Updating OpenSearch cluster settings
After creating a cluster, you can change:
- Service account.
admin
user password.- OpenSearch settings.
- Additional cluster settings.
- Security groups.
You can also:
- Update the OpenSearch version.
- Change the host group configuration.
- Move host groups to a different availability zone.
Changing a service account
Warning
If the cluster already uses a service account to access objects from Yandex Object Storage, then changing it to a different service account may make these objects unavailable and interrupt the cluster operation. Before changing the service account settings, make sure that the cluster does not use the objects in question.
For more information about setting up a service account, see Configuring access to Object Storage.
- In the management console
, go to the folder page and select Managed Service for OpenSearch. - Select a cluster and click
Edit in the top panel. - In the Service account field, select the account you need from the list or create a new one. For more information about setting up service accounts, see Configuring access to Object Storage.
- Click Save.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
To change a service account linked to a Managed Service for OpenSearch cluster, run the command:
yc managed-opensearch cluster update <cluster_name_or_ID> \
--service-account-name <service_account_name>
You can request the cluster name and ID with the list of clusters in the folder.
For more information about setting up service accounts, see Configuring access to Object Storage.
-
Open the current Terraform configuration file with an infrastructure plan.
For a complete list of available Managed Service for OpenSearch cluster configuration fields, see the Terraform provider documentation
. -
In the
service_account_id
field, specify the service account ID:resource "yandex_mdb_opensearch_cluster" "<cluster_name>" { ... service_account_id = "<service_account_ID>" }
For more information about setting up service accounts, see Configuring access to Object Storage.
-
Make sure the settings are correct.
-
Using the command line, navigate to the folder that contains the up-to-date Terraform configuration files with an infrastructure plan.
-
Run the command:
terraform validate
If there are errors in the configuration files, Terraform will point to them.
-
-
Confirm updating the resources.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
-
-
Get an IAM token for API authentication and put it into the environment variable:
export IAM_TOKEN="<IAM_token>"
-
Use the Cluster.Update method and make a request, e.g., via cURL
:Warning
The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the
updateMask
parameter as a single comma-separated string.curl \ --request PATCH \ --header "Authorization: Bearer $IAM_TOKEN" \ --header "Content-Type: application/json" \ --url 'https://mdb.api.cloud.yandex.net/managed-opensearch/v1/clusters/<cluster_ID>' \ --data '{ "updateMask": "serviceAccountId", "serviceAccountId": "<service_account_ID>" }'
Where:
-
updateMask
: List of parameters to update as a single string, separated by commas.Only one parameter is provided in this case.
-
serviceAccountId
: ID of the service account used for cluster operations.
You can get the cluster ID with a list of clusters in the folder.
-
-
View the server response to make sure the request was successful.
-
Get an IAM token for API authentication and put it into the environment variable:
export IAM_TOKEN="<IAM_token>"
-
Clone the cloudapi
repository:cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
Below, we assume the repository contents are stored in the
~/cloudapi/
directory. -
Use the ClusterService.Update call and make a request, e.g., via gRPCurl
:Warning
The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the
update_mask
parameter as an array ofpaths[]
strings.Format for listing settings
"update_mask": { "paths": [ "<setting_1>", "<setting_2>", ... "<setting_N>" ] }
grpcurl \ -format json \ -import-path ~/cloudapi/ \ -import-path ~/cloudapi/third_party/googleapis/ \ -proto ~/cloudapi/yandex/cloud/mdb/opensearch/v1/cluster_service.proto \ -rpc-header "Authorization: Bearer $IAM_TOKEN" \ -d '{ "cluster_id": "<cluster_ID>", "update_mask": { "paths": [ "service_account_id" ] }, "service_account_id": "<service_account_ID>" }' \ mdb.api.cloud.yandex.net:443 \ yandex.cloud.mdb.opensearch.v1.ClusterService.Update
Where:
-
update_mask
: List of parameters to update as an array ofpaths[]
strings.Only one parameter is provided in this case.
-
service_account_id
: ID of the service account used for cluster operations.
You can get the cluster ID with a list of clusters in the folder.
