Need advice:
is there a way how to enable security on multi-node production cluster without downtime?
in tutorial
https://www.elastic.co/guide/en/elasticsearch/reference/current/security-getting-started.html
it is described that all nodes needs to be restarted.
Can I restart the one with security (anonymous enabled so other nodes can join) and later remove anonymous access?
thank you
Nodes without security can not talk to nodes that require communication to be encrypted which is why all nodes need to be restarted and downtime required.
@Christian_Dahlqvist thank you.
The cluster is behind the firewall in private network I do not plan to enable ssl, just the security.
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: false
What is the correct strategy?
Stop all nodes & kibana.
Modify elasticsearch.yml on all nodes. (enable security)
Start nodes.
THX
Security requires TLS to be enabled. See the docs for further details.
@Christian_Dahlqvist thank you
I plan to execute this as ansible script to minimise the downtime.
What is the correct process.
stop all nodes
generate password on one master node and start all nodes with that password or do I have to repeat elasticsearch-setup-passwords on each node?
./bin/elasticsearch-setup-passwords auto
is there a doc where setup of security on cluster is described?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.