/etc/hosts/ is configured as follows:
and if you set
network.host: ["_enp1s0_", "_local_"]
network.bind_host: ["_enp1s0_", "_local_"]
you won't be able to create a cluster because node will advertise itself as
node01.com/127.0.0.1 and every other node with similar config of
elasticsearch.yml will try to connect to other nodes with a correct domain but on own localhost. If I change
127.0.0.1 node01 it will work flawlessly.
Is there any way to set the domain with an address of a network interface? Something like
Steps to Reproduce
- set your domain in
/etc/hosts to resolve to 127.0.0.1
elasticsearch.yml as presented in the problem description using only special values and a domain name
- restart cluster
Do you want this? If not, can you expand on why it doesn't work for you?
Thanks a lot for a quick response.
I have tried the config You propose. If I set
network.publish_host: ["_enp1s0_"] all nodes will try to connect each other using IP addresses instead of FQDN and as my certificate is wildcard I can not put IPs in it.
You can use wildcard certificates from a well-known CA for your HTTP traffic, but it's a bad idea for transport traffic. See these docs for more information:
For the transport layer, we recommend using a separate, dedicated CA instead of an existing, possibly shared CA so that node membership is tightly controlled. Use the
elasticsearch-certutil tool to generate a CA for your cluster.
Thanks a lot for this good practice tip. I will consider it.
However it is still a bit misleading for me that setting only a domain in the
network.publish_host will have a result depending on the content of
domain/localhost if domain points to localhost in
In general we expect these things to yield the same results so it doesn't matter, but if you set up your DNS to give different answers depending on who is asking then this sort of problem will arise. I'll try and clarify this in the docs.
Clarifying this in the docs would be great (and time saving for next time :D)! Thank you in advance
Do you think it could be possible to somehow take into account only DNS (without hosts file)?
The JVM is just using something from
gethostbyname() under the hood, so you can control its behaviour via
nsswitch.conf and friends (or whatever your system equivalent is). Or you could remove the bogus entry from
/etc/hosts - that's what I'd do at least.
TIL: there is something like
I ended up editing
/etc/hosts. Thanks a lot for all your help!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.