Elasticsearch 7.11 with 3 nodes

Hey everyone o/

I'm trying to setup a cluster with 3 nodes using the elasticsearch.yml file:

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: elkstacktest
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: elasticsearch-node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: ["10.199.20.13", "localhost"]
#
# Set a custom port for HTTP:
#
http.port: 9220
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts:
   - 10.199.20.13
   - 10.199.20.14
   - 10.199.20.15
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes:
   - elasticsearch-node-1
   - elasticsearch-node-2
#node.master: true
#node.data: true
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#
xpack.ml.enabled: false

The 3 nodes have the same config file, just changed node.name and network.host for their specific settings. All I got when start elasticsearch is:

{
  "error" : {
    "root_cause" : [
      {
        "type" : "master_not_discovered_exception",
        "reason" : null
      }
    ],
    "type" : "master_not_discovered_exception",
    "reason" : null
  },
  "status" : 503
}

I also tried to config TLS and HTTPS following this tutorial but with no success
For now I just want to put the 3 nodes on same cluster and after that I'll try to config TLS and HTTPS. I have two question about this: Can I setup TLS and HTTPS on ELK stack 7.11 following the tutorial metioned above? and If I can't enable TLS and HTTPS, how can I make my production cluster more secure (I'm using free license for now)?

I'm new on ELK stack, I'm reading and testing a lot, and I runned with success a single node cluster using Logstash for parsing my firewall and Exchange logs + file, heart, audit, metric and winlogbeat and that's amazing =]
But now I have to go for production so I want to do a 3 node cluster with secure settings...

Hi @b0r1s welcome to the community and glad you are liking the The Elastic Stack, good job on the Single node and then moving to the multi-node.

Since you are just learning, If I were you I would either learn how to enable the security Auth/Auth + TLS) with a single node + Kibana first OR scale to 3 nodes get everything working and then Secure but trying to do both at same time, the first time might be challenging.... just an opinion.

So this is a great section on bootstrapping a cluster I would read it carefully.

So...

so that should probably look like the following on each node.

cluster.initial_master_nodes:
   - elasticsearch-node-1
   - elasticsearch-node-2
   - elasticsearch-node-3

That may not fix it all but should help, plus our logs are pretty verbose you should start looking at them at startup they will have good information in them.

Thanks for your quick response @stephenb =]
I am looking at the logs and I think the cause of my problem with the 3 nodes is the firewall settings on the nodes... I'll do things in parts, first making the cluster work with the 3 nodes and then I'll focus on security Auth + TLS
It is the reverse order of what you told me, but I believe it will be better to configure security after running the cluster with the 3 nodes... I will update here if it works or not.
I wish you all the best, brother!

Actually 3 nodes then Auth + TLS is a great order! (actually the way I did it the first time)
Good Luck!

Nice!
I put the 3 nodes to work after changing the firewall settings =]
Now i'll focus on Auth + TLS. Thank you very much @stephenb !!

Go slow / careful on the Auth / TLS... start from here

Get the cluster secured then move onto kibana

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.