I currently run a 3-node Elasticsearch cluster (v8.17.0) and need to migrate to a new set of VMs with larger partitions. My goal is to move nodes one by one (lift-and-shift) without downtime. Here’s the migration approach
I’m considering:
Install Elasticsearch 8.17.0 on a new VM (same version as the existing cluster).
Copy /etc/elasticsearch/* config files from the old node to the new one, but update node.name, network.host, and discovery.seed_hosts.
Do not copy the path.data directory — instead, let the cluster replicate data automatically to the new node.
Start the new node, verify it joins the cluster.
Exclude the old node from shard allocation using: Wait for the cluster to turn green and shards to relocate.
Shut down the old node.
Repeat the process for the remaining two nodes until all are migrated.
Questions:
1. Is this the recommended approach for migrating nodes to new hardware in Elasticsearch 8.17.0?
2. Do I absolutely need to keep versions identical (8.17.0 → 8.17.0), or can I migrate to 8.17.1 or a higher patch release while doing this?
3.Since the .security index is replicated, can I rely on it to preserve all users/roles/passwords during migration, or will it make recreate everything again ?
4. Are there any pitfalls when replacing nodes one by one in a 3-node cluster that I should watch out for?
Thanks a lot in advance — I want to be sure this plan is solid before starting the migration.