Elasticsearch Cross Cluster Search Implementation

tusharnemade · December 31, 2020, 7:13am

Hi Tim

I have executed keytool command in following ways to have both nodes of different cluster each , have their CA certificates trusted.

On Local Cluster node

[esearch@elk-localnode-1 ~]$ keytool -importkeystore -srckeystore /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates-elk-remotenode-1.p12 -srcstorepass "elastic" -destkeystore /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates.p12  -deststorepass "elastic"

Importing keystore /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates-elk-remotenode-1.p12 to /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates.p12...
Existing entry alias instance exists, overwrite? [no]:  no
Enter new alias name    (RETURN to cancel import for this entry):  elk-remotenode-1-remote
Entry for alias instance successfully imported.
Existing entry alias ca exists, overwrite? [no]:  no
Enter new alias name    (RETURN to cancel import for this entry):  elk-remotenode-1-ca
Entry for alias ca successfully imported.
Import command completed:  2 entries successfully imported, 0 entries failed or cancelled
[esearch@elk-localnode-1 ~]$

On Remote Cluster Node

[esearch@elk-remotenode-1 ~]$ keytool -importkeystore -srckeystore /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates-elk-localnode-1.p12 -srcstorepass "elastic" -destkeystore /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates.p12  -deststorepass "elastic"

Importing keystore /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates-elk-localnode-1.p12 to /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates.p12...
Existing entry alias instance exists, overwrite? [no]:  no
Enter new alias name    (RETURN to cancel import for this entry):  elk-localnode-instance
Entry for alias instance successfully imported.
Existing entry alias ca exists, overwrite? [no]:  no
Enter new alias name    (RETURN to cancel import for this entry):  elk-localnode-ca
Entry for alias ca successfully imported.
Import command completed:  2 entries successfully imported, 0 entries failed or cancelled

It did worked successfully as expected.

I will accept it as a solution in this forum.

Could you please help me in one more thing ...

I am generating Nodes Certificates using

elasticsearch-certutil ca

How to pass Alias names for Instance and CA while creating certificates.

Thanks
Tushar Nemade