Hello,
I have an Elasticsearch cluster with 2 nodes, on which I enabled xpack security a while ago (TLS on both transport and HTTP + local authentication).
I want to add a new node to the cluster, I configured the node with the transport and HTTP settings, I added the node in the discovery list on all the nodes.
The node starts correctly but I cannot authenticate on it:
curl https://SOC-V-DEV-ESNODE03:9200/_xpack/security/_authenticate?pretty -u elastic -k
Enter host password for user 'elastic':
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "failed to authenticate user [elastic]",
"header" : {
"WWW-Authenticate" : [
"Bearer realm=\"security\"",
"ApiKey",
"Basic realm=\"security\" charset=\"UTF-8\""
]
}
}
],
"type" : "security_exception",
"reason" : "failed to authenticate user [elastic]",
"header" : {
"WWW-Authenticate" : [
"Bearer realm=\"security\"",
"ApiKey",
"Basic realm=\"security\" charset=\"UTF-8\""
]
}
},
"status" : 401
}
While running the same query on another node works fine :
curl https://SOC-V-DEV-ESNODE01:9201/_xpack/security/_authenticate?pretty -u elastic -k
Enter host password for user 'elastic':
{
"username" : "elastic",
"roles" : [
"superuser"
],
"full_name" : null,
"email" : null,
"metadata" : {
"_reserved" : true
},
"enabled" : true,
"authentication_realm" : {
"name" : "reserved",
"type" : "reserved"
},
"lookup_realm" : {
"name" : "reserved",
"type" : "reserved"
}
}
Before you ask, the password I type both time is correct
Do I have to run the bin/elasticsearch-setup-passwords
interactive command on the new node ? The documentation is unclear on this, from my understanding we only have to run it once per cluster.
Antoine