FAQ about Managed Service for OpenSearch
-
Which OpenSearch version does Managed Service for OpenSearch use?
-
How do I set up an alert that triggers as soon as a certain percentage of disk space is used up?
-
Why is my cluster slow even though the computing resources are not fully utilized?
-
Can I connect to cluster hosts over SSH or get superuser privileges on hosts?
-
How can I fix the no permission error when attaching a service account to a cluster?
-
What is the role of Managed Service for OpenSearch in database management and maintenance?
General questions
How are OpenSearch clusters maintained?
Maintenance in Managed Service for OpenSearch includes:
- Automatic installation of OpenSearch updates and fixes for your hosts.
- Changes in the host class and storage size.
- Other Managed Service for OpenSearch maintenance activities.
For more information, see Maintenance.
Is cluster backup enabled by default?
Yes, automatic backup is enabled by default and takes place every hour. All backups are incremental and store only the data that has changed since the previous backup to save storage space.
Automatic backups are stored for two weeks.
Which OpenSearch version does Managed Service for OpenSearch use?
Managed Service for OpenSearch uses the OpenSearch versions maintained and supported by the vendor. For more information, see OpenSearch versioning policy.
What happens when a new OpenSearch version is released?
When a new version is released, the cluster software is automatically updated after testing. Clusters running on an OpenSearch version that is no longer supported will also be automatically updated.
Owners of affected clusters will receive a notice of expected update times and database availability.
Can I get logs of my operations in Yandex Cloud?
Yes, you can request information about operations with your resources from Yandex Cloud logs. Do it by contacting support.
What is the retention period for logs?
Cluster logs are stored for 30 days.
How do I set up an alert that triggers as soon as a certain percentage of disk space is used up?
Create an alert for the disk.used_bytes metric in Yandex Monitoring. This metric shows the disk space usage in the Managed Service for OpenSearch cluster.
For disk.used_bytes, use notification thresholds. Their recommended values are as follows:
Alarm: 90% of disk spaceWarning: 80% of disk space
Thresholds are set in bytes only. For example, the recommended values for a 100 GB disk are as follows:
Alarm:96636764160bytes (90%).Warning:85899345920bytes (80%).
Why is my cluster slow even though the computing resources are not fully utilized?
Your storage may have insufficient maximum IOPS and bandwidth to process the current number of requests. In this case, throttling occurs, which degrades the entire cluster performance.
The maximum IOPS and bandwidth values increase by a fixed value when the storage size increases by a certain step. The step and increment values depend on the disk type:
| Disk type | Step, GB | Max IOPS increase (read/write) | Max bandwidth increase (read/write), MB/s |
|---|---|---|---|
network-hdd |
256 | 300/300 | 30/30 |
network-ssd |
32 | 1,000/1,000 | 15/15 |
network-ssd-nonreplicated, network-ssd-io-m3 |
93 | 28,000/5,600 | 110/82 |
To increase the maximum IOPS and bandwidth values and make throttling less likely, expand the storage or switch to a faster disk type by restoring the cluster from a backup.
Can I connect to cluster hosts over SSH or get superuser privileges on hosts?
You cannot connect to hosts via SSH. This is done for the sake of security and user cluster fault tolerance because direct changes inside a host can render it completely inoperable.
What should I do if I get a revocation check error when using PowerShell to obtain an SSL certificate?
Here is the full text of the error:
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012)
The revocation function was unable to check revocation for the certificate
This means that when connecting to the website, the service was unable to check whether its certificate was listed among the revoked ones.
To fix this error:
-
Make sure your corporate network policies are not blocking the verification.
-
Run the following command with the
--ssl-no-revokeparameter:mkdir $HOME\.opensearch; curl --ssl-no-revoke --output $HOME\.opensearch\root.crt https://storage.yandexcloud.net/cloud-certs/CA.pem
How can I fix the no permission error when attaching a service account to a cluster?
Error message:
ERROR: rpc error: code = PermissionDenied desc = you do not have permission to access the requested service account or service account does not exist
The error occurs in the following cases:
- You are creating or modifying a cluster and linking it to a service account.
- You are restoring a cluster linked to a service account from its backup.
To fix this error, assign your Yandex Cloud account the iam.serviceAccounts.user role or higher.
Why do I get an Unable to confirm permission error when activating a transfer?
Here is the full text of the error:
Unable to confirm permission 'data-transfer.transfers.createExternal'
This error occurs if the transfer is activated in or from a custom OpenSearch installation database, but the OpenSearch endpoint settings have no subnet ID specified.
To fix this error, specify a subnet ID in the OpenSearch endpoint settings, even if the source and target can access each other without the internet.
What is the role of Managed Service for OpenSearch in database management and maintenance?
Be mindful of what is managed by the service and what, by the Yandex Cloud customer. Understanding these areas of management helps you use your cloud resources efficiently and avoid potential database-related issues. For more information, see Zones of control between managed database (MDB) service users and Yandex Cloud.