Number of replicas in Opensearch single node setup

Hi all,
Somehow I can’t set up a single node Opensearch “cluster” with no indices replication.
There’s a new ‘default_number_of_replicas’ config parameter introduced in 2.5.0, yet it doesn’t seem to affect Opensearch internal indices.

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
version[2.5.0],
build[tar/b8a8b6c4d7fc7a7e32eb2cb68ecad8057a4636ad/2023-01-18T23:48:48.981786100Z],
OS[Linux/4.18.0-425.10.1.el8_7.x86_64/amd64],
JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.5/17.0.5+8]

Describe the issue:
Adding ‘cluster.default_number_of_replicas: 0’ in opensearch.yml doesn’t set replicas number to zero for Opensearch internal indices. Notably security-auditlog, .opendistro-ism-config, .opendistro-ism-managed-index-history indices; possibly for other internal indices too.
How to repeat:

  1. Start up single opensearch node with at least one internal admin user configured
  2. make any audited change or apply an ISM policy through API

Before applying any template or ISM policy – all ok, security index is created with no replicas:

> curl -ks --netrc-file .netrc https://$HOSTNAME:9200/_cat/shards?v
index                shard prirep state   docs  store ip           node
.opendistro_security 0     p      STARTED   10 62.3kb 10.65.177.46 test-01.***

After making any logged change – applying some index templates for example:

> curl -ks --netrc-file .netrc -XPUT -H 'Content-Type: application/json' https://$HOSTNAME:9200/_template/default -d@default.json
> curl -ks --netrc-file .netrc https://$HOSTNAME:9200/_cat/shards?v
index                        shard prirep state      docs  store ip           node
.opendistro_security         0     p      STARTED      10 63.1kb 10.65.177.46 test-01.***
security-auditlog-2023.02.15 0     p      STARTED       4 59.7kb 10.65.177.46 test-01.***
security-auditlog-2023.02.15 0     r      UNASSIGNED

After adding any ISM policy:

> curl -ks --netrc-file .netrc https://$HOSTNAME:9200/_cat/shards?v
index                        shard prirep state      docs  store ip           node
.opendistro-ism-config       0     p      STARTED                10.65.177.46 test-01.***
.opendistro-ism-config       0     r      UNASSIGNED
.opendistro_security         0     p      STARTED      10 63.1kb 10.65.177.46 test-01.***
security-auditlog-2023.02.15 0     p      STARTED       4 60.1kb 10.65.177.46 test-01.***
security-auditlog-2023.02.15 0     r      UNASSIGNED

Am I doing something wrong, is this a bug, or is a single node setup actually not supposed to be?

Configuration:
opensearch.yml:

bootstrap.memory_lock: true
path.data: /opt/local/opensearch/data
path.logs: /opt/local/opensearch/logs
network.bind_host: ${HOSTNAME}
cluster.name: singlenodetest
discovery.type: single-node
cluster.default_number_of_replicas: 0
plugins.security.ssl.transport.pemcert_filepath: certs/node.crt.pem
plugins.security.ssl.transport.pemkey_filepath: certs/node.key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: certs/ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: certs/node.crt.pem
plugins.security.ssl.http.pemkey_filepath: certs/node.key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: certs/ca.pem
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn: "*****"
plugins.security.audit.type: internal_opensearch
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
plugins.security.system_indices.enabled: true

Relevant Logs or Screenshots:

Um, anyone?

Is there any way to prevent Opensearch from trying to replicate it’s internal indices on single node?

I do know I could set the replication to zero for any certain index manually afterwards, but for an automated setup that approach won’t work unfortunately :frowning:

This has been a long time issue for us, we ended up just have a script running against our clusters changing the replica count to 0. So would love a solution to this too.

can you please explain, how that script works? or maybe share it?

Hey @jannol

This is old post but how I resolve this issue in my environment, after multiple lab test was creating a security-auditlog template this includes setting shard count, alias and/or replica count.
Example:

{
  "index_patterns": [
    "security-*"
  ],
  "template": {
    "settings": {
      "index.number_of_shards": "1",
      "index.number_of_replicas": "0",
      "index.refresh_interval": "30s"
    },
    "aliases": {
      "security": {}
    }
  },
  "composed_of": [],
  "priority": "200",
  "_meta": {
    "flow": "simple"
  },
  "name": "security"
}
1 Like

Hey @gsmitt,

You apply that on what URL?

Hey @justaguy
I did not apply that on my URL, that was on Web UI.