-
-
View the server response to make sure the request was successful.
Changing the admin password
- In the management console
, go to the folder page and select Managed Service for OpenSearch. - Select a cluster and click
Edit in the top panel. - In the Admin password field, enter a new password.
- Click Save.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
To change the admin
password for a cluster, enter a new password using one of these methods:
-
Entering a password as plain text (less secure method).
yc managed-opensearch cluster update <cluster_name_or_ID> \ --admin-password <new_password>
-
Generating a password automatically. The generated password will be output to the console.
yc managed-opensearch cluster update <cluster_name_or_ID> \ --generate-admin-password
You can request the cluster name and ID with the list of clusters in the folder.
-
Open the current Terraform configuration file with an infrastructure plan.
For a complete list of available Managed Service for OpenSearch cluster configuration fields, see the Terraform provider documentation
. -
In the
config
section, change theadmin_password
field value:resource "yandex_mdb_opensearch_cluster" "<cluster_name>" { ... config { admin_password = "<new_admin_user_password>" } }
-
Make sure the settings are correct.
-
Using the command line, navigate to the folder that contains the up-to-date Terraform configuration files with an infrastructure plan.
-
Run the command:
terraform validate
If there are errors in the configuration files, Terraform will point to them.
-
-
Confirm updating the resources.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
-
-
Get an IAM token for API authentication and put it into the environment variable:
export IAM_TOKEN="<IAM_token>"
-
Use the Cluster.Update method and make a request, e.g., via cURL
:Warning
The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the
updateMask
parameter as a single comma-separated string.curl \ --request PATCH \ --header "Authorization: Bearer $IAM_TOKEN" \ --header "Content-Type: application/json" \ --url 'https://mdb.api.cloud.yandex.net/managed-opensearch/v1/clusters/<cluster_ID>' \ --data '{ "updateMask": "configSpec.adminPassword", "configSpec": { "adminPassword": "<new_password>" } }'
Where:
-
updateMask
: List of parameters to update as a single string, separated by commas.Only one parameter is provided in this case.
-
configSpec.adminPassword
: New password for theadmin
user.
You can get the cluster ID with a list of clusters in the folder.
-
-
View the server response to make sure the request was successful.
-
Get an IAM token for API authentication and put it into the environment variable:
export IAM_TOKEN="<IAM_token>"
-
Clone the cloudapi
repository:cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
Below, we assume the repository contents are stored in the
~/cloudapi/
directory. -
Use the ClusterService.Update call and make a request, e.g., via gRPCurl
:Warning
The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the
update_mask
parameter as an array ofpaths[]
strings.Format for listing settings
"update_mask": { "paths": [ "<setting_1>", "<setting_2>", ... "<setting_N>" ] }
grpcurl \ -format json \ -import-path ~/cloudapi/ \ -import-path ~/cloudapi/third_party/googleapis/ \ -proto ~/cloudapi/yandex/cloud/mdb/opensearch/v1/cluster_service.proto \ -rpc-header "Authorization: Bearer $IAM_TOKEN" \ -d '{ "cluster_id": "<cluster_ID>", "update_mask": { "paths": [ "config_spec.admin_password" ] }, "config_spec": { "admin_password": "<new_password>" } }' \ mdb.api.cloud.yandex.net:443 \ yandex.cloud.mdb.opensearch.v1.ClusterService.Update
Where:
-
update_mask
: List of parameters to update as an array ofpaths[]
strings.Only one parameter is provided in this case.
-
config_spec.admin_password
: New password for theadmin
user.
You can get the cluster ID with a list of clusters in the folder.
-
-
View the server response to make sure the request was successful.
Changing OpenSearch settings
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
Run the following command with a list of settings to change:
yc managed-opensearch cluster update <cluster_name_or_ID> \
--max-clause-count <number_of_Boolean_clauses> \
--fielddata-cache-size <JVM_heap_size> \
--reindex-remote-whitelist <host_address>:<port>
You can request the cluster name and ID with the list of clusters in the folder.
