Rolling deployment causing unassigned shards

Is Search Guard an all or nothing deployment? I am running into a problem when trying to do a rolling deployment. I have 3 masters and 3 nodes in a test cluster. I deployed all 3 masters and 1 node with search guard and left the other 2 nodes without search guard. Shards will not be reassigned to the search guard node. Any idea how to fix this? In our production environment we do not have the option of deploying all of the nodes at the same time.

ES version: 1.7.5

Search Guard: 1.7.x

This turns out not to be an issue. It was an issue with my deployment scripts. Prior to deploying the node, we lock all the shards in the cluster via a curl command. Then after elasticsearch is deployed we unlock the shards via a curl command. All of the curl commands are using the newly deployed node. I did not pass any authentication information via curl. The shard lock works because the node did not have search guard. But after the deployment the shard unlock is ignored because the node does have search guard and no valid authentication was provided. Once I issued the curl command with valid authentication, the unassigned shards were allocated.