You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"These files can include opensearch.yml, plugin configuration files, and TLS certificates, for example. Once you identify which files you want to back up, copy them to remote storage for safety."
The opensearch.yml is mounted from the Kubernetes config-map and the certs from K8s secrets. So even when you backup these, you have to update secret and configmap. (So better backup K8s).
As certs are only updated with bootstrap and setting the special flag and the only thing which happens when the certs are renewed, is that you have to redeploy the cert stores within WebSphere, this is not important at all.
Description
The description about the Opensearch update and backup is somehow misleading.
https://github.com/HCL-TECH-SOFTWARE/connections-doc/blob/946c61621beffdc9cf9e12cba70d58baaddffb90/v8-cr4/admin/install/upgrade_opensearch.md
"These files can include opensearch.yml, plugin configuration files, and TLS certificates, for example. Once you identify which files you want to back up, copy them to remote storage for safety."
The opensearch.yml is mounted from the Kubernetes config-map and the certs from K8s secrets. So even when you backup these, you have to update secret and configmap. (So better backup K8s).
![image](https://private-user-images.githubusercontent.com/1975258/276948366-1b2b2272-f819-4fb5-8d20-4bd6fef910fb.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjExMzk3OTEsIm5iZiI6MTcyMTEzOTQ5MSwicGF0aCI6Ii8xOTc1MjU4LzI3Njk0ODM2Ni0xYjJiMjI3Mi1mODE5LTRmYjUtOGQyMC00YmQ2ZmVmOTEwZmIucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcxNiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MTZUMTQxODExWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9NmQzZWExY2ExMmJjNTBjNTNiOGNiZTZiMDI1Mjc1YWYxMWViMjc0MDdjN2M3M2U4ZTMxMDBkN2ZhMjIwZTM4MSZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.sxaj7hlY5RqHM2QXwy2ajH5SbcxXGn_QgFMIx1XNAn8)
As certs are only updated with bootstrap and setting the special flag and the only thing which happens when the certs are renewed, is that you have to redeploy the cert stores within WebSphere, this is not important at all.
Maybe as a side note because snapshots are mentioned here. Opensearch 2.1+ supports automatic schedulers for Snapshot creation (like some customers used in ES 7), but the plugin is not installed.
https://opensearch.org/docs/latest/tuning-your-cluster/availability-and-recovery/snapshots/snapshot-management/
As backup / restore with file system backups is not guaranteed with OpenSearch / Elasticsearch, this plugin could help all customers to keep the data.
As we are talking about opensearch.yml, please remove the option
from opensearch.yml because this creates daily indices for securityaudits:
![image](https://private-user-images.githubusercontent.com/1975258/276950823-c4b7d30c-9ab0-4893-b278-351849d01fe1.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjExMzk3OTEsIm5iZiI6MTcyMTEzOTQ5MSwicGF0aCI6Ii8xOTc1MjU4LzI3Njk1MDgyMy1jNGI3ZDMwYy05YWIwLTQ4OTMtYjI3OC0zNTE4NDlkMDFmZTEucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcxNiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MTZUMTQxODExWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9OGEzYjIyZGQwOGQyNDRlZTUwZjk3MjI1OGJhYmFlN2I0ODdjZGM5ODMwMmRmMzBkMzI1OTczOWY0OWE4NTJhNiZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.6itKLymXaIoD3CtCUzrCJp_bxHZpqe3GqwRB1nuX3DU)
Or add an option to remove these auditlogs on a weekly basis.
Thanks
Christoph
The text was updated successfully, but these errors were encountered: