I encountered a problem straight from the beginning.
After the installation of my first dedicated Master node (node.roles: [ master]) my cluster health seems red as I'm unable to reset password or generate token for adding new nodes.
So for the second node, I've setup the Hot Data node (cluster.name: bla, node.roles: [ data_hot, ingest, transform ], cluster.initial_master_nodes: ["master-1"]) without a token but this doesn't solve the problem...
So do I need to setup as the first node a classic elasticsearch without defining node.roles then when the whole architecture is deployed reconfigure it to a master only? But I will loose shard no?
The data role is a generic role the can act as all the other data roles, since you are planning to have tiered data nodes, you do not need the generic one, but you need a data_content node, data_hot and data_content are required.
You may add the data_content role to the data_hot node.
Also, with just one node for each data tier you won't be able to have replicas.
Since you are planning to use fleet you also need to have an ingest node and a transform node.
You will probably need to change the roles of your data_hot node to this:
Many, many thanks for your advices and this explaination, that makes perfect sense!
I have one more question please :
As my cluster health is red after the first master node installation (because lacking the data_content and data_hot roles), how to enroll in my cluster the Data_Hot node without the ability to generate an enrollment token ?
Despite following this documentation Bootstrapping a cluster, I don't figure out how and in which order to start each node of the cluster.
Just remember that right after the startup of master-1, the cluster health is red and I'm unable to generate an enrollment token.
I never used this enrollment token approach, but if I'm not wrong it works only on specfic scenarios, like your nodes will have all the roles and the certificate will be auto-generated.
The documentation for the bootstrapping a cluster assumes that your nodes will have all roles, so you will already have a bootstrapped cluster and could use the enrollment token, this is not your case since you want to have master dedicated and data dedicated nodes and you need nodes with master, data_content and data_hot roles.
My suggestion would be to configure your data_hot/data_content nodes to also be master nodes and start all the 5 nodes at the same time and wait for the cluster formation.
After that you could remove the master role for the data nodes and restart them.
Basically you just need to create the certificates for all nodes and configure the elasticsearch.yml files, from what I understood the enrollment token only serves to simplify the certification generation, that's why it rely on you using the auto-generate certificates.
If you manually create certificates for your nodes, you won't need to use the enrollment token command, you just create the certificates, copy it to the nodes, configure the elasticsearch.yml and start the nodes.