I'm installing Elasticsearch 8.0 on a new 3-node cluster on Amazon Linux 2. I have Elasticsearch running on the first node. I created a new enrollment key on this node. When I try to enroll the 2nd node I get the following error:
# /usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token redacted_token
This node will be reconfigured to join an existing cluster, using the enrollment token that you provided.
This operation will overwrite the existing configuration. Specifically:
- Security auto configuration will be removed from elasticsearch.yml
- The [certs] config directory will be removed
- Security auto configuration related secure settings will be removed from the elasticsearch.keystore
Do you want to continue with the reconfiguration process [y/N]y
ERROR: Skipping security auto configuration because this node is configured to bootstrap or to join a multi-node cluster, which is not supported.
The Elasticsearch.yml on node 1 is:
cluster.name: esprod
node.name: esdata1.example.com
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 0.0.0.0
discovery.seed_hosts: ["esdata1.example.com", "esdata2.example.com", "esdata3.example.com"]
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["esdata1.example.com","esdata2.example.com","esdata3.example.com"]
http.host: [_local_, _site_]
The Elasticsearch.yml on node2 prior to running the enrollment command was:
cluster.name: esprod
node.name: esdata2.example.com
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 0.0.0.0
discovery.seed_hosts: ["esdata1.example.com", "esdata2.example.com", "esdata3.example.com"]
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["esdata1.example.com","esdata2.example.com","esdata3.example.com"]
http.host: [_local_, _site_]
After the failed attempt to enroll the node, the security configuration block at the end of Elasticsearch.yml has been removed.
Elasticsearch was never started before attempting the enrollment and /var/lib/Elasticsearch remains empty.
Any help would greatly appreciated.