Command settings:
--max-clause-count
: Maximum allowed number of boolean clauses per query. For more information, see the OpenSearch documentation.--fielddata-cache-size
: JVM heap size allocated for thefielddata
data structure. You can specify either an absolute value or percentage, e.g.,512mb
or50%
. For more information, see the OpenSearch documentation.--reindex-remote-whitelist
: List of remote hosts whose indexes contain documents to copy for reindexing. Specify the parameter value in<host_address>:<port>
format. If you need to specify more than one host, list values separated by commas. For more information, see the OpenSearch documentation.
-
Get an IAM token for API authentication and put it into the environment variable:
export IAM_TOKEN="<IAM_token>"
-
Use the Cluster.Update method and make a request, e.g., via cURL
:Warning
The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the
updateMask
parameter as a single comma-separated string.curl \ --request PATCH \ --header "Authorization: Bearer $IAM_TOKEN" \ --header "Content-Type: application/json" \ --url 'https://mdb.api.cloud.yandex.net/managed-opensearch/v1/clusters/<cluster_ID>' \ --data '{ "updateMask": "configSpec.opensearchSpec.opensearchConfig_2.maxClauseCount,configSpec.opensearchSpec.opensearchConfig_2.fielddataCacheSize,configSpec.opensearchSpec.opensearchConfig_2.reindexRemoteWhitelist", "configSpec": { "opensearchSpec": { "opensearchConfig_2": { "maxClauseCount": "<number_of_Boolean_clauses>", "fielddataCacheSize": "<JVM_heap_size>", "reindexRemoteWhitelist": "<host_address>:9200" } } } }'
Where:
-
updateMask
: List of parameters to update as a single string, separated by commas. -
configSpec.opensearchSpec.opensearchConfig_2
: OpenSearch settings:-
maxClauseCount
: New maximum allowed number of boolean clauses. For more information, see the OpenSearch documentation. -
fielddataCacheSize
: New JVM heap size allocated for thefielddata
data structure. You can specify either an absolute value or percentage, e.g.,512mb
or50%
. For more information, see the OpenSearch documentation. -
reindexRemoteWhitelist
: New list of remote hosts whose indexes contain documents to copy for reindexing. Specify host FQDN and port 9200, separated by a colon. To specify multiple hosts, list them separated by commas after the port. For more information, see the OpenSearch documentation.
-
You can get the cluster ID with a list of clusters in the folder.
-
-
View the server response to make sure the request was successful.
-
Get an IAM token for API authentication and put it into the environment variable:
export IAM_TOKEN="<IAM_token>"
-
Clone the cloudapi
repository:cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
Below, we assume the repository contents are stored in the
~/cloudapi/
directory. -
Use the ClusterService.Update call and make a request, e.g., via gRPCurl
:Warning
The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the
update_mask
parameter as an array ofpaths[]
strings.Format for listing settings
"update_mask": { "paths": [ "<setting_1>", "<setting_2>", ... "<setting_N>" ] }
grpcurl \ -format json \ -import-path ~/cloudapi/ \ -import-path ~/cloudapi/third_party/googleapis/ \ -proto ~/cloudapi/yandex/cloud/mdb/opensearch/v1/cluster_service.proto \ -rpc-header "Authorization: Bearer $IAM_TOKEN" \ -d '{ "cluster_id": "<cluster_ID>", "update_mask": { "paths": [ "config_spec.opensearch_spec.opensearch_config_2.max_clause_count", "config_spec.opensearch_spec.opensearch_config_2.fielddata_cache_size", "config_spec.opensearch_spec.opensearch_config_2.reindex_remote_whitelist" ] }, "config_spec": { "opensearch_spec": { "opensearch_config_2": { "max_clause_count": "<number_of_Boolean_clauses>", "fielddata_cache_size": "<JVM_heap_size>", "reindex_remote_whitelist": "<host_address>:9200" } } } }' \ mdb.api.cloud.yandex.net:443 \ yandex.cloud.mdb.opensearch.v1.ClusterService.Update
Where:
-
update_mask
: List of parameters to update as an array ofpaths[]
strings.Only one parameter is provided in this case.
