I am getting this issue :
stacktrace": ["org.elasticsearch.transport.ConnectTransportException: [my-server01][172.17.0.2:9300] handshake failed. unexpected remote node {my-server02}{C5Yp3aubR9ySTOAYm7txiA}{ZvtLxxD3SU6vRrqZM27dQg}{172.17.0.2}{172.17.0.2:9300}{cdfhlmrstw}{ml.machine_memory=8148025344, ml.max_open_jobs=512, xpack.installed=true, ml.max_jvm_size=536870912, transform.node=true}",
I don't know this ip 172.17.0.2 coming from i guess from the docker.
elasticsearch.yml
<
cluster.name: elk-server
node.name: "my-server01"
node.master: true
node.data: true
node.ingest: true
network.host: 0.0.0.0
discovery.seed_hosts: ["my-server02", "my-server03"]
cluster.initial_master_nodes: ["my-server01", "my-server02", "my-server03"]
#bootstrap.memory_lock: true
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/ssl/vie01-elk-server01.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/ssl/vie01-elk-server01.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/ssl/vie01-elk-server01.p12
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/ssl/vie01-elk-server01.p12
xpack.security.http.ssl.verification_mode: certificate
/>`
docker command used:
<docker run -d --name $HOSTNAME -p 9200:9200 -p 9300:9300 -e ELASTIC_PASSWORD=admin#432 -e ES_JAVA_OPTS="-Xms512m -Xmx512m" -v /etc/hosts:/etc/hosts -v /home/mgms-admin/.elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v /home/mgms-admin/.elasticsearch/data:/usr/share/elasticsearch/data -v /home/mgms-admin/.elasticsearch/certs:/usr/share/elasticsearch/config/ssl docker.elastic.co/elasticsearch/elasticsearch:7.14.0 />
In the instances.yml
instances:
- name: "my-server01"
ip:- "x.x.x.x"
dns: - "my-server01.rc.elk"
- "x.x.x.x"
- name: "my-server02"
ip:- "x.x.x.x"
dns: - "my-server02.rc.elk"
- "x.x.x.x"
- name: "my-server03"
ip:- "x.x.x.x"
dns: - "my-server03.rc.elk"
- "x.x.x.x"
This command to create cert:
bin/elasticsearch-certutil cert --silent --in instances.yml --out test1.zip --keep-ca-key
Unzip test1.zip
ca - ca.p12
my-server01 my-server01.p12
my-server02 my-server02.p12
my-server03 my-server03.p12
in the browser if i hit https://ip:9200 but not secure, unable to import ca.p12 in the browser asking about password but while issue didn't given passowrd.