Hi Team ,
I have a Elasticsearch cluster of 25 nodes , which is lets say belongs subnet-a and all nodes i have configured/added to cluster using ./elasticsearch-create-enrollment-token -s node and then reconfigure command , which internally re-arrange the http and transport certificates.
now i have to add few more nodes from subnet-b (the connectivity is there for public IPs from subnet-b servers to subnet-a servers and vise versa)
my 1st try
installed ES -8.12.2 version (same as existing 25 node cluster) and configured
discovery.seed_hosts: ["a.b.c.d:9300", "x.y.z.w:9300", .......... ] # all 25 machine public IPs with 9300 port
cluster.initial_master_nodes: ["a.b.c.d"] # provided at the time master server public IP
which was not working and getting this following error
[2024-04-03T11:08:54,144][WARN ][o.e.c.c.ClusterFormationFailureHelper] [servers1] master not discovered yet, this node has not previously joined a bootstrapped cluster, and this node must discover master-eligible nodes ["a.b.c.d"] to bootstrap a cluster: have discovered [{servers1}{-ygZoPCGTo6iGlVlRXoKeA}{Qu1Q7lw8T0SplCfXNV4Qag}{servers1}{1.2.3.4}{1.2.3.4:9300}{cdfhilmrstw}{8.12.2}{7000099-8500010}]; discovery will continue using [ "a.b.c.d:9300", "x.y.z.w:9300" ] from hosts providers and [{servers1}{-ygZoPCGTo6iGlVlRXoKeA}{Qu1Q7lw8T0SplCfXNV4Qag}{servers1}{1.2.3.4}{1.2.3.4:9300}{cdfhilmrstw}{8.12.2}{7000099-8500010}] from last-known cluster state; node term 0, last-accepted version 0 in term 0; for troubleshooting guidance, see Troubleshooting discovery | Elasticsearch Guide [8.12] | Elastic
by seeing the error i though because of the transport and http certificates the new node is not able to communicate with existing cluster , hence
My 2nd try was
i copied transport.p12 and http certificate (which is generated by elasticsearch in 1st go) and pasted in new node /etc/elasticsearch/certs folder and restarted
this time i got the bellow error
[2024-04-03T12:13:04,321][ERROR][o.e.b.Elasticsearch ] [servers1] fatal exception while booting Elasticsearch
org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore [/etc/elasticsearch/certs/transport.p12] - this is usually caused by an incorrect password
.......................
Caused by: org.elasticsearch.common.ssl.SslConfigException: cannot read configured [PKCS12] keystore [/etc/elasticsearch/certs/transport.p12] - this is usually caused by an incorrect password
......................
Caused by: java.io.IOException: keystore password was incorrect
.......................
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
i would like to know if there is any way to view/use the password for the transport keystore and trust store cert , if not the case the best way to add the node could realy help me