-
config_spec.opensearch_spec.opensearch_config_2
: OpenSearch settings:-
max_clause_count
: New maximum allowed number of boolean clauses. For more information, see the OpenSearch documentation. -
fielddata_cache_size
: New JVM heap size allocated for thefielddata
data structure. You can specify either an absolute value or percentage, e.g.,512mb
or50%
. For more information, see the OpenSearch documentation. -
reindex_remote_whitelist
: New list of remote hosts whose indexes contain documents to copy for reindexing. Specify host FQDN and port 9200, separated by a colon. To specify multiple hosts, list them separated by commas after the port. For more information, see the OpenSearch documentation.
-
You can get the cluster ID with a list of clusters in the folder.
-
-
View the server response to make sure the request was successful.
Changing additional cluster settings
-
In the management console
, go to the folder page and select Managed Service for OpenSearch. -
Select a cluster and click
Edit in the top panel. -
Change additional cluster settings:
-
Maintenance window: Maintenance window settings:
- To enable maintenance at any time, select arbitrary (default).
- To specify the preferred maintenance start time, select by schedule and specify the desired day of the week and UTC hour. For example, you can choose a time when the cluster is least loaded.
Maintenance operations are carried out both on enabled and disabled clusters. They may include updating the DBMS, applying patches, and so on.
-
Deletion protection: Manages protection of the cluster, its databases, and users against accidental deletion.
Cluster deletion protection will not prevent a manual connection to a cluster to delete data.
-
-
Click Save.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
Run the following command with a list of settings to change:
yc managed-opensearch cluster update <cluster_name_or_ID> \
--maintenance schedule=<maintenance_type>,`
`weekday=<day_of_week>,`
`hour=<hour> \
--delete-protection \
--data-transfer-access=<true_or_false> \
--serverless-access=<true_or_false>
You can request the cluster name and ID with the list of clusters in the folder.
Command settings:
-
--maintenance
: Maintenance window settings (including for disabled clusters):-
To allow maintenance at any time, specify
--maintenance schedule=anytime
. -
To specify the preferred maintenance start time, specify
--maintenance schedule=weekly,weekday=<day_of_week>,hour=<hour_in_UTC>
. In this case, maintenance will take place every week on a specified day at a specified time.Possible
weekday
values:mon
,tue
,wed
,thu
,fry
,sat
,sun
. In thehour
parameter, specify the maintenance completion time. For example, if you set14
, maintenance will take place from 13:00 until 14:00 UTC.
-
-
--delete-protection
: Cluster protection from accidental deletion by a user.Cluster deletion protection will not prevent a manual connection to a cluster to delete data.
-
--serverless-access
: Access from Yandex Serverless Containers,true
orfalse
.
-
Open the current Terraform configuration file with an infrastructure plan.
For a complete list of available Managed Service for OpenSearch cluster configuration fields, see the Terraform provider documentation
. -
To change the maintenance time (including for disabled clusters), specify the following settings in the
maintenance_window
parameter:resource "yandex_mdb_opensearch_cluster" "<cluster_name>" { ... maintenance_window { type = "<maintenance_frequency>" hour = <hour> day = "<day_of_week>" } }
Specify the following in the parameters:
type
:ANYTIME
to allow maintenance at any time orWEEKLY
to perform maintenance every week.hour
: Maintenance completion hour, UTC. For example, if you set14
, maintenance will take place from 13:00 until 14:00 UTC.day
: Day of week for maintenance. Possible values:MON
,TUE
,WED
,THU
,FRI
,SAT
,SUN
.
-
To enable cluster protection against accidental deletion by a user of your cloud, add the
deletion_protection
field set totrue
to your cluster description:resource "yandex_mdb_opensearch_cluster" "<cluster_name>" { ... deletion_protection = <true_or_false> }
Where
deletion_protection
means cluster deletion protection.Enabled deletion protection will not prevent a manual connection with the purpose to delete database contents.
-
Make sure the settings are correct.
-
Using the command line, navigate to the folder that contains the up-to-date Terraform configuration files with an infrastructure plan.
-
Run the command:
terraform validate
If there are errors in the configuration files, Terraform will point to them.
