How to split ".security-7"

Why can't I add multiple copies of. security-7 in the ES8 cluster? How to modify the number of replicas of the system index?

". security-7" I want to distribute this index among storage nodes, but it cannot be implemented in es8. x, and I want to find a solution.

Welcome to our community! :smiley:

By default, that index has this setting;

    "settings": {
      "index": {
        "refresh_interval": "1s",
        "hidden": "true",
        "auto_expand_replicas": "0-1",

That means it'll add replicas as it can. How many nodes do you have in your cluster?

My es cluster has five storage nodes and three management nodes, but There is only one copy of security-7

What's the output from GET _cat/indicies/.security*?v?

Its output is as follows:{"error":"no handler found for uri [/_cat/indicies/.security*?v?] and method [GET]"}

The last ? is outside the code quotes, that's not clear sorry. Just - GET _cat/indicies/.security*?v.

The output is as follows: "error": "no handler found for uri [/_cat/indicies/.security*?v=&pretty=true] and method [GET]"

Ahh there is a typo I missed - GET _cat/indices/.security*?v. There is no second i in indices!

health status index uuid pri rep docs.count docs.deleted store.size
green open .security-7 c2xBKwkbR326pV45SxMoeQ 1 1 111 0 658.1kb 327.3kb

Can this index be modified manually? Or what configuration errors can prevent more copies of my index from appearing?

Ok you can see that it has a single primary and a single replica allocated there, which matches the auto_expand_replicas setting as mentioned.

You can update the template and/or the index to increase that, but it will likely be overwritten if you upgrade.

I also tried to use "put" to make changes, but failed.

This method can be used on the ES7 cluster, but cannot be updated in the ES8 cluster.
And I use "GET _cat/templates",You cannot see the template for ". security-7".

This is not possible in version 8. System indices (security index is one of them) pre-configure certain settings and they cannot be manually overriden.

Maybe we should take a step back: Other than having multiple data nodes, do you have a strong reason for changing the number of replicas? Do you have evidence that having a single replica is causing performance issue? Many security related operations are heavily cached. I'd be interested in seeing any underlying issues before jumping to the conclusion of increasing number of replicas.

In the environment, if I have a partition, I cannot effectively guarantee security. It is very likely that nodes with '. security-7' will be disconnected at the same time. Therefore, I want '. security-7' to have more copies to ensure cluster security.

1 Like

Why would you have a partition?

Oh, I'm sorry, it's split if If security-7 has only one partition, my cluster cannot effectively ensure security, such as two storage If the nodes of security-7 are offline at the same time, my cluster may not work normally.

I'd like to clarify that when both shards for the security index become unavailable, any security related operations relying on the security index will fail. In another word, the cluster will fail closed, i.e. no security vulnerability.

That said, it does mean the cluster will become largely unsable because every request needs authentication which will fail. In this case, the current suggestion is to prioritize bringing the offline security shards back on again before anything else.

What if I don't want to make my cluster unusable due to the failure of two partitions of the security index? Therefore, I want to increase the partition of the security index to make it more secure.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.