Setup replication servers with basic security

Mamol27 · July 13, 2021, 1:00pm

Hello i have two cluster with basic security. And i want to setup bi-directional replication. All nodes 7.13 version. Bi-directional replication with Elasticsearch cross-cluster replication (CCR) | Elastic Blog
1t cluster- 107: master, remote_cluster_client; 106 - data, remote_cluster_client; 108 - ingest, remote_cluster_client; 108 - remote_cluster_client
2d cluster - 111: master, remote_cluster_client; 112 - data, remote_cluster_client; 113 - ingest, remote_cluster_client; 114 - remote_cluster_client
I launch this command on both clusters

PUT /_cluster/settings 
{ 
  "persistent" : { 
    "cluster" : { 
      "remote" : { 
        "elk2" : { 
          "seeds" : [ 
            "172.29.39.112:9300",
            "172.29.39.113:9300",
            "172.29.39.114:9300"
          ] 
        },
        "elk1" : { 
          "seeds" : [ 
            "172.29.39.106:9300",
            "172.29.39.108:9300",
            "172.29.39.110:9300"
          ] 
        } 
      } 
    } 
  } 
}

and now i have next result
on 1st cluster(elk1):

on 2d cluster(elk2):

At the question mark it writes me: "Ensure the seed nodes are configured with the remote cluster's transport port, not the http port"
I didnt find cluster's transport port here Transport | Elasticsearch Guide [7.5] | Elastic
What i need to do? Add certificates from one cluster to other, or set passwords? Should I add special transport settings?

TimV · July 14, 2021, 12:44am

This is likely to be a certificates issue.
Because you have enabled security, you will also have enabled TLS on the transport port (9300).

That means that you need to make sure your TLS configuration shares trust between the two clusters. Typically that is as simple as adding the remote cluster's CA to the each cluster (so elk1 trusts the CA for elk1 and elk2, and vice versa).

Mamol27 · July 14, 2021, 7:59am

I have certificates on each cluster. If I copy certificates to other cluster, how to point on it.

TimV · July 14, 2021, 8:16am

Sorry, I'm not sure I understand the question.

I think you're asking how to configure your nodes to trust the certificates, but I can't answer that without knowing more about your current configuration.

Mamol27 · July 14, 2021, 8:28am

I have two clusters with configured basic security on each. And I want to set up bi-directional replication. But clusters doesn't connect to each other. TLS already configured on each cluster.
So I want to understand how to set up replication between clusters with basic security. How to

make sure your TLS configuration shares trust between the two clusters.

I need to set up bi-directional replication between elk1 and elk2.

system · August 11, 2021, 8:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to connect cluster with configured TLS? Elasticsearch elastic-stack-security , ccr-cross-cluster-replication	7	730	November 24, 2021
Connect autoconfigured clusters for cross-cluster-replication Elasticsearch ccr-cross-cluster-replication	2	379	September 13, 2022
Elasticsearch cross cluster replication, authorization and authentication Elasticsearch elastic-stack-security , ccr-cross-cluster-replication	2	479	August 26, 2020
Unique search for BiDirectional CCR Elasticsearch ccr-cross-cluster-replication	1	703	June 23, 2020
Cross-cluster security Elasticsearch	2	130	May 17, 2024

Setup replication servers with basic security

Related topics