Cross cluster (TLS and Plain Text)

elk_follower · June 20, 2020, 8:22pm

Hi,

Currently we have a ELK 6.8.6 cluster running in Prod and we plan to bring up a new stack with 7.7.1 and TLS enabled along with Open ID Connect.

What option do we have to get data from both the cluster in single Kibana?

I already tried a test setup as below:

Cluster 1 - 6.8.6 non TLS (Just like prod)
Cluster 2 - 7.7.1 TLS enabled (New cluster which would come up)

Tried setting cross cluster configuration on Cluster 2 but getting its not able to get the cluster 1 information.

{"type": "server", "timestamp": "2020-06-20T20:11:13,963+0000", "level": "WARN", "component": "o.e.t.RemoteClusterService", "cluster.name": "es-docker-cluster", "node.name": "es01", "cluster.uuid": "paINbGbNQyui5wvx9BMyoA", "node.id": "VAXqmjzJTzqqBuwL2q_asg",  "message": "failed to update seed list for cluster: docker-cluster" ,
"stacktrace": ["org.elasticsearch.transport.ConnectTransportException: [][10.5.0.80:5612] general node connection failure",
"at org.elasticsearch.transport.TcpTransport$ChannelsConnectedListener.lambda$onResponse$2(TcpTransport.java:947) ~[elasticsearch-7.3.2.jar:7.3.2]",
"at org.elasticsearch.action.ActionListener$1.onFailure(ActionListener.java:70) ~[elasticsearch-7.3.2.jar:7.3.2]",
"at org.elasticsearch.transport.TransportHandshaker$HandshakeResponseHandler.handleLocalException(TransportHandshaker.java:155) ~[elasticsearch-7.3.2.jar:7.3.2]",
"at org.elasticsearch.transport.TransportHandshaker.lambda$sendHandshake$0(TransportHandshaker.java:67) ~[elasticsearch-7.3.2.jar:7.3.2]",
"at org.elasticsearch.action.ActionListener.lambda$wrap$0(ActionListener.java:131) ~[elasticsearch-7.3.2.jar:7.3.2]",
"at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:62) ~[elasticsearch-7.3.2.jar:7.3.2]",
"at org.elasticsearch.action.ActionListener.lambda$toBiConsumer$3(ActionListener.java:159) ~[elasticsearch-7.3.2.jar:7.3.2]",
"at org.elasticsearch.common.concurrent.CompletableContext.lambda$addListener$0(CompletableContext.java:39) ~[elasticsearch-core-7.3.2.jar:7.3.2]",
"at java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:859) ~[?:?]",
"at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:837) ~[?:?]",
"at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:506) ~[?:?]",
"at java.util.concurrent.CompletableFuture.complete(CompletableFuture.java:2144) ~[?:?]",
"at org.elasticsearch.common.concurrent.CompletableContext.complete(CompletableContext.java:61) ~[elasticsearch-core-7.3.2.jar:7.3.2]",
"at org.elasticsearch.transport.netty4.Netty4TcpChannel.lambda$addListener$0(Netty4TcpChannel.java:61) ~[?:?]",
"at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:502) ~[?:?]",
"at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:495) ~[?:?]",
"at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:474) ~[?:?]",
"at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:415) ~[?:?]",
"at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:540) ~[?:?]",
"at io.netty.util.concurrent.DefaultPromise.setSuccess0(DefaultPromise.java:529) ~[?:?]",
"at io.netty.util.concurrent.DefaultPromise.trySuccess(DefaultPromise.java:101) ~[?:?]",
"at io.netty.channel.DefaultChannelPromise.trySuccess(DefaultChannelPromise.java:84) ~[?:?]",
"at io.netty.channel.AbstractChannel$CloseFuture.setClosed(AbstractChannel.java:1183) ~[?:?]",
"at io.netty.channel.AbstractChannel$AbstractUnsafe.doClose0(AbstractChannel.java:769) ~[?:?]",
"at io.netty.channel.AbstractChannel$AbstractUnsafe.close(AbstractChannel.java:745) ~[?:?]",
"at io.netty.channel.AbstractChannel$AbstractUnsafe.close(AbstractChannel.java:616) ~[?:?]",
"at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.closeOnRead(AbstractNioByteChannel.java:105) ~[?:?]",
"at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:171) ~[?:?]",
"at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:682) ~[?:?]",
"at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:582) ~[?:?]",
"at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:536) ~[?:?]",
"at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496) ~[?:?]",
"at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:906) ~[?:?]",
"at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]",
"at java.lang.Thread.run(Thread.java:835) [?:?]",
"Caused by: org.elasticsearch.transport.TransportException: handshake failed because connection reset",
"... 32 more"] }

Seems like Cluster 2 is trying to communicate over TLS and Cluster 1 is non TLS. Is my analysis correct? So is it possible to do cross cluster search/replication with one cluster non TLS and other as TLS.

Thanks & Regards,

Christian_Dahlqvist · June 21, 2020, 7:35am

Both clusters Indeed need to use TLS and also have the same license level I believe.

elk_follower · June 25, 2020, 12:11am

@Christian_Dahlqvist Thanks for you reply. I got around it by using reindex api to copy indices from old cluster into new cluster. Only additional setting was to whitelist the old cluster.

May be this would useful for someone facing similar issue.

system · July 23, 2020, 12:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.