[BUG] Opensearch does not respect "discovery.type=single-node" setting during index creation

[jazzl0ver]

Describe the bug

Opensearch was launched using the following docker-compose.yml (derived from https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/#sample-docker-composeyml) on Debian 12 privileged LXC container:

version: '3'
services:
  opensearch: # This is also the hostname of the container within the Docker network (i.e. https://opensearch-node1/)
    image: opensearchproject/opensearch:latest # Specifying the latest available image - modify if you want a specific version
    container_name: opensearch
    environment:
      - discovery.type=single-node
      - bootstrap.memory_lock=true # Disable JVM heap memory swapping
      - plugins.security.system_indices.enabled=false
      - "OPENSEARCH_JAVA_OPTS=-Xms4096m -Xmx4096m" # Set min and max JVM heap sizes to at least 50% of system RAM
      - OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD}    # Sets the demo admin user password when using demo configuration, required for OpenSearch 2.12 and later
    ulimits:
      memlock:
        soft: -1 # Set memlock to unlimited (no soft or hard limit)
        hard: -1
      nofile:
        soft: 65536 # Maximum number of open files for the opensearch user - set to at least 65536
        hard: 65536
    volumes:
      - /root/data:/usr/share/opensearch/data # Creates volume called opensearch-data1 and mounts it to the container
    ports:
      - 9200:9200 # REST API
      - 9600:9600 # Performance Analyzer
    networks:
      - opensearch-net # All of the containers will join the same Docker bridge network
  opensearch-dashboards:
    image: opensearchproject/opensearch-dashboards:latest # Make sure the version of opensearch-dashboards matches the version of opensearch installed on other nodes
    container_name: opensearch-dashboards
    ports:
      - 5601:5601 # Map host port 5601 to container port 5601
    expose:
      - "5601" # Expose port 5601 for web access to OpenSearch Dashboards
    environment:
      OPENSEARCH_HOSTS: '["https://opensearch:9200"]' # Define the OpenSearch nodes that OpenSearch Dashboards will query
    networks:
      - opensearch-net

networks:
  opensearch-net:

In my understanding in a single node installation the replica count should be set to 0 for all indices by default, but this doesn't happen:

Related component

Indexing

To Reproduce

1. Launch from the docker-compose.yml
2. Check the Index Management/Indexes page
3. There're unhealthy indices

Expected behavior

All indices should be healthy (in green state) by default

Additional Details

Host/Environment (please complete the following information):

• OS: Debian 12
• Version 2.16

[dhwanilpatel]

@jazzl0ver, Thanks for the filing the issue, Are you referring to the security audit logs index to not become green on single node cluster?

Adding security label to validate, if we can change the replica count of the security audit index to zero for single node cluster.

[dhwanilpatel]

@opensearch-project/admin can we please move this issue to opensearch-project/security ?

[jazzl0ver]

@dhwanilpatel it's not only about the security audit index. ISM history is also affected

[cwperks]

[Triage] Thank you for filing this issue @jazzl0ver . I think it makes sense to add a setting to specify the number of replicas on index creation around here: https://github.com/opensearch-project/security/blob/main/src/main/java/org/opensearch/security/auditlog/sink/InternalOpenSearchSink.java#L84-L86

Similarly, ISM history index has a setting where you can control the number of replicas.

[jazzl0ver]

Another affected index family is this one - .opendistro-alerting-alert-history-*
https://github.com/opensearch-project/alerting/blob/6239d7b665a98efcee7a1001e12a215d9ed53be4/alerting/src/main/kotlin/org/opensearch/alerting/alerts/AlertIndices.kt#L376-L378

Please, fix

[jazzl0ver]

Another affected index family - .opendistro-anomaly-results-history-*