Upgrading Elasticsearch cluster


(Li Cui) #1

Hello there,

We are trying to upgrade our ELK from 6.3.2 to 6.4.2.
It seems we can use rolling upgrades...
The first step would be to disable shard allocation, here we encounter an issue:

here is what I did and got on one of our elasticsearch nodes:
............................
curl -X PUT "https://elasticnodehost:9200/_cluster/settings" -H 'Content-Type: application/json' -d'
{
"persistent": {
"cluster.routing.allocation.enable": "none"
}
}
'
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/_cluster/settings]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}}],"type":"security_exception","reason":"missing authentication token for REST request [/_cluster/settings]","header":{"WWW-Authenticate":"Basic realm="security" charset=\

....................................

I tried to use -k and --insecure and --cacert options, still the same.

We are using X-Pack (trail version) and the SSL/TLS on all ELK nodes are enabled...

This is no entries in the elasticsearch log at all...

Here is the portion of our elasticsearch.yml with X-Pack enabled:

.............
xpack.monitoring.enabled: true
xpack.monitoring.collection.enabled: true
xpack.monitoring.collection.interval: 60s
xpack.monitoring.collection.cluster.stats.timeout: 60s
xpack.monitoring.history.duration: 90d
xpack.watcher.history.cleaner_service.enabled: true
xpack.http.proxy.host: 'xxxproxy-01.xxx.yyy.com'
xpack.http.proxy.port: 3128
xpack.watcher.enabled: true
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/keys/xxx-201710-yyy-key.pem
xpack.security.transport.ssl.certificate: /etc/elasticsearch/keys/ServerCertificate.crt
xpack.security.transport.ssl.certificate_authorities: [ "/etc/elasticsearch/keys/ChainBundle2.crt" ]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.key: /etc/elasticsearch/keys/xxx-201710-yyy-key.pem
xpack.security.http.ssl.certificate: /etc/elasticsearch/keys/ServerCertificate.crt
xpack.security.http.ssl.certificate_authorities: [ "/etc/elasticsearch/keys/ChainBundle2.crt" ]
xpack:
security:
authc:
realms:
active_directory:
type: active_directory
order: 0
domain_name: xxx.yyy.com
files.role_mapping: /etc/elasticsearch/role_mapping.yml
bind_dn: CN=yyylocaladmin,CN=Users,DC=xxx,DC=yyy,DC=com
bind_password: pass
..........................

This is PoC, we are in the process to purchase the 'GOLD' license... but we now need to upgrade to 6.4.1 ASAP.

Please help and let us know how to deal with this...

Thanks a lot in advance

Li


(Mark Walkom) #2

You are not passing in any authentication details (user/password) so it's rejecting the request.


(Li Cui) #3

I did this:

curl -X PUT -u user1:pass1 "https://hlsoelke1b-03.hls.dxc.com:9200/_cluster/settings" --insecure -H 'Content-Type: application/json' -d'

{
"persistent": {
"cluster.routing.allocation.enable": "none"
}
}
'
{"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"none"}}}},"transient":{}}

Does this mean it worked?


(Mark Walkom) #4

What was the response?


(Li Cui) #5

This is the the response:

{"acknowledged":true,"persistent":{"cluster":{"routing":{"allocation":{"enable":"none"}}}},"transient":{}}


(Mark Walkom) #6

Then yes, that has worked.


(system) #7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.