Enabling security on production cluster without downtime

Need advice:
is there a way how to enable security on multi-node production cluster without downtime?

in tutorial
it is described that all nodes needs to be restarted.

Can I restart the one with security (anonymous enabled so other nodes can join) and later remove anonymous access?

thank you

Nodes without security can not talk to nodes that require communication to be encrypted which is why all nodes need to be restarted and downtime required.

1 Like

@Christian_Dahlqvist thank you.
The cluster is behind the firewall in private network I do not plan to enable ssl, just the security.

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: false

What is the correct strategy?
Stop all nodes & kibana.
Modify elasticsearch.yml on all nodes. (enable security)
Start nodes.


Security requires TLS to be enabled. See the docs for further details.

1 Like

@Christian_Dahlqvist thank you

I plan to execute this as ansible script to minimise the downtime.

What is the correct process.
stop all nodes
generate password on one master node and start all nodes with that password or do I have to repeat elasticsearch-setup-passwords on each node?

./bin/elasticsearch-setup-passwords auto

is there a doc where setup of security on cluster is described?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.