Hi All,
So i'm trying to build a cluster for the first time, I've always been working in standalone mode, but i now need to step up into a cluster. So I have 3 instances setup and all are going to be master eligible.
I believe I've got all of the configs right, certs all setup and working. Well it works for stand alone!
But the instructions just say to add the discovery.seed_hosts parameter and it will just discover and auto join the cluster. But my primary node 01 is still saying there is only 1 node joined.
Ok, i've done the delete. following the advice.
One thing i just want to check as i can't find the info.
When setting up the cluster, how are user's and passwords managed?
Do they get sync'ed at one point?
ok, so my first node is responding,
my 2nd and 3rd nodes aren't responding to the same user creds.
And when i try to reset the password for the elastic user it gives me a 503 error.
From googling it suggests its because i am in multi-node mode.
But i want to be in this mode to get it into a cluster.
Or does it need to be in single node mode to get setup sorted?
Sorry, I'm not really understanding the problems you're now facing from the short description you've given, nor am I the best person to help troubleshoot problems to do with authentication. If the nodes are all in the same cluster (i.e. reporting the same cluster UUID in their logs shortly after startup) then you are having a different issue for which it's worth opening a separate topic and describing what you're seeing more precisely.
Hi,
So i think i have found the issue.....
Firstly i was looking here for the logs
/var/log/elastricsearch/Elasticsearch.log.
I've now found
/var/log/Elasticsearch/.log Which explains a lot more!
Inside there are these - "edited"
client did not trust this server's certificate, closing connection
general node connection failure: handshake failed because connection reset
the client provided a certificate with subject name [C=GB,CN=], Netscape cert type does not permit use for SSL client
I have the following set up and the key and cert work for the web service and the ca is forming the chain on the browser there is just something i am missing here!
Juat trying xpack.security.transport.ssl.verification_mode: none now to see if its purely this.
One thing i did do when setting up the cert was i set the CN to a cluster name and then relied on the subject alternate name for the servers and services so i just have one cert.
But the logs seem to just be looking at the CN, is this correct?
Can i make it look at the SAN? Or do i just need 3 independent certs?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.