Avoid/Remove inter-node communication in elasticsearch


(Mohan Kumar U) #1

Hi,
I am looking for a way to avoid inter-node communication (that happens through port 9300),
Is there a way to block this.

Thanks


(Mark Walkom) #2

What's your aim for doing that?


(Mohan Kumar U) #3

As of now i need only one node for testing and development purposes, and taking security into consideration i want to block inter-node communication(also i have completely removed x-pack as well).


(Mark Walkom) #4

If you don't have other nodes listed in the unicast list, then the existing node will not try to contact any others.


(Mark Walkom) #6

You will need a firewall on the host then.


(Mohan Kumar U) #7

Thank you for your reply,is it the only way


(Mark Walkom) #8

The only other option would be to listen on localhost.


(Mohan Kumar U) #9

I blocked the port in firewall but still its listening on port 9300.


(David Pilato) #10

i have completely removed x-pack as well

Why not downloading the OSS version then?


(Mohan Kumar U) #11

no i am debugging elasticsearch in eclipse.


(Mark Walkom) #12

You can't stop it listening on 9300. You can only block external access to it.


(Mohan Kumar U) #13

I tried to stop binding of socketaddress .
and it threw me this error,
BindTransportException[Failed to bind to [9300]]; nested: NullPointerException;
Is there any reason why i can't stop listening through transport layer.


(David Pilato) #14

This is not supported I think.
What did you do? Did you modify elasticsearch code?


(Mohan Kumar U) #15

Yes i did modify netty code for transport.
Actually i dont want inter-node communication to happen,I have been trying many things but nothing seems to be working.


(Mohan Kumar U) #16

Can't we run elasticsearch without communication through 9300, that is just through rest.


(David Pilato) #17

Yes i did modify netty code for transport.

Then you introduced most likely the NullPointerException.

Can't we run elasticsearch without communication through 9300, that is just through rest.

No you can't. The only settings you can work with are: https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html

Actually i dont want inter-node communication to happen,I have been trying many things but nothing seems to be working.

I got that. That's IMO a waste of your time. Just block 9300 on a firewall level and you'll be sure that no one would be able to access your machine.

But as already said you can easily do:

network.host: your_ip
transport.host: localhost

Then you can test from another machine if you can reach 9300 using telnet. I'm sure you won't be able.


(system) closed #18

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.