How to set up 3 dedicate master + 4 data nodes also master elegible

i need to set up 3 master node dedicate and 4 data node and master elegibles
this is my yml configuration /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true Cluster-Lab master1
node.roles: [ master ] ['']
http.port: 9200

cluster.initial_master_nodes: ['', '', '']
discovery.seed_hosts: ['', '', '']

# security settings true false
# transport ssl true certs/master1/master1.key certs/master1/master1.crt certs/ca/ca.crt
## http ssl true certs/master1/master1.key certs/master1/master1.crt certs/ca/ca.crt

I'm not sure if there is a way to force one of your dedicated masters to be the active master instead of one of the four data/master eligible nodes.

Try it, tell us what happens.

Any reason to set the data node as master elegibles? If you have 3 dedicated master nodes I see no reason to also have the master nodes as master elegibles.

You can not choose the master, Elastic will elect one of the master elegibles as the master nodes and the only way to change it is if the node is restarted.

i have seem this scheme before i just want to replicate into elastic 8.8.2 the reason is, if the 3 dedicates master for no reason shut down one of the 4 data nodes still being the master the continuation of the process will have never shut down in my case.

also i need help to configure the 3 dedicate master i mean not to receive data to configure only for master

The elasticsearch.yml you shared is already correct for creating a dedicate master, what issue you are having? What error do you have in the logs? You need to share it.

But in this scenario it makes no sense to have dedicated master nodes.

From the documentation you have this:

It is important for the health of the cluster that the elected master node has the resources it needs to fulfill its responsibilities. If the elected master node is overloaded with other tasks then the cluster will not operate well. The most reliable way to avoid overloading the master with other tasks is to configure all the master-eligible nodes to be dedicated master-eligible nodes which only have the master role, allowing them to focus on managing the cluster.

If you are going to use data nodes as master eligible you may have some cases where the data node acting as master is overload and you may have issues in your cluster.

1 Like

Interesting i share this information to my lab team, thanks again for the knowledge, and pretty insterested in know more about elastic 8.8.2 :star_struck: :hugs:

This didn't change in version 8, it is the same recommendation for the past versions.

Not sure from where you got the configuration to mix up dedicated and non-dedicated master nodes, but I would not recommend it if you can have dedicated master nodes.

nice i start the cluster with the right implementation

Hi, is me again if i'm configuring logstash, i have to create a certificate for logstash intance.yml in tmp and the thing is if i have to asigne a password or phrase but i was searching for keystore in logstash but there is not keystore file there how could i, secure configure logstash with the same private phrasse structure ? or i have to generate a single pem certificate for logstash self-signed? or configured one without --pass flag.

I didn't tested with Logstash and I'm not sure Logstash supports PEM keys with passphrase.

What I use is the CRT file for the CA.

use cacert => "/path/to/the/ca.crt"

If this do not work you will probably need to regenerate all the certificates for your cluster withtout the --pass parameter.

:woozy_face: if i generate all the certificate again that will shutdown my cluster and we are ingesting the cluster with data already. could it be a way todo it in a secure way? also i tried without the --pass flag and gave me an error, if i have to generate all the certificates only will be the ca.crt but i think i will have to create also the pem .crt and .key for the nodes too if i change the main certificatte ca.crt

Yes, if you want to regenerate and change certificates you need a full cluster restart.

But I don't think you need it, you can just use the CRT file of the Certificate Authority you created and used to create the node certificates. Have you tried it?

When you created the CA you have a .key file and .crt file, copy the .crt file to the logstash server and configure the cacert option in the Elasticsearch output, it should work, this is what I use in production.

1 Like

but i create a password for that how could i pass the password to logstash?

i will try like that

it works with the ca certificate and write the ingest line the node.roles: [ingets] section o one of my data nodes thank and i also have a permision problem with one of my file. the elastic data ingesting works succesfully.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.