Hello and thank you so much for the wonderful work on open distro,
I am not an actual server guy and I use docker to get the readily built software and its requirements and just deploy it with some tweakings on the settings.
I chose aws ecs to manage my elastic stack containers + application load balancer to balance my nodes and acm for my ssl. I am currently struggling with the TLS
setup part, I generated my own self signed ssl certificates here Add your own SSL certificates to Open Distro for Elasticsearch | AWS Open Source Blog and successfully launched a single node, but on ECS I set my service to launch at least 2 minimum tasks. So the 2 elasticsearch task run properly, the problem is they are not seeing each other and on my elasticsearch.yml I have this
cluster.name: horus
network.publish_host: _ec2:privateIp_
transport.publish_host: _ec2:privateIp_
discovery.zen.hosts_provider: ec2
discovery.ec2.tag.ElasticSearch: horus
discovery.ec2.endpoint: ec2.${REGION}.amazonaws.com
s3.client.default.endpoint: s3.${REGION}.amazonaws.com
cloud.node.auto_attributes: true
cluster.routing.allocation.awareness.attributes: aws_availability_zone
opendistro_security.ssl.transport.pemcert_filepath: odfe-node1.pem
opendistro_security.ssl.transport.pemkey_filepath: odfe-node1.key
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
It was actually working with the regular elasticsearch distribution from elastic.co but not on opendistro, I believe the problem is on the ssl transport key.
Do I need to create a pemcert and pemkey on every node? My nodes on ecs are dynamically created… Can someone point me to right direction, thank you so much!