FAQ about Managed Service for OpenSearch
-
Which OpenSearch version does Managed Service for OpenSearch use?
-
Why is my cluster slow even though there are still some computing resources to spare?
-
Can I connect to cluster hosts over SSH or get superuser privileges on hosts?
-
How can I fix the no permission error when assigning a service account to a cluster?
-
What is Managed Service for OpenSearch's share of database management and maintenance work?
General questions
How are OpenSearch clusters maintained?
In Managed Service for OpenSearch, maintenance implies:
- Automatic installation of OpenSearch updates and fixes for your hosts.
- Changes to the host class and storage size.
- Other Managed Service for OpenSearch maintenance activities.
For more information, see Maintenance.
Is cluster backup enabled by default?
Yes, automatic backup is enabled by default and takes place every hour. All backups are incremental and store only the data that has changed since the previous backup to save storage space.
Automatic backups are stored for two weeks.
Which OpenSearch version does Managed Service for OpenSearch use?
Managed Service for OpenSearch uses the OpenSearch versions maintained and supported by the vendor. For more information, see OpenSearch versioning policy.
What happens when a new OpenSearch version is released?
When a new minor version is released, the cluster software is automatically updated after testing. Clusters with an unsupported OpenSearch version will also be updated automatically.
The owner of the affected clusters will receive a notice of expected work times and database availability.
Can I get logs of my operations in Yandex Cloud?
Yes, you can request information about operations with your resources from Yandex Cloud logs. Do it by contacting support.
What is the retention period for logs?
Cluster logs are stored for 30 days.
How do I set up an alert that triggers as soon as a certain percentage of disk space has been used up?
Create an alert with the disk.used_bytes metric in Yandex Monitoring. This metric shows the disk space usage in the Managed Service for OpenSearch cluster.
For disk.used_bytes, use notification thresholds. Their recommended values are as follows:
Alarm: 90% of disk spaceWarning: 80% of disk space
Thresholds are set in bytes only. For example, the recommended values for a 100 GB disk are as follows:
Alarm:96636764160bytes (90%).Warning:85899345920bytes (80%).
Why is my cluster slow even though there are still some computing resources to spare?
Your storage may have insufficient maximum IOPS and bandwidth to process the current number of requests. In this case, throttling occurs, which degrades the entire cluster performance.
The maximum IOPS and bandwidth values increase by a fixed value when the storage size increases by a certain step. The step and increment values depend on the disk type:
| Disk type | Step, GB | Max IOPS increase (read/write) | Max bandwidth increase (read/write), MB/s |
|---|---|---|---|
network-hdd |
256 | 300/300 | 30/30 |
network-ssd |
32 | 1,000/1,000 | 15/15 |
network-ssd-nonreplicated, network-ssd-io-m3 |
93 | 28,000/5,600 | 110/82 |
To increase the maximum IOPS and bandwidth values and make throttling less likely, increase the storage size or switch to a faster disk type by restoring the cluster from a backup.
Can I connect to cluster hosts over SSH or get superuser privileges on hosts?
You cannot connect to hosts via SSH. This is done for the sake of security and user cluster fault tolerance because direct changes inside a host can render it completely inoperable.
What should I do if I get a revocation check error when using PowerShell to obtain an SSL certificate?
Here is the full text of the error:
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012)
The revocation function was unable to check revocation for the certificate
This means, when connecting to the website, the service was unable to check whether or not its certificate was listed among revoked ones.
To fix this error:
-
Make sure the corporate network settings do not block the check.
-
Run the following command with the
--ssl-no-revokeparameter:mkdir $HOME\.opensearch; curl --ssl-no-revoke --output $HOME\.opensearch\root.crt https://storage.yandexcloud.net/cloud-certs/CA.pem
How can I fix the no permission error when assigning a service account to a cluster?
Error message:
ERROR: rpc error: code = PermissionDenied desc = you do not have permission to access the requested service account or service account does not exist
The error occurs in the following cases:
- You are creating or modifying a cluster and linking it to a service account.
- You are restoring a cluster linked to a service account from its backup.
To fix this error, assign your Yandex Cloud account the iam.serviceAccounts.user role or higher.
Why do I get an Unable to confirm permission error when activating a transfer?
Here is the full text of the error:
Unable to confirm permission 'data-transfer.transfers.createExternal'
This error occurs if the transfer is activated in or from a custom OpenSearch installation database, but the OpenSearch endpoint settings have no subnet ID specified.
To fix this error, specify a subnet ID in the OpenSearch endpoint settings, even if the source and target can access each other without the internet.
What is Managed Service for OpenSearch's share of database management and maintenance work?
Be mindful of what is what is controlled by the service, and what by the Yandex Cloud customer. Understanding these control zones will help you use your cloud resources effectively and avoid potential database-related problems. For more information, see Zones of control between managed database (MDB) service users and Yandex Cloud.