Hi everyone,
I tried to upgrade two different clusters containing 3 or 5 nodes. Both are running elasticsearch 8.2.0 and I tried upgrading to different versions 8.11.4, 8.5.3 and 8.4.3. But all attempts failed with the same result.
After upgrading the first node, ssl handshake between node and cluster fails. This is from the node's log:
[2024-01-24T14:39:58,753][WARN ][o.e.t.TcpTransport ] [elastic-server-tst2] exception caught on transport layer [Netty4TcpChannel{localAddress=/x.y.z.155:54904, remoteAddress=elastic-server-tst1.my.domain/x.y.z.154:9300, profile=default}], closing connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Hostname or IP address is undefined.
This if from the log of one of the cluster's nodes:
[2024-01-24T14:48:48,817][WARN ][o.e.t.TcpTransport ] [elastic-server-tst1] exception caught on transport layer [Netty4TcpChannel{localAddress=/x.y.z.154:9300, remoteAddress=/x.y.z.155:52112, profile=default}], closing connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
I had to change fqdns and ips.
OS is Ubuntu 20.04 and we use Readonlyrest-plugin.
Can someone explain to me, what is going on? Prior updates including the major-update 7.17.3 -> 8.2.0 worked out-of-the-box.
/etc/elasticsearch/elasicsearch.yml:
action:
destructive_requires_name: true
cluster:
initial_master_nodes:
- elastic-server-tst1.my.domain
- elastic-server-tst2.my.domain
- elastic-server-tst3.my.domain
name: my-tst-cluster
discovery:
seed_hosts:
- elastic-server-tst1.my.domain
- elastic-server-tst2.my.domain
- elastic-server-tst3.my.domain
http:
compression: true
cors:
allow-credentials: true
allow-origin: "/.*/"
enabled: true
type: ssl_netty4
network:
host: x.y.z.155
node:
attr:
dc: virtuell
path:
repo:
- "/path1"
- "/path2"
- "/path3"
path.data: "/elastic/elasticsearch-data"
path.logs: "/var/log/elasticsearch"
transport:
type: ror_ssl_internode
xpack:
security:
enabled: false
http:
ssl:
enabled: false
transport:
ssl:
enabled: false