Change setting in elasticsearch.yml and restart

Hi Everyone. When I change the setting in elasticsearch.yml file. Is there any way I only need to restart 1 node instead of the whole cluster?

My example setup is:
3 dedicated master node
4 dedicated data node

The goal is set

opendistro_security.audit.config.index: "'security-auditlog-'YYYY.MM"

without restart the whole cluster, only restart a single 1 in 3 master nodes!

Hi @BlackMetalz ,

I think that is possible, but you also have to consider other factors while doing that:

• do not restart the node which is already a master elected node
• do it in a way as it is when you do a Rolling upgrade – mainly, disabling the shard allocation to prevent Elasticsearch from replicating shards as you shut down the node
• and of course, set that setting to all of your elasticsearch.yml nodes so that i.e. if one of the nodes gets restarted at some point, it will override the configurations

b.t.w it also depends on the deployment options you did set it up. I assume you have done it via one of the package manager (RPM package, Debian package).

Note : I would really recommend that you first try it on a dev env. so that you are sure the restart of a single node will do the job.

Best,

Gezim

Yeah. Thanks for the recommendations.
I will try restarting the node that is not master elected and save all config to another node in case they get restarted.
Since my master is dedicated ( it doesn’t hold any data ). And restart the single node will do the job ( i did for master, it was quick ).

and yes as you said, I did it via the package manager ( Debian ) since I found it is easy to control than docker ( i used saltstack to handle cluster config and installation ).

I have tested in env and prod so I can confirm this works well. Haven’t test for restart master which is not elected to master xD

Thanks for the reply!