FAQ about Managed Service for OpenSearch

• How are OpenSearch clusters maintained?

• Is cluster backup enabled by default?

• Which OpenSearch version does Managed Service for OpenSearch use?

• What happens when a new OpenSearch version is released?

• How do I get the logs of my activity in the Yandex Cloud services?

• How longs are logs retained?

• How can I configure an alert for when disk usage reaches a certain percentage?

• Why is my cluster slow even though the computing resources are not fully utilized?

• Can I connect to cluster hosts over SSH or get superuser privileges on hosts?

• What should I do if I get a revocation check error when using PowerShell to obtain an SSL certificate?

• How can I fix the no permission error when attaching a service account to a cluster?

• Why do I get an error when activating a transfer?

• How do I make sure that Yandex Cloud AI Studio AI models can access my Managed Service for OpenSearch cluster for fine-tuning?

• What is the role of Managed Service for OpenSearch in database management and maintenance?

• What block size is used on the cluster disks?

General questionsGeneral questions

How are OpenSearch clusters maintained?How are OpenSearch clusters maintained?

Maintenance in Managed Service for OpenSearch includes:

• Automatic installation of OpenSearch updates and fixes for your hosts.
• Changes in the host class and storage size.
• Other Managed Service for OpenSearch maintenance activities.

For more information, see Maintenance.

Is cluster backup enabled by default?Is cluster backup enabled by default?

Yes, automatic backup is enabled by default and takes place every hour. All backups are incremental and store only the data that has changed since the previous backup to save storage space.

Automatic backups are stored for two weeks.

Which OpenSearch version does Managed Service for OpenSearch use?Which OpenSearch version does Managed Service for OpenSearch use?

Managed Service for OpenSearch uses the OpenSearch versions maintained and supported by the vendor. For more information, see OpenSearch versioning policy.

What happens when a new OpenSearch version is released?What happens when a new OpenSearch version is released?

When a new version is released, the cluster software is automatically updated after testing. Clusters running on an OpenSearch version that is no longer supported will also be automatically updated.

The owner of the affected clusters receives an advance email notice of the update schedule and database availability.

Can I get logs of my operations in Yandex Cloud?Can I get logs of my operations in Yandex Cloud?

Yes, you can request information about operations with your resources from Yandex Cloud logs. Do it by contacting support.

What is the retention period for logs?What is the retention period for logs?

Cluster logs are stored for 30 days.

How do I set up an alert that triggers as soon as a certain percentage of disk space is used up?How do I set up an alert that triggers as soon as a certain percentage of disk space is used up?

Create an alert for the disk.used_bytes metric in Yandex Monitoring. This metric shows the disk space usage in the Managed Service for OpenSearch cluster.

For disk.used_bytes, use notification thresholds. with the following recommended values:

• Alarm: 90% of disk space
• Warning: 80% of disk space

Thresholds are set in bytes only. For example, the recommended values for a 100 GB disk are as follows:

• Alarm: 96636764160 bytes (90%).
• Warning: 85899345920 bytes (80%).

Why is my cluster slow even though the computing resources are not fully utilized?Why is my cluster slow even though the computing resources are not fully utilized?

Your storage may have insufficient maximum IOPS and bandwidth to process the current number of requests. In this case, throttling occurs, which degrades the entire cluster performance.

The maximum IOPS and bandwidth values increase by a fixed value when the storage size increases by a certain step. The step and increment values depend on the disk type:

To increase the maximum IOPS and bandwidth values and make throttling less likely, expand the storage or switch to a faster disk type by restoring the cluster from a backup.

Can I connect to cluster hosts over SSH or get superuser privileges on hosts?Can I connect to cluster hosts over SSH or get superuser privileges on hosts?

You cannot connect to hosts via SSH. This is done for the sake of security and user cluster fault tolerance because direct changes inside a host can render it completely inoperable.

What should I do if I get a revocation check error when obtaining an SSL certificate via PowerShell?What should I do if I get a revocation check error when obtaining an SSL certificate via PowerShell?

Complete error message:

curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012)
The revocation function was unable to check revocation for the certificate

This indicates that the verification of the website’s certificate against the revocation list failed during the connection attempt.

To fix this error:

• Make sure your corporate network policies are not blocking the verification.

• Run the following command with the --ssl-no-revoke parameter:

  mkdir $HOME\.opensearch; curl --ssl-no-revoke --output $HOME\.opensearch\root.crt https://storage.yandexcloud.net/cloud-certs/CA.pem
  

How can I fix the no permission error when attaching a service account to a cluster?How can I fix the no permission error when attaching a service account to a cluster?

Error message:

ERROR: rpc error: code = PermissionDenied desc = you do not have permission to access the requested service account or service account does not exist

The error occurs in the following cases:

• You are creating or modifying a cluster and linking it to a service account.
• You are restoring a cluster linked to a service account from its backup.

To fix this error, assign your Yandex Cloud account the iam.serviceAccounts.user role or higher.

Why do I get an error when activating a transfer?Why do I get an Unable to confirm permission error when activating a transfer?

Complete error message:

Unable to confirm permission 'data-transfer.transfers.createExternal'

This error occurs if the transfer is activated in or from a custom OpenSearch installation database, but the OpenSearch endpoint settings have no subnet ID specified.

To fix this error, specify a subnet ID in the OpenSearch endpoint settings, even if the source and target can access each other without the internet.

How do I make sure that Yandex Cloud AI Studio AI models can access my Managed Service for OpenSearch cluster for fine-tuning?How do I make sure that Yandex Cloud AI Studio AI models can access my Managed Service for OpenSearch cluster for fine-tuning?

Use one of these methods:

• Configure internet access to hosts with the DATA and MANAGER roles:

  1. Enable the Public access option in the DATA/MANAGER host group settings.
  2. Configure all cluster security groups to allow incoming traffic on port 9200. To do this, create the following ingress rule:
     • Port range: 9200.
     • Protocol: TCP.
     • Source: CIDR.
     • CIDR blocks: 0.0.0.0/0.

• Create and set up a NAT gateway:

  1. Create a NAT gateway.
  2. Create a route table with the 0.0.0.0/0 prefix and associate it with the subnet where the group of DATA and MANAGER hosts reside.

What is the role of Managed Service for OpenSearch in database management and maintenance?What is the role of Managed Service for OpenSearch in database management and maintenance?

Be mindful of what is managed by the service and what, by the Yandex Cloud customer. Understanding these areas of management helps you use your cloud resources efficiently and avoid potential database-related issues. For more information, see Zones of control between managed database (MDB) service users and Yandex Cloud.

What block size is used on the cluster disks?What block size is used on the cluster disks?

Block size for all disk types is 4 KB.