Add nodes to your cluster
editAdd nodes to your cluster
editYou can add more nodes to your cluster and optionally designate specific purposes for each node. For example, you can allocate master nodes, data nodes, ingest nodes, machine learning nodes, and dedicated coordinating nodes. For details about each node type, see Nodes.
Let’s add two nodes to our cluster!
-
Install two additional copies of Elasticsearch. It’s possible to run multiple Elasticsearch
nodes using a shared installation. In this tutorial, however, we’re keeping
things simple by using the
zip
ortar.gz
packages and by putting each copy in a separate folder. You can simply repeat the steps that you used to install Elasticsearch in the Getting started with the Elastic Stack tutorial. -
Generate certificates for the two new nodes.
For example, run the following command:
Use the certificate authority that you created in Generate certificates.
You are prompted for information about each new node. Specify
node-2
andnode-3
for the instance names. For the purposes of this tutorial, specify the same IP address (127.0.0.1,::1
) and DNS name (localhost
) for each node.You are prompted to enter the password for your CA. You are also prompted to create a password for each certificate.
By default, the command produces a zip file named
certificate-bundle.zip
, which contains the generated certificates and keys. -
Decompress the
certificate-bundle.zip
file. For example:unzip certificate-bundle.zip Archive: certificate-bundle.zip creating: node-2/ inflating: node-2/node-2.p12 creating: node-3/ inflating: node-3/node-3.p12
The
certificate-bundle.zip
file contains a folder for each of your nodes. Each folder contains a single PKCS#12 keystore that includes a node certificate, node key, and CA certificate. -
Create a folder to contain certificates in the configuration directory of each
Elasticsearch node. For example, create a
certs
folder in theconfig
directory. -
Copy the appropriate certificate to the configuration directory on each node.
For example, copy the
node-2.p12
file into theconfig/certs
directory on the second node and thenode-3.p12
into theconfig/certs
directory on the third node. -
Specify the name of the cluster and give each node a unique name.
For example, add the following settings to the
ES_PATH_CONF/elasticsearch.yml
file on the second node:cluster.name: test-cluster node.name: node-2
Add the following settings to the
ES_PATH_CONF/elasticsearch.yml
file on the third node:cluster.name: test-cluster node.name: node-3
In order to join the same cluster as the first node, they must share the same
cluster.name
value. -
(Optional) Provide seed addresses to help your nodes discover other nodes with which to form a cluster.
For example, add the following setting in the
ES_PATH_CONF/elasticsearch.yml
file:discovery.seed_hosts: ["localhost"]
The default value for this setting is
127.0.0.1, [::1]
, therefore it isn’t actually required in this tutorial. When you want to form a cluster with nodes on other hosts, however, you must use this setting to provide a list of master-eligible nodes to seed the discovery process. For more information, see Discovery. -
On each node, enable TLS for transport communications. You must also configure each node to identify itself using its signed certificate.
For example, add the following settings in the
ES_PATH_CONF/elasticsearch.yml
file: -
On each node, store the password for the PKCS#12 file in the Elasticsearch keystore.
For example, run the following commands:
./bin/elasticsearch-keystore create ./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password ./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
If the Elasticsearch keystore already exists, this command asks whether you want to overwrite it. You do not need to overwrite it; you can simply add settings to your existing Elasticsearch keystore.
On the second node, supply the password that you created for the
node-2.p12
file. On the third node, supply the password that you created for thenode-3.p12
file. -
Start each Elasticsearch node. For example, if you installed Elasticsearch with a
.tar.gz
package, run the following command from each Elasticsearch directory:./bin/elasticsearch
If you encounter errors, you can see some common problems and solutions in Common SSL/TLS exceptions.
-
Verify that your cluster now contains three nodes.
For example, log into Kibana with the
elastic
built-in user. Go to Dev Tools > Console and run the cluster health API:GET _cluster/health
Confirm the
number_of_nodes
in the response from this API.You can also use the cat nodes API to identify the master node:
GET _cat/nodes?v
The node that has an asterisk(*) in the
master
column is the elected master node.
Now that you have multiple nodes, your data can be distributed across the cluster in multiple primary and replica shards. For more information about the concepts of clusters, nodes, and shards, see Getting started with Elasticsearch.
What’s next?
editCongratulations! You’ve encrypted communications between the nodes in your cluster and can pass the TLS bootstrap check.
If you want to encrypt communications between other products in the Elastic Stack, see Encrypting communications.