Ok i found the problem.
According to this post :
the problem is it’s not possible to start a node with only the role cluster_manager.
In definitive, role need to be : [cluster_manager, data]
Here is my opensearch.yml
Cluster manager => 192.168.3.101
cluster.name: opensearch-cluster
node.name: cluster
network.bind_host: 192.168.3.101
network.publish_host: 192.168.3.101
network.host: 192.168.3.101
http.port: 9200
node.roles: [ cluster_manager, data ]
cluster.initial_cluster_manager_nodes: ["cluster"]
discovery.seed_hosts: ["192.168.3.106:9200", "192.168.3.101:9200"]
#discovery.type: single-node
path.data: /srv/data
#
# Path to log files:
#
path.logs: /srv/logs
plugins.security.ssl.transport.pemcert_filepath: /etc/opensearch/node1_ip.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/opensearch/node1-key_ip.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/opensearch/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: /etc/opensearch/node1_ip.pem
plugins.security.ssl.http.pemkey_filepath: /etc/opensearch/node1-key_ip.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/opensearch/root-ca.pem
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn:
- 'CN=A,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA'
plugins.security.nodes_dn:
- 'CN=192.168.3.101,OU=AXI,O=AXI,L=PARIS,ST=FRANCE,C=FR'
- 'CN=192.168.3.106,OU=AXI,O=AXI,L=PARIS,ST=FRANCE,C=FR'
plugins.security.audit.type: internal_opensearch
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
Data node (192.168.3.106)
cluster.name: opensearch-cluster
node.name: node1
network.bind_host: 192.168.3.106
network.host: 192.168.3.106
http.port: 9200
node.roles: [ data ]
cluster.initial_cluster_manager_nodes: ["cluster"]
discovery.seed_hosts: ["192.168.3.101", "192.168.3.106"]
#discovery.type: single-node
path.data: /srv/data
#
# Path to log files:
#
path.logs: /srv/logs
plugins.security.ssl.transport.pemcert_filepath: /etc/opensearch/node1_ip.pem
plugins.security.ssl.transport.pemkey_filepath: /etc/opensearch/node1-key_ip.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/opensearch/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: /etc/opensearch/node1_ip.pem
plugins.security.ssl.http.pemkey_filepath: /etc/opensearch/node1-key_ip.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/opensearch/root-ca.pem
plugins.security.allow_default_init_securityindex: true
plugins.security.authcz.admin_dn:
- 'CN=A,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA'
plugins.security.nodes_dn:
- 'CN=192.168.3.101,OU=AXI,O=AXI,L=PARIS,ST=FRANCE,C=FR'
- 'CN=192.168.3.106,OU=AXI,O=AXI,L=PARIS,ST=FRANCE,C=FR'
plugins.security.audit.type: internal_opensearch
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
There’s probably mistakes, but at the moment it’s the only method to get all nodes seeing each other.
[root@localhost opensearch]# curl -XGET https://192.168.3.101:9200/_cat/nodes?v -u 'admin:******' --insecure
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role node.roles cluster_manager name
192.168.3.101 15 34 0 0.15 0.07 0.07 dm cluster_manager,data * cluster
192.168.3.106 13 67 0 0.03 0.07 0.10 d data - node1
[root@localhost opensearch]#