Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Opensearch does not respect "discovery.type=single-node" setting during index creation #4739

Open
jazzl0ver opened this issue Sep 13, 2024 · 6 comments
Labels
bug Something isn't working Security Security Related Issues triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@jazzl0ver
Copy link

jazzl0ver commented Sep 13, 2024

Describe the bug

Opensearch was launched using the following docker-compose.yml (derived from https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/#sample-docker-composeyml) on Debian 12 privileged LXC container:

version: '3'
services:
  opensearch: # This is also the hostname of the container within the Docker network (i.e. https://opensearch-node1/)
    image: opensearchproject/opensearch:latest # Specifying the latest available image - modify if you want a specific version
    container_name: opensearch
    environment:
      - discovery.type=single-node
      - bootstrap.memory_lock=true # Disable JVM heap memory swapping
      - plugins.security.system_indices.enabled=false
      - "OPENSEARCH_JAVA_OPTS=-Xms4096m -Xmx4096m" # Set min and max JVM heap sizes to at least 50% of system RAM
      - OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD}    # Sets the demo admin user password when using demo configuration, required for OpenSearch 2.12 and later
    ulimits:
      memlock:
        soft: -1 # Set memlock to unlimited (no soft or hard limit)
        hard: -1
      nofile:
        soft: 65536 # Maximum number of open files for the opensearch user - set to at least 65536
        hard: 65536
    volumes:
      - /root/data:/usr/share/opensearch/data # Creates volume called opensearch-data1 and mounts it to the container
    ports:
      - 9200:9200 # REST API
      - 9600:9600 # Performance Analyzer
    networks:
      - opensearch-net # All of the containers will join the same Docker bridge network
  opensearch-dashboards:
    image: opensearchproject/opensearch-dashboards:latest # Make sure the version of opensearch-dashboards matches the version of opensearch installed on other nodes
    container_name: opensearch-dashboards
    ports:
      - 5601:5601 # Map host port 5601 to container port 5601
    expose:
      - "5601" # Expose port 5601 for web access to OpenSearch Dashboards
    environment:
      OPENSEARCH_HOSTS: '["https://opensearch:9200"]' # Define the OpenSearch nodes that OpenSearch Dashboards will query
    networks:
      - opensearch-net

networks:
  opensearch-net:

In my understanding in a single node installation the replica count should be set to 0 for all indices by default, but this doesn't happen:
image

Related component

Indexing

To Reproduce

  1. Launch from the docker-compose.yml
  2. Check the Index Management/Indexes page
  3. There're unhealthy indices

Expected behavior

All indices should be healthy (in green state) by default

Additional Details

Host/Environment (please complete the following information):

  • OS: Debian 12
  • Version 2.16
@jazzl0ver jazzl0ver added bug Something isn't working untriaged Require the attention of the repository maintainers and may need to be prioritized labels Sep 13, 2024
@dhwanilpatel
Copy link

@jazzl0ver, Thanks for the filing the issue, Are you referring to the security audit logs index to not become green on single node cluster?

Adding security label to validate, if we can change the replica count of the security audit index to zero for single node cluster.

@dhwanilpatel dhwanilpatel added Security Security Related Issues and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Sep 16, 2024
@dhwanilpatel
Copy link

@opensearch-project/admin can we please move this issue to opensearch-project/security ?

@gaiksaya gaiksaya transferred this issue from opensearch-project/OpenSearch Sep 16, 2024
@github-actions github-actions bot added the untriaged Require the attention of the repository maintainers and may need to be prioritized label Sep 16, 2024
@jazzl0ver
Copy link
Author

@dhwanilpatel it's not only about the security audit index. ISM history is also affected

@cwperks cwperks added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Sep 23, 2024
@cwperks
Copy link
Member

cwperks commented Sep 23, 2024

[Triage] Thank you for filing this issue @jazzl0ver . I think it makes sense to add a setting to specify the number of replicas on index creation around here: https://github.com/opensearch-project/security/blob/main/src/main/java/org/opensearch/security/auditlog/sink/InternalOpenSearchSink.java#L84-L86

Similarly, ISM history index has a setting where you can control the number of replicas.

@jazzl0ver
Copy link
Author

@jazzl0ver
Copy link
Author

Another affected index family - .opendistro-anomaly-results-history-*

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working Security Security Related Issues triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Development

No branches or pull requests

3 participants