I have a cluster of a few nodes, all on the same subnet. They all see each other and I can query either for data (or push data to). A classical basic setup of sorts.
I am now faced with the problem of having one extra node located in a place which is reachable FROM the existing cluster (outgoing connections) but that node canot initiate connection TO the cluster. The typical case is a cluster in a LAN and the extra node in a DMZ which can be only cheached "into" (that is a host in the DMZ cannot initiate connections).
Is this a viable setup for Elasticsearch?
There are several cases which I could works with (from the dream one to the most restrictive):
- the new node is fully operational, it accepts PUT/POST requests and the received data is further propagated to the cluster, new data in the cluster is synchronized to it as well
- the new node is read-only, that is I can issue GET requests and get the data in the cluster, but not update the cluster (the cluster pushes new data, the node holds its share of shards)
- the new node is as above, but it holds a copy of all data in the cluster (the cluster pushes the data)
The traffic towards the new node is fine-tunable (from a port opening perspective). Traffic initiated from the node to the LAN is not possible in any case.