Hi all,
Somehow I can’t set up a single node Opensearch “cluster” with no indices replication.
There’s a new ‘default_number_of_replicas’ config parameter introduced in 2.5.0, yet it doesn’t seem to affect Opensearch internal indices.
Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
version[2.5.0],
build[tar/b8a8b6c4d7fc7a7e32eb2cb68ecad8057a4636ad/2023-01-18T23:48:48.981786100Z],
OS[Linux/4.18.0-425.10.1.el8_7.x86_64/amd64],
JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.5/17.0.5+8]
Describe the issue:
Adding ‘cluster.default_number_of_replicas: 0’ in opensearch.yml doesn’t set replicas number to zero for Opensearch internal indices. Notably security-auditlog, .opendistro-ism-config, .opendistro-ism-managed-index-history indices; possibly for other internal indices too.
How to repeat:
- Start up single opensearch node with at least one internal admin user configured
- make any audited change or apply an ISM policy through API
Before applying any template or ISM policy – all ok, security index is created with no replicas:
> curl -ks --netrc-file .netrc https://$HOSTNAME:9200/_cat/shards?v
index shard prirep state docs store ip node
.opendistro_security 0 p STARTED 10 62.3kb 10.65.177.46 test-01.***
After making any logged change – applying some index templates for example:
> curl -ks --netrc-file .netrc -XPUT -H 'Content-Type: application/json' https://$HOSTNAME:9200/_template/default -d@default.json
> curl -ks --netrc-file .netrc https://$HOSTNAME:9200/_cat/shards?v
index shard prirep state docs store ip node
.opendistro_security 0 p STARTED 10 63.1kb 10.65.177.46 test-01.***
security-auditlog-2023.02.15 0 p STARTED 4 59.7kb 10.65.177.46 test-01.***
security-auditlog-2023.02.15 0 r UNASSIGNED
After adding any ISM policy:
> curl -ks --netrc-file .netrc https://$HOSTNAME:9200/_cat/shards?v
index shard prirep state docs store ip node
.opendistro-ism-config 0 p STARTED 10.65.177.46 test-01.***
.opendistro-ism-config 0 r UNASSIGNED
.opendistro_security 0 p STARTED 10 63.1kb 10.65.177.46 test-01.***
security-auditlog-2023.02.15 0 p STARTED 4 60.1kb 10.65.177.46 test-01.***
security-auditlog-2023.02.15 0 r UNASSIGNED
Am I doing something wrong, is this a bug, or is a single node setup actually not supposed to be?
Configuration:
opensearch.yml:
bootstrap.memory_lock: true
path.data: /opt/local/opensearch/data
path.logs: /opt/local/opensearch/logs
network.bind_host: ${HOSTNAME}
cluster.name: singlenodetest
discovery.type: single-node
cluster.default_number_of_replicas: 0
plugins.security.ssl.transport.pemcert_filepath: certs/node.crt.pem
plugins.security.ssl.transport.pemkey_filepath: certs/node.key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: certs/ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: certs/node.crt.pem
plugins.security.ssl.http.pemkey_filepath: certs/node.key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: certs/ca.pem
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn: "*****"
plugins.security.audit.type: internal_opensearch
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
plugins.security.system_indices.enabled: true
Relevant Logs or Screenshots: