Sending notifications via email in Yandex Managed Service for OpenSearch
You can set up email notifications using the Notifications plugin in Managed Service for OpenSearch. Do this by creating a notification channel in the OpenSearch Dashboards web interface, configuring the SMTP sender, and specifying the recipients. You need to add the sender's password to your OpenSearch keystore.
To set up email notifications, follow these steps:
- Set up your infrastructure.
- Create a sender.
- Add authentication data to the OpenSearch keystore.
- Update cluster settings.
- Create a recipient group.
- Create a notification channel.
- Send a test email.
If you no longer need the resources you created, delete them.
Getting started
Sign up for Yandex Cloud and create a billing account:
- Navigate to the management console and log in to Yandex Cloud or create a new account.
- On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the
ACTIVEorTRIAL_ACTIVEstatus. If you do not have a billing account, create one and link a cloud to it.
If you have an active billing account, you can create or select a folder for your infrastructure on the cloud page.
Learn more about clouds and folders here.
Required paid resources
- Managed Service for OpenSearch cluster, which includes the use of computing resources and storage size (see Managed Service for OpenSearch pricing).
- Public IP addresses if public access is enabled for cluster hosts (see Virtual Private Cloud pricing).
Set up your infrastructure
-
Create a Managed Service for OpenSearch cluster with public access to the Dashboards and OpenSearch host groups.
-
Configure the Managed Service for OpenSearch cluster security groups as follows:
- Create rules to access the Dashboards and OpenSearch host groups over the internet.
- Create an outbound rule that allows TCP connections to port
465or another port that will be used to send email notifications.
Create a sender
-
In the top-left corner of OpenSearch Dashboards, click and under Management, select Notifications.
-
In the left-hand panel, select Email senders.
-
Click Create SMTP sender.
-
In the Sender name field, specify
my_sender. -
In the Email address field, enter the email address from which notifications will be sent.
-
Fill out the Host and Port fields.
You must allow outbound traffic for the specified port in the cluster security groups.
-
In the Encryption method field, select the encryption method supported by the sender's SMTP server.
-
Click Create.
Add authentication data to the OpenSearch keystore
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id options.
To add authentication data to the OpenSearch keystore, run this command:
yc managed-opensearch cluster update <cluster_name_or_ID> \
--set-keystore-settings opensearch.notifications.core.email.my_sender.username=<sender's_email> \
--set-keystore-settings opensearch.notifications.core.email.my_sender.password=<password>
You can get the cluster name and ID with the list of clusters in the folder.
-
Get an IAM token for API authentication and put it into an environment variable:
export IAM_TOKEN="<IAM_token>" -
Call the Cluster.Update method, e.g., via the following cURL request:
curl \ --request PATCH \ --header "Authorization: Bearer $IAM_TOKEN" \ --header "Content-Type: application/json" \ --url 'https://mdb.api.cloud.yandex.net/managed-opensearch/v1/clusters/<cluster_ID>' \ --data '{ "updateMask": "configSpec.opensearchSpec.setKeystoreSettings", "configSpec": { "opensearchSpec": { "setKeystoreSettings": [ { "name": "opensearch.notifications.core.email.my_sender.username", "value": "<sender's_email>" }, { "name": "opensearch.notifications.core.email.my_sender.password", "value": "<password>" } ] } } }'Warning
All settings of the cluster object you are modifying will be reset to their defaults unless explicitly provided in the request. To avoid this, list the settings you want to change in the
updateMaskparameter.You can get the cluster ID with the list of clusters in the folder.
-
Check the server response to make sure your request was successful.
-
Get an IAM token for API authentication and put it into an environment variable:
export IAM_TOKEN="<IAM_token>" -
Clone the cloudapi repository:
cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapiBelow, we assume that the repository contents reside in the
~/cloudapi/directory. -
Call the ClusterService.Update method, e.g., via the following gRPCurl request:
grpcurl \ -format json \ -import-path ~/cloudapi/ \ -import-path ~/cloudapi/third_party/googleapis/ \ -proto ~/cloudapi/yandex/cloud/mdb/opensearch/v1/cluster_service.proto \ -rpc-header "Authorization: Bearer $IAM_TOKEN" \ -d '{ "cluster_id": "<cluster_ID>", "update_mask": { "paths": [ "config_spec.opensearch_spec.set_keystore_settings" ] }, "config_spec": { "opensearch_spec": { "set_keystore_settings": [ { "name": "opensearch.notifications.core.email.my_sender.username", "value": "<sender's_email>" }, { "name": "opensearch.notifications.core.email.my_sender.password", "value": "<password>" } ] } } }' \ mdb.api.cloud.yandex.net:443 \ yandex.cloud.mdb.opensearch.v1.ClusterService.UpdateWarning
All settings of the cluster object you are modifying will be reset to their defaults unless explicitly provided in the request. To avoid this, list the settings you want to change in the
update_maskparameter.You can get the cluster ID with the list of clusters in the folder.
-
Check the server response to make sure your request was successful.
After adding the keys, update the secure cluster settings.
Update cluster settings
-
Install an SSL certificate:
Linux (Bash)/macOS (Zsh)Windows (PowerShell)mkdir -p ~/.opensearch && \ wget "https://storage.yandexcloud.net/cloud-certs/CA.pem" \ --output-document ~/.opensearch/root.crt && \ chmod 0600 ~/.opensearch/root.crtThe certificate will be saved to the
~/.opensearch/root.crtfile.mkdir $HOME\.opensearch; curl.exe -o $HOME\.opensearch\root.crt https://storage.yandexcloud.net/cloud-certs/CA.pemThe certificate will be saved to the
$HOME\.opensearch\root.crtfile.Warning
Certificate upload may be restricted by corporate policies or antivirus software.
-
Update the secure cluster settings:
Linux (Bash)/macOS (Zsh)Windows (PowerShell)curl \ --user admin:<password> --cacert ~/.opensearch/root.crt \ -X POST 'https://<host_FQDN_with_DATA_role>:9200/_nodes/reload_secure_settings'curl ` -Certificate $HOME\.opensearch\root.crt ` -Uri https://<host_FQDN_with_DATA_role>:9200/_nodes/reload_secure_settings ` -Method Post ` -Credential adminFor more information on getting a host FQDN, see FQDNs of OpenSearch hosts.
Create a recipient group
- In the top-left corner of OpenSearch Dashboards, click and under Management, select Notifications.
- In the left-hand panel, select Email recipient groups.
- Click Create recipient group.
- In the Name field, enter
my_recipient_group. - In the Emails field, select or enter the email addresses you want to add to the notification recipient group.
- Click Create.
Create a notification channel
- In the top-left corner of OpenSearch Dashboards, click and under Management, select Notifications.
- Click Create channel.
- In the Name field, enter
my_channel. - In the Channel type field, select
Email. - In the Sender type field, select
SMTP sender. - In the SMTP sender field, select
my_sender. - In the Default recipients field, select
my_recipient_group. - Click Create.
Send a test email
- In the top-left corner of OpenSearch Dashboards, click and under Management, select Notifications.
- In the channel list, click
my_channel. - In the Actions menu, select Send test message.
Warning
If the sender's SMTP parameters are set incorrectly, notifications will not be sent.
Delete the resources you created
Some resources are not free of charge. Delete the resources you no longer need to avoid paying for them: