ES6 Cluster , with mult-NIC(Each node has more than two ips) bindip to 0.0.0.0 successfully . But Same with ES8 does not work.
ES 8.15.2 Cluster throws and error in installation of two or more servers with (Each server is multi-NIC have more than 1 IP )
But same installation with ES6.8.23 with multi-NIC servers is successful when binding to 0.0.0.0.
Why is that ?
Am I doing something wrong .
Hello,
Please share all the related configurations, both for ES6 and for ES8, and share the logs you are getting as well.
ES6 configuration Successful
vi /etc/elasticsearch/elasticsearch.yml
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
cluster.name: elasticsearch
node.name: localhost.localdomain
network.host: 0.0.0.0
http.port: 9200
searchguard.enterprise_modules_enabled: false
thread_pool.write.queue_size: 1000
thread_pool.index.queue_size: 1000
http.max_content_length: 500mb
indices.query.bool.max_clause_count: 200000
thread_pool.search.size: 50
searchguard.ssl.transport.pemkey_filepath: key.pem
searchguard.ssl.transport.pemcert_filepath: cert.pem
searchguard.ssl.transport.pemtrustedcas_filepath: cacert.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.enabled_protocols:
ES8 configuration failed. below
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
xpack.security.enabled: false
xpack.security.enrollment.enabled: false
xpack.security.http.ssl:
enabled: false
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: false
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
cluster.initial_master_nodes:
searchguard.ssl.http.enabled_protocols:
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled:
When I use bindip to Ip of server instead of 0.0.0.0 then it passes.
Error I am getting on both data nodes
Successfully connected to cluster elasticsearch (localhost) as user cert XXXXXXXXXXXXXXXXXXX
Internal Server Error
Can I get any reason for failure or success according to ES6 and ES8 documentation.
You need to share the full log error you are receiving, not just the description of the error.
Share the full log error.
Also, you are using a third-party plugin that is not supported here, it is not possible to know if this may impact or not.
Same error is repeated over and over again even in logs.
Changing in elasticsearch.yml, From network.host: 0.0.0.0 to network.host: localhost,IP . Makes it work.
Question is multi-NIC servers as nodes work on ES6.8.23 cluster , same environment failed in installation in ES8.15.2 When binding to 0.0.0.0
That's unfortunate, but until you provide us with an exact copy of that full error message we won't be able to help you determine the fix.
Error I am getting on both data nodes
Successfully connected to cluster elasticsearch (localhost) as user cert XXXXXXXXXXXXXXXXXXX
Internal Server Error
Here XXXXXXXXXXXXXX are certs details.
This Errorprint onscreen on both nodes. I did not get any other ERROR. So i dont haveanything to POST.
You need to get the log from the log file and share it, without it is not possible to troubleshoot.
But from the short description you provide this seems to be related to certificates and authenticaton, which are not being done by Elasticsearch in your case, but by a third-party plugin.
Any issue in Elastisearch to bind to ip address/port would cause the service to not start, I doubt you would get an Internal Server Error in this case.
I think this is expected not to work in general. See these docs, particularly (emphasis mine):
To avoid confusion, it is simplest to use a value which resolves to a single address. It is usually a mistake to use
0.0.0.0as a publish address on hosts with more than one network interface.
If it worked for you in version 6 then that was not by design, but you may have been lucky and got away with it.
That's in addition to what folks have said above: you're using a third-party plugin that mucks around with networking stuff in ways that we do not support or even understand here, but which definitely could explain the fragments of errors you've shared so far. If you can reproduce the problem with the built-in security functionality, after fixing the 0.0.0.0 mistake, then it's more likely we can help.
Hi @DavidTurner,
Thanks for the feedback and your more clear answer. I really appreciate this, but what if customer want to provide ES service on all NICs.
In that case you probably only want http.bind_host: 0.0.0.0.
Thanks for the updated @DavidTurner ,
I have used below setting,
set_yaml "${elasticsearch_conf}" "[transport.bind_host]" "0.0.0.0" &&
set_yaml "${elasticsearch_conf}" "[transport.publish_host]" "${resolved_host}" &&
set_yaml "${elasticsearch_conf}" "[http.bind_host]" "0.0.0.0" &&
set_yaml "${elasticsearch_conf}" "[http.publish_host]" "${resolved_host}"
It worked for multi-NIC IPs, but failed for FQDNs
Binding the transport port to multiple interfaces is probably a mistake.
This implies that something is wrong with name resolution. You're still making it incredibly hard to help by just not sharing any actual logs or error messages. Just saying "it failed" without any supporting evidence is frustrating for those of us trying our best to help you.
Thanks, @DavidTurner, for your valuable feedback.
You're right — it seems the name resolution wasn't properly set up. After revisiting the configuration and ensuring proper FQDN resolution for the multi-NIC environment, things are now working as expected.
I agree, troubleshooting without complete logs was frustrating — apologies for that.
I'll run a few more validation tests and will follow up here with final confirmation. Thanks again for your support!
Have a great day!!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.