bin/elasticsearch-reconfigure-node bugs and enhancements #80990
Assignees
Labels
>bug
:Security/Security
Security issues without another label
Team:Security
Meta label for security team
v8.0.0-beta1
Comments
jkakavas
added
>bug
:Security/Security
|
Pinging @elastic/es-security (Team:Security) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a meta issue to cover identified bugs and enhancements we want to make to
elasticsearch-reconfigure-node. This CLI tool is introduced in 8.0.0 and the main use case it satisfies is to allow users to reconfigure an elasticsearch node that has been installed via a DEB or RPM package and enroll it into an existing cluster.DEB/RPM installations by default make the assumption that the installed node is the first (or only) one in the cluster and configure TLS for transport and http layers accordingly. This CLI tool allows users to revisit the assumption after installation (before the node is ever started), so that it can enroll to an existing, secured cluster.
elasticsearch-reconfigure-nodeshould be safer to use. The current behavior is to remove existing configuration and then attempt to enroll to the cluster. We should first attempt to enroll to the cluster and then remove/replace existing configuration, or backup/restore the existing configuration upon failure to enroll, so that we leave the node in a working state in every case.elasticsearch-reconfigure-nodelacks documentationelasticsearch-reconfigure-nodeis expected to be run as root and wrongly sets file owners for generated keystores, so elasticsearch fails to read them on startup.The text was updated successfully, but these errors were encountered: