Creating a Cluster in Security Mode

Context

• If you choose the pay-per-use or yearly/monthly billing mode, you can directly create a cluster.
• When creating a cluster, the number of nodes that can be added varies according to the node type. For details, see Table 1.

  Table 1 Number of nodes in different types

  Node Type	Number
  ess	ess: 1-32
  ess, ess-master	ess: 1-200 ess-master: an odd number ranging from 3 to 9
  ess, ess-client	ess: 1-32 ess-client: 1-32
  ess, ess-cold	ess: 1-32 ess-cold: 1-32
  ess, ess-master, ess-client	ess: 1-200 ess-master: an odd number ranging from 3 to 9 ess-client: 1-32
  ess, ess-master, ess-cold	ess: 1-200 ess-master: an odd number ranging from 3 to 9 ess-cold: 1-32
  ess, ess-client, ess-cold	ess: 1-32 ess-client: 1-32 ess-cold: 1-32
  ess, ess-master, ess-client, ess-cold	ess: 1-200 ess-master: an odd number ranging from 3 to 9 ess-client: 1-32 ess-cold: 1-32
  Details about the four node types: ess: the default node type that is mandatory for cluster creation. The other three node types are optional. ess-master: master node ess-client: client node ess-cold: cold data node

Procedure

1. Log in to the CSS management console.
2. On the Dashboard page, click Create Cluster in the upper right corner. The Create page is displayed.

   Alternatively, choose Clusters > Elasticsearch in the navigation tree on the left. Click Create Cluster in the upper right corner. The Create page is displayed.

3. Configure Billing Mode and Required Duration.

   Table 2 Billing parameters

   Parameter	Description
   Billing Mode	Select Yearly/Monthly or Pay-per-use. Yearly/monthly: You pay for the cluster by year or month, in advance. The service duration range is one month to three years. If you plan to use a cluster for more than nine months, you are advised to purchase a yearly package for a better price. A yearly package costs the same as a 10 monthly package. Pay-per-use: You are billed by actual duration of use, with a billing cycle of one hour. For example, 58 minutes of usage will be rounded up to an hour and billed.
   Required Duration	The duration for which the purchased EIP will use. The duration must be specified if the Billing Mode is set to Yearly/Monthly. Configure automatic renewal as required.

4. Specify Region and AZ.

   Table 3 Parameter description for Region and AZ

   Parameter	Description
   Region	Select a region for the cluster from the drop-down list on the right.
   AZ	Select AZs associated with the cluster region. You can select a maximum of three AZs. For details, see Deploying a Cross-AZ Cluster.

5. Configure basic cluster information.

   Table 4 Description of basic parameters

   Parameter	Description
   Version	Select a cluster version from the drop-down list box.
   Name	Cluster name, which contains 4 to 32 characters. Only letters, numbers, hyphens (-), and underscores (_) are allowed and the value must start with a letter. NOTE: After a cluster is created, you can modify the cluster name as required. Click the name of a cluster to be modified. On the displayed Basic Information page, click next to the cluster name. After the modification is completed, click to save the modification. If you want to cancel the modification, click .

