I’m trying to setup OS cluster on different hosts with SSL certificates in Docker container. When I start docker-compose where all 3 nodes on the same host(the same host, docker network) are, it works. When I split nodes to different hosts it stops working.
Nodes can’t connect to each other, I don’t know why.
Errors looks like:
[2022-10-12T06:21:10,808][ERROR][o.o.s.s.t.SecuritySSLNettyTransport] [os02] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
[2022-10-12T06:21:09,880][WARN ][o.o.d.HandshakingTransportAddressConnector] [os02] [connectToRemoteMasterNode[10.27.0.49:9300]] completed handshake with [{os03}{-F4G7vd_Qc69dyKOWh3KBQ}{3hU4ZOMFQlukjyfOPET7XQ}{172.20.0.2}{172.20.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}] but followup connection failed
[2022-10-12T06:21:09,811][WARN ][o.o.t.TcpTransport ] [os02] exception caught on transport layer [Netty4TcpChannel{localAddress=/172.22.0.2:9300, remoteAddress=/10.27.0.31:51974}], closing connection
May be someone have a working configuration or an advice how to fix it?
The error message you provided suggests that there is an issue with SSL certificate validation during the SSL handshake. Specifically, the error message indicates that the certificate provided by one of the nodes is unknown or not trusted by the other node.
Since you mentioned that the setup works when all nodes are on the same host, it’s possible that the SSL certificates are not properly configured for nodes on different hosts. Here are some steps you can take to diagnose and potentially fix the issue:
Check if SSL certificates are properly configured for nodes on different hosts: Ensure that SSL certificates are configured properly on each node and that they are trusted by other nodes in the cluster. Make sure that the SSL certificates are valid and signed by a trusted Certificate Authority (CA).
Check if firewall rules are blocking the connection: Check if there are any firewall rules that are blocking the connection between nodes on different hosts. Make sure that the necessary ports are open and accessible between nodes.
Check if the Docker network is properly configured: Ensure that the Docker network is properly configured to allow communication between nodes on different hosts. Make sure that the network is reachable and that DNS resolution is working properly.
Check the network connectivity between the hosts: Ensure that the hosts can reach each other over the network. Check if there are any network issues that may be preventing communication between the hosts.
Check the Docker logs: Check the Docker logs for any errors or warnings that may indicate issues with the containers or their configuration. Look for any SSL-related errors or warnings that may indicate issues with the SSL certificates.
By following these steps, you should be able to identify and potentially fix the issue with SSL certificate validation and establish the connection between the nodes on different hosts.