Hi everyone,
i’m trying to create a cluster of 3 nodes with encrypted communication among the nodes. I have generated a pem certificate for each node and i’ve configured seed hosts and cluster initial master.
This is elasticsearch.yml:
cluster.name: “test-ansible-elastic-cluster”
network.host: "0.0.0.0"
discovery.zen.minimum_master_nodes: 1
discovery.seed_hosts:
- "hostname1.compute.amazonaws.com::9300"
- "hostname2.compute.amazonaws.com::9300"
- "hostname3.compute.amazonaws.com::9300"
cluster.initial_master_nodes:
- nodo1
- nodo2
- nodo3
opendistro_security.ssl.transport.pemcert_filepath: nodo1.pem
opendistro_security.ssl.transport.pemkey_filepath: nodo1-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: MyRootCA.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.disabled: false
opendistro_security.allow_unsafe_democertificates: false
path.logs: /var/log/elasticsearch
path.data: /var/lib/elasticsearch
bootstrap.memory_lock: true
node.name: nodo1
node.master: true
node.data: true
cluster.remote.connect: false
opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.pemcert_filepath: nodo1.pem
opendistro_security.ssl.http.pemkey_filepath: nodo1-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: MyRootCA.pem
opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:
- "CN=admin,OU=ou,O=o,L=l,ST=st,C=c"
opendistro_security.nodes_dn:
- "CN=nodo1,OU=ou,O=o,L=l,ST=st,C=c"
- "CN=nodo2,OU=ou,O=o,L=l,ST=st,C=c"
- "CN=nodo3,OU=ou,O=o,L=l,ST=st,C=c"
opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false
opendistro_security.compliance.salt: "******************"
it seems that i can’t reach any of the nodes:
[2019-10-24T12:03:36,088][WARN ][o.e.c.c.ClusterFormationFailureHelper] [nodo1] master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster, and this node must discover master-eligible nodes [nodo1, nodo2, nodo3] to bootstrap a cluster: have discovered []; discovery will continue using [172.31.20.185:9300, 172.31.30.171:9300] from hosts providers and [{nodo1}{37vHomwsS02gMGDg3paNog}{U5VZJsBjQDm_l0Ztzn5-9Q}{172.31.26.127}{172.31.26.127:9300}] from last-known cluster state; node term 0, last-accepted version 0 in term 0
[2019-10-24T12:03:45,024][DEBUG][o.e.a.a.c.h.TransportClusterHealthAction] [nodo1] timed out while retrying [cluster:monitor/health] after failure (timeout [30s])
[2019-10-24T12:03:45,525][DEBUG][o.e.a.a.c.h.TransportClusterHealthAction] [nodo1] no known master node, scheduling a retry
[2019-10-24T12:03:46,089][WARN ][o.e.c.c.ClusterFormationFailureHelper] [nodo1] master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster, and this node must discover master-eligible nodes [nodo1, nodo2, nodo3] to bootstrap a cluster: have discovered []; discovery will continue using [172.31.20.185:9300, 172.31.30.171:9300] from hosts providers and [{nodo1}{37vHomwsS02gMGDg3paNog}{U5VZJsBjQDm_l0Ztzn5-9Q}{172.31.26.127}{172.31.26.127:9300}] from last-known cluster state; node term 0, last-accepted version 0 in term 0
Im able to ping other machines
Can you help me? Should i pass the pem to ssh inside the machines?
Best Regards
EF