Building a cluster for the first time

Hi All,
So i'm trying to build a cluster for the first time, I've always been working in standalone mode, but i now need to step up into a cluster. So I have 3 instances setup and all are going to be master eligible.
I believe I've got all of the configs right, certs all setup and working. Well it works for stand alone!

But the instructions just say to add the discovery.seed_hosts parameter and it will just discover and auto join the cluster. But my primary node 01 is still saying there is only 1 node joined.

`discovery.seed_hosts: ["Server-es-01.build.lab", "Server-es-02.build.lab", Server-es-03.build.lab]`

Even more annoyingly i can't find anything obvious in the syslog log or the Elasticsearch log telling me i've got something wrong or missing.

Can anyone point me in the right direction please on how to fault find this?

Thanks

Pete

Typically this is because the first time you started each node you had not set discovery.seed_hosts. See these docs for more info and a remedy.

Annoyingly i'm pretty sure i had!
I set it on node 1, and copied the config to the other two servers.
So i need to revert this and try starting again?

First confirm that they all have different cluster UUIDs with GET /, but if so yes wipe the data paths and start them all up again.

Ok, i've done the delete. following the advice.
One thing i just want to check as i can't find the info.
When setting up the cluster, how are user's and passwords managed?
Do they get sync'ed at one point?

ok, so my first node is responding,
my 2nd and 3rd nodes aren't responding to the same user creds.
And when i try to reset the password for the elastic user it gives me a 503 error.

From googling it suggests its because i am in multi-node mode.
But i want to be in this mode to get it into a cluster.
Or does it need to be in single node mode to get setup sorted?

Thanks

Any more advice please?

Sorry, I'm not really understanding the problems you're now facing from the short description you've given, nor am I the best person to help troubleshoot problems to do with authentication. If the nodes are all in the same cluster (i.e. reporting the same cluster UUID in their logs shortly after startup) then you are having a different issue for which it's worth opening a separate topic and describing what you're seeing more precisely.

Hi,
So i think i have found the issue.....
Firstly i was looking here for the logs
/var/log/elastricsearch/Elasticsearch.log.
I've now found
/var/log/Elasticsearch/.log Which explains a lot more!

Inside there are these - "edited"

client did not trust this server's certificate, closing connection

general node connection failure: handshake failed because connection reset

the client provided a certificate with subject name [C=GB,CN=], Netscape cert type does not permit use for SSL client

So my tls isn't getting the handshake right.

xpack.security.transport.ssl.key: key.key
xpack.security.transport.ssl.certificate: cert.crt
xpack.security.transport.ssl.certificate_authorities: ca.crt
xpack.security.transport.ssl.verification_mode: certificate / full / none

I have the following set up and the key and cert work for the web service and the ca is forming the chain on the browser there is just something i am missing here!

Juat trying xpack.security.transport.ssl.verification_mode: none now to see if its purely this.

One thing i did do when setting up the cert was i set the CN to a cluster name and then relied on the subject alternate name for the servers and services so i just have one cert.
But the logs seem to just be looking at the CN, is this correct?
Can i make it look at the SAN? Or do i just need 3 independent certs?

Thanks all

yes none worked! Its a Cert issue!!!!
Any suggestions happily taken! - i'm using my own internal CA

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.