-
-
Confirm updating the resources.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
-
-
Get an IAM token for API authentication and put it into the environment variable:
export IAM_TOKEN="<IAM_token>"
-
Use the Cluster.Update method and make a request, e.g., via cURL
:Warning
The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the
updateMask
parameter as a single comma-separated string.curl \ --request PATCH \ --header "Authorization: Bearer $IAM_TOKEN" \ --header "Content-Type: application/json" \ --url 'https://mdb.api.cloud.yandex.net/managed-opensearch/v1/clusters/<cluster_ID>' \ --data '{ "updateMask": "configSpec.access,deletionProtection,maintenanceWindow", "configSpec": { "access": { "dataTransfer": <access_from_Data_Transfer:_true_or_false>, "serverless": <access_from_Serverless_Containers:_true_or_false> } }, "deletionProtection": <deletion_protection:_true_or_false>, "maintenanceWindow": { "weeklyMaintenanceWindow": { "day": "<day_of_week>", "hour": "<hour>" } } }'
Where:
-
updateMask
: List of parameters to update as a single string, separated by commas. -
access
: Cluster settings for access to the following Yandex Cloud services:dataTransfer
: Yandex Data Transferserverless
: Yandex Serverless Containers
-
deletionProtection
: Protection of the cluster, its databases, and users against deletion.Enabled deletion protection will not prevent a manual connection with the purpose to delete database contents.
-
maintenanceWindow.weeklyMaintenanceWindow
: Maintenance window schedule:day
: Day of week, inDDD
format, for scheduled maintenance.hour
: Hour, inHH
format, for scheduled maintenance. The values range from1
to24
. Use the UTC time zone.
You can get the cluster ID with a list of clusters in the folder.
-
-
View the server response to make sure the request was successful.
-
Get an IAM token for API authentication and put it into the environment variable:
export IAM_TOKEN="<IAM_token>"
-
Clone the cloudapi
repository:cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
Below, we assume the repository contents are stored in the
~/cloudapi/
directory. -
Use the ClusterService.Update call and make a request, e.g., via gRPCurl
:Warning
The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the
update_mask
parameter as an array ofpaths[]
strings.Format for listing settings
"update_mask": { "paths": [ "<setting_1>", "<setting_2>", ... "<setting_N>" ] }
grpcurl \ -format json \ -import-path ~/cloudapi/ \ -import-path ~/cloudapi/third_party/googleapis/ \ -proto ~/cloudapi/yandex/cloud/mdb/opensearch/v1/cluster_service.proto \ -rpc-header "Authorization: Bearer $IAM_TOKEN" \ -d '{ "cluster_id": "<cluster_ID>", "update_mask": { "paths": [ "config_spec.access", "deletion_protection", "maintenance_window" ] }, "config_spec": { "access": { "data_transfer": <access_from_Data_Transfer:_true_or_false>, "serverless": <access_from_Serverless_Containers:_true_or_false> } }, "deletion_protection": <deletion_protection:_true_or_false>, "maintenance_window": { "weekly_maintenance_window": { "day": "<day_of_week>", "hour": "<hour>" } } }' \ mdb.api.cloud.yandex.net:443 \ yandex.cloud.mdb.opensearch.v1.ClusterService.Update
Where:
-
update_mask
: List of parameters to update as an array ofpaths[]
strings.Only one parameter is provided in this case.
-
access
: Cluster settings for access to the following Yandex Cloud services:data_transfer
: Yandex Data Transferserverless
: Yandex Serverless Containers
-
deletion_protection
: Protection of the cluster, its databases, and users against deletion.Enabled deletion protection will not prevent a manual connection with the purpose to delete database contents.
-
maintenance_window.weekly_maintenance_window
: Maintenance window schedule:day
: Day of week, inDDD
format, for scheduled maintenance.hour
: Hour, inHH
format, for scheduled maintenance. The values range from1
to24
. Use the UTC time zone.
You can get the cluster ID with a list of clusters in the folder.
-
-
View the server response to make sure the request was successful.