6. Configure cluster specifications.

   Table 5 Parameter description

   Parameter	Description
   Nodes	Number of nodes in a cluster. Select a number from 1 to 32. You are advised to configure three or more nodes to ensure high availability of the cluster. If neither a master node nor client node is enabled, the nodes specified by this parameter are used to serve as both the master node and client node. Nodes provide the cluster management, data storage, cluster access, and data analysis functions. To ensure data stability in the cluster, it is recommended that you set this parameter to a value no less than 3. If only the master node function is enabled, nodes specified by this parameter are used to store data and provide functions of client nodes. If both the master and client node functions are enabled, the nodes specified by this parameter are only used for storing data. If only the client node function is enabled, nodes specified by this parameter are used to store data and provide functions of the master node.
   CPU Architecture	The supported type is determined by the actual regional environment. You can select x86 or Kunpeng.
   Node Specifications	Specifications of nodes in a cluster. You can select a specified specification based on your needs. Each cluster supports only one specification. For details, see ECS Types. Note that you cannot select the CPU and memory resources that have been sold out.
   Node Storage Type	Select a storage type. Common I/O, High I/O, Ultra-high I/O, and Extreme SSD are supported. NOTE: If the type of storage in use has been sold out or is not supported, the storage type is not displayed.
   Node Storage Capacity	Storage space. Its value varies with node specifications. The node storage capacity must be a multiple of 20.
   Master node	The master node manages all nodes in the cluster. If more than 20 nodes are required to store and analyze a large amount of data, you are advised to enable the master node to ensure cluster stability. Otherwise, you are advised to set only the Nodes parameter and use the nodes as both master and client nodes. After enabling the master node, specify Node Specifications, Nodes, and Node Storage Type. The value of Nodes must be an odd number greater than or equal to 3. Up to nine nodes are supported. The value of Node Storage Capacity is fixed. You can select a storage type based on your needs.
   Client node	The client node allows clients to access clusters and analyze data. If more than 20 nodes are required to store and analyze a large amount of data, you are advised to enable the client node to ensure cluster stability. Otherwise, you are advised to set only the Nodes parameter and use the nodes as both master and client nodes. After enabling the client node, specify Node Specifications, Nodes and Node Storage Type. The value of Nodes ranges from 1 to 32. The value of Node Storage Capacity is fixed. You can select a storage type based on your needs.
   Cold data node	The cold data node is used to store historical data, for which query responses can be returned in minutes. If you do not quire a quick query response, store historical data on cold data nodes to reduce costs. After enabling cold data node, configure Node Specifications, Nodes, Node Storage Type, and Node Storage Capacity. The value of Nodes ranges from 1 to 32. Select Node Storage Type and Node Storage Capacity as required. After the cold data node is enabled, CSS automatically adds cold and hot tags to related nodes.

7. Set the enterprise project.

   When creating a CSS cluster, you can bind an enterprise project to the cluster if you have enabled the enterprise project function. You can select an enterprise project created by the current user from the drop-down list on the right or click View Project Management to go to the Enterprise Project Management console and create a new project or view existing projects.

8. Click Next: Configure Network. Configure the cluster network.

   Table 6 Network configuration parameters

   Parameter	Description
   VPC	A VPC is a secure, isolated, and logical network environment. Select the target VPC. Click View VPC to enter the VPC management console and view the created or shared VPC names and IDs. If no VPCs are available, create one. NOTE: The VPC must contain CIDRs. Otherwise, cluster creation will fail. By default, a VPC will contain CIDRs.
   Subnet	A subnet provides dedicated network resources that are isolated from other networks, improving network security. Select the target subnet. You can access the VPC management console to view the existed subnet names and IDs.
   Security Group	A security group is a collection of access control rules for ECSs that have the same security protection requirements and are mutually trusted in a VPC. To view more details about the security group, click View Security Group. NOTE: For cluster access purposes, ensure that the security group contains port 9200. If your cluster version is 7.6.2 or later, ensure that all the ports used for communication between nodes in the same security group are allowed. If such settings cannot be configured, ensure at least the access to port 9300 is allowed. After the port 9300 is enabled, if the cluster disk usage is high, delete expired data to release the disk storage space. For details, see How Do I Clear Expired Data to Release Storage Space?
   Security Mode	After the security mode is enabled, communication will be encrypted and authentication required for the cluster. The default administrator account is admin. Set and confirm the Administrator Password. This password will be required when you access this cluster.
   HTTPS Access	HTTPS access can be enabled only after the security mode of the cluster is enabled. After HTTPS access is enabled, communication is encrypted when you access the cluster. NOTE: A cluster in security mode uses HTTPS for communication and will provide deteriorated read performance when compared with a normal cluster using HTTP. Its performance may be 20% less than the performance of a normal HTTP cluster under high concurrency. If you want fast read performance and the permission provided by the security mode to isolate resources (such as indexes, documents, and fields), you can disable the HTTPS Access function. After HTTPS Access is disabled, HTTP protocol is used for cluster communication. In this case, data security cannot be ensured and public IP address cannot be used.
   Public IP Address	If HTTPS Access is enabled, you can configure Public Network Access and obtain an IP address for public network access. This IP address can be used to access this security cluster through the public network. For details, see Accessing a Cluster from a Public Network.

