Number of replicas in Opensearch single node setup

jannol · February 15, 2023, 2:48pm

Hi all,
Somehow I can’t set up a single node Opensearch “cluster” with no indices replication.
There’s a new ‘default_number_of_replicas’ config parameter introduced in 2.5.0, yet it doesn’t seem to affect Opensearch internal indices.

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
version[2.5.0],
build[tar/b8a8b6c4d7fc7a7e32eb2cb68ecad8057a4636ad/2023-01-18T23:48:48.981786100Z],
OS[Linux/4.18.0-425.10.1.el8_7.x86_64/amd64],
JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.5/17.0.5+8]

Describe the issue:
Adding ‘cluster.default_number_of_replicas: 0’ in opensearch.yml doesn’t set replicas number to zero for Opensearch internal indices. Notably security-auditlog, .opendistro-ism-config, .opendistro-ism-managed-index-history indices; possibly for other internal indices too.
How to repeat:

Start up single opensearch node with at least one internal admin user configured
make any audited change or apply an ISM policy through API

Before applying any template or ISM policy – all ok, security index is created with no replicas:

> curl -ks --netrc-file .netrc https://$HOSTNAME:9200/_cat/shards?v
index                shard prirep state   docs  store ip           node
.opendistro_security 0     p      STARTED   10 62.3kb 10.65.177.46 test-01.***

After making any logged change – applying some index templates for example:

> curl -ks --netrc-file .netrc -XPUT -H 'Content-Type: application/json' https://$HOSTNAME:9200/_template/default -d@default.json
> curl -ks --netrc-file .netrc https://$HOSTNAME:9200/_cat/shards?v
index                        shard prirep state      docs  store ip           node
.opendistro_security         0     p      STARTED      10 63.1kb 10.65.177.46 test-01.***
security-auditlog-2023.02.15 0     p      STARTED       4 59.7kb 10.65.177.46 test-01.***
security-auditlog-2023.02.15 0     r      UNASSIGNED

After adding any ISM policy:

> curl -ks --netrc-file .netrc https://$HOSTNAME:9200/_cat/shards?v
index                        shard prirep state      docs  store ip           node
.opendistro-ism-config       0     p      STARTED                10.65.177.46 test-01.***
.opendistro-ism-config       0     r      UNASSIGNED
.opendistro_security         0     p      STARTED      10 63.1kb 10.65.177.46 test-01.***
security-auditlog-2023.02.15 0     p      STARTED       4 60.1kb 10.65.177.46 test-01.***
security-auditlog-2023.02.15 0     r      UNASSIGNED

Am I doing something wrong, is this a bug, or is a single node setup actually not supposed to be?

Configuration:
opensearch.yml:

bootstrap.memory_lock: true
path.data: /opt/local/opensearch/data
path.logs: /opt/local/opensearch/logs
network.bind_host: ${HOSTNAME}
cluster.name: singlenodetest
discovery.type: single-node
cluster.default_number_of_replicas: 0
plugins.security.ssl.transport.pemcert_filepath: certs/node.crt.pem
plugins.security.ssl.transport.pemkey_filepath: certs/node.key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: certs/ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: certs/node.crt.pem
plugins.security.ssl.http.pemkey_filepath: certs/node.key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: certs/ca.pem
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn: "*****"
plugins.security.audit.type: internal_opensearch
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
plugins.security.system_indices.enabled: true

Relevant Logs or Screenshots:

jannol · February 21, 2023, 9:37am

Um, anyone?

Is there any way to prevent Opensearch from trying to replicate it’s internal indices on single node?

I do know I could set the replication to zero for any certain index manually afterwards, but for an automated setup that approach won’t work unfortunately

tony · February 21, 2023, 1:39pm

This has been a long time issue for us, we ended up just have a script running against our clusters changing the replica count to 0. So would love a solution to this too.

bakili · August 2, 2023, 6:51pm

can you please explain, how that script works? or maybe share it?

Gsmitt · August 3, 2023, 12:59am

Hey @jannol

This is old post but how I resolve this issue in my environment, after multiple lab test was creating a security-auditlog template this includes setting shard count, alias and/or replica count.
Example:

{
  "index_patterns": [
    "security-*"
  ],
  "template": {
    "settings": {
      "index.number_of_shards": "1",
      "index.number_of_replicas": "0",
      "index.refresh_interval": "30s"
    },
    "aliases": {
      "security": {}
    }
  },
  "composed_of": [],
  "priority": "200",
  "_meta": {
    "flow": "simple"
  },
  "name": "security"
}

justaguy · August 8, 2023, 12:28am

Hey @gsmitt,

You apply that on what URL?

Gsmitt · August 8, 2023, 12:30am

Hey @justaguy
I did not apply that on my URL, that was on Web UI.

Topic		Replies	Views
Change number of replicas for hidden and restricted indices Index Management configure	1	520	February 7, 2023
Change security-auditlog-* index replicas Security	7	2362	February 23, 2021
Failed to set number of replicas due no permissions Index Management troubleshoot	1	269	October 28, 2022
Index states are Yellow Index Management	2	1101	January 29, 2021
Rollover creates index with default shards instead of 1st index shard configuration OpenSearch discuss , troubleshoot , configure	2	281	October 19, 2023

Number of replicas in Opensearch single node setup

Related Topics