I'm using version 7.8.1 with x-pac enabled and I can't get my second node to connect to my cluster, what should I do?
Hi @HenriqueNogueira, please can you share
- elasticsearch.yml configuration file for the first node
- elasticsearch.yml configuration file for the second node
- The error output seen when starting the second node
Hi, @forloop thanks for responding.
I generated certificates on the first node and set the elastic CA password, CRT AND KEY. But when I try to curl to test the cluster on the second node for example I can't connect with the password generated on the first node. I don't know what can be done wrong. Without the password settings it works perfectly.
These are my settings:
cluster.name: nogueira-teste
node.name: node-1
node.master: true
node.data: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["172.31.53.70", "172.31.48.49"]
cluster.initial_master_nodes: ["172.31.53.70"]
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.key: node1.key
xpack.security.http.ssl.certificate: node1.crt
xpack.security.http.ssl.certificate_authorities: ca.crt
xpack.security.transport.ssl.key: node1.key
xpack.security.transport.ssl.certificate: node1.crt
xpack.security.transport.ssl.certificate_authorities: ca.cr
cluster.name: nogueira-teste
node.name: node-2
node.master: true
node.data: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["172.31.53.70", "172.31.48.49"]
cluster.initial_master_nodes: ["172.31.53.70"]
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.key: node2.key
xpack.security.http.ssl.certificate: node2.crt
xpack.security.http.ssl.certificate_authorities: ca.crt
xpack.security.transport.ssl.key: node2.key
xpack.security.transport.ssl.certificate: node2.crt
xpack.security.transport.ssl.certificate_authorities: ca.cr
java.security.cert.CertificateException: No subject alternative names matching IP address
Thanks!
Do you have really such IP 0.0.0.0 in configuration files?
@d.silwon yes, it serves to connect a port on any ip of my server. Ex: 3.86.210.2:9200 or 127.0.0.1:9200 I cannot consult my main node all indexes and another server calling the public ip of the main node can also perform queries, ex: another machine other than the main one can connect the 3.86.210.2:9200 or the problem is in connecting a second node with X-Pac enabled.
I have no problems with the first node everything works normal.
From my point of view network.host should include exact IP address of node, for example: "network.host: 192.168.1.100" and on the second node should be the IP address of second node, for example: "network.host: 192.168.1.101".
I don't know. Maybe I'm wrong but I think that you should try to do it according to the documentation and best practice.
@d.silwon I found the problem, in fact the problem was time to create the certificates in my .yml file I was not passing the ips that could connect using the certificate I changed the file parameters as below and it worked. Thanks for the personal help!
instances:
- name: "node1"
ip:- "10.171.1.184"
- name: "node2"
ip:- "10.171.1.142"
- "10.171.1.142"
Excelent
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.