Elastic search 8.7.1 cluster is not forming, Here is yml: and command to create a token run on CENTOS7

Varinder · January 8, 2024, 8:51pm

path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
xpack.security.enabled: false
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: false
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
#cluster.initial_master_nodes:
#- IP-1
#- IP-2
#IP-3
#http.host: 0.0.0.0
#cluster.name: elasticsearch
node.name: NODE-1
network.host: localhost,IP
http.port: 9200
searchguard.enterprise_modules_enabled: false
thread_pool.write.queue_size: 1000
#node.master: true
#node.data: true
discovery.seed_hosts:
#discovery.zen.ping.unicast.hosts

IP1
IP2
IP3
http.max_content_length: 500mb
indices.query.bool.max_clause_count: 200000
thread_pool.search.size: 50
searchguard.ssl.transport.pemkey_filepath: key.pem
searchguard.ssl.transport.pemcert_filepath: cert.pem
searchguard.ssl.transport.pemtrustedcas_filepath: cacert.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.enabled_protocols:
TLSv1.2
searchguard.ssl.http.pemkey_filepath: key.pem
searchguard.ssl.http.pemcert_filepath: cert.pem
searchguard.ssl.http.pemtrustedcas_filepath: cacert.pem
searchguard.ssl.http.enabled: true
searchguard.ssl.http.enabled_protocols:
TLSv1.2
searchguard.authcz.admin_dn:
CN=Server,O=XXX
searchguard.nodes_dn:

##Command to create a token run on Centos-7
[root@localhost bin]# ./elasticsearch-create-enrollment-token -s node

ERROR: Failed to determine the health of the cluster.
[root@localhost bin]# pwd
/usr/share/elasticsearch/bin

[root@localhost ~]# curl -XGET -k -u admin:Admin1.# https://IP:9200/_cat/health
1704589901 21:05:01 elasticsearch green 1 0 10 10 0 1 1 0 - 100.0%

Health is totally fine.

leandrojmp · January 8, 2024, 9:03pm

The enrollment token only works when you enable security and use the automated configuration.

You disabled security with xpack.security.enabled: false and are using a third-party security plugin, so enrollment token will not work for obvious reasons, it is a Elastic feature that relies on Elastic security.

Since you are using a third party security plugin you need to check with Search Guard how to add new nodes.

Varinder · January 9, 2024, 4:50pm

Hi @leandrojmp ,
Thanks for your feed back. When I did `xpack.security.enabled: true. Then ES service fails.

Can you please elaborate more, how can I add new nodes to cluster.
Which file I have to change/edit and what to edit.
It will be great if you can share some detailed steps.
I have installed ES8.7.1 on three servers.

Thanks

leandrojmp · January 9, 2024, 5:00pm

You are using a third party security plugin.

For example, these settings are not Elasticsearch settings:

searchguard.ssl.transport.pemkey_filepath: key.pem
searchguard.ssl.transport.pemcert_filepath: cert.pem
searchguard.ssl.transport.pemtrustedcas_filepath: cacert.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.enabled_protocols:

They are related to the Search Guard plugin which is not made by Elastic and is not supported on this forum, not sure what instructions you followed, but you need to check in a Search Guard forum on how to add new nodes.

Is not sure where this come from or what instructions are you following, but they are not official instructions by Elastic.

The Elastic instructions when you do not use third-party plugins for security are here.

Varinder · January 10, 2024, 4:41am

Got it,
Thanks @leandrojmp for your your valuable answer.

How can I edit my post , I have tried but it did not work now.
If I can’t edit then how can I delete my post .

Thanks

Varinder · January 10, 2024, 4:45pm

Please delete this post. I dont know how can i contact this page officials.

dadoonet · January 10, 2024, 5:29pm

We can just keep the discussion here in case someone else is having a similar question.
Would that be ok for you?

Varinder · January 10, 2024, 5:48pm

I have no problem in that . Actually I want to edit one line then I am ok with this I post.
Can you please help me in editing this ?

dadoonet · January 10, 2024, 6:11pm

I think it needs another level to be able to edit a post. As you just joined, that might explain.

Could you tell me what needs to be changed?
You can send me a private message (by clicking on my name I think).

Varinder · January 10, 2024, 7:10pm

Thanks @dadoonet ,
Just sent you an email.

system · February 7, 2024, 7:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.