New cluster -> single node to cluster

Hi all,
This has been bugging me for ages.
I've never been able to get a cluster built using a internal ca.
I've used certutil to make the car's.
Signed them using my ca.
Put all of the certs on the clusters.

But now I've got each node telling me it's a single node and I need to stop it trying to discover the others.
Can anyone tell me how to reset or update the uuid's please?

For one thing, when using elasticsearch-create-enrollment-token.
It's stating, "unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration is not configured with a keystone"
And it's not I've got CRT, and Key files in used as per some guides.

Do I need a keystone? Or can I explain to the enrollment tool that I'm using key and CRT files?

What steps are you following to try to get this working?

Basically you need to rm -rf the data directory to do this.

Hi,
So hopefully these outputs will help!
Somehow i've got nodes 1 and 3 in a cluster but number 2 hasn't. (This might be because i set.
xpack.security.transport.ssl.verification_mode: none
and
xpack.security.http.ssl.verification_mode: none

from "full" to "none" when i brought node 3 online.

  "name" : "warwick-es-01.psfletch.local",
  "cluster_name" : "psfletch",
  "cluster_uuid" : "5M_I_KTsSJObSCyfGfhE3w",
  "version" : {
    "number" : "8.4.0",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "f56126089ca4db89b631901ad7cce0a8e10e2fe5",
    "build_date" : "2022-08-19T19:23:42.954591481Z",
    "build_snapshot" : false,
    "lucene_version" : "9.3.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"

  "name" : "warwick-es-02.psfletch.local",
  "cluster_name" : "psfletch",
  "cluster_uuid" : "-FKxw_Z-S8y9KzCNNBy9CA",
  "version" : {
    "number" : "8.4.0",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "f56126089ca4db89b631901ad7cce0a8e10e2fe5",
    "build_date" : "2022-08-19T19:23:42.954591481Z",
    "build_snapshot" : false,
    "lucene_version" : "9.3.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"

  "name" : "warwick-es-03.psfletch.local",
  "cluster_name" : "psfletch",
  "cluster_uuid" : "5M_I_KTsSJObSCyfGfhE3w",
  "version" : {
    "number" : "8.4.0",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "f56126089ca4db89b631901ad7cce0a8e10e2fe5",
    "build_date" : "2022-08-19T19:23:42.954591481Z",
    "build_snapshot" : false,
    "lucene_version" : "9.3.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"

There are curl'ed using the --cacert variable used for my signed certs, identifying the public cert and it passes with no errors.

but it's not liking it when i set none to full.

So which folder is the data folder? where should i be looking?

whoop!
Deleting the data folder has now brought in the second node!
So that's that sorted!
Any suggestions on how i get the cert chain working please?
Where should i start?

It'd be good to post a new topic with your config and the errors you are seeing.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.