CCR not able to connect with "handshake failed because connection reset"

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

opensearch 2.8.0 both on follower and leader, leader is docker-based, follower is k8s-based with operator.

Describe the issue:

We followed the CCR documentation, added the relevant subjects on leader’s yaml config, setup CCR on follower and the start api only get transport exceptions.

Leader’s config

plugins:
  security:
    nodes_dn:
      - "<leader's subject>"
      - "<follower's admin subject>"

CCR START api output

{
  "error" : {
    "root_cause" : [
      {
        "type" : "transport_exception",
        "reason" : "handshake failed because connection reset"
      }
    ],
    "type" : "connect_transport_exception",
    "reason" : "[][<IPADDRESS>:9300] general node connection failure",
    "caused_by" : {
      "type" : "transport_exception",
      "reason" : "handshake failed because connection reset"
    }
  },
  "status" : 500
}

after failing miserably to correctly make this to work I adopted the follower transport key as the leader transport key, ie, using the same transport key in both clusters.

So I’ve updated transport and CA keys in leader.

With that change I was able to make CCR connect both clusters.

Hello !
I am using opensearch leatest version in wazuh to index logs.
so i am trying ccr for my opensearch cluster with security enabled.
I am face the above issues . will someone explain in details.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.