9. Click Next: Configure Advanced Settings. Configure the automatic snapshot creation and other functions.
   1. Configure Cluster Snapshot. Set basic configuration and snapshot configuration.

      The cluster snapshot function is enabled by default. You can also disable this function as required. To store automatic snapshots in OBS, an agency will be created to access OBS. Additional cost will be incurred if snapshots are stored in standard storage.

      Table 7 Cluster snapshot parameter

      Parameter	Description
      OBS bucket	Select an OBS bucket for storing snapshots from the drop-down list box. You can also click Create Bucket on the right to create an OBS bucket. For details, see Creating a Bucket. The created or existing OBS bucket must meet the following requirements: Storage Class is Standard. Region must be the same as that of the created cluster.
      Backup Path	Storage path of the snapshot in the OBS bucket. The backup path configuration rules are as follows: The backup path cannot contain the following characters: \:*?"<>| The backup path cannot start with a slash (/). The backup path cannot start or end with a period (.). The backup path cannot contain more than 1,023 characters.
      IAM Agency	IAM agency authorized by the current account for CSS to access or maintain data stored in OBS You can also click Create IAM Agency on the right to create an IAM agency. For details, see Creating an Agency. The created or existing IAM agency must meet the following requirements: Agency Type must be Cloud service. Set Cloud Service to Elasticsearch or CSS. The agency must have the OBS Administrator permission for the OBS project in Global service.

      Table 8 Automatic snapshot creation parameter

      Parameter	Description
      Snapshot Name Prefix	The snapshot name prefix contains 1 to 32 characters and must start with a lowercase letter. Only lowercase letters, digits, hyphens (-), and underscores (_) are allowed. A snapshot name consists of a snapshot name prefix and a timestamp, for example, snapshot-1566921603720.
      Time Zone	Time zone for the backup time, which cannot be changed. Specify Backup Started Time based on the time zone.
      Backup Start Time	The time when the backup starts automatically every day. You can specify this parameter only in full hours, for example, 00:00 or 01:00. The value ranges from 00:00 to 23:00. Select a time from the drop-down list.
      Retention Period (days)	The number of days that snapshots are retained in the OBS bucket. The value ranges from 1 to 90. You can specify this parameter as required. The system automatically deletes expired snapshots every hour at half past the hour. For example, if you set the automatic snapshot creation policy as shown in Figure 1, the system, at 00:30 35 days later, will automatically delete the automated snapshots that were created at 00:00.

      Figure 1 Setting parameters for automatic snapshot creation
      
   2. Configure advanced settings for the cluster.
      • Default: The VPC Endpoint Service, Kibana Public Access, and Tag functions are disabled by default. You can manually enable these functions after the cluster is created.
      • Custom: You can enable the VPC Endpoint Service, Kibana Public Access, and Tag functions as required.

      Table 9 Parameters for advanced settings

      Parameter	Description
      VPC Endpoint Service	After enabling this function, you can obtain a private domain name for accessing the cluster in the same VPC. For details, see Accessing a Cluster Using a VPC Endpoint. NOTE: The VPC endpoint service cannot be enabled for a shared VPC.
      Kibana Public Access	You can configure this parameter only when security mode is enabled for a cluster. After enabling this function, you can obtain a public IP address for accessing Kibana. For details, see Accessing a Cluster from a Kibana Public Network.
      Tag	Adding tags to clusters can help you identify and manage your cluster resources. You can customize tags or use tags predefined by Tag Management Service (TMS). For details, see Managing Tags. If your organization has enabled tag policies for CSS, you must comply with the tag policy rules when creating clusters, otherwise, clusters may fail to be created. Contact the organization administrator to learn more about tag policies.

10. Click Next: Confirm. Check the configuration and click Next to create a cluster.
11. Click Back to Cluster List to switch to the Clusters page. The cluster you created is listed on the displayed page and its status is Creating. If the cluster is successfully created, its status will change to Available.

    If the cluster creation fails, create the cluster again.

Follow-up Operations

After an Elasticsearch cluster is created, you are advised to optimize the query performance of the cluster to improve efficiency by referring to Cluster Performance Tuning.