output-document ~/.opensearch/root.crt && \
chmod 0600 ~/.opensearch/root.crt

    The certificate will be saved to the ~/.opensearch/root.crt file.

    mkdir $HOME\.opensearch; curl --output $HOME\.opensearch\root.crt https://storage.yandexcloud.net/cloud-certs/CA.pem

    The certificate will be saved to the $HOME\.opensearch\root.crt file.

  2. Connect to the cluster using cURL:

    curl \
    --user admin:<password> \
    --cacert ~/.opensearch/root.crt \
    --request GET 'https://<FQDN_of_the_OpenSearch_host_with_the_DATA_role>:9200/'

    To connect, enter the admin username and password used when creating the cluster.

    A message like this is displayed if the connection is successful:

    {
  "name" : "....mdb.yandexcloud.net",
  "cluster_name" : "...",
  "cluster_uuid" : "...",
  "version" : {
  "distribution" : "opensearch",
  ...
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

Connect to OpenSearch Dashboards

  1. In the browser, connect to the OpenSearch Dashboards web interface:

    1. Make sure that hosts with the DASHBOARDS role are publicly accessible.

    2. Install the SSL certificate in your browser's trusted root certificate store (instructions for Mozilla Firefox).

    3. On the cluster page, in the management console, click OpenSearch Dashboards or go to https://c-<OpenSearch_cluster_ID>.rw.mdb.yandexcloud.net> in your browser.

    4. Enter admin for the username and the password you set when creating the cluster.

  2. Explore a set of sample data:

    1. On the OpenSearch Dashboards welcome screen, click Add sample data.
    2. Next, click View data for the desired dataset.

Learn more about working with OpenSearch Dashboards, in the OpenSearch documentation.

What's next

Next
All guides