Connect to an OpenSearch cluster
To connect to an OpenSearch cluster, connect to nodes in the group with the Manager, Data, or Dashboard role. The choice of node to connect to depends on the purpose of the connection — for example, if you want to access the cluster dashboard, you should connect to a node in the group with the Dashboard role. For more information about node groups and their roles, see the manual Groups of nodes.
Nodes can be connected to by IP address: private or public. If you need to configure access to the node from the Internet, connect a public IP address.
Ports
Use port 9200 to connect to the cluster nodes.
Ways of connection
The way to connect to the nodes of the OpenSearch cloud database cluster depends on the role of the node group — more information about roles in the manual Groups of nodes. You can:
- connect to nodes of the group with the Manager and Data roles — from the program code with SSL;
- connect to the group node with the Dashboard role — through the OpenSearch Dashboards web interface or OpenSearch API.
View the address for connection
- in control panels from the top menu, press Products and select Managed databases.
- Open the tab Active.
- Open the Database Cluster page → tab Connection.
- In the block Addresses for connection open the tab of the node group whose addresses you want to view.
Connect to nodes in the group with the Manager and Data roles
Group nodes with the Manager and Data role can be connected to from program code with SSL. Connecting using TLS/SSL encryption provides a secure connection between your server and the database cluster.
Bash
Python
Go
Node.js
-
Download the root certificate and place it in the folder
~/.opensearch/:mkdir -p ~/.opensearch/
wget https://storage.dbaas.selcloud.ru/CA.pem -O ~/.opensearch/root.crt
chmod 0600 ~/.opensearch/root.crt -
Connect to the node:
curl -XGET -u "admin:<password>" --cacert "~/.opensearch/root.crt" "https://<ip_address>:9200/"Specify:
<password>— the password of the admin user;<ip_address>— IP address of the node.
-
Download the root certificate and place it in the folder
~/.opensearch/:mkdir -p ~/.opensearch/
wget https://storage.dbaas.selcloud.ru/CA.pem -O ~/.opensearch/root.crt
chmod 0600 ~/.opensearch/root.crt -
Install the opensearch-py library:
pip3 install opensearch-py -
Connect to the node:
from opensearchpy import OpenSearch
hosts = ['<host_1>',
'<host_2>']
auth = ('admin', '<password>')
ca_certs_path = '~/.opensearch/root.crt'
client = OpenSearch(
hosts,
http_auth = auth,
use_ssl = True,
verify_certs = True,
ssl_assert_hostname = False,
ssl_show_warn = False,
ca_certs = ca_certs_path
)
print(client.info())Specify:
<host_1>and<host_2>— IP addresses of nodes;<password>— the password of the admin user.
-
Download the root certificate and place it in the folder
~/.opensearch/:mkdir -p ~/.opensearch/
wget https://storage.dbaas.selcloud.ru/CA.pem -O ~/.opensearch/root.crt
chmod 0600 ~/.opensearch/root.crt -
Use the connection example:
package main
import (
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"github.com/opensearch-project/opensearch-go"
"net/http"
"os"
)
func main() {
caCert, err := ioutil.ReadFile("<path>")
if err != nil {
fmt.Println("failed to read CA certificate: %w", err)
os.Exit(1)
}
caCertPool := x509.NewCertPool()
if ok := caCertPool.AppendCertsFromPEM(caCert); !ok {
fmt.Println("failed to append CA certificate")
}
client, err := opensearch.NewClient(opensearch.Config{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{RootCAs: caCertPool},
},
Addresses: []string{
"https://<host_1>:9200",
"https://<host_2>:9200"
},
Username: "admin",
Password: "<password>",
})
if err != nil {
fmt.Println("cannot initialize", err)
os.Exit(1)
} else {
fmt.Println(client.Info())
}
}Specify:
<path>— the full path to the root certificate;<host_1>and<host_2>— IP addresses of nodes;<password>— user password.
-
Download the root certificate and place it in the folder
~/.opensearch/:mkdir -p ~/.opensearch/
wget https://storage.dbaas.selcloud.ru/CA.pem -O ~/.opensearch/root.crt
chmod 0600 ~/.opensearch/root.crt -
Establish dependencies:
npm install @opensearch-project/opensearch -
Use the connection example:
import { readFileSync } from 'fs';
import { Client } from '@opensearch-project/opensearch';
const hosts = [
"https://<host_1>:9200",
"https://<host_2>:9200"
];
const username = "admin";
const password = "<password>";
const caCertsPath = "<path>";
const client = new Client({
nodes: hosts,
ssl: {
ca: readFileSync(caCertsPath),
},
auth: {
username,
password
}
});
const getClusterInfo = async () => {
try {
const response = await client.cluster.health();
console.log('Cluster Info:', response.body);
} catch (error) {
console.error('Error fetching cluster info:', error);
}
};
getClusterInfo();Specify:
<host_1>and<host_2>— IP addresses of nodes;<password>— the password of the admin user;<path>— the full path to the root certificate.
Connect to a group node with the Dashboard role
OpenSearch Dashboards
OpenSearch API
You can connect to a group node with the Dashboard role through the OpenSearch Dashboards web interface.
-
Open the page in your browser:
https://<ip_address>Specify
<ip_address>— IP address of the group node with the Dashboard role. -
Enter the login —
admin. -
Enter password — set when creating the cluster. Once created, the password cannot be viewed in the control panel, but you can modify.
-
To test the connection, in the console Dev Tools Run a test query — for example, see the status of the cluster:
GET _cluster/healthThe cluster status information will appear in the response.
Connect to the group node with the Dashboard role and test the connection, run a test query — for example, see the status of the cluster:
curl -u 'admin:<password>' -X GET "https://<ip_address>/api/status"
Specify:
<password>— is set when the cluster is created. Once created, the password cannot be viewed in the control panel, but you can modify;<ip_address>— IP address of the group node with the Dashboard role.
The cluster status information will appear in the response.