Avoid/Remove inter-node communication in elasticsearch

MKU · March 19, 2019, 4:31am

Hi,
I am looking for a way to avoid inter-node communication (that happens through port 9300),
Is there a way to block this.

Thanks

warkolm · March 19, 2019, 4:32am

What's your aim for doing that?

MKU · March 19, 2019, 4:35am

As of now i need only one node for testing and development purposes, and taking security into consideration i want to block inter-node communication(also i have completely removed x-pack as well).

warkolm · March 19, 2019, 4:37am

If you don't have other nodes listed in the unicast list, then the existing node will not try to contact any others.

warkolm · March 19, 2019, 4:40am

You will need a firewall on the host then.

MKU · March 19, 2019, 4:46am

Thank you for your reply,is it the only way

warkolm · March 19, 2019, 4:47am

The only other option would be to listen on localhost.

MKU · March 19, 2019, 6:03am

I blocked the port in firewall but still its listening on port 9300.

dadoonet · March 19, 2019, 7:07am

i have completely removed x-pack as well

Why not downloading the OSS version then?

MKU · March 19, 2019, 7:23am

no i am debugging elasticsearch in eclipse.

warkolm · March 19, 2019, 8:01am

You can't stop it listening on 9300. You can only block external access to it.

MKU · March 20, 2019, 10:01am

I tried to stop binding of socketaddress .
and it threw me this error,
BindTransportException[Failed to bind to [9300]]; nested: NullPointerException;
Is there any reason why i can't stop listening through transport layer.

dadoonet · March 20, 2019, 10:20am

This is not supported I think.
What did you do? Did you modify elasticsearch code?

MKU · March 20, 2019, 10:33am

Yes i did modify netty code for transport.
Actually i dont want inter-node communication to happen,I have been trying many things but nothing seems to be working.

MKU · March 20, 2019, 10:43am

Can't we run elasticsearch without communication through 9300, that is just through rest.

dadoonet · March 20, 2019, 10:51am

Yes i did modify netty code for transport.

Then you introduced most likely the NullPointerException.

Can't we run elasticsearch without communication through 9300, that is just through rest.

No you can't. The only settings you can work with are: Transport | Elasticsearch Guide [8.11] | Elastic

Actually i dont want inter-node communication to happen,I have been trying many things but nothing seems to be working.

I got that. That's IMO a waste of your time. Just block 9300 on a firewall level and you'll be sure that no one would be able to access your machine.

But as already said you can easily do:

network.host: your_ip
transport.host: localhost

Then you can test from another machine if you can reach 9300 using telnet. I'm sure you won't be able.

system · April 17, 2019, 10:51am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.