ESrally with dedicated master

I have a cluster with three nodes and three dedicated masters. I want to run esrally

esrally --track=pmc --target-hosts=(node address 1):9200,(node address 2):9200,(node address3) --pipeline=benchmark-only --client options="use_ssl:true,verify_certs:false,basic_auth_user:'admin',basic_auth_password:'admin'

where do I put the IP address of the dedicated master???? is it in continuation with node IP address?

second is I have 3 nodes and 3 dedicated masters with security enabled

esrally --track=pmc --target-hosts=(node address 1):9200,(node address 2):9200,(node address3) --pipeline=benchmark-only --client
options="use_ssl:true,verify_certs:true,basic_auth_user:'admin',basic_auth_password:'admin'

Do I have to provide a certificate instead of username and password.????

Rally should target the same nodes that the actual clients would target in a production scenario; we are benchmarking to simulate real-world scenarios and gather performance insights.

Are your master nodes, dedicated master-eligible nodes (i.e. only have node.master:true)?

As mentioned in the Elasticsearch documentation for dedicated master eligible nodes:

Dedicated master-eligible nodes only have the master role, allowing them to focus on managing the cluster. While master nodes can also behave as coordinating nodes and route search and indexing requests from clients to data nodes, it is better not to use dedicated master nodes for this purpose.

So since you have three dedicated masters your target-hosts should target the other three nodes.

You should first check how you've configured security on Elasticearch. The user authentication Elasticsearch doc page is very helpful.

Depending on the realms you've configured (frequently it's just the native realm) you should attach your user credentials as per your example.

Regarding specifying the certificate itself, this depends on whether the Elasticsearch certificate was generated with a Public or Private CA. Frequently a private CA is used, in which case you'll need to present the ca certs by specifying ca_certs:<path_to_pem_file>, see the example under "Enable SSL, verify server certificates using private CA" in the Rally docs under TLS/SSL Examples.

I highly recommend reading the TLS/SSL section in the Rally docs.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.