Fact is one cannot use Elasticsearch-setup-passwords in a unsecure production-mode Elasticsearch 7.17 Cluster.
I know some people turned each possible master node into a single dev-mode cluster with data apart (so Elasticsearch-setup-passwords works fine) before reverting to a production-mode Cluster but I wonder if a simpler and/or faster way is safe.
For instance, did anybody succeed in using
// Elasticsearch-setup-passwords interactive
with the same set of passwords on every node (while ignoring the warning) then activate TLS transport ?
You simply cannot setup passwords if security is not enabled. The endpoints that it uses will not exist on a cluster that does not have security turned on.
So I should fool the passwords setup tool, making it believe each node is a single one in a dev-mode Cluster, so I can get minimal security before shutting down Elasticsearch everywhere.
Of course, nothing new should be indexed meanwhile, so data consistency is preserved.
Then, assuming the set of passwords is the same everywhere, I should have no problem generating CA & common certificate before restarting the initial Cluster in production-mode, getting basic security at last.
Or will I just completely confuse the nodes of this Cluster in the end ?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
