I need install this plugin on a working cluster (2 master node + 2 data node). Installing should without stopped service when working with this cluster. My plan installing:
- Disable 1 data node and 1 master node;
- Install on this nodes SearchGuard;
- Add certificates on server and add config SearchGuard in config ElasticSearch (but disable force ssl communication nodes in cluster);
- Sync indexes;
- Retry install plugin with 2 another nodes (without disable forse ssl communication nodes);
- Sync indexes;
- Enable force ssl communication on first 2 nodes.
But how disable force ssl communication nodes? It’s real? If it’s not real, have you any ideas about update my cluster?
The short answer is: You cannot disable TLS on transport layer (inter-node communication). If you install SG on 2 nodes and leave the other nodes as the are you will end up with a split cluster since the first 2 nodes cannot talk to the other nodes anymore. At the moment you cannot install SG without a full cluster restart.
···
On Tuesday, June 20, 2017 at 10:05:33 AM UTC+2, Alexey Chernyaev wrote:
I need install this plugin on a working cluster (2 master node + 2 data node). Installing should without stopped service when working with this cluster. My plan installing:
- Disable 1 data node and 1 master node;
- Install on this nodes SearchGuard;
- Add certificates on server and add config SearchGuard in config ElasticSearch (but disable force ssl communication nodes in cluster);
- Sync indexes;
- Retry install plugin with 2 another nodes (without disable forse ssl communication nodes);
- Sync indexes;
- Enable force ssl communication on first 2 nodes.
But how disable force ssl communication nodes? It’s real? If it’s not real, have you any ideas about update my cluster?