Configuring an index policy in Managed Service for OpenSearch
You can use policies to automate certain operations on indexes. For example, to make your data more secure and available, you can set up a policy that will create a new index if at least one of these conditions is met:
- Index is over 50 GB in size.
- Index is over 30 days old.
To configure such a policy:
If you no longer need the resources you created, delete them.
Getting started
-
Prepare the infrastructure:
ManuallyUsing Terraform-
Create a Managed Service for OpenSearch target cluster in the configuration you need with public access to a group of hosts with the
DATA
role. -
If using security groups in your cluster, make sure they are configured correctly and allow connecting to the Managed Service for OpenSearch cluster.
-
If you do not have Terraform yet, install it.
-
Get the authentication credentials. You can add them to environment variables or specify them later in the provider configuration file.
-
Configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it
. -
Place the configuration file in a separate working directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.
-
Download the opensearch-index-policy.tf
configuration file to the same working directory. The file describes:- Network.
- Subnet.
- Security group and rules required to connect to a Managed Service for OpenSearch cluster.
- Managed Service for OpenSearch cluster.
-
In the
opensearch-index-policy.tf
file, specify these variables:version
: OpenSearch version.admin_password
: OpenSearch admin password.
-
Make sure the Terraform configuration files are correct using this command:
terraform validate
If there are any errors in the configuration files, Terraform will point them out.
-
Create the required infrastructure:
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console
. -
-
-
Check the connection to the cluster using cURL
:curl \ --user admin:<password> \ --cacert ~/.opensearch/root.crt \ --request GET 'https://<FQDN_of_the_OpenSearch_host_with_the_DATA_role>:9200/'
You can obtain the host FQDN with a list of hosts in the cluster.
A message like this is displayed if the connection is successful:
{ "name" : "....mdb.yandexcloud.net", "cluster_name" : "...", "cluster_uuid" : "...", "version" : { "distribution" : "opensearch", ... }, "tagline" : "The OpenSearch Project: https://opensearch.org/" }
Create a policy
-
Create a policy to roll over an alias to a new index:
curl \ --user admin:<password> \ --cacert ~/.opensearch/root.crt \ --header 'Content-Type: application/json' \ --request PUT 'https://<address_of_OpenSearch_host_with_DATA_role>:9200/_plugins/_ism/policies/rollover_policy' \ --data ' { "policy": { "description": "Example rollover policy", "default_state": "rollover", "schema_version": 1, "states": [ { "name": "rollover", "actions": [ { "rollover": { "min_index_age": "1h", "min_primary_shard_size": "500b" } } ], "transitions": [] } ], "ism_template": { "index_patterns": ["log*"], "priority": 100 } } }'
Where:
min_index_age
: Age an index must reach before a new index is created. The recommended value is 30 days (30d
).min_primary_shard_size
: Size of one of the main index segments. As soon as this size is reached, a new index will be created. The recommended value is 50 GB (50gb
).index_patterns
: Template for a new index name.
To quickly test the policy, we reduced the recommended values to 1 hour and 500 bytes in the request example.
-
Configure an index template with the
log
alias assigned to the policy:curl \ --user admin:<password> \ --cacert ~/.opensearch/root.crt \ --header 'Content-Type: application/json' \ --request PUT 'https://<address_of_OpenSearch_host_with_DATA_role>:9200/_index_template/ism_rollover?pretty' \ --data ' { "index_patterns": ["log*"], "template": { "settings": { "plugins.index_state_management.rollover_alias": "log" } } }'
Attach the policy to an index
-
Create the
log-000001
index with thelog
alias:curl \ --user admin:<password> \ --cacert ~/.opensearch/root.crt \ --header 'Content-Type: application/json' \ --request PUT 'https://<address_of_OpenSearch_host_with_DATA_role>:9200/log-000001?pretty' \ --data ' { "aliases": { "log": { "is_write_index": true } } }'
-
Check if the policy is attached to the index:
curl \ --user admin:<password> \ --cacert ~/.opensearch/root.crt \ --header 'Content-Type: application/json' \ --request GET 'https://<address_of_OpenSearch_host_with_DATA_role>:9200/_plugins/_ism/explain/log-000001?pretty'
You will get a message like this in the results:
{ "log-000001" : { "index.plugins.index_state_management.policy_id" : "rollover_policy", "index.opendistro.index_state_management.policy_id" : "rollover_policy", "index" : "log-000001", "index_uuid" : "...", "policy_id" : "rollover_policy", "enabled" : true }, "total_managed_indices" : 1 }
Test the policy
-
Add a document to the index:
curl \ --user admin:<password> \ --cacert ~/.opensearch/root.crt \ --header 'Content-Type: application/json' \ --request POST 'https://<address_of_OpenSearch_host_with_DATA_role>:9200/log/_doc?pretty' \ --data ' { "num": "101", "name": "Valya", "age": "25" }'
-
Get a list of indexes five minutes after the document is created:
curl \ --user admin:<password> \ --cacert ~/.opensearch/root.crt \ --header 'Content-Type: application/json' \ --request GET '<address_of_OpenSearch_host_with_DATA_role>:9200/_cat/indices?pretty'
Five minutes is the default time to check policy conditions again.
The output should display the
log-000001
andlog-000002
indexes:yellow open log-000001 ... 1 1 0 0 5.1kb 5.1kb yellow open log-000002 ... 1 1 0 0 208b 208b
-
Optionally, you can get the index list again one hour after creating the index.
The output should display the
log-000001
,log-000002
, andlog-000003
indexes:yellow open log-000001 ... 1 1 0 0 5.1kb 5.1kb yellow open log-000002 ... 1 1 0 0 208b 208b yellow open log-000003 ... 1 1 0 0 0b 0b
One hour is the policy condition for creating a new index.
Delete the resources you created
Some resources are not free of charge. To avoid paying for them, delete the resources you no longer need:
-
In the terminal window, go to the directory containing the infrastructure plan.
-
Delete the
opensearch-index-policy.tf
configuration file. -
Make sure the Terraform configuration files are correct using this command:
terraform validate
If there are any errors in the configuration files, Terraform will point them out.
-
Confirm updating the resources.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
All the resources described in the
opensearch-index-policy.tf
configuration file will be deleted. -