Can't add a new node to an es cluster with x-pack:enabled

I need to transfer the elasticsearch cluster from two servers to another two servers, without downtime or restart.
How can this be done?
I've tried to add a new node to an existing cluster with x-pack, but it doesn't work.
elasticsearch.yml from an existing cluster:

cluster.name: test1
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping.unicast.hosts:
- 192.168.0.200
- 192.168.0.228
network.host: 192.168.0.228
network.publish_host: 192.168.0.228
node.name: node1
transport.tcp.port: 11300
xpack.security.enabled: true
xpack.security.http.ssl.enabled: false
xpack.security.transport.ssl.enabled: false
xpack.monitoring.enabled: false

I try to up a new node:

elasticsearch.yml new node:

cluster.name: test1
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping.unicast.hosts:
- 192.168.0.200
- 192.168.0.228
- 192.168.0.201
network.host: 192.168.0.201
network.publish_host: 192.168.0.201
node.name: node3
transport.tcp.port: 11300
xpack.security.enabled: true
xpack.security.http.ssl.enabled: false
xpack.security.transport.ssl.enabled: false
xpack.monitoring.enabled: false

And it's an error:

[INFO ][o.e.d.z.ZenDiscovery ] [host_es3] failed to send join request to master [{hosts_es1}{DQ1ykmejSdGT82uguq5-Eg}{SMAVCMVeST6uehYnhgdmUQ}{192.168.0.228}{192.168.0.228:11300}{ml.machine_memory=17179869184, ml.max_open_jobs=20, xpack.installed=true, ml.enabled=true}], reason [RemoteTransportException[[hosts_es1][172.17.0.8:11300][internal:discovery/zen/join]]; nested: IllegalStateException[Transport TLS ([xpack.security.transport.ssl.enabled]) is required for license type [basic] when security is enabled]; ]

P.S.
xpack.security.http.ssl.enabled/xpack.security.transport.ssl.enabled - false, because we don't use them :slight_smile:

What versions are all your nodes? I think you're using different versions for the new nodes, and this problem would go away if you used the same version everywhere.

Version 6.8.8 everywhere

Ok, in which case you're not allowed to set xpack.security.transport.ssl.enabled: false. Transport TLS is required when xpack.security.enabled: true.

I think this works by accident for your original two nodes, but it'd stop working if you restarted one of them and not the other.

Ok, got it.
Thanks a lot!
After enabling xpack.security.transport.ssl.enabled and add SSL certificates - it's works. :slightly_smiling_face:

1 Like