Thanks for your reply!
I've looked up the required configuration. And I changed the transport.host to 0.0.0.0. And I found no more required configurations.
but this doesn't work for me.
I also tried to give a URL to the enrollment command:
Unable to create enrollment token for scope [node]
ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration is not configured with a Keystore
It seems I need a Keystore but I thought the Keystore is autogenerated.
But when I try to run the command without a URL he's trying to use an SLL connection with the node IP. but obviously, that doesn't work because the certificate is issued to the domain.
You don't have to provide the URL when generating the enrollment token and must be generated from the first/old node. But if you are providing, it should be the URL of old node.
Also, according to elasticsearch-create-enrollment-token | Elasticsearch Guide [8.6] | Elastic, you need to ensure file realm is not disabled in ES and ES_PATH_CONF variable is defined if you are not using default configuration file.
Thanks,
this works sort of.
now I'm getting on the new node a discovery warning and he can't join
[2023-01-16T11:48:49,791][WARN ][o.e.c.c.ClusterFormationFailureHelper] [node-2(new node) HOSTNAME] master not discovered yet, this node has not previously joined a bootstrapped cluster,
and this node must discover master-eligible nodes [node-1(old Note) HOSTNAME] to bootstrap a cluster: have discovered [{node-2(new node) HOSTNAME}{XXXXXXX}{XXXXXX}
{node-2(new node) HOSTNAME}{node-2(new node) IP}{node-2(new node) IP AND PORT}{XXXXX}, {node-1(old Note) HOSTNAME}{XXXXXXX}{XXXXXXX}{node-1(old Note) HOSTNAME}{node-1(old Note) IP}{node-1(old Note) IP AND PORT}
{XXXXXXX}]; discovery will continue using [node-1(old Note) IP AND PORT, node-2(new node) IP AND PORT] from hosts providers and [{node-2(new node) HOSTNAME}{XXXXXX}{XXXXXX}
{node-2(new node) HOSTNAME}{node-2(new node) IP}{node-2(new node) IP AND PORT}{XXXXX}] from last-known cluster state; node term 29, last-accepted version 0 in term 0; joining
[{node-1(old Note) HOSTNAME}{XXXXXX}{XXXXXX}{node-1(old Note) HOSTNAME}{node-1(old Note) IP}{node-1(old Note) IP AND PORT}{XXXXXXX}]
in term [29] has status [waiting for response] after [9.8s/9806ms]
[master-a.example.com] master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster, and this node must discover master-eligible nodes [master-a, master-b] to bootstrap a cluster: have discovered [{master-b.example.com}{...
This message shows the node names master-a.example.com and master-b.example.com as well as the cluster.initial_master_nodes entries master-a and master-b , and it is clear from this message that they do not match exactly.
I've changed my config to (I have to do some things in the xpack.security.transport.ssl to make it work to this point, otherwise I got a certificate Error. not optimal but I have found no solution):
Old Note/new note:
Right, I guess somewhere in 7x versions, Transport SSL became a mandate for n-node clusters, so you need to configure Transport SSL so your nodes can talk to each other.
Also to highlight, ssl.transport must be enabled else your nodes won't be able to join the cluster.
You can use elasticsearch-certutil which is bundled along with elasticsearch and is available in /bin folder. You can either generate P12 certificates and use them or use SAN based ca/instance/key certificates. Documentation is available here: elasticsearch-certutil | Elasticsearch Guide [8.6] | Elastic
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.