Elasticsearch 7.11 with 3 nodes

Elastic Stack Elasticsearch
1

Hey everyone o/

I'm trying to setup a cluster with 3 nodes using the elasticsearch.yml file:

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: elkstacktest
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: elasticsearch-node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: ["10.199.20.13", "localhost"]
#
# Set a custom port for HTTP:
#
http.port: 9220
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts:
   - 10.199.20.13
   - 10.199.20.14
   - 10.199.20.15
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes:
   - elasticsearch-node-1
   - elasticsearch-node-2
#node.master: true
#node.data: true
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#
xpack.ml.enabled: false

The 3 nodes have the same config file, just changed node.name and network.host for their specific settings. All I got when start elasticsearch is:

{
  "error" : {
    "root_cause" : [
      {
        "type" : "master_not_discovered_exception",
        "reason" : null
      }
    ],
    "type" : "master_not_discovered_exception",
    "reason" : null
  },
  "status" : 503
}
2

I also tried to config TLS and HTTPS following this tutorial but with no success :frowning:
For now I just want to put the 3 nodes on same cluster and after that I'll try to config TLS and HTTPS. I have two question about this: Can I setup TLS and HTTPS on ELK stack 7.11 following the tutorial metioned above? and If I can't enable TLS and HTTPS, how can I make my production cluster more secure (I'm using free license for now)?

I'm new on ELK stack, I'm reading and testing a lot, and I runned with success a single node cluster using Logstash for parsing my firewall and Exchange logs + file, heart, audit, metric and winlogbeat and that's amazing =]
But now I have to go for production so I want to do a 3 node cluster with secure settings...

3

Hi @b0r1s welcome to the community and glad you are liking the The Elastic Stack, good job on the Single node and then moving to the multi-node.

Since you are just learning, If I were you I would either learn how to enable the security Auth/Auth + TLS) with a single node + Kibana first OR scale to 3 nodes get everything working and then Secure but trying to do both at same time, the first time might be challenging.... just an opinion.

So this is a great section on bootstrapping a cluster I would read it carefully.

So...

so that should probably look like the following on each node.

cluster.initial_master_nodes:
   - elasticsearch-node-1
   - elasticsearch-node-2
   - elasticsearch-node-3

That may not fix it all but should help, plus our logs are pretty verbose you should start looking at them at startup they will have good information in them.

4

Thanks for your quick response @stephenb =]
I am looking at the logs and I think the cause of my problem with the 3 nodes is the firewall settings on the nodes... I'll do things in parts, first making the cluster work with the 3 nodes and then I'll focus on security Auth + TLS :wink:
It is the reverse order of what you told me, but I believe it will be better to configure security after running the cluster with the 3 nodes... I will update here if it works or not.
I wish you all the best, brother!

5

Actually 3 nodes then Auth + TLS is a great order! (actually the way I did it the first time)
Good Luck!

6

Nice!
I put the 3 nodes to work after changing the firewall settings =]
Now i'll focus on Auth + TLS. Thank you very much @stephenb !!

7

Go slow / careful on the Auth / TLS... start from here

Get the cluster secured then move onto kibana