Cluster with separate roles docker/ansible

Hello,

I'm trying to set up an elasticsearch cluster with 3 nodes, one master, the other two data. I'm doing this all through ansible and in order to also set up the ssl connection between the nodes, I'm making use of a temporary container.
These are the environmental variables that I'm using for this helper container:

    env:
      node.name: "{{ inventory_hostname }}"
      node.ml: "false"
      node.data: "false"
      cluster.name: "es-docker-cluster"
      cluster.initial_master_nodes: "{{ inventory_hostname }}"
      xpack.security.enabled: 'true'
      xpack.security.transport.ssl.enabled: 'true'
      ES_JAVA_OPTS: "-Xms1g -Xmx1g"

The problem with this is that when node.data set to false it simply won't work. The helper container doesn't seem to be able to form an independent entity, and when I reach the task where I generate the user passwords, I get:

{"type": "server", "timestamp": "2020-11-10T21:34:22,539Z", "level": "WARN", "component": "r.suppressed", "cluster.name": "es-docker-cluster", "node.name": "elk-test1", "message": "path: /_security/user/apm_system/_password, params: {pretty=, username=apm_system}", "cluster.uuid": "gEYqaOw3QH6uc5v4OV_MHg", "node.id": "hzjvMVv3RWu0h4g85tloRw" ,
"stacktrace": ["org.elasticsearch.action.UnavailableShardsException: [.security-7][0] [1] shardIt, [0] active : Timeout waiting for [1m], request: indices:data/write/update",
"at org.elasticsearch.action.support.single.instance.TransportInstanceSingleOperationAction$AsyncSingleAction.retry(TransportInstanceSingleOperationAction.java:224) [elasticsearch-7.7.1.jar:7.7.1]",
"at org.elasticsearch.action.support.single.instance.TransportInstanceSingleOperationAction$AsyncSingleAction.doStart(TransportInstanceSingleOperationAction.java:176) [elasticsearch-7.7.1.jar:7.7.1]",
"at org.elasticsearch.action.support.single.instance.TransportInstanceSingleOperationAction$AsyncSingleAction$2.onTimeout(TransportInstanceSingleOperationAction.java:245) [elasticsearch-7.7.1.jar:7.7.1]",
"at org.elasticsearch.cluster.ClusterStateObserver$ContextPreservingListener.onTimeout(ClusterStateObserver.java:325) [elasticsearch-7.7.1.jar:7.7.1]",
"at org.elasticsearch.cluster.ClusterStateObserver$ObserverClusterStateListener.onTimeout(ClusterStateObserver.java:252) [elasticsearch-7.7.1.jar:7.7.1]",
"at org.elasticsearch.cluster.service.ClusterApplierService$NotifyTimeout.run(ClusterApplierService.java:598) [elasticsearch-7.7.1.jar:7.7.1]",
"at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:633) [elasticsearch-7.7.1.jar:7.7.1]",
"at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) [?:?]",
"at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) [?:?]",
"at java.lang.Thread.run(Thread.java:832) [?:?]"] } 

I'm guessing it doesn't find a data role where it can store the shards?

So the question is, how could I go about creating a cluster with separate roles using containers in one go, as it were? I don't really understand the logic. The answer doesn't need to be necessarily applied to ansible, even though I should mention that ansible runs tasks only one after another, not in parallel :slight_smile:

Maybe I should reword it:
What is the minimum requirement for elasticsearch in order for elasticsearch-setup-passwords to work, while also being able to configure the nodes through TLS certificates?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.