Changing security groups
After you assign other security groups, you may need to additionally set them up to connect to the cluster.
- In the management console
, go to the folder page and select Managed Service for OpenSearch. - Select a cluster and click
Edit in the top panel. - Under Network settings, select security groups for cluster network traffic.
- Click Save.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
To edit the list of security groups for a cluster, specify the security groups you need in the command:
yc managed-opensearch cluster update <cluster_name_or_ID> \
--security-group-ids <list_of_security_group_IDs>
If you need to specify more than one group, list them separated by commas.
You can request the cluster name and ID with the list of clusters in the folder.
-
Open the current Terraform configuration file with an infrastructure plan.
For a complete list of available Managed Service for OpenSearch cluster configuration fields, see the Terraform provider documentation
. -
In the
security_group_ids
field, list the security group IDs separated by commas:resource "yandex_mdb_opensearch_cluster" "<cluster_name>" { ... security_group_ids = [ "<security_groups>" ] }
-
Make sure the settings are correct.
-
Using the command line, navigate to the folder that contains the up-to-date Terraform configuration files with an infrastructure plan.
-
Run the command:
terraform validate
If there are errors in the configuration files, Terraform will point to them.
-
-
Confirm updating the resources.
-
Run the command to view planned changes:
terraform plan
If the resource configuration descriptions are correct, the terminal will display a list of the resources to modify and their parameters. This is a test step. No resources are updated.
-
If you are happy with the planned changes, apply them:
-
Run the command:
terraform apply
-
Confirm the update of resources.
-
Wait for the operation to complete.
-
-
-
Get an IAM token for API authentication and put it into the environment variable:
export IAM_TOKEN="<IAM_token>"
-
Use the Cluster.Update method and make a request, e.g., via cURL
:Warning
The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the
updateMask
parameter as a single comma-separated string.curl \ --request PATCH \ --header "Authorization: Bearer $IAM_TOKEN" \ --header "Content-Type: application/json" \ --url 'https://mdb.api.cloud.yandex.net/managed-opensearch/v1/clusters/<cluster_ID>' \ --data '{ "updateMask": "securityGroupIds", "securityGroupIds": [ "<security_group_1_ID>", "<security_group_2_ID>", ... "<security_group_N_ID>" ] }'
Where:
-
updateMask
: List of parameters to update as a single string, separated by commas.Only one parameter is provided in this case.
-
securityGroupIds
: Security group IDs.
You can get the cluster ID with a list of clusters in the folder.
-
-
View the server response to make sure the request was successful.
-
Get an IAM token for API authentication and put it into the environment variable:
export IAM_TOKEN="<IAM_token>"
-
Clone the cloudapi
repository:cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
Below, we assume the repository contents are stored in the
~/cloudapi/
directory. -
Use the ClusterService.Update call and make a request, e.g., via gRPCurl
:Warning
The API method will assign default values to all the parameters of the object you are modifying unless you explicitly provide them in your request. To avoid this, list the settings you want to change in the
update_mask
parameter as an array ofpaths[]
strings.Format for listing settings
"update_mask": { "paths": [ "<setting_1>", "<setting_2>", ... "<setting_N>" ] }
grpcurl \ -format json \ -import-path ~/cloudapi/ \ -import-path ~/cloudapi/third_party/googleapis/ \ -proto ~/cloudapi/yandex/cloud/mdb/opensearch/v1/cluster_service.proto \ -rpc-header "Authorization: Bearer $IAM_TOKEN" \ -d '{ "cluster_id": "<cluster_ID>", "update_mask": { "paths": [ "security_group_ids" ] }, "security_group_ids": [ "<security_group_1_ID>", "<security_group_2_ID>", ... "<security_group_N_ID>" ] }' \ mdb.api.cloud.yandex.net:443 \ yandex.cloud.mdb.opensearch.v1.ClusterService.Update
Where:
-
update_mask
: List of parameters to update as an array ofpaths[]
strings.Only one parameter is provided in this case.
-
security_group_ids
: Security group IDs.
You can get the cluster ID with a list of clusters in the folder.
-
-
View the server response to make sure the request was successful.