-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Cluster status YELLOW after configuring Security Plugin in single-node clusters #3130
Comments
[Triage] Thank you for filing this issue @williamtrelawny. Looking at this issue, it seems like you have configured index configurations in such a way you have an unassigned shard. The Security plugin does not have any impact on sharding strategies. Closing this issue. |
I'm also having this issue with the default setup for running a single node in Docker. The instructions at https://hub.docker.com/r/opensearchproject/opensearch indicate that the following starts up a single node cluster:
However, the cluster remains in "yellow" status:
Many of the internal indices are being replicated but those replicas are not assigned to nodes, being a single node cluster.
My understanding of OpenSearch is insufficient for me to be able to configure these indices so that they are not replicated. Whilst I understand it may be possible to alter these indexes after the fact to use no replicas:
However, I have no idea what this will do to the cluster. This strategy also falls down when we try to modify the
Ideally, we are looking for a very minimal OpenSearch image we can run integration tests against in automated tests. It may be that I'm unaware of many of the configuration settings that can help, but I'm also struggling to find comprehensive documentation of these things. Right now we are using an Elasticsearch image instead as a workaround. |
Please do not close this issue as it is not resolved. I have not made any changes to index parameters, sharding, replication, etc. at all. I have simply installed Openersearch and configured the Security plugin. For whatever reason, 2 shards are created by default on all deployments of the Security Plugin, regardless of the number of nodes in the cluster. If the Security Plugin does not affect sharding strategies, then why is it that other default indices not part of the Security Plugin do not have this issue? Whether the root cause is within the Security Plugin code or not, the issue arises only after initializing the plugin, so from a procedural standpoint the issue does lie here. And it definitely IS an issue if Opensearch w/ Security Plug-in does not work "out of the box" on a single node. |
I'm not sure I follow. The security plugin owns / creates index If I'm understanding correctly, there is a state where the cluster is green and those indices (for example, If that is the case, it would help a lot to get confirmation that that is the case (i.e. those are green to begin with) and then narrow down to a step in the security setup when these settings unexpectedly change. |
Hello, The problem and these indices are not coming from the security plugin but rather originate in opensearch-security-analytics and opensearch-ml plugins. When I remove these plugins, everything is running fine and the cluster status is green, because these 3 indices won't be created. I think these two plugins should adapt the Maybe we should move/reopen the issue in other repo(s)? Thanks! |
@scrawfor99: I think there was a misunderstanding when this issue was closed. The named indices are created with a replica configuration by default which makes it impossible to get them to green for a single-node setup. For anomaly detection, this was already acknowledged as requiring a change. |
@dennisoelkers Thanks for calling this out - OpenSearch-Project wide we should have a consistent philosophy. We should re-triage this issue with this context in mind |
Per the cluster health documentation [link] it would suggest that the security plugin should allow for a configuration with no replicas.
Personally, I have a bias towards multi-node clusters as I have experience with single machine sources of failure causing significant impact. As much as I think all clusters should be multi-node, that is a preference and pushing that preference via the cluster health check is not transparent to operators of OpenSearch. |
[Triage] Given the feedback on this issue, we will make an action item here to allow for 1 node clusters to be green. We will need to change it so that 1 node clusters can be set to 1 so that it is green. |
I will start looking into this. Can you assign it to me @scrawfor99 ? |
We had to do this:
To let the status go to GREEN and continue the upgrades of all the data nodes p.s setting |
Is it fixed? Looks good on v2.12.0 |
We using |
This problem appears to still exist in 2.12.0 and is not isolated to single node clusters, I am pretty sure we just saw this on a 20 node cluster when we expanded it to 40 nodes. We saw the following error message:
So the problem is related to rack affinity for shard allocation. I fixed it by following the advice above, but rather than disabling plugins and setting replicas to 0 I set it to the original number of replicas.
|
What is the bug?
Upon activating the Security plugin in a single node cluster, the cluster status will always be YELLOW because of unassigned shards in 3 different indices:
How can one reproduce the bug?
Steps to reproduce the behavior:
What is the expected behavior?
Default sharding for above indices should be 1 primary / 0 replicas to account for single-node clusters. Or perhaps some degree of intelligent sharding based on cluster size.
What is your host/environment?
Do you have any screenshots?
Do you have any additional context?
Related to the sentiment behind opensearch-project/anomaly-detection#847, that plugins enabled on a single node Opensearch cluster should Just Work and maintain GREEN cluster status.
The text was updated successfully, but these errors were encountered: