Elasticsearch 8.0 RPM Install error when adding new node

soarendev · February 23, 2022, 3:57am

I'm installing Elasticsearch 8.0 on a new 3-node cluster on Amazon Linux 2. I have Elasticsearch running on the first node. I created a new enrollment key on this node. When I try to enroll the 2nd node I get the following error:

# /usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token redacted_token

This node will be reconfigured to join an existing cluster, using the enrollment token that you provided.
This operation will overwrite the existing configuration. Specifically: 
  - Security auto configuration will be removed from elasticsearch.yml
  - The [certs] config directory will be removed
  - Security auto configuration related secure settings will be removed from the elasticsearch.keystore
Do you want to continue with the reconfiguration process [y/N]y

ERROR: Skipping security auto configuration because this node is configured to bootstrap or to join a multi-node cluster, which is not supported.

The Elasticsearch.yml on node 1 is:

cluster.name: esprod
node.name: esdata1.example.com
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 0.0.0.0
discovery.seed_hosts: ["esdata1.example.com", "esdata2.example.com", "esdata3.example.com"]


xpack.security.enabled: true

xpack.security.enrollment.enabled: true

xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["esdata1.example.com","esdata2.example.com","esdata3.example.com"]

http.host: [_local_, _site_]

The Elasticsearch.yml on node2 prior to running the enrollment command was:

cluster.name: esprod
node.name: esdata2.example.com
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 0.0.0.0
discovery.seed_hosts: ["esdata1.example.com", "esdata2.example.com", "esdata3.example.com"]


xpack.security.enabled: true

xpack.security.enrollment.enabled: true

xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["esdata1.example.com","esdata2.example.com","esdata3.example.com"]

http.host: [_local_, _site_]

After the failed attempt to enroll the node, the security configuration block at the end of Elasticsearch.yml has been removed.

Elasticsearch was never started before attempting the enrollment and /var/lib/Elasticsearch remains empty.

Any help would greatly appreciated.

ikakavas · February 23, 2022, 6:13am

If you had run this on node 2 immediately after installation, there wouldn’t be this line in the file. This is either added by running the reconfigure node tool or you added it yourself.

Can you please try this again on node two after you purge and reinstall the package ?

soarendev · February 23, 2022, 6:22am

I edited the file and added it. I'm accustomed to the old install methods prior to 8.0 and thought that would be required.

Do I not modify the Elasticsearch.yml file at all before trying the enrollment? Sorry, the documentation for this new security on by default model isn't really clear.

ikakavas · February 23, 2022, 8:25am

Thank you for the feedback! We’ll do our best to make this more clear in the docs , have you read Install Elasticsearch with RPM | Elasticsearch Guide [master] | Elastic and specifically the Install Elasticsearch with RPM | Elasticsearch Guide [master] | Elastic section ?

Yes, the idea is that if you follow the enrollment process , you don’t even have to touch configuration files !
However, you can still configure everything in the same way you are used to in previous versions. The enrollment flow is an additional easy way to get started, it doesn’t take away anything from what you can already use

soarendev · February 24, 2022, 1:46am

Thank you for your help. I have all nodes of the cluster online now.

system · March 24, 2022, 1:46am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Skipping security auto configuration Elasticsearch elastic-stack-security	2	5561	October 25, 2022
ERROR: Skipping security auto configuration because it appears that the node is not starting up for the first time. The node might already be part of a cluster and this auto setup utility is designed to configure Security for new clusters only., with exit Elasticsearch	1	727	November 1, 2023
ERROR: Skipping security auto configuration because it appears that the node is not starting up for the first time. The node might already be part of a cluster and this auto setup utility is designed to configure Security for new clusters only Elasticsearch	4	136	July 15, 2024
3-Node cluster setup Elasticsearch elastic-stack-security	5	1120	February 2, 2023
This node doesn't appear to be auto-configured for security. Expected configuration is missing from elasticsearch.yml Elasticsearch elastic-stack-security	3	2696	September 7, 2023

Elasticsearch 8.0 RPM Install error when adding new node

Related topics